Need a v4 of react-scripts with 4.47.0 <= webpack < 5

[steinybot]

Describe the bug

There is no way to use react-scripts with webpack 4 and Node LTS 20.11.0.

Webpack < 4.47.0 uses an insecure hash which is not supported in Node LTS 20.11.0. The fix was backported to webpack 4.47.0 in webpack/webpack#17628.

The latest version ^4 of react-scripts uses webpack 4.44.2. Version ^5 uses webpack 5 which is a breaking change.

I am trying to fix relayjs/relay-examples#322 without having to upgrade webpack which ought to be out of scope. I am able to do this for the todo example which does not use react-scripts but not for the issue-tracker example which does.

There should be a version of react-scripts ^4 which uses webpack 4.47.0.

Did you try recovering your dependencies?

No. Not relevant.

Which terms did you search for in User Guide?

None. I know what the issue is.

Environment

The relay-examples are using react-scripts not create-react-app.

Steps to reproduce

1. git clone git@github.com:relayjs/relay-examples.git
2. cd relay-examples/issue-tracker
3. yarn
4. yarn upgrade react-scripts@^4
5. yarn start

Expected behavior

It should have installed a version of react-scripts ^4 that depends on webpack 4.47.0 to include this security fix webpack/webpack#17628.

Actual behavior

It only depends on webpack 4.44.2.

Reproducible demo

See above.