Update dependency react-scripts to v3.4.2 by mend-for-github-com[bot] · Pull Request #21 · nexmo-community/video-xstate-app

mend-for-github-com · 2022-09-12T03:07:44Z

This PR contains the following updates:

Package	Type	Update	Change
react-scripts (source)	dependencies	patch	`3.4.1` → `3.4.2`

By merging this PR, the issue #6 will be automatically resolved and closed:

Severity	CVSS Score	Vulnerability
Critical	10.0	CVE-2025-6545
Critical	9.8	CVE-2021-42740
Critical	9.8	CVE-2021-44906
Critical	9.8	CVE-2022-37601
Critical	9.8	CVE-2022-37601
Critical	9.8	CVE-2023-42282
Critical	9.3	CVE-2023-45133
Critical	9.3	CVE-2023-45133
Critical	9.1	CVE-2022-0686
Critical	9.1	CVE-2024-48949
High	8.8	CVE-2026-23950
High	8.7	CVE-2025-9288
High	8.6	CVE-2025-12816
High	8.6	WS-2025-0006
High	8.2	CVE-2021-32803
High	8.2	CVE-2021-32804
High	8.2	CVE-2021-37701
High	8.2	CVE-2021-37713
High	8.2	CVE-2026-24842
High	8.1	CVE-2020-7660
High	8.1	CVE-2022-1650
High	7.8	CVE-2021-43138
High	7.7	CVE-2020-15256
High	7.7	CVE-2021-23386
High	7.5	CVE-2021-23424
High	7.5	CVE-2021-27290
High	7.5	CVE-2021-27290
High	7.5	CVE-2021-3805
High	7.5	CVE-2022-24771
High	7.5	CVE-2022-24772
High	7.5	CVE-2022-24999
High	7.5	CVE-2022-24999
High	7.5	CVE-2022-37603
High	7.5	CVE-2022-37603
High	7.5	CVE-2024-21538
High	7.5	CVE-2024-21538
High	7.5	CVE-2024-37890
High	7.5	CVE-2024-37890
High	7.5	CVE-2024-45590
High	7.5	CVE-2025-66031
High	7.4	CVE-2024-29180
High	7.3	CVE-2020-7774
High	7.3	CVE-2023-26159
High	7.1	CVE-2022-46175
High	7.1	CVE-2022-46175
Medium	6.8	CVE-2020-28498
Medium	6.8	CVE-2025-6547
Medium	6.6	WS-2022-0008
Medium	6.5	CVE-2022-0155
Medium	6.5	CVE-2022-0639
Medium	6.5	CVE-2022-0691
Medium	6.5	CVE-2023-46234
Medium	6.5	CVE-2024-28849
Medium	6.4	CVE-2024-43788
Medium	6.2	CVE-2025-27789
Medium	6.1	CVE-2022-0122
Medium	6.1	CVE-2024-29041
Medium	5.6	CVE-2020-7789
Medium	5.6	CVE-2021-23434
Medium	5.6	CVE-2021-24033
Medium	5.3	CVE-2017-16137
Medium	5.3	CVE-2020-28469
Medium	5.3	CVE-2020-28469
Medium	5.3	CVE-2020-7608
Medium	5.3	CVE-2020-7693
Medium	5.3	CVE-2021-23343
Medium	5.3	CVE-2021-23362
Medium	5.3	CVE-2021-23364
Medium	5.3	CVE-2021-23364
Medium	5.3	CVE-2021-23368
Medium	5.3	CVE-2021-23368
Medium	5.3	CVE-2021-23382
Medium	5.3	CVE-2021-23382
Medium	5.3	CVE-2021-27515
Medium	5.3	CVE-2021-32640
Medium	5.3	CVE-2021-32640
Medium	5.3	CVE-2021-3664
Medium	5.3	CVE-2022-0512
Medium	5.3	CVE-2022-24773
Medium	5.3	CVE-2022-25858
Medium	5.3	CVE-2023-26115
Medium	5.3	CVE-2024-4067
Medium	5.3	CVE-2024-47764
Medium	5.3	CVE-2025-66030
Medium	5.0	CVE-2024-43796
Medium	4.0	CVE-2025-32996
Medium	4.0	CVE-2025-32997
Low	3.7	CVE-2025-15284
Low	3.7	CVE-2025-15284
Low	3.4	CVE-2025-7339
Low	2.6	CVE-2022-0536
Low	2.5	CVE-2025-54798

