Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade react-redux from 7.2.0 to 7.2.9 #3

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

TooX12
Copy link
Owner

@TooX12 TooX12 commented Jun 29, 2024

This PR was automatically created by Snyk using the credentials of a real user.


![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)

Snyk has created this PR to upgrade react-redux from 7.2.0 to 7.2.9.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 9 versions ahead of your current version.

  • The recommended version was released on 2 years ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Prototype Poisoning
SNYK-JS-QS-3153490
372 Proof of Concept
high severity Prototype Pollution
SNYK-JS-MERGEDEEP-1070277
372 No Known Exploit
high severity Prototype Pollution
SNYK-JS-INI-1048974
372 Proof of Concept
high severity Server-side Request Forgery (SSRF)
SNYK-JS-IP-6240864
372 Proof of Concept
high severity Prototype Poisoning
SNYK-JS-QS-3153490
372 Proof of Concept
high severity Prototype Pollution
SNYK-JS-AJV-584908
372 No Known Exploit
high severity Prototype Pollution
SNYK-JS-ASYNC-2441827
372 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SSRI-1246392
372 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SSRI-1246392
372 Proof of Concept
high severity Arbitrary File Overwrite
SNYK-JS-TAR-1536528
372 No Known Exploit
high severity Arbitrary File Overwrite
SNYK-JS-TAR-1536531
372 No Known Exploit
high severity Arbitrary File Write
SNYK-JS-TAR-1579147
372 No Known Exploit
high severity Arbitrary File Write
SNYK-JS-TAR-1579152
372 No Known Exploit
high severity Arbitrary File Write
SNYK-JS-TAR-1579155
372 No Known Exploit
high severity Prototype Pollution
SNYK-JS-NODEFORGE-598677
372 Proof of Concept
high severity Improper Verification of Cryptographic Signature
SNYK-JS-BROWSERIFYSIGN-6037026
372 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHPARSE-1077067
372 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-PROMPTS-1729737
372 Proof of Concept
medium severity Prototype Pollution
SNYK-JS-MINIMIST-559764
372 Proof of Concept
medium severity Prototype Pollution
SNYK-JS-MINIMIST-559764
372 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-HOSTEDGITINFO-1088355
372 Proof of Concept
medium severity Denial of Service (DoS)
SNYK-JS-HTTPPROXY-569139
372 Proof of Concept
medium severity Command Injection
SNYK-JS-NODENOTIFIER-1035794
372 No Known Exploit
medium severity Denial of Service (DoS)
SNYK-JS-NWSAPI-2841516
372 No Known Exploit
medium severity Uncontrolled Resource Consumption ('Resource Exhaustion')
SNYK-JS-TAR-6476909
372 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-TERSER-2806366
372 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-ISSVG-1085627
372 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-COLORSTRING-1082939
372 Proof of Concept
low severity Prototype Pollution
SNYK-JS-MINIMIST-2429795
372 Proof of Concept
low severity Prototype Pollution
SNYK-JS-MINIMIST-2429795
372 Proof of Concept
low severity Prototype Pollution
SNYK-JS-MINIMIST-2429795
372 Proof of Concept
low severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-TAR-1536758
372 No Known Exploit
critical severity Incomplete List of Disallowed Inputs
SNYK-JS-BABELTRAVERSE-5962462
372 Proof of Concept
high severity Prototype Pollution
SNYK-JS-JSONSCHEMA-1920922
372 No Known Exploit
high severity Denial of Service (DoS)
SNYK-JS-DECODEURICOMPONENT-3149970
372 Proof of Concept
high severity Remote Memory Exposure
SNYK-JS-DNSPACKET-1293563
372 No Known Exploit
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-WEBSOCKETEXTENSIONS-570623
372 Proof of Concept
high severity Denial of Service (DoS)
SNYK-JS-WS-7266574
372 Proof of Concept
high severity Denial of Service (DoS)
SNYK-JS-WS-7266574
372 Proof of Concept
high severity Prototype Pollution
SNYK-JS-Y18N-1021887
372 Proof of Concept
high severity Cryptographic Issues
SNYK-JS-ELLIPTIC-571484
372 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-ES5EXT-6095076
372 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-TMPL-1583443
372 Proof of Concept
high severity Improper Input Validation
SNYK-JS-URLPARSE-2407770
372 Proof of Concept
high severity Code Injection
SNYK-JS-LODASH-1040724
372 Proof of Concept
high severity Prototype Pollution
SNYK-JS-LODASH-567746
372 Proof of Concept
high severity Prototype Pollution
SNYK-JS-LODASH-608086
372 Proof of Concept
high severity Prototype Pollution
SNYK-JS-LODASH-6139239
372 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-ISSVG-1243891
372 Proof of Concept
medium severity Prototype Pollution
SNYK-JS-JSON5-3182856
372 Proof of Concept
medium severity Prototype Pollution
SNYK-JS-JSON5-3182856
372 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-WS-1296835
372 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-WS-1296835
372 Proof of Concept
medium severity Cryptographic Issues
SNYK-JS-ELLIPTIC-1064899
372 No Known Exploit
medium severity Information Exposure
SNYK-JS-EVENTSOURCE-2823375
372 Proof of Concept
medium severity Open Redirect
SNYK-JS-EXPRESS-6474509
372 No Known Exploit
medium severity Improper Input Validation
SNYK-JS-URLPARSE-1078283
372 No Known Exploit
medium severity Open Redirect
SNYK-JS-URLPARSE-1533425
372 Proof of Concept
medium severity Access Restriction Bypass
SNYK-JS-URLPARSE-2401205
372 Proof of Concept
medium severity Authorization Bypass
SNYK-JS-URLPARSE-2407759
372 Proof of Concept
medium severity Authorization Bypass Through User-Controlled Key
SNYK-JS-URLPARSE-2412697
372 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905
372 Proof of Concept
low severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-WORDWRAP-3149973
372 Proof of Concept
low severity Regular Expression Denial of Service (ReDoS)
npm:debug:20170905
372 Proof of Concept
low severity Regular Expression Denial of Service (ReDoS)
npm:debug:20170905
372 Proof of Concept
Release notes
Package name: react-redux
  • 7.2.9 - 2022-09-23

