Fix for known vulnerability in url-loader version

[JaredVanderford]

Is this a bug report?

no

Can you also reproduce the problem with npm 4.x?

Yes

Environment

Irrelevant

Actual Behavior

There is a vulnerability identified by NSP in the version of url-loader currently set as a dependency.
"react-scripts@1.0.14 > url-loader@0.5.9 > mime@1.3.6 "

url-loader has fixed this issue since 0.6.

[Timer]

I'll accept a PR for this but there's no rush because it's for untrusted user input (& simply a DoS).