By merging this PR, the issue #6 will be automatically resolved and closed:

Severity	CVSS Score	Vulnerability
High	7.3	CVE-2020-7788
Medium	5.3	CVE-2017-16137
Low	3.1	CVE-2025-5889

Release Notes

facebook/create-react-app (react-scripts)

`v3.4.2`

Compare Source

3.4.2 (2020-08-11)

v3.4.2 release bumps webpack-dev-server to a version for which npm audit does not report a vulnerability. Note that this vulnerability did not affect Create React App projects, so this change is only necessary to satisfy auditing tools.

Migrating from 3.4.1 to 3.4.2

Inside any created project that has not been ejected, run:

npm install --save --save-exact react-scripts@3.4.2

or

yarn add --exact react-scripts@3.4.2

If you want to rebase/retry this PR, check this box

mend-for-github-com bot added the security fix Security fix generated by Mend label Sep 12, 2022

mend-for-github-com bot force-pushed the whitesource-remediate/react-scripts-3.x branch from ac95351 to cefd1b5 Compare December 7, 2022 12:34

mend-for-github-com bot force-pushed the whitesource-remediate/react-scripts-3.x branch from cefd1b5 to 1a296f9 Compare December 23, 2022 01:23

mend-for-github-com bot changed the title ~~Update dependency react-scripts to v3.4.2~~ Update dependency react-scripts to v3.4.2 - autoclosed Mar 27, 2023

mend-for-github-com bot closed this Mar 27, 2023

mend-for-github-com bot deleted the whitesource-remediate/react-scripts-3.x branch March 27, 2023 19:24

mend-for-github-com bot changed the title ~~Update dependency react-scripts to v3.4.2 - autoclosed~~ Update dependency react-scripts to v3.4.2 Mar 31, 2023

mend-for-github-com bot reopened this Mar 31, 2023

mend-for-github-com bot restored the whitesource-remediate/react-scripts-3.x branch March 31, 2023 05:49

mend-for-github-com bot changed the title ~~Update dependency react-scripts to v3.4.2~~ Update dependency react-scripts to v3.4.2 - autoclosed Jun 16, 2023

mend-for-github-com bot closed this Jun 16, 2023

mend-for-github-com bot deleted the whitesource-remediate/react-scripts-3.x branch June 16, 2023 11:06

mend-for-github-com bot changed the title ~~Update dependency react-scripts to v3.4.2 - autoclosed~~ Update dependency react-scripts to v3.4.2 Jun 18, 2023

mend-for-github-com bot reopened this Jun 18, 2023

mend-for-github-com bot restored the whitesource-remediate/react-scripts-3.x branch June 18, 2023 18:54

Update dependency react-scripts to v3.4.2

a639d5b

mend-for-github-com bot force-pushed the whitesource-remediate/react-scripts-3.x branch from 1a296f9 to a639d5b Compare June 18, 2023 18:57

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update dependency react-scripts to v3.4.2#21

Update dependency react-scripts to v3.4.2#21
mend-for-github-com[bot] wants to merge 1 commit intomainfrom
whitesource-remediate/react-scripts-3.x

mend-for-github-com bot commented Sep 12, 2022 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

mend-for-github-com bot commented Sep 12, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

v3.4.2

3.4.2 (2020-08-11)

Migrating from 3.4.1 to 3.4.2

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

mend-for-github-com bot commented Sep 12, 2022 •

edited

Loading

`v3.4.2`