[Snyk] Upgrade: react, react-dom, , , , faker, react-scripts #139

harrisonho99 · 2024-09-21T08:52:37Z

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

react
from 17.0.1 to 17.0.2 | 1 version ahead of your current version | 3 years ago
on 2021-03-22
react-dom
from 17.0.1 to 17.0.2 | 1 version ahead of your current version | 3 years ago
on 2021-03-22
@testing-library/jest-dom
from 5.11.5 to 5.17.0 | 18 versions ahead of your current version | a year ago
on 2023-07-18
@testing-library/react
from 11.1.0 to 11.2.7 | 10 versions ahead of your current version | 3 years ago
on 2021-05-14
@testing-library/user-event
from 12.1.10 to 12.8.3 | 19 versions ahead of your current version | 4 years ago
on 2021-03-09
faker
from 5.1.0 to 5.5.3 | 8 versions ahead of your current version | 3 years ago
on 2021-04-08
react-scripts
from 4.0.0 to 4.0.3 | 3 versions ahead of your current version | 4 years ago
on 2021-02-22

Issues fixed by the recommended upgrade:

Issue	Score	Exploit Maturity
Remote Memory Exposure SNYK-JS-DNSPACKET-1293563	292	No Known Exploit
Prototype Pollution SNYK-JS-ASYNC-2441827	292	Proof of Concept
Asymmetric Resource Consumption (Amplification) SNYK-JS-BODYPARSER-7926860	292	No Known Exploit
Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	292	Proof of Concept
Improper Input Validation SNYK-JS-URLPARSE-2407770	292	Proof of Concept
Prototype Pollution SNYK-JS-MERGEDEEP-1070277	292	No Known Exploit
Open Redirect SNYK-JS-EXPRESS-6474509	292	No Known Exploit
Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	292	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-2429795	292	Proof of Concept
Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	292	Proof of Concept
Prototype Pollution SNYK-JS-IMMER-1019369	292	Proof of Concept
Prototype Pollution SNYK-JS-INI-1048974	292	Proof of Concept
Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	292	Proof of Concept
Information Exposure SNYK-JS-EVENTSOURCE-2823375	292	Proof of Concept
Cross-site Scripting SNYK-JS-EXPRESS-7926867	292	No Known Exploit
Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	292	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHTOREGEXP-7925106	292	Proof of Concept
Command Injection SNYK-JS-REACTDEVUTILS-1083268	292	Proof of Concept
Improper Input Validation SNYK-JS-URLPARSE-1078283	292	No Known Exploit
Open Redirect SNYK-JS-URLPARSE-1533425	292	Proof of Concept
Access Restriction Bypass SNYK-JS-URLPARSE-2401205	292	Proof of Concept
Authorization Bypass SNYK-JS-URLPARSE-2407759	292	Proof of Concept
Authorization Bypass Through User-Controlled Key SNYK-JS-URLPARSE-2412697	292	Proof of Concept
Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	292	No Known Exploit
Cross-site Scripting SNYK-JS-SEND-7926862	292	No Known Exploit
Cross-site Scripting SNYK-JS-SERVESTATIC-7926865	292	No Known Exploit
Regular Expression Denial of Service (ReDoS) npm:debug:20170905	292	Proof of Concept
Regular Expression Denial of Service (ReDoS) npm:debug:20170905	292	Proof of Concept

Release notes

Package name: react

17.0.2 - 2021-03-22
React DOM
- Remove an unused dependency to address the SharedArrayBuffer cross-origin isolation warning. (@ koba04 and @ bvaughn in #20831, #20832, and #20840)
Artifacts
- react: https://unpkg.com/react@17.0.2/umd/
- react-art: https://unpkg.com/react-art@17.0.2/umd/
- react-dom: https://unpkg.com/react-dom@17.0.2/umd/
- react-is: https://unpkg.com/react-is@17.0.2/umd/
- react-test-renderer: https://unpkg.com/react-test-renderer@17.0.2/umd/
- scheduler: https://unpkg.com/scheduler@0.20.2/umd/
17.0.1 - 2020-10-22
React DOM
- Fix a crash in IE11. (@ gaearon in #20071)

from react GitHub release notes

Package name: react-dom

17.0.2 - 2021-03-22
React DOM
- Remove an unused dependency to address the SharedArrayBuffer cross-origin isolation warning. (@ koba04 and @ bvaughn in #20831, #20832, and #20840)
Artifacts
- react: https://unpkg.com/react@17.0.2/umd/
- react-art: https://unpkg.com/react-art@17.0.2/umd/
- react-dom: https://unpkg.com/react-dom@17.0.2/umd/
- react-is: https://unpkg.com/react-is@17.0.2/umd/
- react-test-renderer: https://unpkg.com/react-test-renderer@17.0.2/umd/
- scheduler: https://unpkg.com/scheduler@0.20.2/umd/
17.0.1 - 2020-10-22
React DOM
- Fix a crash in IE11. (@ gaearon in #20071)

from react-dom GitHub release notes

Package name: @testing-library/jest-dom

5.17.0 - 2023-07-18
5.17.0 (2023-07-18)

Features
- New toHaveAccessibleErrorMessage better implementing the spec, deprecate toHaveErrorMessage (#503) (d717c66)
5.16.5 - 2022-08-04
5.16.5 (2022-08-04)

Bug Fixes
- migrate ccs v3 to @ adobe/css-tools v4 (#470) (948d90f)
5.16.4 - 2022-04-05
5.16.4 (2022-04-05)

Bug Fixes
- Support unenclosed inner text for details elements in to be visible (#396) (af18453)
5.16.3 - 2022-03-24
5.16.3 (2022-03-24)

Bug Fixes
- clarify toHaveFocus message when using .not (#447) (6988a67)
5.16.2 - 2022-02-03
5.16.2 (2022-02-03)

Bug Fixes
- add custom element support to toBeDisabled (#368) (8162115)
5.16.1 - 2021-12-06
5.16.1 (2021-12-06)

Bug Fixes
- Improve toHaveClass error message format (#405) (a9beb47)
5.16.0 - 2021-12-03
5.16.0 (2021-12-03)

Features
- Update aria-query to 5.0.0 (#414) (de26c7a)
5.15.1 - 2021-11-23
5.15.1 (2021-11-23)

Bug Fixes
- wrong deprecate error message (#422) (dfcefa2)
5.15.0 - 2021-11-02
5.15.0 (2021-11-02)

Features
- import parse directly from css (#415) (4cb606c)
5.14.1 - 2021-06-11
5.14.1 (2021-06-11)

Bug Fixes
- Updates deprecated matchers info (#378) (fc9ce6d)
5.14.0 - 2021-06-11
5.13.0 - 2021-06-03
5.12.0 - 2021-04-22
5.11.10 - 2021-03-25
5.11.9 - 2021-01-12
5.11.8 - 2020-12-30
5.11.7 - 2020-12-30
5.11.6 - 2020-11-13
5.11.5 - 2020-10-23

from @testing-library/jest-dom GitHub release notes

Package name: @testing-library/react

11.2.7 - 2021-05-14
11.2.7 (2021-05-14)

Bug Fixes
- Guard against process not being defined (#911) (8a1c8e9)
11.2.6 - 2021-03-30
11.2.6 (2021-03-30)

Bug Fixes
- types: exclude tsconfig from types folder in publish flow (#893) (58150b9)
11.2.5 - 2021-02-02
11.2.5 (2021-02-02)

Bug Fixes
- render: add default type for Queries parameter (#871) (5576e6f)
11.2.4 - 2021-02-02
11.2.4 (2021-02-02)

Bug Fixes
- render: Default to HTMLElement in returned container (#868) (81c2de9)
11.2.3 - 2021-01-07
11.2.3 (2021-01-07)

Bug Fixes
- Return type of unmount is void (#857) (1389f09)
11.2.2 - 2020-11-20
11.2.2 (2020-11-20)

Bug Fixes
- dependencies: bump dom testing library (#836) (7fcb0f2)
11.2.1 - 2020-11-19
11.2.1 (2020-11-19)

Bug Fixes
- types: Allow all HTML and SVG elements in render. (#833) (1dc33b2)
11.2.0 - 2020-11-18
11.2.0 (2020-11-18)

Features
- bump dom testing library (#831) (456424f)
11.1.2 - 2020-11-11
11.1.2 (2020-11-11)

Bug Fixes
- import pretty-format from @ testing-library/dom (#821) (2712dc2)
11.1.1 - 2020-11-03
11.1.1 (2020-11-03)

Bug Fixes
- upgrade dependencies, typescript, @ testing-library/dom etc (#816) (e07e641)
11.1.0 - 2020-10-14

from @testing-library/react GitHub release notes

Package name: @testing-library/user-event

12.8.3 - 2021-03-09
12.8.3 (2021-03-09)

Bug Fixes
- tab: exclude hidden descendants (#579) (e83d949)
12.8.2 - 2021-03-09
12.8.2 (2021-03-09)

Bug Fixes
- upload: fire input event when files change (#575) (4e48750)
12.8.1 - 2021-03-02
12.8.1 (2021-03-02)

Bug Fixes
- typings: add home and end to specialChars enum (#569) (481e764)
12.8.0 - 2021-02-28
12.8.0 (2021-02-28)

Features
- upload: accept filter option (#562) (ede2df1), closes #558
12.7.4 - 2021-02-28
12.7.4 (2021-02-28)

Bug Fixes
- click: focus closest focusable (#566) (#567) (73c2323)
12.7.3 - 2021-02-23
12.7.3 (2021-02-23)

Reverts
- "fix(upload): apply accept attribute" (#563) (7a5c51e)
12.7.2 - 2021-02-22
12.7.2 (2021-02-22)

Bug Fixes
- upload: apply accept attribute (#558) (d513d6e)
12.7.1 - 2021-02-13
12.7.1 (2021-02-13)

Bug Fixes
- click links on 'enter' key press (#534) (8a34d0b)
12.7.0 - 2021-02-11
12.7.0 (2021-02-11)

Features
- add type support for {home} and {end} (#536) (808c550)
12.6.3 - 2021-02-01
12.6.3 (2021-02-01)

Bug Fixes
- add isInstanceOfElement helper (#552) (b4330c4)
12.6.2 - 2021-01-21
12.6.1 - 2021-01-21
12.6.0 - 2020-12-14
12.5.0 - 2020-12-03
12.4.0 - 2020-12-03
12.3.0 - 2020-11-30
12.2.2 - 2020-11-11
12.2.1 - 2020-11-11
12.2.0 - 2020-11-04
12.1.10 - 2020-10-22

from @testing-library/user-event GitHub release notes

Package name: react-scripts

4.0.3 - 2021-02-22
4.0.2 - 2021-02-03
4.0.1 - 2020-11-23
4.0.0 - 2020-10-23

from react-scripts GitHub release notes

Important

Check the changes in this PR to ensure they won't cause issues with your project.
This PR was automatically created by Snyk using the credentials of a real user.
Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

📜 Customise PR templates

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade: - react from 17.0.1 to 17.0.2. See this package in npm: https://www.npmjs.com/package/react - react-dom from 17.0.1 to 17.0.2. See this package in npm: https://www.npmjs.com/package/react-dom - @testing-library/jest-dom from 5.11.5 to 5.17.0. See this package in npm: https://www.npmjs.com/package/@testing-library/jest-dom - @testing-library/react from 11.1.0 to 11.2.7. See this package in npm: https://www.npmjs.com/package/@testing-library/react - @testing-library/user-event from 12.1.10 to 12.8.3. See this package in npm: https://www.npmjs.com/package/@testing-library/user-event - faker from 5.1.0 to 5.5.3. See this package in npm: https://www.npmjs.com/package/faker - react-scripts from 4.0.0 to 4.0.3. See this package in npm: https://www.npmjs.com/package/react-scripts See this project in Snyk: https://app.snyk.io/org/hotsnow199/project/6ef707f5-65f9-4959-8304-fc6c69f34345?utm_source=github&utm_medium=referral&page=upgrade-pr

[Snyk] Upgrade: react, react-dom, , , , faker, react-scripts #139

Are you sure you want to change the base?

[Snyk] Upgrade: react, react-dom, , , , faker, react-scripts #139

Conversation

harrisonho99 commented Sep 21, 2024

Snyk has created this PR to upgrade multiple dependencies.

Issues fixed by the recommended upgrade:

React DOM

Artifacts

React DOM

React DOM

Artifacts

React DOM

5.17.0 (2023-07-18)

Features

5.16.5 (2022-08-04)

Bug Fixes

5.16.4 (2022-04-05)

Bug Fixes

5.16.3 (2022-03-24)

Bug Fixes

5.16.2 (2022-02-03)

Bug Fixes

5.16.1 (2021-12-06)

Bug Fixes

5.16.0 (2021-12-03)

Features

5.15.1 (2021-11-23)

Bug Fixes

5.15.0 (2021-11-02)

Features

5.14.1 (2021-06-11)

Bug Fixes

11.2.7 (2021-05-14)

Bug Fixes

11.2.6 (2021-03-30)

Bug Fixes

11.2.5 (2021-02-02)

Bug Fixes

11.2.4 (2021-02-02)

Bug Fixes

11.2.3 (2021-01-07)

Bug Fixes

11.2.2 (2020-11-20)

Bug Fixes

11.2.1 (2020-11-19)

Bug Fixes

11.2.0 (2020-11-18)

Features

11.1.2 (2020-11-11)

Bug Fixes

11.1.1 (2020-11-03)

Bug Fixes

12.8.3 (2021-03-09)

Bug Fixes

12.8.2 (2021-03-09)

Bug Fixes

12.8.1 (2021-03-02)

Bug Fixes

12.8.0 (2021-02-28)

Features

12.7.4 (2021-02-28)

Bug Fixes

12.7.3 (2021-02-23)

Reverts

12.7.2 (2021-02-22)

Bug Fixes

12.7.1 (2021-02-13)

Bug Fixes

12.7.0 (2021-02-11)

Features

12.6.3 (2021-02-01)

Bug Fixes