chore(deps): update dependency react-dom to v17 [security] - autoclosed #126
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
16
->17
GitHub Vulnerability Alerts
CVE-2018-6341
Affected versions of
react-dom
are vulnerable to Cross-Site Scripting (XSS). The package fails to validate attribute names in HTML tags which may lead to Cross-Site Scripting in specific scenarios. This may allow attackers to execute arbitrary JavaScript in the victim's browser. To be affected by this vulnerability, the application needs to:ReactDOMServer
Recommendation
If you are using
react-dom
16.0.x, upgrade to 16.0.1 or later.If you are using
react-dom
16.1.x, upgrade to 16.1.2 or later.If you are using
react-dom
16.2.x, upgrade to 16.2.1 or later.If you are using
react-dom
16.3.x, upgrade to 16.3.3 or later.If you are using
react-dom
16.4.x, upgrade to 16.4.2 or later.Release Notes
facebook/react (react-dom)
v17.0.0
Compare Source
Today, we are releasing React 17!
Learn more about React 17 and how to update to it on the official React blog.
React
react/jsx-runtime
andreact/jsx-dev-runtime
for the new JSX transform. (@lunaruan in #18299)displayName
on context for improved stacks. (@eps1lon in #18224)'use strict'
from leaking in the UMD bundles. (@koba04 in #19614)fb.me
for redirects. (@cylim in #19598)React DOM
document
. (@trueadm in #18195 and others)useEffect
cleanup functions asynchronously. (@bvaughn in #17925)focusin
andfocusout
foronFocus
andonBlur
. (@trueadm in #19186)Capture
events use the browser capture phase. (@trueadm in #19221)onScroll
event. (@gaearon in #19464)forwardRef
ormemo
component returnsundefined
. (@gaearon in #19550)console
in the second render pass of DEV mode double render. (@sebmarkbage in #18547)ReactTestUtils.SimulateNative
API. (@gaearon in #13407)ReactDOM.flushSync
during lifecycle methods (but warn). (@sebmarkbage in #18759)code
property to the keyboard event objects. (@bl00mber in #18287)disableRemotePlayback
property forvideo
elements. (@tombrowndev in #18619)enterKeyHint
property forinput
elements. (@eps1lon in #18634)value
is provided to<Context.Provider>
. (@charlie1404 in #19054)memo
orforwardRef
components returnundefined
. (@bvaughn in #19550)onTouchStart
,onTouchMove
, andonWheel
passive. (@gaearon in #19654)setState
hanging in development inside a closed iframe. (@gaearon in #19220)defaultProps
. (@jddxf in #18539)dangerouslySetInnerHTML
isundefined
. (@eps1lon in #18676)require
implementation. (@just-boris in #18632)onBeforeInput
reporting an incorrectevent.type
. (@eps1lon in #19561)event.relatedTarget
reported asundefined
in Firefox. (@claytercek in #19607)movementX/Y
polyfill with capture events. (@gaearon in #19672)onSubmit
andonReset
events. (@gaearon in #19333)React DOM Server
useCallback
behavior consistent withuseMemo
for the server renderer. (@alexmckenley in #18783)React Test Renderer
findByType
error message. (@henryqdineen in #17439)Concurrent Mode (Experimental)
unstable_
prefix before the experimental APIs. (@acdlite in #18825)unstable_discreteUpdates
andunstable_flushDiscreteUpdates
. (@trueadm in #18825)timeoutMs
argument. (@acdlite in #19703)<div hidden />
prerendering in favor of a different future API. (@acdlite in #18917)unstable_expectedLoadTime
to Suspense for CPU-bound trees. (@acdlite in #19936)unstable_useOpaqueIdentifier
Hook. (@lunaruan in #17322)unstable_startTransition
API. (@rickhanlonii in #19696)act
in the test renderer no longer flushes Suspense fallbacks. (@acdlite in #18596)useMutableSource
that may happen whengetSnapshot
changes. (@bvaughn in #18297)useMutableSource
. (@bvaughn in #18912)Configuration
📅 Schedule: Branch creation - "" in timezone Asia/Shanghai, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.