[Snyk] Upgrade react-scripts from 4.0.1 to 4.0.3

[snyk-bot]

Snyk has created this PR to upgrade react-scripts from 4.0.1 to 4.0.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 2 versions ahead of your current version.
• The recommended version was released 2 years ago, on 2021-02-22.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Improper Input Validation SNYK-JS-URLPARSE-2407770	512/1000 Why? Proof of Concept exploit, CVSS 8.1	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TMPL-1583443	512/1000 Why? Proof of Concept exploit, CVSS 8.1	Proof of Concept
	Arbitrary File Write SNYK-JS-TAR-1579155	512/1000 Why? Proof of Concept exploit, CVSS 8.1	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579152	512/1000 Why? Proof of Concept exploit, CVSS 8.1	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579147	512/1000 Why? Proof of Concept exploit, CVSS 8.1	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	512/1000 Why? Proof of Concept exploit, CVSS 8.1	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	512/1000 Why? Proof of Concept exploit, CVSS 8.1	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	512/1000 Why? Proof of Concept exploit, CVSS 8.1	Proof of Concept
	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	512/1000 Why? Proof of Concept exploit, CVSS 8.1	No Known Exploit
	Prototype Pollution SNYK-JS-IMMER-1019369	512/1000 Why? Proof of Concept exploit, CVSS 8.1	Proof of Concept
	Remote Memory Exposure SNYK-JS-DNSPACKET-1293563	512/1000 Why? Proof of Concept exploit, CVSS 8.1	No Known Exploit
	Prototype Pollution SNYK-JS-ASYNC-2441827	512/1000 Why? Proof of Concept exploit, CVSS 8.1	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	512/1000 Why? Proof of Concept exploit, CVSS 8.1	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	512/1000 Why? Proof of Concept exploit, CVSS 8.1	Proof of Concept
	Authorization Bypass Through User-Controlled Key SNYK-JS-URLPARSE-2412697	512/1000 Why? Proof of Concept exploit, CVSS 8.1	Proof of Concept
	Authorization Bypass SNYK-JS-URLPARSE-2407759	512/1000 Why? Proof of Concept exploit, CVSS 8.1	Proof of Concept
	Access Restriction Bypass SNYK-JS-URLPARSE-2401205	512/1000 Why? Proof of Concept exploit, CVSS 8.1	Proof of Concept
	Open Redirect SNYK-JS-URLPARSE-1533425	512/1000 Why? Proof of Concept exploit, CVSS 8.1	Proof of Concept
	Improper Input Validation SNYK-JS-URLPARSE-1078283	512/1000 Why? Proof of Concept exploit, CVSS 8.1	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	512/1000 Why? Proof of Concept exploit, CVSS 8.1	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	512/1000 Why? Proof of Concept exploit, CVSS 8.1	No Known Exploit
	Command Injection SNYK-JS-REACTDEVUTILS-1083268	512/1000 Why? Proof of Concept exploit, CVSS 8.1	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	512/1000 Why? Proof of Concept exploit, CVSS 8.1	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	512/1000 Why? Proof of Concept exploit, CVSS 8.1	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	512/1000 Why? Proof of Concept exploit, CVSS 8.1	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	512/1000 Why? Proof of Concept exploit, CVSS 8.1	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	512/1000 Why? Proof of Concept exploit, CVSS 8.1	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	512/1000 Why? Proof of Concept exploit, CVSS 8.1	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	512/1000 Why? Proof of Concept exploit, CVSS 8.1	Proof of Concept
	Denial of Service (DoS) SNYK-JS-NWSAPI-2841516	512/1000 Why? Proof of Concept exploit, CVSS 8.1	No Known Exploit
	Command Injection SNYK-JS-NODENOTIFIER-1035794	512/1000 Why? Proof of Concept exploit, CVSS 8.1	No Known Exploit
	Information Exposure SNYK-JS-NANOID-2332193	512/1000 Why? Proof of Concept exploit, CVSS 8.1	Proof of Concept
	Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088	512/1000 Why? Proof of Concept exploit, CVSS 8.1	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1243891	512/1000 Why? Proof of Concept exploit, CVSS 8.1	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1085627	512/1000 Why? Proof of Concept exploit, CVSS 8.1	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	512/1000 Why? Proof of Concept exploit, CVSS 8.1	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	512/1000 Why? Proof of Concept exploit, CVSS 8.1	Proof of Concept
	Information Exposure SNYK-JS-EVENTSOURCE-2823375	512/1000 Why? Proof of Concept exploit, CVSS 8.1	Proof of Concept
	Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	512/1000 Why? Proof of Concept exploit, CVSS 8.1	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	512/1000 Why? Proof of Concept exploit, CVSS 8.1	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	512/1000 Why? Proof of Concept exploit, CVSS 8.1	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-2429795	512/1000 Why? Proof of Concept exploit, CVSS 8.1	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	512/1000 Why? Proof of Concept exploit, CVSS 8.1	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: react-scripts

• 4.0.3 - 2021-02-22
• 4.0.2 - 2021-02-03
• 4.0.1 - 2020-11-23

from react-scripts GitHub release notes

Commit messages

Package name: react-scripts

• f92c37a Publish
• cce32fa Update CHANGELOG
• f710976 Prepare 4.0.3 release
• 6947896 update immer to 8.0.1 to address vulnerability (#10412)
• 18b5962 Upgrade eslint-webpack-plugin to fix opt-out flag (#10590)
• 9722ef1 Bump webpack-dev-server 3.11.0 -> 3.11.1 (#10312)
• 3f5dea9 tests: update test case to match the description (#10384)
• 9c75260 Publish
• 32c06e6 Prepare 4.0.2 release
• b9963ab Add opt-out for eslint-webpack-plugin (#10170)
• 8fa0a26 Add support for new BUILD_PATH advanced configuration variable (#8986)
• 6a39607 appTsConfig immutability handling by immer (#10027)
• d229676 Fix CI tests (#10217)
• c9a24db docs: add missing override options for Jest config (#9473)
• 0f6fc2b Update using-the-public-folder.md (#10314)
• a504e9d fix(react-scripts): add missing peer dependency react and update react-refresh-webpack-plugin (#9872)
• 282c03f Remove references to Node 8 (#10214)
• 3968923 Revert "Update postcss packages" (#10216)
• e039ad3 Move ESLint cache file into node_modules (#9977)
• 6dce3f4 Upgrade sass-loader (#9988)
• 54ad467 Recovered some integration tests (#10091)
• 580ed5d Update postcss packages (#10003)
• 8f2413e Improve vendor chunk names in development (#9569)
• 723224f Upgrade @ svgr/webpack to fix build error (#10213)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs