[Snyk] Upgrade: react, react-dom, , axios, react-bootstrap #130
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade:
- react from 16.13.1 to 16.14.0.
See this package in npm: https://www.npmjs.com/package/react
- react-dom from 16.13.1 to 16.14.0.
See this package in npm: https://www.npmjs.com/package/react-dom
- @snyk/protect from 1.1276.0 to 1.1292.4.
See this package in npm: https://www.npmjs.com/package/@snyk/protect
- axios from 0.28.0 to 0.28.1.
See this package in npm: https://www.npmjs.com/package/axios
- react-bootstrap from 1.2.2 to 1.6.8.
See this package in npm: https://www.npmjs.com/package/react-bootstrap
See this project in Snyk:
https://app.snyk.io/org/natelandon/project/89018672-0f40-4202-a62e-2ead75bbe97d?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade multiple dependencies.
👯♂ The following dependencies are linked and will therefore be updated together.ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
react
from 16.13.1 to 16.14.0 | 1 version ahead of your current version | 4 years ago
on 2020-10-14
react-dom
from 16.13.1 to 16.14.0 | 1 version ahead of your current version | 4 years ago
on 2020-10-14
@snyk/protect
from 1.1276.0 to 1.1292.4 | 30 versions ahead of your current version | a month ago
on 2024-08-12
axios
from 0.28.0 to 0.28.1 | 1 version ahead of your current version | 6 months ago
on 2024-03-28
react-bootstrap
from 1.2.2 to 1.6.8 | 17 versions ahead of your current version | 9 months ago
on 2023-12-22
Issues fixed by the recommended upgrade:
SNYK-JS-LODASHES-2434283
SNYK-JS-LODASHES-2434284
SNYK-JS-LODASHES-2434285
SNYK-JS-LODASHES-2434289
Release notes
Package name: react
-
16.14.0 - 2020-10-14
- Add support for the new JSX transform. (@ lunaruan in #18299)
-
16.13.1 - 2020-03-19
- Fix bug in legacy mode Suspense where effect clean-up functions are not fired. This only affects users who use Suspense for data fetching in legacy mode, which is not technically supported. (@ acdlite in #18238)
- Revert warning for cross-component updates that happen inside class render lifecycles (
- react: https://unpkg.com/react@16.13.1/umd/
- react-art: https://unpkg.com/react-art@16.13.1/umd/
- react-dom: https://unpkg.com/react-dom@16.13.1/umd/
- react-is: https://unpkg.com/react-is@16.13.1/umd/
- react-test-renderer: https://unpkg.com/react-test-renderer@16.13.1/umd/
- scheduler: https://unpkg.com/scheduler@0.19.1/umd/
from react GitHub release notesReact
React DOM
componentWillReceiveProps,shouldComponentUpdate, and so on). (@ gaearon in #18330)Artifacts
Package name: react-dom
-
16.14.0 - 2020-10-14
- Add support for the new JSX transform. (@ lunaruan in #18299)
-
16.13.1 - 2020-03-19
- Fix bug in legacy mode Suspense where effect clean-up functions are not fired. This only affects users who use Suspense for data fetching in legacy mode, which is not technically supported. (@ acdlite in #18238)
- Revert warning for cross-component updates that happen inside class render lifecycles (
- react: https://unpkg.com/react@16.13.1/umd/
- react-art: https://unpkg.com/react-art@16.13.1/umd/
- react-dom: https://unpkg.com/react-dom@16.13.1/umd/
- react-is: https://unpkg.com/react-is@16.13.1/umd/
- react-test-renderer: https://unpkg.com/react-test-renderer@16.13.1/umd/
- scheduler: https://unpkg.com/scheduler@0.19.1/umd/
from react-dom GitHub release notesReact
React DOM
componentWillReceiveProps,shouldComponentUpdate, and so on). (@ gaearon in #18330)Artifacts
Package name: @snyk/protect
-
1.1292.4 - 2024-08-12
- deployment: Rollback of digital signature for the bundled macOS binary (#5416)
-
1.1292.3 - 2024-08-12
- deployment: Add digital signature for the bundled macOS binary
-
1.1292.2 - 2024-08-01
- container test: Improve the accuracy of identifying npm projects within docker images by removing the explicit folder ignore rules
- container test: Pass platform parameter when pulling an image from a container registry (#5360)
-
1.1292.1 - 2024-06-27
- test,monitor: fix improper permission error handling when accessing 'enablePnpmCli' feature flag
-
1.1292.0 - 2024-06-26
- We've added support for pnpm, giving you more flexibility in your project setup.
