[Snyk] Security upgrade react-scripts from 3.4.4 to 5.0.0

[sascha1337]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `yarn` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • yarn.lock

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	823/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.6	Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Server-side Request Forgery (SSRF)

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@babel/compat-data@7.23.5	None	0	64.6 kB	nicolo-ribaudo
npm/@babel/core@7.23.9	environment, filesystem, unsafe Transitive: shell	+45	10.6 MB	nicolo-ribaudo
npm/@babel/generator@7.23.6	Transitive: environment	+10	3.38 MB	nicolo-ribaudo
npm/@babel/helper-compilation-targets@7.23.6	Transitive: environment, filesystem, shell	+10	2.51 MB	nicolo-ribaudo
npm/@babel/helper-create-class-features-plugin@7.23.10	Transitive: environment, filesystem, shell, unsafe	+51	11.1 MB	nicolo-ribaudo
npm/@babel/helper-create-regexp-features-plugin@7.22.15	Transitive: environment, filesystem, shell, unsafe	+56	10.9 MB	nicolo-ribaudo
npm/@babel/helper-function-name@7.23.0	Transitive: environment	+11	4.54 MB	nicolo-ribaudo
npm/@babel/helper-member-expression-to-functions@7.23.0	Transitive: environment	+4	2.55 MB	nicolo-ribaudo
npm/@babel/helper-module-imports@7.22.15	Transitive: environment	+4	2.55 MB	nicolo-ribaudo
npm/@babel/helper-module-transforms@7.23.3	Transitive: environment, filesystem, shell, unsafe	+45	10.6 MB	nicolo-ribaudo
npm/@babel/helper-optimise-call-expression@7.22.5	Transitive: environment	+4	2.5 MB	nicolo-ribaudo
npm/@babel/helper-plugin-utils@7.22.5	None	0	11.9 kB	nicolo-ribaudo
npm/@babel/helper-replace-supers@7.22.20	Transitive: environment, filesystem, shell, unsafe	+48	10.7 MB	nicolo-ribaudo
npm/@babel/helper-simple-access@7.22.5	Transitive: environment	+4	2.51 MB	nicolo-ribaudo
npm/@babel/helper-skip-transparent-expression-wrappers@7.22.5	Transitive: environment	+4	2.5 MB	nicolo-ribaudo
npm/@babel/helper-split-export-declaration@7.22.6	Transitive: environment	+4	2.5 MB	nicolo-ribaudo
npm/@babel/helper-validator-identifier@7.22.20	None	0	49.1 kB	nicolo-ribaudo
npm/@babel/helper-validator-option@7.23.5	None	0	11.7 kB	nicolo-ribaudo
npm/@babel/helpers@7.23.9	Transitive: environment	+25	6.69 MB	nicolo-ribaudo
npm/@babel/parser@7.23.9	None	0	1.88 MB	nicolo-ribaudo
npm/@babel/plugin-syntax-class-properties@7.12.13	Transitive: environment, filesystem, shell, unsafe	+47	10.7 MB	nicolo-ribaudo
npm/@babel/plugin-syntax-import-meta@7.10.4	Transitive: environment, filesystem, shell, unsafe	+47	10.7 MB	jlhwung
npm/@babel/plugin-syntax-logical-assignment-operators@7.10.4	Transitive: environment, filesystem, shell, unsafe	+47	10.7 MB	jlhwung
npm/@babel/plugin-syntax-numeric-separator@7.10.4	Transitive: environment, filesystem, shell, unsafe	+47	10.7 MB	jlhwung
npm/@babel/plugin-syntax-top-level-await@7.14.5	Transitive: environment, filesystem, shell, unsafe	+47	10.7 MB	nicolo-ribaudo
npm/@babel/plugin-syntax-typescript@7.23.3	Transitive: environment, filesystem, shell, unsafe	+47	10.7 MB	nicolo-ribaudo
npm/@babel/plugin-transform-optional-chaining@7.23.4	Transitive: environment, filesystem, shell, unsafe	+49	10.7 MB	nicolo-ribaudo
npm/@babel/plugin-transform-react-display-name@7.23.3	Transitive: environment, filesystem, shell, unsafe	+47	10.7 MB	nicolo-ribaudo
npm/@babel/plugin-transform-react-jsx@7.23.4	Transitive: environment, filesystem, shell, unsafe	+49	10.7 MB	nicolo-ribaudo
npm/@babel/preset-env@7.23.9	environment Transitive: filesystem, shell, unsafe	+154	14.6 MB	nicolo-ribaudo
npm/@babel/preset-react@7.23.3	Transitive: environment, filesystem, shell, unsafe	+53	10.8 MB	nicolo-ribaudo
npm/@babel/template@7.23.9	Transitive: environment	+10	4.52 MB	nicolo-ribaudo
npm/@babel/traverse@7.23.9	Transitive: environment	+24	6.09 MB	nicolo-ribaudo
npm/@babel/types@7.23.9	environment	+3	2.49 MB	nicolo-ribaudo
npm/@csstools/postcss-progressive-custom-properties@1.3.0	Transitive: environment, filesystem	+4	299 kB	alaguna
npm/@csstools/selector-specificity@2.2.0	None	+3	225 kB	alaguna
npm/@eslint-community/regexpp@4.10.0	None	0	431 kB	eslint-community-bot
npm/@jridgewell/gen-mapping@0.3.3	None	+4	359 kB	jridgewell
npm/@jridgewell/sourcemap-codec@1.4.15	None	0	45.9 kB	jridgewell
npm/@jridgewell/trace-mapping@0.3.22	None	+2	265 kB	jridgewell
npm/@nodelib/fs.stat@2.0.5	filesystem	0	11.8 kB	mrmlnc
npm/@nodelib/fs.walk@1.2.8	Transitive: filesystem	+6	127 kB	mrmlnc
npm/@types/babel__core@7.20.5	Transitive: environment	+8	4.47 MB	types
npm/@types/eslint@8.56.2	None	+2	240 kB	types
npm/@types/estree@1.0.5	None	0	25.7 kB	types
npm/@types/express-serve-static-core@4.17.43	None	+5	761 kB	types
npm/@types/express@4.17.21	None	+10	796 kB	types
npm/@types/mime@1.3.5	None	0	3.78 kB	types
npm/@types/serve-static@1.15.5	None	+3	708 kB	types
npm/@typescript-eslint/utils@5.62.0	Transitive: environment, eval, filesystem, shell, unsafe	+136	73.1 MB	jameshenry
npm/@webassemblyjs/ast@1.11.6	None	+5	341 kB	xtuc
npm/@webassemblyjs/wasm-parser@1.11.6	None	+10	457 kB	xtuc
npm/abab@2.0.6	None	0	10.4 kB	jeffcarp
npm/address@1.2.2	environment, filesystem, shell	0	13 kB	fengmk2
npm/babel-jest@27.5.1	environment Transitive: eval, filesystem, network, shell, unsafe	+135	14.5 MB	simenb
npm/browserslist@4.22.3	environment, filesystem Transitive: shell	+6	2.36 MB	ai
npm/camelcase@6.3.0	None	0	11.7 kB	sindresorhus
npm/caniuse-lite@1.0.30001585	None	0	1.96 MB	caniuse-lite
npm/core-js-compat@3.35.1	Transitive: environment, filesystem, shell	+7	3.06 MB	zloirock
npm/css-tree@1.1.3	None	+2	2.36 MB	lahmatiy
npm/csso@4.2.0	None	+3	2.95 MB	lahmatiy
npm/domhandler@4.3.1	None	+1	55.9 kB	feedic
npm/domutils@2.8.0	network	+4	211 kB	feedic
npm/electron-to-chromium@1.4.665	None	0	274 kB	kilianvalkhof
npm/escalade@3.1.2	filesystem	0	11.6 kB	lukeed
npm/fast-glob@3.3.2	filesystem	+15	404 kB	mrmlnc
npm/gensync@1.0.0-beta.2	None	0	28.9 kB	loganfsmyth
npm/html-entities@2.4.0	None	0	96.5 kB	mdevils
npm/http-parser-js@0.5.8	None	0	25.8 kB	jimbly
npm/icss-utils@5.1.0	Transitive: environment, filesystem	+3	238 kB	evilebottnawi
npm/is-docker@2.2.1	filesystem	0	3.01 kB	sindresorhus
npm/is-path-inside@3.0.3	None	0	4.12 kB	sindresorhus
npm/istanbul-lib-coverage@3.2.2	None	0	34.4 kB	oss-bot
npm/istanbul-lib-instrument@5.2.1	Transitive: environment, filesystem, shell, unsafe	+48	10.8 MB	oss-bot
npm/jest-resolve@27.5.1	environment, unsafe Transitive: filesystem, network, shell	+39	1.88 MB	simenb
npm/jest-worker@27.5.1	environment, shell	+3	785 kB	simenb
npm/json-parse-even-better-errors@2.3.1	None	0	10.4 kB	isaacs
npm/json5@2.2.3	None	0	235 kB	jordanbtucker
npm/klona@2.0.6	None	0	23.2 kB	lukeed
npm/lilconfig@2.1.0	filesystem	0	16.6 kB	antonk52
npm/loader-utils@2.0.4	None	+3	389 kB	evilebottnawi
npm/magic-string@0.25.9	None	+1	405 kB	antfu
npm/memfs@3.6.0	filesystem Transitive: unsafe	+1	205 kB	streamich
npm/merge2@1.4.1	None	0	8.9 kB	zensh
npm/micromatch@4.0.5	None	+4	154 kB	jonschlinkert
npm/node-releases@2.0.14	None	0	34 kB	chicoxyzzy
npm/pirates@4.0.6	unsafe	0	13.5 kB	danez
npm/postcss-selector-parser@6.0.15	None	+2	209 kB	evilebottnawi
npm/postcss-value-parser@4.2.0	None	0	27.2 kB	evilebottnawi
npm/postcss@8.4.35	environment, filesystem	+2	228 kB	ai
npm/pretty-bytes@5.6.0	None	0	11.5 kB	sindresorhus
npm/prompts@2.4.2	None	+2	203 kB	terkelg
npm/react-scripts@5.0.1	Transitive: environment, eval, filesystem, network, shell, unsafe	+1264	189 MB	iansu
npm/schema-utils@3.3.0	environment Transitive: eval	+7	1.69 MB	evilebottnawi
npm/serialize-javascript@6.0.2	None	+2	55.4 kB	redonkulus
npm/shell-quote@1.8.1	None	0	45 kB	ljharb
npm/sisteransi@1.0.5	None	0	6.79 kB	terkelg
npm/tapable@2.2.1	None	0	46.9 kB	sokra
npm/terser-webpack-plugin@5.3.10	Transitive: environment, eval, filesystem, network, shell, unsafe	+69	15.2 MB	evilebottnawi
npm/terser@5.27.0	environment, eval Transitive: filesystem, shell	+10	3.67 MB	fabiosantoscode
npm/websocket-driver@0.7.4	network	+3	180 kB	jcoglan
npm/whatwg-url@8.7.0	None	+4	1.76 MB	domenic
npm/yaml@1.10.2	environment	0	448 kB	eemeli

