[Snyk] Upgrade react-scripts from 4.0.1 to 5.0.1

[desolintdev]

Snyk has created this PR to upgrade react-scripts from 4.0.1 to 5.0.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 9 versions ahead of your current version.

• The recommended version was released 4 years ago.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIHTML-1296849	482	Proof of Concept
	Prototype Pollution SNYK-JS-ASYNC-2441827	482	Proof of Concept
	Excessive Platform Resource Consumption within a Loop SNYK-JS-BRACES-6838727	482	Proof of Concept
	Excessive Platform Resource Consumption within a Loop SNYK-JS-BRACES-6838727	482	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-BROWSERIFYSIGN-6037026	482	No Known Exploit
	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	482	No Known Exploit
	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	482	No Known Exploit
	Code Injection SNYK-JS-LODASH-1040724	482	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BABELHELPERS-9397697	482	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BABELRUNTIME-10044504	482	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BABELRUNTIME-10044504	482	Proof of Concept
	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	482	Proof of Concept
	Asymmetric Resource Consumption (Amplification) SNYK-JS-BODYPARSER-7926860	482	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CROSSSPAWN-8303230	482	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CROSSSPAWN-8303230	482	Proof of Concept
	Remote Memory Exposure SNYK-JS-DNSPACKET-1293563	482	No Known Exploit
	Remote Code Execution (RCE) SNYK-JS-EJS-2803307	482	Proof of Concept
	Code Injection SNYK-JS-LODASHTEMPLATE-1088054	482	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	482	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	482	Proof of Concept
	Improper Control of Dynamically-Managed Code Resources SNYK-JS-EJS-6689533	482	Proof of Concept
	Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	482	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BRACEEXPANSION-9789073	482	Proof of Concept
	Function Call With Incorrect Argument Type SNYK-JS-CIPHERBASE-12084814	482	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	482	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-COOKIE-8163060	482	No Known Exploit
	Arbitrary Code Injection SNYK-JS-EJS-1049328	482	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577916	482	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577917	482	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577918	482	Proof of Concept
	Uncontrolled Recursion SNYK-JS-NODEFORGE-14125745	482	No Known Exploit
	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	482	No Known Exploit
	Prototype Poisoning SNYK-JS-QS-3153490	482	Proof of Concept
	Prototype Poisoning SNYK-JS-QS-3153490	482	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	482	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	482	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	482	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	482	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	482	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	482	Proof of Concept
	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	482	No Known Exploit
	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	482	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	482	No Known Exploit
	Information Exposure SNYK-JS-NANOID-2332193	482	Proof of Concept
	Improper Input Validation SNYK-JS-NANOID-8492085	482	No Known Exploit
	Integer Overflow or Wraparound SNYK-JS-NODEFORGE-14125097	482	No Known Exploit
	Open Redirect SNYK-JS-NODEFORGE-2330875	482	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	482	No Known Exploit
	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	482	No Known Exploit
	Denial of Service (DoS) SNYK-JS-NWSAPI-2841516	482	No Known Exploit
	Improper Handling of Unexpected Data Type SNYK-JS-ONHEADERS-10773729	482	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHTOREGEXP-8482416	482	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	482	Proof of Concept
	Interpretation Conflict SNYK-JS-NODEFORGE-14114940	482	No Known Exploit
	Prototype Pollution SNYK-JS-NODEFORGE-2331908	482	No Known Exploit
	Command Injection SNYK-JS-NODENOTIFIER-1035794	482	No Known Exploit
	Generation of Predictable Numbers or Identifiers SNYK-JS-PBKDF2-10495496	482	Proof of Concept
	Generation of Predictable Numbers or Identifiers SNYK-JS-PBKDF2-10495498	482	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	482	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	482	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	482	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	482	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	482	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	482	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PROMPTS-1729737	482	Proof of Concept
	Command Injection SNYK-JS-REACTDEVUTILS-1083268	482	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	482	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-ROLLUP-8073097	482	Proof of Concept
	Cross-site Scripting SNYK-JS-SEND-7926862	482	No Known Exploit
	Cross-site Scripting SNYK-JS-SERVESTATIC-7926865	482	No Known Exploit
	Function Call With Incorrect Argument Type SNYK-JS-SHAJS-12089400	482	Proof of Concept
	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	482	No Known Exploit
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-8172694	482	No Known Exploit
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-8187303	482	Proof of Concept
	Information Exposure SNYK-JS-ELLIPTIC-8720086	482	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ES5EXT-6095076	482	Proof of Concept
	Improper Handling of Extra Parameters SNYK-JS-FOLLOWREDIRECTS-6141137	482	Proof of Concept
	Denial of Service (DoS) SNYK-JS-HTTPPROXYMIDDLEWARE-8229906	482	Proof of Concept
	Prototype Pollution SNYK-JS-IMMER-1019369	482	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-IP-12704893	482	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-IP-12761655	482	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	482	Proof of Concept
	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	482	No Known Exploit
	Information Exposure SNYK-JS-EVENTSOURCE-2823375	482	Proof of Concept
	Open Redirect SNYK-JS-EXPRESS-6474509	482	No Known Exploit
	Cross-site Scripting SNYK-JS-EXPRESS-7926867	482	No Known Exploit
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	482	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	482	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	482	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	482	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	482	Proof of Concept
	Server-Side Request Forgery (SSRF) SNYK-JS-IP-7148531	482	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1085627	482	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1243891	482	Proof of Concept
	Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088	482	No Known Exploit
	Prototype Pollution SNYK-JS-JSON5-3182856	482	Proof of Concept
	Prototype Pollution SNYK-JS-JSYAML-13961110	482	No Known Exploit
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	482	No Known Exploit
	Predictable Value Range from Previous Values SNYK-JS-FORMDATA-10841150	482	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	482	Proof of Concept
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	482	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	482	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579147	482	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579152	482	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579155	482	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TMPL-1583443	482	Proof of Concept
	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	482	No Known Exploit
	Improper Input Validation SNYK-JS-URLPARSE-2407770	482	Proof of Concept
	Path Traversal SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555	482	Proof of Concept
	Denial of Service (DoS) SNYK-JS-WS-7266574	482	Proof of Concept
	Denial of Service (DoS) SNYK-JS-WS-7266574	482	Proof of Concept
	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	482	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	482	Proof of Concept
	Prototype Pollution SNYK-JS-IMMER-1540542	482	Proof of Concept
	Prototype Pollution SNYK-JS-JSON5-3182856	482	Proof of Concept
	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	482	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	482	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	482	No Known Exploit
	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	482	Proof of Concept
	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	482	Proof of Concept
	Improper Input Validation SNYK-JS-URLPARSE-1078283	482	No Known Exploit
	Open Redirect SNYK-JS-URLPARSE-1533425	482	Proof of Concept
	Access Restriction Bypass SNYK-JS-URLPARSE-2401205	482	Proof of Concept
	Authorization Bypass SNYK-JS-URLPARSE-2407759	482	Proof of Concept
	Authorization Bypass Through User-Controlled Key SNYK-JS-URLPARSE-2412697	482	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-WEBPACK-7840298	482	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	482	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	482	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	482	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHTOREGEXP-7925106	482	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	482	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	482	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WORDWRAP-3149973	482	Proof of Concept

Release notes

Package name: react-scripts

• 5.0.1 - 2022-04-12
  

  5.0.1 (2022-04-12)

  Create React App 5.0.1 is a maintenance release that improves compatibility with React 18. We've also updated our templates to use createRoot and relaxed our check for older versions of Create React App.

  Migrating from 5.0.0 to 5.0.1

  Inside any created project that has not been ejected, run:

  npm install --save --save-exact react-scripts@5.0.1
  

  or

  yarn add --exact react-scripts@5.0.1
  

  🐛 Bug Fix

  • react-scripts
    • #12245 fix: webpack noise printed only if error or warning (@ Andrew47)
  • create-react-app
    • #11915 Warn when not using the latest version of create-react-app but do not exit (@ iansu)
  • react-dev-utils
    • #11640 Ensure posix compliant joins for urls in middleware (@ psiservices-justin-sullard)

  💅 Enhancement

  • cra-template-typescript, cra-template, react-scripts
    • #12220 Update templates to use React 18 createRoot (@ kyletsang)
  • cra-template-typescript, cra-template
    • #12223 chore: upgrade rtl version to support react 18 (@ MatanBobi)
  • eslint-config-react-app
    • #11622 updated deprecated rules (@ wisammechano)

  📝 Documentation

  • #11594 Fix a typo in deployment.md (@ fishmandev)
  • #11805 docs: Changelog 5.0.0 (@ jafin)
  • #11757 prevent both npm and yarn commands from being copied (@ mubarakn)

  🏠 Internal

  • #11985 Ignore docs when publishing (@ iansu)

  Committers: 11

  • Andrew Burnie (@ Andrew47)
  • Clément Vannicatte (@ shortcuts)
  • Dmitriy Fishman (@ fishmandev)
  • Dmitry Vinnik (@ dmitryvinn)
  • Ian Sutherland (@ iansu)
  • Jason Finch (@ jafin)
  • Kyle Tsang (@ kyletsang)
  • Matan Borenkraout (@ MatanBobi)
  • Wisam Naji (@ wisammechano)
  • @ mubarakn
  • @ psiservices-justin-sullard
• 5.0.0 - 2021-12-14
• 5.0.0-next.60 - 2021-12-14
• 5.0.0-next.58 - 2021-12-08
• 5.0.0-next.47 - 2021-10-04
• 5.0.0-next.37 - 2021-09-01
• 5.0.0-next.31 - 2021-08-04
• 4.0.3 - 2021-02-22
• 4.0.2 - 2021-02-03
• 4.0.1 - 2020-11-23

from react-scripts GitHub release notes

---

Important

• Warning: This PR contains a major version upgrade, and may be a breaking change.
• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	react-scripts@​5.0.1
	react@​17.0.1
	react-qr-reader@​2.2.1
	qrcode@​1.4.4
	react-dom@​17.0.1

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm safer-buffer is 94.0% likely obfuscated Confidence: 0.94 Location: Package overview From: package-lock.json → npm/safer-buffer@2.1.2 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/safer-buffer@2.1.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report