[Snyk] Fix for 3 vulnerabilities

[twilio-product-security]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: flex-plugin-scripts

The new version differs by 250 commits.

• 9e37549 v4.0.0
• b4a1521 Merge pull request #321 from twilio/v4-beta
• a14ccbb Merge pull request #468 from twilio/changelog-update
• dcb3374 update changelog
• 1f76d46 update changelog
• f8e86dd update changelog
• 4e9208f Merge pull request #464 from twilio/prepare-for-ga
• 16e83fc remove pluginsApi file
• 2b8fd9f remove pluginsApi file
• 644e950 Update v4.md
• 7893742 rebase with v4-beta
• a1867ca Merge branch 'v4-beta' into prepare-for-ga
• 1e8c602 v4.9.1-beta.0
• 875908d Merge pull request #463 from twilio/check-for-update
• 29e7cbb fix tests
• 6f723a4 check for update
• a478138 v4.9.0-beta.0
• 0165c79 Merge pull request #462 from twilio/optimize-toolkit-2
• 0cbd1d1 isArchived should be from either plugin or version
• 8221e86 add more test
• b0e0ea2 more optimization
• ebb1465 Merge pull request #460 from twilio/package-bumps
• fef05f8 cleanup semver use
• fee3d58 bump packages and cleanup deps

See the full diff

Package name: react-scripts

The new version differs by 125 commits.

• ed95893 Publish
• 88ca4f6 Prepare 4.0.0 release
• d23d615 Update react dom in error overlay
• 95265c3 Update CHANGELOG
• 523b416 Add link to Open Collective (#9864)
• af616ab Update CHANGELOG
• 014ca01 Prepare 4.0.0 release
• 2b1161b Pass JSX runtime setting to Babel preset in Jest config (#9865)
• f2aef41 Prepare 4.0.0 alpha release
• 4bc639c Upgrade to React 17 (#9863)
• d61347d Use new JSX setting with TypeScript 4.1.0 (#9734)
• e63de79 New JSX Transform opt out (#9861)
• fe785b2 feat: Update all dependencies (#9857)
• 85ab02b feat: remove unused React imports (#9853)
• 329f392 feat: Update ESLint dependencies (#9856)
• 10fa972 feat(eslint-config-react-app): Add jest & testing-library rules (#8963)
• ed919b1 Make eslint-plugin-jest an optional peerDependency (#9670)
• 0a93e32 Fix refreshOverlayInterop module scope error (#9805)
• 7965594 Bump resolve-url-loader version (#9841)
• b1f8536 Add 3.4.4 to the changelog
• d07b7d0 Replace deprecated eslint-loader with eslint-webpack-plugin (#9751)
• 6f3e32e Upgrade Docusaurus to latest version (#9728)
• 1f2d387 fix: resolve new JSX runtime issues (#9788)
• 6a51dcd Add AVIF image support (#9611)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Server-side Request Forgery (SSRF)
🦉 Prototype Pollution