search

GroceriStar / react-only-intern-20

0 stars 0 forks source link

[Security] Bump react-dom from 16.4.1 to 16.8.6 #87

Open dependabot-preview[bot] opened 5 years ago

dependabot-preview[bot] commented 5 years ago

Bumps react-dom from 16.4.1 to 16.8.6. This update includes security fixes.

Vulnerabilities fixed *Sourced from The GitHub Security Advisory Database.* > **Low severity vulnerability that affects react-dom** > React applications which rendered to HTML using the ReactDOMServer API were not escaping user-supplied attribute names at render-time. That lack of escaping could lead to a cross-site scripting vulnerability. This vulnerability can only affect some server-rendered React apps. Purely client-rendered apps are not affected. > > This issue affected minor releases 16.0.x, 16.1.x, 16.2.x, 16.3.x, and 16.4.x. It was fixed in 16.0.1, 16.1.2, 16.2.1, 16.3.3, and 16.4.2. > > Affected versions: >= 16.4.0 < 16.4.2
Release notes *Sourced from [react-dom's releases](https://github.com/facebook/react/releases).* > ## v16.8.6 > ## 16.8.6 (March 27, 2019) > > ### React DOM > > * Fix an incorrect bailout in `useReducer()`. ([@​acdlite](https://github.com/acdlite) in [#15124](https://github-redirect.dependabot.com/facebook/react/pull/15124)) > * Fix iframe warnings in Safari DevTools. ([@​renanvalentin](https://github.com/renanvalentin) in [#15099](https://github-redirect.dependabot.com/facebook/react/pull/15099)) > * Warn if `contextType` is set to `Context.Consumer` instead of `Context`. ([@​aweary](https://github.com/aweary) in [#14831](https://github-redirect.dependabot.com/facebook/react/pull/14831)) > * Warn if `contextType` is set to invalid values. ([@​gaearon](https://github.com/gaearon) in [#15142](https://github-redirect.dependabot.com/facebook/react/pull/15142)) > > ## Artifacts > * **react**: https://unpkg.com/react@16.8.6/umd/ > * **react-art**: https://unpkg.com/react-art@16.8.6/umd/ > * **react-dom**: https://unpkg.com/react-dom@16.8.6/umd/ > * **react-is**: https://unpkg.com/react-is@16.8.6/umd/ > * **react-test-renderer**: https://unpkg.com/react-test-renderer@16.8.6/umd/ > * **scheduler**: https://unpkg.com/scheduler@0.13.6/umd/ > > ## v16.8.5 > ## 16.8.5 (March 22, 2019) > > ### React DOM > > * Don't set the first option as selected in select tag with `size` attribute. ([@​kulek1](https://github.com/kulek1) in [#14242](https://github-redirect.dependabot.com/facebook/react/pull/14242)) > * Improve the `useEffect(async () => ...)` warning message. ([@​gaearon](https://github.com/gaearon) in [#15118](https://github-redirect.dependabot.com/facebook/react/pull/15118)) > * Improve the error message sometimes caused by duplicate React. ([@​jaredpalmer](https://github.com/jaredpalmer) in [#15139](https://github-redirect.dependabot.com/facebook/react/pull/15139)) > > ### React DOM Server > > * Improve the `useLayoutEffect` warning message when server rendering. ([@​gaearon](https://github.com/gaearon) in [#15158](https://github-redirect.dependabot.com/facebook/react/pull/15158)) > > ### React Shallow Renderer > > * Fix `setState` in shallow renderer to work with Hooks. ([@​gaearon](https://github.com/gaearon) in [#15120](https://github-redirect.dependabot.com/facebook/react/pull/15120)) > * Fix shallow renderer to support `React.memo`. ([@​aweary](https://github.com/aweary) in [#14816](https://github-redirect.dependabot.com/facebook/react/pull/14816)) > * Fix shallow renderer to support Hooks inside `forwardRef`. ([@​eps1lon](https://github.com/eps1lon) in [#15100](https://github-redirect.dependabot.com/facebook/react/pull/15100)) > > ## Artifacts > * **react**: https://unpkg.com/react@16.8.5/umd/ > * **react-art**: https://unpkg.com/react-art@16.8.5/umd/ > * **react-dom**: https://unpkg.com/react-dom@16.8.5/umd/ > * **react-is**: https://unpkg.com/react-is@16.8.5/umd/ > * **react-test-renderer**: https://unpkg.com/react-test-renderer@16.8.5/umd/ > * **scheduler**: https://unpkg.com/scheduler@0.13.5/umd/ > > ## v16.8.4 > ## 16.8.4 (March 5, 2019) > > ### React DOM and other renderers > > ... (truncated)
Changelog *Sourced from [react-dom's changelog](https://github.com/facebook/react/blob/master/CHANGELOG.md).* > ## 16.8.6 (March 27, 2019) > > ### React DOM > > * Fix an incorrect bailout in `useReducer()`. ([@​acdlite](https://github.com/acdlite) in [#15124](https://github-redirect.dependabot.com/facebook/react/pull/15124)) > * Fix iframe warnings in Safari DevTools. ([@​renanvalentin](https://github.com/renanvalentin) in [#15099](https://github-redirect.dependabot.com/facebook/react/pull/15099)) > * Warn if `contextType` is set to `Context.Consumer` instead of `Context`. ([@​aweary](https://github.com/aweary) in [#14831](https://github-redirect.dependabot.com/facebook/react/pull/14831)) > * Warn if `contextType` is set to invalid values. ([@​gaearon](https://github.com/gaearon) in [#15142](https://github-redirect.dependabot.com/facebook/react/pull/15142)) > > ## 16.8.5 (March 22, 2019) > > ### React DOM > > * Don't set the first option as selected in select tag with `size` attribute. ([@​kulek1](https://github.com/kulek1) in [#14242](https://github-redirect.dependabot.com/facebook/react/pull/14242)) > * Improve the `useEffect(async () => ...)