[Snyk] Upgrade react-scripts from 3.4.1 to 5.0.1

[GregBrimble]

Snyk has created this PR to upgrade react-scripts from 3.4.1 to 5.0.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 20 versions ahead of your current version.

• The recommended version was released 4 years ago.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WEBSOCKETEXTENSIONS-570623	105	Proof of Concept
	Denial of Service (DoS) SNYK-JS-WS-7266574	105	Proof of Concept
	Denial of Service (DoS) SNYK-JS-WS-7266574	105	Proof of Concept
	Prototype Pollution SNYK-JS-Y18N-1021887	105	Proof of Concept
	Asymmetric Resource Consumption (Amplification) SNYK-JS-BODYPARSER-7926860	105	No Known Exploit
	Excessive Platform Resource Consumption within a Loop SNYK-JS-BRACES-6838727	105	Proof of Concept
	Excessive Platform Resource Consumption within a Loop SNYK-JS-BRACES-6838727	105	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-BROWSERIFYSIGN-6037026	105	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CROSSSPAWN-8303230	105	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CROSSSPAWN-8303230	105	Proof of Concept
	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	105	Proof of Concept
	Remote Memory Exposure SNYK-JS-DNSPACKET-1293563	105	No Known Exploit
	Cryptographic Issues SNYK-JS-ELLIPTIC-571484	105	Proof of Concept
	Improper Handling of Unexpected Data Type SNYK-JS-ONHEADERS-10773729	105	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	105	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHTOREGEXP-8482416	105	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	105	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	105	Proof of Concept
	Prototype Pollution SNYK-JS-YARGSPARSER-560381	105	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BABELRUNTIMECOREJS3-9397696	105	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	105	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	105	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	105	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-COOKIE-8163060	105	No Known Exploit
	Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	105	No Known Exploit
	Cross-site Scripting SNYK-JS-SERVESTATIC-7926865	105	No Known Exploit
	Function Call With Incorrect Argument Type SNYK-JS-SHAJS-12089400	105	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577916	105	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577917	105	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577918	105	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-8172694	105	No Known Exploit
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-8187303	105	Proof of Concept
	Information Exposure SNYK-JS-ELLIPTIC-8720086	105	Proof of Concept
	Improper Handling of Extra Parameters SNYK-JS-FOLLOWREDIRECTS-6141137	105	Proof of Concept
	Prototype Pollution SNYK-JS-AJV-584908	105	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIHTML-1296849	105	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	105	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	105	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	105	Proof of Concept
	Prototype Pollution SNYK-JS-ASYNC-2441827	105	Proof of Concept
	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	105	No Known Exploit
	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	105	No Known Exploit
	Prototype Pollution SNYK-JS-OBJECTPATH-1017036	105	Proof of Concept
	Prototype Pollution SNYK-JS-OBJECTPATH-1585658	105	No Known Exploit
	Information Exposure SNYK-JS-EVENTSOURCE-2823375	105	Proof of Concept
	Open Redirect SNYK-JS-EXPRESS-6474509	105	No Known Exploit
	Cross-site Scripting SNYK-JS-EXPRESS-7926867	105	No Known Exploit
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	105	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	105	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BABELHELPERS-9397697	105	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BABELRUNTIME-10044504	105	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BABELRUNTIME-10044504	105	Proof of Concept
	Prototype Pollution SNYK-JS-JSON5-3182856	105	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	105	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	105	No Known Exploit
	Denial of Service (DoS) SNYK-JS-NWSAPI-2841516	105	No Known Exploit
	Prototype Pollution SNYK-JS-OBJECTPATH-1569453	105	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	105	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WORDWRAP-3149973	105	Proof of Concept
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	105	Proof of Concept
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	105	Proof of Concept
	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	105	Proof of Concept
	Function Call With Incorrect Argument Type SNYK-JS-CIPHERBASE-12084814	105	Proof of Concept
	Generation of Predictable Numbers or Identifiers SNYK-JS-PBKDF2-10495496	105	Proof of Concept
	Generation of Predictable Numbers or Identifiers SNYK-JS-PBKDF2-10495498	105	No Known Exploit
	Prototype Poisoning SNYK-JS-QS-3153490	105	Proof of Concept
	Prototype Poisoning SNYK-JS-QS-3153490	105	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	105	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	105	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	105	Proof of Concept
	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	105	No Known Exploit
	Code Injection SNYK-JS-LODASHTEMPLATE-1088054	105	Proof of Concept
	Prototype Pollution SNYK-JS-MERGEDEEP-1070277	105	No Known Exploit
	Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062	105	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	105	No Known Exploit
	Prototype Pollution SNYK-JS-NODEFORGE-598677	105	Proof of Concept
	Denial of Service (DoS) SNYK-JS-HTTPPROXYMIDDLEWARE-8229906	105	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	105	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	105	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	105	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PROMPTS-1729737	105	Proof of Concept
	Command Injection SNYK-JS-REACTDEVUTILS-1083268	105	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	105	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	105	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	105	No Known Exploit
	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	105	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	105	No Known Exploit
	Open Redirect SNYK-JS-NODEFORGE-2330875	105	Proof of Concept
	Prototype Pollution SNYK-JS-NODEFORGE-2331908	105	No Known Exploit
	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	105	No Known Exploit
	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	105	No Known Exploit
	Command Injection SNYK-JS-NODENOTIFIER-1035794	105	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	105	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	105	Proof of Concept
	Cross-site Scripting SNYK-JS-SEND-7926862	105	No Known Exploit
	Predictable Value Range from Previous Values SNYK-JS-FORMDATA-10841150	105	Proof of Concept
	Prototype Pollution SNYK-JS-INI-1048974	105	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-IP-12704893	105	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-IP-12761655	105	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	105	Proof of Concept
	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	105	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	105	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	105	Proof of Concept
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	105	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	105	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579147	105	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579152	105	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579155	105	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TMPL-1583443	105	Proof of Concept
	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	105	No Known Exploit
	Improper Input Validation SNYK-JS-URLPARSE-2407770	105	Proof of Concept
	Path Traversal SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555	105	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	105	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	105	Proof of Concept
	Denial of Service (DoS) SNYK-JS-HTTPPROXY-569139	105	Proof of Concept
	Server-Side Request Forgery (SSRF) SNYK-JS-IP-7148531	105	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1085627	105	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1243891	105	Proof of Concept
	Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088	105	No Known Exploit
	Prototype Pollution SNYK-JS-JSON5-3182856	105	Proof of Concept
	Denial of Service (DoS) SNYK-JS-SOCKJS-575261	105	Proof of Concept
	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	105	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	105	No Known Exploit
	Symlink Attack SNYK-JS-TMP-11501554	105	Proof of Concept
	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	105	Proof of Concept
	Improper Input Validation SNYK-JS-URLPARSE-1078283	105	No Known Exploit
	Open Redirect SNYK-JS-URLPARSE-1533425	105	Proof of Concept
	Access Restriction Bypass SNYK-JS-URLPARSE-2401205	105	Proof of Concept
	Authorization Bypass SNYK-JS-URLPARSE-2407759	105	Proof of Concept
	Authorization Bypass Through User-Controlled Key SNYK-JS-URLPARSE-2412697	105	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-WEBPACK-7840298	105	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	105	No Known Exploit

