[Snyk] Upgrade react-scripts from 4.0.0 to 4.0.3#168
Open
Conversation
Snyk has created this PR to upgrade react-scripts from 4.0.0 to 4.0.3. See this package in npm: https://www.npmjs.com/package/react-scripts See this project in Snyk: https://app.snyk.io/org/wambugucoder/project/4ad982c5-88ce-4f1c-98fc-b63137218714?utm_source=github&utm_medium=upgrade-pr
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade react-scripts from 4.0.0 to 4.0.3.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version fixes:
SNYK-JS-SSRI-1246392
Why? Proof of Concept exploit, Recently disclosed, CVSS 7.5
SNYK-JS-SSRI-1085630
Why? Proof of Concept exploit, Recently disclosed, CVSS 7.5
SNYK-JS-REACTDEVUTILS-1083268
Why? Proof of Concept exploit, Recently disclosed, CVSS 7.5
SNYK-JS-NODENOTIFIER-1035794
Why? Proof of Concept exploit, Recently disclosed, CVSS 7.5
SNYK-JS-ISSVG-1085627
Why? Proof of Concept exploit, Recently disclosed, CVSS 7.5
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: react-scripts
-
4.0.3 - 2021-02-22
- #10590 Upgrade eslint-webpack-plugin to fix opt-out flag (@ mrmckeb)
- #10412 update immer to 8.0.1 to address vulnerability (@ wclem4)
- #10384 tests: update test case to match the description (@ jamesgeorge007)
- Brody McKee (@ mrmckeb)
- Dion Woolley (@ Awarua-)
- James George (@ jamesgeorge007)
- Walker Clem (@ wclem4)
-
4.0.2 - 2021-02-03
- #8986 Add support for new BUILD_PATH advanced configuration variable (@ ajhyndman)
- #10170 Add opt-out for eslint-webpack-plugin (@ mrmckeb)
- #9872 fix(react-scripts): add missing peer dependency react and update react-refresh-webpack-plugin (@ merceyz)
- #9964 Add TypeScript 4.x as peerDependency to react-scripts (@ sheepsteak)
- #9977 Move ESLint cache file into node_modules (@ ehsankhfr)
- #9569 Improve vendor chunk names in development (@ jrr)
- #9473 docs: add missing override options for Jest config (@ tobiasbueschel)
- #10314 Update using-the-public-folder.md (@ Avivhdr)
- #10214 Remove references to Node 8 (@ ianschmitz)
- #10027 appTsConfig immutability handling by immer (@ josezone)
- #10217 Fix CI tests (@ ianschmitz)
- #10091 Recovered some integration tests (@ maxsbelt)
- #10216 Revert "Update postcss packages" (@ ianschmitz)
- #9988 Upgrade sass-loader (@ ehsankhfr)
- #10003 Update postcss packages (@ raix)
- #10213 Upgrade @ svgr/webpack to fix build error (@ jabranr)
- #10198 remove chalk from formatWebpackMessages (@ jasonwilliams)
- #10141 chore: bump typescript version (@ trainto)
- #10143 chore: bump web-vital dependency version (@ sahilpurav)
- Andrew Hyndman (@ ajhyndman)
- Aviv Hadar (@ Avivhdr)
- Brody McKee (@ mrmckeb)
- Chris Shepherd (@ sheepsteak)
- EhsanKhaki (@ ehsankhfr)
- Hakjoon Sim (@ trainto)
- Ian Schmitz (@ ianschmitz)
- Jabran Rafique⚡️ (@ jabranr)
- Jason Williams (@ jasonwilliams)
- John Ruble (@ jrr)
- Kristoffer K. (@ merceyz)
- Morten N.O. Nørgaard Henriksen (@ raix)
- Sahil Purav (@ sahilpurav)
- Sergey Makarov (@ maxsbelt)
- Tobias Büschel (@ tobiasbueschel)
- mad-jose (@ josezone)
-
4.0.1 - 2020-11-23
-
4.0.0 - 2020-10-23
from react-scripts GitHub release notes4.0.3 (2021-02-22)
v4.0.3 is a maintenance release that includes minor bug fixes and dependency updates.
🐛 Bug Fix
react-scripts🏠 Internal
react-dev-utilscreate-react-appCommitters: 4
Migrating from 4.0.2 to 4.0.3
Inside any created project that has not been ejected, run:
or
4.0.2 (2021-02-03)
v4.0.2 is a maintenance release that includes minor bug fixes and documentation updates.
🚀 New Feature
react-scripts🐛 Bug Fix
react-scripts💅 Enhancement
react-scripts📝 Documentation
🏠 Internal
react-scriptscreate-react-appreact-dev-utils,react-error-overlay,react-scripts🔨 Underlying Tools
react-scriptsreact-dev-utilscra-template-typescriptcra-template-typescript,cra-templateCommitters: 15
Commit messages
Package name: react-scripts
Compare
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs