[Snyk] Security upgrade react-scripts from 4.0.3 to 5.0.0 #48

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open

xack20 wants to merge 1 commit into main from snyk-fix-f4726515802361b4bf9e9f04c80536fb

Open

[Snyk] Security upgrade react-scripts from 4.0.3 to 5.0.0 #48

fix: client/package.json & client/package-lock.json to reduce vulnera…

Codacy Production / Codacy Static Code Analysis required action Jan 21, 2026 in 0s

16 new issues (0 max.) of at least severity.

Annotations

Check warning on line 15057 in client/package-lock.json

codacy-production / Codacy Static Code Analysis

client/package-lock.json#L15057

Insecure dependency npm/js-yaml@3.14.1 (CVE-2025-64718: js-yaml: js-yaml prototype pollution in merge) (update to 3.14.2)

Check warning on line 15412 in client/package-lock.json

codacy-production / Codacy Static Code Analysis

client/package-lock.json#L15412

Insecure dependency npm/loader-utils@2.0.2 (CVE-2022-37599: loader-utils: regular expression denial of service in interpolateName.js) (update to 2.0.4)

Check failure on line 15412 in client/package-lock.json

codacy-production / Codacy Static Code Analysis

client/package-lock.json#L15412

Insecure dependency npm/loader-utils@2.0.2 (CVE-2022-37601: loader-utils: prototype pollution in function parseQuery in parseQuery.js) (update to 2.0.3)

Check warning on line 15412 in client/package-lock.json

codacy-production / Codacy Static Code Analysis

client/package-lock.json#L15412

Insecure dependency npm/loader-utils@2.0.2 (CVE-2022-37603: loader-utils: Regular expression denial of service) (update to 2.0.4)

Check warning on line 15766 in client/package-lock.json

codacy-production / Codacy Static Code Analysis

client/package-lock.json#L15766

Insecure dependency npm/moment@2.29.1 (CVE-2022-24785: Moment.js: Path traversal in moment.locale) (update to 2.29.2)

Check warning on line 15766 in client/package-lock.json

codacy-production / Codacy Static Code Analysis

client/package-lock.json#L15766

Insecure dependency npm/moment@2.29.1 (CVE-2022-31129: moment: inefficient parsing algorithm resulting in DoS) (update to 2.29.4)

Check warning on line 15862 in client/package-lock.json

codacy-production / Codacy Static Code Analysis

client/package-lock.json#L15862

Insecure dependency npm/node-fetch@2.6.1 (CVE-2022-0235: node-fetch: exposure of sensitive information to an unauthorized actor) (update to 2.6.7)

Check warning on line 15924 in client/package-lock.json

codacy-production / Codacy Static Code Analysis

client/package-lock.json#L15924

Insecure dependency npm/nth-check@1.0.2 (CVE-2021-3803: nodejs-nth-check: inefficient regular expression complexity) (update to 2.0.1)

Check warning on line 16336 in client/package-lock.json

codacy-production / Codacy Static Code Analysis

client/package-lock.json#L16336

Insecure dependency npm/path-to-regexp@1.8.0 (CVE-2024-45296: path-to-regexp: Backtracking regular expressions cause ReDoS) (update to 1.9.0)

Check warning on line 17977 in client/package-lock.json

codacy-production / Codacy Static Code Analysis

client/package-lock.json#L17977

Insecure dependency npm/protobufjs@6.11.2 (CVE-2022-25878: protobufjs: Prototype Pollution via util.setProperty or ReflectionObject.setParsedOption methods) (update to 6.11.3)

Check failure on line 17977 in client/package-lock.json

codacy-production / Codacy Static Code Analysis

client/package-lock.json#L17977

Insecure dependency npm/protobufjs@6.11.2 (CVE-2023-36665: protobufjs: prototype pollution using user-controlled protobuf message) (update to 6.11.4)

Check warning on line 19813 in client/package-lock.json

codacy-production / Codacy Static Code Analysis

client/package-lock.json#L19813

Insecure dependency npm/postcss@7.0.39 (CVE-2023-44270: PostCSS: Improper input validation in PostCSS) (update to 8.4.31)

Check warning on line 19900 in client/package-lock.json

codacy-production / Codacy Static Code Analysis

client/package-lock.json#L19900

Insecure dependency npm/rollup@0.25.8 (CVE-2024-47068: rollup: DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS) (update to 2.79.2)

Check warning on line 20222 in client/package-lock.json

codacy-production / Codacy Static Code Analysis

client/package-lock.json#L20222

Insecure dependency npm/semver@6.3.0 (CVE-2022-25883: nodejs-semver: Regular expression denial of service) (update to 6.3.1)

Check warning on line 22421 in client/package-lock.json

codacy-production / Codacy Static Code Analysis

client/package-lock.json#L22421

Insecure dependency npm/webpack-dev-server@4.15.2 (CVE-2025-30359: webpack-dev-server: webpack-dev-server information exposure) (update to 5.2.1)

Check warning on line 22421 in client/package-lock.json

codacy-production / Codacy Static Code Analysis

client/package-lock.json#L22421

Insecure dependency npm/webpack-dev-server@4.15.2 (CVE-2025-30360: webpack-dev-server: webpack-dev-server information exposure) (update to 5.2.1)

View more details on Codacy Production