Release notes

Package name: react-scripts

• 5.0.1 - 2022-04-12
  

  5.0.1 (2022-04-12)

  Create React App 5.0.1 is a maintenance release that improves compatibility with React 18. We've also updated our templates to use createRoot and relaxed our check for older versions of Create React App.

  Migrating from 5.0.0 to 5.0.1

  Inside any created project that has not been ejected, run:

  npm install --save --save-exact [email protected]
  

  or

  yarn add --exact [email protected]
  

  🐛 Bug Fix

  • react-scripts
    • #12245 fix: webpack noise printed only if error or warning (@ Andrew47)
  • create-react-app
    • #11915 Warn when not using the latest version of create-react-app but do not exit (@ iansu)
  • react-dev-utils
    • #11640 Ensure posix compliant joins for urls in middleware (@ psiservices-justin-sullard)

  💅 Enhancement

  • cra-template-typescript, cra-template, react-scripts
    • #12220 Update templates to use React 18 createRoot (@ kyletsang)
  • cra-template-typescript, cra-template
    • #12223 chore: upgrade rtl version to support react 18 (@ MatanBobi)
  • eslint-config-react-app
    • #11622 updated deprecated rules (@ wisammechano)

  📝 Documentation

  • #11594 Fix a typo in deployment.md (@ fishmandev)
  • #11805 docs: Changelog 5.0.0 (@ jafin)
  • #11757 prevent both npm and yarn commands from being copied (@ mubarakn)

  🏠 Internal

  • #11985 Ignore docs when publishing (@ iansu)

  Committers: 11

  • Andrew Burnie (@ Andrew47)
  • Clément Vannicatte (@ shortcuts)
  • Dmitriy Fishman (@ fishmandev)
  • Dmitry Vinnik (@ dmitryvinn)
  • Ian Sutherland (@ iansu)
  • Jason Finch (@ jafin)
  • Kyle Tsang (@ kyletsang)
  • Matan Borenkraout (@ MatanBobi)
  • Wisam Naji (@ wisammechano)
  • @ mubarakn
  • @ psiservices-justin-sullard
• 5.0.0 - 2021-12-14
• 5.0.0-next.60 - 2021-12-14
• 5.0.0-next.58 - 2021-12-08
• 5.0.0-next.47 - 2021-10-04
• 5.0.0-next.37 - 2021-09-01
• 5.0.0-next.31 - 2021-08-04
• 4.0.3 - 2021-02-22
• 4.0.2 - 2021-02-03
• 4.0.1 - 2020-11-23
• 4.0.0 - 2020-10-23
• 4.0.0-next.117 - 2020-10-23
• 4.0.0-next.116 - 2020-10-23
• 4.0.0-next.98 - 2020-09-16
• 4.0.0-next.96 - 2020-09-16
• 4.0.0-next.77 - 2020-08-05
• 4.0.0-next.64 - 2020-07-30
• 3.4.4 - 2020-10-20
• 3.4.3 - 2020-08-12
• 3.4.2 - 2020-08-11
• 3.4.1 - 2020-03-21

from react-scripts GitHub release notes

---

Important

• Warning: This PR contains a major version upgrade, and may be a breaking change.
• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs