[Snyk] Security upgrade react-scripts from 4.0.3 to 5.0.0 #40

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open

devpato wants to merge 1 commit into main from snyk-fix-da57f84e5d7a0169407e1600137a3ecb

+6,236 −6,392

Open

[Snyk] Security upgrade react-scripts from 4.0.3 to 5.0.0 #40

fix: package.json & yarn.lock to reduce vulnerabilities

Codacy Production / Codacy Static Code Analysis required action Jul 14, 2025 in 0s

12 new issues (0 max.) of at least minor severity.

Annotations

Check warning on line 442 in yarn.lock

codacy-production / Codacy Static Code Analysis

yarn.lock#L442

Insecure dependency npm/@babel/[email protected] (CVE-2025-27789: Babel is a compiler for writing next generation JavaScript. When using ...) (update to 7.26.10)

Check warning on line 1812 in yarn.lock

codacy-production / Codacy Static Code Analysis

yarn.lock#L1812

Insecure dependency npm/@babel/[email protected] (CVE-2025-27789: Babel is a compiler for writing next generation JavaScript. When using ...) (update to 7.26.10)

Check failure on line 1849 in yarn.lock

codacy-production / Codacy Static Code Analysis

yarn.lock#L1849

Insecure dependency @babel/[email protected] (CVE-2023-45133: babel: arbitrary code execution) (update to 7.23.2)

Check warning on line 3889 in yarn.lock

codacy-production / Codacy Static Code Analysis

yarn.lock#L3889

Insecure dependency [email protected] (CVE-2021-23364: browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS)) (update to 4.16.5)

Check failure on line 4351 in yarn.lock

codacy-production / Codacy Static Code Analysis

yarn.lock#L4351

Insecure dependency npm/[email protected] (CVE-2024-21538: cross-spawn: regular expression denial of service) (update to 7.0.5)

Check failure on line 7469 in yarn.lock

codacy-production / Codacy Static Code Analysis

yarn.lock#L7469

Insecure dependency [email protected] (CVE-2022-37599: loader-utils: regular expression denial of service in interpolateName.js) (update to 2.0.4)

Check failure on line 7718 in yarn.lock

codacy-production / Codacy Static Code Analysis

yarn.lock#L7718

Insecure dependency [email protected] (CVE-2022-3517: nodejs-minimatch: ReDoS via the braceExpand function) (update to 3.0.5)

Check failure on line 7746 in yarn.lock

codacy-production / Codacy Static Code Analysis

yarn.lock#L7746

Insecure dependency [email protected] (CVE-2021-44906: minimist: prototype pollution) (update to 1.2.6)

Check warning on line 8818 in yarn.lock

codacy-production / Codacy Static Code Analysis

yarn.lock#L8818

Insecure dependency [email protected] (CVE-2023-44270: An issue was discovered in PostCSS before 8.4.31. The vulnerability af ...) (update to 8.4.31)

Check failure on line 9554 in yarn.lock

codacy-production / Codacy Static Code Analysis

yarn.lock#L9554

Insecure dependency [email protected] (CVE-2022-25883: nodejs-semver: Regular expression denial of service) (update to 5.7.2)

Check failure on line 9569 in yarn.lock

codacy-production / Codacy Static Code Analysis

yarn.lock#L9569

Insecure dependency [email protected] (CVE-2022-25883: nodejs-semver: Regular expression denial of service) (update to 7.5.2)

Check warning on line 10743 in yarn.lock

codacy-production / Codacy Static Code Analysis

yarn.lock#L10743

Insecure dependency npm/[email protected] (CVE-2025-30359: webpack-dev-server: webpack-dev-server information exposure) (update to 5.2.1)

View more details on Codacy Production