[Snyk] Upgrade: react, react-dom #5
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade:
- react from 16.4.2 to 16.13.1.
See this package in npm: https://www.npmjs.com/package/react
- react-dom from 16.4.2 to 16.13.1.
See this package in npm: https://www.npmjs.com/package/react-dom
See this project in Snyk:
https://app.snyk.io/org/wambugucoder/project/54fc4501-68ed-46b5-8b4a-7542119eddbe?utm_source=github&utm_medium=upgrade-pr
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade multiple dependencies.
👯♂ The following dependencies are linked and will therefore be updated together.ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
from 16.4.2 to 16.13.1
on 2020-03-19
from 16.4.2 to 16.13.1
on 2020-03-19
The recommended version fixes:
SNYK-JS-NODEFETCH-674311
Why? Recently disclosed, CVSS 5.9
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: react
-
16.13.1 - 2020-03-19
- Fix bug in legacy mode Suspense where effect clean-up functions are not fired. This only affects users who use Suspense for data fetching in legacy mode, which is not technically supported. (@acdlite in #18238)
- Revert warning for cross-component updates that happen inside class render lifecycles (
- react: https://unpkg.com/react@16.13.1/umd/
- react-art: https://unpkg.com/react-art@16.13.1/umd/
- react-dom: https://unpkg.com/react-dom@16.13.1/umd/
- react-is: https://unpkg.com/react-is@16.13.1/umd/
- react-test-renderer: https://unpkg.com/react-test-renderer@16.13.1/umd/
- scheduler: https://unpkg.com/scheduler@0.19.1/umd/
-
16.13.0 - 2020-02-26
- Warn when a string ref is used in a manner that's not amenable to a future codemod (@lunaruan in #17864)
- Deprecate
- Warn when changes in
- Warn when a function component is updated during another component's render phase (@acdlite in #17099)
- Deprecate
- Fix
- Call
- Add
- Don't call
- Show component stacks in more warnings (@gaearon in #17922, #17586)
- Warn for problematic usages of
- Remove
- Don't group Idle/Offscreen work with other work (@sebmarkbage in #17456)
- Adjust
- Add missing event plugin priorities (@trueadm in #17914)
- Fix
- Fix
- Don't warn when suspending at the wrong priority (@gaearon in #17971)
- Fix a bug with rebasing updates (@acdlite and @sebmarkbage in #17560, #17510, #17483, #17480)
- react: https://unpkg.com/react@16.13.0/umd/
- react-art: https://unpkg.com/react-art@16.13.0/umd/
- react-dom: https://unpkg.com/react-dom@16.13.0/umd/
- react-is: https://unpkg.com/react-is@16.13.0/umd/
- react-test-renderer: https://unpkg.com/react-test-renderer@16.13.0/umd/
- scheduler: https://unpkg.com/scheduler@0.19.0/umd/
-
16.12.0 - 2019-11-14
- Fix passive effects (
- Fix
-
16.11.0 - 2019-10-22
- Fix
- Remove
-
16.10.2 - 2019-10-03
- Fix regression in react-native-web by restoring order of arguments in event plugin extractors (@necolas in #16978)
-
16.10.1 - 2019-09-28
- Fix regression in Next.js apps by allowing Suspense mismatch during hydration to silently proceed (@sebmarkbage in #16943)
-
16.10.0 - 2019-09-27
- Fix edge case where a hook update wasn't being memoized. (@sebmarkbage in #16359)
- Fix heuristic for determining when to hydrate, so we don't incorrectly hydrate during an update. (@sebmarkbage in #16739)
- Clear additional fiber fields during unmount to save memory. (@trueadm in #16807)
- Fix bug with required text fields in Firefox. (@halvves in #16578)
- Prefer
- Fix bug when mixing Suspense and error handling. (@acdlite in #16801)
- Improve queue performance by switching its internal data structure to a min binary heap. (@acdlite in #16245)
- Use
- Avoid tearing issue when a mutation happens and the previous update is still in progress. (@bvaughn in #16623)
-
16.9.0 - 2019-08-08
-
16.9.0-rc.0 - 2019-08-05
-
16.9.0-alpha.0 - 2019-04-03
-
16.8.6 - 2019-03-28
-
16.8.5 - 2019-03-22
-
16.8.4 - 2019-03-05
-
16.8.3 - 2019-02-21
-
16.8.2 - 2019-02-14
-
16.8.1 - 2019-02-06
-
16.8.0 - 2019-02-06
-
16.8.0-alpha.1 - 2019-01-15
-
16.8.0-alpha.0 - 2019-01-09
-
16.7.0 - 2018-12-20
-
16.7.0-alpha.2 - 2018-11-13
-
16.7.0-alpha.1 - 2018-11-13
-
16.7.0-alpha.0 - 2018-10-25
-
16.6.3 - 2018-11-13
-
16.6.2 - 2018-11-13
-
16.6.1 - 2018-11-07
-
16.6.0 - 2018-10-23
-
16.6.0-alpha.f47a958 - 2018-10-10
-
16.6.0-alpha.8af6728 - 2018-10-10
-
16.6.0-alpha.400d197 - 2018-10-05
-
16.6.0-alpha.0 - 2018-09-17
-
16.5.2 - 2018-09-18
-
16.5.1 - 2018-09-13
-
16.5.0 - 2018-09-06
-
16.4.2 - 2018-08-01
from react GitHub release notesReact DOM
componentWillReceiveProps,shouldComponentUpdate, and so on). (@gaearon in #18330)Artifacts
React
React.createFactory()(@trueadm in #17878)React DOM
stylemay cause an unexpected collision (@sophiebits in #14181, #18002)unstable_createPortal(@trueadm in #17880)onMouseEnterbeing fired on disabled buttons (@AlfredoGJ in #17675)shouldComponentUpdatetwice when developing inStrictMode(@bvaughn in #17942)versionproperty to ReactDOM (@ealush in #15780)toString()ofdangerouslySetInnerHTML(@sebmarkbage in #17773)Concurrent Mode (Experimental)
ReactDOM.createRoot()(@trueadm in #17937)ReactDOM.createRoot()callback params and added warnings on usage (@bvaughn in #17916)SuspenseListCPU bound heuristic (@sebmarkbage in #17455)isPendingonly being true when transitioning from inside an input event (@acdlite in #17382)React.memocomponents dropping updates when interrupted by a higher priority update (@acdlite in #18091)Artifacts
React DOM
useEffect) not being fired in a multi-root app. (@acdlite in #17347)React Is
lazyandmemotypes considered elements instead of components (@bvaughn in #17278)Artifacts
• react: https://unpkg.com/react@16.12.0/umd/
• react-art: https://unpkg.com/react-art@16.12.0/umd/
• react-dom: https://unpkg.com/react-dom@16.12.0/umd/
• react-is: https://unpkg.com/react-is@16.12.0/umd/
• react-test-renderer: https://unpkg.com/react-test-renderer@16.12.0/umd/
• scheduler: https://unpkg.com/scheduler@0.18.0/umd/
React DOM
mouseenterhandlers from firing twice inside nested React containers. @yuanoook in #16928unstable_createRootandunstable_createSyncRootexperimental APIs. (These are available in the Experimental channel ascreateRootandcreateSyncRoot.) (@acdlite in #17088)Artifacts
• react: https://unpkg.com/react@16.11.0/umd/
• react-art: https://unpkg.com/react-art@16.11.0/umd/
• react-dom: https://unpkg.com/react-dom@16.11.0/umd/
• react-is: https://unpkg.com/react-is@16.11.0/umd/
• react-test-renderer: https://unpkg.com/react-test-renderer@16.11.0/umd/
• scheduler: https://unpkg.com/scheduler@0.17.0/umd/
React DOM
Artifacts
• react: https://unpkg.com/react@16.10.2/umd/
• react-art: https://unpkg.com/react-art@16.10.2/umd/
• react-dom: https://unpkg.com/react-dom@16.10.2/umd/
• react-is: https://unpkg.com/react-is@16.10.2/umd/
• react-test-renderer: https://unpkg.com/react-test-renderer@16.10.2/umd/
• scheduler: https://unpkg.com/scheduler@0.16.2/umd/
React DOM
React DOM
Object.isinstead of inline polyfill, when available. (@ku8ar in #16212)Scheduler (Experimental)
postMessageloop with short intervals instead of attempting to align to frame boundaries withrequestAnimationFrame. (@acdlite in #16214)useSubscription
Artifacts
• react: https://unpkg.com/react@16.10.0/umd/
• react-art: https://unpkg.com/react-art@16.10.0/umd/
• react-dom: https://unpkg.com/react-dom@16.10.0/umd/
• react-is: https://unpkg.com/react-is@16.10.0/umd/
• react-test-renderer: https://unpkg.com/react-test-renderer@16.10.0/umd/
• scheduler: https://unpkg.com/scheduler@0.16.0/umd/
Package name: react-dom
-
16.13.1 - 2020-03-19
- Fix bug in legacy mode Suspense where effect clean-up functions are not fired. This only affects users who use Suspense for data fetching in legacy mode, which is not technically supported. (@acdlite in #18238)
- Revert warning for cross-component updates that happen inside class render lifecycles (
- react: https://unpkg.com/react@16.13.1/umd/
- react-art: https://unpkg.com/react-art@16.13.1/umd/
- react-dom: https://unpkg.com/react-dom@16.13.1/umd/
- react-is: https://unpkg.com/react-is@16.13.1/umd/
- react-test-renderer: https://unpkg.com/react-test-renderer@16.13.1/umd/
- scheduler: https://unpkg.com/scheduler@0.19.1/umd/
-
16.13.0 - 2020-02-26
-
16.12.0 - 2019-11-14
- Fix passive effects (
- Fix
-
16.11.0 - 2019-10-22
- Fix
- Remove
-
16.10.2 - 2019-10-03
- Fix regression in react-native-web by restoring order of arguments in event plugin extractors (@necolas in #16978)
-
16.10.1 - 2019-09-28
- Fix regression in Next.js apps by allowing Suspense mismatch during hydration to silently proceed (@sebmarkbage in #16943)
-
16.10.0 - 2019-09-27
-
16.9.0 - 2019-08-08
-
16.9.0-rc.0 - 2019-08-05
-
16.9.0-alpha.0 - 2019-04-03
-
16.8.6 - 2019-03-28
-
16.8.5 - 2019-03-22
-
16.8.4 - 2019-03-05
-
16.8.3 - 2019-02-21
-
16.8.2 - 2019-02-14
-
16.8.1 - 2019-02-06
-
16.8.0 - 2019-02-06
-
16.8.0-alpha.1 - 2019-01-15
-
16.8.0-alpha.0 - 2019-01-09
-
16.7.0 - 2018-12-20
-
16.7.0-alpha.2 - 2018-11-13
-
16.7.0-alpha.1 - 2018-11-13
-
16.7.0-alpha.0 - 2018-10-25
-
16.6.3 - 2018-11-13
-
16.6.2 - 2018-11-13
-
16.6.1 - 2018-11-07
-
16.6.0 - 2018-10-23
-
16.6.0-alpha.8af6728 - 2018-10-10
-
16.6.0-alpha.400d197 - 2018-10-05
-
16.6.0-alpha.0 - 2018-09-17
-
16.5.2 - 2018-09-18
-
16.5.1 - 2018-09-13
-
16.5.0 - 2018-09-06
-
16.4.2 - 2018-08-01
from react-dom GitHub release notesReact DOM
componentWillReceiveProps,shouldComponentUpdate, and so on). (@gaearon in #18330)Artifacts
Read more
React DOM
useEffect) not being fired in a multi-root app. (@acdlite in #17347)React Is
lazyandmemotypes considered elements instead of components (@bvaughn in #17278)Artifacts
• react: https://unpkg.com/react@16.12.0/umd/
• react-art: https://unpkg.com/react-art@16.12.0/umd/
• react-dom: https://unpkg.com/react-dom@16.12.0/umd/
• react-is: https://unpkg.com/react-is@16.12.0/umd/
• react-test-renderer: https://unpkg.com/react-test-renderer@16.12.0/umd/
• scheduler: https://unpkg.com/scheduler@0.18.0/umd/
React DOM
mouseenterhandlers from firing twice inside nested React containers. @yuanoook in #16928unstable_createRootandunstable_createSyncRootexperimental APIs. (These are available in the Experimental channel ascreateRootandcreateSyncRoot.) (@acdlite in #17088)Artifacts
• react: https://unpkg.com/react@16.11.0/umd/
• react-art: https://unpkg.com/react-art@16.11.0/umd/
• react-dom: https://unpkg.com/react-dom@16.11.0/umd/
• react-is: https://unpkg.com/react-is@16.11.0/umd/
• react-test-renderer: https://unpkg.com/react-test-renderer@16.11.0/umd/
• scheduler: https://unpkg.com/scheduler@0.17.0/umd/
React DOM
Artifacts
• react: https://unpkg.com/react@16.10.2/umd/
• react-art: https://unpkg.com/react-art@16.10.2/umd/
• react-dom: https://unpkg.com/react-dom@16.10.2/umd/
• react-is: https://unpkg.com/react-is@16.10.2/umd/
• react-test-renderer: https://unpkg.com/react-test-renderer@16.10.2/umd/
• scheduler: https://unpkg.com/scheduler@0.16.2/umd/
React DOM
Read more
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs