[Snyk] Security upgrade react-scripts from 4.0.3 to 5.0.0

[xack20]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• client/package.json
• client/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Directory Traversal SNYK-JS-TAR-15127355	596

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Directory Traversal

[Copilot]

Pull request overview

Upgrades the client build toolchain to address a reported vulnerability by bumping react-scripts to v5.

Changes:

• Bump react-scripts from 4.0.3 to 5.0.0 in client/package.json.
• Update client/package-lock.json to reflect react-scripts@5.0.0 and its transitive dependency graph.

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.

File	Description
client/package.json	Updates the direct react-scripts dependency to 5.0.0.
client/package-lock.json	Refreshes the lockfile for the react-scripts@5.0.0 upgrade and related dependency changes.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

package.json pins react-scripts to 5.0.0, but this lockfile records it as ^5.0.0. This makes package-lock.json inconsistent with package.json and can cause npm ci to fail with a lockfile mismatch. Regenerate the lockfile (or edit the root dependency spec) so the spec matches exactly (5.0.0).