[Snyk] Security upgrade react-scripts from 4.0.3 to 5.0.0#48
Conversation
…bilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-TAR-15038581 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-14908844 - https://snyk.io/vuln/SNYK-JS-TAR-6476909
There was a problem hiding this comment.
Pull request overview
This PR upgrades react-scripts from version 4.0.3 to 5.0.0 to address three medium-severity security vulnerabilities in transitive dependencies (tar and elliptic packages). While the security fixes are valuable, this is a major version upgrade that introduces breaking changes requiring additional dependency updates.
Changes:
- Upgrades react-scripts from 4.0.3 to 5.0.0 to fix security vulnerabilities
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "react-redux": "^7.2.3", | ||
| "react-router-dom": "^5.2.0", | ||
| "react-scripts": "4.0.3", | ||
| "react-scripts": "5.0.0", |
There was a problem hiding this comment.
Upgrading react-scripts to version 5.0.0 requires React 18 or later, but this project currently uses React 17.0.2 (line 37). This version incompatibility will cause build failures and runtime errors. To complete this upgrade, you must also upgrade both react and react-dom to version 18, along with updating @testing-library/react to a version compatible with React 18 (version 13 or later).
| "react-redux": "^7.2.3", | ||
| "react-router-dom": "^5.2.0", | ||
| "react-scripts": "4.0.3", | ||
| "react-scripts": "5.0.0", |
There was a problem hiding this comment.
The current version of @testing-library/react (11.2.6) is incompatible with React 18, which is required by react-scripts 5.0.0. This package should be upgraded to version 13 or later to maintain compatibility with the React 18 upgrade that is necessary for this react-scripts update.
Snyk has created this PR to fix 3 vulnerabilities in the npm dependencies of this project.
Snyk changed the following file(s):
client/package.jsonclient/package-lock.jsonVulnerabilities that will be fixed with an upgrade:
SNYK-JS-TAR-15038581
SNYK-JS-ELLIPTIC-14908844
SNYK-JS-TAR-6476909
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Uncontrolled Resource Consumption ('Resource Exhaustion')