[Snyk] Upgrade react-dropzone from 4.2.7 to 11.4.2 #2

snyk-bot · 2021-10-17T00:17:44Z

Snyk has created this PR to upgrade react-dropzone from 4.2.7 to 11.4.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

The recommended version is 76 versions ahead of your current version.
The recommended version was released 23 days ago, on 2021-09-23.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-610226	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-1023599	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-TMPL-1583443	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Arbitrary Code Execution SNYK-JS-THENIFY-571690	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Arbitrary File Write SNYK-JS-TAR-1579155	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579152	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579147	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536531	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536528	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-SETVALUE-450213	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-SETVALUE-450213	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1585624	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1584358	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-MIXINDEEP-450212	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Command Injection SNYK-JS-LODASH-1040724	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Arbitrary Code Execution SNYK-JS-JSYAML-174129	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary Code Execution SNYK-JS-JSYAML-174129	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-INI-1048974	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Arbitrary Code Execution SNYK-JS-HANDLEBARS-534478	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Denial of Service (DoS) SNYK-JS-HANDLEBARS-480388	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-HANDLEBARS-469063	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-HANDLEBARS-174183	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-HANDLEBARS-173692	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary Code Execution SNYK-JS-ESLINTUTILS-460220	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Remote Memory Exposure SNYK-JS-BL-608877	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-AJV-584908	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-AJV-584908	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-AJV-584908	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) npm:ua-parser-js:20180227	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-1072471	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1047770	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-PROMPTS-1729737	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Command Injection SNYK-JS-NODENOTIFIER-1035794	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Denial of Service SNYK-JS-NODEFETCH-674311	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-MINIMIST-559764	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-559764	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-559764	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Denial of Service (DoS) SNYK-JS-JSYAML-173999	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Denial of Service (DoS) SNYK-JS-JSYAML-173999	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-HIGHLIGHTJS-1045326	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-HANDLEBARS-567742	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-HANDLEBARS-534988	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-HANDLEBARS-1279029	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Remote Code Execution (RCE) SNYK-JS-HANDLEBARS-1056767	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-HANDLEBARS-567742	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-HANDLEBARS-1279029	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Remote Code Execution (RCE) SNYK-JS-HANDLEBARS-1056767	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-DOTPROP-543489	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-CSSWHAT-1298035	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-CODEMIRROR-1016937	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-LODASH-590103	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Validation Bypass SNYK-JS-KINDOF-537849	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-CODEMIRROR-569611	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: react-dropzone

11.4.2 - 2021-09-23
11.4.2 (2021-09-23)

Bug Fixes
- re-export ErrorCode from './utils' (2e83d35)
11.4.1 - 2021-09-22
11.4.1 (2021-09-22)

Bug Fixes
- add missing ErrorCode export and close #1091 (2a9ddbb)
11.4.0 - 2021-09-14
11.4.0 (2021-09-14)

Features
- ts: export the error codes as an enum (58abc82)
11.3.5 - 2021-09-13
11.3.5 (2021-09-13)

Bug Fixes
- ignore the vendor dir to avoid licensing issues (7447fd2)
11.3.4 - 2021-06-25
11.3.4 (2021-06-25)

Bug Fixes
- add the validator as dependency to onDropCb (4e625d2)
11.3.3 - 2021-06-25
11.3.3 (2021-06-25)

Bug Fixes
- typings: use generics for getRootProps and getInputProps (27243bc)
11.3.2 - 2021-03-26
11.3.2 (2021-03-26)

Bug Fixes
- Check drag event contains files before showing "copy" cursor (ec93425), closes #1042
11.3.1 - 2021-02-08
11.3.1 (2021-02-08)

Bug Fixes
- allow validator to be null (6f0e826)
11.3.0 - 2021-02-03
11.3.0 (2021-02-03)

Features
- add {validator} for custom validation (ebe2130)
11.2.4 - 2020-11-08
11.2.4 (2020-11-08)

Bug Fixes
- add supported browsers via browserslist config and close #630 (5a4ae93)
11.2.3 - 2020-10-30
11.2.2 - 2020-10-28
11.2.1 - 2020-10-23
11.2.0 - 2020-09-18
11.1.0 - 2020-09-09
11.0.3 - 2020-08-13
11.0.2 - 2020-07-14
11.0.1 - 2020-04-26
11.0.0 - 2020-04-26
10.2.2 - 2020-03-26
10.2.1 - 2019-11-24
10.2.0 - 2019-11-16
10.1.10 - 2019-10-06
10.1.9 - 2019-09-18
10.1.8 - 2019-08-28
10.1.7 - 2019-07-30
10.1.6 - 2019-07-21
10.1.5 - 2019-05-22
10.1.4 - 2019-04-21
10.1.3 - 2019-04-06
10.1.2 - 2019-04-06
10.1.1 - 2019-04-06
10.1.0 - 2019-03-31
10.0.6 - 2019-03-23
10.0.5 - 2019-03-20
10.0.4 - 2019-03-14
10.0.3 - 2019-03-14
10.0.2 - 2019-03-13
10.0.1 - 2019-03-13
10.0.0 - 2019-03-05
9.0.0 - 2019-02-22
8.2.0 - 2019-02-21
8.1.0 - 2019-02-08
8.0.4 - 2019-01-29
8.0.3 - 2018-12-22
8.0.2 - 2018-12-17
8.0.1 - 2018-12-13
8.0.0 - 2018-12-10
7.0.1 - 2018-10-26
7.0.0 - 2018-10-26
6.2.4 - 2018-10-16
6.2.3 - 2018-10-15
6.2.2 - 2018-10-14
6.2.1 - 2018-10-13
6.2.0 - 2018-10-13
6.1.3 - 2018-10-13
6.1.2 - 2018-10-13
6.1.1 - 2018-10-13
6.1.0 - 2018-10-12
6.0.4 - 2018-10-11
6.0.3 - 2018-10-10
6.0.2 - 2018-10-03
6.0.1 - 2018-10-03
6.0.0 - 2018-10-02
5.1.1 - 2018-09-26
5.1.0 - 2018-09-09
5.0.2 - 2018-09-08
5.0.1 - 2018-08-18
5.0.0 - 2018-08-17
4.3.0 - 2018-08-06
4.2.13 - 2018-07-04
4.2.12 - 2018-06-26
4.2.11 - 2018-05-31
4.2.10 - 2018-05-22
4.2.9 - 2018-03-07
4.2.8 - 2018-02-13
4.2.7 - 2018-01-19

from react-dropzone GitHub release notes

Commit messages

Package name: react-dropzone

2e83d35 fix: re-export `ErrorCode` from './utils'
cb2883e ci: update node version for semantic-release (#1093)
2a9ddbb fix: add missing ErrorCode export and close #1091
d7c008c chore: update react to 17.0 (#1089)
58abc82 feat(ts): export the error codes as an enum
623623e docs: rename Doka to Pintura (#1082)
a269031 style: fix spelling error ("ommit"→"omit") (#1081)
7447fd2 fix: ignore the vendor dir to avoid licensing issues
1924fa6 style: fix spelling of `across`
4e625d2 fix: add the `validator` as dependency to onDropCb
fcacd74 chore: use initial state when reset state
27243bc fix(typings): use generics for `getRootProps` and `getInputProps`
ec93425 fix: Check drag event contains files before showing "copy" cursor
6f0e826 fix: allow validator to be null
ebe2130 feat: add {validator} for custom validation
5a4ae93 fix: add supported browsers via browserslist config and close Choropleth map aspect ratio remains constant despite changes to height plotly/dash-core-components#630
c4cdc2a docs: add doka integration
bb42b94 fix: update internal state when maxFiles prop changes and close #1025
b4a1ac6 fix: set isDragReject true when maxFiles rejects (#1020)
96e7c15 ci: add gitpod config (#1024)
b8d5245 fix(deps): update file-selector and close #1022
1b1177d docs: add default props to Dropzone component for react-docgen (#1015)
aaa9710 chore: update deps and fix the act() test warnings
624549c feat: add {maxFiles} to limit the accepted files

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade react-dropzone from 4.2.7 to 11.4.2. See this package in npm: https://www.npmjs.com/package/react-dropzone See this project in Snyk: https://app.snyk.io/org/baby636/project/20a37e45-155c-4352-b385-8601535f4969?utm_source=github&utm_medium=referral&page=upgrade-pr

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade react-dropzone from 4.2.7 to 11.4.2 #2

[Snyk] Upgrade react-dropzone from 4.2.7 to 11.4.2 #2

snyk-bot commented Oct 17, 2021

11.4.2 (2021-09-23)

Bug Fixes

11.4.1 (2021-09-22)

Bug Fixes

11.4.0 (2021-09-14)

Features

11.3.5 (2021-09-13)

Bug Fixes

11.3.4 (2021-06-25)

Bug Fixes

11.3.3 (2021-06-25)

Bug Fixes

11.3.2 (2021-03-26)

Bug Fixes

11.3.1 (2021-02-08)

Bug Fixes

11.3.0 (2021-02-03)

Features

11.2.4 (2020-11-08)

Bug Fixes

[Snyk] Upgrade react-dropzone from 4.2.7 to 11.4.2 #2

Are you sure you want to change the base?

[Snyk] Upgrade react-dropzone from 4.2.7 to 11.4.2 #2

Conversation

snyk-bot commented Oct 17, 2021

Snyk has created this PR to upgrade react-dropzone from 4.2.7 to 11.4.2.

11.4.2 (2021-09-23)

Bug Fixes

11.4.1 (2021-09-22)

Bug Fixes

11.4.0 (2021-09-14)

Features

11.3.5 (2021-09-13)

Bug Fixes

11.3.4 (2021-06-25)

Bug Fixes

11.3.3 (2021-06-25)

Bug Fixes

11.3.2 (2021-03-26)

Bug Fixes

11.3.1 (2021-02-08)

Bug Fixes

11.3.0 (2021-02-03)

Features

11.2.4 (2020-11-08)

Bug Fixes