flex-ui-sample icon indicating copy to clipboard operation
flex-ui-sample copied to clipboard

Published 20 hours ago verified publisher icon twilio

[Snyk] Security upgrade react-scripts from 3.2.0 to 3.3.0

Open twilio-product-security opened this issue 2 years ago • 0 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-GLOBPARENT-1016905		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: react-scripts The new version differs by 82 commits.
  • 9a817dd Publish
  • 0b45600 Update CHANGELOG
  • 9654bef Prepare 3.3.0 release
  • 29c5e55 Update template docs (#8050)
  • f6ba862 Add TypeScript peer dependency to react-scripts (#8038)
  • fffc777 Remove no-unexpected-multiline rule (#8039)
  • 6a3ccc3 Update CODEOWNERS
  • 821fe6b Update CHANGELOG
  • 99d71f3 Re-enable GitHub Actions (#8029)
  • 1a66971 Bump dependencies (#8024)
  • 82009f5 Bump webpack-dev-server (#7988)
  • 5d24a5e Prefix apple-touch-icon links with PUBLIC_URL. (#8005)
  • 4604c5e Override no-unused-expressions with the typescript-eslint version (#8003)
  • 23d5776 Add scripts support to templates (#7989)
  • df5088d Unpin dependencies in react-app-polyfill (#7999)
  • 4b4f3f2 added e2e test for checking typescript template with unsupported node (#7844)
  • 3aaa3fa Add contributors section to readme (#7995)
  • e7cdde6 Support scoped templates (#7991)
  • 58b4738 Bump dependencies (#7986)
  • 3d6d0a1 Prepare 3.3.0 beta
  • 9df95df Temporarily disable GitHub Actions (#7978)
  • 915108b Add placeholders where old template READMEs used to be (#7972)
  • 30b491b Fix light background in docusaurus night mode (#7936)
  • f01bfac Upgrade jest-watch-typeahead (#7956)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

twilio-product-security avatar Jun 06 '22 07:06 twilio-product-security