[Snyk] Upgrade react-scripts from 3.3.0 to 3.4.4 #11
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade react-scripts from 3.3.0 to 3.4.4. See this package in npm: https://www.npmjs.com/package/react-scripts See this project in Snyk: https://app.snyk.io/org/matthew29tang/project/971df379-f3dc-4376-983c-48f9adde6788?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade react-scripts from 3.3.0 to 3.4.4.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version fixes:
SNYK-JS-Y18N-1021887
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-WEBSOCKETEXTENSIONS-570623
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-TMPL-1583443
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-TAR-1579155
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-TAR-1579152
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-TAR-1579147
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-TAR-1536531
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-TAR-1536528
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-SSRI-1246392
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-SSRI-1246392
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-SERIALIZEJAVASCRIPT-570062
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-OBJECTPATH-1585658
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-OBJECTPATH-1017036
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-NODEFORGE-598677
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-MERGEDEEP-1070277
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-INI-1048974
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-ELLIPTIC-571484
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-DNSPACKET-1293563
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-AJV-584908
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-ACORN-559469
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-ACORN-559469
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-ACORN-559469
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-YARGSPARSER-560381
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-YARGSPARSER-560381
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-WS-1296835
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-WS-1296835
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-URLPARSE-1533425
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-URLPARSE-1078283
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-SOCKJS-575261
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-PROMPTS-1729737
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-PATHPARSE-1077067
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-OBJECTPATH-1569453
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-NODENOTIFIER-1035794
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-MINIMIST-559764
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-MINIMIST-559764
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-MINIMIST-559764
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-ISSVG-1243891
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-ISSVG-1085627
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-HTTPPROXY-569139
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-HOSTEDGITINFO-1088355
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-HAPIHOEK-548452
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-HANDLEBARS-567742
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-HANDLEBARS-1279029
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-HANDLEBARS-1056767
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-ELLIPTIC-1064899
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-DOTPROP-543489
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-COLORSTRING-1082939
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-TAR-1536758
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-KINDOF-537849
Why? Proof of Concept exploit, CVSS 7.3
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: react-scripts
-
3.4.4 - 2020-10-20
-
3.4.3 - 2020-08-12
-
3.4.2 - 2020-08-11
-
3.4.1 - 2020-03-21
- #8276 Use native ESLint behaviour when extending (@ mrmckeb)
- #7203 Closes webpack dev server and exits process on "end" stdin (@ kelseyleftwich)
- #8526 Fix optional chaining and nullish coalescing support (@ ianschmitz)
- #7790 Widen eslint-config-react-app peer dependency versions (@ lukyth)
- #8558 Add React.StrictMode to default templates (@ connkat)
- #8539 allow specification of package.main in template.json (@ EvanBoyle)
- Other
- #8515 Fix proxying API request docs (@ hjr3)
- #8561 Indicate that the file structure is the template's (@ Vinnl)
- #8276 Use native ESLint behaviour when extending (@ mrmckeb)
- #8681 Update to Babel 7.9 (@ ianschmitz)
- #8620 Bump dependencies (@ ianschmitz)
- #8509 Bumps pnp-webpack-plugin (@ arcanis)
- Brody McKee (@ mrmckeb)
- Evan Boyle (@ EvanBoyle)
- Herman J. Radtke III (@ hjr3)
- Ian Schmitz (@ ianschmitz)
- Kanitkorn Sujautra (@ lukyth)
- KatCon (@ connkat)
- Kelsey Leftwich (@ kelseyleftwich)
- Maël Nison (@ arcanis)
- Vincent (@ Vinnl)
-
3.4.0 - 2020-02-14
- #8378 Downgrade style-loader to v0.23.1 due to CSS modules hot reload not working with v1.0.0 and above (@ chybisov)
- #8439 Downgrade chalk for ie 11 support (@ ianschmitz)
- #8292 Fixes unchecked access to 'deploy' script on build (@ renato-bohler)
- #8272 Handle service worker error in Firefox (@ rosinghal)
- #8403 Fix robots.txt for TS (@ Kamahl19)
- #8442 fix(react-scripts): do not redirect served path if request may proxy (@ iamandrewluca)
- #7259 feat(react-scripts): allow PUBLIC_URL in develoment mode (@ iamandrewluca)
- #7750 Enable custom sockjs pathname for hot reloading server. (@ heygrady)
- #8412 Change arrow functions to function declarations (@ lewislbr)
- #8272 Handle service worker error in Firefox (@ rosinghal)
- #5845 Add option to provide custom ssl certificates during development (@ alexbrazier)
- #8475 Correct webpack name casing (@ lewislbr)
- Other
- #8437 Fix navbar line break in header (@ esvyridov)
- #8299 Update public folder usage docs to clarify globals (@ keevan)
- #8390 setupTestFrameworkScriptFile is deprecated (@ JimmyLv)
- #8459 update open to v7.0.2 (@ vince1995)
- #7948 Support JetBrains Rider IDE as an editor (@ djpowell)
- #8367 Wider Chromium support for openBrowser (@ handeyeco)
- #8282 Run git init before template dependencies are installed (@ lukaszfiszer)
- Other
- #8402 fix(test): force install npm in e2e-behaviour (@ iamandrewluca)
- Alex Brazier (@ alexbrazier)
- Andrew Luca (@ iamandrewluca)
- Cassidy Williams (@ cassidoo)
- Christopher Button (@ devgeist)
- David Powell (@ djpowell)
- Eugene Chybisov (@ chybisov)
- Eugene Sviridov (@ esvyridov)
- Grady Kuhnline (@ heygrady)
- Ian Schmitz (@ ianschmitz)
- Kevin Pham (@ keevan)
- Lewis Llobera (@ lewislbr)
- Martin Litvaj (@ Kamahl19)
- Matthew Curtis (@ handeyeco)
- Renato Böhler (@ renato-bohler)
- Rohit Singhal (@ rosinghal)
- Vincent Semrau (@ vince1995)
- Łukasz Fiszer (@ lukaszfiszer)
- 吕立青 (@ JimmyLv)
-
3.3.1 - 2020-01-31
-
3.3.0 - 2019-12-05
from react-scripts GitHub release notes3.4.4 (2020-10-20)
v3.4.4 release bumps
resolve-url-loaderto a version for whichnpm auditdoes not report a vulnerability. Note that this vulnerability did not affect Create React App projects, so this change is only necessary to satisfy auditing tools.Migrating from 3.4.3 to 3.4.4
Inside any created project that has not been ejected, run:
or
3.4.3 (2020-08-12)
v3.4.3 release bumps
terser-webpack-pluginto a version for whichnpm auditdoes not report a vulnerability. Note that this vulnerability did not affect Create React App projects, so this change is only necessary to satisfy auditing tools.Migrating from 3.4.2 to 3.4.3
Inside any created project that has not been ejected, run:
or
3.4.2 (2020-08-11)
v3.4.2 release bumps
webpack-dev-serverto a version for whichnpm auditdoes not report a vulnerability. Note that this vulnerability did not affect Create React App projects, so this change is only necessary to satisfy auditing tools.Migrating from 3.4.1 to 3.4.2
Inside any created project that has not been ejected, run:
or
3.4.1 (2020-03-20)
v3.4.1 is a maintenance release that includes minor bug fixes and documentation updates including upgrading Babel to fix a bug in the 7.8 release line. This release also brings support for TypeScript 3.8.
🐛 Bug Fix
react-scriptsbabel-preset-react-appcra-template,eslint-config-react-app,react-scripts💅 Enhancement
cra-template-typescript,cra-templatereact-scripts📝 Documentation
react-scripts🔨 Underlying Tools
babel-preset-react-app,create-react-app,react-dev-utils,react-error-overlay,react-scriptsreact-scriptsCommitters: 9
Migrating from 3.4.0 to 3.4.1
Inside any created project that has not been ejected, run:
or
3.4.0 (2020-02-14)
v3.4.0 is a minor release that adds new features, including support for SSL and setting
PUBLIC_URLin development. It also includes a fix for Hot Module Reloading with CSS Modules as well as other bug fixes.🐛 Bug Fix
react-scriptscreate-react-app,react-dev-utils,react-error-overlayreact-dev-utilscra-template-typescript,cra-templatecra-template-typescript💅 Enhancement
react-dev-utils,react-scriptscra-template-typescriptcra-template-typescript,cra-templatereact-scripts📝 Documentation
cra-template-typescript,cra-template,react-dev-utils,react-error-overlay,react-scripts🔨 Underlying Tools
react-dev-utilsreact-scriptsCommitters: 18
Migrating from 3.3.1 to 3.4.0
Inside any created project that has not been ejected, run:
or
Read more
Commit messages
Package name: react-scripts
Compare
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs