[Snyk] Fix for 28 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/react-scripts/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIHTML-1296849	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-EVENTSOURCE-2823375	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1085627	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1243891	Yes	Proof of Concept
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-JSYAML-173999	Yes	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-JSYAML-174129	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-MERGE-1040469	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-MERGE-1042987	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-NODEFORGE-2330875	Yes	Proof of Concept
	529/1000 Why? Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-NODEFORGE-2331908	Yes	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	Yes	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Command Injection SNYK-JS-REACTDEVUTILS-1083268	Yes	Proof of Concept
	619/1000 Why? Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Denial of Service (DoS) SNYK-JS-SOCKJS-575261	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Information Exposure SNYK-JS-WEBPACKDEVSERVER-72405	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:eslint:20180222	No	Proof of Concept
	469/1000 Why? Has a fix available, CVSS 5.1	Denial of Service (DoS) npm:mem:20180117	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: chalk

The new version differs by 53 commits.

• 3fca615 2.0.0
• f66271e Add tagged template literal (Figure out why e2e script doesn't catch some issues facebook/create-react-app#163)
• 23ef1c7 fix linter errors
• c015568 add rainbow example
• 09fb2d8 Re-implement `chalk.enabled` (Contributing instructions step two facebook/create-react-app#160)
• 608242a spoof supports-color
• 18f2e7c add host information output
• 523b998 Revert "TEMPORARY: emergency travis CI fix (see comments)"
• 54975fb TEMPORARY: emergency travis CI fix (see comments)
• 1d73b21 Improve readme
• 6f4d6b3 Bump dependencies
• 8702496 Remove `chalk.styles`
• 0412cdf Minor code improvements
• 249b9ac ES2015ify the codebase
• cb3f230 Add RGB (256/Truecolor) support (Electron support facebook/create-react-app#140)
• dbae68d Update dependent package count in the readme (initial settings for editorconfig facebook/create-react-app#154)
• 9b60021 Drop support for Node.js 0.10 and 0.12
• 0d21449 check parent builder object for enabled status (Typescript Option facebook/create-react-app#142)
• 5a69476 add XO badge
• 492f11f add example file
• 4ce73b6 make XO happy
• 7c02cf4 Add log statement to chalk examples (Add missing semver dependency. facebook/create-react-app#129)
• 835ca3d You've just reached 10,000 dependent modules. (Typo fix facebook/create-react-app#122)
• 74c087d minor doc improvements (United init command for both React and React Native facebook/create-react-app#120)

See the full diff

Package name: css-loader

The new version differs by 112 commits.

• 634ab49 chore(release): 2.0.0
• 6ade2d0 refactor: remove unused file ("Displaying Lint Output in the Editor" instructions not working in VS Code facebook/create-react-app#860)
• e7525c9 test: nested url (Exit production build if any errors are in build stats facebook/create-react-app#859)
• 7259faa test: css hacks (Upgrade to Jest 16 facebook/create-react-app#858)
• 5e6034c feat: allow to filter import at-rules (NPM shows the latest version to be 0.5.0 facebook/create-react-app#857)
• 5e702e7 feat: allow filtering urls (Dispose error overlay when linting errors have been corrected facebook/create-react-app#856)
• 9642aa5 test: css stuff (Correct a comment mistype in webpack production config facebook/create-react-app#855)
• 3338656 fix: reduce number of require for url (Feature request: Doc generation facebook/create-react-app#854)
• 533abbe test: issue 636 (Using pow (virtual host proxy) causes websocket error facebook/create-react-app#853)
• 08c551c refactor: better warning on invalid url resolution (Add root imports with tilde prefix facebook/create-react-app#852)
• b0aa159 test: issue Added instructions for using local images facebook/create-react-app#589 (Update Jest to 16 facebook/create-react-app#851)
• f599c70 fix: broken unucode characters (Document folder layout in CONTRIBUTING.md facebook/create-react-app#850)
• 1e551f3 test: issue 286 (Add base routes for source files facebook/create-react-app#849)
• 419d27b docs: improve readme (Return correct package name when using a custom react-script scoped package facebook/create-react-app#848)
• d94a698 refactor: webpack-default (Build size info facebook/create-react-app#847)
• b97d997 feat: schema options
• 453248f fix: support module resolution in composes (favicon.ico spelled incorrectly in index.html facebook/create-react-app#845)
• 8a6ea10 refactor: postcss plugins (Fson eslint config react app e2e facebook/create-react-app#844)
• fdcf687 fix: url resolving logic (Missing script: start facebook/create-react-app#843)
• 889dc7f feat: allow to disable css modules and disable their by default (Tin tức  facebook/create-react-app#842)
• ee2d253 test: importLoaders option (Update instructions on publishing to GitHub pages facebook/create-react-app#841)
• 1dad1fb feat: reuse postcss ast from other loaders (i.e `postcss-loader`) (Make webpackHotDevClient support webpack 2 too facebook/create-react-app#840)
• fe94ebc test: icss reserved keywords (Make react-dev-utils/webpackHotDevClient work with webpack 2 facebook/create-react-app#839)
• 9eaba66 refactor: migrate on message api for postcss-icss-plugin (Add Rails link to User Guide facebook/create-react-app#838)

See the full diff

Package name: eslint

The new version differs by 250 commits.

• 36ced0a 5.0.0
• 5fd5632 Build: changelog update for 5.0.0
• 0feedfd New: Added max-lines-per-function rule (fixes Report High severity vulnerability in react-scripts 3.4.3 dependencies facebook/create-react-app#9842) (#10188)
• daefbdb Upgrade: eslint-scope and espree to 4.0.0 (refs the Chinese document has a mistake facebook/create-react-app#10458) (Development Server doesn't load the app without React Dev Tools browser plugin installed facebook/create-react-app#10500)
• 077358b Docs: no-process-exit: recommend process.exitCode (Whether the tool can analyze the compilation time？ facebook/create-react-app#10478)
• f93d6ff Fix: do not fail on unknown operators from custom parsers (fixes Some packages within node_modules are not watched by Webpack while others are on macOS facebook/create-react-app#10475) (Status of CRA as a Facebook Product? facebook/create-react-app#10476)
• 05343fd Fix: add parens for yield statement (fixes #10432) (Failed to compile: Module not found facebook/create-react-app#10468)
• d477c5e Fix: check destructuring for "no-shadow-restricted-names" (fixes Optimize images with Webpack and use picture HTML element facebook/create-react-app#10467) (react-dev-utils has a HIGH CVE facebook/create-react-app#10470)
• 7a7580b Update: Add considerPropertyDescriptor option to func-name-matching (Make @typescript-eslint an optional peer dependency facebook/create-react-app#9078)
• e0a0418 Fix: crash on optional catch binding (npm start not working facebook/create-react-app#10429)
• de4dba9 Docs: styling team members (Can i change eslintFormatter.js ??? facebook/create-react-app#10460)
• 5e453a3 Docs: display team members in tables. (Imported image format incompatible between web and native facebook/create-react-app#10433)
• b1895eb Docs: Restore intentional spelling mistake (fix type facebook/create-react-app#10459)
• a9da57d 5.0.0-rc.0
• 3ac3df6 Build: changelog update for 5.0.0-rc.0
• abf400d Update: Add ignoreDestructing option to camelcase rule (fixes [v4] Fast Refresh should not be enabled for old ReactDOM versions facebook/create-react-app#9807) (CSS import from sibling package inside monorepo fails facebook/create-react-app#10373)
• e2b394d Upgrade: espree and eslint-scope to rc versions (env value loading facebook/create-react-app#10457)
• a370da2 Chore: small opt to improve readability (feature: add cra-template-concent-ts facebook/create-react-app#10241)
• 640bf07 Update: Fixes multiline no-warning-comments rule. (fixes fix: page doesn't get refreshed when FAST_REFRESH=false facebook/create-react-app#9884) (test(create-react-app): add integration tests facebook/create-react-app#10381)
• 831c39a Build: Adding rc release script to package.json (Update PostCSS packages facebook/create-react-app#10456)
• dc4075e Update: fix false negative in no-use-before-define (fixes Update docs before milestone release 4.0.2 facebook/create-react-app#10227) (Azure pipeline for all PR fails facebook/create-react-app#10396)
• 3721841 Docs: Add new experimental syntax policy to README (fixes react-dev-utils 10.2.1: events.js:291 throw er; // Unhandled 'error' event facebook/create-react-app#9804) (Update production-build.md facebook/create-react-app#10408)
• d0aae3c Docs: Create docs landing page (Added instructions for running tests with yarn facebook/create-react-app#10453)
• fe8bec3 Fix: fix writing config file when `source` is `prompt` (babel-macros preval.macro inside a dependency but evaluated at app build time facebook/create-react-app#10422)

See the full diff

Package name: html-webpack-plugin

The new version differs by 250 commits.

• 873d75b chore(release): 5.5.0
• ddeb774 chore: update examples
• 1e42625 feat: Support type=module via scriptLoading option
• 7d3645b Bump pretty-error to 4.0.0 to fix transitive vuln for ansi-regex CVE-2021-3807
• 79be779 [chore] changes actions to run on pull_requests
• b7e5859 [chore] fixes CI to avoid race conditions
• 48131d3 chore(release): 5.4.0
• 16a841a [chore] rebuild examples
• 3bb7c17 Update index.js
• e38ac97 Update index.js
• f08bd02 [chore] updates fixtures
• d62a10f [chore] upgrades [email protected] -> 6.0.2
• 2f5de7a Remove archived plugin
• 8f8f7c5 chore(release): 5.3.2
• 053c6e6 chore: update snapshot tests for webpack 5.4.0
• 9c7fba0 Fix security vulnerabilities
• b98fbeb Fix security vulnerabilities
• 25cdfc7 Added inject-body-webpack-plugin to readme
• 0e4c1fb Update README to document actual behavior
• 0a6568d chore(release): 5.3.1
• 82d0ee8 fix: remove loader-utils from plugin core
• 6f39192 chore(release): 5.3.0
• d654f5b feat: allow to modify the interpolation options in webpack config
• 41d7a50 feat: drop loader-utils dependency

See the full diff

Package name: postcss-flexbugs-fixes

The new version differs by 5 commits.

• 60c8e5f chore(deps): upgrade `postcss` to `7` ([Snyk] Fix for 3 vulnerabilities #51)
• 7974ef7 Update README.md ([Snyk] Fix for 1 vulnerabilities #47)
• d9d3955 Revert "Revert Autoremoval of 0% Basis" ([Snyk] Fix for 1 vulnerabilities #46)
• bae98c0 Push changelog
• fe6215e Revert Autoremoval of 0% Basis ([Snyk] Security upgrade webpack-dev-server from 2.8.2 to 3.11.3 #43)

See the full diff

Package name: postcss-loader

The new version differs by 73 commits.

• 7647ac9 chore(release): 3.0.0
• 313c3c4 docs(README): update filename formatting
• d6931da refactor(Error): add `error` property checks
• 962b1d6 refactor(options): remove `ident` from validation schema
• 1f98aee refactor(Warning): add `warning` property checks
• 95de4c1 docs(LOADER): update JSDoc
• ea68a42 chore(package): update `schema-utils` v0.4.5...1.0.0 (`dependencies`)
• 73a8c66 chore(ISSUE_TEMPLATE/DOCS): add template for documentation issues
• 70f4426 chore(ISSUE_TEMPLATE/FEATURE): add feature request template
• 4a0328e chore(ISSUE_TEMPLATE/BUG): move bug reports into their own template
• 319d1f7 chore(PULL_REQUEST_TEMPLATE): improve format and content
• bdcbef0 refactor(src): update code base with latest ES2015+ features
• f34954f fix(index): add ast version (`meta.ast`)
• 8ac6fb5 fix(index): emit `warnings` as an instance of `{Error}`
• 2c6033b test(Errors): remove stacktrace from snapshot
• 549ea08 fix(options): improved `ValidationError` messages
• fbf05de test: replace helpers with `@ webpack-utilities/test` (Add Netlify to deploy instructions facebook/create-react-app#386)
• daa0da8 chore(package): update `postcss` v6.0.0...7.0.0 (`dependencies`) (check if npm properly supports long cache-min and enable if so facebook/create-react-app#375)
• 114db12 docs(README): add autoprefixing example (Failed after run create-react-app test facebook/create-react-app#380)
• 8772814 style(standard): fix linting issues
• 8ef443f ci(travis): build stages
• 6f10898 ci(appveyor): readd Appveyor CI (External node module css load problem facebook/create-react-app#381)
• 0bb835c ci(package): run tests in an explicit environment (`jest --env=node`) (Fixed typo facebook/create-react-app#382)
• 5e2bca9 docs(README): replace `postcss-cssnext` with `postcss-preset-env` (Add Surge.sh to deploy instructions facebook/create-react-app#379)

See the full diff

Package name: style-loader

The new version differs by 22 commits.

• 5d73db7 chore(release): 0.20.0
• 08ce425 chore(package): update dependencies
• 28f603f refactor: remove comments from bundle source code
• dda8b89 test: rename && update HMR tests
• 23c3567 fix(options): add `transform` option validation (`{String}`)
• e0c4b19 fix(options): support passing a `{Function}` (`options.insertInto`)
• ac8430c ci(travis): update `node` v4.3.0...4.8.0
• 0eb8fe7 feat: support passing a `{Function}` (`options.insertInto`) (Add note that router doesn't work with gh-pages facebook/create-react-app#279)
• 3a4cb53 fix(index): enable HMR in case `locals` (`css-modules`) are unchanged (Accept version when loading fonts e.g. font-awesome facebook/create-react-app#298)
• 9b46128 fix(addStyles): check if `HTMLIFrameElement` exist (Updating 0.1.0 → 0.2.0 facebook/create-react-app#296)
• a7734e6 chore(package): update repository url (Warn about JSX file extension facebook/create-react-app#290)
• 6ca2ecb chore(release): 0.19.1
• 2bfc93e fix(addStyles): correctly check `singleton` behavior when `{Boolean}` (`options.singleton`) (Prettier console output facebook/create-react-app#285)
• 57c457d docs: fixed missing commas in configuration examples (Webpack plugin to detect case mismatch in requires facebook/create-react-app#266)
• c9707f1 chore(release): 0.19.0
• 378e906 feat: add option to enable/disable HMR (`options.hmr`) (Rename compressor field to compress in UglifyJsPlugin settings facebook/create-react-app#264)
• 67120f8 feat: support 'before' insertions (`options.insertAt`) (Respect NODE_PATH environment variable facebook/create-react-app#253)
• a2ae3ac docs(README): fix bash code highlight (Add a temporary fix for generators facebook/create-react-app#262)
• ce53bd9 docs(readme): fix typo (process.env.NODE_ENV undefined warning facebook/create-react-app#260)
• 57e171f docs: Fixes typo in readme (CI passes while E2E aborted early facebook/create-react-app#258)
• 01ceef8 docs(README): fix example (`options.insertInto`) (Add one more alternative facebook/create-react-app#251)
• 25e8e89 feat: add support for iframes (`options.insertInto`) (How to correctly pass API requests to another backend server facebook/create-react-app#248)

See the full diff

Package name: url-loader

The new version differs by 8 commits.

• 11dce14 docs: Update changelog with nsp advisory
• 1934507 chore(release): 0.6.0
• a1e1fef chore: Fix mime version
• d19ee2d chore: update `mime` package to avoid deprecation mime type with `woff` and `woff2` (No .jsx extension? facebook/create-react-app#87)
• 636ebed feat: add `fallback` option (add node engine to package.json and call checkNodeVersion function in cli facebook/create-react-app#88)
• f3f5fce docs(README): remove confusing `prefix` option (`options.prefix`) (Display an overlay for syntax errors facebook/create-react-app#89)
• 2de70bb docs(README): fix typo in example (Add Sagui to the list of alternatives facebook/create-react-app#81)
• ced5990 feat(index): add options validation (`schema-utils`) (Optional Sass Support facebook/create-react-app#78)

See the full diff

Package name: webpack

The new version differs by 250 commits.

• 04f90c5 4.26.0
• e1df721 Merge pull request Unable to install react-navigation facebook/create-react-app#8392 from vkrol/cherry-pick-terser-to-webpack-4
• a818def fix for changed API in terser plugin warningsFilter
• b39abf4 Rename test directories too
• 311a728 Switch from uglifyjs-webpack-plugin to terser-webpack-plugin
• a230148 Merge pull request Dynamically changing PUBLIC_URL in the CD step of CI/CD pipeline facebook/create-react-app#8351 from DeTeam/chunk-jsdoc-typo
• 7a0af76 Fix a typo in Chunk#split jsdoc comment
• 2361995 4.25.1
• e2a2016 Merge pull request Create-react app facebook/create-react-app#8338 from webpack/bugfix/issue-8293
• babe736 replace prefix/postfix even when equal for wrapped context
• dcd0d59 test for Minor grammatical edit facebook/create-react-app#8293
• af123a8 Merge pull request Need to credit caniuse-lite in produced web app? facebook/create-react-app#8334 from webpack/bugfix/lint
• 36eb0bb move azure specific commands to azure-pipelines.yml
• 290094e 4.25.0
• 355590e Merge pull request React Scripts 3.3.0 breaks Heroku build facebook/create-react-app#8250 from Aladdin-ADD/patch-3
• 0293c3a Merge pull request Aborting installation. npm install --save --save-exact --loglevel error react react-dom react-scripts cra-template has failed. facebook/create-react-app#8279 from smelukov/support-entry-progress
• 1ea411b Merge pull request Provide a way to configure the mainFields for webpack facebook/create-react-app#8139 from NaviMarella/FormatManifest
• 4b72635 exclude watch test cases
• e35d084 increase test timeout
• 6be1411 move schema into definitions
• 3d74504 add missing hooks to progress
• 56d8a8f prevent writing the same message multiple times to stderr
• 64e3826 use flags to show different parts of the progress message
• 8c5e74f Merge branch 'master' into support-entry-progress

See the full diff

Package name: webpack-dev-server

The new version differs by 250 commits.

• 5280ee7 docs: fix typo
• d834582 chore(release): 4.7.3
• 7b8c85b chore(deps): update `selfsigned` (yarn deploy fails to build a mirror-saga dependencies facebook/create-react-app#4170)
• d598325 chore: fix lint
• c1907f1 refactor: remove redundant `if` statements (serve app under homepage facebook/create-react-app#4158)
• e535f25 ci: debug (Failed to compile when npm start project created by create-react-app my-app --scripts-version=react-scripts-ts  facebook/create-react-app#4144)
• 75999bb chore(release): 4.7.2
• 90a96f7 ci: fix (Will chokidar_usepolling=true start up the server faster in my docker container? facebook/create-react-app#4143)
• f6bc644 fix: compatible with `onAfterSetupMiddleware`
• 317e4b9 docs: fix testing instructions (Create React App integrated in an existing application facebook/create-react-app#4133)
• ff4550e test: remove redundant test cases related to 3rd party code (yarn test gets broken when I install antd package in my project. wat?! o_O facebook/create-react-app#4131)
• 0dd1ee6 test: add e2e tests for `setupExitSignals` option (async js chunks that include css imports cause => Uncaught (in promise) TypeError: Cannot read property 'call' of undefined facebook/create-react-app#4130)
• afe4975 chore(release): 4.1.7
• 4e5d8ea fix: droped `url` package (Heroku app returns Not Found when going to specific url Route facebook/create-react-app#4132)
• b0c98f0 chore(release): 4.7.0
• 3138213 chore(deps): update (Testing with a Proxy facebook/create-react-app#4127)
• 8f02c3f feat: added types
• f4fb15f fix: update description of `onAfterSetupMiddleware` and `onBeforeSetupMiddleware` options (wikipedia link change facebook/create-react-app#4126)
• 37b73d5 test: add e2e test for `WEBPACK_SERVE` env variable (Use babel-plugin-react-native-web facebook/create-react-app#4125)
• f5a9d05 chore(deps-dev): bump eslint from 8.4.1 to 8.5.0 (Prod config produces invalid font-family values in minified CSS facebook/create-react-app#4121)
• c9b959f chore(deps): bump ws from 8.3.0 to 8.4.0 (Error when calling npm start. Help please. facebook/create-react-app#4124)
• 42208aa chore(deps-dev): bump lint-staged from 12.1.2 to 12.1.3 (Preserve quotes in font values during minification facebook/create-react-app#4122)
• f440f84 chore(deps): bump express from 4.17.1 to 4.17.2 (add sample scaffolding in CRA facebook/create-react-app#4120)
• c13aa56 feat: added the `setupMiddlewares` option (babel-preset-react-app with babel-preset-env facebook/create-react-app#4068)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 More lessons are available in Snyk Learn