[Snyk] Upgrade: react, react-dom #3

snyk-bot · 2020-03-10T07:23:23Z

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on
react from 16.0.0 to 16.12.0	52 versions ahead of your current version	4 months ago on 2019-11-14
react-dom from 16.0.0 to 16.12.0	55 versions ahead of your current version	4 months ago on 2019-11-14

The recommended version fixes:

Severity	Issue	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) npm:ua-parser-js:20180227	Proof of Concept
	Cross-site Scripting (XSS) npm:react-dom:20180802	No Known Exploit

Release notes

Package name: react

16.12.0 - 2019-11-14
React DOM
- Fix passive effects (useEffect) not being fired in a multi-root app. (@acdlite in #17347)
React Is
- Fix lazy and memo types considered elements instead of components (@bvaughn in #17278)
Artifacts

• react: https://unpkg.com/react@16.12.0/umd/
• react-art: https://unpkg.com/react-art@16.12.0/umd/
• react-dom: https://unpkg.com/react-dom@16.12.0/umd/
• react-is: https://unpkg.com/react-is@16.12.0/umd/
• react-test-renderer: https://unpkg.com/react-test-renderer@16.12.0/umd/
• scheduler: https://unpkg.com/scheduler@0.18.0/umd/
16.11.0 - 2019-10-22
React DOM
- Fix mouseenter handlers from firing twice inside nested React containers. @yuanoook in #16928
- Remove unstable_createRoot and unstable_createSyncRoot experimental APIs. (These are available in the Experimental channel as createRoot and createSyncRoot.) (@acdlite in #17088)
Artifacts

• react: https://unpkg.com/react@16.11.0/umd/
• react-art: https://unpkg.com/react-art@16.11.0/umd/
• react-dom: https://unpkg.com/react-dom@16.11.0/umd/
• react-is: https://unpkg.com/react-is@16.11.0/umd/
• react-test-renderer: https://unpkg.com/react-test-renderer@16.11.0/umd/
• scheduler: https://unpkg.com/scheduler@0.17.0/umd/
16.10.2 - 2019-10-03
React DOM
- Fix regression in react-native-web by restoring order of arguments in event plugin extractors (@necolas in #16978)
Artifacts

• react: https://unpkg.com/react@16.10.2/umd/
• react-art: https://unpkg.com/react-art@16.10.2/umd/
• react-dom: https://unpkg.com/react-dom@16.10.2/umd/
• react-is: https://unpkg.com/react-is@16.10.2/umd/
• react-test-renderer: https://unpkg.com/react-test-renderer@16.10.2/umd/
• scheduler: https://unpkg.com/scheduler@0.16.2/umd/
16.10.1 - 2019-09-28
React DOM
- Fix regression in Next.js apps by allowing Suspense mismatch during hydration to silently proceed (@sebmarkbage in #16943)
16.10.0 - 2019-09-27
React DOM
- Fix edge case where a hook update wasn't being memoized. (@sebmarkbage in #16359)
- Fix heuristic for determining when to hydrate, so we don't incorrectly hydrate during an update. (@sebmarkbage in #16739)
- Clear additional fiber fields during unmount to save memory. (@trueadm in #16807)
- Fix bug with required text fields in Firefox. (@halvves in #16578)
- Prefer Object.is instead of inline polyfill, when available. (@ku8ar in #16212)
- Fix bug when mixing Suspense and error handling. (@acdlite in #16801)
Scheduler (Experimental)
- Improve queue performance by switching its internal data structure to a min binary heap. (@acdlite in #16245)
- Use postMessage loop with short intervals instead of attempting to align to frame boundaries with requestAnimationFrame. (@acdlite in #16214)
useSubscription
- Avoid tearing issue when a mutation happens and the previous update is still in progress. (@bvaughn in #16623)
Artifacts

