Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade: react, react-dom, , , , moment, react-big-calendar, react-datetime-picker, react-modal, react-redux, react-router-dom, react-scripts, redux, redux-thunk, sweetalert2 #121

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

damiancolaneri
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

react
from 17.0.1 to 17.0.2 | 1 version ahead of your current version | 3 years ago
on 2021-03-22
react-dom
from 17.0.1 to 17.0.2 | 1 version ahead of your current version | 3 years ago
on 2021-03-22
@testing-library/jest-dom
from 5.11.9 to 5.17.0 | 14 versions ahead of your current version | a year ago
on 2023-07-18
@testing-library/react
from 11.2.3 to 11.2.7 | 4 versions ahead of your current version | 3 years ago
on 2021-05-14
@testing-library/user-event
from 12.6.2 to 12.8.3 | 10 versions ahead of your current version | 4 years ago
on 2021-03-09
moment
from 2.29.1 to 2.30.1 | 5 versions ahead of your current version | 9 months ago
on 2023-12-27
react-big-calendar
from 0.25.0 to 0.40.8 | 53 versions ahead of your current version | 2 years ago
on 2022-07-07
react-datetime-picker
from 3.0.4 to 3.5.0 | 10 versions ahead of your current version | 3 years ago
on 2022-02-04
react-modal
from 3.12.1 to 3.16.1 | 7 versions ahead of your current version | 2 years ago
on 2022-10-18
react-redux
from 7.2.2 to 7.2.9 | 7 versions ahead of your current version | 2 years ago
on 2022-09-23
react-router-dom
from 5.2.0 to 5.3.4 | 6 versions ahead of your current version | 2 years ago
on 2022-10-02
react-scripts
from 4.0.1 to 4.0.3 | 2 versions ahead of your current version | 4 years ago
on 2021-02-22
redux
from 4.0.5 to 4.2.1 | 7 versions ahead of your current version | 2 years ago
on 2023-01-28
redux-thunk
from 2.3.0 to 2.4.2 | 3 versions ahead of your current version | 2 years ago
on 2022-11-04
sweetalert2
from 10.13.1 to 10.16.11 | 24 versions ahead of your current version | 2 years ago
on 2022-11-23

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Prototype Pollution
SNYK-JS-ASYNC-2441827
482 Proof of Concept
high severity Code Injection
SNYK-JS-LODASH-1040724
482 Proof of Concept
high severity Asymmetric Resource Consumption (Amplification)
SNYK-JS-BODYPARSER-7926860
482 No Known Exploit
high severity Remote Memory Exposure
SNYK-JS-DNSPACKET-1293563
482 No Known Exploit
high severity Directory Traversal
SNYK-JS-MOMENT-2440688
482 No Known Exploit
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MOMENT-2944238
482 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905
482 Proof of Concept
critical severity Incomplete List of Disallowed Inputs
SNYK-JS-BABELTRAVERSE-5962462
482 Proof of Concept
high severity Code Injection
SNYK-JS-LODASHES-2434284
482 Proof of Concept
high severity Improper Input Validation
SNYK-JS-FOLLOWREDIRECTS-6141137
482 Proof of Concept
high severity Prototype Pollution
SNYK-JS-IMMER-1019369
482 Proof of Concept
high severity Server-side Request Forgery (SSRF)
SNYK-JS-IP-6240864
482 Proof of Concept
high severity Improper Input Validation
SNYK-JS-URLPARSE-2407770
482 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASHES-2434289
482 Proof of Concept
medium severity Information Exposure
SNYK-JS-EVENTSOURCE-2823375
482 Proof of Concept
medium severity Open Redirect
SNYK-JS-EXPRESS-6474509
482 No Known Exploit
medium severity Cross-site Scripting
SNYK-JS-EXPRESS-7926867
482 No Known Exploit
medium severity Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2332181
482 Proof of Concept
medium severity Information Exposure
SNYK-JS-FOLLOWREDIRECTS-6444610
482 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHTOREGEXP-7925106
482 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHTOREGEXP-7925106
482 Proof of Concept
medium severity Command Injection
SNYK-JS-REACTDEVUTILS-1083268
482 Proof of Concept
medium severity Improper Input Validation
SNYK-JS-URLPARSE-1078283
482 No Known Exploit
medium severity Open Redirect
SNYK-JS-URLPARSE-1533425
482 Proof of Concept
medium severity Access Restriction Bypass
SNYK-JS-URLPARSE-2401205
482 Proof of Concept
medium severity Authorization Bypass
SNYK-JS-URLPARSE-2407759
482 Proof of Concept
medium severity Authorization Bypass Through User-Controlled Key
SNYK-JS-URLPARSE-2412697
482 Proof of Concept
low severity Prototype Pollution
SNYK-JS-MINIMIST-2429795
482 Proof of Concept
low severity Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2396346
482 No Known Exploit
low severity Cross-site Scripting
SNYK-JS-SEND-7926862
482 No Known Exploit
low severity Cross-site Scripting
SNYK-JS-SERVESTATIC-7926865
482 No Known Exploit
Release notes
Package name: react from react GitHub release notes
Package name: react-dom from react-dom GitHub release notes
Package name: @testing-library/jest-dom from @testing-library/jest-dom GitHub release notes
Package name: @testing-library/react from @testing-library/react GitHub release notes
Package name: @testing-library/user-event from @testing-library/user-event GitHub release notes
Package name: moment from moment GitHub release notes
Package name: react-big-calendar
  • 0.40.8 - 2022-07-07

    0.40.8 (2022-07-07)

    Bug Fixes

    • resolve resizing events in Month view (c7b105f), closes #2207
  • 0.40.7 - 2022-07-05

    0.40.7 (2022-07-05)

    Bug Fixes

  • 0.40.6 - 2022-07-05

    0.40.6 (2022-07-05)

    Bug Fixes

  • 0.40.5 - 2022-07-05

    0.40.5 (2022-07-05)

    Bug Fixes

  • 0.40.4 - 2022-07-01

    0.40.4 (2022-07-01)

    Bug Fixes

  • 0.40.3 - 2022-07-01

    0.40.3 (2022-07-01)

    Bug Fixes

    • DND: Corrects issue of losing droppable event when releasing on non-event related containers (#2199) (508b668), closes #2198 #1902
  • 0.40.2 - 2022-06-16

    0.40.2 (2022-06-16)

    Bug Fixes

  • 0.40.1 - 2022-04-18

    0.40.1 (2022-04-18)

    Bug Fixes

  • 0.40.0 - 2022-03-24

    0.40.0 (2022-03-24)

    Features

  • 0.39.7 - 2022-03-23

    0.39.7 (2022-03-23)

    Bug Fixes

    • move react, react-dom to devDependencies (#2160) (6917c15)
  • 0.39.6 - 2022-03-23
  • 0.39.5 - 2022-03-21
  • 0.39.4 - 2022-03-15
  • 0.39.3 - 2022-03-11
  • 0.39.2 - 2022-03-10
  • 0.39.1 - 2022-03-10
  • 0.39.0 - 2022-03-02
  • 0.38.9 - 2022-02-10
  • 0.38.8 - 2022-02-10
  • 0.38.7 - 2022-02-03
  • 0.38.6 - 2022-01-25
  • 0.38.5 - 2022-01-16
  • 0.38.4 - 2022-01-04
  • 0.38.3 - 2022-01-04
  • 0.38.2 - 2021-12-20
  • 0.38.1 - 2021-11-10
  • 0.38.0 - 2021-10-18
  • 0.37.0 - 2021-10-18
  • 0.36.1 - 2021-10-02
  • 0.36.0 - 2021-09-28
  • 0.35.0 - 2021-08-13
  • 0.34.0 - 2021-08-13
  • 0.33.6 - 2021-07-28
  • 0.33.5 - 2021-05-31
  • 0.33.4 - 2021-05-25
  • 0.33.3 - 2021-05-17
  • 0.33.2 - 2021-03-05
  • 0.33.1 - 2021-03-04
  • 0.33.0 - 2021-03-03
  • 0.32.0 - 2021-02-12
  • 0.31.0 - 2021-01-29
  • 0.30.0 - 2020-12-08
  • 0.29.0 - 2020-11-26
  • 0.28.6 - 2020-11-10
  • 0.28.5 - 2020-11-06
  • 0.28.4 - 2020-11-06
  • 0.28.3 - 2020-11-06
  • 0.28.2 - 2020-11-02
  • 0.28.1 - 2020-10-08
  • 0.28.0 - 2020-09-16
  • 0.27.0 - 2020-08-25
  • 0.26.1 - 2020-08-20
  • 0.26.0 - 2020-06-24
  • 0.25.0 - 2020-05-29
from react-big-calendar GitHub release notes
Package name: react-datetime-picker
  • 3.5.0 - 2022-02-04

    What's new?

    • Added support for React 18.
    • Default to current year if year input is missing (#145).
    • Widgets now close when Escape key is pressed.

    What's changed?

    • Improved performance of date formatters.

    Bug fixes

    • Fixes styles not reset on widgets close.
  • 3.4.3 - 2021-11-23

    Bug fixes

  • 3.4.2 - 2021-10-09

    Bug fixes

    • Fix crash after make-event-props update.
  • 3.4.1 - 2021-09-27

    Bug fixes

    • Fixed widgets opening behind dropdowns (#166).
    • Fixed autoselect on focus not working on Internet Explorer 11.
    • Fixed typing over values not working on Internet Explorer 11.
  • 3.4.0 - 2021-08-13

    What's new?

    • Added support for closing widgets in shadow DOM. Thanks, @ jorrit!

    What's changed?

    • Refactored handling internal refs in DateTimeInput to use React.createRef.
  • 3.3.0 - 2021-05-28

    What's new?

    • Added support for openWidgetsOnFocus prop (#154).
  • 3.2.1 - 2021-04-29

    Bug fixes

    • Fixed numbers being used instead of strings in internal input state resulting in PropTypes warning.
  • 3.2.0 - 2021-03-10

    What's new?

    • Updated React-Date-Picker.
    • Updated React-Time-Picker.

    Bug fixes

    • Fixed double leading zeros displayed if the user typed leading zero themselves (#84).
  • 3.1.0 - 2021-02-14

    What's changed?

    • Updated React-Time-Picker to 4.1.0.
    • Updated React-Clock to 3.0.0 (#124).
  • 3.0.5 - 2021-01-29

    What's changed?

    • Updated React-Calendar and React-Date-Picker.

    Bug fixes

    • Fix crash on IE 11 caused by passing date to Date constructor.
    • Fixed default min date to be 0001-01-01 local time, not UTC time.
  • 3.0.4 - 2020-09-15
from react-datetime-picker GitHub release notes
Package name: react-modal
  • 3.16.1 - 2022-10-18

    What's Changed

    • [fixed]: css class added to root document instead of modal ownerDocument by @ leoc4e in #965
    • update broken build badge by @ memark in #968
    • [fixed] element with display 'contents' is visible and is tabbable by @ galexandrade in #969
    • [fixed] switched from KeyboardEvent.keyCode to KeyboardEvent.code by @ robinmetral in #953

    New Contributors

    Full Changelog: https://github.com/reactjs/react-modal/blob/master/CHANGELOG.md

  • 3.15.1 - 2022-04-27

    • 8395a21 allow react 18 as peer dependency
    • 68af7ec [added] tabbable support for iframes
    • 28986ea Fix typo in docs
  • 3.14.4 - 2021-11-10
    • Ensure that we know about every "tabbable" element within Shadow DOM
    • Correctly wrap NODE_ENV conditional code in block to eliminate unreachable code
    • Updated some dependencies
  • 3.14.3 - 2021-06-15

    • b33923a [changed]: Updated and formatted example in README
    • 0847049 [fixed] Cancel requested animation frame on unmount.
    • fc76b0c [chore] added link to the discussion for react-modal v4.
    • 0d99156 [chore] Don't allow mkdocs.yml be included on releases.
  • 3.14.2 - 2021-06-02

    • 172879e [chore] Don't allow .log in on releases.
  • 3.14.1 - 2021-06-02

    • fc62ab1 Fixing lint error and PR suggestion change to use double quotes
    • ce94d86 Working on lint error
    • 7e732d7 Wrapping getComputedStyle in try catch per PR review
    • 31d59b2 Adding a check to see if the element is a prototype of Element before getting the computed style
    • 827796d [fixed] Ensure after-open css transitions work in Safari 14 & Mobile Safari
    • 76df16b [chore] regenerate package-lock.
    • 4fbe228 bump prop-types to 15.7.2
    • a5f959a [chore] update packages.
    • 8050773 [chore] clean up all element leaks between tests.
  • 3.13.1 - 2021-04-13

    • 5832904 Updated README.md
    • d7083c5 [added] docs note about setAppElement not pruning removed nodes
    • e1807ce [added] support Array, HTMLCollection and NodeList values for appElement
    • c9d8e2d Bump ini from 1.3.5 to 1.3.8
    • 8d4ef84 fixed(documentation): jsx-lexer now requires to generate a css file...
    • ab8c44c fixed(documentation): link to app-element on index.
  • 3.12.1 - 2020-11-23

    • 029a525 Added react 17 support
    • 694d425 fix #833 by changing stale link from README.md
    • 9ca3626 [fixed] add aria-modal attribute
    • b2e58e7 [fixed] extra 'p' character in index.md
    • 94ad567 [fixed] don't access ReactDOM.createPortal if DOM not available
    • 421a1c8 chore(lint): run lint.
    • c797e9a [added] Added custom overlayElement and contentElement.
    • fa98fcc [fixed] check before react-modal removal from parent element that parent has it
    • ff0a7f5 [added] a preventScroll prop
    • 2ea6d44 Add '--save'
    • eea891c Update package.json
    • 6417a6a fixed(chore): update packages.
    • bd07d56 Adds testId prop and useage to documentation
    • 4a120a9 fix linting
    • 206cfe6 ensure focus does not scroll the modal
    • 9a4dde5 [fixed] - Fix broken links of codepen in examples in docs
from react-modal GitHub release notes
Package name: react-redux
  • 7.2.9 - 2022-09-23

    This patch release updates the rarely-used areStatesEqual option for connect to now pass through ownProps for additional use in determining which pieces of state to compare if desired.

    The new signature is:

    {
      areStatesEqual?: (
        nextState: State,
        prevState: State,
        nextOwnProps: TOwnProps,
        prevOwnProps: TOwnProps
      ) => boolean
    }

    What's Changed

    Full Changelog: v7.2.8...v7.2.9

  • 7.2.8 - 2022-04-01

    This release fixes a bug in the 7.x branch that caused <Provider> to unsubscribe and stop updating completely when used inside of React 18's <StrictMode>. The new "strict effects" behavior double-mounts components, and the subscription needed to be set up inside of a useLayoutEffect instead of a useMemo. This was previously fixed as part of v8 development, and we've backported it.

    Note: If you are now using React 18, we strongly recommend using the React-Redux v8 beta instead of v7.x!. v8 has been rewritten internally to work correctly with React 18's Concurrent Rendering capabilities. React-Redux v7 will run and generally work okay with existing code, but may have rendering issues if you start using Concurrent Rendering capabilities in your code.

    Now that React 18 is out, we plan to finalize React-Redux v8 and release it live within the next couple weeks. Per an update yesterday in the "v8 roadmap" thread, React-Redux v8 will be updated in the next couple days to ensure support for React 16.8+ as part of t...

Snyk has created this PR to upgrade:
  - react from 17.0.1 to 17.0.2.
    See this package in npm: https://www.npmjs.com/package/react
  - react-dom from 17.0.1 to 17.0.2.
    See this package in npm: https://www.npmjs.com/package/react-dom
  - @testing-library/jest-dom from 5.11.9 to 5.17.0.
    See this package in npm: https://www.npmjs.com/package/@testing-library/jest-dom
  - @testing-library/react from 11.2.3 to 11.2.7.
    See this package in npm: https://www.npmjs.com/package/@testing-library/react
  - @testing-library/user-event from 12.6.2 to 12.8.3.
    See this package in npm: https://www.npmjs.com/package/@testing-library/user-event
  - moment from 2.29.1 to 2.30.1.
    See this package in npm: https://www.npmjs.com/package/moment
  - react-big-calendar from 0.25.0 to 0.40.8.
    See this package in npm: https://www.npmjs.com/package/react-big-calendar
  - react-datetime-picker from 3.0.4 to 3.5.0.
    See this package in npm: https://www.npmjs.com/package/react-datetime-picker
  - react-modal from 3.12.1 to 3.16.1.
    See this package in npm: https://www.npmjs.com/package/react-modal
  - react-redux from 7.2.2 to 7.2.9.
    See this package in npm: https://www.npmjs.com/package/react-redux
  - react-router-dom from 5.2.0 to 5.3.4.
    See this package in npm: https://www.npmjs.com/package/react-router-dom
  - react-scripts from 4.0.1 to 4.0.3.
    See this package in npm: https://www.npmjs.com/package/react-scripts
  - redux from 4.0.5 to 4.2.1.
    See this package in npm: https://www.npmjs.com/package/redux
  - redux-thunk from 2.3.0 to 2.4.2.
    See this package in npm: https://www.npmjs.com/package/redux-thunk
  - sweetalert2 from 10.13.1 to 10.16.11.
    See this package in npm: https://www.npmjs.com/package/sweetalert2

See this project in Snyk:
https://app.snyk.io/org/aquiroot/project/4369a0e0-580f-46d3-813d-008d80c2ddaa?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment