[Snyk] Upgrade: react, react-dom, fastify, fastify-static, htm, react-router-dom, superagent

[WontonSam]

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

react
from 16.13.1 to 16.14.0 | 1 version ahead of your current version | 4 years ago
on 2020-10-14
react-dom
from 16.13.1 to 16.14.0 | 1 version ahead of your current version | 4 years ago
on 2020-10-14
fastify
from 2.13.0 to 2.15.3 | 7 versions ahead of your current version | 4 years ago
on 2020-08-06
fastify-static
from 2.6.0 to 2.7.0 | 1 version ahead of your current version | 4 years ago
on 2020-04-20
htm
from 3.0.3 to 3.1.1 | 3 versions ahead of your current version | 2 years ago
on 2022-04-26
react-router-dom
from 5.1.2 to 5.3.4 | 7 versions ahead of your current version | 2 years ago
on 2022-10-02
superagent
from 5.2.2 to 5.3.1 | 2 versions ahead of your current version | 4 years ago
on 2020-06-28

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Prototype Poisoning SNYK-JS-QS-3153490	162	Proof of Concept
	Denial of Service (DoS) SNYK-JS-FASTIFY-595959	162	Proof of Concept
	Denial of Service (DoS) SNYK-JS-FASTIFY-596516	162	No Known Exploit

Release notes

Package name: react

• 16.14.0 - 2020-10-14
  

  React

  • Add support for the new JSX transform. (@ lunaruan in #18299)
• 16.13.1 - 2020-03-19
  

  React DOM

  • Fix bug in legacy mode Suspense where effect clean-up functions are not fired. This only affects users who use Suspense for data fetching in legacy mode, which is not technically supported. (@ acdlite in #18238)
  • Revert warning for cross-component updates that happen inside class render lifecycles (componentWillReceiveProps, shouldComponentUpdate, and so on). (@ gaearon in #18330)

  Artifacts

  • react: https://unpkg.com/react@16.13.1/umd/
  • react-art: https://unpkg.com/react-art@16.13.1/umd/
  • react-dom: https://unpkg.com/react-dom@16.13.1/umd/
  • react-is: https://unpkg.com/react-is@16.13.1/umd/
  • react-test-renderer: https://unpkg.com/react-test-renderer@16.13.1/umd/
  • scheduler: https://unpkg.com/scheduler@0.19.1/umd/

from react GitHub release notes

Package name: react-dom

• 16.14.0 - 2020-10-14
  

  React

  • Add support for the new JSX transform. (@ lunaruan in #18299)
• 16.13.1 - 2020-03-19
  

  React DOM

  • Fix bug in legacy mode Suspense where effect clean-up functions are not fired. This only affects users who use Suspense for data fetching in legacy mode, which is not technically supported. (@ acdlite in #18238)
  • Revert warning for cross-component updates that happen inside class render lifecycles (componentWillReceiveProps, shouldComponentUpdate, and so on). (@ gaearon in #18330)

  Artifacts

  • react: https://unpkg.com/react@16.13.1/umd/
  • react-art: https://unpkg.com/react-art@16.13.1/umd/
  • react-dom: https://unpkg.com/react-dom@16.13.1/umd/
  • react-is: https://unpkg.com/react-is@16.13.1/umd/
  • react-test-renderer: https://unpkg.com/react-test-renderer@16.13.1/umd/
  • scheduler: https://unpkg.com/scheduler@0.19.1/umd/

from react-dom GitHub release notes

Package name: fastify

• 2.15.3 - 2020-08-06
  

  Fixes:

  • inject function return normal value with non-ready app - #2417
• 2.15.2 - 2020-07-14
  

  📚 PR:

  • fix test per security release (#2365)
  • fix ready returns (#2361)
• 2.15.1 - 2020-06-29
  

  Breaking Change

  For security reasons we changed the default in the ajvconfiguration.
  Unfortunately allErrors: true is a DoS attack vector for certain
  schemas. So this changed to allErrors: false.

  See: ajv-validator/ajv@334071a
  Ref: https://hackerone.com/reports/903521

  📚 PR:

  • Add PATCH to body validation (#2351)
• 2.15.0 - 2020-06-20
• 2.14.1 - 2020-05-08
• 2.14.0 - 2020-04-28
• 2.13.1 - 2020-04-12
• 2.13.0 - 2020-03-20

from fastify GitHub release notes

Package name: fastify-static

• 2.7.0 - 2020-04-20
  

  📚 PR:

  • add flag to avoid trailing slash in prefix (#123)
• 2.6.0 - 2020-01-26
  

  📚 PR:

  • Add rootPath overload parameter to sendFile function (#118)

from fastify-static GitHub release notes

Package name: htm

• 3.1.1 - 2022-04-26
  

  TypeScript Changes

  • Fix nodenext module support from TypeScript 4.7 by @ wight554 in #221

  Docs and CI stuff

  • Skip running tests on outdated Node 10 by @ marvinhagemeister in #215
  • Fixed babel-plugin-htm's documentation of import options by @ drjayvee in #210

  New Contributors

  • @ marvinhagemeister made their first contribution in #215
  • @ wight554 made their first contribution in #221
  • @ drjayvee made their first contribution in #210

  Full Changelog: 3.1.0...3.1.1

• 3.1.0 - 2021-07-09
  
  • Adds Package Exports for Node 12+ (#164 & #205, thanks @ vikerman & @ sibbng!)
  • The htm/preact package now re-exports useErrorBoundary (#180, thanks @ artisonian!)
• 3.0.4 - 2020-04-15
  
  • Fixes a bug in the Standalone preact bundle (htm/preact/standalone) that caused rendering inaccuracies (#159)
• 3.0.3 - 2020-02-05
  
  • Fix TypeScript typings: export the identified w/ declared type (#153, thanks @ yhatt!)

from htm GitHub release notes

Package name: react-router-dom

• 5.3.4 - 2022-10-02
• 5.3.3 - 2022-05-18
• 5.3.2 - 2022-05-17
• 5.3.1 - 2022-04-17
• 5.3.0 - 2021-09-03
• 5.2.1 - 2021-08-27
• 5.2.0 - 2020-05-11
• 5.1.2 - 2019-09-30

from react-router-dom GitHub release notes

Package name: superagent

• 5.3.1 - 2020-06-28
  
  • Revert "fix: allow unset to prevent some defaults (#1560)" b411b66

  v5.3.0...v5.3.1

• 5.3.0 - 2020-06-28
  
  • chore: bump deps 5f7f7ff
  • fix: fixed package.json version per #1564 c067457
  • feature: Support port overrides in connect() (#1564) 7a25f3e
  • fix: ensure node retries happen when using .then syntax (#1487) (#1543) 77bcb11
  • fix: allow unset to prevent some defaults (#1560) afd20c1
  • fix: attach cookies to agent after plugin is used (#1556) 4babc5d
  • fix: a typo in docs (#1549) 5d729bb

  v5.2.2...v5.3.0

• 5.2.2 - 2020-02-17
  
  • Fix URI encoding (#1539) c7a10e2
  • Revert "feat: add secure cookie override to agent" (#1537) 40424e6
  • feat: add secure cookie override to agent (#1515) 737697f

  v5.2.1...v5.2.2

from superagent GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.