[Snyk] Fix for 3 vulnerabilities

[asabushaban]

Snyk has created this PR to fix 3 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• react-app/package.json
• react-app/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Arbitrary Code Injection SNYK-JS-LODASH-15869625	183
	Arbitrary Code Injection SNYK-JS-LODASHTEMPLATE-15869628	183
	Prototype Pollution SNYK-JS-LODASH-15869619	88

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Arbitrary Code Injection

[asabushaban]

This release includes major version upgrades for react-scripts and @testing-library/jest-dom, introducing significant breaking changes that require developer action.

High-Impact Upgrades

1. react-scripts (4.0.3 → 5.0.0)

This is a high-risk upgrade with several breaking changes. The most critical change is the upgrade to Webpack 5, which no longer automatically provides polyfills for Node.js core modules. This can cause build failures if your project or its dependencies rely on packages like crypto, stream, or buffer in the browser.

• Key Breaking Changes:

  • Webpack 5: Automatic Node.js polyfills are removed.
  • Dependency Upgrades: Major version bumps for Jest 27, ESLint 8, and PostCSS 8.
  • Node.js Support: Dropped support for Node.js 10 and 12.

• Recommendation: Before merging, identify any dependencies that rely on Node.js polyfills. You may need to replace these packages or use a tool like craco to manually add the polyfills back into the Webpack configuration. You may also need to update your Jest, ESLint, and PostCSS configurations.

2. @testing-library/jest-dom (5.14.1 → 6.7.0)

This is a high-risk upgrade that requires configuration changes to avoid breaking your test suite.

• Key Breaking Changes:

  • The library no longer automatically extends Jest's expect global.
  • For TypeScript users, global type declarations are no longer provided and it cannot be listed in tsconfig.json's types array.

• Recommendation: You must now import the library in your Jest setup file (e.g., setupTests.js or setupTests.ts) to make the matchers available to all tests: import '@testing-library/jest-dom';.

Low-Impact Upgrades

• http-proxy-middleware (1.0.5 → 1.1.0): This is a low-risk minor upgrade containing bug fixes and internal refactoring with no documented breaking changes.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[asabushaban]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.