[Snyk] Upgrade: react, react-dom

[lucasaugustodeveloper]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on
react from 16.5.0 to 16.14.0	34 versions ahead of your current version	3 years ago on 2020-10-14
react-dom from 16.5.0 to 16.14.0	33 versions ahead of your current version	3 years ago on 2020-10-14

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-NORMALIZEURL-1296539	375/1000 Why? CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PARSELINKHEADER-1582783	375/1000 Why? CVSS 7.5	Proof of Concept
	Command Injection SNYK-JS-SSH2-1656673	375/1000 Why? CVSS 7.5	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	375/1000 Why? CVSS 7.5	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	375/1000 Why? CVSS 7.5	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579147	375/1000 Why? CVSS 7.5	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579152	375/1000 Why? CVSS 7.5	No Known Exploit
	Prototype Pollution SNYK-JS-LODASHSET-1320032	375/1000 Why? CVSS 7.5	Proof of Concept
	Arbitrary File Write SNYK-JS-TAR-1579155	375/1000 Why? CVSS 7.5	No Known Exploit
	Command Injection SNYK-JS-SNYKSNYKHEXPLUGIN-3039680	375/1000 Why? CVSS 7.5	Proof of Concept
	Command Injection SNYK-JS-SNYK-3037342	375/1000 Why? CVSS 7.5	Proof of Concept
	Command Injection SNYK-JS-SNYK-3038622	375/1000 Why? CVSS 7.5	Proof of Concept
	Code Injection SNYK-JS-SNYK-3111871	375/1000 Why? CVSS 7.5	No Known Exploit
	Command Injection SNYK-JS-SNYKDOCKERPLUGIN-3039679	375/1000 Why? CVSS 7.5	Proof of Concept
	Command Injection SNYK-JS-SNYKGOPLUGIN-3037316	375/1000 Why? CVSS 7.5	Proof of Concept
	Command Injection SNYK-JS-SNYKGRADLEPLUGIN-3038624	375/1000 Why? CVSS 7.5	Proof of Concept
	Command Injection SNYK-JS-SNYKMVNPLUGIN-3038623	375/1000 Why? CVSS 7.5	Proof of Concept
	Command Injection SNYK-JS-SNYKPYTHONPLUGIN-3039677	375/1000 Why? CVSS 7.5	Proof of Concept
	Command Injection SNYK-JS-SNYKSBTPLUGIN-3038626	375/1000 Why? CVSS 7.5	Proof of Concept
	Command Injection SNYK-JS-SNYKSNYKCOCOAPODSPLUGIN-3038625	375/1000 Why? CVSS 7.5	Proof of Concept
	Open Redirect SNYK-JS-GOT-2932019	375/1000 Why? CVSS 7.5	No Known Exploit
	Open Redirect SNYK-JS-GOT-2932019	375/1000 Why? CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTTPCACHESEMANTICS-3248783	375/1000 Why? CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-XML2JS-5414874	375/1000 Why? CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	375/1000 Why? CVSS 7.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: react

• 16.14.0 - 2020-10-14
  

  React

  • Add support for the new JSX transform. (@ lunaruan in #18299)
• 16.13.1 - 2020-03-19
  

  React DOM

  • Fix bug in legacy mode Suspense where effect clean-up functions are not fired. This only affects users who use Suspense for data fetching in legacy mode, which is not technically supported. (@ acdlite in #18238)
  • Revert warning for cross-component updates that happen inside class render lifecycles (componentWillReceiveProps, shouldComponentUpdate, and so on). (@ gaearon in #18330)

  Artifacts

  • react: https://unpkg.com/react@16.13.1/umd/
  • react-art: https://unpkg.com/react-art@16.13.1/umd/
  • react-dom: https://unpkg.com/react-dom@16.13.1/umd/
  • react-is: https://unpkg.com/react-is@16.13.1/umd/
  • react-test-renderer: https://unpkg.com/react-test-renderer@16.13.1/umd/
  • scheduler: https://unpkg.com/scheduler@0.19.1/umd/
• 16.13.0 - 2020-02-26
  

  React

  • Warn when a string ref is used in a manner that's not amenable to a future codemod (@ lunaruan in #17864)
  • Deprecate React.createFactory() (@ trueadm in #17878)

  React DOM

  • Warn when changes in style may cause an unexpected collision (@ sophiebits in #14181, #18002)
  • Warn when a function component is updated during another component's render phase (@ acdlite in #17099)
  • Deprecate unstable_createPortal (@ trueadm in #17880)
  • Fix onMouseEnter being fired on disabled buttons (@ AlfredoGJ in #17675)
  • Call shouldComponentUpdate twice when developing in StrictMode (@ bvaughn in #17942)
  • Add version property to ReactDOM (@ ealush in #15780)
  • Don't call toString() of dangerouslySetInnerHTML (@ sebmarkbage in #17773)
  • Show component stacks in more warnings (@ gaearon in #17922, #17586)

  Concurrent Mode (Experimental)

  • Warn for problematic usages of ReactDOM.createRoot() (@ trueadm in #17937)
  • Remove ReactDOM.createRoot() callback params and added warnings on usage (@ bvaughn in #17916)
  • Don't group Idle/Offscreen work with other work (@ sebmarkbage in #17456)
  • Adjust SuspenseList CPU bound heuristic (@ sebmarkbage in #17455)
  • Add missing event plugin priorities (@ trueadm in #17914)
  • Fix isPending only being true when transitioning from inside an input event (@ acdlite in #17382)
  • Fix React.memo components dropping updates when interrupted by a higher priority update (@ acdlite in #18091)
  • Don't warn when suspending at the wrong priority (@ gaearon in #17971)
  • Fix a bug with rebasing updates (@ acdlite and @ sebmarkbage in #17560, #17510, #17483, #17480)

  Artifacts

  • react: https://unpkg.com/react@16.13.0/umd/
  • react-art: https://unpkg.com/react-art@16.13.0/umd/
  • react-dom: https://unpkg.com/react-dom@16.13.0/umd/
  • react-is: https://unpkg.com/react-is@16.13.0/umd/
  • react-test-renderer: https://unpkg.com/react-test-renderer@16.13.0/umd/
  • scheduler: https://unpkg.com/scheduler@0.19.0/umd/
• 16.12.0 - 2019-11-14
  

  React DOM

  • Fix passive effects (useEffect) not being fired in a multi-root app. (@ acdlite in #17347)

  React Is

  • Fix lazy and memo types considered elements instead of components (@ bvaughn in #17278)

  Artifacts

  • react: https://unpkg.com/react@16.12.0/umd/
  • react-art: https://unpkg.com/react-art@16.12.0/umd/
  • react-dom: https://unpkg.com/react-dom@16.12.0/umd/
  • react-is: https://unpkg.com/react-is@16.12.0/umd/
  • react-test-renderer: https://unpkg.com/react-test-renderer@16.12.0/umd/
  • scheduler: https://unpkg.com/scheduler@0.18.0/umd/

• 16.11.0 - 2019-10-22
• 16.10.2 - 2019-10-03
• 16.10.1 - 2019-09-28
• 16.10.0 - 2019-09-27
• 16.9.0 - 2019-08-08
• 16.9.0-rc.0 - 2019-08-05
• 16.9.0-alpha.0 - 2019-04-03
• 16.8.6 - 2019-03-28
• 16.8.5 - 2019-03-22
• 16.8.4 - 2019-03-05
• 16.8.3 - 2019-02-21
• 16.8.2 - 2019-02-14
• 16.8.1 - 2019-02-06
• 16.8.0 - 2019-02-06
• 16.8.0-alpha.1 - 2019-01-15
• 16.8.0-alpha.0 - 2019-01-09
• 16.7.0 - 2018-12-20
• 16.7.0-alpha.2 - 2018-11-13
• 16.7.0-alpha.1 - 2018-11-13
• 16.7.0-alpha.0 - 2018-10-25
• 16.6.3 - 2018-11-13
• 16.6.2 - 2018-11-13
• 16.6.1 - 2018-11-07
• 16.6.0 - 2018-10-23
• 16.6.0-alpha.f47a958 - 2018-10-10
• 16.6.0-alpha.8af6728 - 2018-10-10
• 16.6.0-alpha.400d197 - 2018-10-05
• 16.6.0-alpha.0 - 2018-09-17
• 16.5.2 - 2018-09-18
• 16.5.1 - 2018-09-13
• 16.5.0 - 2018-09-06

from react GitHub release notes

Package name: react-dom

• 16.14.0 - 2020-10-14
  

  React

  • Add support for the new JSX transform. (@ lunaruan in #18299)
• 16.13.1 - 2020-03-19
  

  React DOM

  • Fix bug in legacy mode Suspense where effect clean-up functions are not fired. This only affects users who use Suspense for data fetching in legacy mode, which is not technically supported. (@ acdlite in #18238)
  • Revert warning for cross-component updates that happen inside class render lifecycles (componentWillReceiveProps, shouldComponentUpdate, and so on). (@ gaearon in #18330)

  Artifacts

  • react: https://unpkg.com/react@16.13.1/umd/
  • react-art: https://unpkg.com/react-art@16.13.1/umd/
  • react-dom: https://unpkg.com/react-dom@16.13.1/umd/
  • react-is: https://unpkg.com/react-is@16.13.1/umd/
  • react-test-renderer: https://unpkg.com/react-test-renderer@16.13.1/umd/
  • scheduler: https://unpkg.com/scheduler@0.19.1/umd/
• 16.13.0 - 2020-02-26
  

  React

  • Warn when a string ref is used in a manner that's not amenable to a future codemod (@ lunaruan in #17864)
  • Deprecate React.createFactory() (@ trueadm in #17878)

  React DOM

  • Warn when changes in style may cause an unexpected collision (@ sophiebits in #14181, #18002)
  • Warn when a function component is updated during another component's render phase (@ acdlite in #17099)
  • Deprecate unstable_createPortal (@ trueadm in #17880)
  • Fix onMouseEnter being fired on disabled buttons (@ AlfredoGJ in #17675)
  • Call shouldComponentUpdate twice when developing in StrictMode (@ bvaughn in #17942)
  • Add version property to ReactDOM (@ ealush in #15780)
  • Don't call toString() of dangerouslySetInnerHTML (@ sebmarkbage in #17773)
  • Show component stacks in more warnings (@ gaearon in #17922, #17586)

  Concurrent Mode (Experimental)

  • Warn for problematic usages of ReactDOM.createRoot() (@ trueadm in #17937)
  • Remove ReactDOM.createRoot() callback params and added warnings on usage (@ bvaughn in #17916)
  • Don't group Idle/Offscreen work with other work (@ sebmarkbage in #17456)
  • Adjust SuspenseList CPU bound heuristic (@ sebmarkbage in #17455)
  • Add missing event plugin priorities (@ trueadm in #17914)
  • Fix isPending only being true when transitioning from inside an input event (@ acdlite in #17382)
  • Fix React.memo components dropping updates when interrupted by a higher priority update (@ acdlite in #18091)
  • Don't warn when suspending at the wrong priority (@ gaearon in #17971)
  • Fix a bug with rebasing updates (@ acdlite and @ sebmarkbage in #17560, #17510, #17483, #17480)

  Artifacts

  • react: https://unpkg.com/react@16.13.0/umd/
  • react-art: https://unpkg.com/react-art@16.13.0/umd/
  • react-dom: https://unpkg.com/react-dom@16.13.0/umd/
  • react-is: https://unpkg.com/react-is@16.13.0/umd/
  • react-test-renderer: https://unpkg.com/react-test-renderer@16.13.0/umd/
  • scheduler: https://unpkg.com/scheduler@0.19.0/umd/
• 16.12.0 - 2019-11-14
  

  React DOM

  • Fix passive effects (useEffect) not being fired in a multi-root app. (@ acdlite in #17347)

  React Is

  • Fix lazy and memo types considered elements instead of components (@ bvaughn in #17278)

  Artifacts

  • react: https://unpkg.com/react@16.12.0/umd/
  • react-art: https://unpkg.com/react-art@16.12.0/umd/
  • react-dom: https://unpkg.com/react-dom@16.12.0/umd/
  • react-is: https://unpkg.com/react-is@16.12.0/umd/
  • react-test-renderer: https://unpkg.com/react-test-renderer@16.12.0/umd/
  • scheduler: https://unpkg.com/scheduler@0.18.0/umd/

• 16.11.0 - 2019-10-22
• 16.10.2 - 2019-10-03
• 16.10.1 - 2019-09-28
• 16.10.0 - 2019-09-27
• 16.9.0 - 2019-08-08
• 16.9.0-rc.0 - 2019-08-05
• 16.9.0-alpha.0 - 2019-04-03
• 16.8.6 - 2019-03-28
• 16.8.5 - 2019-03-22
• 16.8.4 - 2019-03-05
• 16.8.3 - 2019-02-21
• 16.8.2 - 2019-02-14
• 16.8.1 - 2019-02-06
• 16.8.0 - 2019-02-06
• 16.8.0-alpha.1 - 2019-01-15
• 16.8.0-alpha.0 - 2019-01-09
• 16.7.0 - 2018-12-20
• 16.7.0-alpha.2 - 2018-11-13
• 16.7.0-alpha.1 - 2018-11-13
• 16.7.0-alpha.0 - 2018-10-25
• 16.6.3 - 2018-11-13
• 16.6.2 - 2018-11-13
• 16.6.1 - 2018-11-07
• 16.6.0 - 2018-10-23
• 16.6.0-alpha.8af6728 - 2018-10-10
• 16.6.0-alpha.400d197 - 2018-10-05
• 16.6.0-alpha.0 - 2018-09-17
• 16.5.2 - 2018-09-18
• 16.5.1 - 2018-09-13
• 16.5.0 - 2018-09-06

from react-dom GitHub release notes

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs