[Snyk] Security upgrade web-ext from 4.3.0 to 7.1.1

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/react-devtools-extensions/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change	Exploit Maturity
	Directory Traversal SNYK-JS-ADMZIP-1065796	Yes	No Known Exploit
	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	Prototype Pollution SNYK-JS-ASYNC-2441827	Yes	Proof of Concept
	Remote Code Execution (RCE) SNYK-JS-BUNYAN-573166	Yes	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	Open Redirect SNYK-JS-GOT-2932019	Yes	No Known Exploit
	Denial of Service (DoS) SNYK-JS-JSZIP-1251497	Yes	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	Yes	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
	Improper Privilege Management SNYK-JS-SHELLJS-2332187	Yes	Proof of Concept
	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	Yes	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	Yes	Proof of Concept

Commit messages

Package name: web-ext

The new version differs by 250 commits.

• 0d9f5e1 chore: Bump package version for release 7.1.1
• c0f5848 chore(deps): update dependency flow-bin to v0.182.0 (Trailing commas break old IE versions facebook/react#2452)
• 8cb4d8c fix: firefoxPreview option should be set to mv3 only when explicitly requested (<input type="range" onChange /> fire too often facebook/react#2454)
• 7f2346a chore: updated package-lock file (fix npm audit failure due to sec-advisory from moment transitive dep). (<input type="range" orient="vertical" /> doesn't work facebook/react#2453)
• 3796316 chore: package lock refresh (Misunderstanding project targets in wiki facebook/react#2450)
• 3419920 fix(deps): update dependency addons-linter to v5.10.0 (Warn when second argument to render is null and document.body is null as well facebook/react#2448)
• f3f0c7c chore(deps): update commitlint monorepo to v17.0.3 (Add 'use strict' to statisfy linter rules facebook/react#2446)
• fa910a6 chore(deps): update dependency flow-bin to v0.181.2 (Separate React Composite and Class facebook/react#2445)
• debfe78 chore(deps): update babel monorepo to v7.18.6 (React.addons.Perf and "undefined" facebook/react#2447)
• 4116dd0 chore(deps): update dependency eslint to v8.19.0 (allow components to render abstract elements(feature request) facebook/react#2449)
• 7605afa fix(deps): update dependency update-notifier to v6 (Problem with event.target.value for input with fixed value facebook/react#2444)
• f2a00e9 chore: Bump package version for release 7.1.0
• b0fd4c3 fix(deps): update dependency ws to v8.8.0 (custom elements, as implied in lower-case-convention.md, not working facebook/react#2430)
• 624718a fix(deps): update dependency addons-linter to v5.9.0 (Children are removed when using cloneWithProps facebook/react#2441)
• 40b912c chore(deps): update dependency flow-bin to v0.180.1 (Support SVG vector-effect attribute facebook/react#2442)
• bcadb94 chore(deps): update dependency eslint to v8.18.0 (Merge className when using spread operator facebook/react#2440)
• 89ccc55 feat: introduce a --firefox-preview flag for 'web-ext run' (Warning: This JSX uses a plain function. Only React components are valid in React's JSX transform.  facebook/react#2436)
• 78039fd chore(deps): update dependency testdouble to v3.16.6 (React Docs Outdated facebook/react#2438)
• 7897d7d chore: Disabled commitlint rule body-max-line-length (Cleanup a couple unused variables facebook/react#2437)
• f8c91c5 chore(deps): update dependency @ babel/core to v7.18.5 (Update deprecated propTypes facebook/react#2434)
• 474f05a fix(deps): update dependency addons-linter to v5.8.0 (Use dump cache and remove factory from ReactElement-test facebook/react#2435)
• 1edc680 chore: rewrite scripts/develop to use ESM (Bring in jsfiddle integration script, add harmony facebook/react#2433)
• 8e91380 chore(deps): update dependency flow-bin to v0.180.0 (Extending period in which click events are ignored facebook/react#2431)
• f5dfa19 chore: Bump package version for release 7.0.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Directory Traversal
🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 More lessons are available in Snyk Learn