react-scripts: Babel < 7.5.0 uses unsafe version of lodash

Created by: thefivetoes

Describe the bug

react-scripts is using @babel/core 7.4.3 which uses lodash < 4.17.13 and is subject to CVE-2019-10744.

Please upgrade to @babel/core 7.5.0, which uses lodash 4.17.13 and is not subject to the vulnerability.

Did you try recovering your dependencies?

N/A

Which terms did you search for in User Guide?

N/A

Environment

Environment:
  OS:  macOS High Sierra 10.13.6
  Node:  10.15.3
  Yarn:  1.3.2
  npm:  6.4.1
  Watchman:  4.7.0
  Xcode:  Not Found
  Android Studio:  Not Found

Packages: (wanted => installed)
  react: ^16.8.4 => 16.8.6
  react-dom: ^16.8.4 => 16.8.6
  react-scripts: 3.0.1 => 3.0.1

Steps to reproduce

N/A

Expected behavior

Using the latest version of babel should not trigger Github "Known security vulnerabilities detected" warnings.

Actual behavior

Github is sending notifications that our project is a version of lodash that is known to be insecure:

Reproducible demo

N/A