chore(deps-dev): [security] bump react-dev-utils from 5.0.1 to 8.0.0

[dependabot-preview]

Bumps react-dev-utils from 5.0.1 to 8.0.0. This update includes security fixes.

Vulnerabilities fixed

Sourced from The GitHub Security Advisory Database.

Moderate severity vulnerability that affects react-dev-utils
react-dev-utils on Windows allows developers to run a local webserver for accepting various commands, including a command to launch an editor. The input to that command was not properly sanitized, allowing an attacker who can make a network request to the server (either via CSRF or by direct request) to execute arbitrary commands on the targeted system. This issue affects multiple branches: 1.x.x prior to 1.0.4, 2.x.x prior to 2.0.2, 3.x.x prior to 3.1.2, 4.x.x prior to 4.2.2, and 5.x.x prior to 5.0.2.

Affected versions: >= 5.0.0 < 5.0.2

Sourced from The npm Advisory Database.

Remote Code Execution
react-dev-utils on Windows is vulnerable to remote code execution.

Affected versions: <1.0.4; >=2.0.0 <2.0.2; >=3.0.0 <3.1.2; >=4.0.0 <4.2.2; >=5.0.0 <5.0.2; >= 6.0.0 <6.0.0-next.a671462c

Changelog

Sourced from react-dev-utils's changelog.

2.0.3 and Newer Versions

Please refer to CHANGELOG.md for the newer versions.

1.1.5 (August 24, 2018)

• react-scripts

  • Update the webpack-dev-server dependency

• react-dev-utils

  • #4866 Fix a Windows-only vulnerability (CVE-2018-6342) in the development server (@​acdlite)
  • Update the sockjs-client dependency

Committers: 1

• Andrew Clark (acdlite)

Migrating from 1.1.4 to 1.1.5

Inside any created project that has not been ejected, run:

npm install --save --save-exact react-scripts@1.1.5

or

yarn add --exact react-scripts@1.1.5

1.1.4 (April 3, 2018)

🐛 Bug Fix

• react-dev-utils

  • #4250 Upgrade detect-port-alt to fix #4189. (@​Timer)

Committers: 1

• Joe Haddad (Timer)

Migrating from 1.1.3 to 1.1.4

Inside any created project that has not been ejected, run:

</tr></table> ... (truncated)

Commits

• c17e25b Publish
• 529a3d7 Prepare 2.1.8 release
• 1548a0a Reapply "Speed up TypeScript v2 (#6406)" (#6586)
• e69ad37 Publish
• 3a37bb0 Prepare 2.1.7 release
• b2cf28b Revert "Speed up TypeScript v2 (#6406)" (#6585)
• b5887dc Publish
• 7782f9d Prepare 2.1.6 release
• ff19e0a Fix build deployment instruction link appends comma at end (#6511)
• 0793d48 Remove AppVeyor config files (#6493)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by iansu, a new releaser for react-dev-utils since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

[dependabot-preview]

Superseded by #29.