[Snyk] Fix for 1 vulnerabilities

[vechaurijbiko]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/react-scripts/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	461/1000 Why? Recently disclosed, Has a fix available, CVSS 3.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-DEBUG-3227433	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: fork-ts-checker-webpack-plugin

The new version differs by 184 commits.

• 5ba6839 Release 5.0.0 (postcss support? wmonk/create-react-app-typescript#445)
• d056616 feat: remove "incremental: true" from ts default options (Build process is almost 20 minutes long wmonk/create-react-app-typescript#444)
• 188d44d feat: add issue.scope option (Change webpack devtool setting to source-map wmonk/create-react-app-typescript#442)
• b865f1d fix: always pass compilation to issues hook (Version 4.0.8: Internet Explorer no working anymore wmonk/create-react-app-typescript#443)
• e812f18 feat: overwrite other fields in tsconfig.json (Source Maps don't work for js or jsx files in live dev mode. wmonk/create-react-app-typescript#440)
• 2b72fd0 fix: properly disconnect rpc client to be able to reconnect (Create global.d.ts wmonk/create-react-app-typescript#439)
• c4796b2 fix: include files that are outside project context (Update webpack-dev-server wmonk/create-react-app-typescript#437)
• 1f7ae0d docs: update bug-report template by merging master into alpha branch
• aa8f74d feat: rename tsconfig option to configFile for consistency (Husky hooks not working wmonk/create-react-app-typescript#436)
• 944e0c9 feat: improve overall typescript performance (Using jest-extended? wmonk/create-react-app-typescript#435)
• a430979 feat: add `context` option for typescript reporter (Browserlist error  wmonk/create-react-app-typescript#430)
• 503a948 fix: support webpack multi-compiler (CRA 2.0 wmonk/create-react-app-typescript#431)
• 9b3b9dd feat: add "mode" for typescript reporter (chore: update ts-jest wmonk/create-react-app-typescript#429)
• 2ba396d fix: respect eslint extensions in incremental check
• 8a10ca9 docs: add babel-loader example
• be9cd64 docs: add ts-loader example
• b5d5977 docs: add vscode-tasks example
• e59a8d2 chore: fix github actions release job
• 37b8944 feat: export `version` const for external tools (Question: Can I remove the hash from the output files wmonk/create-react-app-typescript#428)
• 5552f62 docs: update bug template to use eslint, not tslint
• 5665dac feat: change start hook to AsyncSeriesWaterfallHook (Code splitting breaks jest tests. wmonk/create-react-app-typescript#425)
• 8687c63 feat: support @ vue/compiler-sfc in the vue extension (Sass support wmonk/create-react-app-typescript#423)
• f277444 fix: remove references to external typings (Fixed broken link in the main README file. wmonk/create-react-app-typescript#422)
• cfcc0fe fix: properly handle import modules with .vue suffix (chore(package): update description, repository, and bugs.url wmonk/create-react-app-typescript#420)

See the full diff

Package name: webpack

The new version differs by 250 commits.

• 610f368 5.0.0
• 5ce65c1 update examples
• bbe1230 Merge pull request #11628 from webpack/bugfix/real-content-hash
• 75ecff2 5.0.0-rc.6
• bfc35d6 Merge pull request #11603 from MayaWolf/master
• 76e8cbd Merge pull request #11622 from webpack/dependabot/npm_and_yarn/types/node-13.13.25
• 9fd1be2 chore(deps-dev): bump @ types/node from 13.13.23 to 13.13.25
• 36bcfaa Merge pull request #11621 from webpack/bugfix/11619
• 9130d10 fix called variables with ProvidePlugin
• 3e42105 Merge pull request #11620 from webpack/bugfix/11617
• 4709719 skip connections copied to concatenated module
• 57b493f 5.0.0-rc.5
• 1658e2f Merge pull request #11618 from webpack/bugfix/11615
• a8fb45d fixes crash in SideEffectsFlagPlugin
• 84b196d emit error instead of crashing when unexpected problem occurs
• 5573fed Merge pull request #11601 from Hornwitser/improve-suggested-polyfill-config
• 9b5cce9 Merge pull request #11609 from snitin315/export-types
• 37c495c export type RuleSetUseItem
• 39faf34 export type RuleSetUse
• e5fd246 export type RuleSetConditionAbsolute
• 660baad export RuleSetCondition types
• 13e3ca5 Merge pull request #11602 from webpack/bugfix/shared-runtime-chunk
• 9c0587e Merge pull request #11606 from webpack/dependabot/npm_and_yarn/simple-git-2.21.0
• 502d166 Merge pull request #11607 from webpack/dependabot/npm_and_yarn/acorn-8.0.4

See the full diff

Package name: webpack-dev-server

The new version differs by 32 commits.

• ff2874f chore(release): 3.1.11
• b3217ca fix: check origin header for websocket connection (#1603)
• 68dd49a fix: add url for compatibility with webpack@5 (#1598) (#1599)
• fadae5d fix(Server): mime type for wasm in contentBase directory (#1575) (#1580)
• 7a3a257 fix(package): update `spdy` v3.4.1...4.0.0 (assertion error) (#1491) (#1563)
• 1fe82de ci(travis): Node 11 (on OS X) crashes, use 10 for now (#1588)
• 55398b5 fix(bin/options): correct check for color support (`options.color`) (#1555)
• 927a2b3 fix(Server): correct `node` version checks (#1543)
• fa96a76 chore(PULL_REQUEST_TEMPLATE): allow features (#1539)
• fe3219f chore(release): 3.1.10
• c12def3 fix(Server): set `tls.DEFAULT_ECDH_CURVE` to `'auto'` (#1531)
• e719959 fix(package): update `sockjs-client` v1.1.5...1.3.0 (`url-parse` vulnerability) (#1537)
• d2f4902 fix(options): add `writeToDisk` option to schema (#1520)
• bb484ad chore(release): 3.1.9
• 8b8b087 chore(package): update `webpack-dev-middleware` v3.3.0...3.4.0 (`dependencies`)
• d0725c9 chore(package): update `webpack-dev-middleware` v3.2.0...3.3.0 (`dependencies`) (#1499)
• cbe6813 refactor(package): cross-platform `prepare` script (`scripts`) (#1498)
• 3d37cc5 chore(release): 3.1.8
• 8fb67c9 fix(package): `yargs` security vulnerability (`dependencies`) (#1492)
• b9d11ca docs: fix typos (#1487)
• 7a6ca47 fix(utils/createLogger): ensure `quiet` always takes precedence (`options.quiet`) (#1486)
• 065978f chore(package): update `import-local` v1.0.0...2.0.0 (`dependencies`) (#1484)
• f37f0a2 chore(release): 3.1.7
• 2d35287 style(utils/addEntries): cleaner variable naming (#1478)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)