[Snyk] Upgrade react from 16.7.0 to 16.9.0 #4

snyk-bot · 2019-09-05T04:29:44Z

Snyk have raised this PR to upgrade react from 16.7.0 to 16.9.0.

The recommended version is 41 versions ahead of your current version.
The recommended version was released a month ago, on 2019-08-08.

The recommended version fixes:

Severity	Title	Issue ID
	Prototype Pollution	SNYK-JS-SETVALUE-450213
	Arbitrary File Overwrite	SNYK-JS-FSTREAM-174725
	Prototype Pollution	SNYK-JS-HANDLEBARS-174183
	Arbitrary Code Execution	SNYK-JS-JSYAML-174129
	Prototype Pollution	SNYK-JS-LODASHMERGEWITH-174136
	Information Exposure	SNYK-JS-WEBPACKDEVSERVER-72405
	Prototype Pollution	SNYK-JS-HANDLEBARS-173692
	Prototype Pollution	SNYK-JS-SETVALUE-450213
	Arbitrary File Overwrite	SNYK-JS-TAR-174125
	Arbitrary File Overwrite	SNYK-JS-TAR-174125
	Prototype Pollution	SNYK-JS-MIXINDEEP-450212
	Denial of Service (DoS)	npm:mem:20180117
	Time of Check Time of Use (TOCTOU)	npm:chownr:20180731
	Denial of Service (DoS)	SNYK-JS-JSYAML-173999
	Regular Expression Denial of Service (ReDoS)	npm:braces:20180219

Release notes

16.9.0 - 2019-08-08
React
- Add <React.Profiler> API for gathering performance measurements programmatically. (@bvaughn in #15172)
- Remove unstable_ConcurrentMode in favor of unstable_createRoot. (@acdlite in #15532)
React DOM
- Deprecate old names for the UNSAFE_* lifecycle methods. (@bvaughn in #15186 and @threepointone in #16103)
- Deprecate javascript: URLs as a common attack surface. (@sebmarkbage in #15047)
- Deprecate uncommon "module pattern" (factory) components. (@sebmarkbage in #15145)
- Add support for the disablePictureInPicture attribute on <video>. (@eek in #15334)
- Add support for onLoad event for <embed>. (@cherniavskii in #15614)
- Add support for editing useState state from DevTools. (@bvaughn in #14906)
- Add support for toggling Suspense from DevTools. (@gaearon in #15232)
- Warn when setState is called from useEffect, creating a loop. (@gaearon in #15180)
- Fix a memory leak. (@paulshen in #16115)
- Fix a crash inside findDOMNode for components wrapped in <Suspense>. (@acdlite in #15312)
- Fix pending effects from being flushed too late. (@acdlite in #15650)
- Fix incorrect argument order in a warning message. (@brickspert in #15345)
- Fix hiding Suspense fallback nodes when there is an !important style. (@acdlite in #15861 and #15882)
- Slightly improve hydration performance. (@bmeurer in #15998)
React DOM Server
- Fix incorrect output for camelCase custom CSS property names. (@bedakb in #16167)
React Test Utilities and Test Renderer
- Add act(async () => ...) for testing asynchronous state updates. (@threepointone in #14853)
- Add support for nesting act from different renderers. (@threepointone in #16039 and #16042)
- Warn in Strict Mode if effects are scheduled outside an act() call. (@threepointone in #15763 and #16041)
- Warn when using act from the wrong renderer. (@threepointone in #15756)
Artifacts

• react: https://unpkg.com/react@16.9.0/umd/
• react-art: https://unpkg.com/react-art@16.9.0/umd/
• react-dom: https://unpkg.com/react-dom@16.9.0/umd/
• react-is: https://unpkg.com/react-is@16.9.0/umd/
• react-test-renderer: https://unpkg.com/react-test-renderer@16.9.0/umd/
• scheduler: https://unpkg.com/scheduler@0.15.0/umd/
16.9.0-rc.0 - 2019-08-05
This is a release candidate for React v16.9.0.

Changelog is available in #16254.

UMD builds

• react: https://unpkg.com/react@16.9.0-rc.0/umd/
• react-art: https://unpkg.com/react-art@16.9.0-rc.0/umd/
• react-dom: https://unpkg.com/react-dom@16.9.0-rc.0/umd/
• react-is: https://unpkg.com/react-is@16.9.0-rc.0/umd/
• react-test-renderer: https://unpkg.com/react-test-renderer@16.9.0-rc.0/umd/
• scheduler: https://unpkg.com/scheduler@0.15.0-rc.0/umd/
16.9.0-alpha.0 - 2019-04-03
v16.9.0-alpha.0 (April 3, 2019)
- (await act(async () => ...) (@threepointone in #14853)
Artifacts
- react: https://unpkg.com/react@16.9.0-alpha.0/umd/
- react-art: https://unpkg.com/react-art@16.9.0-alpha.0/umd/
- react-dom: https://unpkg.com/react-dom@16.9.0-alpha.0/umd/
- react-is: https://unpkg.com/react-is@16.9.0-alpha.0/umd/
- react-test-renderer: https://unpkg.com/react-test-renderer@16.9.0-alpha.0/umd/
- scheduler: https://unpkg.com/scheduler@0.14.0-alpha.0/umd/
16.8.6 - 2019-03-28
16.8.6 (March 27, 2019)

React DOM
- Fix an incorrect bailout in useReducer(). (@acdlite in #15124)
- Fix iframe warnings in Safari DevTools. (@renanvalentin in #15099)
- Warn if contextType is set to Context.Consumer instead of Context. (@aweary in #14831)
- Warn if contextType is set to invalid values. (@gaearon in #15142)
Artifacts
- react: https://unpkg.com/react@16.8.6/umd/
- react-art: https://unpkg.com/react-art@16.8.6/umd/
- react-dom: https://unpkg.com/react-dom@16.8.6/umd/
- react-is: https://unpkg.com/react-is@16.8.6/umd/
- react-test-renderer: https://unpkg.com/react-test-renderer@16.8.6/umd/
- scheduler: https://unpkg.com/scheduler@0.13.6/umd/
16.8.5 - 2019-03-22
16.8.5 (March 22, 2019)

React DOM
- Don't set the first option as selected in select tag with size attribute. (@kulek1 in #14242)
- Improve the useEffect(async () => ...) warning message. (@gaearon in #15118)
- Improve the error message sometimes caused by duplicate React. (@jaredpalmer in #15139)
React DOM Server
- Improve the useLayoutEffect warning message when server rendering. (@gaearon in #15158)
React Shallow Renderer
- Fix setState in shallow renderer to work with Hooks. (@gaearon in #15120)
- Fix shallow renderer to support React.memo. (@aweary in #14816)
- Fix shallow renderer to support Hooks inside forwardRef. (@eps1lon in #15100)
Artifacts
- react: https://unpkg.com/react@16.8.5/umd/
- react-art: https://unpkg.com/react-art@16.8.5/umd/
- react-dom: https://unpkg.com/react-dom@16.8.5/umd/
- react-is: https://unpkg.com/react-is@16.8.5/umd/
- react-test-renderer: https://unpkg.com/react-test-renderer@16.8.5/umd/
- scheduler: https://unpkg.com/scheduler@0.13.5/umd/
16.8.4 - 2019-03-05
16.8.4 (March 5, 2019)

React DOM and other renderers
- Fix a bug where DevTools caused a runtime error when inspecting a component that used a useContext hook. (@bvaughn in #14940)
16.8.3 - 2019-02-21
16.8.3 (February 21, 2019)

React DOM
- Fix a bug that caused inputs to behave incorrectly in UMD builds. (@gaearon in #14914)
- Fix a bug that caused render phase updates to be discarded. (@gaearon in #14852)
React DOM Server
- Unwind the context stack when a stream is destroyed without completing, to prevent incorrect values during a subsequent render. (@overlookmotel in #14706)
ESLint Plugin for React Hooks
- Add a new recommended exhaustive-deps rule. (@gaearon in #14636)
Artifacts
- react: https://unpkg.com/react@16.8.3/umd/
- react-art: https://unpkg.com/react-art@16.8.3/umd/
- react-dom: https://unpkg.com/react-dom@16.8.3/umd/
- react-is: https://unpkg.com/react-is@16.8.3/umd/
- react-test-renderer: https://unpkg.com/react-test-renderer@16.8.3/umd/
- scheduler: https://unpkg.com/scheduler@0.13.3/umd/
16.8.2 - 2019-02-14
16.8.2 (February 14, 2019)

React DOM
- Fix ReactDOM.render being ignored inside useEffect. (@gaearon in #14799)
- Fix a crash when unmounting empty portals. (@gaearon in #14820)
- Fix useImperativeHandle to work correctly when no deps are specified. (@gaearon in #14801)
- Fix crossOrigin attribute to work in SVG image elements. (@aweary in #14832)
- Fix a false positive warning when using Suspense with Hooks. (@gaearon in #14821)
React Test Utils and React Test Renderer
- Include component stack into the act() warning. (@threepointone in #14855)
Artifacts
- react: https://unpkg.com/react@16.8.2/umd/
- react-art: https://unpkg.com/react-art@16.8.2/umd/
- react-dom: https://unpkg.com/react-dom@16.8.2/umd/
- react-is: https://unpkg.com/react-is@16.8.2/umd/
- react-test-renderer: https://unpkg.com/react-test-renderer@16.8.2/umd/
- scheduler: https://unpkg.com/scheduler@0.13.2/umd/
16.8.1 - 2019-02-06
16.8.1 (February 6, 2019)

React DOM and React Test Renderer
- Fix a crash when used together with an older version of React. (@bvaughn in #14770)
React Test Utils
- Fix a crash in Node environment. (@threepointone in #14768)
Artifacts
- react: https://unpkg.com/react@16.8.1/umd/
- react-art: https://unpkg.com/react-art@16.8.1/umd/
- react-dom: https://unpkg.com/react-dom@16.8.1/umd/
- react-is: https://unpkg.com/react-is@16.8.1/umd/
- react-test-renderer: https://unpkg.com/react-test-renderer@16.8.1/umd/
- scheduler: https://unpkg.com/scheduler@0.13.1/umd/
16.8.0 - 2019-02-06
React
- Add Hooks — a way to use state and other React features without writing a class. (@acdlite et al. in #13968)
- Improve the useReducer Hook lazy initialization API. (@acdlite in #14723)
React DOM
- Bail out of rendering on identical values for useState and useReducer Hooks. (@acdlite in #14569)
- Use Object.is algorithm for comparing useState and useReducer values. (@Jessidhia in #14752)
- Don’t compare the first argument passed to useEffect/useMemo/useCallback Hooks. (@acdlite in #14594)
- Support synchronous thenables passed to React.lazy(). (@gaearon in #14626)
- Render components with Hooks twice in Strict Mode (DEV-only) to match class behavior. (@gaearon in #14654)
- Warn about mismatching Hook order in development. (@threepointone in #14585 and @acdlite in #14591)
- Effect clean-up functions must return either undefined or a function. All other values, including null, are not allowed. @acdlite in #14119
React Test Renderer and Test Utils
- Support Hooks in the shallow renderer. (@trueadm in #14567)
- Fix wrong state in shouldComponentUpdate in the presence of getDerivedStateFromProps for Shallow Renderer. (@chenesan in #14613)
- Add ReactTestRenderer.act() and ReactTestUtils.act() for batching updates so that tests more closely match real behavior. (@threepointone in #14744)
ESLint Plugin: React Hooks
- Initial release. (@calebmer in #13968)
- Fix reporting after encountering a loop. (@calebmer and @Yurickh in #14661)
- Don't consider throwing to be a rule violation. (@sophiebits in #14040)
Artifacts
- react: https://unpkg.com/react@16.8.0/umd/
- react-art: https://unpkg.com/react-art@16.8.0/umd/
- react-dom: https://unpkg.com/react-dom@16.8.0/umd/
- react-is: https://unpkg.com/react-is@16.8.0/umd/
- react-test-renderer: https://unpkg.com/react-test-renderer@16.8.0/umd/
- scheduler: https://unpkg.com/scheduler@0.13.0/umd/
16.8.0-alpha.1 - 2019-01-15
16.8.0-alpha.0 - 2019-01-09
16.7.0 - 2018-12-20

from react GitHub Release Notes

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk have raised this PR to upgrade react from 16.7.0 to 16.9.0. See this package in NPM: https://www.npmjs.com/package/react See this project in Snyk: https://app.snyk.io/org/moser-ss/project/988c9b4a-e7aa-40cd-a70d-03f574491378?utm_source=github&utm_medium=upgrade-pr

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Snyk] Upgrade react from 16.7.0 to 16.9.0 #4

[Snyk] Upgrade react from 16.7.0 to 16.9.0 #4

Uh oh!

snyk-bot commented Sep 5, 2019

Labels

2 participants

[Snyk] Upgrade react from 16.7.0 to 16.9.0 #4

Are you sure you want to change the base?

[Snyk] Upgrade react from 16.7.0 to 16.9.0 #4

Uh oh!

Conversation

snyk-bot commented Sep 5, 2019

React

React DOM

React DOM Server

React Test Utilities and Test Renderer

Artifacts

UMD builds

v16.9.0-alpha.0 (April 3, 2019)

Artifacts

16.8.6 (March 27, 2019)

React DOM

Artifacts

16.8.5 (March 22, 2019)

React DOM

React DOM Server

React Shallow Renderer

Artifacts

16.8.4 (March 5, 2019)

React DOM and other renderers

16.8.3 (February 21, 2019)

React DOM

React DOM Server

ESLint Plugin for React Hooks

Artifacts

16.8.2 (February 14, 2019)

React DOM

React Test Utils and React Test Renderer

Artifacts

16.8.1 (February 6, 2019)

React DOM and React Test Renderer

React Test Utils

Artifacts

React

React DOM

React Test Renderer and Test Utils

ESLint Plugin: React Hooks

Artifacts

Labels

2 participants