[Snyk] Upgrade react-scripts from 3.4.1 to 5.0.1

[GregBrimble]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade react-scripts from 3.4.1 to 5.0.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

Warning: This is a major version upgrade, and may be a breaking change.

• The recommended version is 20 versions ahead of your current version.
• The recommended version was released 2 years ago, on 2022-04-12.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	410/1000 Why? CVSS 8.2	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	410/1000 Why? CVSS 8.2	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579147	410/1000 Why? CVSS 8.2	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579152	410/1000 Why? CVSS 8.2	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579155	410/1000 Why? CVSS 8.2	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TMPL-1583443	410/1000 Why? CVSS 8.2	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	410/1000 Why? CVSS 8.2	No Known Exploit
	Command Injection SNYK-JS-LODASHTEMPLATE-1088054	410/1000 Why? CVSS 8.2	Proof of Concept
	Prototype Pollution SNYK-JS-MERGEDEEP-1070277	410/1000 Why? CVSS 8.2	No Known Exploit
	Prototype Pollution SNYK-JS-IMMER-1019369	410/1000 Why? CVSS 8.2	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	410/1000 Why? CVSS 8.2	Proof of Concept
	Prototype Pollution SNYK-JS-INI-1048974	410/1000 Why? CVSS 8.2	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	410/1000 Why? CVSS 8.2	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	410/1000 Why? CVSS 8.2	Proof of Concept
	Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062	410/1000 Why? CVSS 8.2	Proof of Concept
	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	410/1000 Why? CVSS 8.2	No Known Exploit
	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	410/1000 Why? CVSS 8.2	No Known Exploit
	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	410/1000 Why? CVSS 8.2	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	410/1000 Why? CVSS 8.2	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	410/1000 Why? CVSS 8.2	Proof of Concept
	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	410/1000 Why? CVSS 8.2	No Known Exploit
	Prototype Pollution SNYK-JS-NODEFORGE-598677	410/1000 Why? CVSS 8.2	Proof of Concept
	Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	410/1000 Why? CVSS 8.2	Proof of Concept
	Prototype Pollution SNYK-JS-AJV-584908	410/1000 Why? CVSS 8.2	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIHTML-1296849	410/1000 Why? CVSS 8.2	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	410/1000 Why? CVSS 8.2	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	410/1000 Why? CVSS 8.2	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	410/1000 Why? CVSS 8.2	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	410/1000 Why? CVSS 8.2	Proof of Concept
	Prototype Pollution SNYK-JS-ASYNC-2441827	410/1000 Why? CVSS 8.2	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	410/1000 Why? CVSS 8.2	No Known Exploit
	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	410/1000 Why? CVSS 8.2	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	410/1000 Why? CVSS 8.2	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	410/1000 Why? CVSS 8.2	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	410/1000 Why? CVSS 8.2	No Known Exploit
	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	410/1000 Why? CVSS 8.2	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	410/1000 Why? CVSS 8.2	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	410/1000 Why? CVSS 8.2	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	410/1000 Why? CVSS 8.2	Proof of Concept
	Denial of Service (DoS) SNYK-JS-HTTPPROXY-569139	410/1000 Why? CVSS 8.2	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	410/1000 Why? CVSS 8.2	No Known Exploit
	Prototype Pollution SNYK-JS-IMMER-1540542	410/1000 Why? CVSS 8.2	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1085627	410/1000 Why? CVSS 8.2	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1243891	410/1000 Why? CVSS 8.2	Proof of Concept
	Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088	410/1000 Why? CVSS 8.2	No Known Exploit
	Prototype Pollution SNYK-JS-JSON5-3182856	410/1000 Why? CVSS 8.2	Proof of Concept
	Prototype Pollution SNYK-JS-JSON5-3182856	410/1000 Why? CVSS 8.2	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	410/1000 Why? CVSS 8.2	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	410/1000 Why? CVSS 8.2	No Known Exploit
	Denial of Service (DoS) SNYK-JS-SOCKJS-575261	410/1000 Why? CVSS 8.2	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	410/1000 Why? CVSS 8.2	No Known Exploit
	Command Injection SNYK-JS-NODENOTIFIER-1035794	410/1000 Why? CVSS 8.2	No Known Exploit
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	410/1000 Why? CVSS 8.2	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	410/1000 Why? CVSS 8.2	No Known Exploit
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	410/1000 Why? CVSS 8.2	No Known Exploit
	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	410/1000 Why? CVSS 8.2	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-BROWSERIFYSIGN-6037026	410/1000 Why? CVSS 8.2	No Known Exploit
	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	410/1000 Why? CVSS 8.2	Proof of Concept
	Remote Memory Exposure SNYK-JS-DNSPACKET-1293563	410/1000 Why? CVSS 8.2	No Known Exploit
	Cryptographic Issues SNYK-JS-ELLIPTIC-571484	410/1000 Why? CVSS 8.2	Proof of Concept
	Prototype Pollution SNYK-JS-OBJECTPATH-1017036	410/1000 Why? CVSS 8.2	Proof of Concept
	Prototype Pollution SNYK-JS-OBJECTPATH-1585658	410/1000 Why? CVSS 8.2	No Known Exploit
	Prototype Poisoning SNYK-JS-QS-3153490	410/1000 Why? CVSS 8.2	Proof of Concept
	Prototype Poisoning SNYK-JS-QS-3153490	410/1000 Why? CVSS 8.2	Proof of Concept
	Prototype Pollution SNYK-JS-Y18N-1021887	410/1000 Why? CVSS 8.2	Proof of Concept
	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	410/1000 Why? CVSS 8.2	No Known Exploit
	Improper Input Validation SNYK-JS-URLPARSE-2407770	410/1000 Why? CVSS 8.2	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WEBSOCKETEXTENSIONS-570623	410/1000 Why? CVSS 8.2	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	410/1000 Why? CVSS 8.2	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	410/1000 Why? CVSS 8.2	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	410/1000 Why? CVSS 8.2	Proof of Concept
	Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	410/1000 Why? CVSS 8.2	No Known Exploit
	Information Exposure SNYK-JS-EVENTSOURCE-2823375	410/1000 Why? CVSS 8.2	Proof of Concept
	Open Redirect SNYK-JS-NODEFORGE-2330875	410/1000 Why? CVSS 8.2	Proof of Concept
	Prototype Pollution SNYK-JS-NODEFORGE-2331908	410/1000 Why? CVSS 8.2	No Known Exploit
	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	410/1000 Why? CVSS 8.2	No Known Exploit
	Denial of Service (DoS) SNYK-JS-NWSAPI-2841516	410/1000 Why? CVSS 8.2	No Known Exploit
	Prototype Pollution SNYK-JS-OBJECTPATH-1569453	410/1000 Why? CVSS 8.2	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	410/1000 Why? CVSS 8.2	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	410/1000 Why? CVSS 8.2	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	410/1000 Why? CVSS 8.2	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PROMPTS-1729737	410/1000 Why? CVSS 8.2	Proof of Concept
	Command Injection SNYK-JS-REACTDEVUTILS-1083268	410/1000 Why? CVSS 8.2	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	410/1000 Why? CVSS 8.2	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	410/1000 Why? CVSS 8.2	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	410/1000 Why? CVSS 8.2	Proof of Concept
	Prototype Pollution SNYK-JS-YARGSPARSER-560381	410/1000 Why? CVSS 8.2	Proof of Concept
	Improper Input Validation SNYK-JS-URLPARSE-1078283	410/1000 Why? CVSS 8.2	No Known Exploit
	Open Redirect SNYK-JS-URLPARSE-1533425	410/1000 Why? CVSS 8.2	Proof of Concept
	Access Restriction Bypass SNYK-JS-URLPARSE-2401205	410/1000 Why? CVSS 8.2	Proof of Concept
	Authorization Bypass SNYK-JS-URLPARSE-2407759	410/1000 Why? CVSS 8.2	Proof of Concept
	Authorization Bypass Through User-Controlled Key SNYK-JS-URLPARSE-2412697	410/1000 Why? CVSS 8.2	Proof of Concept
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	410/1000 Why? CVSS 8.2	Proof of Concept
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	410/1000 Why? CVSS 8.2	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: react-scripts

• 5.0.1 - 2022-04-12
  

  5.0.1 (2022-04-12)

  Create React App 5.0.1 is a maintenance release that improves compatibility with React 18. We've also updated our templates to use createRoot and relaxed our check for older versions of Create React App.

  Migrating from 5.0.0 to 5.0.1

  Inside any created project that has not been ejected, run:

  npm install --save --save-exact react-scripts@5.0.1
  

  or

  yarn add --exact react-scripts@5.0.1
  

  🐛 Bug Fix

  • react-scripts
    • #12245 fix: webpack noise printed only if error or warning (@ Andrew47)
  • create-react-app
    • #11915 Warn when not using the latest version of create-react-app but do not exit (@ iansu)
  • react-dev-utils
    • #11640 Ensure posix compliant joins for urls in middleware (@ psiservices-justin-sullard)

  💅 Enhancement

  • cra-template-typescript, cra-template, react-scripts
    • #12220 Update templates to use React 18 createRoot (@ kyletsang)
  • cra-template-typescript, cra-template
    • #12223 chore: upgrade rtl version to support react 18 (@ MatanBobi)
  • eslint-config-react-app
    • #11622 updated deprecated rules (@ wisammechano)

  📝 Documentation

  • #11594 Fix a typo in deployment.md (@ fishmandev)
  • #11805 docs: Changelog 5.0.0 (@ jafin)
  • #11757 prevent both npm and yarn commands from being copied (@ mubarakn)

  🏠 Internal

  • #11985 Ignore docs when publishing (@ iansu)

  Committers: 11

  • Andrew Burnie (@ Andrew47)
  • Clément Vannicatte (@ shortcuts)
  • Dmitriy Fishman (@ fishmandev)
  • Dmitry Vinnik (@ dmitryvinn)
  • Ian Sutherland (@ iansu)
  • Jason Finch (@ jafin)
  • Kyle Tsang (@ kyletsang)
  • Matan Borenkraout (@ MatanBobi)
  • Wisam Naji (@ wisammechano)
  • @ mubarakn
  • @ psiservices-justin-sullard
• 5.0.0 - 2021-12-14
  Read more
• 5.0.0-next.60 - 2021-12-14
• 5.0.0-next.58 - 2021-12-08
• 5.0.0-next.47 - 2021-10-04
• 5.0.0-next.37 - 2021-09-01
• 5.0.0-next.31 - 2021-08-04
• 4.0.3 - 2021-02-22
• 4.0.2 - 2021-02-03
• 4.0.1 - 2020-11-23
• 4.0.0 - 2020-10-23
• 4.0.0-next.117 - 2020-10-23
• 4.0.0-next.116 - 2020-10-23
• 4.0.0-next.98 - 2020-09-16
• 4.0.0-next.96 - 2020-09-16
• 4.0.0-next.77 - 2020-08-05
• 4.0.0-next.64 - 2020-07-30
• 3.4.4 - 2020-10-20
• 3.4.3 - 2020-08-12
• 3.4.2 - 2020-08-11
• 3.4.1 - 2020-03-21

from react-scripts GitHub release notes

Commit messages

Package name: react-scripts

• 19fa58d Publish
• 6fb4f97 Prepare 5.0.1 release
• 9802941 fix: webpack noise printed only if error or warning (#12245)
• 2eef1d0 Update templates to use React 18 `createRoot` (#12220)
• 213b6a2 chore: upgrade rtl version to support react 18 (#12223)
• 67b4868 docs: update Algolia credentials (#12151)
• efc3581 Update lockfile
• 52d6431 Warn when not using the latest version of create-react-app but do not exit (#11915)
• fd8c5f7 docs: add homepage banner in support of Ukraine (#12113)
• 428ddb6 Ignore docs when publishing (#11985)
• a422bf2 Ensure posix compliant joins for urls in middleware (#11640)
• 63ae6dd updated deprecated rules (#11622)
• 255822f Fix a typo in deployment.md (#11594)
• d73c2f2 docs: Changelog 5.0.0 (#11805)
• b2f9ee3 prevent both npm and yarn commands from being copied (#11757)
• 0c72a32 Add docusaurus to workspaces, update lockfile
• 9673858 Update CONTRIBUTING.md
• 221e511 Publish
• 6a3315b Update CONTRIBUTING.md
• 5614c87 Add support for Tailwind (#11717)
• 657739f chore(test): make all tests install with `npm ci` (#11723)
• 20edab4 fix(webpackDevServer): disable overlay for warnings (#11413)
• 69321b0 Remove cached lockfile (#11706)
• 3afbbc0 Update all dependencies (#11624)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs