[Snyk] Fix for 1 vulnerabilities

[impactyogi]

Snyk has created this PR to fix 1 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

• example/package.json
• example/yarn.lock

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Inefficient Algorithmic Complexity SNYK-JS-MINIMATCH-15353389	828

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[impactyogi]

This update includes two major version upgrades, with react-scripts presenting a high risk of breaking changes.

react-scripts@3.4.0 → react-scripts@5.0.0

Risk: HIGH

This upgrade spans two major versions (v4 and v5) and introduces significant breaking changes, primarily in the v5 release.

Breaking Changes:

• Webpack 5 Upgrade: react-scripts@5.0.0 upgrades to Webpack 5, which no longer automatically provides polyfills for Node.js core modules (like crypto, stream, fs). This is a major change and will likely cause build failures for applications with dependencies that rely on these browser-incompatible modules.
• Node.js Version Support: Support for Node.js 10 and 12 is dropped. Your environment must be using Node.js 14 or newer.
• Dependency Upgrades: The upgrade includes major bumps for key dependencies, including Jest 27, ESLint 8, and PostCSS 8. The upgrade to Jest 27 has been reported to cause issues with existing async/await tests.

Recommendation:

• Audit Dependencies: Before upgrading, carefully check your project's dependencies for reliance on Node.js core modules. You may need to replace dependencies or use a tool like craco or react-app-rewired to manually add back the required polyfills.
• Verify Node.js Version: Ensure your development and deployment environments are running a supported version of Node.js.
• Test Thoroughly: Pay close attention to your test suite, as the Jest 27 upgrade may require test modifications.

Sources: Create React App v5.0.0 Changelog, Create React App v4.0.0 Changelog

next@7.0.3 → next@8.0.4

Risk: MEDIUM

While Next.js 8 was designed to be backward compatible, it introduces a new serverless deployment model with a significant configuration change that requires developer attention.

Key Changes:

• Serverless Target: The main change is the introduction of an optional serverless build target in next.config.js.
• Breaking Change (Opt-in): If you enable the serverless target, publicRuntimeConfig and serverRuntimeConfig are not supported. You must migrate to using build-time environment variables instead.
• Content Security Policy (CSP): The framework no longer uses inline JavaScript to pass initial props data, which makes it easier to implement stricter CSP policies without 'unsafe-inline'.

Recommendation:

• If you do not plan to use the new serverless target, this upgrade is low risk. However, given it's a major version, thorough testing is recommended.
• If you intend to adopt the serverless target, you must refactor how you handle runtime configuration.

Source: Next.js 8 Release Blog

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.