    This patch release updates the rarely-used areStatesEqual option for connect to now pass through ownProps for additional use in determining which pieces of state to compare if desired.

    The new signature is:

    {
      areStatesEqual?: (
        nextState: State,
        prevState: State,
        nextOwnProps: TOwnProps,
        prevOwnProps: TOwnProps
      ) => boolean
    }

    What's Changed

    Full Changelog: v7.2.8...v7.2.9

  • 7.2.8 - 2022-04-01

    This release fixes a bug in the 7.x branch that caused <Provider> to unsubscribe and stop updating completely when used inside of React 18's <StrictMode>. The new "strict effects" behavior double-mounts components, and the subscription needed to be set up inside of a useLayoutEffect instead of a useMemo. This was previously fixed as part of v8 development, and we've backported it.

    Note: If you are now using React 18, we strongly recommend using the React-Redux v8 beta instead of v7.x!. v8 has been rewritten internally to work correctly with React 18's Concurrent Rendering capabilities. React-Redux v7 will run and generally work okay with existing code, but may have rendering issues if you start using Concurrent Rendering capabilities in your code.

    Now that React 18 is out, we plan to finalize React-Redux v8 and release it live within the next couple weeks. Per an update yesterday in the "v8 roadmap" thread, React-Redux v8 will be updated in the next couple days to ensure support for React 16.8+ as part of the next beta release. We would really appreciate final feedback on using React-Redux v8 beta with React 18 before we publish the final version.

    Full Changelog: v7.2.7...v7.2.8

  • 7.2.7 - 2022-03-31

    This release updates React-Redux v7's peer dependencies to accept React 18 as a valid version, only to avoid installation errors caused by NPM's "install all the peer deps and error if they don't match" behavior.

    Note: If you are now using React 18, we strongly recommend using the React-Redux v8 beta instead of v7.x!. v8 has been rewritten internally to work correctly with React 18's Concurrent Rendering capabilities. React-Redux v7 will run and generally work okay with existing code, but may have rendering issues if you start using Concurrent Rendering capabilities in your code.

    Now that React 18 is out, we plan to finalize React-Redux v8 and release it live within the next couple weeks. We would really appreciate final feedback on using React-Redux v8 beta with React 18 before we publish the final version.

  • 7.2.6 - 2021-10-25
  • 7.2.5 - 2021-09-04
  • 7.2.4 - 2021-04-24
  • 7.2.3 - 2021-03-23
  • 7.2.2 - 2020-10-26
  • 7.2.1 - 2020-07-25
  • 7.2.0 - 2020-02-18
from react-redux GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

Snyk has created this PR to upgrade react-redux from 7.2.0 to 7.2.9.

See this package in npm:
react-redux

See this project in Snyk:
https://app.snyk.io/org/toox12/project/3886b582-3513-45d3-bbb6-28c9d6edc821?utm_source=github&utm_medium=referral&page=upgrade-pr
Copy link
Contributor

deepsource-io bot commented Jun 29, 2024

Here's the code health analysis summary for commits 605f16a..026840c. View details on DeepSource ↗.

Analysis Summary

AnalyzerStatusSummaryLink
DeepSource JavaScript LogoJavaScript✅ SuccessView Check ↗
DeepSource PHP LogoPHP✅ SuccessView Check ↗

💡 If you’re a repository administrator, you can configure the quality gates from the settings.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants