[Snyk] Security upgrade react-scripts from 3.4.3 to 4.0.0

[NOUIY]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: react-scripts

The new version differs by 125 commits.

• ed95893 Publish
• 88ca4f6 Prepare 4.0.0 release
• d23d615 Update react dom in error overlay
• 95265c3 Update CHANGELOG
• 523b416 Add link to Open Collective (#9864)
• af616ab Update CHANGELOG
• 014ca01 Prepare 4.0.0 release
• 2b1161b Pass JSX runtime setting to Babel preset in Jest config (#9865)
• f2aef41 Prepare 4.0.0 alpha release
• 4bc639c Upgrade to React 17 (#9863)
• d61347d Use new JSX setting with TypeScript 4.1.0 (#9734)
• e63de79 New JSX Transform opt out (#9861)
• fe785b2 feat: Update all dependencies (#9857)
• 85ab02b feat: remove unused React imports (#9853)
• 329f392 feat: Update ESLint dependencies (#9856)
• 10fa972 feat(eslint-config-react-app): Add jest & testing-library rules (#8963)
• ed919b1 Make eslint-plugin-jest an optional peerDependency (#9670)
• 0a93e32 Fix refreshOverlayInterop module scope error (#9805)
• 7965594 Bump resolve-url-loader version (#9841)
• b1f8536 Add 3.4.4 to the changelog
• d07b7d0 Replace deprecated eslint-loader with eslint-webpack-plugin (#9751)
• 6f3e32e Upgrade Docusaurus to latest version (#9728)
• 1f2d387 fix: resolve new JSX runtime issues (#9788)
• 6a51dcd Add AVIF image support (#9611)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

[guardrails]

⚠️ We detected 17 security issues in this pull request:

Vulnerable Libraries (17)

Severity	Details
N/A	pkg:npm/ansi-html@0.0.7@0.0.7 (t) - no patch available
Critical	pkg:npm/execa@1.0.0@1.0.0 (t) - no patch available
Medium	pkg:npm/express@4.17.1@4.17.1 (t) - no patch available
Medium	pkg:npm/ejs@2.7.4@2.7.4 (t) - no patch available
High	pkg:npm/hosted-git-info@2.8.8@2.8.8 (t) - no patch available
Medium	pkg:npm/es5-ext@0.10.62@0.10.62 (t) - no patch available
High	pkg:npm/follow-redirects@1.14.5@1.14.5 (t) upgrade to: 1.14.7
High	pkg:npm/async@2.6.3@2.6.3 (t) upgrade to: 3.2.2,2.6.4
Critical	pkg:npm/eventsource@1.1.0@1.1.0 (t) upgrade to: 1.1.1,2.0.2
High	pkg:npm/clean-css@4.2.4@4.2.4 (t) - no patch available
Medium	pkg:npm/postcss@7.0.36@7.0.36 (t) - no patch available
High	ansi-regex@4.1.0 (t) upgrade to: >4.1.0
High	async@2.6.3 (t) upgrade to: >2.6.3
Critical	eventsource@1.1.0 (t) upgrade to: >=1.1.1
High	follow-redirects@1.14.5 (t) upgrade to: >1.14.7
Medium	hosted-git-info@2.8.8 (t) upgrade to: >=2.8.9
Critical	react-scripts@4.0.0 upgrade to: >=5.0.1

More info on how to fix Vulnerable Libraries in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.