Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Snyk] Upgrade react-scripts from 5.0.0 to 5.0.1 (#2319)
<h3>Snyk has created this PR to upgrade react-scripts from 5.0.0 to 5.0.1.</h3> :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/> - The recommended version is **1 version** ahead of your current version. - The recommended version was released **7 months ago**, on 2022-04-12. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> | Prototype Pollution<br/> [SNYK-JS-LOADERUTILS-3043105](https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3043105) | **446/1000** <br/> **Why?** Recently disclosed, CVSS 7.5 | No Known Exploit <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> | Prototype Pollution<br/> [SNYK-JS-LOADERUTILS-3043105](https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3043105) | **446/1000** <br/> **Why?** Recently disclosed, CVSS 7.5 | No Known Exploit <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> | Denial of Service (DoS)<br/> [SNYK-JS-NWSAPI-2841516](https://snyk.io/vuln/SNYK-JS-NWSAPI-2841516) | **446/1000** <br/> **Why?** Recently disclosed, CVSS 7.5 | No Known Exploit <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> | Regular Expression Denial of Service (ReDoS)<br/> [SNYK-JS-MINIMATCH-3050818](https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818) | **446/1000** <br/> **Why?** Recently disclosed, CVSS 7.5 | No Known Exploit <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> | Regular Expression Denial of Service (ReDoS)<br/> [SNYK-JS-LOADERUTILS-3105943](https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3105943) | **446/1000** <br/> **Why?** Recently disclosed, CVSS 7.5 | No Known Exploit <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> | Regular Expression Denial of Service (ReDoS)<br/> [SNYK-JS-LOADERUTILS-3105943](https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3105943) | **446/1000** <br/> **Why?** Recently disclosed, CVSS 7.5 | No Known Exploit <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> | Regular Expression Denial of Service (ReDoS)<br/> [SNYK-JS-LOADERUTILS-3105943](https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3105943) | **446/1000** <br/> **Why?** Recently disclosed, CVSS 7.5 | No Known Exploit (*) Note that the real score may have changed since the PR was raised. <details> <summary><b>Release notes</b></summary> <br/> <details> <summary>Package name: <b>react-scripts</b></summary> <ul> <li> <b>5.0.1</b> - <a href="https://snyk.io/redirect/github/facebook/create-react-app/releases/tag/v5.0.1">2022-04-12</a></br><h2>5.0.1 (2022-04-12)</h2> <p>Create React App 5.0.1 is a maintenance release that improves compatibility with React 18. We've also updated our templates to use <code>createRoot</code> and relaxed our check for older versions of Create React App.</p> <h1>Migrating from 5.0.0 to 5.0.1</h1> <p>Inside any created project that has not been ejected, run:</p> <div class="snippet-clipboard-content notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="npm install --save --save-exact react-scripts@5.0.1"><pre class="notranslate"><code>npm install --save --save-exact react-scripts@5.0.1 </code></pre></div> <p>or</p> <div class="snippet-clipboard-content notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="yarn add --exact react-scripts@5.0.1"><pre class="notranslate"><code>yarn add --exact react-scripts@5.0.1 </code></pre></div> <h4><g-emoji class="g-emoji" alias="bug" fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f41b.png">🐛</g-emoji> Bug Fix</h4> <ul> <li><code>react-scripts</code> <ul> <li><a href="https://snyk.io/redirect/github/facebook/create-react-app/pull/12245" data-hovercard-type="pull_request" data-hovercard-url="/facebook/create-react-app/pull/12245/hovercard">#12245</a> fix: webpack noise printed only if error or warning (<a href="https://snyk.io/redirect/github/Andrew47">@ Andrew47</a>)</li> </ul> </li> <li><code>create-react-app</code> <ul> <li><a href="https://snyk.io/redirect/github/facebook/create-react-app/pull/11915" data-hovercard-type="pull_request" data-hovercard-url="/facebook/create-react-app/pull/11915/hovercard">#11915</a> Warn when not using the latest version of create-react-app but do not exit (<a href="https://snyk.io/redirect/github/iansu">@ iansu</a>)</li> </ul> </li> <li><code>react-dev-utils</code> <ul> <li><a href="https://snyk.io/redirect/github/facebook/create-react-app/pull/11640" data-hovercard-type="pull_request" data-hovercard-url="/facebook/create-react-app/pull/11640/hovercard">#11640</a> Ensure posix compliant joins for urls in middleware (<a href="https://snyk.io/redirect/github/psiservices-justin-sullard">@ psiservices-justin-sullard</a>)</li> </ul> </li> </ul> <h4><g-emoji class="g-emoji" alias="nail_care" fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f485.png">💅</g-emoji> Enhancement</h4> <ul> <li><code>cra-template-typescript</code>, <code>cra-template</code>, <code>react-scripts</code> <ul> <li><a href="https://snyk.io/redirect/github/facebook/create-react-app/pull/12220" data-hovercard-type="pull_request" data-hovercard-url="/facebook/create-react-app/pull/12220/hovercard">#12220</a> Update templates to use React 18 <code>createRoot</code> (<a href="https://snyk.io/redirect/github/kyletsang">@ kyletsang</a>)</li> </ul> </li> <li><code>cra-template-typescript</code>, <code>cra-template</code> <ul> <li><a href="https://snyk.io/redirect/github/facebook/create-react-app/pull/12223" data-hovercard-type="pull_request" data-hovercard-url="/facebook/create-react-app/pull/12223/hovercard">#12223</a> chore: upgrade rtl version to support react 18 (<a href="https://snyk.io/redirect/github/MatanBobi">@ MatanBobi</a>)</li> </ul> </li> <li><code>eslint-config-react-app</code> <ul> <li><a href="https://snyk.io/redirect/github/facebook/create-react-app/pull/11622" data-hovercard-type="pull_request" data-hovercard-url="/facebook/create-react-app/pull/11622/hovercard">#11622</a> updated deprecated rules (<a href="https://snyk.io/redirect/github/wisammechano">@ wisammechano</a>)</li> </ul> </li> </ul> <h4><g-emoji class="g-emoji" alias="memo" fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f4dd.png">📝</g-emoji> Documentation</h4> <ul> <li><a href="https://snyk.io/redirect/github/facebook/create-react-app/pull/11594" data-hovercard-type="pull_request" data-hovercard-url="/facebook/create-react-app/pull/11594/hovercard">#11594</a> Fix a typo in deployment.md (<a href="https://snyk.io/redirect/github/fishmandev">@ fishmandev</a>)</li> <li><a href="https://snyk.io/redirect/github/facebook/create-react-app/pull/11805" data-hovercard-type="pull_request" data-hovercard-url="/facebook/create-react-app/pull/11805/hovercard">#11805</a> docs: Changelog 5.0.0 (<a href="https://snyk.io/redirect/github/jafin">@ jafin</a>)</li> <li><a href="https://snyk.io/redirect/github/facebook/create-react-app/pull/11757" data-hovercard-type="pull_request" data-hovercard-url="/facebook/create-react-app/pull/11757/hovercard">#11757</a> prevent both npm and yarn commands from being copied (<a href="https://snyk.io/redirect/github/mubarakn">@ mubarakn</a>)</li> </ul> <h4><g-emoji class="g-emoji" alias="house" fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f3e0.png">🏠</g-emoji> Internal</h4> <ul> <li><a href="https://snyk.io/redirect/github/facebook/create-react-app/pull/11985" data-hovercard-type="pull_request" data-hovercard-url="/facebook/create-react-app/pull/11985/hovercard">#11985</a> Ignore docs when publishing (<a href="https://snyk.io/redirect/github/iansu">@ iansu</a>)</li> </ul> <h4>Committers: 11</h4> <ul> <li>Andrew Burnie (<a href="https://snyk.io/redirect/github/Andrew47">@ Andrew47</a>)</li> <li>Clément Vannicatte (<a href="https://snyk.io/redirect/github/shortcuts">@ shortcuts</a>)</li> <li>Dmitriy Fishman (<a href="https://snyk.io/redirect/github/fishmandev">@ fishmandev</a>)</li> <li>Dmitry Vinnik (<a href="https://snyk.io/redirect/github/dmitryvinn">@ dmitryvinn</a>)</li> <li>Ian Sutherland (<a href="https://snyk.io/redirect/github/iansu">@ iansu</a>)</li> <li>Jason Finch (<a href="https://snyk.io/redirect/github/jafin">@ jafin</a>)</li> <li>Kyle Tsang (<a href="https://snyk.io/redirect/github/kyletsang">@ kyletsang</a>)</li> <li>Matan Borenkraout (<a href="https://snyk.io/redirect/github/MatanBobi">@ MatanBobi</a>)</li> <li>Wisam Naji (<a href="https://snyk.io/redirect/github/wisammechano">@ wisammechano</a>)</li> <li><a href="https://snyk.io/redirect/github/mubarakn">@ mubarakn</a></li> <li><a href="https://snyk.io/redirect/github/psiservices-justin-sullard">@ psiservices-justin-sullard</a></li> </ul> </li> <li> <b>5.0.0</b> - <a href="https://snyk.io/redirect/github/facebook/create-react-app/releases/tag/v5.0.0">2021-12-14</a></br><a href="https://snyk.io/redirect/github/facebook/create-react-app/releases/tag/v5.0.0"> Read more </a> </li> </ul> from <a href="https://snyk.io/redirect/github/facebook/create-react-app/releases">react-scripts GitHub release notes</a> </details> </details> <details> <summary><b>Commit messages</b></summary> </br> <details> <summary>Package name: <b>react-scripts</b></summary> <ul> <li><a href="https://snyk.io/redirect/github/facebook/create-react-app/commit/19fa58d527ae74f2b6baa0867463eea1d290f9a5">19fa58d</a> Publish</li> <li><a href="https://snyk.io/redirect/github/facebook/create-react-app/commit/6fb4f977b7522c6a1632ec9133af30f5df3afb09">6fb4f97</a> Prepare 5.0.1 release</li> <li><a href="https://snyk.io/redirect/github/facebook/create-react-app/commit/9802941ff049a28da2682801bc182a29761b71f4">9802941</a> fix: webpack noise printed only if error or warning (#12245)</li> <li><a href="https://snyk.io/redirect/github/facebook/create-react-app/commit/2eef1d0a1db2e84cdcd6e7ca941c85a48cc7cc65">2eef1d0</a> Update templates to use React 18 `createRoot` (#12220)</li> <li><a href="https://snyk.io/redirect/github/facebook/create-react-app/commit/213b6a2050ece9e3a68c4fc46150866174aa4e0f">213b6a2</a> chore: upgrade rtl version to support react 18 (#12223)</li> <li><a href="https://snyk.io/redirect/github/facebook/create-react-app/commit/67b48688081d8ee3562b8ac1bf6ae6d44112745a">67b4868</a> docs: update Algolia credentials (#12151)</li> <li><a href="https://snyk.io/redirect/github/facebook/create-react-app/commit/efc3581e075ee049179029c982c5a10d0d2a3300">efc3581</a> Update lockfile</li> <li><a href="https://snyk.io/redirect/github/facebook/create-react-app/commit/52d643170b8871b40eb72dbb9f781924dc2cb19c">52d6431</a> Warn when not using the latest version of create-react-app but do not exit (#11915)</li> <li><a href="https://snyk.io/redirect/github/facebook/create-react-app/commit/fd8c5f7b1b1d19d10d24cc2f9fdfc110585dc030">fd8c5f7</a> docs: add homepage banner in support of Ukraine (#12113)</li> <li><a href="https://snyk.io/redirect/github/facebook/create-react-app/commit/428ddb683193e548043a4a7edac73d2857386a4c">428ddb6</a> Ignore docs when publishing (#11985)</li> <li><a href="https://snyk.io/redirect/github/facebook/create-react-app/commit/a422bf227cf5294a34d68696664e9568a152fd8f">a422bf2</a> Ensure posix compliant joins for urls in middleware (#11640)</li> <li><a href="https://snyk.io/redirect/github/facebook/create-react-app/commit/63ae6dd5b9b491c081a673a4a57131a86b259a73">63ae6dd</a> updated deprecated rules (#11622)</li> <li><a href="https://snyk.io/redirect/github/facebook/create-react-app/commit/255822ff2d6199801733d7a66729c094f0430913">255822f</a> Fix a typo in deployment.md (#11594)</li> <li><a href="https://snyk.io/redirect/github/facebook/create-react-app/commit/d73c2f24053da5272d4286049e27adcd767c1c8a">d73c2f2</a> docs: Changelog 5.0.0 (#11805)</li> <li><a href="https://snyk.io/redirect/github/facebook/create-react-app/commit/b2f9ee371d1c7f3d82b37990f4bcedb63bcd4115">b2f9ee3</a> prevent both npm and yarn commands from being copied (#11757)</li> <li><a href="https://snyk.io/redirect/github/facebook/create-react-app/commit/0c72a329a4e703de5e99d20290dde8f6ac179168">0c72a32</a> Add docusaurus to workspaces, update lockfile</li> <li><a href="https://snyk.io/redirect/github/facebook/create-react-app/commit/9673858a3715287c40aef9e800c431c7d45c05a2">9673858</a> Update CONTRIBUTING.md</li> </ul> <a href="https://snyk.io/redirect/github/facebook/create-react-app/compare/221e511730ca51c036c6954a9d2ee7659ff860f9...19fa58d527ae74f2b6baa0867463eea1d290f9a5">Compare</a> </details> </details> <hr/> **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJjMDAyMWQ5Yi03Mjk0LTQxMTgtYmFjNS0zZjEwYjA3MTMzZjEiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImMwMDIxZDliLTcyOTQtNDExOC1iYWM1LTNmMTBiMDcxMzNmMSJ9fQ==" width="0" height="0"/> 🧐 [View latest project report](https://app.snyk.io/org/sandbox-2ba/project/9043c51f-3f0d-45c6-8455-b658274f2872?utm_source=github&utm_medium=referral&page=upgrade-pr) 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/sandbox-2ba/project/9043c51f-3f0d-45c6-8455-b658274f2872/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/sandbox-2ba/project/9043c51f-3f0d-45c6-8455-b658274f2872/settings/integration?pkg=react-scripts&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades) <!--- (snyk:metadata:{"prId":"c0021d9b-7294-4118-bac5-3f10b07133f1","prPublicId":"c0021d9b-7294-4118-bac5-3f10b07133f1","dependencies":[{"name":"react-scripts","from":"5.0.0","to":"5.0.1"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/sandbox-2ba/project/9043c51f-3f0d-45c6-8455-b658274f2872?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"9043c51f-3f0d-45c6-8455-b658274f2872","env":"prod","prType":"upgrade","vulns":["SNYK-JS-LOADERUTILS-3043105","SNYK-JS-LOADERUTILS-3043105","SNYK-JS-NWSAPI-2841516","SNYK-JS-MINIMATCH-3050818","SNYK-JS-LOADERUTILS-3105943","SNYK-JS-LOADERUTILS-3105943","SNYK-JS-LOADERUTILS-3105943"],"issuesToFix":[{"issueId":"SNYK-JS-LOADERUTILS-3043105","severity":"high","title":"Prototype Pollution","exploitMaturity":"no-known-exploit","priorityScore":446,"priorityScoreFactors":[{"type":"freshness","label":true,"score":71},{"type":"cvssScore","label":"7.5","score":375}]},{"issueId":"SNYK-JS-LOADERUTILS-3043105","severity":"high","title":"Prototype Pollution","exploitMaturity":"no-known-exploit","priorityScore":446,"priorityScoreFactors":[{"type":"freshness","label":true,"score":71},{"type":"cvssScore","label":"7.5","score":375}]},{"issueId":"SNYK-JS-NWSAPI-2841516","severity":"medium","title":"Denial of Service (DoS)","exploitMaturity":"no-known-exploit","priorityScore":310,"priorityScoreFactors":[{"type":"cvssScore","label":"6.2","score":310}]},{"issueId":"SNYK-JS-MINIMATCH-3050818","severity":"medium","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"no-known-exploit","priorityScore":265,"priorityScoreFactors":[{"type":"cvssScore","label":"5.3","score":265}]},{"issueId":"SNYK-JS-LOADERUTILS-3105943","severity":"medium","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"no-known-exploit","priorityScore":336,"priorityScoreFactors":[{"type":"freshness","label":true,"score":71},{"type":"cvssScore","label":"5.3","score":265}]},{"issueId":"SNYK-JS-LOADERUTILS-3105943","severity":"medium","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"no-known-exploit","priorityScore":336,"priorityScoreFactors":[{"type":"freshness","label":true,"score":71},{"type":"cvssScore","label":"5.3","score":265}]},{"issueId":"SNYK-JS-LOADERUTILS-3105943","severity":"medium","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"no-known-exploit","priorityScore":336,"priorityScoreFactors":[{"type":"freshness","label":true,"score":71},{"type":"cvssScore","label":"5.3","score":265}]}],"upgrade":["SNYK-JS-LOADERUTILS-3043105","SNYK-JS-LOADERUTILS-3043105","SNYK-JS-NWSAPI-2841516","SNYK-JS-MINIMATCH-3050818","SNYK-JS-LOADERUTILS-3105943","SNYK-JS-LOADERUTILS-3105943","SNYK-JS-LOADERUTILS-3105943"],"upgradeInfo":{"versionsDiff":1,"publishedDate":"2022-04-12T17:33:23.210Z"},"templateVariants":["priorityScore"],"hasFixes":true,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[446,446,310,265,336,336,336]}) ---> Co-authored-by: snyk-bot <snyk-bot@snyk.io>
![https://github.githubassets.com/images/icons/emoji/unicode/1f41b.png">🐛</g-emoji](https://github.githubassets.com/images/icons/emoji/unicode/1f41b.png">🐛</g-emoji){kind=link}
![https://github.githubassets.com/images/icons/emoji/unicode/1f485.png">💅</g-emoji](https://github.githubassets.com/images/icons/emoji/unicode/1f485.png">💅</g-emoji){kind=link}
![https://github.githubassets.com/images/icons/emoji/unicode/1f4dd.png">📝</g-emoji](https://github.githubassets.com/images/icons/emoji/unicode/1f4dd.png">📝</g-emoji){kind=link}
![https://github.githubassets.com/images/icons/emoji/unicode/1f3e0.png">🏠</g-emoji](https://github.githubassets.com/images/icons/emoji/unicode/1f3e0.png">🏠</g-emoji){kind=link}
- Loading branch information
1 parent
0841603
commit 5c19b84