Update dependency react to v16.5.0

[mend-for-github-com]

This PR contains the following updates:

Package	Type	Update	Change
react (source)	devDependencies	minor	16.2.0 -> 16.5.0

By merging this PR, the below vulnerabilities will be automatically resolved:

	Severity	CVSS Score	CVE
	Medium	6.1	CVE-2022-0235
	Medium	5.3	CVE-2020-15168

---

Release Notes

facebook/react

v16.5.0

Compare Source

React

• Add a warning if React.forwardRef render function doesn't take exactly two arguments (@​bvaughn in #​13168)
• Improve the error message when passing an element to createElement by mistake (@​DCtheTall in #​13131)
• Don't call profiler onRender until after mutations (@​bvaughn in #​13572)

React DOM

• Add support for React DevTools Profiler (@​bvaughn in #​13058)
• Add react-dom/profiling entry point alias for profiling in production (@​bvaughn in #​13570)
• Add onAuxClick event for browsers that support it (@​jquense in #​11571)
• Add movementX and movementY fields to mouse events (@​jasonwilliams in #​9018)
• Add tangentialPressure and twist fields to pointer events (@​motiz88 in #​13374)
• Minimally support iframes (nested browsing contexts) in selection event handling (@​acusti in #​12037)
• Support passing booleans to the focusable SVG attribute (@​gaearon in #​13339)
• Ignore <noscript> on the client when hydrating (@​Ephem in #​13537)
• Fix gridArea to be treated as a unitless CSS property (@​mgol in #​13550)
• Fix incorrect data in compositionend event when typing Korean on IE11 (@​crux153 in #​12563)
• Fix a crash when using dynamic children in the <option> tag (@​Slowyn in #​13261, @​gaearon in #​13465)
• Fix the checked attribute not getting initially set on the input (@​dilidili in #​13114)
• Fix hydration of dangerouslySetInnerHTML when __html is not a string (@​gaearon in #​13353)
• Fix a warning about missing controlled onChange to fire on falsy values too (@​nicolevy in #​12628)
• Fix submit and reset buttons getting an empty label (@​ellsclytn in #​12780)
• Fix the onSelect event not being triggered after drag and drop (@​gaearon in #​13422)
• Fix the onClick event not working inside a portal on iOS (@​aweary in #​11927)
• Fix a performance issue when thousands of roots are re-rendered (@​gaearon in #​13335)
• Fix a performance regression that also caused onChange to not fire in some cases (@​gaearon in #​13423)
• Handle errors in more edge cases gracefully (@​gaearon in #​13237 and @​acdlite in #​13269)
• Don't use proxies for synthetic events in development (@​gaearon in #​12171)
• Warn when "false" or "true" is the value of a boolean DOM prop (@​motiz88 in #​13372)
• Warn when this.state is initialized to props (@​veekas in #​11658)
• Don't compare style on hydration in IE due to noisy false positives (@​mgol in #​13534)
• Include StrictMode in the component stack (@​gaearon in #​13240)
• Don't overwrite window.event in IE (@​ConradIrwin in #​11696)
• Improve component stack for the folder/index.js naming convention (@​gaearon in #​12059)
• Improve a warning when using getDerivedStateFromProps without initialized state (@​flxwu in #​13317)
• Improve a warning about invalid textarea usage (@​raunofreiberg in #​13361)
• Treat invalid Symbol and function values more consistently (@​raunofreiberg in #​13362 and #​13389)
• Allow Electron <webview> tag without warnings (@​philipp-spiess in #​13301)
• Don't show the uncaught error addendum if e.preventDefault() was called (@​gaearon in #​13384)
• Warn about rendering Generators (@​gaearon in #​13312)
• Remove irrelevant suggestion of a legacy method from a warning (@​zx6658 in #​13169)
• Remove unstable_deferredUpdates in favor of unstable_scheduleWork from schedule (@​gaearon in #​13488)
• Fix unstable asynchronous mode from doing unnecessary work when an update takes too long (@​acdlite in #​13503)

React DOM Server

• Fix crash with nullish children when using dangerouslySetInnerHtml in a selected <option> (@​mridgway in #​13078)
• Fix crash when setTimeout is missing (@​dustinsoftware in #​13088)

React Test Renderer and Test Utils

• Fix this in a functional component for shallow renderer to be undefined (@​koba04 in #​13144)
• Deprecate a Jest-specific ReactTestUtils.mockComponent() helper (@​bvaughn in #​13193)
• Warn about ReactDOM.createPortal usage within the test renderer (@​bvaughn in #​12895)
• Improve a confusing error message (@​gaearon in #​13351)

React ART

• Add support for DevTools (@​yunchancho in #​13173)

Schedule (Experimental)

• New package for cooperatively scheduling work in a browser environment. It's used by React internally, but its public API is not finalized yet. (@​flarnie in #​12624)

v16.4.2

Compare Source

React DOM Server

• Fix a potential XSS vulnerability when the attacker controls an attribute name (CVE-2018-6341). This fix is available in the latest react-dom@16.4.2, as well as in previous affected minor versions: react-dom@16.0.1, react-dom@16.1.2, react-dom@16.2.1, and react-dom@16.3.3. (@​gaearon in #​13302)

• Fix a crash in the server renderer when an attribute is called hasOwnProperty. This fix is only available in react-dom@16.4.2. (@​gaearon in #​13303)

v16.4.1

Compare Source

React

• You can now assign propTypes to components returned by React.ForwardRef. (@​bvaughn in #​12911)

React DOM

• Fix a crash when the input type changes from some other types to text. (@​spirosikmd in #​12135)
• Fix a crash in IE11 when restoring focus to an SVG element. (@​ThaddeusJiang in #​12996)
• Fix a range input not updating in some cases. (@​Illu in #​12939)
• Fix input validation triggering unnecessarily in Firefox. (@​nhunzaker in #​12925)
• Fix an incorrect event.target value for the onChange event in IE9. (@​nhunzaker in #​12976)
• Fix a false positive error when returning an empty <React.Fragment /> from a component. (@​philipp-spiess in #​12966)

React DOM Server

• Fix an incorrect value being provided by new context API. (@​ericsoderberghp in #​12985, @​gaearon in #​13019)

React Test Renderer

• Allow multiple root children in test renderer traversal API. (@​gaearon in #​13017)
• Fix getDerivedStateFromProps() in the shallow renderer to not discard the pending state. (@​fatfisz in #​13030)

v16.4.0

Compare Source

React

• Add a new experimental React.unstable_Profiler component for measuring performance. (@​bvaughn in #​12745)

React DOM

• Add support for the Pointer Events specification. (@​philipp-spiess in #​12507)
• Properly call getDerivedStateFromProps() regardless of the reason for re-rendering. (@​acdlite in #​12600 and #​12802)
• Fix a bug that prevented context propagation in some cases. (@​gaearon in #​12708)
• Fix re-rendering of components using forwardRef() on a deeper setState(). (@​gaearon in #​12690)
• Fix some attributes incorrectly getting removed from custom element nodes. (@​airamrguez in #​12702)
• Fix context providers to not bail out on children if there's a legacy context provider above. (@​gaearon in #​12586)
• Add the ability to specify propTypes on a context provider component. (@​nicolevy in #​12658)
• Fix a false positive warning when using react-lifecycles-compat in <StrictMode>. (@​bvaughn in #​12644)
• Warn when the forwardRef() render function has propTypes or defaultProps. (@​bvaughn in #​12644)
• Improve how forwardRef() and context consumers are displayed in the component stack. (@​sophiebits in #​12777)
• Change internal event names. This can break third-party packages that rely on React internals in unsupported ways. (@​philipp-spiess in #​12629)

React Test Renderer

• Fix the getDerivedStateFromProps() support to match the new React DOM behavior. (@​koba04 in #​12676)
• Fix a testInstance.parent crash when the parent is a fragment or another special node. (@​gaearon in #​12813)
• forwardRef() components are now discoverable by the test renderer traversal methods. (@​gaearon in #​12725)
• Shallow renderer now ignores setState() updaters that return null or undefined. (@​koba04 in #​12756)

React ART

• Fix reading context provided from the tree managed by React DOM. (@​acdlite in #​12779)

React Call Return (Experimental)

• This experiment was deleted because it was affecting the bundle size and the API wasn't good enough. It's likely to come back in the future in some other form. (@​gaearon in #​12820)

React Reconciler (Experimental)

• The new host config shape is flat and doesn't use nested objects. (@​gaearon in #​12792)

v16.3.2

Compare Source

React

• Improve the error message when passing null or undefined to React.cloneElement. (@​nicolevy in #​12534)

React DOM

• Fix an IE crash in development when using <StrictMode>. (@​bvaughn in #​12546)
• Fix labels in User Timing measurements for new component types. (@​bvaughn in #​12609)
• Improve the warning about wrong component type casing. (@​nicolevy in #​12533)
• Improve general performance in development mode. (@​gaearon in #​12537)
• Improve performance of the experimental unstable_observedBits API with nesting. (@​gaearon in #​12543)

React Test Renderer

• Add a UMD build. (@​bvaughn in #​12594)

v16.3.1

Compare Source

React

• Fix a false positive warning in IE11 when using Fragment. (@​heikkilamarko in #​12504)
• Prefix a private API. (@​Andarist in #​12501)
• Improve the warning when calling setState() in constructor. (@​gaearon in #​12532)

React DOM

• Fix getDerivedStateFromProps() not getting applied in some cases. (@​acdlite in #​12528)
• Fix a performance regression in development mode. (@​gaearon in #​12510)
• Fix error handling bugs in development mode. (@​gaearon and @​acdlite in #​12508)
• Improve user timing API messages for profiling. (@​flarnie in #​12384)

Create Subscription

• Set the package version to be in sync with React releases. (@​bvaughn in #​12526)
• Add a peer dependency on React 16.3+. (@​NMinhNguyen in #​12496)

v16.3.0

Compare Source

React

• Add a new officially supported context API. (@​acdlite in #​11818)
• Add a new React.createRef() API as an ergonomic alternative to callback refs. (@​trueadm in #​12162)
• Add a new React.forwardRef() API to let components forward their refs to a child. (@​bvaughn in #​12346)
• Fix a false positive warning in IE11 when using React.Fragment. (@​XaveScor in #​11823)
• Replace React.unstable_AsyncComponent with React.unstable_AsyncMode. (@​acdlite in #​12117)
• Improve the error message when calling setState() on an unmounted component. (@​sophiebits in #​12347)

React DOM

• Add a new getDerivedStateFromProps() lifecycle and UNSAFE_ aliases for the legacy lifecycles. (@​bvaughn in #​12028)
• Add a new getSnapshotBeforeUpdate() lifecycle. (@​bvaughn in #​12404)
• Add a new <React.StrictMode> wrapper to help prepare apps for async rendering. (@​bvaughn in #​12083)
• Add support for onLoad and onError events on the <link> tag. (@​roderickhsiao in #​11825)
• Add support for noModule boolean attribute on the <script> tag. (@​aweary in #​11900)
• Fix minor DOM input bugs in IE and Safari. (@​nhunzaker in #​11534)
• Correctly detect Ctrl + Enter in onKeyPress in more browsers. (@​nstraub in #​10514)
• Fix containing elements getting focused on SSR markup mismatch. (@​koba04 in #​11737)
• Fix value and defaultValue to ignore Symbol values. (@​nhunzaker in #​11741)
• Fix refs to class components not getting cleaned up when the attribute is removed. (@​bvaughn in #​12178)
• Fix an IE/Edge issue when rendering inputs into a different window. (@​M-ZubairAhmed in #​11870)
• Throw with a meaningful message if the component runs after jsdom has been destroyed. (@​gaearon in #​11677)
• Don't crash if there is a global variable called opera with a null value. @​alisherdavronov in #​11854)
• Don't check for old versions of Opera. (@​skiritsis in #​11921)
• Deduplicate warning messages about <option selected>. (@​watadarkstar in #​11821)
• Deduplicate warning messages about invalid callback. (@​yenshih in #​11833)
• Deprecate ReactDOM.unstable_createPortal() in favor of ReactDOM.createPortal(). (@​prometheansacrifice in #​11747)
• Don't emit User Timing entries for context types. (@​abhaynikam in #​12250)
• Improve the error message when context consumer child isn't a function. (@​raunofreiberg in #​12267)
• Improve the error message when adding a ref to a functional component. (@​skiritsis in #​11782)

React DOM Server

• Prevent an infinite loop when attempting to render portals with SSR. (@​gaearon in #​11709)
• Warn if a class doesn't extend React.Component. (@​wyze in #​11993)
• Fix an issue with this.state of different components getting mixed up. (@​sophiebits in #​12323)
• Provide a better message when component type is undefined. (@​HeroProtagonist in #​11966)

React Test Renderer

• Fix handling of fragments in toTree(). (@​maciej-ka in #​12107 and @​gaearon in #​12154)
• Shallow renderer should assign state to null for components that don't set it. (@​jwbay in #​11965)
• Shallow renderer should filter legacy context according to contextTypes. (@​koba04 in #​11922)
• Add an unstable API for testing asynchronous rendering. (@​acdlite in #​12478)

React Is (New)

• First release of the new package that libraries can use to detect different React node types. (@​bvaughn in #​12199)
• Add ReactIs.isValidElementType() to help higher-order components validate their inputs. (@​jamesreggio in #​12483)

React Lifecycles Compat (New)

• First release of the new package to help library developers target multiple versions of React. (@​bvaughn in #​12105)

Create Subscription (New)

• First release of the new package to subscribe to external data sources safely for async rendering. (@​bvaughn in #​12325)

React Reconciler (Experimental)

• Expose react-reconciler/persistent for building renderers that use persistent data structures. (@​gaearon in #​12156)
• Pass host context to finalizeInitialChildren(). (@​jquense in #​11970)
• Remove useSyncScheduling from the host config. (@​acdlite in #​11771)

React Call Return (Experimental)

• Fix a crash on updates. (@​rmhartog in #​11955)

---

• If you want to rebase/retry this PR, click this checkbox.