socket-security[bot]
commented
11 months ago Updated dependencies detected. Learn more about Socket for GitHub ↗︎
| Packages | Version | New capabilities | Transitives | Size | Publisher |
|---|---|---|---|---|---|
| react-scripts | 1.1.4...5.0.0 | shell, environment | +966/-959 |
106 MB | iansu |
| react-dom | 16.4.1...16.4.2 | None | +5/-4 |
2.68 MB | gaearon |
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------  | **619/1000****Why?** Has a fix available, CVSS 8.1 | Prototype Pollution
[SNYK-JS-AJV-584908](https://snyk.io/vuln/SNYK-JS-AJV-584908) | Yes | No Known Exploit  | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-ANSIREGEX-1583908](https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908) | Yes | Proof of Concept  | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Prototype Pollution
[SNYK-JS-ASYNC-2441827](https://snyk.io/vuln/SNYK-JS-ASYNC-2441827) | Yes | Proof of Concept  | **586/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-CSSWHAT-3035488](https://snyk.io/vuln/SNYK-JS-CSSWHAT-3035488) | Yes | Proof of Concept  | **636/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 6.3 | Prototype Pollution
[SNYK-JS-DOTPROP-543489](https://snyk.io/vuln/SNYK-JS-DOTPROP-543489) | Yes | Proof of Concept  | **586/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-HOSTEDGITINFO-1088355](https://snyk.io/vuln/SNYK-JS-HOSTEDGITINFO-1088355) | Yes | Proof of Concept  | **703/1000**
**Why?** Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.2 | Missing Release of Resource after Effective Lifetime
[SNYK-JS-INFLIGHT-6095116](https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116) | Yes | Proof of Concept  | **686/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.3 | Prototype Pollution
[SNYK-JS-INI-1048974](https://snyk.io/vuln/SNYK-JS-INI-1048974) | Yes | Proof of Concept  | **641/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 6.4 | Prototype Pollution
[SNYK-JS-JSON5-3182856](https://snyk.io/vuln/SNYK-JS-JSON5-3182856) | Yes | Proof of Concept  | **644/1000**
**Why?** Has a fix available, CVSS 8.6 | Prototype Pollution
[SNYK-JS-JSONSCHEMA-1920922](https://snyk.io/vuln/SNYK-JS-JSONSCHEMA-1920922) | Yes | No Known Exploit  | **506/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 3.7 | Validation Bypass
[SNYK-JS-KINDOF-537849](https://snyk.io/vuln/SNYK-JS-KINDOF-537849) | Yes | Proof of Concept  | **479/1000**
**Why?** Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-LOADERUTILS-3042992](https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3042992) | Yes | No Known Exploit  | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Prototype Pollution
[SNYK-JS-LOADERUTILS-3043105](https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3043105) | Yes | No Known Exploit  | **479/1000**
**Why?** Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-LOADERUTILS-3105943](https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3105943) | Yes | No Known Exploit  | **586/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-LODASH-1018905](https://snyk.io/vuln/SNYK-JS-LODASH-1018905) | Yes | Proof of Concept  | **681/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.2 | Command Injection
[SNYK-JS-LODASH-1040724](https://snyk.io/vuln/SNYK-JS-LODASH-1040724) | Yes | Proof of Concept  | **686/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.3 | Prototype Pollution
[SNYK-JS-LODASH-450202](https://snyk.io/vuln/SNYK-JS-LODASH-450202) | Yes | Proof of Concept  | **731/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.2 | Prototype Pollution
[SNYK-JS-LODASH-567746](https://snyk.io/vuln/SNYK-JS-LODASH-567746) | Yes | Proof of Concept  | **686/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.3 | Prototype Pollution
[SNYK-JS-LODASH-608086](https://snyk.io/vuln/SNYK-JS-LODASH-608086) | Yes | Proof of Concept  | **686/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.3 | Prototype Pollution
[SNYK-JS-LODASH-73638](https://snyk.io/vuln/SNYK-JS-LODASH-73638) | Yes | Proof of Concept  | **541/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 4.4 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-LODASH-73639](https://snyk.io/vuln/SNYK-JS-LODASH-73639) | Yes | Proof of Concept  | **486/1000**
**Why?** Mature exploit, Has a fix available, CVSS 2 | Prototype Pollution
[SNYK-JS-MERGE-72553](https://snyk.io/vuln/SNYK-JS-MERGE-72553) | Yes | Mature  | **479/1000**
**Why?** Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-MINIMATCH-3050818](https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818) | Yes | No Known Exploit  | **506/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 3.7 | Prototype Pollution
[SNYK-JS-MINIMIST-2429795](https://snyk.io/vuln/SNYK-JS-MINIMIST-2429795) | Yes | Proof of Concept  | **601/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.6 | Prototype Pollution
[SNYK-JS-MINIMIST-559764](https://snyk.io/vuln/SNYK-JS-MINIMIST-559764) | Yes | Proof of Concept  | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-NTHCHECK-1586032](https://snyk.io/vuln/SNYK-JS-NTHCHECK-1586032) | Yes | Proof of Concept  | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Prototype Poisoning
[SNYK-JS-QS-3153490](https://snyk.io/vuln/SNYK-JS-QS-3153490) | Yes | Proof of Concept  | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-SEMVER-3247795](https://snyk.io/vuln/SNYK-JS-SEMVER-3247795) | Yes | Proof of Concept  | **624/1000**
**Why?** Has a fix available, CVSS 8.2 | Arbitrary File Overwrite
[SNYK-JS-TAR-1536528](https://snyk.io/vuln/SNYK-JS-TAR-1536528) | Yes | No Known Exploit  | **624/1000**
**Why?** Has a fix available, CVSS 8.2 | Arbitrary File Overwrite
[SNYK-JS-TAR-1536531](https://snyk.io/vuln/SNYK-JS-TAR-1536531) | Yes | No Known Exploit  | **410/1000**
**Why?** Has a fix available, CVSS 3.7 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-TAR-1536758](https://snyk.io/vuln/SNYK-JS-TAR-1536758) | Yes | No Known Exploit  | **639/1000**
**Why?** Has a fix available, CVSS 8.5 | Arbitrary File Write
[SNYK-JS-TAR-1579147](https://snyk.io/vuln/SNYK-JS-TAR-1579147) | Yes | No Known Exploit  | **639/1000**
**Why?** Has a fix available, CVSS 8.5 | Arbitrary File Write
[SNYK-JS-TAR-1579152](https://snyk.io/vuln/SNYK-JS-TAR-1579152) | Yes | No Known Exploit  | **639/1000**
**Why?** Has a fix available, CVSS 8.5 | Arbitrary File Write
[SNYK-JS-TAR-1579155](https://snyk.io/vuln/SNYK-JS-TAR-1579155) | Yes | No Known Exploit  | **726/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.1 | Arbitrary File Overwrite
[SNYK-JS-TAR-174125](https://snyk.io/vuln/SNYK-JS-TAR-174125) | Yes | Proof of Concept  | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-TMPL-1583443](https://snyk.io/vuln/SNYK-JS-TMPL-1583443) | Yes | Proof of Concept  | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-UAPARSERJS-1023599](https://snyk.io/vuln/SNYK-JS-UAPARSERJS-1023599) | No | Proof of Concept  | **616/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.9 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-UAPARSERJS-1072471](https://snyk.io/vuln/SNYK-JS-UAPARSERJS-1072471) | No | Proof of Concept  | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-UAPARSERJS-610226](https://snyk.io/vuln/SNYK-JS-UAPARSERJS-610226) | No | Proof of Concept  | **539/1000**
**Why?** Has a fix available, CVSS 6.5 | Improper Input Validation
[SNYK-JS-URIJS-1055003](https://snyk.io/vuln/SNYK-JS-URIJS-1055003) | Yes | No Known Exploit  | **479/1000**
**Why?** Has a fix available, CVSS 5.3 | Improper Input Validation
[SNYK-JS-URIJS-1078286](https://snyk.io/vuln/SNYK-JS-URIJS-1078286) | Yes | No Known Exploit  | **586/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Open Redirect
[SNYK-JS-URIJS-1319803](https://snyk.io/vuln/SNYK-JS-URIJS-1319803) | Yes | Proof of Concept  | **579/1000**
**Why?** Has a fix available, CVSS 7.3 | Prototype Pollution
[SNYK-JS-URIJS-1319806](https://snyk.io/vuln/SNYK-JS-URIJS-1319806) | Yes | No Known Exploit  | **586/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Open Redirect
[SNYK-JS-URIJS-2401466](https://snyk.io/vuln/SNYK-JS-URIJS-2401466) | Yes | Proof of Concept  | **586/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Improper Input Validation
[SNYK-JS-URIJS-2415026](https://snyk.io/vuln/SNYK-JS-URIJS-2415026) | Yes | Proof of Concept  | **586/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Open Redirect
[SNYK-JS-URIJS-2419067](https://snyk.io/vuln/SNYK-JS-URIJS-2419067) | Yes | Proof of Concept  | **646/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 6.5 | Misinterpretation of Input
[SNYK-JS-URIJS-2440699](https://snyk.io/vuln/SNYK-JS-URIJS-2440699) | Yes | Proof of Concept  | **591/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.4 | Cross-site Scripting (XSS)
[SNYK-JS-URIJS-2441239](https://snyk.io/vuln/SNYK-JS-URIJS-2441239) | Yes | Proof of Concept  | **434/1000**
**Why?** Has a fix available, CVSS 4.4 | Time of Check Time of Use (TOCTOU)
[npm:chownr:20180731](https://snyk.io/vuln/npm:chownr:20180731) | Yes | No Known Exploit (*) Note that the real score may have changed since the PR was raised. Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: