[Snyk] Security upgrade react-scripts from 3.4.0 to 4.0.0

[joeawillis]

Snyk has created this PR to fix 1 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

• example/package.json
• example/yarn.lock

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Symlink Attack SNYK-JS-TAR-15456201	803

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[joeawillis]

This is a major version upgrade for react-scripts (the core of Create React App) and includes several significant breaking changes that will likely require developer action.

Key Breaking Changes:

• Jest 26 Upgrade: react-scripts now uses Jest 26, upgraded from v24. This is a major jump and may break existing tests. You should review your tests for compatibility.
• ESLint 7 Upgrade: The linter is upgraded to ESLint 7, which adds many new rules, including for React Testing Library and a rule against anonymous default exports (import/no-anonymous-default-export). Your build may fail until new linting errors are fixed.
• Dropped NODE_PATH Support: The deprecated NODE_PATH environment variable for setting absolute import paths is no longer supported. You must migrate to using a jsconfig.json or tsconfig.json file at the root of your project.
• New Features: The update also introduces support for React 17 with the new JSX transform (no longer requiring import React for JSX) and replaces Hot Reloading with Fast Refresh for a better development experience.

Recommendation:
Due to the linter and test runner upgrades, this is a high-risk upgrade. It is recommended to:

1. Run your test suite and fix any breakages resulting from the Jest 26 upgrade.
2. Run the linter and address any new errors.
3. If you use NODE_PATH for imports, create a jsconfig.json file to replace it.

Source: Create React App v4.0 Release Notes

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.