Skip to content

[Snyk] Upgrade react-scripts from 3.1.1 to 3.4.4#4

Open
snyk-bot wants to merge 1 commit into
masterfrom
snyk-upgrade-fa22a2f421efa33628e6017a27e022b7
Open

[Snyk] Upgrade react-scripts from 3.1.1 to 3.4.4#4
snyk-bot wants to merge 1 commit into
masterfrom
snyk-upgrade-fa22a2f421efa33628e6017a27e022b7

Conversation

@snyk-bot

Copy link
Copy Markdown

Snyk has created this PR to upgrade react-scripts from 3.1.1 to 3.4.4.

merge advice
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 13 versions ahead of your current version.
  • The recommended version was released a year ago, on 2020-10-20.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Prototype Pollution
SNYK-JS-Y18N-1021887
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-TMPL-1583443
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Arbitrary File Write
SNYK-JS-TAR-1579155
472/1000
Why? Proof of Concept exploit, CVSS 7.3
No Known Exploit
Arbitrary File Write
SNYK-JS-TAR-1579152
472/1000
Why? Proof of Concept exploit, CVSS 7.3
No Known Exploit
Arbitrary File Write
SNYK-JS-TAR-1579147
472/1000
Why? Proof of Concept exploit, CVSS 7.3
No Known Exploit
Arbitrary File Overwrite
SNYK-JS-TAR-1536531
472/1000
Why? Proof of Concept exploit, CVSS 7.3
No Known Exploit
Arbitrary File Overwrite
SNYK-JS-TAR-1536528
472/1000
Why? Proof of Concept exploit, CVSS 7.3
No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-SSRI-1246392
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Prototype Pollution
SNYK-JS-SETVALUE-450213
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Prototype Pollution
SNYK-JS-SETVALUE-1540541
472/1000
Why? Proof of Concept exploit, CVSS 7.3
No Known Exploit
Prototype Pollution
SNYK-JS-SETVALUE-450213
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Prototype Pollution
SNYK-JS-SETVALUE-1540541
472/1000
Why? Proof of Concept exploit, CVSS 7.3
No Known Exploit
Arbitrary Code Injection
SNYK-JS-SERIALIZEJAVASCRIPT-570062
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Cross-site Scripting (XSS)
SNYK-JS-SERIALIZEJAVASCRIPT-536840
472/1000
Why? Proof of Concept exploit, CVSS 7.3
No Known Exploit
Prototype Pollution
SNYK-JS-OBJECTPATH-1585658
472/1000
Why? Proof of Concept exploit, CVSS 7.3
No Known Exploit
Prototype Pollution
SNYK-JS-OBJECTPATH-1017036
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Prototype Pollution
SNYK-JS-NODEFORGE-598677
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Prototype Pollution
SNYK-JS-MIXINDEEP-450212
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Prototype Pollution
SNYK-JS-MERGEDEEP-1070277
472/1000
Why? Proof of Concept exploit, CVSS 7.3
No Known Exploit
Arbitrary Code Execution
SNYK-JS-JSYAML-174129
472/1000
Why? Proof of Concept exploit, CVSS 7.3
No Known Exploit
Remote Code Execution (RCE)
SNYK-JS-HANDLEBARS-1056767
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Remote Memory Exposure
SNYK-JS-DNSPACKET-1293563
472/1000
Why? Proof of Concept exploit, CVSS 7.3
No Known Exploit
Prototype Pollution
SNYK-JS-YARGSPARSER-560381
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Prototype Pollution
SNYK-JS-YARGSPARSER-560381
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-WS-1296835
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-WS-1296835
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Open Redirect
SNYK-JS-URLPARSE-1533425
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Improper Input Validation
SNYK-JS-URLPARSE-1078283
472/1000
Why? Proof of Concept exploit, CVSS 7.3
No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-UGLIFYJS-1727251
472/1000
Why? Proof of Concept exploit, CVSS 7.3
No Known Exploit
Denial of Service (DoS)
SNYK-JS-SOCKJS-575261
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-PROMPTS-1729737
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHPARSE-1077067
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Prototype Pollution
SNYK-JS-OBJECTPATH-1569453
472/1000
Why? Proof of Concept exploit, CVSS 7.3
No Known Exploit
Command Injection
SNYK-JS-NODENOTIFIER-1035794
472/1000
Why? Proof of Concept exploit, CVSS 7.3
No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ISSVG-1243891
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ISSVG-1085627
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Prototype Pollution
SNYK-JS-HAPIHOEK-548452
472/1000
Why? Proof of Concept exploit, CVSS 7.3
No Known Exploit
Prototype Pollution
SNYK-JS-HANDLEBARS-1279029
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Prototype Pollution
SNYK-JS-DOTPROP-543489
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-COLORSTRING-1082939
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-TAR-1536758
472/1000
Why? Proof of Concept exploit, CVSS 7.3
No Known Exploit
Validation Bypass
SNYK-JS-KINDOF-537849
472/1000
Why? Proof of Concept exploit, CVSS 7.3
Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: react-scripts
  • 3.4.4 - 2020-10-20
  • 3.4.3 - 2020-08-12
  • 3.4.2 - 2020-08-11
  • 3.4.1 - 2020-03-21
  • 3.4.0 - 2020-02-14
  • 3.3.1 - 2020-01-31
  • 3.3.0 - 2019-12-05
  • 3.3.0-next.80 - 2019-12-04
  • 3.3.0-next.62 - 2019-11-14
  • 3.3.0-next.39 - 2019-10-24
  • 3.3.0-next.38 - 2019-10-24
  • 3.2.0 - 2019-10-03
  • 3.1.2 - 2019-09-19
  • 3.1.1 - 2019-08-13
from react-scripts GitHub release notes
Commit messages
Package name: react-scripts
  • d2f813f Publish
  • 7641a3c Prepare 3.4.1 release
  • d5b527f Update to Babel 7.9 (#8681)
  • 6adb82a Add React.StrictMode to default templates (#8558)
  • a452ddc Bump dependencies (#8620)
  • 3f699fd Fix proxying API request docs (#8515)
  • 4d26208 Use native ESLint behaviour when extending (#8276)
  • 8ba0ccb Whitelist main in template.json (#8539)
  • 7d3b72c Update template example in docs (#8561)
  • 2030ee1 Fix optional chaining and nullish coalescing support (#8526)
  • 038e6fa Widen eslint-config-react-app peer dependency versions (#7790)
  • 7e6d6cd Closes webpack dev server and exits process on "end" stdin (#7203)
  • af926d5 Bump pnp-webpack-plugin (#8509)
  • 8b0dd54 Publish
  • 5ccee88 Prepare 3.4.0 release
  • e579de1 Downgrade style-loader to v0.23.1 due to CSS modules hot reload… (#8378)
  • 4784997 Correct webpack name casing (#8475)
  • 589b41a update open to v7.0.2 (#8459)
  • 865ea05 fix(typescriptFormatter): use chalk@2 constructor (#8450)
  • d45823c fix(react-scripts): do not redirect served path if request may proxy (#8442)
  • eb8e7be Downgrade chalk for ie 11 support (#8439)
  • 767aa18 Fixes unchecked access to 'deploy' script on build (#8292)
  • cd2469e Fix navbar line break in header (#8437)
  • 687c4eb Change arrow functions to function declarations (#8412)

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

1 participant