Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade react-scripts from 3.0.0 to 3.4.4 #35

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

snyk-bot
Copy link

Snyk has created this PR to upgrade react-scripts from 3.0.0 to 3.4.4.

merge advice
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 16 versions ahead of your current version.
  • The recommended version was released a year ago, on 2020-10-20.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Prototype Pollution
SNYK-JS-Y18N-1021887
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-WEBSOCKETEXTENSIONS-570623
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-TMPL-1583443
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Arbitrary File Write
SNYK-JS-TAR-1579155
472/1000
Why? Proof of Concept exploit, CVSS 7.3
No Known Exploit
Arbitrary File Write
SNYK-JS-TAR-1579152
472/1000
Why? Proof of Concept exploit, CVSS 7.3
No Known Exploit
Arbitrary File Write
SNYK-JS-TAR-1579147
472/1000
Why? Proof of Concept exploit, CVSS 7.3
No Known Exploit
Arbitrary File Overwrite
SNYK-JS-TAR-1536531
472/1000
Why? Proof of Concept exploit, CVSS 7.3
No Known Exploit
Arbitrary File Overwrite
SNYK-JS-TAR-1536528
472/1000
Why? Proof of Concept exploit, CVSS 7.3
No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-SSRI-1246392
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Prototype Pollution
SNYK-JS-SETVALUE-450213
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Prototype Pollution
SNYK-JS-SETVALUE-1540541
472/1000
Why? Proof of Concept exploit, CVSS 7.3
No Known Exploit
Prototype Pollution
SNYK-JS-SETVALUE-450213
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Prototype Pollution
SNYK-JS-SETVALUE-1540541
472/1000
Why? Proof of Concept exploit, CVSS 7.3
No Known Exploit
Arbitrary Code Injection
SNYK-JS-SERIALIZEJAVASCRIPT-570062
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Cross-site Scripting (XSS)
SNYK-JS-SERIALIZEJAVASCRIPT-536840
472/1000
Why? Proof of Concept exploit, CVSS 7.3
No Known Exploit
Prototype Pollution
SNYK-JS-NODEFORGE-598677
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Prototype Pollution
SNYK-JS-MIXINDEEP-450212
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Prototype Pollution
SNYK-JS-MERGEDEEP-1070277
472/1000
Why? Proof of Concept exploit, CVSS 7.3
No Known Exploit
Prototype Pollution
SNYK-JS-LODASH-608086
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Prototype Pollution
SNYK-JS-LODASH-450202
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Command Injection
SNYK-JS-LODASH-1040724
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Prototype Pollution
SNYK-JS-INI-1048974
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Arbitrary Code Execution
SNYK-JS-HANDLEBARS-534478
472/1000
Why? Proof of Concept exploit, CVSS 7.3
No Known Exploit
Denial of Service (DoS)
SNYK-JS-HANDLEBARS-480388
472/1000
Why? Proof of Concept exploit, CVSS 7.3
No Known Exploit
Prototype Pollution
SNYK-JS-HANDLEBARS-469063
472/1000
Why? Proof of Concept exploit, CVSS 7.3
No Known Exploit
Arbitrary Code Execution
SNYK-JS-ESLINTUTILS-460220
472/1000
Why? Proof of Concept exploit, CVSS 7.3
No Known Exploit
Cryptographic Issues
SNYK-JS-ELLIPTIC-571484
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Remote Memory Exposure
SNYK-JS-DNSPACKET-1293563
472/1000
Why? Proof of Concept exploit, CVSS 7.3
No Known Exploit
Prototype Pollution
SNYK-JS-AJV-584908
472/1000
Why? Proof of Concept exploit, CVSS 7.3
No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ACORN-559469
472/1000
Why? Proof of Concept exploit, CVSS 7.3
No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ACORN-559469
472/1000
Why? Proof of Concept exploit, CVSS 7.3
No Known Exploit
Prototype Pollution
SNYK-JS-YARGSPARSER-560381
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Prototype Pollution
SNYK-JS-YARGSPARSER-560381
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-WS-1296835
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-WS-1296835
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Open Redirect
SNYK-JS-URLPARSE-1533425
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Improper Input Validation
SNYK-JS-URLPARSE-1078283
472/1000
Why? Proof of Concept exploit, CVSS 7.3
No Known Exploit
Denial of Service (DoS)
SNYK-JS-SOCKJS-575261
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-PROMPTS-1729737
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHPARSE-1077067
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Command Injection
SNYK-JS-NODENOTIFIER-1035794
472/1000
Why? Proof of Concept exploit, CVSS 7.3
No Known Exploit
Prototype Pollution
SNYK-JS-MINIMIST-559764
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Prototype Pollution
SNYK-JS-MINIMIST-559764
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Prototype Pollution
SNYK-JS-MINIMIST-559764
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Prototype Pollution
SNYK-JS-LODASH-567746
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Denial of Service (DoS)
SNYK-JS-HTTPPROXY-569139
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-HOSTEDGITINFO-1088355
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Prototype Pollution
SNYK-JS-HANDLEBARS-567742
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Prototype Pollution
SNYK-JS-HANDLEBARS-1279029
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Remote Code Execution (RCE)
SNYK-JS-HANDLEBARS-1056767
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Timing Attack
SNYK-JS-ELLIPTIC-511941
472/1000
Why? Proof of Concept exploit, CVSS 7.3
No Known Exploit
Cryptographic Issues
SNYK-JS-ELLIPTIC-1064899
472/1000
Why? Proof of Concept exploit, CVSS 7.3
No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-COLORSTRING-1082939
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-TAR-1536758
472/1000
Why? Proof of Concept exploit, CVSS 7.3
No Known Exploit
Prototype Pollution
SNYK-JS-LODASH-590103
472/1000
Why? Proof of Concept exploit, CVSS 7.3
No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ISSVG-1243891
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ISSVG-1085627
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Validation Bypass
SNYK-JS-KINDOF-537849
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Prototype Pollution
SNYK-JS-HANDLEBARS-534988
472/1000
Why? Proof of Concept exploit, CVSS 7.3
No Known Exploit
Prototype Pollution
SNYK-JS-DOTPROP-543489
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: react-scripts
  • 3.4.4 - 2020-10-20

    3.4.4 (2020-10-20)

    v3.4.4 release bumps resolve-url-loader to a version for which npm audit does not report a vulnerability. Note that this vulnerability did not affect Create React App projects, so this change is only necessary to satisfy auditing tools.

    Migrating from 3.4.3 to 3.4.4

    Inside any created project that has not been ejected, run:

    npm install --save --save-exact react-scripts@3.4.4

    or

    yarn add --exact react-scripts@3.4.4
  • 3.4.3 - 2020-08-12

    3.4.3 (2020-08-12)

    v3.4.3 release bumps terser-webpack-plugin to a version for which npm audit does not report a vulnerability. Note that this vulnerability did not affect Create React App projects, so this change is only necessary to satisfy auditing tools.

    Migrating from 3.4.2 to 3.4.3

    Inside any created project that has not been ejected, run:

    npm install --save --save-exact react-scripts@3.4.3

    or

    yarn add --exact react-scripts@3.4.3
  • 3.4.2 - 2020-08-11

    3.4.2 (2020-08-11)

    v3.4.2 release bumps webpack-dev-server to a version for which npm audit does not report a vulnerability. Note that this vulnerability did not affect Create React App projects, so this change is only necessary to satisfy auditing tools.

    Migrating from 3.4.1 to 3.4.2

    Inside any created project that has not been ejected, run:

    npm install --save --save-exact react-scripts@3.4.2

    or

    yarn add --exact react-scripts@3.4.2
  • 3.4.1 - 2020-03-21

    3.4.1 (2020-03-20)

    v3.4.1 is a maintenance release that includes minor bug fixes and documentation updates including upgrading Babel to fix a bug in the 7.8 release line. This release also brings support for TypeScript 3.8.

    🐛 Bug Fix

    • react-scripts
    • babel-preset-react-app
    • cra-template, eslint-config-react-app, react-scripts
      • #7790 Widen eslint-config-react-app peer dependency versions (@ lukyth)

    💅 Enhancement

    • cra-template-typescript, cra-template
    • react-scripts

    📝 Documentation

    • Other
    • react-scripts

    🔨 Underlying Tools

    Committers: 9

    Migrating from 3.4.0 to 3.4.1

    Inside any created project that has not been ejected, run:

    npm install --save --save-exact react-scripts@3.4.1

    or

    yarn add --exact react-scripts@3.4.1
  • 3.4.0 - 2020-02-14

    3.4.0 (2020-02-14)

    v3.4.0 is a minor release that adds new features, including support for SSL and setting PUBLIC_URL in development. It also includes a fix for Hot Module Reloading with CSS Modules as well as other bug fixes.

    🐛 Bug Fix

    • react-scripts
      • #8378 Downgrade style-loader to v0.23.1 due to CSS modules hot reload not working with v1.0.0 and above (@ chybisov)
    • create-react-app, react-dev-utils, react-error-overlay
    • react-dev-utils
    • cra-template-typescript, cra-template
    • cra-template-typescript

    💅 Enhancement

    • react-dev-utils, react-scripts
    • cra-template-typescript
    • cra-template-typescript, cra-template
    • react-scripts

    📝 Documentation

    • cra-template-typescript, cra-template, react-dev-utils, react-error-overlay, react-scripts
    • Other

    🔨 Underlying Tools

    Committers: 18

    Migrating from 3.3.1 to 3.4.0

    Inside any created project that has not been ejected, run:

    npm install --save --save-exact react-scripts@3.4.0

    or

    yarn add --exact react-scripts@3.4.0
  • 3.3.1 - 2020-01-31
    Read more
  • 3.3.0 - 2019-12-05
  • 3.3.0-next.80 - 2019-12-04
  • 3.3.0-next.62 - 2019-11-14
  • 3.3.0-next.39 - 2019-10-24
  • 3.3.0-next.38 - 2019-10-24
  • 3.2.0 - 2019-10-03
  • 3.1.2 - 2019-09-19
  • 3.1.1 - 2019-08-13
  • 3.1.0 - 2019-08-09
  • 3.0.1 - 2019-05-08
  • 3.0.0 - 2019-04-22
from react-scripts GitHub release notes
Commit messages
Package name: react-scripts
  • d2f813f Publish
  • 7641a3c Prepare 3.4.1 release
  • d5b527f Update to Babel 7.9 (#8681)
  • 6adb82a Add React.StrictMode to default templates (#8558)
  • a452ddc Bump dependencies (#8620)
  • 3f699fd Fix proxying API request docs (#8515)
  • 4d26208 Use native ESLint behaviour when extending (#8276)
  • 8ba0ccb Whitelist main in template.json (#8539)
  • 7d3b72c Update template example in docs (#8561)
  • 2030ee1 Fix optional chaining and nullish coalescing support (#8526)
  • 038e6fa Widen eslint-config-react-app peer dependency versions (#7790)
  • 7e6d6cd Closes webpack dev server and exits process on "end" stdin (#7203)
  • af926d5 Bump pnp-webpack-plugin (#8509)
  • 8b0dd54 Publish
  • 5ccee88 Prepare 3.4.0 release
  • e579de1 Downgrade style-loader to v0.23.1 due to CSS modules hot reload… (#8378)
  • 4784997 Correct webpack name casing (#8475)
  • 589b41a update open to v7.0.2 (#8459)
  • 865ea05 fix(typescriptFormatter): use chalk@2 constructor (#8450)
  • d45823c fix(react-scripts): do not redirect served path if request may proxy (#8442)
  • eb8e7be Downgrade chalk for ie 11 support (#8439)
  • 767aa18 Fixes unchecked access to 'deploy' script on build (#8292)
  • cd2469e Fix navbar line break in header (#8437)
  • 687c4eb Change arrow functions to function declarations (#8412)

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant