[Snyk] Fix for 7 vulnerabilities #23

jfuginay · 2023-12-19T17:31:19Z

This PR was automatically created by Snyk using the credentials of a real user.

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json

⚠️

Warning

Failed to update the package-lock.json, please update manually before merging.

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
786/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.3	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	Yes	Proof of Concept
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	Yes	Proof of Concept
641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Prototype Pollution SNYK-JS-JSON5-3182856	Yes	Proof of Concept
479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	Yes	No Known Exploit
589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	Yes	No Known Exploit
479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	Yes	No Known Exploit
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: babel-jest

The new version differs by 250 commits.

be16e47 v27.0.0
63102ec chore: update changelog for release
564694a docs(blog): Jest 27 blog post (#11131)
b68d91b feat(pretty-print): add option `printBasicPrototype` (#11441)
2226742 chore: minor simplify format results error (#11432)
78eb25d chore: remove needless assign (#11433)
696c455 chore: update lockfile after publish
e2eb9ae v27.0.0-next.11
3b253f8 Wait for closed resources to actually close before detecting open handles (#11429)
27bee72 fix: run GC before collecting open handles (#11278)
50451df feat: use fallback if prettier not found (#11400)
150dbd8 chore: update lockfile after publish
6f44529 v27.0.0-next.10
cbcec7d Upgrade fsevents in jest-haste-map (#11428)
9633a26 feat: support reporters written in ESM (#11427)
59f42d8 fix: do not cache modules that throw during evaluation (#11263)
57e32e9 Detect open handles with done callbacks (#11382)
a397607 Document and test dontThrow for custom inline snapshot matchers (#10995)
4fa3a0b feat: custom haste (#11107)
2047a36 chore: bump deps (#11419)
a4358d6 chore: run prettier on changelog
bdd6282 Move all default values into `jest-config` (#9924)
db643a1 Link to Jest config (#11106)
b16082c Fix locale issue #10014 (#11412)

Package name: react-scripts

The new version differs by 238 commits.

221e511 Publish
6a3315b Update CONTRIBUTING.md
5614c87 Add support for Tailwind (#11717)
657739f chore(test): make all tests install with `npm ci` (#11723)
20edab4 fix(webpackDevServer): disable overlay for warnings (#11413)
69321b0 Remove cached lockfile (#11706)
3afbbc0 Update all dependencies (#11624)
f5467d5 feat(eslint-config-react-app): support ESLint 8.x (#11375)
e8319da [WIP] Fix integration test teardown / cleanup and missing yarn installation (#11686)
c7627ce Update webpack and dev server (#11646)
f85b064 The default port used by `serve` has changed (#11619)
544befe Update package.json (#11597)
9d0369b Fix ESLint Babel preset resolution (#11547)
d7b23c8 test(create-react-app): assert for exit code (#10973)
1465357 Prepare 5.0.0 alpha release
3880ba6 Remove dependency pinning (#11474)
8b9fbee Update CODEOWNERS
cacf590 Bump template dependency version (#11415)
5cedfe4 Bump browserslist from 4.14.2 to 4.16.5 (#11476)
50ea5ad allow CORS on webpack-dev-server (#11325)
63bba07 Upgrade jest and related packages from 26.6.0 to 27.1.0 (#11338)
960b21e Bump immer from 8.0.4 to 9.0.6 (#11364)
134cd3c Resolve dependency issues in v5 alpha (#11294)
b45ae3c Update CONTRIBUTING.md