` warning message. ([@​gaearon](https://github.com/gaearon) in [#15118](https://github-redirect.dependabot.com/facebook/react/pull/15118)) > * Improve the error message sometimes caused by duplicate React. ([@​jaredpalmer](https://github.com/jaredpalmer) in [#15139](https://github-redirect.dependabot.com/facebook/react/pull/15139)) > > ### React DOM Server > > * Improve the `useLayoutEffect` warning message when server rendering. ([@​gaearon](https://github.com/gaearon) in [#15158](https://github-redirect.dependabot.com/facebook/react/pull/15158)) > > ### React Shallow Renderer > > * Fix `setState` in shallow renderer to work with Hooks. ([@​gaearon](https://github.com/gaearon) in [#15120](https://github-redirect.dependabot.com/facebook/react/pull/15120)) > * Fix shallow renderer to support `React.memo`. ([@​aweary](https://github.com/aweary) in [#14816](https://github-redirect.dependabot.com/facebook/react/pull/14816)) > * Fix shallow renderer to support Hooks inside `forwardRef`. ([@​eps1lon](https://github.com/eps1lon) in [#15100](https://github-redirect.dependabot.com/facebook/react/pull/15100)) > > ## 16.8.4 (March 5, 2019) > > ### React DOM and other renderers > > - Fix a bug where DevTools caused a runtime error when inspecting a component that used a `useContext` hook. ([@​bvaughn](https://github.com/bvaughn) in [#14940](https://github-redirect.dependabot.com/facebook/react/pull/14940)) > > ## 16.8.3 (February 21, 2019) > > ### React DOM > > * Fix a bug that caused inputs to behave incorrectly in UMD builds. ([@​gaearon](https://github.com/gaearon) in [#14914](https://github-redirect.dependabot.com/facebook/react/pull/14914)) > * Fix a bug that caused render phase updates to be discarded. ([@​gaearon](https://github.com/gaearon) in [#14852](https://github-redirect.dependabot.com/facebook/react/pull/14852)) > > ### React DOM Server > * Unwind the context stack when a stream is destroyed without completing, to prevent incorrect values during a subsequent render. ([@​overlookmotel](https://github.com/overlookmotel) in [#14706](https://github-redirect.dependabot.com/facebook/react/pull/14706/)) > > ### ESLint Plugin for React Hooks > > * Add a new recommended `exhaustive-deps` rule. ([@​gaearon](https://github.com/gaearon) in [#14636](https://github-redirect.dependabot.com/facebook/react/pull/14636)) > > ## 16.8.2 (February 14, 2019) > > ### React DOM > ... (truncated)
Commits - [`487f4bf`](https://github.com/facebook/react/commit/487f4bf2ee7c86176637544c5473328f96ca0ba2) Update versions for 16.8.6 - [`f00be84`](https://github.com/facebook/react/commit/f00be84b81584f5bc4df137ce00e9e370b49b341) fix(react-dom): access iframe contentWindow instead of contentDocument ([#15099](https://github.com/facebook/react/tree/HEAD/packages/react-dom/issues/15099)) - [`e0c2c56`](https://github.com/facebook/react/commit/e0c2c56dfd58c1145b1e63b9500043dccf675265) Improve warning for invalid class contextType ([#15142](https://github.com/facebook/react/tree/HEAD/packages/react-dom/issues/15142)) - [`aa8736a`](https://github.com/facebook/react/commit/aa8736a3a9474d9f9714ee315f00e77c0b80ea33) Warn for Context.Consumer with contextType ([#14831](https://github.com/facebook/react/tree/HEAD/packages/react-dom/issues/14831)) - [`84cc8a3`](https://github.com/facebook/react/commit/84cc8a31faf4ab589f8ef1454d3717d60f116de7) Release 16.8.5 - [`fb572af`](https://github.com/facebook/react/commit/fb572afc14ec5d25aea9be5d752007cc3b2e362f) Add more info to invalid hook call error message ([#15139](https://github.com/facebook/react/tree/HEAD/packages/react-dom/issues/15139)) - [`b5cb9d3`](https://github.com/facebook/react/commit/b5cb9d345c812892007a5878782837a3e2484093) Link to useLayoutEffect gist in a warning ([#15158](https://github.com/facebook/react/tree/HEAD/packages/react-dom/issues/15158)) - [`d822d4b`](https://github.com/facebook/react/commit/d822d4bbe7fefee12dfd87cd799119714ffa5bac) Don't set the first option as selected in select tag with `size` attribute (... - [`d8a73b5`](https://github.com/facebook/react/commit/d8a73b5eb6c7217850103193635ff1b556925ed5) 16.8.4 and changelog - [`55cf14f`](https://github.com/facebook/react/commit/55cf14f98e329ed1efa326ff5c5a32eb80dbe6f1) Release 16.8.3 - Additional commits viewable in [compare view](https://github.com/facebook/react/commits/v16.8.6/packages/react-dom)


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot.