Skip to content

Bump elliptic and react-scripts#14

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/multi-a70b1409a3
Open

Bump elliptic and react-scripts#14
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/multi-a70b1409a3

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 10, 2026
edited
Loading

Removes elliptic. It's no longer used after updating ancestor dependency react-scripts. These dependencies need to be updated together.

Removes elliptic

Updates react-scripts from 3.4.0 to 5.0.1

Changelog

Sourced from react-scripts's changelog.

3.4.4 (2020-10-20)

v3.4.4 release bumps resolve-url-loader to a version for which npm audit does not report a vulnerability. Note that this vulnerability did not affect Create React App projects, so this change is only necessary to satisfy auditing tools.

Migrating from 3.4.3 to 3.4.4

Inside any created project that has not been ejected, run:

npm install --save --save-exact react-scripts@3.4.4

or

yarn add --exact react-scripts@3.4.4

3.4.3 (2020-08-12)

v3.4.3 release bumps terser-webpack-plugin to a version for which npm audit does not report a vulnerability. Note that this vulnerability did not affect Create React App projects, so this change is only necessary to satisfy auditing tools.

Migrating from 3.4.2 to 3.4.3

Inside any created project that has not been ejected, run:

npm install --save --save-exact react-scripts@3.4.3

or

yarn add --exact react-scripts@3.4.3

3.4.2 (2020-08-11)

v3.4.2 release bumps webpack-dev-server to a version for which npm audit does not report a vulnerability. Note that this vulnerability did not affect Create React App projects, so this change is only necessary to satisfy auditing tools.

Migrating from 3.4.1 to 3.4.2

Inside any created project that has not been ejected, run:

npm install --save --save-exact react-scripts@3.4.2

or

... (truncated)

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 10, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/multi-a70b1409a3 branch from 5bcb3f4 to 85d1820 Compare April 11, 2026 04:17
@dependabot
Bump elliptic and react-scripts
41b20da 
Removes [elliptic](https://github.com/indutny/elliptic). It's no longer used after updating ancestor dependency [react-scripts](https://github.com/facebook/create-react-app/tree/HEAD/packages/react-scripts). These dependencies need to be updated together.


Removes `elliptic`

Updates `react-scripts` from 3.4.0 to 5.0.1
- [Release notes](https://github.com/facebook/create-react-app/releases)
- [Changelog](https://github.com/facebook/create-react-app/blob/main/CHANGELOG-3.x.md)
- [Commits](https://github.com/facebook/create-react-app/commits/react-scripts@5.0.1/packages/react-scripts)

---
updated-dependencies:
- dependency-name: elliptic
  dependency-version: 
  dependency-type: indirect
- dependency-name: react-scripts
  dependency-version: 5.0.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/multi-a70b1409a3 branch from 85d1820 to 41b20da Compare April 11, 2026 10:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants