devDeps: react-scripts v2

[legobeat]

Migrate CRA from v1 to v2.

https://github.com/facebook/create-react-app/blob/main/CHANGELOG-2.x.md

[socket-security]

Updated dependencies detected. Learn more about Socket for GitHub ↗︎

Packages	Version	New capabilities	Transitives	Size	Publisher
react-scripts	1.1.5...2.1.8	shell, environment	+795/-442	91.6 MB	iansu

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Issue	Package	Version	Note	Source
Bin script confusion	fsevents	1.2.4	Bin Script: rimraf +7 more instances...	[email protected] via package.json
Critical CVE	fsevents	1.2.4	CVE: GHSA-8r6j-v8pm-fqw3 Code injection in fsevents (CRITICAL) Affected versions: <= 1.2.10 Patched version: 1.2.11	[email protected] via package.json
Known Malware	fsevents	1.2.4	Note: This package downloads prebuilt artifacts from a domain which has been compromised. Your system may be infected if you installed this package prior to April 27, 2023	[email protected] via package.json
Network access	fsevents	1.2.4	Module: https Location: node_modules/needle/lib/needle.js +20 more instances...	[email protected] via package.json
Shell access	fsevents	1.2.4	Module: child_process Location: install.js +5 more instances...	[email protected] via package.json
Bin script confusion	rimraf	2.7.1	Bin Script: rimraf	[email protected], [email protected] via package.json
Bin script confusion	rc	1.2.8	Bin Script: rc
Bin script confusion	nopt	4.0.3	Bin Script: nopt
Bin script confusion	semver	5.7.2	Bin Script: semver
Bin script confusion	semver	6.3.1	Bin Script: semver	[email protected] via package.json
Bin script confusion	semver	7.5.4	Bin Script: semver	[email protected] via package.json
Bin script confusion	detect-libc	1.0.3	Bin Script: detect-libc
Shell access	detect-libc	1.0.3	Module: child_process Location: bin/detect-libc.js +1 more instances...
Bin script confusion	node-pre-gyp	0.10.3	Bin Script: node-pre-gyp
Bin script confusion	mkdirp	0.5.1	Bin Script: mkdirp
Bin script confusion	mkdirp	0.5.6	Bin Script: mkdirp	[email protected] via package.json
Bin script confusion	needle	2.9.1	Bin Script: needle
Critical CVE	immer	1.10.0	CVE: GHSA-33f9-j839-rf8h Prototype Pollution in immer (CRITICAL) Affected versions: < 9.0.6 Patched version: 9.0.6	[email protected] via package.json
CVE	immer	1.10.0	CVE: GHSA-9qmh-276g-x5pj Prototype Pollution in immer (HIGH) Affected versions: < 8.0.1 Patched version: 8.0.1 +1 more instances...	[email protected] via package.json
CVE	serialize-javascript	1.9.1	CVE: GHSA-hxcc-f52p-wc94 Insecure serialization leading to RCE in serialize-javascript (HIGH) Affected versions: < 3.1.0 Patched version: 3.1.0	[email protected] via package.json
Mild CVE	serialize-javascript	1.9.1	CVE: GHSA-h9rv-jmmf-4pgx Cross-Site Scripting in serialize-javascript (MODERATE) Affected versions: < 2.1.1 Patched version: 2.1.1	[email protected] via package.json
CVE	terser	3.17.0	CVE: GHSA-4wf5-vphf-c2xc Terser insecure use of regular expressions leads to ReDoS (HIGH) Affected versions: < 4.8.1 Patched version: 4.8.1	[email protected] via package.json
Deprecated	hoek	4.2.1	Reason: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).	[email protected] via package.json
Deprecated	joi	11.4.0	Reason: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).	[email protected] via package.json
Deprecated	topo	2.0.2	Reason: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).	[email protected] via package.json
Deprecated	html-webpack-plugin	4.0.0-alpha.2	Reason: please switch to a stable version	[email protected] via package.json
Deprecated	request-promise-native	1.0.9	Reason: request-promise-native has been deprecated because it extends the now deprecated request package, see https://github.com/Request’s Past, Present and Future request/request#3142	[email protected] via package.json
Deprecated	left-pad	1.3.0	Reason: use String.prototype.padStart()	[email protected] via package.json
Deprecated	kleur	2.0.2	Reason: Please upgrade to kleur@3 or migrate to 'ansi-colors' if you prefer the old syntax. Visit https://github.com/lukeed/kleur/releases/tag/v3.0.0\ for migration path(s).	[email protected] via package.json
Mild CVE	browserslist	4.4.1	CVE: GHSA-w8qv-6jwh-64r5 Regular Expression Denial of Service in browserslist (MODERATE) Affected versions: >= 4.0.0, < 4.16.5 Patched version: 4.16.5	[email protected] via package.json
Network access	rxjs	6.6.7	Module: globalThis["fetch"] Location: _esm2015/internal/observable/dom/fetch.js +4 more instances...	[email protected] via package.json
Network access	whatwg-fetch	3.0.0	Module: globalThis["fetch"] Location: dist/fetch.umd.js +4 more instances...	@material-ui/[email protected], [email protected] via package.json
Network access	workbox-background-sync	3.6.3	Module: globalThis["fetch"] Location: build/workbox-background-sync.dev.js +2 more instances...	[email protected] via package.json
Network access	workbox-core	3.6.3	Module: globalThis["fetch"] Location: _private/checkSWFileCacheHeaders.mjs +4 more instances...	[email protected] via package.json
Network access	workbox-precaching	3.6.3	Module: globalThis["fetch"] Location: _default.mjs +2 more instances...	[email protected] via package.json
Network access	workbox-routing	3.6.3	Module: globalThis["fetch"] Location: _default.mjs +2 more instances...	[email protected] via package.json
Network access	default-gateway	2.7.2	Module: net Location: android.js +5 more instances...	[email protected] via package.json
Network access	ws	5.2.3	Module: http Location: lib/websocket-server.js +1 more instances...	[email protected] via package.json
New author	css-loader	1.0.0	New Author: evilebottnawi Previous Author: michael-ciniawsky	[email protected] via package.json
New author	webpack-log	2.0.0	New Author: michael-ciniawsky Previous Author: shellscape	[email protected] via package.json
New author	capture-exit	1.2.0	New Author: ember-cli Previous Author: stefanpenner	[email protected] via package.json
New author	postcss-value-parser	3.3.1	New Author: evilebottnawi Previous Author: trysound	[email protected] via package.json
New author	@babel/plugin-syntax-import-meta	7.10.4	New Author: jlhwung Previous Author: nicolo-ribaudo	[email protected] via package.json
New author	@babel/plugin-syntax-logical-assignment-operators	7.10.4	New Author: jlhwung Previous Author: nicolo-ribaudo	[email protected] via package.json
New author	@babel/plugin-syntax-numeric-separator	7.10.4	New Author: jlhwung Previous Author: nicolo-ribaudo	[email protected] via package.json
New author	@babel/plugin-syntax-dynamic-import	7.2.0	New Author: nicolo-ribaudo Previous Author: hzoo	[email protected] via package.json
New author	@babel/plugin-transform-react-constant-elements	7.2.0	New Author: nicolo-ribaudo Previous Author: hzoo	[email protected] via package.json
New author	@babel/plugin-transform-react-display-name	7.2.0	New Author: nicolo-ribaudo Previous Author: hzoo	[email protected] via package.json
New author	@babel/plugin-transform-runtime	7.2.0	New Author: nicolo-ribaudo Previous Author: hzoo	[email protected] via package.json
New author	for-each	0.3.3	New Author: ljharb Previous Author: raynos	[email protected] via package.json
New author	istanbul-lib-coverage	1.2.1	New Author: coreyfarrell Previous Author: bcoe	[email protected] via package.json
New author	istanbul-lib-hook	1.2.2	New Author: coreyfarrell Previous Author: bcoe	[email protected] via package.json
New author	istanbul-lib-report	1.1.5	New Author: coreyfarrell Previous Author: bcoe	[email protected] via package.json
New author	istanbul-lib-source-maps	1.2.6	New Author: coreyfarrell Previous Author: bcoe	[email protected] via package.json
New author	istanbul-reports	1.5.1	New Author: coreyfarrell Previous Author: bcoe	[email protected] via package.json
New author	postcss-font-variant	4.0.1	New Author: semigradsky Previous Author: jonathantneal	[email protected] via package.json
New author	postcss-color-gray	5.0.0	New Author: jonathantneal Previous Author: shinnn	[email protected] via package.json
New author	unique-slug	2.0.2	New Author: zkat Previous Author: iarna	[email protected] via package.json
New author	figgy-pudding	3.5.2	New Author: isaacs Previous Author: zkat	[email protected] via package.json
New author	handlebars	4.7.8	New Author: jaylinski Previous Author: knappi	[email protected] via package.json
New author	anymatch	3.1.3	New Author: phated Previous Author: paulmillr	[email protected] via package.json
New author	postcss-selector-matches	4.0.0	New Author: jonathantneal Previous Author: semigradsky	[email protected] via package.json
New author	postcss-media-minmax	4.0.0	New Author: jonathantneal Previous Author: moox	[email protected] via package.json
New author	cssnano-util-raw-cache	4.0.1	New Author: