[Snyk] Upgrade react-scripts from 3.3.0 to 3.4.4

[snyk-bot]

Snyk has created this PR to upgrade react-scripts from 3.3.0 to 3.4.4.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 6 versions ahead of your current version.
• The recommended version was released a year ago, on 2020-10-20.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WEBSOCKETEXTENSIONS-570623	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TMPL-1583443	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Arbitrary File Write SNYK-JS-TAR-1579155	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579152	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579147	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-OBJECTPATH-1585658	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-OBJECTPATH-1017036	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-NODEFORGE-598677	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-MERGEDEEP-1070277	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-INI-1048974	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Cryptographic Issues SNYK-JS-ELLIPTIC-571484	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Remote Memory Exposure SNYK-JS-DNSPACKET-1293563	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-AJV-584908	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-YARGSPARSER-560381	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-YARGSPARSER-560381	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Open Redirect SNYK-JS-URLPARSE-1533425	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Improper Input Validation SNYK-JS-URLPARSE-1078283	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Denial of Service (DoS) SNYK-JS-SOCKJS-575261	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PROMPTS-1729737	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-OBJECTPATH-1569453	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Command Injection SNYK-JS-NODENOTIFIER-1035794	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-559764	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-559764	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-559764	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1243891	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1085627	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Denial of Service (DoS) SNYK-JS-HTTPPROXY-569139	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-HAPIHOEK-548452	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-HANDLEBARS-567742	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-HANDLEBARS-1279029	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Remote Code Execution (RCE) SNYK-JS-HANDLEBARS-1056767	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-DOTPROP-543489	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Validation Bypass SNYK-JS-KINDOF-537849	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: react-scripts

• 3.4.4 - 2020-10-20
  

  3.4.4 (2020-10-20)

  v3.4.4 release bumps resolve-url-loader to a version for which npm audit does not report a vulnerability. Note that this vulnerability did not affect Create React App projects, so this change is only necessary to satisfy auditing tools.

  Migrating from 3.4.3 to 3.4.4

  Inside any created project that has not been ejected, run:

  npm install --save --save-exact react-scripts@3.4.4

  or

  yarn add --exact react-scripts@3.4.4

• 3.4.3 - 2020-08-12
  

  3.4.3 (2020-08-12)

  v3.4.3 release bumps terser-webpack-plugin to a version for which npm audit does not report a vulnerability. Note that this vulnerability did not affect Create React App projects, so this change is only necessary to satisfy auditing tools.

  Migrating from 3.4.2 to 3.4.3

  Inside any created project that has not been ejected, run:

  npm install --save --save-exact react-scripts@3.4.3

  or

  yarn add --exact react-scripts@3.4.3

• 3.4.2 - 2020-08-11
  

  3.4.2 (2020-08-11)

  v3.4.2 release bumps webpack-dev-server to a version for which npm audit does not report a vulnerability. Note that this vulnerability did not affect Create React App projects, so this change is only necessary to satisfy auditing tools.

  Migrating from 3.4.1 to 3.4.2

  Inside any created project that has not been ejected, run:

  npm install --save --save-exact react-scripts@3.4.2

  or

  yarn add --exact react-scripts@3.4.2

• 3.4.1 - 2020-03-21
  

  3.4.1 (2020-03-20)

  v3.4.1 is a maintenance release that includes minor bug fixes and documentation updates including upgrading Babel to fix a bug in the 7.8 release line. This release also brings support for TypeScript 3.8.

  🐛 Bug Fix

  • react-scripts
    • #8276 Use native ESLint behaviour when extending (@ mrmckeb)
    • #7203 Closes webpack dev server and exits process on "end" stdin (@ kelseyleftwich)
  • babel-preset-react-app
    • #8526 Fix optional chaining and nullish coalescing support (@ ianschmitz)
  • cra-template, eslint-config-react-app, react-scripts
    • #7790 Widen eslint-config-react-app peer dependency versions (@ lukyth)

  💅 Enhancement

  • cra-template-typescript, cra-template
    • #8558 Add React.StrictMode to default templates (@ connkat)
  • react-scripts
    • #8539 allow specification of package.main in template.json (@ EvanBoyle)

  📝 Documentation

  • Other
    • #8515 Fix proxying API request docs (@ hjr3)
    • #8561 Indicate that the file structure is the template's (@ Vinnl)
  • react-scripts
    • #8276 Use native ESLint behaviour when extending (@ mrmckeb)

  🔨 Underlying Tools

  • babel-preset-react-app, create-react-app, react-dev-utils, react-error-overlay, react-scripts
    • #8681 Update to Babel 7.9 (@ ianschmitz)
    • #8620 Bump dependencies (@ ianschmitz)
  • react-scripts
    • #8509 Bumps pnp-webpack-plugin (@ arcanis)

  Committers: 9

  • Brody McKee (@ mrmckeb)
  • Evan Boyle (@ EvanBoyle)
  • Herman J. Radtke III (@ hjr3)
  • Ian Schmitz (@ ianschmitz)
  • Kanitkorn Sujautra (@ lukyth)
  • KatCon (@ connkat)
  • Kelsey Leftwich (@ kelseyleftwich)
  • Maël Nison (@ arcanis)
  • Vincent (@ Vinnl)

  Migrating from 3.4.0 to 3.4.1

  Inside any created project that has not been ejected, run:

  npm install --save --save-exact react-scripts@3.4.1

  or

  yarn add --exact react-scripts@3.4.1

• 3.4.0 - 2020-02-14
  

  3.4.0 (2020-02-14)

  v3.4.0 is a minor release that adds new features, including support for SSL and setting PUBLIC_URL in development. It also includes a fix for Hot Module Reloading with CSS Modules as well as other bug fixes.

  🐛 Bug Fix

  • react-scripts
    • #8378 Downgrade style-loader to v0.23.1 due to CSS modules hot reload not working with v1.0.0 and above (@ chybisov)
  • create-react-app, react-dev-utils, react-error-overlay
    • #8439 Downgrade chalk for ie 11 support (@ ianschmitz)
  • react-dev-utils
    • #8292 Fixes unchecked access to 'deploy' script on build (@ renato-bohler)
  • cra-template-typescript, cra-template
    • #8272 Handle service worker error in Firefox (@ rosinghal)
  • cra-template-typescript
    • #8403 Fix robots.txt for TS (@ Kamahl19)

  💅 Enhancement

  • react-dev-utils, react-scripts
    • #8442 fix(react-scripts): do not redirect served path if request may proxy (@ iamandrewluca)
    • #7259 feat(react-scripts): allow PUBLIC_URL in develoment mode (@ iamandrewluca)
    • #7750 Enable custom sockjs pathname for hot reloading server. (@ heygrady)
  • cra-template-typescript
    • #8412 Change arrow functions to function declarations (@ lewislbr)
  • cra-template-typescript, cra-template
    • #8272 Handle service worker error in Firefox (@ rosinghal)
  • react-scripts
    • #5845 Add option to provide custom ssl certificates during development (@ alexbrazier)

  📝 Documentation

  • cra-template-typescript, cra-template, react-dev-utils, react-error-overlay, react-scripts
    • #8475 Correct webpack name casing (@ lewislbr)
  • Other
    • #8437 Fix navbar line break in header (@ esvyridov)
    • #8299 Update public folder usage docs to clarify globals (@ keevan)
    • #8390 setupTestFrameworkScriptFile is deprecated (@ JimmyLv)

  🔨 Underlying Tools

  • react-dev-utils
    • #8459 update open to v7.0.2 (@ vince1995)
    • #7948 Support JetBrains Rider IDE as an editor (@ djpowell)
    • #8367 Wider Chromium support for openBrowser (@ handeyeco)
  • react-scripts
    • #8282 Run git init before template dependencies are installed (@ lukaszfiszer)
  • Other
    • #8402 fix(test): force install npm in e2e-behaviour (@ iamandrewluca)

  Committers: 18

  • Alex Brazier (@ alexbrazier)
  • Andrew Luca (@ iamandrewluca)
  • Cassidy Williams (@ cassidoo)
  • Christopher Button (@ devgeist)
  • David Powell (@ djpowell)
  • Eugene Chybisov (@ chybisov)
  • Eugene Sviridov (@ esvyridov)
  • Grady Kuhnline (@ heygrady)
  • Ian Schmitz (@ ianschmitz)
  • Kevin Pham (@ keevan)
  • Lewis Llobera (@ lewislbr)
  • Martin Litvaj (@ Kamahl19)
  • Matthew Curtis (@ handeyeco)
  • Renato Böhler (@ renato-bohler)
  • Rohit Singhal (@ rosinghal)
  • Vincent Semrau (@ vince1995)
  • Łukasz Fiszer (@ lukaszfiszer)
  • 吕立青 (@ JimmyLv)

  Migrating from 3.3.1 to 3.4.0

  Inside any created project that has not been ejected, run:

  npm install --save --save-exact react-scripts@3.4.0

  or

  yarn add --exact react-scripts@3.4.0

• 3.3.1 - 2020-01-31
  Read more
• 3.3.0 - 2019-12-05

from react-scripts GitHub release notes

Commit messages

Package name: react-scripts

• d2f813f Publish
• 7641a3c Prepare 3.4.1 release
• d5b527f Update to Babel 7.9 (#8681)
• 6adb82a Add React.StrictMode to default templates (#8558)
• a452ddc Bump dependencies (#8620)
• 3f699fd Fix proxying API request docs (#8515)
• 4d26208 Use native ESLint behaviour when extending (#8276)
• 8ba0ccb Whitelist main in template.json (#8539)
• 7d3b72c Update template example in docs (#8561)
• 2030ee1 Fix optional chaining and nullish coalescing support (#8526)
• 038e6fa Widen eslint-config-react-app peer dependency versions (#7790)
• 7e6d6cd Closes webpack dev server and exits process on "end" stdin (#7203)
• af926d5 Bump pnp-webpack-plugin (#8509)
• 8b0dd54 Publish
• 5ccee88 Prepare 3.4.0 release
• e579de1 Downgrade style-loader to v0.23.1 due to CSS modules hot reload… (#8378)
• 4784997 Correct webpack name casing (#8475)
• 589b41a update open to v7.0.2 (#8459)
• 865ea05 fix(typescriptFormatter): use chalk@2 constructor (#8450)
• d45823c fix(react-scripts): do not redirect served path if request may proxy (#8442)
• eb8e7be Downgrade chalk for ie 11 support (#8439)
• 767aa18 Fixes unchecked access to 'deploy' script on build (#8292)
• cd2469e Fix navbar line break in header (#8437)
• 687c4eb Change arrow functions to function declarations (#8412)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs