Update dependency react-scripts to v5

[dev-mend-for-github-com]

This PR contains the following updates:

Package	Type	Update	Change
react-scripts (source)	dependencies	major	3.4.1 -> 5.0.0

By merging this PR, the issue #23 will be automatically resolved and closed:

Severity	CVSS Score	CVE	Reachability
Critical	9.8	CVE-2019-10747	Unreachable
Critical	9.8	CVE-2019-10747	Unreachable
Critical	9.8	CVE-2021-26707	Unreachable
Critical	9.8	CVE-2021-44906	Unreachable
Critical	9.8	CVE-2021-44906	Unreachable
Critical	9.8	CVE-2021-44906	Unreachable
Critical	9.8	CVE-2022-37601	Unreachable
Critical	9.8	CVE-2022-37601	Unreachable
High	8.1	CVE-2020-7660	Unreachable
High	7.7	CVE-2020-15256	Unreachable
High	7.7	CVE-2021-23386	Unreachable
High	7.5	CVE-2020-28477	Unreachable
High	7.5	CVE-2020-7662	Unreachable
High	7.5	CVE-2021-27290	Unreachable
High	7.5	CVE-2021-27290	Unreachable
High	7.5	CVE-2021-28092	Unreachable
High	7.5	CVE-2021-3807	Unreachable
High	7.5	CVE-2021-3807	Unreachable
High	7.5	CVE-2021-3807	Unreachable
High	7.5	CVE-2022-24999	Reachable
High	7.5	CVE-2022-24999	Reachable
High	7.5	CVE-2022-37603	Unreachable
High	7.5	CVE-2022-37603	Unreachable
High	7.5	CVE-2022-38900	Reachable
High	7.5	WS-2020-0091	Unreachable
High	7.5	WS-2021-0152	Unreachable
High	7.3	CVE-2020-7788	Unreachable
High	7.1	CVE-2022-46175	Unreachable
High	7.1	CVE-2022-46175	Unreachable
Medium	6.8	CVE-2020-28498	Unreachable
Medium	6.5	CVE-2022-0155	Unreachable
Medium	5.9	WS-2019-0424	Unreachable
Medium	5.6	CVE-2020-15366	Unreachable
Medium	5.6	CVE-2020-7598	Unreachable
Medium	5.6	CVE-2020-7789	Unreachable
Medium	5.6	CVE-2021-24033	Unreachable
Medium	5.3	CVE-2020-7608	Unreachable
Medium	5.3	CVE-2020-7693	Unreachable
Medium	5.3	CVE-2021-23343	Unreachable
Medium	5.3	CVE-2021-23362	Unreachable
Medium	5.3	CVE-2021-23364	Unreachable
Medium	5.3	CVE-2021-23368	Unreachable
Medium	5.3	CVE-2021-23368	Unreachable
Medium	5.3	CVE-2021-23382	Unreachable
Medium	5.3	CVE-2021-23382	Unreachable
Medium	5.3	CVE-2021-32640	Unreachable
Medium	5.3	CVE-2021-32640	Unreachable
Low	2.6	CVE-2022-0536	Unreachable

---

Release Notes

facebook/create-react-app (react-scripts)

v5.0.0

Compare Source

Inside any created project that has not been ejected, run:

npm install --save --save-exact react-scripts@5.0.1

or

yarn add --exact react-scripts@5.0.1

🐛 Bug Fix

• react-scripts
  • #​12245 fix: webpack noise printed only if error or warning (@​Andrew47)
• create-react-app
  • #​11915 Warn when not using the latest version of create-react-app but do not exit (@​iansu)
• react-dev-utils
  • #​11640 Ensure posix compliant joins for urls in middleware (@​psiservices-justin-sullard)

💅 Enhancement

• cra-template-typescript, cra-template, react-scripts
  • #​12220 Update templates to use React 18 createRoot (@​kyletsang)
• cra-template-typescript, cra-template
  • #​12223 chore: upgrade rtl version to support react 18 (@​MatanBobi)
• eslint-config-react-app
  • #​11622 updated deprecated rules (@​wisammechano)

📝 Documentation

• #​11594 Fix a typo in deployment.md (@​fishmandev)
• #​11805 docs: Changelog 5.0.0 (@​jafin)
• #​11757 prevent both npm and yarn commands from being copied (@​mubarakn)

🏠 Internal

• #​11985 Ignore docs when publishing (@​iansu)

Committers: 11

• Andrew Burnie (@​Andrew47)
• Clément Vannicatte (@​shortcuts)
• Dmitriy Fishman (@​fishmandev)
• Dmitry Vinnik (@​dmitryvinn)
• Ian Sutherland (@​iansu)
• Jason Finch (@​jafin)
• Kyle Tsang (@​kyletsang)
• Matan Borenkraout (@​MatanBobi)
• Wisam Naji (@​wisammechano)
• @​mubarakn
• @​psiservices-justin-sullard

5.0.0 (2021-12-14)

Create React App 5.0 is a major release with several new features and the latest version of all major dependencies.

Thanks to all the maintainers and contributors who worked so hard on this release! 🙌

v4.0.3

Compare Source

4.0.3 (2021-02-22)

v4.0.3 is a maintenance release that includes minor bug fixes and dependency updates.

🐛 Bug Fix

• react-scripts
  • #​10590 Upgrade eslint-webpack-plugin to fix opt-out flag (@​mrmckeb)

🏠 Internal

• react-dev-utils
  • #​10412 update immer to 8.0.1 to address vulnerability (@​wclem4)
• create-react-app
  • #​10384 tests: update test case to match the description (@​jamesgeorge007)

Committers: 4

• Brody McKee (@​mrmckeb)
• Dion Woolley (@​Awarua-)
• James George (@​jamesgeorge007)
• Walker Clem (@​wclem4)

Migrating from 4.0.2 to 4.0.3

Inside any created project that has not been ejected, run:

npm install --save --save-exact react-scripts@4.0.3

or

yarn add --exact react-scripts@4.0.3

v4.0.2

Compare Source

4.0.2 (2021-02-03)

v4.0.2 is a maintenance release that includes minor bug fixes and documentation updates.

🚀 New Feature

• react-scripts
  • #​8986 Add support for new BUILD_PATH advanced configuration variable (@​ajhyndman)

🐛 Bug Fix

• react-scripts
  • #​10170 Add opt-out for eslint-webpack-plugin (@​mrmckeb)
  • #​9872 fix(react-scripts): add missing peer dependency react and update react-refresh-webpack-plugin (@​merceyz)
  • #​9964 Add TypeScript 4.x as peerDependency to react-scripts (@​sheepsteak)

💅 Enhancement

• react-scripts
  • #​9977 Move ESLint cache file into node_modules (@​ehsankhfr)
  • #​9569 Improve vendor chunk names in development (@​jrr)

📝 Documentation

• #​9473 docs: add missing override options for Jest config (@​tobiasbueschel)
• #​10314 Update using-the-public-folder.md (@​Avivhdr)
• #​10214 Remove references to Node 8 (@​ianschmitz)

🏠 Internal

• react-scripts
  • #​10027 appTsConfig immutability handling by immer (@​josezone)
• create-react-app
  • #​10217 Fix CI tests (@​ianschmitz)
• react-dev-utils, react-error-overlay, react-scripts
  • #​10091 Recovered some integration tests (@​maxsbelt)

🔨 Underlying Tools

• react-scripts
  • #​10216 Revert "Update postcss packages" (@​ianschmitz)
  • #​9988 Upgrade sass-loader (@​ehsankhfr)
  • #​10003 Update postcss packages (@​raix)
  • #​10213 Upgrade @​svgr/webpack to fix build error (@​jabranr)
• react-dev-utils
  • #​10198 remove chalk from formatWebpackMessages (@​jasonwilliams)
• cra-template-typescript
  • #​10141 chore: bump typescript version (@​trainto)
• cra-template-typescript, cra-template
  • #​10143 chore: bump web-vital dependency version (@​sahilpurav)

Committers: 15

• Andrew Hyndman (@​ajhyndman)
• Aviv Hadar (@​Avivhdr)
• Brody McKee (@​mrmckeb)
• Chris Shepherd (@​sheepsteak)
• EhsanKhaki (@​ehsankhfr)
• Hakjoon Sim (@​trainto)
• Ian Schmitz (@​ianschmitz)
• Jabran Rafique⚡️ (@​jabranr)
• Jason Williams (@​jasonwilliams)
• John Ruble (@​jrr)
• Kristoffer K. (@​merceyz)
• Morten N.O. Nørgaard Henriksen (@​raix)
• Sahil Purav (@​sahilpurav)
• Sergey Makarov (@​maxsbelt)
• Tobias Büschel (@​tobiasbueschel)
• mad-jose (@​josezone)

v4.0.1

Compare Source

v4.0.1 is a maintenance release that includes minor bug fixes and documentation updates.

🐛 Bug Fix

• react-scripts
  • #​9921 Fix noFallthroughCasesInSwitch/jsx object is not extensible (@​ryota-murakami)
  • #​9869 Fix react-jsx error (@​benneq)
  • #​9885 fix: React is not defined compilation error after ejected (@​n3tr)
  • #​9911 fix: slow recompile time (@​FezVrasta)
• react-dev-utils
  • #​9884 fix: page doesn't get refreshed when FAST_REFRESH=false (@​n3tr)

💅 Enhancement

• react-scripts
  • #​10048 Increase Workbox's maximumFileSizeToCacheInBytes (@​jeffposnick)

📝 Documentation

• #​10052 docs: add React Testing Library as a library requiring jsdom (@​anyulled)

🏠 Internal

• create-react-app, react-dev-utils, react-scripts
  • #​10083 replace inquirer with prompts (@​EvanBacon)
• cra-template-typescript, cra-template, react-scripts
  • #​9516 [ImgBot] Optimize images (@​MichaelDeBoey)
• Other
  • #​9860 chore: Update .prettierrc (@​MichaelDeBoey)

Committers: 9

• Anyul Rivas (@​anyulled)
• Ben M (@​benneq)
• Evan Bacon (@​EvanBacon)
• Federico Zivolo (@​FezVrasta)
• Jeffrey Posnick (@​jeffposnick)
• Jirat Ki. (@​n3tr)
• Michaël De Boey (@​MichaelDeBoey)
• Ryota Murakami (@​ryota-murakami)
• sho90 (@​sho-t)

Migrating from 4.0.0 to 4.0.1

Inside any created project that has not been ejected, run:

npm install --save --save-exact react-scripts@4.0.1

or

yarn add --exact react-scripts@4.0.1

v4.0.0

Compare Source

4.0.0 (2020-10-23)

Create React App 4.0 is a major release with several new features, including support for Fast Refresh!

Thanks to all the maintainers and contributors who worked so hard on this release! 🙌

Highlights

• Fast Refresh #​8582
• React 17 support
  • New JSX transform #​9645
• TypeScript 4 support #​9734
• ESLint 7 #​8978
  • New Jest and React Testing Library rules #​8963
• Jest 26 #​8955
• PWA/workbox improvements
  • Switch to the Workbox InjectManifest plugin #​9205
  • Now its own template so it can be released independently
• Web Vitals support #​9116

Migrating from 3.4.x to 4.0.0

Inside any created project that has not been ejected, run:

npm install --save --save-exact react-scripts@4.0.0

or

yarn add --exact react-scripts@4.0.0

NOTE: You may need to delete your node_modules folder and reinstall your dependencies by running yarn (or npm install) if you encounter errors after upgrading.

If you previously ejected but now want to upgrade, one common solution is to find the commits where you ejected (and any subsequent commits changing the configuration), revert them, upgrade, and later optionally eject again. It’s also possible that the feature you ejected for is now supported out of the box.

Breaking Changes

Like any major release, react-scripts@4.0.0 contains a number of breaking changes. We expect that they won't affect every user, but we recommend you look over this section to see if something is relevant to you. If we missed something, please file a new issue.

ESLint

We've upgraded to ESLint 7 and added many new rules including some for Jest and React Testing Library as well as the import/no-anonymous-default-export rule. We've also upgraded eslint-plugin-hooks to version 4.0.0 and removed the EXTEND_ESLINT flag as it is no longer required to customize the ESLint config.

Jest

We've upgraded to Jest 26 and now set resetMocks to true by default in the Jest config.

Service workers

We've switched to the Workbox InjectManifest plugin and moved the PWA templates into their own repository.

Removed typescript flag and NODE_PATH support

We've removed the deprecated typescript flag when creating a new app. Use --template typescript instead. We've also dropped deprecated NODE_PATH flag as this has been replaced by setting the base path in jsconfig.json.

Fix dotenv file loading order

We've changed the loading order of env files to match the dotenv specification. See #​9037 for more details.

Dropped Node 8 support

Node 8 reached End-of-Life at the end of 2019 and is no longer supported.

Detailed Changelog

🚀 New Feature

• eslint-config-react-app, react-error-overlay, react-scripts
  • #​8963 feat(eslint-config-react-app): Add jest & testing-library rules (@​MichaelDeBoey)
• react-scripts
  • #​9611 Add AVIF image support (@​Hongbo-Miao)
  • #​9114 Allow testMatch for jest config (@​Favna)
  • #​8790 Add back in --stats output from webpack. (@​samccone)
  • #​8838 Support devDependencies in templates (@​mrmckeb)
• create-react-app
  • #​9359 feat: exit on outdated create-react-app version (@​mrmckeb)
• cra-template-typescript, cra-template, react-scripts
  • #​9205 Switch to the Workbox InjectManifest plugin (@​jeffposnick)
• react-dev-utils, react-scripts
  • #​8582 Add experimental react-refresh support (@​charrondev)

💥 Breaking Change

• eslint-config-react-app, react-error-overlay, react-scripts
  • #​8963 feat(eslint-config-react-app): Add jest & testing-library rules (@​MichaelDeBoey)
  • #​8978 Support ESLint 7.x (@​MichaelDeBoey)
• cra-template-typescript, cra-template, eslint-config-react-app, react-error-overlay, react-scripts
  • #​9587 Remove EXTEND_ESLINT and add Jest rules (@​mrmckeb)
• eslint-config-react-app
  • #​9401 fix: remove deprecated rule (@​ljosberinn)
• create-react-app
  • #​9359 feat: exit on outdated create-react-app version (@​mrmckeb)
• cra-template-typescript, cra-template, react-scripts
  • #​9205 Switch to the Workbox InjectManifest plugin (@​jeffposnick)
• babel-plugin-named-asset-import, confusing-browser-globals, create-react-app, react-dev-utils, react-error-overlay, react-scripts
  • #​8955 Upgrade to Jest 26 (@​ianschmitz)
• create-react-app, react-scripts
  • #​8934 feat: remove typescript flag and NODE_PATH support (@​mrmckeb)
• react-scripts
  • #​9037 Fix dotenv file loading order (@​Timer)
  • #​7899 Set resetMocks to true by default in jest config (@​alexkrolick)
• babel-plugin-named-asset-import, babel-preset-react-app, create-react-app, react-app-polyfill, react-dev-utils, react-error-overlay, react-scripts
  • #​8950 Dependency major version upgrades (@​ianschmitz)
• eslint-config-react-app, react-scripts
  • #​8926 Add import/no-anonymous-default-export lint rule (@​shakib609)
  • #​8939 Bump React Hooks ESLint plugin to 4.0.0 (@​gaearon)
• cra-template-typescript, cra-template, create-react-app, react-app-polyfill, react-dev-utils, react-scripts
  • #​8948 Drop Node 8 support (@​ianschmitz)
• babel-plugin-named-asset-import, babel-preset-react-app, confusing-browser-globals, cra-template-typescript, react-dev-utils, react-error-overlay, react-scripts
  • #​8362 Upgrade to Jest 25 (@​skovhus)

🐛 Bug Fix

• react-scripts
  • #​9805 Fix refreshOverlayInterop module scope error (@​ianschmitz)
  • #​9037 Fix dotenv file loading order (@​Timer)
  • #​8700 Skip stdin resuming to support lerna parallel (@​hieuxlu)
  • #​8845 Do not check for interactive session to shut down dev server (@​jeremywadsack)
  • #​8768 Add .cjs and .mjs files support to test runner (@​ai)
• babel-preset-react-app, eslint-config-react-app, react-scripts
  • #​9788 fix: resolve new JSX transform issues (@​mrmckeb)
• eslint-config-react-app, react-scripts
  • #​9683 fix: resolve ESLint config from appPath (@​mrmckeb)
• create-react-app
  • #​9412 Fix template name handling (@​iansu)
• babel-preset-react-app
  • #​9374 fix: use default modules option from preset-env (@​JLHwung)
• react-dev-utils
  • #​9390 Publish refreshOverlayInterop with react-dev-utils (@​klinem)
  • #​8492 Replace period in CSS Module classnames (@​evankennedy)
• react-dev-utils, react-scripts
  • #​8694 Use process.execPath to spawn node subprocess (@​anuraaga)
• cra-template-typescript, cra-template, react-scripts
  • #​8734 fix: handle templates without main package field (@​mrmckeb)

💅 Enhancement

• react-scripts
  • #​9734 Use new JSX setting with TypeScript 4.1.0 (@​iansu)
  • #​8638 Support source maps for scss in dev environments (@​MKorostoff)
  • #​8834 Don't use webpack multi entry unnecessarily (@​sebmarkbage)
• babel-preset-react-app, eslint-config-react-app, react-scripts
  • #​9861 New JSX Transform opt out (@​iansu)
• cra-template
  • #​9853 feat: remove unused React imports (@​mrmckeb)
• babel-preset-react-app, react-scripts
  • #​9645 Use new JSX transform with React 17 (@​iansu)
• react-dev-utils, react-scripts
  • #​9350 Add Fast Refresh warning when using React < 16.10 (@​iansu)
• react-dev-utils, react-error-overlay, react-scripts
  • #​9375 feat: better refresh plugin integration (@​pmmmwh)
• cra-template-typescript, cra-template
  • #​9116 Add performance relayer + documentation (web-vitals) (@​housseindjirdeh)
  • #​8705 Update template tests (@​MichaelDeBoey)
• create-react-app
  • #​8460 Fix --use-pnp for Yarn 2 (@​nickmccurdy)

📝 Documentation

• Other
  • #​9728 Upgrade Docusaurus to latest version (@​lex111)
  • #​9630 Emphasise that Next.js is capable of SSG (@​liamness)
  • #​9073 Update running-tests.md (@​MichaelDeBoey)
  • #​9560 Update Vercel deployment documentation (@​timothyis)
  • #​9380 Update running-tests.md (@​andycanderson)
  • #​9245 [Doc] fix React Testing Library example (@​sakito21)
  • #​9231 Clarify wording in adding TypeScript to existing project (@​merelinguist)
  • #​8895 Fix chai URL (@​BMorearty)
  • #​9042 Update deployment docs for Azure Static Web Apps (@​burkeholland)
  • #​8246 Add a VSCode tip in the CSS reset section (@​maazadeeb)
  • #​8610 Update url to see prettier in action (@​M165437)
  • #​8684 Simplify wording in setting-up-your-editor.md (@​coryhouse)
  • #​8791 Add setupTests.js to the list of generated files (@​MostafaNawara)
  • #​8763 Use simplified import of @​testing-library/jest-dom (@​Dremora)
• react-dev-utils
  • #​9471 Fixes in the /packages/react-devs-utils/README.md file (@​caspero-62)
  • #​8651 Update build script deployment URL (@​StenAL)
• cra-template-typescript, cra-template
  • #​9241 Updated README.md Templates to Follow ESLint Markdown Rules (@​firehawk09)
  • #​8406 Upgrade testing-library packages (@​gnapse)
• react-scripts
  • #​9244 Explain how to uninstall create-react-app globally (@​nickmccurdy)
  • #​8838 Support devDependencies in templates (@​mrmckeb)
• cra-template-typescript, cra-template, react-dev-utils, react-scripts
  • #​8957 Move shortlinks to cra.link (@​iansu)
• babel-preset-react-app
  • #​5847 Include absoluteRuntime in babel preset docs (@​iddan)

🏠 Internal

• eslint-config-react-app
  • #​9670 fix(eslint-config-react-app): Make eslint-plugin-jest an optional peerDependency (@​MichaelDeBoey)
• Other
  • #​9258 fix: Fix azure-pipelines' endOfLine (@​MichaelDeBoey)
  • #​9102 Replace Spectrum links with GitHub Discussions (@​iansu)
  • #​8656 Bump acorn from 6.4.0 to 6.4.1 in /docusaurus/website (@​dependabot[bot])
  • #​8749 Specify what files are served form a bare local copy (@​challet)
• cra-template-typescript, cra-template
  • #​9252 feat: Update testing-library dependencies to latest (@​MichaelDeBoey)
• react-dev-utils
  • #​9059 clean formatMessage usage (@​chenxsan)
• cra-template
  • #​7787 Bump version of Verdaccio (@​ianschmitz)
• babel-preset-react-app
  • #​8858 Remove outdated comment (@​availchet)
• react-scripts
  • #​8952 fix react-refresh babel plugin not applied (@​tanhauhau)

🔨 Underlying Tools

• react-scripts
  • #​9865 Pass JSX runtime setting to Babel preset in Jest config (@​iansu)
  • #​9841 Bump resolve-url-loader version (@​johannespfeiffer)
  • #​9348 Upgrade refresh plugin (@​ianschmitz)
  • #​8891 Bump style-loader to 1.2.1 (@​chybisov)
• react-error-overlay, react-scripts
  • #​9863 Upgrade to React 17 (@​iansu)
  • #​9856 feat: Update ESLint dependencies (@​MichaelDeBoey)
• babel-plugin-named-asset-import, babel-preset-react-app, confusing-browser-globals, cra-template-typescript, cra-template, create-react-app, eslint-config-react-app, react-app-polyfill, react-error-overlay, react-scripts
  • #​9857 feat: Update all dependencies (@​MichaelDeBoey)
• eslint-config-react-app, react-dev-utils, react-scripts
  • #​9751 Replace deprecated eslint-loader by eslint-webpack-plugin (@​tooppaaa)
• babel-plugin-named-asset-import, babel-preset-react-app, confusing-browser-globals, cra-template-typescript, cra-template, create-react-app, eslint-config-react-app, react-dev-utils, react-error-overlay, react-scripts
  • #​9639 Upgrade dependencies (@​ianschmitz)
• eslint-config-react-app, react-error-overlay, react-scripts
  • #​9434 feat: Update ESLint dependencies (@​MichaelDeBoey)
  • #​9251 feat: Update ESLint dependencies (@​MichaelDeBoey)
  • #​8978 Support ESLint 7.x (@​MichaelDeBoey)
• cra-template-typescript, cra-template
  • #​9526 Update template dependencies to latest version (@​MichaelDeBoey)
  • #​8406 Upgrade testing-library packages (@​gnapse)
• react-app-polyfill
  • #​9392 Upgrade whatwg-fetch (@​Lapz)
• react-dev-utils
  • #​8933 Bump immer version (@​staff0rd)
• babel-plugin-named-asset-import, babel-preset-react-app, confusing-browser-globals, create-react-app, react-dev-utils, react-error-overlay, react-scripts
  • #​9317 Upgrade dependencies (@​ianschmitz)
• babel-preset-react-app, cra-template-typescript, cra-template, create-react-app, react-dev-utils, react-error-overlay, react-scripts
  • #​9196 Upgrade dependencies (@​ianschmitz)
  • #​9132 Upgrade dependencies (@​ianschmitz)
• babel-plugin-named-asset-import, confusing-browser-globals, create-react-app, react-dev-utils, react-error-overlay, react-scripts
  • #​8955 Upgrade to Jest 26 (@​ianschmitz)
• babel-preset-react-app, create-react-app, react-dev-utils, react-error-overlay, react-scripts
  • #​9081 Update packages ([@​ianschmitz](https: