[Snyk] Security upgrade react-scripts from 4.0.3 to 5.0.0 by devpato · Pull Request #40 · devpato/react-NFC-sample

devpato · 2025-07-14T07:21:34Z

Snyk has created this PR to fix 21 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

package.json
yarn.lock

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CROSSSPAWN-8303230	756
	Denial of Service (DoS) SNYK-JS-HTTPPROXYMIDDLEWARE-8229906	756
	Remote Code Execution (RCE) SNYK-JS-EJS-2803307	726
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	696
	Path Traversal SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555	691
	Server-Side Request Forgery (SSRF) SNYK-JS-IP-7148531	646
	Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-6147607	626
	Cross-site Scripting (XSS) SNYK-JS-WEBPACK-7840298	616
	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	589
	Improper Control of Dynamically-Managed Code Resources SNYK-JS-EJS-6689533	586
	Open Redirect SNYK-JS-NODEFORGE-2330875	586
	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	579
	Cross-site Scripting (XSS) SNYK-JS-ROLLUP-8073097	576
	Prototype Pollution SNYK-JS-NODEFORGE-2331908	529
	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	494
	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	494
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	479
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	479
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	479
	Improper Input Validation SNYK-JS-POSTCSS-5926692	479
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	479

Important

Check the changes in this PR to ensure they won't cause issues with your project.
Max score is 1000. Note that the real score may have changed since the PR was raised.
This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Remote Code Execution (RCE)
🦉 Improper Control of Dynamically-Managed Code Resources
🦉 More lessons are available in Snyk Learn

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Security upgrade react-scripts from 4.0.3 to 5.0.0#40

[Snyk] Security upgrade react-scripts from 4.0.3 to 5.0.0#40
devpato wants to merge 1 commit intomainfrom
snyk-fix-da57f84e5d7a0169407e1600137a3ecb

devpato commented Jul 14, 2025

Labels

2 participants

Conversation