[Snyk] Fix for 2 vulnerabilities

[YounixM]

Snyk has created this PR to fix 2 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

• frontend/package.json
• frontend/yarn.lock

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BABELRUNTIME-10044504	666
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BRACEEXPANSION-9789073	508

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

---

Important

Upgrade jest, react-i18next, and webpack-dev-server in frontend/package.json to fix ReDoS vulnerabilities.

• Dependencies:
  • Upgrade jest from ^27.5.1 to ^29.0.0 in frontend/package.json.
  • Upgrade react-i18next from ^11.16.1 to ^15.5.3 in frontend/package.json.
  • Upgrade webpack-dev-server from ^4.15.2 to ^5.1.0 in frontend/package.json.
• Vulnerabilities:
  • Fixes Regular Expression Denial of Service (ReDoS) vulnerabilities: SNYK-JS-BABELRUNTIME-10044504 and SNYK-JS-BRACEEXPANSION-9789073.
• Zero-Installs:
  • Does not update .yarn/cache/, requiring yarn command for zero-install users.

^{This description was created by for ff1ff0b. You can customize this summary. It will automatically update as commits are pushed.}

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[github-actions]

Build Error! No Linked Issue found. Please link an issue or mention it in the body using #<issue_id>

[github-actions]

Build Error! No Linked Issue found. Please link an issue or mention it in the body using #<issue_id>

[ellipsis-dev]

Important

Looks good to me! 👍

Reviewed everything up to ff1ff0b in 1 minute and 14 seconds. Click for details.

• Reviewed 31 lines of code in 1 files
• Skipped 1 files when reviewing.
• Skipped posting 3 draft comments. View those below.
• Modify your settings and rules to customize what types of comments Ellipsis leaves. And don't forget to react with 👍 or 👎 to teach Ellipsis.

1. frontend/package.json:82

• Draft comment:
  Upgraded jest to ^29.0.0. This is a major update – ensure that Jest configuration, custom setups, and type definitions (e.g., @types/jest) are updated accordingly.
• Reason this comment was not posted:
  Comment did not seem useful. Confidence is useful = 0% <= threshold 50% This comment is related to a dependency change, specifically the upgrade of Jest to a new major version. The comment advises the author to ensure that configurations and setups are updated accordingly. According to the rules, comments on dependency changes or asking the author to ensure things are not allowed. Therefore, this comment should be removed.

2. frontend/package.json:108

• Draft comment:
  react-i18next bumped from ^11.16.1 to ^15.5.3. Verify that any breaking changes in the API are handled in your components.
• Reason this comment was not posted:
  Comment did not seem useful. Confidence is useful = 0% <= threshold 50% This comment is about a dependency change, specifically a version bump for the react-i18next library. The comment asks the author to verify breaking changes, which is against the rules for commenting on dependency changes.

3. frontend/package.json:132

• Draft comment:
  webpack-dev-server upgraded from ^4.15.2 to ^5.1.0. Ensure that your dev server configuration complies with any changes introduced in version 5.
• Reason this comment was not posted:
  Comment did not seem useful. Confidence is useful = 0% <= threshold 50% This comment is related to a dependency change, specifically the upgrade of webpack-dev-server. The comment advises the PR author to ensure compatibility with the new version, which violates the rule against asking the author to ensure compatibility or test changes. Therefore, this comment should be removed.

Workflow ID: wflow_XySSNde02uIvh8dP

^{You can customize by changing your verbosity settings, reacting with 👍 or 👎, replying to comments, or adding code review rules.}