Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade: , , prop-types, clsx, , , , formik, history, react-feather, react-router, react-router-dom, react-scripts, yup #155

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

udilbar
Copy link
Owner

@udilbar udilbar commented Sep 15, 2024

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

@material-ui/core
from 4.11.0 to 4.12.4 | 11 versions ahead of your current version | 2 years ago
on 2022-04-03
@material-ui/icons
from 4.9.1 to 4.11.3 | 2 versions ahead of your current version | 2 years ago
on 2022-04-03
prop-types
from 15.7.2 to 15.8.1 | 2 versions ahead of your current version | 3 years ago
on 2022-01-05
clsx
from 1.1.1 to 1.2.1 | 2 versions ahead of your current version | 2 years ago
on 2022-07-06
@material-ui/styles
from 4.10.0 to 4.11.5 | 7 versions ahead of your current version | 2 years ago
on 2022-04-03
@testing-library/jest-dom
from 5.1.0 to 5.17.0 | 36 versions ahead of your current version | a year ago
on 2023-07-18
@testing-library/react
from 10.0.0 to 10.4.9 | 23 versions ahead of your current version | 4 years ago
on 2020-08-21
formik
from 2.2.1 to 2.4.6 | 19 versions ahead of your current version | 5 months ago
on 2024-04-24
history
from 5.0.0 to 5.3.0 | 7 versions ahead of your current version | 3 years ago
on 2022-02-22
react-feather
from 2.0.8 to 2.0.10 | 2 versions ahead of your current version | 2 years ago
on 2022-05-30
react-router
from 6.0.0-beta.0 to 6.26.1 | 166 versions ahead of your current version | a month ago
on 2024-08-15
react-router-dom
from 6.0.0-beta.0 to 6.26.1 | 166 versions ahead of your current version | a month ago
on 2024-08-15
react-scripts
from 5.0.0 to 5.0.1 | 1 version ahead of your current version | 2 years ago
on 2022-04-12
yup
from 0.29.3 to 0.32.11 | 15 versions ahead of your current version | 3 years ago
on 2021-10-12

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
medium severity Prototype Pollution
SNYK-JS-YUP-2420835
601 Proof of Concept
critical severity Incomplete List of Disallowed Inputs
SNYK-JS-BABELTRAVERSE-5962462
601 Proof of Concept
high severity Denial of Service (DoS)
SNYK-JS-DECODEURICOMPONENT-3149970
601 Proof of Concept
high severity Code Injection
SNYK-JS-LODASHES-2434284
601 Proof of Concept
high severity Prototype Pollution
SNYK-JS-LODASHES-2434285
601 Proof of Concept
high severity Code Injection
SNYK-JS-LODASH-1040724
601 Proof of Concept
high severity Prototype Pollution
SNYK-JS-LODASHES-2434283
601 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASHES-2434289
601 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-3050818
601 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905
601 Proof of Concept
low severity Prototype Pollution
SNYK-JS-MINIMIST-2429795
601 Proof of Concept
Release notes
Package name: @material-ui/core
  • 4.12.4 - 2022-04-03
  • 4.12.3 - 2021-07-30
  • 4.12.2 - 2021-07-19
  • 4.12.1 - 2021-07-07
  • 4.12.0 - 2021-07-06
  • 4.11.4 - 2021-04-27
  • 4.11.3 - 2021-01-24
  • 4.11.3-deprecations.1 - 2021-01-25
  • 4.11.3-deprecations.0 - 2021-01-24
  • 4.11.2 - 2020-12-02
  • 4.11.1 - 2020-11-24
  • 4.11.0 - 2020-06-30
from @material-ui/core GitHub release notes
Package name: @material-ui/icons
  • 4.11.3 - 2022-04-03
  • 4.11.2 - 2020-12-02
  • 4.9.1 - 2020-02-02
from @material-ui/icons GitHub release notes
Package name: prop-types
  • 15.8.1 - 2022-01-05
    • [Fix] fix crash when a custom propType return lacks .data; call hasOwnProperty properly (#370)
    • [meta] Fix formatting in CHANGELOG.md (#367)
    • [Tests] add missing test coverage (#370)
    • [Tests] convert normal it functions to arrow functions (#370)
    • [Tests] do not fail fast; add react 17 (#366)
    • [Dev Deps] update eslint
  • 15.8.0 - 2021-12-22
    • [New] add PropTypes.bigint (#365)
    • [New] oneOfType: Add expected types to warning (#198)
    • [New] Add type check for validator for 'shape' and 'exact' (#234)
    • [Fix] checkPropTypes: Friendlier message when using a type checker that is not a function (#51)
    • [Refactor] extract has (#261, #125, #124)
    • [readme] Fix branch name (master -> main) (#364)
    • [readme] Clarify usage of elementType (#335)
    • [docs] highlighted the func name (#321)
    • [docs] Typo fix in example (#300)
    • [docs] Add instructions for intentional inclusion of validation in production. (#262)
    • [docs] PropTypes.node: add link to react docs
    • [docs] Improve wording for checkPropTypes (#258)
    • [meta] Add a package sideEffects field. (#350)
    • [meta] use in-publish to avoid running the build on install
    • [deps] regenerate yarn.lock
    • [deps] update react-is (#347, #346, #345, #340, #338)
    • [eslint] enable some rules (#360)
    • [Tests] Use GH Actions (#363)
    • [Tests] Fix spelling (#318)
    • [Tests] Fixed typo: 'Any type should accept any value' (#281)
    • [Tests] fix broken tests; test the build process
    • [Dev Deps] update browserify, bundle-collapser, eslint, in-publish, react, uglifyify, uglifyjs
  • 15.7.2 - 2019-02-13

    v15.7.2

from prop-types GitHub release notes
Package name: clsx
  • 1.2.1 - 2022-07-06

    Patches

    • Ensure CommonJS and UMD entrypoints have the named clsx export too

    Chores


    Full Changelog: v1.2.0...v1.2.1

  • 1.2.0 - 2022-07-02

    Features

    • Add named clsx export alias (#43, #44): 56ab81f
      Thank you @ danikaze~!

      This is purely an alias for the default export so that TypeScript users can avoid the esModuleInterop setting. In other words, the follow import statements are effectively identical, but the latter is preferred by TypeScript:

      import clsx from 'clsx';
      // or
      import { clsx } from 'clsx';

      Important: Just to reiterate, both still work!

    Chores


    Full Changelog: v1.1.1...v1.2.0

  • 1.1.1 - 2020-05-30

    Note: This is a performance-related patch only!
    Across all benchmarks, this version of clsx is ~1M ops/sec faster than clsx@1.1.0.
    ...It also happens to be 1 byte (gzip) smaller 😅🎉

    Patches

    • fix: Remove needless spacer on string/number condition: ff11464
    • fix: Remove unnecessary recursive caller for object keys: f43dd23
    • perf: Guard all toVal calls with truthy assertions: 4fa8811, 019ec02
    • perf: Reorder typeof checks for common case: 08a5a7f

    Chores

    Benchmarks

    Run on Node.js v10.13.0.
    You may find updated browser benchmarks here.

    The snippet below is comparing clsx@1.1.1 (this version) to the previous version, and to classnames for ballpark comparison. All candidates are functionally identical!

    # Strings
    classnames x 3,992,284 ops/sec ±1.64% (94 runs sampled)
    clsx@1.1.0 x 11,253,372 ops/sec ±0.35% (96 runs sampled)
    clsx@1.1.1 x 12,784,134 ops/sec ±0.42% (97 runs sampled)

    Objects

    classnames x 3,772,978 ops/sec ±0.46% (96 runs sampled)
    clsx@1.1.0 x 7,288,178 ops/sec ±0.31% (96 runs sampled)
    clsx@1.1.1 x 9,412,010 ops/sec ±0.42% (95 runs sampled)

    Arrays

    classnames x 1,665,275 ops/sec ±1.83% (93 runs sampled)
    clsx@1.1.0 x 8,340,174 ops/sec ±0.53% (96 runs sampled)
    clsx@1.1.1 x 9,141,916 ops/sec ±0.42% (95 runs sampled)

    Nested Arrays

    classnames x 1,164,706 ops/sec ±1.60% (95 runs sampled)
    clsx@1.1.0 x 6,284,485 ops/sec ±0.58% (90 runs sampled)
    clsx@1.1.1 x 7,165,151 ops/sec ±0.47% (91 runs sampled)

    Nested Arrays w/ Objects

    classnames x 1,597,180 ops/sec ±1.49% (93 runs sampled)
    clsx@1.1.0 x 6,345,248 ops/sec ±0.21% (95 runs sampled)
    clsx@1.1.1 x 7,651,411 ops/sec ±0.56% (95 runs sampled)

    Mixed

    classnames x 2,129,199 ops/sec ±1.46% (94 runs sampled)
    clsx@1.1.0 x 6,557,515 ops/sec ±0.73% (91 runs sampled)
    clsx@1.1.1 x 8,119,210 ops/sec ±0.42% (93 runs sampled)

    Mixed (Bad Data)

    classnames x 1,166,577 ops/sec ±0.84% (94 runs sampled)
    clsx@1.1.0 x 2,018,654 ops/sec ±0.15% (98 runs sampled)
    clsx@1.1.1 x 2,238,939 ops/sec ±0.34% (95 runs sampled)




from clsx GitHub release notes

Package name: @material-ui/styles
  • 4.11.5 - 2022-04-03
  • 4.11.4 - 2021-04-27
  • 4.11.3 - 2021-01-24
  • 4.11.3-deprecations.1 - 2021-01-25
  • 4.11.3-deprecations.0 - 2021-01-24
  • 4.11.2 - 2020-12-02
  • 4.11.1 - 2020-11-24
  • 4.10.0 - 2020-05-23
from @material-ui/styles GitHub release notes
Package name: @testing-library/jest-dom
  • 5.17.0 - 2023-07-18

    5.17.0 (2023-07-18)

    Features

    • New toHaveAccessibleErrorMessage better implementing the spec, deprecate toHaveErrorMessage (#503) (d717c66)
  • 5.16.5 - 2022-08-04

    5.16.5 (2022-08-04)

    Bug Fixes

    • migrate ccs v3 to @ adobe/css-tools v4 (#470) (948d90f)
  • 5.16.4 - 2022-04-05

    5.16.4 (2022-04-05)

    Bug Fixes

    • Support unenclosed inner text for details elements in to be visible (#396) (af18453)
  • 5.16.3 - 2022-03-24

    5.16.3 (2022-03-24)

    Bug Fixes

    • clarify toHaveFocus message when using .not (#447) (6988a67)
  • 5.16.2 - 2022-02-03

    5.16.2 (2022-02-03)

    Bug Fixes

    • add custom element support to toBeDisabled (#368) (8162115)
  • 5.16.1 - 2021-12-06

    5.16.1 (2021-12-06)

    Bug Fixes

    • Improve toHaveClass error message format (#405) (a9beb47)
  • 5.16.0 - 2021-12-03

    5.16.0 (2021-12-03)

    Features

  • 5.15.1 - 2021-11-23

    5.15.1 (2021-11-23)

    Bug Fixes

  • 5.15.0 - 2021-11-02

    5.15.0 (2021-11-02)

    Features

  • 5.14.1 - 2021-06-11

    5.14.1 (2021-06-11)

    Bug Fixes

  • 5.14.0 - 2021-06-11
  • 5.13.0 - 2021-06-03
  • 5.12.0 - 2021-04-22
  • 5.11.10 - 2021-03-25
  • 5.11.9 - 2021-01-12
  • 5.11.8 - 2020-12-30
  • 5.11.7 - 2020-12-30
  • 5.11.6 - 2020-11-13
  • 5.11.5 - 2020-10-23
  • 5.11.4 - 2020-08-22
  • 5.11.3 - 2020-08-11
  • 5.11.2 - 2020-07-28
  • 5.11.1 - 2020-07-15
  • 5.11.0 - 2020-06-25
  • 5.10.1 - 2020-06-14
  • 5.10.0 - 2020-06-11
  • 5.9.0 - 2020-05-28
  • 5.8.0 - 2020-05-19
  • 5.7.0 - 2020-05-07
  • 5.7.0-beta.1 - 2020-05-08
  • 5.6.0 - 2020-05-07
  • 5.5.0 - 2020-04-09
  • 5.4.0 - 2020-04-08
  • 5.3.0 - 2020-03-26
  • 5.2.0 - 2020-03-25
  • 5.1.1 - 2020-02-03
  • 5.1.0 - 2020-01-31
from @testing-library/jest-dom GitHub release notes
Package name: @testing-library/react from @testing-library/react GitHub release notes
Package name: formik
  • 2.4.6 - 2024-04-24

    Patch Changes

    • f57ca9b #3949 Thanks @ DeveloperRaj! - Changing the state inside formik was changing reference of initialValues provided via props, deep cloning the initialvalues will fix it.
  • 2.4.5 - 2023-09-17

    Patch Changes

  • 2.4.4 - 2023-09-06

    Patch Changes

  • 2.4.3 - 2023-08-02

    Patch Changes

  • 2.4.2 - 2023-06-14

    Patch Changes

  • 2.4.1 - 2023-05-31
  • 2.4.0 - 2023-05-27
  • 2.3.3 - 2023-05-27
  • 2.3.2 - 2023-05-26
  • 2.3.0 - 2023-05-26
  • 2.2.10 - 2023-05-26
  • 2.2.9 - 2021-06-02
  • 2.2.8 - 2021-05-21
  • 2.2.7 - 2021-05-19
  • 2.2.6 - 2020-12-10
  • 2.2.5 - 2020-11-11
  • 2.2.4 - 2020-11-10
  • 2.2.3 - 2020-11-07
  • 2.2.2 - 2020-11-05
  • 2.2.1 - 2020-10-23
from formik GitHub release notes
Package name: history
  • 5.3.0 - 2022-02-22

    This release provides support for native ESM consumption of all exports.

  • 5.3.0-pre.0 - 2022-02-18
    No content.
  • 5.2.0 - 2021-12-17

    🐛 Bug fixes

    • Fixed a few type declarations and deprecated the following types:
      • State (now set to unknown which will require consumer type narrowing)
      • PartialPath (use Partial<Path> instead)
      • PartialLocation (use Partial<Location> instead)
    • Fixed a regression related to the createPath return value (#813)

    ✨ Features

    • We now use statically analyzable CJS exports. This enables named imports in Node ESM scripts (See the commit).

    Full Changelog: v5.1.0...v5.2.0

  • 5.1.0 - 2021-11-02

    Because the prior 5.0.2 release removed the State type parameter from Location, this was technically a breaking change. To correct for this, I'm bumping this as a minor release. It won't affect runtime code, but it may affect your development experience and tests if you were using that parameter.

    The State type export is also restored, so you shouldn't have issues with installing React Router v6.

    Oh, by the way, did you hear we released React Router v6?

    Full Changelog: v5.0.3...v5.1.0

  • 5.0.3 - 2021-11-01

    Fixed parsePath adding incorrectly adding search

  • 5.0.2 - 2021-11-01

    Just a couple fixes:

    • Fixed search params persisting on redirects
    • Changed the location.state type to any and removed the generic on Location

    Full Changelog: v5.0.1...v5.0.2

  • 5.0.1 - 2021-08-13

    This patch release contains a tiny TypeScript update to use the built-in Partial utility for PartialPath and PartialLocation. We always love it when we can ship just a little less code!

    🙏 Credits

    Thanks to @ liuhanqu, @ hanquliu, @ chaance and @ mjackson for your contributions!

  • 5.0.0 - 2020-06-12

    Today we are very pleased to announce the stable release of history version 5!

    Overview

    This version includes many enhancements and fixes a few important issues with the library.

    New Features

    • Hash history now has support for location.state
    • Better history.block API, with support for retrying transitions
    • Full TypeScript declarations and IntelliSense docs
    • Adds development and production builds for <script type=module> users
    • Both browser and hash history have support for iframes (custom window objects)
    • About 50% smaller than v4 (and no dependencies)

    Bugfixes

    • Fixed some long-standing encoding issues with location.pathname
    • Removed unfixable warnings about pushing the same path in hash history
    • Renamed browser global to HistoryLibrary so it doesn't conflict with window.History

    Breaking Changes

    • Removed support for browsers that do not support the HTML5 history API (no pushState)
    • Removed relative pathname support in hash history and memory history
    • Removed getUserConfirmation, keyLength, and hashType APIs

    Usage

    Please refer to our installation guide for instructions about how to install the library.

    There is also a getting started guide as well as a complete API reference in the docs folder.

    We are very excited about this release, especially because it will serve as the foundation for the upcoming release of React Router version 6.

    Thank you for your support. Enjoy! 😀

from history GitHub release notes
Package name: react-feather
  • 2.0.10 - 2022-05-30
  • 2.0.9 - 2020-11-17
  • 2.0.8 - 2020-04-25
from react-feather GitHub release notes
Package name: react-router
  • 6.26.1 - 2024-08-15

    react-router-native@6.26.1

  • 6.26.1-pre.0 - 2024-08-14

    react-router-native@6.26.1-pre.0

  • 6.26.0 - 2024-08-01
  • 6.26.0-pre.1 - 2024-07-31
  • 6.26.0-pre.0 - 2024-07-30
  • 6.25.1 - 2024-07-17
  • 6.25.1-pre.0 - 2024-07-17
  • 6.25.0 - 2024-07-16
  • 6.25.0-pre.0 - 2024-07-12
  • 6.24.1 - 2024-07-03
  • 6.24.1-pre.0 - 2024-07-01
  • 6.24.0 - 2024-06-24
  • 6.24.0-pre.0 - 2024-06-14
  • 6.23.1 - 2024-05-10
  • 6.23.1-pre.1 - 2024-05-09
  • 6.23.1-pre.0 - 2024-04-30
  • 6.23.0 - 2024-04-23
  • 6.23.0-pre...

Snyk has created this PR to upgrade:
  - @material-ui/core from 4.11.0 to 4.12.4.
    See this package in npm: https://www.npmjs.com/package/@material-ui/core
  - @material-ui/icons from 4.9.1 to 4.11.3.
    See this package in npm: https://www.npmjs.com/package/@material-ui/icons
  - prop-types from 15.7.2 to 15.8.1.
    See this package in npm: https://www.npmjs.com/package/prop-types
  - clsx from 1.1.1 to 1.2.1.
    See this package in npm: https://www.npmjs.com/package/clsx
  - @material-ui/styles from 4.10.0 to 4.11.5.
    See this package in npm: https://www.npmjs.com/package/@material-ui/styles
  - @testing-library/jest-dom from 5.1.0 to 5.17.0.
    See this package in npm: https://www.npmjs.com/package/@testing-library/jest-dom
  - @testing-library/react from 10.0.0 to 10.4.9.
    See this package in npm: https://www.npmjs.com/package/@testing-library/react
  - formik from 2.2.1 to 2.4.6.
    See this package in npm: https://www.npmjs.com/package/formik
  - history from 5.0.0 to 5.3.0.
    See this package in npm: https://www.npmjs.com/package/history
  - react-feather from 2.0.8 to 2.0.10.
    See this package in npm: https://www.npmjs.com/package/react-feather
  - react-router from 6.0.0-beta.0 to 6.26.1.
    See this package in npm: https://www.npmjs.com/package/react-router
  - react-router-dom from 6.0.0-beta.0 to 6.26.1.
    See this package in npm: https://www.npmjs.com/package/react-router-dom
  - react-scripts from 5.0.0 to 5.0.1.
    See this package in npm: https://www.npmjs.com/package/react-scripts
  - yup from 0.29.3 to 0.32.11.
    See this package in npm: https://www.npmjs.com/package/yup

See this project in Snyk:
https://app.snyk.io/org/ndn1618/project/ac6cbe04-87a7-4745-9ebb-91464d6e16fd?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Type error compiling with typescript
2 participants