- You can now scan npm/yarn projects even without lockfiles, ensuring comprehensive vulnerability detection regardless of your dependency management approach.
- We're committed to strengthening security. This release includes redaction of additional sensitive data in debug logs, minimizing potential risks.
- test: Added pnpm support under 'enablePnpmCli' feature flag (#5181) (46769cc)
- test: Support scan of npm/yarn projects without lockfiles (e2d77a9)
- monitor: Set target-reference in the monitor request (51ed8f5)
- code: Centrally check if code test is enabled (#5239) (e5a00e2)
- sbom: Improve depgraph for Maven projects (fbb33d7)
- sbom: Use RFC 3339 for all timestamps in sbom test result (#5204) (91bf191)
- language-server: Add --all-projects flag scans by default IDE-318 (fdcf30e)
- language-server: Enable incremental scanning IDE-275 (d198685)
- language-server: Add support for IDE themes (c1c4d08)
- language-server: Consistent styling across intellij and vscode (#5282) (9aa6f76)
- logging: Redact additional types of sensitive data from debug logs (#5254) (056cdab)
- auth: Autodetect IDE usage and fallback to API token based authentication (#5241) (4c795e0)
- iac: Upgrade iac custom rules to address Vulnerabilities IAC-2944 (453db24)
- language-server: Caching problem when no vulnerabilities in the IDE (#5223) (89c9491)
- language-server: Remove incorrect /v1 path (#5214) (cf16470)
- dependencies: Update dependencies to reduce vulnerabilities (#5131) (4c7cb3c)
- sbom: sbom test output padding (e3b7cac)
- sbom: Fix container purl generation for apt and rpm (#5207) (fa9d512)
- sbom: Retain error code during SBOM generation (#5202) (5e98aaa)
- test: support cyclic dependencies in maven with dverbose (#5208) (fb24c02)
- test: Add tool version and informationUri to sarif output (#5203) (b899fd3)
- test: fixing several .NET bugs (#5217) (c27d767)
- test: fixing a bug causing .NET beta scanning to fail on older versions of .NET (#5228) (5fdecf7)
- test: .NET runtime resolution testing now supports projects targeting .NET Standard frameworks (#5169) (44d0861)
- test: fix issues of type 'Cannot find module ...' in snyk-docker-plugin (#5301) (88efd54)
- monitor: fix project name when using assets-project-name flag (#5077) (57dc718)
-
1.1291.1 - 2024-05-27
- dependencies: Upgrade go-getter to v1.7.4 to fix vulnerabilities (#5252)
-
1.1291.0 - 2024-04-30
- This is the first stable release of the CLI
- It makes use of semantic versioning and is the successor of 1.1290.0
- test: Fix support of cyclic dependencies in maven with dverbose #5208
-
1.1290.0 - 2024-04-19
- code: Fix error handling for experimental go native code client (#5170) (5400c69)
- code: introduce human readable formatting for experimental test mechanism (#5174) (34bbc95)
- sbom: Introduce experimental sbom test command (#5176) (ea6293b)
- snyk woof ro language support and tests (#5166) (ed2e754)
-
1.1289.0 - 2024-04-16
- ls: Trigger re-analysis after fixing interfile issues (#5163) (05cb9f5)
- code: Integrate experimental go native code client [CLI-224] (#5164) (5bd898e)
- include additional policy properties, when provided, in plain text output (#5142) (a8be764)
- use workflow data to determine exit code errors (51c717b)
-
1.1288.1 - 2024-04-15
- iac: Fix Issue Path in human readable and json output [IAC-2935] (#5159) (5fc3d59)
-
1.1288.0 - 2024-04-09
-
1.1287.0 - 2024-04-04
-
1.1286.4 - 2024-04-04
-
1.1286.3 - 2024-04-03
-
1.1286.2 - 2024-03-29
-
1.1286.1 - 2024-03-26
-
1.1286.0 - 2024-03-25
-
1.1285.1 - 2024-03-25
-
1.1285.0 - 2024-03-18
-
1.1284.0 - 2024-03-14
-
1.1283.1 - 2024-03-13
-
1.1283.0 - 2024-03-06
-
1.1282.1 - 2024-03-05
-
1.1282.0 - 2024-03-05
-
1.1281.0 - 2024-02-28
-
1.1280.1 - 2024-02-20
-
1.1280.0 - 2024-02-15
-
1.1279.0 - 2024-02-12
-
1.1278.0 - 2024-02-06
-
1.1277.0 - 2024-02-05
-
1.1276.0 - 2024-01-30
from @snyk/protect GitHub release notes1.1292.4 (2024-08-12)
The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation
Complete changelog
Bug Fixes
1.1292.3 (2024-08-12)
The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation
Complete changelog
Bug Fixes
(#5404)
1.1292.2 (2024-08-01)
The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation
Complete changelog
Bug Fixes
(#5384)
1.1292.1 (2024-06-27)
The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation
Complete changelog
Bug Fixes
1.1292.0 (2024-06-26)
The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation
News
This Snyk CLI release delivers an assortment of bug fixes and improvements.
Complete changelog
Features
Bug Fixes
1.1291.1 (2024-05-27)
The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation
Bug Fixes
1.1291.0 (2024-04-30)
The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation
News
Bug Fixes
1.1290.0 (2024-04-18)
Bug Fixes
Features
1.1289.0 (2024-04-16)
Bug Fixes
Features
1.1288.1 (2024-04-15)
Bug Fixes
Package name: axios
-
0.28.1 - 2024-03-28
- fix(backport): custom params serializer support (#6263)
- fix(backport): uncaught ReferenceError
-
0.28.0 - 2024-02-12
- fix(security): fixed CVE-2023-45857 by backporting
- Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
- Fixing content-type header repeated #4745
- Fixed timeout error message for HTTP 4738
- Added
- URL params serializer (#4734)
- Fixed toFormData Blob issue on node>v17 #4728
- Adding types for progress event callbacks #4675
- Fixed max body length defaults #4731
- Added data URL support for node.js (#4725)
- Added isCancel type assert (#4293)
- Added the ability for the
- Add
- Allow type definition for axios instance methods (#4224)
- Fixed
- Fixed
- Adding Canceler parameters config and request (#4711)
- fix(types): allow to specify partial default headers for instance creation (#4185)
- Added
- Fixing Z_BUF_ERROR when no content (#4701)
- Fixed race condition on immediate requests cancellation (#4261)
- Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an Axios instance #4248
- Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill (#4229)
- Fix TS definition for AxiosRequestTransformer (#4201)
- Use type alias instead of interface for AxiosPromise (#4505)
- Include request and config when creating a CanceledError instance (#4659)
- Added generic TS types for the exposed toFormData helper (#4668)
- Optimized the code that checks cancellation (#4587)
- Replaced webpack with rollup (#4596)
- Added stack trace to AxiosError (#4624)
- Updated AxiosError.config to be optional in the type definition (#4665)
- Removed incorrect argument for NetworkError constructor (#4656)
from axios GitHub release notesRelease notes:
Release notes:
Bug Fixes
reqis not defined (#6307)Release notes:
Bug Fixes
withXSRFTokenoption to v0.x (#6091)Backports from v1.x:
axios.formToJSONmethod (#4735)url-encoded-formserializer to respect theformSerializerconfig (#4721)string[]toAxiosRequestHeaderstype (#4322)AxiosErrorstack capturing; (#4718)AxiosErrorstatus code type; (#4717)blobto the list of protocols supported by the browser (#4678)Package name: react-bootstrap
-
1.6.8 - 2023-12-22
- ModalHeader: fix types (#6735) (54cb179)
-
1.6.7 - 2023-05-03
- Popover: fix
-
1.6.6 - 2022-08-25
-
1.6.5 - 2022-05-11
-
1.6.4 - 2021-09-24
-
1.6.3 - 2021-09-08
-
1.6.2 - 2021-09-07
-
1.6.1 - 2021-06-04
-
1.6.0 - 2021-05-11
-
1.5.2 - 2021-03-11
-
1.5.1 - 2021-03-02
-
1.5.0 - 2021-02-16
-
1.4.3 - 2021-01-07
-
1.4.2 - 2021-01-07
-
1.4.1 - 2021-01-07
-
1.4.0 - 2020-10-21
-
1.3.0 - 2020-07-23
-
1.2.2 - 2020-07-12
from react-bootstrap GitHub release notes1.6.8 (2023-12-22)
Bug Fixes
1.6.7 (2023-05-03)
Bug Fixes
contentprop error (#6612) (3d1df53)Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information: