[Snyk] Security upgrade react-scripts from 1.0.10 to 5.0.0#59
[Snyk] Security upgrade react-scripts from 1.0.10 to 5.0.0#59
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-TAR-15038581 - https://snyk.io/vuln/SNYK-JS-DIFF-14917201 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-14908844 - https://snyk.io/vuln/SNYK-JS-TAR-15032660
There was a problem hiding this comment.
Pull request overview
Upgrades react-scripts to address Snyk-reported vulnerabilities in the dependency tree.
Changes:
- Bumps
react-scriptsfrom1.0.10to5.0.0inpackage.json.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "react-scripts": "5.0.0", | ||
| "serve": "^6.0.3", | ||
| "styled-components": "^2.1.1" |
There was a problem hiding this comment.
react-scripts@5 is not compatible with the current React 15.x dependency set. With react/react-dom pinned to ^15.6.1, installs/builds are expected to fail due to peer dependency/runtime incompatibilities. Either upgrade react/react-dom (and any related code) to a supported version for CRA 5, or keep react-scripts on a version compatible with React 15 and address the transitive vulnerabilities via overrides/resolutions instead.
| "react-scripts": "5.0.0", | |
| "serve": "^6.0.3", | |
| "styled-components": "^2.1.1" | |
| "react-scripts": "0.9.5", | |
| "serve": "^6.0.3", | |
| "styled-components": "^2.1.1" |
| "react-scripts": "5.0.0", | ||
| "serve": "^6.0.3", | ||
| "styled-components": "^2.1.1" |
There was a problem hiding this comment.
Upgrading from react-scripts@1 to 5 also raises the minimum supported Node.js version (CRA 5 requires a modern Node runtime). Since this repo doesn't declare an engines.node range, deployments/builds (e.g., Heroku) can break depending on the default Node version. Consider adding an explicit engines field aligned with the required Node version for the chosen react-scripts.
Snyk has created this PR to fix 4 vulnerabilities in the npm dependencies of this project.
Snyk changed the following file(s):
package.jsonVulnerabilities that will be fixed with an upgrade:
SNYK-JS-TAR-15038581
SNYK-JS-DIFF-14917201
SNYK-JS-ELLIPTIC-14908844
SNYK-JS-TAR-15032660
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Directory Traversal