• react: https://unpkg.com/react@16.10.0/umd/
• react-art: https://unpkg.com/react-art@16.10.0/umd/
• react-dom: https://unpkg.com/react-dom@16.10.0/umd/
• react-is: https://unpkg.com/react-is@16.10.0/umd/
• react-test-renderer: https://unpkg.com/react-test-renderer@16.10.0/umd/
• scheduler: https://unpkg.com/scheduler@0.16.0/umd/
16.9.0 - 2019-08-08
React
- Add <React.Profiler> API for gathering performance measurements programmatically. (@bvaughn in #15172)
- Remove unstable_ConcurrentMode in favor of unstable_createRoot. (@acdlite in #15532)
React DOM
- Deprecate old names for the UNSAFE_* lifecycle methods. (@bvaughn in #15186 and @threepointone in #16103)
- Deprecate javascript: URLs as a common attack surface. (@sebmarkbage in #15047)
- Deprecate uncommon "module pattern" (factory) components. (@sebmarkbage in #15145)
- Add support for the disablePictureInPicture attribute on <video>. (@eek in #15334)
- Add support for onLoad event for <embed>. (@cherniavskii in #15614)
- Add support for editing useState state from DevTools. (@bvaughn in #14906)
- Add support for toggling Suspense from DevTools. (@gaearon in #15232)
- Warn when setState is called from useEffect, creating a loop. (@gaearon in #15180)
- Fix a memory leak. (@paulshen in #16115)
- Fix a crash inside findDOMNode for components wrapped in <Suspense>. (@acdlite in #15312)
- Fix pending effects from being flushed too late. (@acdlite in #15650)
- Fix incorrect argument order in a warning message. (@brickspert in #15345)
- Fix hiding Suspense fallback nodes when there is an !important style. (@acdlite in #15861 and #15882)
- Slightly improve hydration performance. (@bmeurer in #15998)
React DOM Server
- Fix incorrect output for camelCase custom CSS property names. (@bedakb in #16167)
React Test Utilities and Test Renderer
- Add act(async () => ...) for testing asynchronous state updates. (@threepointone in #14853)
- Add support for nesting act from different renderers. (@threepointone in #16039 and #16042)
- Warn in Strict Mode if effects are scheduled outside an act() call. (@threepointone in #15763 and #16041)
- Warn when using act from the wrong renderer. (@threepointone in #15756)
Artifacts

• react: https://unpkg.com/react@16.9.0/umd/
• react-art: https://unpkg.com/react-art@16.9.0/umd/
• react-dom: https://unpkg.com/react-dom@16.9.0/umd/
• react-is: https://unpkg.com/react-is@16.9.0/umd/
• react-test-renderer: https://unpkg.com/react-test-renderer@16.9.0/umd/
• scheduler: https://unpkg.com/scheduler@0.15.0/umd/
16.9.0-rc.0 - 2019-08-05
This is a release candidate for React v16.9.0.

Changelog is available in #16254.

UMD builds

• react: https://unpkg.com/react@16.9.0-rc.0/umd/
• react-art: https://unpkg.com/react-art@16.9.0-rc.0/umd/
• react-dom: https://unpkg.com/react-dom@16.9.0-rc.0/umd/
• react-is: https://unpkg.com/react-is@16.9.0-rc.0/umd/
• react-test-renderer: https://unpkg.com/react-test-renderer@16.9.0-rc.0/umd/
• scheduler: https://unpkg.com/scheduler@0.15.0-rc.0/umd/
16.9.0-alpha.0 - 2019-04-03
v16.9.0-alpha.0 (April 3, 2019)
- (await act(async () => ...) (@threepointone in #14853)
Artifacts
- react: https://unpkg.com/react@16.9.0-alpha.0/umd/
- react-art: https://unpkg.com/react-art@16.9.0-alpha.0/umd/
- react-dom: https://unpkg.com/react-dom@16.9.0-alpha.0/umd/
- react-is: https://unpkg.com/react-is@16.9.0-alpha.0/umd/
- react-test-renderer: https://unpkg.com/react-test-renderer@16.9.0-alpha.0/umd/
- scheduler: https://unpkg.com/scheduler@0.14.0-alpha.0/umd/
16.8.6 - 2019-03-28
16.8.5 - 2019-03-22
16.8.4 - 2019-03-05
16.8.3 - 2019-02-21
16.8.2 - 2019-02-14
16.8.1 - 2019-02-06
16.8.0 - 2019-02-06
16.8.0-alpha.1 - 2019-01-15
16.8.0-alpha.0 - 2019-01-09
16.7.0 - 2018-12-20
16.7.0-alpha.2 - 2018-11-13
16.7.0-alpha.1 - 2018-11-13
16.7.0-alpha.0 - 2018-10-25
16.6.3 - 2018-11-13
16.6.2 - 2018-11-13
16.6.1 - 2018-11-07
16.6.0 - 2018-10-23
16.6.0-alpha.f47a958 - 2018-10-10
16.6.0-alpha.8af6728 - 2018-10-10
16.6.0-alpha.400d197 - 2018-10-05
16.6.0-alpha.0 - 2018-09-17
16.5.2 - 2018-09-18
16.5.1 - 2018-09-13
16.5.0 - 2018-09-06
16.4.2 - 2018-08-01
16.4.1 - 2018-06-13
16.4.0 - 2018-05-24
16.4.0-alpha.0911da3 - 2018-02-27
16.4.0-alpha.7926752 - 2018-02-13
16.4.0-alpha.3174632 - 2018-02-24
16.3.2 - 2018-04-16
16.3.1 - 2018-04-04
16.3.0 - 2018-03-29
16.3.0-rc.0 - 2018-03-28
16.3.0-alpha.3 - 2018-03-22
16.3.0-alpha.2 - 2018-03-14
16.3.0-alpha.1 - 2018-02-12
16.3.0-alpha.0 - 2018-02-02
16.2.0 - 2017-11-28
16.1.1 - 2017-11-13
16.1.0 - 2017-11-09
16.1.0-rc - 2017-11-09
16.1.0-beta.1 - 2017-11-07
16.1.0-beta - 2017-11-02
16.0.0 - 2017-09-26

from react GitHub release notes

Package name: react-dom

16.12.0 - 2019-11-14
React DOM
- Fix passive effects (useEffect) not being fired in a multi-root app. (@acdlite in #17347)
React Is
- Fix lazy and memo types considered elements instead of components (@bvaughn in #17278)
Artifacts

• react: https://unpkg.com/react@16.12.0/umd/
• react-art: https://unpkg.com/react-art@16.12.0/umd/
• react-dom: https://unpkg.com/react-dom@16.12.0/umd/
• react-is: https://unpkg.com/react-is@16.12.0/umd/
• react-test-renderer: https://unpkg.com/react-test-renderer@16.12.0/umd/
• scheduler: https://unpkg.com/scheduler@0.18.0/umd/
16.11.0 - 2019-10-22
React DOM
- Fix mouseenter handlers from firing twice inside nested React containers. @yuanoook in #16928
- Remove unstable_createRoot and unstable_createSyncRoot experimental APIs. (These are available in the Experimental channel as createRoot and createSyncRoot.) (@acdlite in #17088)
Artifacts

• react: https://unpkg.com/react@16.11.0/umd/
• react-art: https://unpkg.com/react-art@16.11.0/umd/
• react-dom: https://unpkg.com/react-dom@16.11.0/umd/
• react-is: https://unpkg.com/react-is@16.11.0/umd/
• react-test-renderer: https://unpkg.com/react-test-renderer@16.11.0/umd/
• scheduler: https://unpkg.com/scheduler@0.17.0/umd/
16.10.2 - 2019-10-03
React DOM
- Fix regression in react-native-web by restoring order of arguments in event plugin extractors (@necolas in #16978)
Artifacts

• react: https://unpkg.com/react@16.10.2/umd/
• react-art: https://unpkg.com/react-art@16.10.2/umd/
• react-dom: https://unpkg.com/react-dom@16.10.2/umd/
• react-is: https://unpkg.com/react-is@16.10.2/umd/
• react-test-renderer: https://unpkg.com/react-test-renderer@16.10.2/umd/
• scheduler: https://unpkg.com/scheduler@0.16.2/umd/
16.10.1 - 2019-09-28
React DOM
- Fix regression in Next.js apps by allowing Suspense mismatch during hydration to silently proceed (@sebmarkbage in #16943)
16.10.0 - 2019-09-27
React DOM
- Fix edge case where a hook update wasn't being memoized. (@sebmarkbage in #16359)
- Fix heuristic for determining when to hydrate, so we don't incorrectly hydrate during an update. (@sebmarkbage in #16739)
- Clear additional fiber fields during unmount to save memory. (@trueadm in #16807)
- Fix bug with required text fields in Firefox. (@halvves in #16578)
- Prefer Object.is instead of inline polyfill, when available. (@ku8ar in #16212)
- Fix bug when mixing Suspense and error handling. (@acdlite in #16801)
Scheduler (Experimental)
- Improve queue performance by switching its internal data structure to a min binary heap. (@acdlite in #16245)
- Use postMessage loop with short intervals instead of attempting to align to frame boundaries with requestAnimationFrame. (@acdlite in #16214)
useSubscription
- Avoid tearing issue when a mutation happens and the previous update is still in progress. (@bvaughn in #16623)
Artifacts

• react: https://unpkg.com/react@16.10.0/umd/
• react-art: https://unpkg.com/react-art@16.10.0/umd/
• react-dom: https://unpkg.com/react-dom@16.10.0/umd/
• react-is: https://unpkg.com/react-is@16.10.0/umd/
• react-test-renderer: https://unpkg.com/react-test-renderer@16.10.0/umd/
• scheduler: https://unpkg.com/scheduler@0.16.0/umd/
16.9.0 - 2019-08-08
React
- Add <React.Profiler> API for gathering performance measurements programmatically. (@bvaughn in #15172)
- Remove unstable_ConcurrentMode in favor of unstable_createRoot. (@acdlite in #15532)
React DOM
- Deprecate old names for the UNSAFE_* lifecycle methods. (@bvaughn in #15186 and @threepointone in #16103)
- Deprecate javascript: URLs as a common attack surface. (@sebmarkbage in #15047)
- Deprecate uncommon "module pattern" (factory) components. (@sebmarkbage in #15145)
- Add support for the disablePictureInPicture attribute on <video>. (@eek in #15334)
- Add support for onLoad event for <embed>. (@cherniavskii in #15614)
- Add support for editing useState state from DevTools. (@bvaughn in #14906)
- Add support for toggling Suspense from DevTools. (@gaearon in #15232)
- Warn when setState is called from useEffect, creating a loop. (@gaearon in #15180)
- Fix a memory leak. (@paulshen in #16115)
- Fix a crash inside findDOMNode for components wrapped in <Suspense>. (@acdlite in #15312)
- Fix pending effects from being flushed too late. (@acdlite in #15650)
- Fix incorrect argument order in a warning message. (@brickspert in #15345)
- Fix hiding Suspense fallback nodes when there is an !important style. (@acdlite in #15861 and #15882)
- Slightly improve hydration performance. (@bmeurer in #15998)
React DOM Server
- Fix incorrect output for camelCase custom CSS property names. (@bedakb in #16167)
React Test Utilities and Test Renderer
- Add act(async () => ...) for testing asynchronous state updates. (@threepointone in #14853)
- Add support for nesting act from different renderers. (@threepointone in #16039 and #16042)
- Warn in Strict Mode if effects are scheduled outside an act() call. (@threepointone in #15763 and #16041)
- Warn when using act from the wrong renderer. (@threepointone in #15756)
Artifacts

• react: https://unpkg.com/react@16.9.0/umd/
• react-art: https://unpkg.com/react-art@16.9.0/umd/
• react-dom: https://unpkg.com/react-dom@16.9.0/umd/
• react-is: https://unpkg.com/react-is@16.9.0/umd/
• react-test-renderer: https://unpkg.com/react-test-renderer@16.9.0/umd/
• scheduler: https://unpkg.com/scheduler@0.15.0/umd/
16.9.0-rc.0 - 2019-08-05
This is a release candidate for React v16.9.0.

Changelog is available in #16254.

UMD builds

• react: https://unpkg.com/react@16.9.0-rc.0/umd/
• react-art: https://unpkg.com/react-art@16.9.0-rc.0/umd/
• react-dom: https://unpkg.com/react-dom@16.9.0-rc.0/umd/
• react-is: https://unpkg.com/react-is@16.9.0-rc.0/umd/
• react-test-renderer: https://unpkg.com/react-test-renderer@16.9.0-rc.0/umd/
• scheduler: https://unpkg.com/scheduler@0.15.0-rc.0/umd/
16.9.0-alpha.0 - 2019-04-03
v16.9.0-alpha.0 (April 3, 2019)
- (await act(async () => ...) (@threepointone in #14853)
Artifacts
- react: https://unpkg.com/react@16.9.0-alpha.0/umd/
- react-art: https://unpkg.com/react-art@16.9.0-alpha.0/umd/
- react-dom: https://unpkg.com/react-dom@16.9.0-alpha.0/umd/
- react-is: https://unpkg.com/react-is@16.9.0-alpha.0/umd/
- react-test-renderer: https://unpkg.com/react-test-renderer@16.9.0-alpha.0/umd/
- scheduler: https://unpkg.com/scheduler@0.14.0-alpha.0/umd/
16.8.6 - 2019-03-28
16.8.5 - 2019-03-22
16.8.4 - 2019-03-05
16.8.3 - 2019-02-21
16.8.2 - 2019-02-14
16.8.1 - 2019-02-06
16.8.0 - 2019-02-06
16.8.0-alpha.1 - 2019-01-15
16.8.0-alpha.0 - 2019-01-09
16.7.0 - 2018-12-20
16.7.0-alpha.2 - 2018-11-13
16.7.0-alpha.1 - 2018-11-13
16.7.0-alpha.0 - 2018-10-25
16.6.3 - 2018-11-13
16.6.2 - 2018-11-13
16.6.1 - 2018-11-07
16.6.0 - 2018-10-23
16.6.0-alpha.8af6728 - 2018-10-10
16.6.0-alpha.400d197 - 2018-10-05
16.6.0-alpha.0 - 2018-09-17
16.5.2 - 2018-09-18
16.5.1 - 2018-09-13
16.5.0 - 2018-09-06
16.4.2 - 2018-08-01
16.4.1 - 2018-06-13
16.4.0 - 2018-05-24
16.4.0-alpha.0911da3 - 2018-02-27
16.4.0-alpha.7926752 - 2018-02-13
16.4.0-alpha.3174632 - 2018-02-24
16.3.3 - 2018-08-01
16.3.2 - 2018-04-16
16.3.1 - 2018-04-04
16.3.0 - 2018-03-29
16.3.0-rc.0 - 2018-03-28
16.3.0-alpha.3 - 2018-03-22
16.3.0-alpha.2 - 2018-03-14
16.3.0-alpha.1 - 2018-02-12
16.3.0-alpha.0 - 2018-02-02
16.2.1 - 2018-08-01
16.2.0 - 2017-11-28
16.1.2 - 2018-08-01
16.1.1 - 2017-11-13
16.1.0 - 2017-11-09
16.1.0-rc - 2017-11-09
16.1.0-beta.1 - 2017-11-07
16.1.0-beta - 2017-11-02
16.0.1 - 2018-08-01
16.0.0 - 2017-09-26

from react-dom GitHub release notes

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[//]: # (snyk:metadata:{"dependencies":[{"name":"react","from":"16.0.0","to":"16.12.0"},{"name":"react-dom","from":"16.0.0","to":"16.12.0"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/coderbyheart/project/a5aa72bb-b5d9-4dec-adc9-3238d3e5caa9?utm_source=github&utm_medium=upgrade-pr","projectPublicId":"a5aa72bb-b5d9-4dec-adc9-3238d3e5caa9","env":"prod","prType":"upgrade","vulns":["npm:ua-parser-js:20180227","npm:react-dom:20180802"],"issuesToFix":[{"issueId":"npm:ua-parser-js:20180227","severity":"medium","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"proof-of-concept"},{"issueId":"npm:react-dom:20180802","severity":"medium","title":"Cross-site Scripting (XSS)","exploitMaturity":"no-known-exploit"}],"upgrade":["npm:ua-parser-js:20180227","npm:react-dom:20180802"],"upgradeInfo":{"versionsDiff":52,"publishedDate":"2019-11-14T23:57:29.304Z"},"templateVariants":[],"hasFixes":true,"isMajorUpgrade":false,"isBreakingChange":false})

Snyk has created this PR to upgrade: - react from 16.0.0 to 16.12.0. See this package in NPM: https://www.npmjs.com/package/react - react-dom from 16.0.0 to 16.12.0. See this package in NPM: https://www.npmjs.com/package/react-dom See this project in Snyk: https://app.snyk.io/org/coderbyheart/project/a5aa72bb-b5d9-4dec-adc9-3238d3e5caa9?utm_source=github&utm_medium=upgrade-pr

snyk-bot and others added 2 commits March 10, 2020 07:23

Merge branch 'master' into snyk-upgrade-68a668fd62b5d6db0cc5abc4fd477742

c5cd460

coderbyheart merged commit f286004 into master Mar 10, 2020

coderbyheart deleted the snyk-upgrade-68a668fd62b5d6db0cc5abc4fd477742 branch October 6, 2020 22:17

[Snyk] Upgrade: react, react-dom #3

[Snyk] Upgrade: react, react-dom #3

Conversation

snyk-bot commented Mar 10, 2020

Snyk has created this PR to upgrade multiple dependencies.

React DOM

React Is

Artifacts

React DOM

Artifacts

React DOM

Artifacts

React DOM

React DOM

Scheduler (Experimental)

useSubscription

Artifacts

React

React DOM

React DOM Server

React Test Utilities and Test Renderer

Artifacts

UMD builds

v16.9.0-alpha.0 (April 3, 2019)

Artifacts

React DOM

React Is

Artifacts

React DOM

Artifacts

React DOM

Artifacts

React DOM

React DOM

Scheduler (Experimental)

useSubscription

Artifacts

React

React DOM

React DOM Server

React Test Utilities and Test Renderer

Artifacts

UMD builds

v16.9.0-alpha.0 (April 3, 2019)

Artifacts