forked from compulim/lock-walker
-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Snyk] Fix for 104 vulnerabilities #65
Open
Omrisnyk
wants to merge
1
commit into
master
Choose a base branch
from
snyk-fix-2194b427d0062cb9364ce6a8bd60ad69
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-UNSETVALUE-2400660 - https://snyk.io/vuln/SNYK-JS-URIJS-1055003 - https://snyk.io/vuln/SNYK-JS-URIJS-1078286 - https://snyk.io/vuln/SNYK-JS-URIJS-1319803 - https://snyk.io/vuln/SNYK-JS-URIJS-1319806 - https://snyk.io/vuln/SNYK-JS-URIJS-2401466 - https://snyk.io/vuln/SNYK-JS-URIJS-2415026 - https://snyk.io/vuln/SNYK-JS-URIJS-2419067 - https://snyk.io/vuln/SNYK-JS-URIJS-2440699 - https://snyk.io/vuln/SNYK-JS-URIJS-2441239 - https://snyk.io/vuln/SNYK-JS-URLPARSE-1078283 - https://snyk.io/vuln/SNYK-JS-URLPARSE-1533425 - https://snyk.io/vuln/SNYK-JS-URLPARSE-2401205 - https://snyk.io/vuln/SNYK-JS-URLPARSE-2407759 - https://snyk.io/vuln/SNYK-JS-URLPARSE-2407770 - https://snyk.io/vuln/SNYK-JS-URLPARSE-2412697 - https://snyk.io/vuln/SNYK-JS-URLPARSE-543307 - https://snyk.io/vuln/SNYK-JS-WEBSOCKETEXTENSIONS-570623 - https://snyk.io/vuln/SNYK-JS-Y18N-1021887 - https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381 - https://snyk.io/vuln/SNYK-JS-LODASH-1040724 - https://snyk.io/vuln/SNYK-JS-LODASHES-2434284 - https://snyk.io/vuln/SNYK-JS-TAR-174125 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577916 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577917 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577918 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-571484 - https://snyk.io/vuln/SNYK-JS-IP-6240864 - https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1056767 - https://snyk.io/vuln/npm:url-parse:20180731 - https://snyk.io/vuln/SNYK-JS-HANDLEBARS-534478 - https://snyk.io/vuln/SNYK-JS-LODASH-567746 - https://snyk.io/vuln/SNYK-JS-LODASHES-2434283 - https://snyk.io/vuln/SNYK-JS-HANDLEBARS-534988 - https://snyk.io/vuln/npm:macaddress:20180511 - https://snyk.io/vuln/SNYK-JS-JSON5-3182856 - https://snyk.io/vuln/SNYK-JS-LODASH-6139239 - https://snyk.io/vuln/SNYK-JS-BRACES-6838727 - https://snyk.io/vuln/SNYK-JS-ES5EXT-6095076 - https://snyk.io/vuln/SNYK-JS-JSYAML-174129 - https://snyk.io/vuln/SNYK-JS-AJV-584908 - https://snyk.io/vuln/SNYK-JS-QS-3153490 - https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908 - https://snyk.io/vuln/SNYK-JS-ASYNC-2441827 - https://snyk.io/vuln/SNYK-JS-DECODEURICOMPONENT-3149970 - https://snyk.io/vuln/SNYK-JS-SEMVER-3247795 - https://snyk.io/vuln/SNYK-JS-UAPARSERJS-1023599 - https://snyk.io/vuln/SNYK-JS-UAPARSERJS-610226 - https://snyk.io/vuln/SNYK-JS-SETVALUE-1540541 - https://snyk.io/vuln/SNYK-JS-LODASH-450202 - https://snyk.io/vuln/SNYK-JS-LODASHES-2434290 - https://snyk.io/vuln/SNYK-JS-INI-1048974 - https://snyk.io/vuln/SNYK-JS-JSONSCHEMA-1920922 - https://snyk.io/vuln/SNYK-JS-LODASH-608086 - https://snyk.io/vuln/SNYK-JS-LODASHES-2434285 - https://snyk.io/vuln/SNYK-JS-MIXINDEEP-450212 - https://snyk.io/vuln/SNYK-JS-SETVALUE-450213 - https://snyk.io/vuln/SNYK-JS-LODASH-73638 - https://snyk.io/vuln/SNYK-JS-LODASHES-2434287 - https://snyk.io/vuln/SNYK-JS-NODEFORGE-598677 - https://snyk.io/vuln/SNYK-JS-UAPARSERJS-1072471 - https://snyk.io/vuln/SNYK-JS-TAR-6476909 - https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1279029 - https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116 - https://snyk.io/vuln/SNYK-JS-DOTPROP-543489 - https://snyk.io/vuln/SNYK-JS-MINIMIST-559764 - https://snyk.io/vuln/SNYK-JS-HANDLEBARS-567742 - https://snyk.io/vuln/SNYK-JS-HTTPPROXY-569139 - https://snyk.io/vuln/SNYK-JS-LODASH-73639 - https://snyk.io/vuln/SNYK-JS-LODASHES-2434286 - https://snyk.io/vuln/SNYK-JS-BROWSERIFYSIGN-6037026 - https://snyk.io/vuln/SNYK-JS-MICROMATCH-6838728 - https://snyk.io/vuln/SNYK-JS-REACTDEVUTILS-72875 - https://snyk.io/vuln/SNYK-JS-ACORN-559469 - https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3043105 - https://snyk.io/vuln/SNYK-JS-HANDLEBARS-480388 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-1064899 - https://snyk.io/vuln/SNYK-JS-HANDLEBARS-173692 - https://snyk.io/vuln/SNYK-JS-HANDLEBARS-174183 - https://snyk.io/vuln/SNYK-JS-HANDLEBARS-469063 - https://snyk.io/vuln/SNYK-JS-NODEFETCH-2342118 - https://snyk.io/vuln/SNYK-JS-JSYAML-173999 - https://snyk.io/vuln/SNYK-JS-NODEFETCH-674311 - https://snyk.io/vuln/SNYK-JS-TAR-1579147 - https://snyk.io/vuln/SNYK-JS-TAR-1579152 - https://snyk.io/vuln/SNYK-JS-TAR-1579155 - https://snyk.io/vuln/SNYK-JS-NODENOTIFIER-1035794 - https://snyk.io/vuln/SNYK-JS-TAR-1536528 - https://snyk.io/vuln/SNYK-JS-TAR-1536531 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-511941 - https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905 - https://snyk.io/vuln/SNYK-JS-HOSTEDGITINFO-1088355 - https://snyk.io/vuln/SNYK-JS-LODASH-1018905 - https://snyk.io/vuln/SNYK-JS-LODASHES-2434289 - https://snyk.io/vuln/SNYK-JS-PATHPARSE-1077067 - https://snyk.io/vuln/SNYK-JS-MINIMIST-2429795 - https://snyk.io/vuln/SNYK-JS-KINDOF-537849 - https://snyk.io/vuln/SNYK-JS-UGLIFYJS-1727251 - https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3042992 - https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3105943 - https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818 - https://snyk.io/vuln/npm:chownr:20180731 - https://snyk.io/vuln/SNYK-JS-TAR-1536758 - https://snyk.io/vuln/SNYK-JS-MACADDRESS-567156
🎉 Snyk hasn't found any issues so far.✅ code/snyk check is completed. No issues were found. (View Details) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to fix 104 vulnerabilities in the npm dependencies of this project.
Snyk changed the following file(s):
package.json
package-lock.json
Vulnerabilities that will be fixed with an upgrade:
SNYK-JS-UNSETVALUE-2400660
SNYK-JS-URIJS-1055003
SNYK-JS-URIJS-1078286
SNYK-JS-URIJS-1319803
SNYK-JS-URIJS-1319806
SNYK-JS-URIJS-2401466
SNYK-JS-URIJS-2415026
SNYK-JS-URIJS-2419067
SNYK-JS-URIJS-2440699
SNYK-JS-URIJS-2441239
SNYK-JS-URLPARSE-1078283
SNYK-JS-URLPARSE-1533425
SNYK-JS-URLPARSE-2401205
SNYK-JS-URLPARSE-2407759
SNYK-JS-URLPARSE-2407770
SNYK-JS-URLPARSE-2412697
SNYK-JS-URLPARSE-543307
SNYK-JS-WEBSOCKETEXTENSIONS-570623
SNYK-JS-Y18N-1021887
SNYK-JS-YARGSPARSER-560381
SNYK-JS-LODASH-1040724
SNYK-JS-LODASHES-2434284
SNYK-JS-TAR-174125
SNYK-JS-ELLIPTIC-7577916
SNYK-JS-ELLIPTIC-7577917
SNYK-JS-ELLIPTIC-7577918
SNYK-JS-ELLIPTIC-571484
SNYK-JS-IP-6240864
SNYK-JS-HANDLEBARS-1056767
npm:url-parse:20180731
SNYK-JS-HANDLEBARS-534478
SNYK-JS-LODASH-567746
SNYK-JS-LODASHES-2434283
SNYK-JS-HANDLEBARS-534988
npm:macaddress:20180511
SNYK-JS-JSON5-3182856
SNYK-JS-LODASH-6139239
SNYK-JS-BRACES-6838727
SNYK-JS-ES5EXT-6095076
SNYK-JS-JSYAML-174129
SNYK-JS-AJV-584908
SNYK-JS-QS-3153490
SNYK-JS-ANSIREGEX-1583908
SNYK-JS-ASYNC-2441827
SNYK-JS-DECODEURICOMPONENT-3149970
SNYK-JS-SEMVER-3247795
SNYK-JS-UAPARSERJS-1023599
SNYK-JS-UAPARSERJS-610226
SNYK-JS-SETVALUE-1540541
SNYK-JS-LODASH-450202
SNYK-JS-LODASHES-2434290
SNYK-JS-INI-1048974
SNYK-JS-JSONSCHEMA-1920922
SNYK-JS-LODASH-608086
SNYK-JS-LODASHES-2434285
SNYK-JS-MIXINDEEP-450212
SNYK-JS-SETVALUE-450213
SNYK-JS-LODASH-73638
SNYK-JS-LODASHES-2434287
SNYK-JS-NODEFORGE-598677
SNYK-JS-UAPARSERJS-1072471
SNYK-JS-TAR-6476909
SNYK-JS-HANDLEBARS-1279029
SNYK-JS-INFLIGHT-6095116
SNYK-JS-DOTPROP-543489
SNYK-JS-MINIMIST-559764
SNYK-JS-HANDLEBARS-567742
SNYK-JS-HTTPPROXY-569139
SNYK-JS-LODASH-73639
SNYK-JS-LODASHES-2434286
SNYK-JS-BROWSERIFYSIGN-6037026
SNYK-JS-MICROMATCH-6838728
SNYK-JS-REACTDEVUTILS-72875
SNYK-JS-ACORN-559469
SNYK-JS-LOADERUTILS-3043105
SNYK-JS-HANDLEBARS-480388
SNYK-JS-ELLIPTIC-1064899
SNYK-JS-HANDLEBARS-173692
SNYK-JS-HANDLEBARS-174183
SNYK-JS-HANDLEBARS-469063
SNYK-JS-NODEFETCH-2342118
SNYK-JS-JSYAML-173999
SNYK-JS-NODEFETCH-674311
SNYK-JS-TAR-1579147
SNYK-JS-TAR-1579152
SNYK-JS-TAR-1579155
SNYK-JS-NODENOTIFIER-1035794
SNYK-JS-TAR-1536528
SNYK-JS-TAR-1536531
SNYK-JS-ELLIPTIC-511941
SNYK-JS-GLOBPARENT-1016905
SNYK-JS-HOSTEDGITINFO-1088355
SNYK-JS-LODASH-1018905
SNYK-JS-LODASHES-2434289
SNYK-JS-PATHPARSE-1077067
SNYK-JS-MINIMIST-2429795
SNYK-JS-KINDOF-537849
SNYK-JS-UGLIFYJS-1727251
SNYK-JS-LOADERUTILS-3042992
SNYK-JS-LOADERUTILS-3105943
SNYK-JS-MINIMATCH-3050818
npm:chownr:20180731
SNYK-JS-TAR-1536758
SNYK-JS-MACADDRESS-567156
Release notes
Package name: react
16.5.0 (September 5, 2018)
React
React.forwardRef
render function doesn't take exactly two arguments (@ bvaughn in #13168)createElement
by mistake (@ DCtheTall in #13131)onRender
until after mutations (@ bvaughn in #13572)React DOM
react-dom/profiling
entry point alias for profiling in production (@ bvaughn in #13570)onAuxClick
event for browsers that support it (@ jquense in #11571)movementX
andmovementY
fields to mouse events (@ jasonwilliams in #9018)tangentialPressure
andtwist
fields to pointer events (@ motiz88 in #13374)focusable
SVG attribute (@ gaearon in #13339)<noscript>
on the client when when hydrating (@ Ephem in #13537)gridArea
to be treated as a unitless CSS property (@ mgol in #13550)compositionend
event when typing Korean on IE11 (@ crux153 in #12563)children
in the<option>
tag (@ Slowyn in #13261, @ gaearon in #13465)checked
attribute not getting initially set on theinput
(@ dilidili in #13114)dangerouslySetInnerHTML
when__html
is not a string (@ gaearon in #13353)onChange
to fire on falsy values too (@ nicolevy in #12628)submit
andreset
buttons getting an empty label (@ ellsclytn in #12780)onSelect
event not being triggered after drag and drop (@ gaearon in #13422)onClick
event not working inside a portal on iOS (@ aweary in #11927)onChange
to not fire in some cases (@ gaearon in #13423)"false"
or"true"
is the value of a boolean DOM prop (@ motiz88 in #13372)this.state
is initialized toprops
(@ veekas in #11658)style
on hydration in IE due to noisy false positives (@ mgol in #13534)StrictMode
in the component stack (@ gaearon in #13240)window.event
in IE (@ ConradIrwin in #11696)folder/index.js
naming convention (@ gaearon in #12059)getDerivedStateFromProps
without initialized state (@ flxwu in #13317)<webview>
tag without warnings (@ philipp-spiess in #13301)e.preventDefault()
was called (@ gaearon in #13384)unstable_deferredUpdates
in favor ofunstable_scheduleWork
fromschedule
(@ gaearon in #13488)React DOM Server
dangerouslySetInnerHtml
in a selected<option>
(@ mridgway in #13078)setTimeout
is missing (@ dustinsoftware in #13088)React Test Renderer and Test Utils
this
in a functional component for shallow renderer to beundefined
(@ koba04 in #13144)ReactTestUtils.mockComponent()
helper (@ bvaughn in #13193)ReactDOM.createPortal
usage within the test renderer (@ bvaughn in #12895)React ART
Schedule (Experimental)
16.4.2 (August 1, 2018)
React DOM Server
Fix a potential XSS vulnerability when the attacker controls an attribute name (
CVE-2018-6341
). This fix is available in the latestreact-dom@16.4.2
, as well as in previous affected minor versions:react-dom@16.0.1
,react-dom@16.1.2
,react-dom@16.2.1
, andreact-dom@16.3.3
. (@ gaearon in #13302)Fix a crash in the server renderer when an attribute is called
hasOwnProperty
. This fix is only available inreact-dom@16.4.2
. (@ gaearon in #13303)16.4.1 (June 13, 2018)
React
propTypes
to components returned byReact.ForwardRef
. (@ bvaughn in #12911)React DOM
type
changes from some other types totext
. (@ spirosikmd in #12135)event.target
value for theonChange
event in IE9. (@ nhunzaker in #12976)<React.Fragment />
from a component. (@ philipp-spiess in #12966)React DOM Server
React Test Renderer
getDerivedStateFromProps()
in the shallow renderer to not discard the pending state. (@ fatfisz in #13030)React
React.unstable_Profiler
component for measuring performance. (@ bvaughn in #12745)React DOM
getDerivedStateFromProps()
regardless of the reason for re-rendering. (@ acdlite in #12600 and #12802)forwardRef()
on a deepersetState()
. (@ gaearon in #12690)propTypes
on a context provider component. (@ nicolevy in #12658)react-lifecycles-compat
in<StrictMode>
. (@ bvaughn in #12644)forwardRef()
render function haspropTypes
ordefaultProps
. (@ bvaughn in #12644)forwardRef()
and context consumers are displayed in the component stack. (@ sophiebits in #12777)React Test Renderer
getDerivedStateFromProps()
support to match the new React DOM behavior. (@ koba04 in #12676)testInstance.parent
crash when the parent is a fragment or another special node. (@ gaearon in #12813)forwardRef()
components are now discoverable by the test renderer traversal methods. (@ gaearon in #12725)setState()
updaters that returnnull
orundefined
. (@ koba04 in #12756)React ART
React Call Return (Experimental)
React Reconciler (Experimental)
16.3.2 (April 16, 2018)
React
null
orundefined
toReact.cloneElement
. (@ nicolevy in #12534)React DOM
<StrictMode>
. (@ bvaughn in #12546)unstable_observedBits
API with nesting. (@ gaearon in #12543)React Test Renderer
Package name: react-redux
🎉 This is our first big release supporting the new Context API added in React 16.4!
As such, we now require React 16.4 or higher. Make sure to update your version when updating to this release.
This work has been mostly lead by @ cellog and @ markerikson, with special guest appearances by yours truly and a whole cast of helpful reviewers.
Breaking Changes
The
withRef
option toconnect
has been replaced withforwardRef
. If{forwardRef : true}
has been passed toconnect
, adding a ref to the connected wrapper component will actually return the instance of the wrapped component.Passing
store
as a prop to a connected component is no longer supported. Instead, you may pass a customcontext={MyContext}
prop to both<Provider>
and<ConnectedComponent>
. You may also pass{context : MyContext}
as an option toconnect
.Behavior Changes
Any library that attempts to access the store instance out of legacy context will break, because we now put the store state into a
<Context.Provider>
instead. Examples of this includeconnected-react-router
andreact-redux-subspace
. (The current implementation does also put the store itself into that same context. While accessing the store in context is not part of our public API, we will still try to make it possible for other libraries to access it, with the understanding that this could break at any time.)Also, there is a behavior change around dispatching actions in constructors /
componentWillMount
. Previously, dispatching in a parent component's constructor would cause its children to immediately use the updated state as they mounted, because each component read from the store individually. In version 6, all components read the same current store state value from context, which means the tree will be consistent and not have "tearing". This is an improvement overall, but there may be applications that relied on the existing behavior.Changes
null
as a valid plain object prototype inisPlainObject()
(#1075 by @ rgrove)Changes
null
as a valid plain object prototype inisPlainObject()
(#1075 by @ rgrove)