[Snyk] Security upgrade react-scripts from 2.0.5 to 3.1.0 #14
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -8,7 +8,7 @@ | |
| "helmet": "^3.14.0", | ||
| "react": "^16.5.2", | ||
| "react-dom": "^16.5.2", | ||
| "react-scripts": "3.1.0" | ||
|
There was a problem hiding this comment. Security control: Software Component Analysis Js Type: Prototype Pollution In Immer Description: react-scripts>react-dev-utils>[email protected] Severity: HIGH Jit Bot commands and options (e.g., ignore issue)You can trigger Jit actions by commenting on this PR review:
There was a problem hiding this comment. Security control: Software Component Analysis Js Type: Prototype Pollution In Object-Path Description: react-scripts>resolve-url-loader>adjust-sourcemap-loader>[email protected] Severity: HIGH Jit Bot commands and options (e.g., ignore issue)You can trigger Jit actions by commenting on this PR review:
There was a problem hiding this comment. Security control: Software Component Analysis Js Type: Cross-Site Scripting In Serialize-Javascript Description: _Paths from library to vulnerable dependencies:
Severity: MEDIUM Jit Bot commands and options (e.g., ignore issue)You can trigger Jit actions by commenting on this PR review:
There was a problem hiding this comment. Security control: Software Component Analysis Js Type: Improper Input Validation In Socksjs-Node Description: react-scripts>webpack-dev-server>[email protected] Severity: MEDIUM Jit Bot commands and options (e.g., ignore issue)You can trigger Jit actions by commenting on this PR review:
There was a problem hiding this comment. Security control: Software Component Analysis Js Type: Open Redirect In Node-Forge Description: react-scripts>webpack-dev-server>selfsigned>[email protected] Severity: MEDIUM Jit Bot commands and options (e.g., ignore issue)You can trigger Jit actions by commenting on this PR review:
There was a problem hiding this comment. Security control: Software Component Analysis Js Type: Os Command Injection In Node-Notifier Description: react-scripts>jest>jest-cli>@jest/core>@jest/reporters>[email protected] Severity: MEDIUM Jit Bot commands and options (e.g., ignore issue)You can trigger Jit actions by commenting on this PR review:
There was a problem hiding this comment. Security control: Software Component Analysis Js Type: Improper Verification Of Cryptographic Signature In Node-Forge Description: react-scripts>webpack-dev-server>selfsigned>[email protected] Severity: HIGH Jit Bot commands and options (e.g., ignore issue)You can trigger Jit actions by commenting on this PR review:
There was a problem hiding this comment. Security control: Software Component Analysis Js Type: Regular Expression Denial Of Service In Browserslist Description: react-scripts>react-dev-utils>[email protected] Severity: MEDIUM Jit Bot commands and options (e.g., ignore issue)You can trigger Jit actions by commenting on this PR review:
There was a problem hiding this comment. Security control: Software Component Analysis Js Type: Improper Neutralization Of Special Elements Used In An Os Command. Description: react-scripts>[email protected] Severity: MEDIUM Jit Bot commands and options (e.g., ignore issue)You can trigger Jit actions by commenting on this PR review:
There was a problem hiding this comment. Security control: Software Component Analysis Js Type: Prototype Pollution In Immer Description: react-scripts>react-dev-utils>[email protected] Severity: HIGH Jit Bot commands and options (e.g., ignore issue)You can trigger Jit actions by commenting on this PR review:
There was a problem hiding this comment. Security control: Software Component Analysis Js Type: Improper Verification Of Cryptographic Signature In Description: react-scripts>webpack-dev-server>selfsigned>[email protected] Severity: MEDIUM Jit Bot commands and options (e.g., ignore issue)You can trigger Jit actions by commenting on this PR review:
There was a problem hiding this comment. Security control: Software Component Analysis Js Type: Improper Neutralization Of Special Elements Used In A Command In Shell-Quote Description: react-scripts>react-dev-utils>[email protected] Severity: HIGH Jit Bot commands and options (e.g., ignore issue)You can trigger Jit actions by commenting on this PR review:
There was a problem hiding this comment. Security control: Software Component Analysis Js Type: Insecure Serialization Leading To Rce In Serialize-Javascript Description: _Paths from library to vulnerable dependencies:
Severity: HIGH Jit Bot commands and options (e.g., ignore issue)You can trigger Jit actions by commenting on this PR review:
There was a problem hiding this comment. Security control: Software Component Analysis Js Type: Regular Expression Denial Of Service In Glob-Parent Description: _Paths from library to vulnerable dependencies:
Severity: HIGH Jit Bot commands and options (e.g., ignore issue)You can trigger Jit actions by commenting on this PR review:
There was a problem hiding this comment. Security control: Software Component Analysis Js Type: Prototype Pollution In Object-Path Description: react-scripts>resolve-url-loader>adjust-sourcemap-loader>[email protected] Severity: HIGH Jit Bot commands and options (e.g., ignore issue)You can trigger Jit actions by commenting on this PR review:
There was a problem hiding this comment. Security control: Software Component Analysis Js Type: Regular Expression Denial Of Service In Postcss Description: react-scripts>resolve-url-loader>[email protected] Severity: MEDIUM Jit Bot commands and options (e.g., ignore issue)You can trigger Jit actions by commenting on this PR review:
There was a problem hiding this comment. Security control: Software Component Analysis Js Type: Prototype Pollution In Immer Description: react-scripts>react-dev-utils>[email protected] Severity: HIGH Jit Bot commands and options (e.g., ignore issue)You can trigger Jit actions by commenting on this PR review:
There was a problem hiding this comment. Security control: Software Component Analysis Js Type: Prototype Pollution In Yargs-Parser Description: react-scripts>webpack-dev-server>yargs>[email protected] Severity: MEDIUM Jit Bot commands and options (e.g., ignore issue)You can trigger Jit actions by commenting on this PR review:
There was a problem hiding this comment. Security control: Software Component Analysis Js Type: Url Parsing In Node-Forge Could Lead To Undesired Behavior. Description: react-scripts>webpack-dev-server>selfsigned>[email protected] Severity: LOW Jit Bot commands and options (e.g., ignore issue)You can trigger Jit actions by commenting on this PR review:
There was a problem hiding this comment. Security control: Software Component Analysis Js Type: Insufficient Granularity Of Access Control In Jsdom Description: _Paths from library to vulnerable dependencies:
Severity: MEDIUM Jit Bot commands and options (e.g., ignore issue)You can trigger Jit actions by commenting on this PR review:
There was a problem hiding this comment. Security control: Software Component Analysis Js Type: Prototype Pollution In Node-Forge Debug Api. Description: react-scripts>webpack-dev-server>selfsigned>[email protected] Severity: LOW Jit Bot commands and options (e.g., ignore issue)You can trigger Jit actions by commenting on this PR review:
There was a problem hiding this comment. Security control: Software Component Analysis Js Type: Inefficient Regular Expression Complexity In Nth-Check Description: _Paths from library to vulnerable dependencies:
Severity: HIGH Jit Bot commands and options (e.g., ignore issue)You can trigger Jit actions by commenting on this PR review:
There was a problem hiding this comment. Security control: Software Component Analysis Js Type: Uncontrolled Resource Consumption In Ansi-Html Description: react-scripts>webpack-dev-server>[email protected] Severity: HIGH Jit Bot commands and options (e.g., ignore issue)You can trigger Jit actions by commenting on this PR review:
There was a problem hiding this comment. Security control: Software Component Analysis Js Type: Improper Verification Of Cryptographic Signature In Node-Forge Description: react-scripts>webpack-dev-server>selfsigned>[email protected] Severity: HIGH Jit Bot commands and options (e.g., ignore issue)You can trigger Jit actions by commenting on this PR review:
There was a problem hiding this comment. Security control: Software Component Analysis Js Type: Regular Expression Denial Of Service In Postcss Description: react-scripts>resolve-url-loader>[email protected] Severity: MEDIUM Jit Bot commands and options (e.g., ignore issue)You can trigger Jit actions by commenting on this PR review:
|
||
| }, | ||
| "devDependencies": { | ||
| "concurrently": "^4.0.1" | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Security control: Software Component Analysis Js
Type: Prototype Pollution In Object-Path
Description: react-scripts>resolve-url-loader>adjust-sourcemap-loader>[email protected]
Severity: MEDIUM
Learn more about this issue
Jit Bot commands and options (e.g., ignore issue)
You can trigger Jit actions by commenting on this PR review:
#jit_ignore_findingIgnore this specific single instance of finding#jit_undo_ignoreUndo ignore command