[Snyk] Security upgrade web-ext from 4.3.0 to 5.0.0

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

✨ Snyk has automatically assigned this pull request, set who gets assigned.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/react-devtools-extensions/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	524/1000 Why? Has a fix available, CVSS 6.2	Remote Code Execution (RCE) SNYK-JS-BUNYAN-573166	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: web-ext

The new version differs by 53 commits.

• cfc49ce chore: Bump package version for release 5.0.0
• 2e03e74 chore: Tweaks to better match Firefox behavior and small fixes for recent flow typecheck errors
• e666180 fix: web-ext should look for the extension id also in browser_specific_settings
• 7013b6d chore(deps): update dependency webpack to v4.44.0 (Variable for React.DOM in jsx compile result facebook/react#1975)
• 77bf276 fix(deps): update dependency watchpack to v1.7.4 (Button’s eat all mouse events. facebook/react#1973)
• a6eb2a9 chore(deps): update dependency flow-bin to v0.130.0 (Possible to use React without a container element? facebook/react#1970)
• 54224a9 fix(deps): update dependency parse-json to v5.0.1 (Provide a -q options to suppress unnecessary console output facebook/react#1971)
• a99313c fix: Lazily import git-rev-sync in non-production (Update ref-08-reconciliation.md facebook/react#1972)
• fc91c36 fix(deps): update dependency node-notifier to v7.0.2 (Don't add top-level events for uncontrolled inputs facebook/react#1968)
• 19c9eba fix(deps): update dependency addons-linter to v2.1.0 (Cannot prevent event bubbling from child to parent facebook/react#1967)
• 258674b chore: Renamed cli option to --adb-remove-old-artifacts and some minor tweaks to the related tests
• a5e335b fix: Cleanup old web-ext run artifacts dir when we are connecting to an android device
• 29798cb feat: Support custom profile-directory in Chrome extension runner
• 76e36d5 test: Set custom mocha timeout from MOCHA_TIMEOUT environment variable
• 39da52f fix(deps): update dependency open to v7.1.0 (Don't add top-level events for uncontrolled inputs facebook/react#1964)
• 0a59b5f chore(deps): update dependency eslint to v7.5.0 (Fixed an issue in the tutorial that was preventing the polling of comments.json facebook/react#1963)
• 733bb0c chore(deps): update babel monorepo to v7.10.5 (TransitionGroup doesn't call willEnter correctly when child callback is immediate  facebook/react#1959)
• e3f4d7f fix(deps): update dependency fx-runner to v1.0.13 (ReactTextComponent's string props clashes with cloneWithProps facebook/react#1962)
• 9c265a8 test: add smoke tests for importing as esm module and requiring as commonjs module
• fca039d fix: Add a nicer exported ESM wrapper and tweak the commonjs exported module
• 5badee6 chore(flow): Added flow suppress comments for expected flow typecheck errors in tests
• 1ee5d06 chore(flow): Fixed flow error in src/firefox/index.js due to type signatures mismatch
• 34f575c chore(flow): Update the old flowtype supress_comment to the new syntax
• 31435c3 chore(deps): update dependency flow-bin to v0.129.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

👩‍💻 Set who automatically gets assigned

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic