[Snyk] Security upgrade react-scripts from 4.0.3 to 5.0.0 #39

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open

devpato wants to merge 1 commit into main from snyk-fix-f8dde762e926bd452fa7e30b89609ad7

Open

[Snyk] Security upgrade react-scripts from 4.0.3 to 5.0.0 #39

fix: package.json & yarn.lock to reduce vulnerabilities

Codacy Production / Codacy Static Code Analysis required action Jun 26, 2025 in 0s

12 new issues (0 max.) of at least minor severity.

Annotations

Check warning on line 437 in yarn.lock

codacy-production / Codacy Static Code Analysis

yarn.lock#L437

Insecure dependency npm/@babel/helpers@7.12.17 (CVE-2025-27789: Babel is a compiler for writing next generation JavaScript. When using ...) (update to 7.26.10)

Check warning on line 1798 in yarn.lock

codacy-production / Codacy Static Code Analysis

yarn.lock#L1798

Insecure dependency npm/@babel/runtime@7.12.18 (CVE-2025-27789: Babel is a compiler for writing next generation JavaScript. When using ...) (update to 7.26.10)

Check failure on line 1835 in yarn.lock

codacy-production / Codacy Static Code Analysis

yarn.lock#L1835

Insecure dependency @babel/traverse@7.12.17 (CVE-2023-45133: babel: arbitrary code execution) (update to 7.23.2)

Check warning on line 3876 in yarn.lock

codacy-production / Codacy Static Code Analysis

yarn.lock#L3876

Insecure dependency browserslist@4.16.3 (CVE-2021-23364: browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS)) (update to 4.16.5)

Check failure on line 4338 in yarn.lock

codacy-production / Codacy Static Code Analysis

yarn.lock#L4338

Insecure dependency npm/cross-spawn@7.0.3 (CVE-2024-21538: cross-spawn: regular expression denial of service) (update to 7.0.5)

Check failure on line 7463 in yarn.lock

codacy-production / Codacy Static Code Analysis

yarn.lock#L7463

Insecure dependency loader-utils@2.0.0 (CVE-2022-37599: loader-utils: regular expression denial of service in interpolateName.js) (update to 2.0.4)

Check failure on line 7712 in yarn.lock

codacy-production / Codacy Static Code Analysis

yarn.lock#L7712

Insecure dependency minimatch@3.0.4 (CVE-2022-3517: nodejs-minimatch: ReDoS via the braceExpand function) (update to 3.0.5)

Check failure on line 7740 in yarn.lock

codacy-production / Codacy Static Code Analysis

yarn.lock#L7740

Insecure dependency minimist@1.2.5 (CVE-2021-44906: minimist: prototype pollution) (update to 1.2.6)

Check warning on line 8817 in yarn.lock

codacy-production / Codacy Static Code Analysis

yarn.lock#L8817

Insecure dependency postcss@7.0.39 (CVE-2023-44270: An issue was discovered in PostCSS before 8.4.31. The vulnerability af ...) (update to 8.4.31)

Check failure on line 9561 in yarn.lock

codacy-production / Codacy Static Code Analysis

yarn.lock#L9561

Insecure dependency semver@5.7.1 (CVE-2022-25883: nodejs-semver: Regular expression denial of service) (update to 5.7.2)

Check failure on line 9576 in yarn.lock

codacy-production / Codacy Static Code Analysis

yarn.lock#L9576

Insecure dependency semver@7.3.4 (CVE-2022-25883: nodejs-semver: Regular expression denial of service) (update to 7.5.2)

Check warning on line 10750 in yarn.lock

codacy-production / Codacy Static Code Analysis

yarn.lock#L10750

Insecure dependency npm/webpack-dev-server@4.15.2 (CVE-2025-30359: webpack-dev-server: webpack-dev-server information exposure) (update to 5.2.1)

View more details on Codacy Production