[Snyk] Upgrade react-scripts from 4.0.2 to 4.0.3

Snyk has created this PR to upgrade react-scripts from 4.0.2 to 4.0.3.

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 1 version ahead of your current version.
The recommended version was released 21 days ago, on 2021-02-22.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Prototype Pollution SNYK-JS-IMMER-1019369	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Command Injection SNYK-JS-REACTDEVUTILS-1083268	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Command Injection SNYK-JS-NODENOTIFIER-1035794	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: react-scripts

4.0.3 - 2021-02-22
4.0.3 (2021-02-22)

v4.0.3 is a maintenance release that includes minor bug fixes and dependency updates.

🐛 Bug Fix
- react-scripts
  - #10590 Upgrade eslint-webpack-plugin to fix opt-out flag (@ mrmckeb)
🏠 Internal
- react-dev-utils
  - #10412 update immer to 8.0.1 to address vulnerability (@ wclem4)
- create-react-app
  - #10384 tests: update test case to match the description (@ jamesgeorge007)
Committers: 4
- Brody McKee (@ mrmckeb)
- Dion Woolley (@ Awarua-)
- James George (@ jamesgeorge007)
- Walker Clem (@ wclem4)
Migrating from 4.0.2 to 4.0.3

Inside any created project that has not been ejected, run:
```
npm install --save --save-exact react-scripts@4.0.3
```
or
```
yarn add --exact react-scripts@4.0.3
```
4.0.2 - 2021-02-03
4.0.2 (2021-02-03)

v4.0.2 is a maintenance release that includes minor bug fixes and documentation updates.

🚀 New Feature
- react-scripts
  - #8986 Add support for new BUILD_PATH advanced configuration variable (@ ajhyndman)
🐛 Bug Fix
- react-scripts
  - #10170 Add opt-out for eslint-webpack-plugin (@ mrmckeb)
  - #9872 fix(react-scripts): add missing peer dependency react and update react-refresh-webpack-plugin (@ merceyz)
  - #9964 Add TypeScript 4.x as peerDependency to react-scripts (@ sheepsteak)
💅 Enhancement
- react-scripts
  - #9977 Move ESLint cache file into node_modules (@ ehsankhfr)
  - #9569 Improve vendor chunk names in development (@ jrr)
📝 Documentation
- #9473 docs: add missing override options for Jest config (@ tobiasbueschel)
- #10314 Update using-the-public-folder.md (@ Avivhdr)
- #10214 Remove references to Node 8 (@ ianschmitz)
🏠 Internal
- react-scripts
  - #10027 appTsConfig immutability handling by immer (@ josezone)
- create-react-app
  - #10217 Fix CI tests (@ ianschmitz)
- react-dev-utils, react-error-overlay, react-scripts
  - #10091 Recovered some integration tests (@ maxsbelt)
🔨 Underlying Tools
- react-scripts
  - #10216 Revert "Update postcss packages" (@ ianschmitz)
  - #9988 Upgrade sass-loader (@ ehsankhfr)
  - #10003 Update postcss packages (@ raix)
  - #10213 Upgrade @ svgr/webpack to fix build error (@ jabranr)
- react-dev-utils
  - #10198 remove chalk from formatWebpackMessages (@ jasonwilliams)
- cra-template-typescript
  - #10141 chore: bump typescript version (@ trainto)
- cra-template-typescript, cra-template
  - #10143 chore: bump web-vital dependency version (@ sahilpurav)
Committers: 15
- Andrew Hyndman (@ ajhyndman)
- Aviv Hadar (@ Avivhdr)
- Brody McKee (@ mrmckeb)
- Chris Shepherd (@ sheepsteak)
- EhsanKhaki (@ ehsankhfr)
- Hakjoon Sim (@ trainto)
- Ian Schmitz (@ ianschmitz)
- Jabran Rafique⚡️ (@ jabranr)
- Jason Williams (@ jasonwilliams)
- John Ruble (@ jrr)
- Kristoffer K. (@ merceyz)
- Morten N.O. Nørgaard Henriksen (@ raix)
- Sahil Purav (@ sahilpurav)
- Sergey Makarov (@ maxsbelt)
- Tobias Büschel (@ tobiasbueschel)
- mad-jose (@ josezone)

from react-scripts GitHub release notes

Commit messages

Package name: react-scripts

f92c37a Publish
cce32fa Update CHANGELOG
f710976 Prepare 4.0.3 release
6947896 update immer to 8.0.1 to address vulnerability (#10412)
18b5962 Upgrade eslint-webpack-plugin to fix opt-out flag (#10590)
9722ef1 Bump webpack-dev-server 3.11.0 -> 3.11.1 (#10312)
3f5dea9 tests: update test case to match the description (#10384)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

flaviuse / mern-authentication

[Snyk] Upgrade react-scripts from 4.0.2 to 4.0.3 #69

Snyk has created this PR to upgrade react-scripts from 4.0.2 to 4.0.3.

4.0.3 (2021-02-22)

🐛 Bug Fix

🏠 Internal

Committers: 4

Migrating from 4.0.2 to 4.0.3

4.0.2 (2021-02-03)

🚀 New Feature

🐛 Bug Fix

💅 Enhancement

📝 Documentation

🏠 Internal

🔨 Underlying Tools

Committers: 15