[Snyk] Fix for 3 vulnerabilities

[YounixM]

Snyk has created this PR to fix 3 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

• frontend/package.json
• frontend/yarn.lock

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Origin Validation Error SNYK-JS-WEBPACKDEVSERVER-10300775	748
	Exposed Dangerous Method or Function SNYK-JS-WEBPACKDEVSERVER-10300777	693
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BABELHELPERS-9397697	666

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

---

Important

Fixes vulnerabilities by upgrading babel-jest, jest, and webpack-dev-server in frontend/package.json.

• Dependencies:
  • Upgrade babel-jest from ^29.6.4 to ^30.0.0 in frontend/package.json.
  • Upgrade jest from ^27.5.1 to ^30.0.0 in frontend/package.json.
  • Upgrade webpack-dev-server from ^4.15.2 to ^5.2.1 in frontend/package.json.
• Vulnerabilities:
  • Fixes Origin Validation Error in webpack-dev-server.
  • Fixes Exposed Dangerous Method or Function in webpack-dev-server.
  • Fixes Regular Expression Denial of Service (ReDoS) in babel-helpers.
• Misc:
  • Note for zero-installs users: Run yarn to update .yarn/cache/ directory.

^{This description was created by for 61fb4e9. You can customize this summary. It will automatically update as commits are pushed.}

[github-actions]

Build Error! No Linked Issue found. Please link an issue or mention it in the body using #<issue_id>

[github-actions]

Build Error! No Linked Issue found. Please link an issue or mention it in the body using #<issue_id>

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[ellipsis-dev]

Important

Looks good to me! 👍

Reviewed everything up to 61fb4e9 in 193 minutes and 59 seconds. Click for details.

• Reviewed 31 lines of code in 1 files
• Skipped 1 files when reviewing.
• Skipped posting 3 draft comments. View those below.
• Modify your settings and rules to customize what types of comments Ellipsis leaves. And don't forget to react with 👍 or 👎 to teach Ellipsis.

1. frontend/package.json:56

• Draft comment:
  babel-jest updated to ^30.0.0. This is a major version bump; please verify that any custom Jest/babel configurations remain compatible.
• Reason this comment was not posted:
  Comment did not seem useful. Confidence is useful = 0% <= threshold 50% The comment is about a dependency version change, specifically a major version bump of babel-jest. The comment asks the author to verify compatibility, which is against the rules. The rules state not to comment on dependency changes or ask the author to verify compatibility.

2. frontend/package.json:83

• Draft comment:
  Jest bumped to ^30.0.0 from ^27.5.1. Ensure that your tests and configuration work with the updated version.
• Reason this comment was not posted:
  Comment did not seem useful. Confidence is useful = 0% <= threshold 50% This comment is about a dependency change, specifically the Jest version. The rules specify not to comment on pure dependency changes or library versions that are not recognized. Therefore, this comment should be removed.

3. frontend/package.json:131

• Draft comment:
  webpack-dev-server updated to ^5.2.1 from ^4.15.2. Confirm that the webpack configuration is updated to accommodate breaking changes introduced in v5.
• Reason this comment was not posted:
  Comment did not seem useful. Confidence is useful = 0% <= threshold 50% This comment is related to a dependency change, specifically the update of webpack-dev-server. The comment asks the PR author to confirm that the webpack configuration is updated for breaking changes, which violates the rule against asking for confirmation or verification of intentions. Therefore, this comment should be removed.

Workflow ID: wflow_g2xFFLOoTJfym10H

^{You can customize by changing your verbosity settings, reacting with 👍 or 👎, replying to comments, or adding code review rules.}