Update dependency react-scripts to v4 #15

Security Report

You have successfully remediated 53 vulnerabilities, but introduced 8 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE	Severity	CVSS Score	Vulnerable Library	Suggested Fix	Issue
WS-2021-0153 Path to dependency file: /fixtures/concurrent/time-slicing/package.json Path to vulnerable library: /fixtures/concurrent/time-slicing/package.json,/fixtures/attribute-behavior/package.json Dependency Hierarchy: -> react-scripts-4.0.3.tgz (Root Library) -> workbox-webpack-plugin-5.1.4.tgz -> workbox-build-5.1.4.tgz -> rollup-plugin-off-main-thread-1.4.2.tgz -> ❌ ejs-2.7.4.tgz (Vulnerable Library)	Critical	9.8	ejs-2.7.4.tgz	Upgrade to version: ejs - 3.1.6	None
CVE-2022-37601 Path to dependency file: /fixtures/concurrent/time-slicing/package.json Path to vulnerable library: /fixtures/concurrent/time-slicing/package.json,/fixtures/attribute-behavior/package.json Dependency Hierarchy: -> react-scripts-4.0.3.tgz (Root Library) -> react-dev-utils-11.0.4.tgz -> ❌ loader-utils-2.0.0.tgz (Vulnerable Library)	Critical	9.8	loader-utils-2.0.0.tgz	Upgrade to version: loader-utils - 1.4.1,2.0.3	None
CVE-2022-29078 Path to dependency file: /fixtures/concurrent/time-slicing/package.json Path to vulnerable library: /fixtures/concurrent/time-slicing/package.json,/fixtures/attribute-behavior/package.json Dependency Hierarchy: -> react-scripts-4.0.3.tgz (Root Library) -> workbox-webpack-plugin-5.1.4.tgz -> workbox-build-5.1.4.tgz -> rollup-plugin-off-main-thread-1.4.2.tgz -> ❌ ejs-2.7.4.tgz (Vulnerable Library)	Critical	9.8	ejs-2.7.4.tgz	Upgrade to version: ejs - v3.1.7	None
CVE-2021-3757 Path to dependency file: /fixtures/concurrent/time-slicing/package.json Path to vulnerable library: /fixtures/concurrent/time-slicing/package.json,/fixtures/attribute-behavior/package.json Dependency Hierarchy: -> react-scripts-4.0.3.tgz (Root Library) -> react-dev-utils-11.0.4.tgz -> ❌ immer-8.0.1.tgz (Vulnerable Library)	Critical	9.8	immer-8.0.1.tgz	Upgrade to version: immer - 9.0.6	None
CVE-2021-23436 Path to dependency file: /fixtures/concurrent/time-slicing/package.json Path to vulnerable library: /fixtures/concurrent/time-slicing/package.json,/fixtures/attribute-behavior/package.json Dependency Hierarchy: -> react-scripts-4.0.3.tgz (Root Library) -> react-dev-utils-11.0.4.tgz -> ❌ immer-8.0.1.tgz (Vulnerable Library)	Critical	9.8	immer-8.0.1.tgz	Upgrade to version: immer - 9.0.6	None
CVE-2022-37603 Path to dependency file: /fixtures/concurrent/time-slicing/package.json Path to vulnerable library: /fixtures/concurrent/time-slicing/package.json,/fixtures/attribute-behavior/package.json Dependency Hierarchy: -> react-scripts-4.0.3.tgz (Root Library) -> react-dev-utils-11.0.4.tgz -> ❌ loader-utils-2.0.0.tgz (Vulnerable Library)	High	7.5	loader-utils-2.0.0.tgz	Upgrade to version: loader-utils - 1.4.2,2.0.4,3.2.1	None
CVE-2022-37599 Path to dependency file: /fixtures/concurrent/time-slicing/package.json Path to vulnerable library: /fixtures/concurrent/time-slicing/package.json,/fixtures/attribute-behavior/package.json Dependency Hierarchy: -> react-scripts-4.0.3.tgz (Root Library) -> react-dev-utils-11.0.4.tgz -> ❌ loader-utils-2.0.0.tgz (Vulnerable Library)	High	7.5	loader-utils-2.0.0.tgz	Upgrade to version: loader-utils - 1.4.2,2.0.4,3.2.1	None
CVE-2021-23364 Path to dependency file: /fixtures/concurrent/time-slicing/package.json Path to vulnerable library: /fixtures/concurrent/time-slicing/package.json,/fixtures/attribute-behavior/package.json Dependency Hierarchy: -> react-scripts-4.0.3.tgz (Root Library) -> react-dev-utils-11.0.4.tgz -> ❌ browserslist-4.14.2.tgz (Vulnerable Library)	Medium	5.3	browserslist-4.14.2.tgz	Upgrade to version: browserslist - 4.16.5	None

✔️ Remediated vulnerabilities:

CVE	Vulnerable Library
CVE-2022-0512	url-parse-1.1.9.tgz
CVE-2020-8124	url-parse-1.1.9.tgz
CVE-2022-0868	urijs-1.19.6.tgz
CVE-2022-0613	urijs-1.19.6.tgz
CVE-2022-0512	url-parse-1.5.1.tgz
CVE-2022-37620	html-minifier-3.5.3.tgz
CVE-2018-6342	react-dev-utils-3.1.1.tgz
CVE-2017-16099	no-case-2.3.1.tgz
CVE-2022-1243	urijs-1.19.6.tgz
CVE-2022-1233	urijs-1.19.6.tgz
CVE-2022-0613	urijs-1.18.12.tgz
CVE-2022-24999	qs-6.5.0.tgz
CVE-2018-3774	url-parse-1.1.9.tgz
CVE-2018-14732	webpack-dev-server-2.11.3.tgz
CVE-2017-16118	forwarded-0.1.0.tgz
CVE-2022-0691	url-parse-1.5.1.tgz
CVE-2022-0639	url-parse-1.1.9.tgz
CVE-2022-24723	urijs-1.18.12.tgz
CVE-2020-28499	merge-1.2.1.tgz
WS-2018-0347	eslint-4.4.1.tgz
WS-2019-0063	js-yaml-3.9.1.tgz
CVE-2022-0639	url-parse-1.5.1.tgz
CVE-2022-0691	url-parse-1.1.9.tgz
CVE-2022-37598	uglify-js-3.4.10.tgz
CVE-2021-23382	postcss-5.2.17.tgz
CVE-2021-27516	urijs-1.18.12.tgz
WS-2019-0017	clean-css-4.1.7.tgz
CVE-2020-15366	ajv-5.2.2.tgz
CVE-2022-0686	url-parse-1.5.1.tgz
CVE-2021-23382	postcss-6.0.23.tgz
CVE-2021-3647	urijs-1.18.12.tgz
CVE-2022-24723	urijs-1.19.6.tgz
CVE-2022-0868	urijs-1.18.12.tgz
WS-2017-3757	content-type-parser-1.0.1.tgz
CVE-2020-26291	urijs-1.18.12.tgz
CVE-2021-3664	url-parse-1.1.9.tgz
WS-2019-0032	js-yaml-3.9.1.tgz
CVE-2017-16138	mime-1.3.6.tgz
CVE-2021-24033	react-dev-utils-3.1.1.tgz
WS-2018-0589	nwmatcher-1.4.1.tgz
CVE-2021-24033	react-dev-utils-5.0.3.tgz
CVE-2021-3664	url-parse-1.5.1.tgz
CVE-2021-3647	urijs-1.19.6.tgz
CVE-2022-0686	url-parse-1.1.9.tgz
CVE-2018-14732	webpack-dev-server-2.7.1.tgz
CVE-2021-27515	url-parse-1.1.9.tgz
CVE-2021-23382	postcss-6.0.9.tgz
CVE-2020-15366	ajv-5.5.2.tgz
CVE-2022-37598	uglify-js-3.13.5.tgz
CVE-2022-37620	html-minifier-3.5.21.tgz
WS-2018-0590	diff-3.3.0.tgz
CVE-2022-1243	urijs-1.18.12.tgz
CVE-2022-1233	urijs-1.18.12.tgz

Base branch total remaining vulnerabilities: 381
Base branch commit: 3a02ac49d37e94b5747f69bc6d783357d23ba57f

Total libraries scanned: 4952

Scan token: 6cc0f88826b94d48a66eae8c4a80df87

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update dependency react-scripts to v4 #15

Update dependency react-scripts to v4 #15

Security Report

Re-running checks...

Update dependency react-scripts to v4 #15

Are you sure you want to change the base?

Update dependency react-scripts to v4

Update dependency react-scripts to v4 #15

Security Report

Re-running checks...