[Snyk] Security upgrade react-scripts from 4.0.3 to 5.0.0

[NewthingAde]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• client/package.json
• client/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Directory Traversal SNYK-JS-TAR-15127355	596

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Directory Traversal

---

Note

Medium Risk
Upgrading react-scripts is a tooling/build-chain change that can break builds, tests, or dev-server behavior due to Webpack/Babel/Jest dependency shifts, but it does not change runtime application logic directly.

Overview
Upgrades the client build tooling by bumping react-scripts from 4.0.3 to 5.0.0 to address a dependency vulnerability.

Updates client/package-lock.json accordingly, pulling in the newer CRA v5 dependency tree (notably Webpack 5-era tooling) while leaving application dependencies and scripts otherwise unchanged.

^{Written by Cursor Bugbot for commit 3e0d839. This will update automatically on new commits. Configure here.}