[Snyk] Security upgrade react-scripts from 3.3.0 to 5.0.0

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • lib/cli/test/fixtures/update_package_organisations/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	372/1000 Why? Proof of Concept exploit, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	Yes	Proof of Concept
	265/1000 Why? CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-CSSWHAT-1298035	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	459/1000 Why? Proof of Concept exploit, Recently disclosed, CVSS 5.6	Prototype Pollution SNYK-JS-IMMER-1540542	Yes	Proof of Concept
	/1000 Why?	Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088	Yes	No Known Exploit
	/1000 Why?	Open Redirect SNYK-JS-NODEFORGE-2330875	Yes	Proof of Concept
	/1000 Why?	Prototype Pollution SNYK-JS-NODEFORGE-2331908	Yes	No Known Exploit
	/1000 Why?	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	Yes	No Known Exploit
	/1000 Why?	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	Yes	No Known Exploit
	/1000 Why?	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	Yes	No Known Exploit
	446/1000 Why? Recently disclosed, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	Yes	No Known Exploit
	/1000 Why?	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: react-scripts

The new version differs by 250 commits.

• 221e511 Publish
• 6a3315b Update CONTRIBUTING.md
• 5614c87 Add support for Tailwind (Misc cleanup storybookjs/storybook#11717)
• 657739f chore(test): make all tests install with `npm ci` (It's not possible to export decorator that contains React or HTML tags Storybook 6.0 storybookjs/storybook#11723)
• 20edab4 fix(webpackDevServer): disable overlay for warnings (Issue with deepEqual in SourceContainer  storybookjs/storybook#11413)
• 69321b0 Remove cached lockfile (Option to change the language attribute storybookjs/storybook#11706)
• 3afbbc0 Update all dependencies (Core: Optimize storiesHash by removing unused parameters storybookjs/storybook#11624)
• f5467d5 feat(eslint-config-react-app): support ESLint 8.x (ability to set default addon tab per stories module storybookjs/storybook#11375)
• e8319da [WIP] Fix integration test teardown / cleanup and missing yarn installation (ActionBar not clickable in the Actions addon storybookjs/storybook#11686)
• c7627ce Update webpack and dev server (Core: Log message length on channel message storybookjs/storybook#11646)
• f85b064 The default port used by `serve` has changed (Addon-controls: Fix undefined args handling storybookjs/storybook#11619)
• 544befe Update package.json (Generating source maps slow the build significantly, should they be opt-in? storybookjs/storybook#11597)
• 9d0369b Fix ESLint Babel preset resolution (Remove all ts-ignore in vue, tighten typings storybookjs/storybook#11547)
• d7b23c8 test(create-react-app): assert for exit code (Update @storybook/preact to support Preact 10 storybookjs/storybook#10973)
• 1465357 Prepare 5.0.0 alpha release
• 3880ba6 Remove dependency pinning (Toolbars: Should show name if no icon is configured storybookjs/storybook#11474)
• 8b9fbee Update CODEOWNERS
• cacf590 Bump template dependency version (Addon-docs: Fix subcomponents display logic storybookjs/storybook#11415)
• 5cedfe4 Bump browserslist from 4.14.2 to 4.16.5 (CSF: Deprecate duplicate titles rather than forbid them storybookjs/storybook#11476)
• 50ea5ad allow CORS on webpack-dev-server (Warning: Failed prop type: Invalid prop knob.value of type number supplied to RadiosType, expected string. storybookjs/storybook#11325)
• 63bba07 Upgrade jest and related packages from 26.6.0 to 27.1.0 (docs not processing jsdocs in non-SFC component storybookjs/storybook#11338)
• 960b21e Bump immer from 8.0.4 to 9.0.6 (Add/composition auto disable storybookjs/storybook#11364)
• 134cd3c Resolve dependency issues in v5 alpha (Composition: Allow refs versions in config storybookjs/storybook#11294)
• b45ae3c Update CONTRIBUTING.md

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Open Redirect
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn

[stale]

Hi everyone! Seems like there hasn't been much going on in this issue lately. If there are still questions, comments, or bugs, please feel free to continue the discussion. Unfortunately, we don't have time to get to every issue. We are always open to contributions so please send us a pull request if you would like to help. Inactive issues will be closed after 30 days. Thanks!

[stale]

Hey there, it's me again! I am going close this issue to help our maintainers focus on the current development roadmap instead. If the issue mentioned is still a concern, please open a new ticket and mention this old one. Cheers and thanks for using Storybook!