[Snyk] Fix for 2 vulnerabilities

[kopax]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
• package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	Yes	Proof of Concept
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: react-dev-utils

The new version differs by 250 commits.

• ed95893 Publish
• 88ca4f6 Prepare 4.0.0 release
• d23d615 Update react dom in error overlay
• 95265c3 Update CHANGELOG
• 523b416 Add link to Open Collective (#9864)
• af616ab Update CHANGELOG
• 014ca01 Prepare 4.0.0 release
• 2b1161b Pass JSX runtime setting to Babel preset in Jest config (#9865)
• f2aef41 Prepare 4.0.0 alpha release
• 4bc639c Upgrade to React 17 (#9863)
• d61347d Use new JSX setting with TypeScript 4.1.0 (#9734)
• e63de79 New JSX Transform opt out (#9861)
• fe785b2 feat: Update all dependencies (#9857)
• 85ab02b feat: remove unused React imports (#9853)
• 329f392 feat: Update ESLint dependencies (#9856)
• 10fa972 feat(eslint-config-react-app): Add jest & testing-library rules (#8963)
• ed919b1 Make eslint-plugin-jest an optional peerDependency (#9670)
• 0a93e32 Fix refreshOverlayInterop module scope error (#9805)
• 7965594 Bump resolve-url-loader version (#9841)
• b1f8536 Add 3.4.4 to the changelog
• d07b7d0 Replace deprecated eslint-loader with eslint-webpack-plugin (#9751)
• 6f3e32e Upgrade Docusaurus to latest version (#9728)
• 1f2d387 fix: resolve new JSX runtime issues (#9788)
• 6a51dcd Add AVIF image support (#9611)

See the full diff

Package name: webpack-dev-server

The new version differs by 250 commits.

• c9271b9 chore(release): 4.0.0
• 18bf369 test: fix stability (#3676)
• cdcabb2 fix: respect protocol from browser for manual setup (#3675)
• 1768d6b fix: initial reloading for lazy compilation (#3662)
• 4f5bab1 docs: improve examples (#3672)
• f2d87fb fix: improve https CLI output (#3673)
• 0277c5e chore: remove redundant console statements (#3671)
• 16fcdbc docs: add `ipc` example (#3667)
• 8915fb8 test: add e2e tests for built in routes (#3669)
• 4d1cbe1 docs: ask `version` information in issue template (#3668)
• b6c1881 chore(deps-dev): bump core-js from 3.16.1 to 3.16.2 (#3666)
• ffa8cc5 chore(deps-dev): bump supertest from 6.1.5 to 6.1.6 (#3665)
• f1fdaa7 chore(release): 4.0.0-rc.1
• c4678bc fix: legacy API (#3660)
• d8bdd03 test: fix stability (#3661)
• 22b1414 refactor: remove `killable` (#3657)
• 75bafbf test: add e2e tests for module federation (#3658)
• 493ccbd chore(deps): update `ws` (#3652)
• ae8c523 test: add e2e test for universal compiler (#3656)
• f94b84f chore(deps): update (#3655)
• 1923132 test: fix cli
• 2adfd01 test: fix todo (#3653)
• 6e2cbde fix: proxy logging and allow to pass options without the `target` option (#3651)
• c9ccc96 fix: respect infastructureLogging.level for client.logging (#3613)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Note: This is a default PR template raised by Snyk. Find out more about how you can customise Snyk PRs in our documentation.

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Uncontrolled resource consumption