[Snyk] Upgrade: react, react-dom, , async, clsx, eventemitter2, fontfaceobserver, handlebars, image-size, jquery, neo4j-driver, prop-types, react-alert-template-basic, react-draggable, react-transition-group, stream-chain, stream-json, unzipper

[stuxMY]

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

react
from 16.13.1 to 16.14.0 | 1 version ahead of your current version | 4 years ago
on 2020-10-14
react-dom
from 16.13.1 to 16.14.0 | 1 version ahead of your current version | 4 years ago
on 2020-10-14
@fortawesome/fontawesome-free
from 5.14.0 to 5.15.4 | 5 versions ahead of your current version | 3 years ago
on 2021-08-04
async
from 2.6.3 to 2.6.4 | 1 version ahead of your current version | 2 years ago
on 2022-04-13
clsx
from 1.1.1 to 1.2.1 | 2 versions ahead of your current version | 2 years ago
on 2022-07-06
eventemitter2
from 6.4.3 to 6.4.9 | 6 versions ahead of your current version | 2 years ago
on 2022-09-12
fontfaceobserver
from 2.1.0 to 2.3.0 | 2 versions ahead of your current version | 2 years ago
on 2022-05-16
handlebars
from 4.7.6 to 4.7.8 | 2 versions ahead of your current version | a year ago
on 2023-08-01
image-size
from 0.8.3 to 0.9.7 | 7 versions ahead of your current version | 3 years ago
on 2021-03-15
jquery
from 3.5.1 to 3.7.1 | 7 versions ahead of your current version | a year ago
on 2023-08-28
neo4j-driver
from 4.1.0 to 4.4.11 | 35 versions ahead of your current version | a year ago
on 2023-06-19
prop-types
from 15.7.2 to 15.8.1 | 2 versions ahead of your current version | 3 years ago
on 2022-01-05
react-alert-template-basic
from 1.0.0 to 1.0.2 | 2 versions ahead of your current version | 3 years ago
on 2021-05-13
react-draggable
from 4.4.3 to 4.4.6 | 3 versions ahead of your current version | a year ago
on 2023-09-27
react-transition-group
from 4.4.1 to 4.4.5 | 4 versions ahead of your current version | 2 years ago
on 2022-08-01
stream-chain
from 2.2.3 to 2.2.5 | 2 versions ahead of your current version | 3 years ago
on 2022-02-17
stream-json
from 1.7.1 to 1.8.0 | 5 versions ahead of your current version | a year ago
on 2023-05-30
unzipper
from 0.10.11 to 0.12.3 | 9 versions ahead of your current version | a month ago
on 2024-07-31

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Prototype Pollution SNYK-JS-LODASH-567746	731	Proof of Concept
	Prototype Pollution SNYK-JS-ASYNC-2441827	731	Proof of Concept
	Remote Code Execution (RCE) SNYK-JS-HANDLEBARS-1056767	731	Proof of Concept
	Prototype Pollution SNYK-JS-HANDLEBARS-1279029	731	Proof of Concept
	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	731	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	731	No Known Exploit

Release notes

Package name: react

• 16.14.0 - 2020-10-14
  

  React

  • Add support for the new JSX transform. (@ lunaruan in #18299)
• 16.13.1 - 2020-03-19
  

  React DOM

  • Fix bug in legacy mode Suspense where effect clean-up functions are not fired. This only affects users who use Suspense for data fetching in legacy mode, which is not technically supported. (@ acdlite in #18238)
  • Revert warning for cross-component updates that happen inside class render lifecycles (componentWillReceiveProps, shouldComponentUpdate, and so on). (@ gaearon in #18330)

  Artifacts

  • react: https://unpkg.com/react@16.13.1/umd/
  • react-art: https://unpkg.com/react-art@16.13.1/umd/
  • react-dom: https://unpkg.com/react-dom@16.13.1/umd/
  • react-is: https://unpkg.com/react-is@16.13.1/umd/
  • react-test-renderer: https://unpkg.com/react-test-renderer@16.13.1/umd/
  • scheduler: https://unpkg.com/scheduler@0.19.1/umd/

from react GitHub release notes

Package name: react-dom

• 16.14.0 - 2020-10-14
  

  React

  • Add support for the new JSX transform. (@ lunaruan in #18299)
• 16.13.1 - 2020-03-19
  

  React DOM

  • Fix bug in legacy mode Suspense where effect clean-up functions are not fired. This only affects users who use Suspense for data fetching in legacy mode, which is not technically supported. (@ acdlite in #18238)
  • Revert warning for cross-component updates that happen inside class render lifecycles (componentWillReceiveProps, shouldComponentUpdate, and so on). (@ gaearon in #18330)

  Artifacts

  • react: https://unpkg.com/react@16.13.1/umd/
  • react-art: https://unpkg.com/react-art@16.13.1/umd/
  • react-dom: https://unpkg.com/react-dom@16.13.1/umd/
  • react-is: https://unpkg.com/react-is@16.13.1/umd/
  • react-test-renderer: https://unpkg.com/react-test-renderer@16.13.1/umd/
  • scheduler: https://unpkg.com/scheduler@0.19.1/umd/

from react-dom GitHub release notes

Package name: @fortawesome/fontawesome-free

• 5.15.4 - 2021-08-04
• 5.15.3 - 2021-03-16
• 5.15.2 - 2021-01-13
• 5.15.1 - 2020-10-05
• 5.15.0 - 2020-09-29
• 5.14.0 - 2020-07-15

from @fortawesome/fontawesome-free GitHub release notes

Package name: async

• 2.6.4 - 2022-04-13
  

  Version 2.6.4

• 2.6.3 - 2019-07-14
  

  Version 2.6.3

from async GitHub release notes

Package name: clsx

• 1.2.1 - 2022-07-06
  

  Patches

  • Ensure CommonJS and UMD entrypoints have the named clsx export too

  Chores

  • Build CJS & UMD files manually (#50): 3712966, 2114f5b

  ---

  Full Changelog: v1.2.0...v1.2.1

• 1.2.0 - 2022-07-02
  

  Features

  • Add named clsx export alias (#43, #44): 56ab81f
    Thank you @ danikaze~!
    
    This is purely an alias for the default export so that TypeScript users can avoid the esModuleInterop setting. In other words, the follow import statements are effectively identical, but the latter is preferred by TypeScript:

    import clsx from 'clsx';
    // or
    import { clsx } from 'clsx';

    Important: Just to reiterate, both still work!

  Chores

  • Migrate from tape to uvu for tests: 1c36d10
  • Add Node 14 and Node 16 to CI test matrix: bc4f827
  • Update "string variadic" tests (#30): 74cefa6
    Thank you @ gingerrific~!
  • Enable GitHub Sponsors button: 400b848

  ---

  Full Changelog: v1.1.1...v1.2.0

• 1.1.1 - 2020-05-30
  

  Note: This is a performance-related patch only!
  Across all benchmarks, this version of clsx is ~1M ops/sec faster than clsx@1.1.0.
  ...It also happens to be 1 byte (gzip) smaller 😅🎉

  Patches

  • fix: Remove needless spacer on string/number condition: ff11464
  • fix: Remove unnecessary recursive caller for object keys: f43dd23
  • perf: Guard all toVal calls with truthy assertions: 4fa8811, 019ec02
  • perf: Reorder typeof checks for common case: 08a5a7f

  Chores

  • Run CI via GitHub Actions: 64af363, 883363b, 866620d, 768ffab, 5e92fdf
  • Report code coverage within CI script: 0fb6d98
  • Use esm hook with tests: 0287e40
  • Update module size (-1 byte): 7e8c75e
  • Update benchmark results: 75053c0
  • Lock all dev-deps: 3c6aa3f
  • Update badges: fd1533f

  Benchmarks

  Run on Node.js v10.13.0.
  You may find updated browser benchmarks here.

  The snippet below is comparing clsx@1.1.1 (this version) to the previous version, and to classnames for ballpark comparison. All candidates are functionally identical!

  # Strings
  classnames x 3,992,284 ops/sec ±1.64% (94 runs sampled)
  clsx@1.1.0 x 11,253,372 ops/sec ±0.35% (96 runs sampled)
  clsx@1.1.1 x 12,784,134 ops/sec ±0.42% (97 runs sampled)

  Objects

  classnames x 3,772,978 ops/sec ±0.46% (96 runs sampled)
  clsx@1.1.0 x 7,288,178 ops/sec ±0.31% (96 runs sampled)
  clsx@1.1.1 x 9,412,010 ops/sec ±0.42% (95 runs sampled)

  Arrays

  classnames x 1,665,275 ops/sec ±1.83% (93 runs sampled)
  clsx@1.1.0 x 8,340,174 ops/sec ±0.53% (96 runs sampled)
  clsx@1.1.1 x 9,141,916 ops/sec ±0.42% (95 runs sampled)

  Nested Arrays

  classnames x 1,164,706 ops/sec ±1.60% (95 runs sampled)
  clsx@1.1.0 x 6,284,485 ops/sec ±0.58% (90 runs sampled)
  clsx@1.1.1 x 7,165,151 ops/sec ±0.47% (91 runs sampled)

  Nested Arrays w/ Objects

  classnames x 1,597,180 ops/sec ±1.49% (93 runs sampled)
  clsx@1.1.0 x 6,345,248 ops/sec ±0.21% (95 runs sampled)
  clsx@1.1.1 x 7,651,411 ops/sec ±0.56% (95 runs sampled)

  Mixed

  classnames x 2,129,199 ops/sec ±1.46% (94 runs sampled)
  clsx@1.1.0 x 6,557,515 ops/sec ±0.73% (91 runs sampled)
  clsx@1.1.1 x 8,119,210 ops/sec ±0.42% (93 runs sampled)

  Mixed (Bad Data)

  classnames x 1,166,577 ops/sec ±0.84% (94 runs sampled)
clsx@1.1.0 x 2,018,654 ops/sec ±0.15% (98 runs sampled)
clsx@1.1.1 x 2,238,939 ops/sec ±0.34% (95 runs sampled)


  
  

from clsx GitHub release notes

Package name: eventemitter2

• 6.4.9 - 2022-09-12
  

  6.4.9

• 6.4.8 - 2022-09-06
  

  6.4.8

• 6.4.7 - 2022-08-01
  

  6.4.7

• 6.4.6 - 2022-06-30
  

  6.4.6

• 6.4.5 - 2021-10-03
  

  6.4.5

• 6.4.4 - 2021-02-24
  

  Added

  • ETIMEDOUT code property to timeout errors @ HalleyAssist

  Fixed

  • prepending listeners to wildcard emitters @ Ilrilan
• 6.4.3 - 2020-06-22
  

  Fixed

  • ignoring the objectify option in wildcard mode (#265) @ DigitalBrainJS
  • waitFor listeners leakage issue (#262) @ DigitalBrainJS

from eventemitter2 GitHub release notes

Package name: fontfaceobserver

• 2.3.0 - 2022-05-16
  

  2.3.0

• 2.2.0 - 2022-05-16
  

  2.2.0

• 2.1.0 - 2018-12-01
  

  2.1.0

from fontfaceobserver GitHub release notes

Package name: handlebars

• 4.7.8 - 2023-08-01
  
  • Make library compatible with workers (#1894) - 3d3796c
  • Don't rely on Node.js global object (#1776) - 2954e7e
  • Fix compiling of each block params in strict mode (#1855) - 30dbf04
  • Fix rollup warning when importing Handlebars as ESM - 03d387b
  • Fix bundler issue with webpack 5 (#1862) - c6c6bbb
  • Use https instead of git for mustache submodule - 88ac068

  Commits

• 4.7.7 - 2021-02-15
  

  v4.7.7

• 4.7.6 - 2020-04-03
  

  v4.7.6

from handlebars GitHub release notes

Package name: image-size

• 0.9.7 - 2021-03-15
  

  0.9.7

• 0.9.6 - 2021-03-15
  

  0.9.6

• 0.9.5 - 2021-03-11
  

  0.9.5

• 0.9.4 - 2021-02-24
  No content.
• 0.9.3 - 2020-10-26
  

  0.9.3

• 0.9.2 - 2020-10-19
  No content.
• 0.9.1 - 2020-09-03
  

  0.9.1

• 0.8.3 - 2019-09-30
  

  0.8.3

from image-size GitHub release notes

Package name: jquery

• 3.7.1 - 2023-08-28
  

  https://blog.jquery.com/2023/08/28/jquery-3-7-1-released-reliable-table-row-dimensions/

• 3.7.0 - 2023-05-11
  

  https://blog.jquery.com/2023/05/11/jquery-3-7-0-released-staying-in-order/

• 3.6.4 - 2023-03-08
  

  https://blog.jquery.com/2023/03/08/jquery-3-6-4-released-selector-forgiveness/

• 3.6.3 - 2022-12-20
  

  https://blog.jquery.com/2022/12/20/jquery-3-6-3-released-a-quick-selector-fix/

• 3.6.2 - 2022-12-13
  

  https://blog.jquery.com/2022/12/13/jquery-3-6-2-released/

• 3.6.1 - 2022-08-26
  

  https://blog.jquery.com/2022/08/26/jquery-3-6-1-maintenance-release/

• 3.6.0 - 2021-03-02
  

  https://blog.jquery.com/2021/03/02/jquery-3-6-0-released/

• 3.5.1 - 2020-05-04
  

  3.5.1

from jquery GitHub release notes

Package name: neo4j-driver

• 4.4.11 - 2023-06-19
• 4.4.10 - 2022-10-06
• 4.4.9 - 2022-09-13
• 4.4.8 - 2022-09-07
• 4.4.7 - 2022-07-26
• 4.4.6 - 2022-06-13
• 4.4.5 - 2022-03-24
• 4.4.4 - 2022-03-17
• 4.4.3 - 2022-02-22
• 4.4.2 - 2022-02-01
• 4.4.1 - 2021-11-23
• 4.4.0 - 2021-11-05
• 4.4.0-beta02 - 2021-11-03
• 4.4.0-beta01 - 2021-10-22
• 4.4.0-alpha01 - 2021-10-21
• 4.3.6 - 2021-11-05
• 4.3.5 - 2021-11-03
• 4.3.4 - 2021-10-15
• 4.3.3 - 2021-08-17
• 4.3.2 - 2021-07-30
• 4.3.1 - 2021-06-14
• 4.3.0 - 2021-05-27
• 4.3.0-rc03 - 2021-05-27
• 4.3.0-rc02 - 2021-05-19
• 4.3.0-rc01 - 2021-05-14
• 4.3.0-beta01 - 2021-05-05
• 4.3.0-alpha02 - 2021-04-20
• 4.3.0-alpha01 - 2021-04-15
• 4.2.3 - 2021-03-02
• 4.2.2 - 2021-01-18
• 4.2.1 - 2020-11-17
• 4.2.0 - 2020-11-17
• 4.2.0-alpha01 - 2020-10-09
• 4.1.2 - 2020-09-07
• 4.1.1 - 2020-07-21
• 4.1.0 - 2020-06-23

from neo4j-driver GitHub release notes

Package name: prop-types

• 15.8.1 - 2022-01-05
  
  • [Fix] fix crash when a custom propType return lacks .data; call hasOwnProperty properly (#370)
  • [meta] Fix formatting in CHANGELOG.md (#367)
  • [Tests] add missing test coverage (#370)
  • [Tests] convert normal it functions to arrow functions (#370)
  • [Tests] do not fail fast; add react 17 (#366)
  • [Dev Deps] update eslint
• 15.8.0 - 2021-12-22
  
  • [New] add PropTypes.bigint (#365)
  • [New] oneOfType: Add expected types to warning (#198)
  • [New] Add type check for validator for 'shape' and 'exact' (#234)
  • [Fix] checkPropTypes: Friendlier message when using a type checker that is not a function (#51)
  • [Refactor] extract has (#261, #125, #124)
  • [readme] Fix branch name (master -> main) (#364)
  • [readme] Clarify usage of elementType (#335)
  • [docs] highlighted the func name (#321)
  • [docs] Typo fix in example (#300)
  • [docs] Add instructions for intentional inclusion of validation in production. (#262)
  • [docs] PropTypes.node: add link to react docs
  • [docs] Improve wording for checkPropTypes (#258)
  • [meta] Add a package sideEffects field. (#350)
  • [meta] use in-publish to avoid running the build on install
  • [deps] regenerate yarn.lock
  • [deps] update react-is (#347, #346, #345, #340, #338)
  • [eslint] enable some rules (#360)
  • [Tests] Use GH Actions (#363)
  • [Tests] Fix spelling (#318)
  • [Tests] Fixed typo: 'Any type should accept any value' (#281)
  • [Tests] fix broken tests; test the build process
  • [Dev Deps] update browserify, bundle-collapser, eslint, in-publish, react, uglifyify, uglifyjs
• 15.7.2 - 2019-02-13
  

  v15.7.2

from prop-types GitHub release notes

Package name: react-alert-template-basic

• 1.0.2 - 2021-05-13
• 1.0.1 - 2021-05-10
• 1.0.0 - 2018-01-01

from react-alert-template-basic GitHub release notes

Package name: react-draggable

• 4.4.6 - 2023-09-27
  

  release v4.4.6

• 4.4.5 - 2022-04-26
  

  release v4.4.5

• 4.4.4 - 2021-08-27
  

  release v4.4.4

• 4.4.3 - 2020-06-08
  

  release v4.4.3

from react-draggable GitHub release notes

Package name: react-transition-group

• 4.4.5 - 2022-08-01
  

  4.4.5 (2022-08-01)

  Bug Fixes

  • apply entering animation synchronously when unmountOnExit or mountOnEnter is enabled (#847) (1043549)
• 4.4.4 - 2022-07-30
  

  4.4.4 (2022-07-30)

  Bug Fixes

  • missing build files (#845) (97af789)
• 4.4.3 - 2022-07-30
  

  4.4.3 (2022-07-30)

  Bug Fixes

  • enter animations with mountOnEnter or unmountOnExit (#749) (51bdceb)
• 4.4.2 - 2021-05-29
  

  4.4.2 (2021-05-29)

  Bug Fixes

  • nodeRef prop type for cross-realm elements (#732) (8710c01)
• 4.4.1 - 2020-05-06
  

  4.4.1 (2020-05-06)

  Bug Fixes

  • transition SSR (#619) (2722bb6)

from react-transition-group GitHub release notes

Package name: stream-chain

• 2.2.5 - 2022-02-17
  

  New version: 2.2.5.

• 2.2.4 - 2020-12-30
  

  New version: 2.2.4.

• 2.2.3 - 2020-07-10
  

  Restricted published package size.

from stream-chain GitHub release notes

Package name: stream-json

• 1.8.0 - 2023-05-30
  

  Remove CodeQL analisys.

• 1.7.5 - 2022-11-23
  

  New version: 1.7.5.

• 1.7.4 - 2022-02-17
  
  • Updated dependency: stream-chain.
• 1.7.3 - 2021-09-14
  

  Assembler can treat numbers as strings.

• 1.7.2 - 2021-07-04
  

  Merge branch 'maboily-fix-jsonl-parser-unhandled-errors'

• 1.7.1 - 2020-08-18
  

  New version: 1.7.1.

from stream-json GitHub release notes

Package name: unzipper

• 0.12.3 - 2024-07-31
  

  Add @ ts-ignore to unblock typescript errors

• 0.12.2 - 2024-07-14
  
  • Support for @ AWS-SDK version 3 (@ alice-was-here)
  • Fix zip64 extra field (@ Cruaier)
  • Upgrade bluebird (snyk)
• 0.12.1 - 2024-06-08
  
  • unmaintained fstream replaced with fs-extra
  • empty directories in a zip file will now be created when zip file is extracted
  • big-integer replaced with node-int64 (up to 20x performance increase on large encrypted files)
  • npm deployment added to github actions
• 0.11.6 - 2024-05-11
• 0.11.5 - 2024-05-04
• 0.11.4 - 2024-04-22
• 0.11.3 - 2024-04-15
• 0.11.2 - 2024-04-14
  
  • remove polyfills - no longer supporting ancient node versions
  • use GitHub actions for testing and coverage
  • remove 'binary' dependency
  • break up huge promise chain to minimize memory usage
  • ignore window zip slipped files
  • use pipeline to propagate errors in a chain of streams
• 0.10.14 - 2023-05-10
• 0.10.11 - 2020-04-20

from unzipper GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"react","from":"16.13.1","to":"16.14.0"},{"name":"react-dom","from":"16.13.1","to":"16.14.0"},{"name":"","from":"fortawesome/fontawesome-free","to":"fortawesome/fontawesome-free"},{"name":"async","from":"2.6.3","to":"2.6.4"},{"name":"clsx","from":"1.1.1","to":"1.2.1"},{"name":"eventemitter2","from":"6.4.3","to":"6.4.9"},{"name":"fontfaceobserver","from":"2.1.0","to":"2.3.0"},{"name":"handlebars","from":"4.7.6","to":"4.7.8"},{"name":"image-size","from":"0.8.3","to":"0.9.7"},{"name":"jquery","from":"3.5.1","to":"3.7.1"},{"name":"neo4j-driver","from":"4.1.0","to":"4.4.11"},{"name":"prop-types","from":"15.7.2","to":"15.8.1"},{"name":"react-alert-template-basic","from":"1.0.0","to":"1.0.2"},{"name":"react-draggable","from":"4.4.3","to":"4.4.6"},{"name":"react-transition-group","from":"4.4.1","to":"4.4.5"},{"name":"stream-chain","from":"2.2.3","to":"2.2.5"},{"name":"stream-json","from":"1.7.1","to":"1.8.0"},{"name":"unzipper","from":"0.10.11","to":"0.12.3"}],"e...