🚮 Removed packages: npm/@babel/compat-data@7.9.0, npm/@babel/core@7.9.0, npm/@babel/generator@7.9.5, npm/@babel/helper-create-regexp-features-plugin@7.8.8, npm/@babel/helper-function-name@7.9.5, npm/@babel/helper-plugin-utils@7.8.3, npm/@babel/helper-replace-supers@7.8.6, npm/@babel/parser@7.9.4, npm/@babel/plugin-proposal-nullish-coalescing-operator@7.8.3, npm/@babel/plugin-proposal-numeric-separator@7.8.3, npm/@babel/plugin-proposal-object-rest-spread@7.9.5, npm/@babel/plugin-proposal-optional-chaining@7.9.0, npm/@babel/plugin-proposal-unicode-property-regex@7.8.8, npm/@babel/plugin-syntax-numeric-separator@7.8.3, npm/@babel/plugin-transform-classes@7.9.5, npm/@babel/plugin-transform-destructuring@7.9.5, npm/@babel/plugin-transform-dotall-regex@7.8.3, npm/@babel/plugin-transform-parameters@7.9.5, npm/@babel/plugin-transform-react-display-name@7.8.3, npm/@babel/plugin-transform-react-jsx@7.9.4, npm/@babel/template@7.8.3, npm/@babel/traverse@7.9.5, npm/@babel/types@7.9.5, npm/@hapi/hoek@8.5.1, npm/@jest/console@24.9.0, npm/@jest/environment@24.9.0, npm/@jest/fake-timers@24.9.0, npm/@jest/source-map@24.9.0, npm/acorn-globals@4.3.4, npm/address@1.1.2, npm/browserify-aes@1.2.0, npm/browserslist@4.14.0, npm/caniuse-lite@1.0.30001252, npm/cosmiconfig@5.2.1, npm/css-color-names@0.0.4, npm/cssstyle@1.4.0, npm/data-urls@1.1.0, npm/domutils@1.5.1, npm/electron-to-chromium@1.3.529, npm/errno@0.1.7, npm/evp_bytestokey@1.0.3, npm/extend-shallow@3.0.2, npm/for-in@1.0.2, npm/get-value@2.0.6, npm/http-parser-js@0.4.10, npm/icss-utils@4.1.1, npm/infer-owner@1.0.4, npm/invariant@2.2.4, npm/is-buffer@1.1.6, npm/is-descriptor@1.0.2, npm/is-extendable@0.1.1, npm/is-plain-object@2.0.4, npm/isobject@3.0.1, npm/istanbul-lib-coverage@2.0.5, npm/istanbul-lib-instrument@3.3.0, npm/jest-mock@24.9.0, npm/jest-regex-util@24.9.0, npm/jest-resolve@24.9.0, npm/jest-util@24.9.0, npm/jest-watcher@24.9.0, npm/jest-worker@24.9.0, npm/kind-of@3.2.2, npm/loader-utils@1.2.3, npm/lodash.template@4.5.0, npm/micromatch@3.1.10, npm/neo-async@2.6.1, npm/node-releases@1.1.60, npm/nwsapi@2.2.0, npm/postcss-selector-parser@5.0.0, npm/postcss-value-parser@4.0.2, npm/postcss-values-parser@2.0.1, npm/postcss@7.0.26, npm/react-scripts@3.4.4, npm/regenerate-unicode-properties@8.2.0, npm/regex-not@1.0.2, npm/regexpu-core@4.7.0, npm/regjsgen@0.5.1, npm/regjsparser@0.6.4, npm/resolve@1.15.1, npm/run-queue@1.0.3, npm/set-value@2.0.1, npm/source-map-resolve@0.5.3, npm/source-map@0.5.7, npm/split-string@3.1.0, npm/terser@4.6.3, npm/to-regex@3.0.2, npm/ts-pnp@1.1.6, npm/unicode-match-property-value-ecmascript@1.2.0, npm/util.promisify@1.0.0, npm/websocket-driver@0.6.5, npm/yargs-parser@13.1.2

View full report↗︎