[Snyk] Fix for 1 vulnerabilities

[wizbit]

Snyk has created this PR to fix 1 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

• example/package.json
• example/yarn.lock

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Improper Validation of Specified Index, Position, or Offset in Input SNYK-JS-UUID-16133035	708

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[wizbit]

This update involves two major version upgrades, both of which are high-risk and introduce significant breaking changes that require developer action.

react-scripts@3.4.0 → 5.0.0

This is a HIGH risk upgrade. The jump from version 3 to 5 of react-scripts (Create React App) includes a major underlying dependency update to Webpack 5. This is the primary source of breaking changes.

Key Breaking Changes:

• Webpack 5 & Node.js Polyfills Removed: Webpack 5 no longer automatically provides polyfills for Node.js core modules (like crypto, stream, buffer, etc.). If your project or its dependencies rely on these browser-incompatible modules, builds will fail. This is the most common and impactful breaking change.
• Dropped Node.js Support: Support for Node.js versions 10 and 12 has been dropped.
• Dependency Upgrades: The new version includes major updates to Jest 27, ESLint 8, and PostCSS 8, which may have their own breaking changes.

Recommendation:
This upgrade cannot be merged without significant testing. Developers must audit all dependencies to identify any reliance on Node.js polyfills and find browser-compatible alternatives or manually add the required polyfills. Due to the complexity, this migration should be handled in a separate, dedicated effort.

next@7.0.3 → 9.3.4

This is a HIGH risk upgrade, spanning two major versions (v8 and v9) with fundamental changes to the framework.

Key Breaking Changes:

• API Routes: Version 9 introduced the pages/api directory as the standard for creating API endpoints.
• Built-in TypeScript Support: The @zeit/next-typescript plugin is deprecated and no longer needed. TypeScript support is now integrated directly into the framework.
• AMP Configuration: The withAmp higher-order component has been removed. AMP must now be configured via an exported config object on the page.
• next export Behavior: The output of next export for a page like pages/about.js has changed from out/about/index.html to out/about.html.

Recommendation:
Code must be refactored to adopt the new API route conventions and remove the legacy TypeScript plugin. Review any usage of next export or AMP to ensure compatibility with the new configuration and output structure.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.