Skip to content

[Snyk] Upgrade react from 16.9.0 to 16.14.0 #121

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade react from 16.9.0 to 16.14.0 #121

wants to merge 1 commit into from

Conversation

X-oss-byte
Copy link
Owner

@X-oss-byte X-oss-byte commented Nov 19, 2024
edited by sourcery-ai bot
Loading

snyk-top-banner

Snyk has created this PR to upgrade react from 16.9.0 to 16.14.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 8 versions ahead of your current version.

  • The recommended version was released on 4 years ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-CROSSSPAWN-8303230		 828 Proof of Concept
Release notes
Package name: react from react GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

Summary by Sourcery

Build:

  • Upgrade React dependency from version 16.9.0 to 16.14.0 in the package.json file.

@snyk-bot
fix: upgrade react from 16.9.0 to 16.14.0
cb2e582 
Snyk has created this PR to upgrade react from 16.9.0 to 16.14.0.

See this package in npm:
react

See this project in Snyk:
https://app.snyk.io/org/sammytezzy/project/916e130a-514c-47db-a7c6-b9cc2e99b04a?utm_source=github&utm_medium=referral&page=upgrade-pr
@stackblitz StackBlitz
Copy link

stackblitz bot commented Nov 19, 2024

Review PR in StackBlitz Codeflow Run & review this pull request in StackBlitz Codeflow.

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Nov 19, 2024

⚠️ No Changeset found

Latest commit: cb2e582

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@sourcery-ai Sourcery AI
Copy link

sourcery-ai bot commented Nov 19, 2024
edited
Loading

Reviewer's Guide by Sourcery

This PR upgrades the React dependency from version 16.9.0 to 16.14.0 to address a high severity Regular Expression Denial of Service (ReDoS) vulnerability. The upgrade spans 8 versions and includes various improvements and bug fixes across React and React DOM.

No diagrams generated as the changes look simple and do not need a visual representation.

File-Level Changes

Change Details Files
Dependency version upgrade to address security vulnerability
  • Upgrade React from 16.9.0 to 16.14.0
  • Fix high severity ReDoS vulnerability (SNYK-JS-CROSSSPAWN-8303230)
 examples/react-native/package.json
New features and improvements included in the upgrade
  • Add support for the new JSX transform
  • Fix bug in legacy mode Suspense effect clean-up
  • Add warnings for problematic style changes
  • Fix onMouseEnter being fired on disabled buttons
  • Add version property to ReactDOM
 examples/react-native/package.json
Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time. You can also use
    this command to specify where the summary should be inserted.

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

sourcery-ai[bot]
sourcery-ai bot reviewed Nov 19, 2024
View reviewed changes
Copy link

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have skipped reviewing this pull request. Here's why:

  • It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
  • We don't review packaging changes - Let us know if you'd like us to change this.

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@X-oss-byte @snyk-bot