[Snyk] Security upgrade react-scripts from 3.4.1 to 5.0.0

[twilio-product-security]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json
• package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Improper Certificate Validation SNYK-JS-NODEFORGE-15789771	226

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[twilio-product-security]

This is a major version upgrade from react-scripts v3 to v5, which includes significant and potentially breaking changes. The upgrade to v5.0.0 is the most impactful, introducing major dependency updates like Webpack 5, Jest 27, and dropping support for older Node.js versions.

Key Breaking Changes:

• Webpack 5 Upgrade: Webpack 5 no longer automatically includes polyfills for Node.js core modules. This is a major breaking change. If your project or its dependencies rely on browser-based access to modules like crypto, buffer, or stream, the build will fail. You may need to install browser-compatible alternatives and configure them.
• Jest 27 Upgrade: The default test environment has been changed from jsdom to node. This can break tests that rely on browser APIs like document or window. You may need to explicitly set the test environment back to jsdom in your package.json.
• Dropped Node.js Support: Support for Node.js versions 10 and 12 has been dropped. react-scripts 5.0.0 requires Node.js 14 or later.
• Other Major Bumps: The upgrade also includes ESLint 8 and PostCSS 8, which could introduce new linting rules or require plugin updates.

Changes from v3 to v4:

• Fast Refresh: Replaced react-hot-loader with Fast Refresh for a better development experience.
• React 17 Support: Introduced support for the new JSX Transform, which means import React from 'react' is no longer required in every component file.

Source: Create React App 5.0 Release Notes

Recommendation: This upgrade requires careful testing. Pay close attention to build errors related to Node.js polyfills and failing unit tests. It is common to need to delete node_modules and reinstall dependencies after upgrading.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.