Update react-dom in / from 16.4.1 to 16.4.2 #187
Closed
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Dependencies.io has updated
react-dom
(a npm dependency in/
) from "16.4.1" to "16.4.2".16.4.2
React DOM Server
Fix a potential XSS vulnerability when the attacker controls an attribute name (
CVE-2018-6341
). This fix is available in the latestreact-dom@16.4.2
, as well as in previous affected minor versions:react-dom@16.0.1
,react-dom@16.1.2
,react-dom@16.2.1
, andreact-dom@16.3.3
. (gaearon in #13302)Fix a crash in the server renderer when an attribute is called
hasOwnProperty
. This fix is only available inreact-dom@16.4.2
. (gaearon in #13303)