[Snyk] Upgrade: , , , react, react-dom, babel-loader, bootstrap, react-bootstrap, react-pro-sidebar, react-redux, react-router-dom, react-scripts, redux, redux-form, redux-saga

[andreaeliasc]

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

@fortawesome/fontawesome-svg-core
from 1.2.32 to 1.2.36 | 3 versions ahead of your current version | 3 years ago
on 2021-08-04
@fortawesome/free-solid-svg-icons
from 5.15.1 to 5.15.4 | 3 versions ahead of your current version | 3 years ago
on 2021-08-04
@fortawesome/react-fontawesome
from 0.1.11 to 0.2.2 | 11 versions ahead of your current version | 4 months ago
on 2024-05-22
react
from 16.13.1 to 16.14.0 | 1 version ahead of your current version | 4 years ago
on 2020-10-14
react-dom
from 16.13.1 to 16.14.0 | 1 version ahead of your current version | 4 years ago
on 2020-10-14
babel-loader
from 8.1.0 to 8.3.0 | 7 versions ahead of your current version | 2 years ago
on 2022-11-03
bootstrap
from 4.5.2 to 4.6.2 | 4 versions ahead of your current version | 2 years ago
on 2022-07-19
react-bootstrap
from 1.3.0 to 1.6.8 | 16 versions ahead of your current version | 9 months ago
on 2023-12-22
react-pro-sidebar
from 0.4.4 to 0.7.1 | 4 versions ahead of your current version | 3 years ago
on 2021-09-23
react-redux
from 7.2.1 to 7.2.9 | 8 versions ahead of your current version | 2 years ago
on 2022-09-23
react-router-dom
from 5.2.0 to 5.3.4 | 6 versions ahead of your current version | 2 years ago
on 2022-10-02
react-scripts
from 3.4.1 to 3.4.4 | 3 versions ahead of your current version | 4 years ago
on 2020-10-20
redux
from 4.0.5 to 4.2.1 | 7 versions ahead of your current version | 2 years ago
on 2023-01-28
redux-form
from 8.3.6 to 8.3.10 | 4 versions ahead of your current version | a year ago
on 2023-03-28
redux-saga
from 1.1.3 to 1.3.0 | 5 versions ahead of your current version | 9 months ago
on 2024-01-02

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Asymmetric Resource Consumption (Amplification) SNYK-JS-BODYPARSER-7926860	481	No Known Exploit
	Remote Memory Exposure SNYK-JS-DNSPACKET-1293563	481	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ES5EXT-6095076	481	Proof of Concept
	Prototype Pollution SNYK-JS-OBJECTPATH-1017036	481	Proof of Concept
	Prototype Pollution SNYK-JS-OBJECTPATH-1585658	481	No Known Exploit
	Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	481	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	481	Proof of Concept
	Prototype Pollution SNYK-JS-LODASHES-2434285	481	Proof of Concept
	Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062	481	Proof of Concept
	Prototype Pollution SNYK-JS-ASYNC-2441827	481	Proof of Concept
	Prototype Pollution SNYK-JS-LODASHES-2434283	481	Proof of Concept
	Code Injection SNYK-JS-LODASHES-2434284	481	Proof of Concept
	Improper Input Validation SNYK-JS-URLPARSE-2407770	481	Proof of Concept
	Prototype Pollution SNYK-JS-YARGSPARSER-560381	481	Proof of Concept
	Information Exposure SNYK-JS-EVENTSOURCE-2823375	481	Proof of Concept
	Open Redirect SNYK-JS-EXPRESS-6474509	481	No Known Exploit
	Cross-site Scripting SNYK-JS-EXPRESS-7926867	481	No Known Exploit
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	481	Proof of Concept
	Prototype Pollution SNYK-JS-OBJECTPATH-1569453	481	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	481	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASHES-2434289	481	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHTOREGEXP-7925106	481	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHTOREGEXP-7925106	481	Proof of Concept
	Denial of Service (DoS) SNYK-JS-SOCKJS-575261	481	Proof of Concept
	Authorization Bypass Through User-Controlled Key SNYK-JS-URLPARSE-2412697	481	Proof of Concept
	Improper Input Validation SNYK-JS-URLPARSE-1078283	481	No Known Exploit
	Open Redirect SNYK-JS-URLPARSE-1533425	481	Proof of Concept
	Access Restriction Bypass SNYK-JS-URLPARSE-2401205	481	Proof of Concept
	Authorization Bypass SNYK-JS-URLPARSE-2407759	481	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	481	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-2429795	481	Proof of Concept
	Cross-site Scripting SNYK-JS-SEND-7926862	481	No Known Exploit
	Cross-site Scripting SNYK-JS-SERVESTATIC-7926865	481	No Known Exploit

Release notes

Package name: @fortawesome/fontawesome-svg-core

• 1.2.36 - 2021-08-04
• 1.2.35 - 2021-03-16
• 1.2.34 - 2021-01-13
• 1.2.32 - 2020-10-05

from @fortawesome/fontawesome-svg-core GitHub release notes

Package name: @fortawesome/free-solid-svg-icons

• 5.15.4 - 2021-08-04
• 5.15.3 - 2021-03-16
• 5.15.2 - 2021-01-13
• 5.15.1 - 2020-10-05

from @fortawesome/free-solid-svg-icons GitHub release notes

Package name: @fortawesome/react-fontawesome

• 0.2.2 - 2024-05-22
  

  Fixed

  • Props with nullable/undefined values no longer throw an error #562 #560
• 0.2.1 - 2024-05-16
  

  Changed

  • Remove defaultProps to be compatible with React 19
• 0.2.0 - 2022-06-29
  

  Added

  • Support for React forwardRef if using React >= 16.3
• 0.1.19 - 2022-06-29
  

  Fixed

  • Added missing beatFade, spinPulse, and spinReverse animations
• 0.1.18 - 2022-03-16
  

  Added

  • Animations bounce, shake, fade, and beat-fade
  • Property maskId and titleId to allow consistent rendering on client and server

  Changed

  • Peer dependencies now include major version 6
• 0.1.17 - 2022-01-28
  

  Added

  • New v6 sizes and animations
• 0.1.16 - 2021-10-18
  

  Fixed

  • Include 1.3.0-beta versions in peer dependencies
• 0.1.15 - 2021-08-03
  

  Fixed

  • Skip parse.icon if the icon is imported directly from an icon package
• 0.1.14 - 2020-12-22
  

  Added

  • Support for the new parse.icon function from the Font Awesome version 6 @ fortawesome/fontawesome-svg-core
• 0.1.13 - 2020-11-23
  

  Fixed

  • Update forwardRef Typescript definition #396
• 0.1.12 - 2020-10-26
• 0.1.11 - 2020-06-16

from @fortawesome/react-fontawesome GitHub release notes

Package name: react

• 16.14.0 - 2020-10-14
  

  React

  • Add support for the new JSX transform. (@ lunaruan in #18299)
• 16.13.1 - 2020-03-19
  

  React DOM

  • Fix bug in legacy mode Suspense where effect clean-up functions are not fired. This only affects users who use Suspense for data fetching in legacy mode, which is not technically supported. (@ acdlite in #18238)
  • Revert warning for cross-component updates that happen inside class render lifecycles (componentWillReceiveProps, shouldComponentUpdate, and so on). (@ gaearon in #18330)

  Artifacts

  • react: https://unpkg.com/react@16.13.1/umd/
  • react-art: https://unpkg.com/react-art@16.13.1/umd/
  • react-dom: https://unpkg.com/react-dom@16.13.1/umd/
  • react-is: https://unpkg.com/react-is@16.13.1/umd/
  • react-test-renderer: https://unpkg.com/react-test-renderer@16.13.1/umd/
  • scheduler: https://unpkg.com/scheduler@0.19.1/umd/

from react GitHub release notes

Package name: react-dom

• 16.14.0 - 2020-10-14
  

  React

  • Add support for the new JSX transform. (@ lunaruan in #18299)
• 16.13.1 - 2020-03-19
  

  React DOM

  • Fix bug in legacy mode Suspense where effect clean-up functions are not fired. This only affects users who use Suspense for data fetching in legacy mode, which is not technically supported. (@ acdlite in #18238)
  • Revert warning for cross-component updates that happen inside class render lifecycles (componentWillReceiveProps, shouldComponentUpdate, and so on). (@ gaearon in #18330)

  Artifacts

  • react: https://unpkg.com/react@16.13.1/umd/
  • react-art: https://unpkg.com/react-art@16.13.1/umd/
  • react-dom: https://unpkg.com/react-dom@16.13.1/umd/
  • react-is: https://unpkg.com/react-is@16.13.1/umd/
  • react-test-renderer: https://unpkg.com/react-test-renderer@16.13.1/umd/
  • scheduler: https://unpkg.com/scheduler@0.19.1/umd/

from react-dom GitHub release notes

Package name: babel-loader

• 8.3.0 - 2022-11-03
  

  New features

  • Pass external dependencies from Babel to Webpack by @ nicolo-ribaudo in #971

  Full Changelog: v8.2.5...v8.3.0

• 8.2.5 - 2022-04-19
  

  What's Changed

  • fix: respect inputSourceMap loader option by @ alan-agius4 in #896

  New Contributors

  • @ alan-agius4 made their first contribution in #896

  Full Changelog: v8.2.4...v8.2.5

• 8.2.4 - 2022-03-22
  

  What's Changed

  • doc(README.md): fix a broken markdown link by @ loveDstyle in #919
  • Bump loader-utils to 2.x by @ stianjensen in #931
  • Use md5 hashing for OpenSSL 3 by @ pathmapper in #924

  Thanks @ loveDstyle, @ stianjensen and @ pathmapper for your first PRs!

• 8.2.3 - 2021-10-20
  

  This release fixes compatibility with Node.js 17

  • Use md5 hash for caching on node v17 (#918)

  Thanks @ Reptarsrage!

• 8.2.2 - 2020-11-26
  

  8.2.2

• 8.2.1 - 2020-11-10
  
  • Move @ ava/babel to devDependencies #881 (@ jvasseur)
• 8.2.0 - 2020-11-10
  
  • Replace mkdirp with make-dir 47958ca (@ JLHwung)
  • Use async config loading when available d8cff97 (@ the-spyke)
• 8.1.0 - 2020-03-20

from babel-loader GitHub release notes

Package name: bootstrap

• 4.6.2 - 2022-07-19
  

  Highlights

  • Added an example to our Collapse plugin docs to show how to use horizontal collapsing. This has long been possible via our JS, but we never had an official class to utilize it.
  • We've replaced the deprecated color-adjust with print-color-adjust in our Sass files as part of the Autoprefixer v10.4.6 issues. This should quiet the issues folks have seen from that dependency change. If you're using our distribution CSS files, like bootstrap.min.css, you may still see the warning.
  • Tweaked the size of small and .small to compute to a whole pixel value (was 12.8px and now is 14px).
  • Improved accessibility around our dropdowns, color contrast, and role attributes.
  • Fixed some broken links to supporting documentation.
  • Updated dependencies across the board.

  What's Changed

  • Removed blurred background reference from the Toast Docs. by @ pricop in #35190
  • Update links to CCA, MQ5 prefers-reduced-motion, evergreen WCAG urls, more resources by @ patrickhlauke in #35427
  • v4-dev backports and updates by @ XhmikosR in #35482
  • Backport #35556 by @ julien-deramond in #35558
  • Tweak toast docs by @ patrickhlauke in #35633
  • v4-dev backports and updates by @ XhmikosR in #35642
  • Doc: Reorder alphabetically lists of components by @ julien-deramond in #36128
  • Updated the small-font-size to use a round value by @ pricop in #36172
  • v4 dev backports and updates by @ XhmikosR in #35767
  • _custom-forms.scss: fix order of attributes by @ twin-elements in #36231
  • Replace the deprecated color-adjust with print-color-adjust by @ AdrianCurtin in #36283
  • [v4] Doc: remove role="group" from some split drop* buttons by @ julien-deramond in #36254
  • Dynamic tabs: use buttons rather than links (backport to v4) by @ patrickhlauke in #33163
  • v4 dev updates by @ XhmikosR in #36430
  • Fix closing HTML tag in navs docs by @ julien-deramond in #36466
  • v4: Horizontal collapse by @ mdo in #36434
  • Fixing tabs' tests v4 by @ louismaximepiton in #36485
  • Docs: fix some ARIA Authoring Practices Guides broken links by @ julien-deramond in #36490
  • v4 - Remove confusing unnecessary id/aria-labelledby for dropdown menus by @ patrickhlauke in #36491
  • v4 Docs: outdated ARIA/PF link, expand contrast explanation in accessibility.md by @ patrickhlauke in #36492
  • v4: Improve accessible name of version dropdown in docs navbar by @ patrickhlauke in #36504
  • Update devDependencies by @ XhmikosR in #36522
  • Docs: update clipboard.js to v2.0.11 by @ julien-deramond in #36631
  • Update devDependencies by @ XhmikosR in #36724
  • v4: Add Fathom by @ mdo in #36727
  • Docs: Capitalize Unicode by @ julien-deramond in #36735
  • Release v4.6.2 by @ XhmikosR in #36725

  New Contributors

  • @ twin-elements made their first contribution in #36231
  • @ AdrianCurtin made their first contribution in #36283

  Full Changelog: v4.6.1...v4.6.2

• 4.6.1 - 2021-10-28
  

  What's changed

  • Replace Sass division with multiplication and custom divide() function by @ mdo in #34571
  • Update RFS to v8.1.0 by @ XhmikosR in #34571
  • fix(forms): input-group and validation icons by @ ffoodd in #32968
  • Fix minor visual bug in Firefox caused by moz-focusring by @ kremit in #32821
  • Adjust SAFE_URL_PATTERN regex for use with test method of regexes by @ nikonthethird in #33153
  • Add sms in the SAFE_URL_PATTERN for sanitizer by @ XhmikosR in #35074
  • Adjust feedback icon position and padding for select.form-control by @ mdo in #33206
  • Carousel: use buttons, not links, for prev/next controls by @ patrickhlauke in #33165
  • v4: Sass docs for default variables by @ mdo in #33392
  • Handle complex expressions in add() & subtract() by @ ffoodd in #34047
  • More concise improvements for add() and subtract() by @ ffoodd in #34432
  • Remove aria-haspopup from dropdowns by @ patrickhlauke in #33624
  • Dropdown: support .dropdown-item wrapped in <li> tags by @ cpsievert in #33649
  • Update Node versions in JS tests (drop Node 10, add Node 16), update docs JS assets and add variables for vertical-align in spinners by @ XhmikosR in #33807
  • Replace Freenode with Libera IRC server by @ midzer #34050
  • Fix repetition in the Navbar docs description by @ coliff in #34208
  • Enable 0.x with negative margins in utilities by @ k-utsumi in #33593
  • Remove print thead rule by @ coliff in #34426
  • Fix prevented show event disabling modals with fade class from being displayed again by @ alpadev in #34087
  • Input group validation with custom-file input by @ ffoodd in #33239
  • Add eslint-plugin-qunit and tighten JS tests by @ XhmikosR in #32270
  • Update our tests to Node 16 and npm 8 by @ XhmikosR in #35142
  • Disabled link cleanup by