[Snyk] Security upgrade react-scripts from 4.0.3 to 5.0.0 #50
18 new issues (0 max.) of at least severity.
Annotations
Check warning on line 15057 in client/package-lock.json
codacy-production / Codacy Static Code Analysis
client/package-lock.json#L15057
Insecure dependency npm/js-yaml@3.14.1 (CVE-2025-64718: js-yaml: js-yaml prototype pollution in merge) (update to 3.14.2)
Check warning on line 15412 in client/package-lock.json
codacy-production / Codacy Static Code Analysis
client/package-lock.json#L15412
Insecure dependency npm/loader-utils@2.0.2 (CVE-2022-37599: loader-utils: regular expression denial of service in interpolateName.js) (update to 2.0.4)
Check failure on line 15412 in client/package-lock.json
codacy-production / Codacy Static Code Analysis
client/package-lock.json#L15412
Insecure dependency npm/loader-utils@2.0.2 (CVE-2022-37601: loader-utils: prototype pollution in function parseQuery in parseQuery.js) (update to 2.0.3)
Check warning on line 15412 in client/package-lock.json
codacy-production / Codacy Static Code Analysis
client/package-lock.json#L15412
Insecure dependency npm/loader-utils@2.0.2 (CVE-2022-37603: loader-utils: Regular expression denial of service) (update to 2.0.4)
Check warning on line 15437 in client/package-lock.json
codacy-production / Codacy Static Code Analysis
client/package-lock.json#L15437
Insecure dependency npm/lodash@4.17.21 (CVE-2025-13465: lodash: prototype pollution in _.unset and _.omit functions) (update to 4.17.23)
Check warning on line 15442 in client/package-lock.json
codacy-production / Codacy Static Code Analysis
client/package-lock.json#L15442
Insecure dependency npm/lodash-es@4.17.21 (CVE-2025-13465: lodash: prototype pollution in _.unset and _.omit functions) (update to 4.17.23)
Check warning on line 15766 in client/package-lock.json
codacy-production / Codacy Static Code Analysis
client/package-lock.json#L15766
Insecure dependency npm/moment@2.29.1 (CVE-2022-24785: Moment.js: Path traversal in moment.locale) (update to 2.29.2)
Check warning on line 15766 in client/package-lock.json
codacy-production / Codacy Static Code Analysis
client/package-lock.json#L15766
Insecure dependency npm/moment@2.29.1 (CVE-2022-31129: moment: inefficient parsing algorithm resulting in DoS) (update to 2.29.4)
Check warning on line 15862 in client/package-lock.json
codacy-production / Codacy Static Code Analysis
client/package-lock.json#L15862
Insecure dependency npm/node-fetch@2.6.1 (CVE-2022-0235: node-fetch: exposure of sensitive information to an unauthorized actor) (update to 2.6.7)
Check warning on line 15924 in client/package-lock.json
codacy-production / Codacy Static Code Analysis
client/package-lock.json#L15924
Insecure dependency npm/nth-check@1.0.2 (CVE-2021-3803: nodejs-nth-check: inefficient regular expression complexity) (update to 2.0.1)
Check warning on line 16336 in client/package-lock.json
codacy-production / Codacy Static Code Analysis
client/package-lock.json#L16336
Insecure dependency npm/path-to-regexp@1.8.0 (CVE-2024-45296: path-to-regexp: Backtracking regular expressions cause ReDoS) (update to 1.9.0)
Check warning on line 17977 in client/package-lock.json
codacy-production / Codacy Static Code Analysis
client/package-lock.json#L17977
Insecure dependency npm/protobufjs@6.11.2 (CVE-2022-25878: protobufjs: Prototype Pollution via util.setProperty or ReflectionObject.setParsedOption methods) (update to 6.11.3)
Check failure on line 17977 in client/package-lock.json
codacy-production / Codacy Static Code Analysis
client/package-lock.json#L17977
Insecure dependency npm/protobufjs@6.11.2 (CVE-2023-36665: protobufjs: prototype pollution using user-controlled protobuf message) (update to 6.11.4)
Check warning on line 19813 in client/package-lock.json
codacy-production / Codacy Static Code Analysis
client/package-lock.json#L19813
Insecure dependency npm/postcss@7.0.39 (CVE-2023-44270: PostCSS: Improper input validation in PostCSS) (update to 8.4.31)
Check warning on line 19900 in client/package-lock.json
codacy-production / Codacy Static Code Analysis
client/package-lock.json#L19900
Insecure dependency npm/rollup@0.25.8 (CVE-2024-47068: rollup: DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS) (update to 2.79.2)
Check warning on line 20222 in client/package-lock.json
codacy-production / Codacy Static Code Analysis
client/package-lock.json#L20222
Insecure dependency npm/semver@6.3.0 (CVE-2022-25883: nodejs-semver: Regular expression denial of service) (update to 6.3.1)
Check warning on line 22414 in client/package-lock.json
codacy-production / Codacy Static Code Analysis
client/package-lock.json#L22414
Insecure dependency npm/webpack-dev-server@4.15.2 (CVE-2025-30359: webpack-dev-server: webpack-dev-server information exposure) (update to 5.2.1)
Check warning on line 22414 in client/package-lock.json
codacy-production / Codacy Static Code Analysis
client/package-lock.json#L22414
Insecure dependency npm/webpack-dev-server@4.15.2 (CVE-2025-30360: webpack-dev-server: webpack-dev-server information exposure) (update to 5.2.1)