enzymejs / enzyme

JavaScript Testing utilities for React
https://enzymejs.github.io/enzyme/
MIT License
19.96k stars 2.01k forks source link

[Deps] Update Update `react` [SECURITY] #2496

Closed renovate[bot] closed 3 years ago

renovate[bot] commented 3 years ago

WhiteSource Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
react (source) ^15.5.0 -> ^15.5.0 \|\| ^17.0.0 age adoption passing confidence
react (source) ^16.2.0 -> ^17.0.0 age adoption passing confidence
react (source) 0.13.x \|\| 0.14.x \|\| ^15.0.0-0 \|\| ^16.0.0-0 -> 0.13.x \|\| 0.14.x \|\| ^15.0.0-0 \|\| ^16.0.0-0 \|\| ^17.0.0 age adoption passing confidence
react (source) 0.13.x \|\| 0.14.x \|\| ^15.0.0-0 \|\| ^16.0.0-0 \|\| ^16.3.0-0 \|\| ^16.4.0-0 -> ^17.0.0 age adoption passing confidence
react (source) ~16.3.0-0 -> ~16.3.0-0 \|\| ~16.14.0 age adoption passing confidence
react (source) ~16.2 -> ~16.2 \|\| ~16.14.0 age adoption passing confidence
react (source) ~16.0.0-0 \|\| ~16.1 -> ~16.0.0-0 \|\| ~16.1 \|\| ~16.14.0 age adoption passing confidence
react (source) 15.0.0-0 - 15.4.x -> 15.0.0-0 - 15.7.x age adoption passing confidence
react (source) ^0.14.0 -> ^0.14.0 \|\| ^17.0.0 age adoption passing confidence
react (source) ^0.13.0 -> ^0.13.0 \|\| ^0.14.0 age adoption passing confidence

GitHub Vulnerability Alerts

GHSA-hg79-j56m-fxgv

Versions of react prior to 0.14.0 are vulnerable to Cross-Site Scripting (XSS). The package's createElement function fails to properly validate its input object, allowing attackers to execute arbitrary JavaScript in a victim's browser.

Recommendation

Upgrade to version 0.14.0 or later.


Release Notes

facebook/react ### [`v17.0.1`](https://togithub.com/facebook/react/blob/master/CHANGELOG.md#​1701-October-22-2020) [Compare Source](https://togithub.com/facebook/react/compare/v17.0.0...v17.0.1) ##### React DOM - Fix a crash in IE11. ([@​gaearon](https://togithub.com/gaearon) in [#​20071](https://togithub.com/facebook/react/pull/20071)) ### [`v17.0.0`](https://togithub.com/facebook/react/blob/master/CHANGELOG.md#​1700-October-20-2020) [Compare Source](https://togithub.com/facebook/react/compare/v16.14.0...v17.0.0) Today, we are releasing React 17! **[Learn more about React 17 and how to update to it on the official React blog.](https://reactjs.org/blog/2020/10/20/react-v17.html)** ##### React - Add `react/jsx-runtime` and `react/jsx-dev-runtime` for the [new JSX transform](https://babeljs.io/blog/2020/03/16/7.9.0#a-new-jsx-transform-11154-https-githubcom-babel-babel-pull-11154). ([@​lunaruan](https://togithub.com/lunaruan) in [#​18299](https://togithub.com/facebook/react/pull/18299)) - Build component stacks from native error frames. ([@​sebmarkbage](https://togithub.com/sebmarkbage) in [#​18561](https://togithub.com/facebook/react/pull/18561)) - Allow to specify `displayName` on context for improved stacks. ([@​eps1lon](https://togithub.com/eps1lon) in [#​18224](https://togithub.com/facebook/react/pull/18224)) - Prevent `'use strict'` from leaking in the UMD bundles. ([@​koba04](https://togithub.com/koba04) in [#​19614](https://togithub.com/facebook/react/pull/19614)) - Stop using `fb.me` for redirects. ([@​cylim](https://togithub.com/cylim) in [#​19598](https://togithub.com/facebook/react/pull/19598)) ##### React DOM - Delegate events to roots instead of `document`. ([@​trueadm](https://togithub.com/trueadm) in [#​18195](https://togithub.com/facebook/react/pull/18195) and [others](https://togithub.com/facebook/react/pulls?q=is%3Apr+author%3Atrueadm+modern+event+is%3Amerged)) - Clean up all effects before running any next effects. ([@​bvaughn](https://togithub.com/bvaughn) in [#​17947](https://togithub.com/facebook/react/pull/17947)) - Run `useEffect` cleanup functions asynchronously. ([@​bvaughn](https://togithub.com/bvaughn) in [#​17925](https://togithub.com/facebook/react/pull/17925)) - Use browser `focusin` and `focusout` for `onFocus` and `onBlur`. ([@​trueadm](https://togithub.com/trueadm) in [#​19186](https://togithub.com/facebook/react/pull/19186)) - Make all `Capture` events use the browser capture phase. ([@​trueadm](https://togithub.com/trueadm) in [#​19221](https://togithub.com/facebook/react/pull/19221)) - Don't emulate bubbling of the `onScroll` event. ([@​gaearon](https://togithub.com/gaearon) in [#​19464](https://togithub.com/facebook/react/pull/19464)) - Throw if `forwardRef` or `memo` component returns `undefined`. ([@​gaearon](https://togithub.com/gaearon) in [#​19550](https://togithub.com/facebook/react/pull/19550)) - Remove event pooling. ([@​trueadm](https://togithub.com/trueadm) in [#​18969](https://togithub.com/facebook/react/pull/18969)) - Stop exposing internals that won’t be needed by React Native Web. ([@​necolas](https://togithub.com/necolas) in [#​18483](https://togithub.com/facebook/react/pull/18483)) - Attach all known event listeners when the root mounts. ([@​gaearon](https://togithub.com/gaearon) in [#​19659](https://togithub.com/facebook/react/pull/19659)) - Disable `console` in the second render pass of DEV mode double render. ([@​sebmarkbage](https://togithub.com/sebmarkbage) in [#​18547](https://togithub.com/facebook/react/pull/18547)) - Deprecate the undocumented and misleading `ReactTestUtils.SimulateNative` API. ([@​gaearon](https://togithub.com/gaearon) in [#​13407](https://togithub.com/facebook/react/pull/13407)) - Rename private field names used in the internals. ([@​gaearon](https://togithub.com/gaearon) in [#​18377](https://togithub.com/facebook/react/pull/18377)) - Don't call User Timing API in development. ([@​gaearon](https://togithub.com/gaearon) in [#​18417](https://togithub.com/facebook/react/pull/18417)) - Disable console during the repeated render in Strict Mode. ([@​sebmarkbage](https://togithub.com/sebmarkbage) in [#​18547](https://togithub.com/facebook/react/pull/18547)) - In Strict Mode, double-render components without Hooks too. ([@​eps1lon](https://togithub.com/eps1lon) in [#​18430](https://togithub.com/facebook/react/pull/18430)) - Allow calling `ReactDOM.flushSync` during lifecycle methods (but warn). ([@​sebmarkbage](https://togithub.com/sebmarkbage) in [#​18759](https://togithub.com/facebook/react/pull/18759)) - Add the `code` property to the keyboard event objects. ([@​bl00mber](https://togithub.com/bl00mber) in [#​18287](https://togithub.com/facebook/react/pull/18287)) - Add the `disableRemotePlayback` property for `video` elements. ([@​tombrowndev](https://togithub.com/tombrowndev) in [#​18619](https://togithub.com/facebook/react/pull/18619)) - Add the `enterKeyHint` property for `input` elements. ([@​eps1lon](https://togithub.com/eps1lon) in [#​18634](https://togithub.com/facebook/react/pull/18634)) - Warn when no `value` is provided to ``. ([@​charlie1404](https://togithub.com/charlie1404) in [#​19054](https://togithub.com/facebook/react/pull/19054)) - Warn when `memo` or `forwardRef` components return `undefined`. ([@​bvaughn](https://togithub.com/bvaughn) in [#​19550](https://togithub.com/facebook/react/pull/19550)) - Improve the error message for invalid updates. ([@​JoviDeCroock](https://togithub.com/JoviDeCroock) in [#​18316](https://togithub.com/facebook/react/pull/18316)) - Exclude forwardRef and memo from stack frames. ([@​sebmarkbage](https://togithub.com/sebmarkbage) in [#​18559](https://togithub.com/facebook/react/pull/18559)) - Improve the error message when switching between controlled and uncontrolled inputs. ([@​vcarl](https://togithub.com/vcarl) in [#​17070](https://togithub.com/facebook/react/pull/17070)) - Keep `onTouchStart`, `onTouchMove`, and `onWheel` passive. ([@​gaearon](https://togithub.com/gaearon) in [#​19654](https://togithub.com/facebook/react/pull/19654)) - Fix `setState` hanging in development inside a closed iframe. ([@​gaearon](https://togithub.com/gaearon) in [#​19220](https://togithub.com/facebook/react/pull/19220)) - Fix rendering bailout for lazy components with `defaultProps`. ([@​jddxf](https://togithub.com/jddxf) in [#​18539](https://togithub.com/facebook/react/pull/18539)) - Fix a false positive warning when `dangerouslySetInnerHTML` is `undefined`. ([@​eps1lon](https://togithub.com/eps1lon) in [#​18676](https://togithub.com/facebook/react/pull/18676)) - Fix Test Utils with non-standard `require` implementation. ([@​just-boris](https://togithub.com/just-boris) in [#​18632](https://togithub.com/facebook/react/pull/18632)) - Fix `onBeforeInput` reporting an incorrect `event.type`. ([@​eps1lon](https://togithub.com/eps1lon) in [#​19561](https://togithub.com/facebook/react/pull/19561)) - Fix `event.relatedTarget` reported as `undefined` in Firefox. ([@​claytercek](https://togithub.com/claytercek) in [#​19607](https://togithub.com/facebook/react/pull/19607)) - Fix "unspecified error" in IE11. ([@​hemakshis](https://togithub.com/hemakshis) in [#​19664](https://togithub.com/facebook/react/pull/19664)) - Fix rendering into a shadow root. ([@​Jack-Works](https://togithub.com/Jack-Works) in [#​15894](https://togithub.com/facebook/react/pull/15894)) - Fix `movementX/Y` polyfill with capture events. ([@​gaearon](https://togithub.com/gaearon) in [#​19672](https://togithub.com/facebook/react/pull/19672)) - Use delegation for `onSubmit` and `onReset` events. ([@​gaearon](https://togithub.com/gaearon) in [#​19333](https://togithub.com/facebook/react/pull/19333)) - Improve memory usage. ([@​trueadm](https://togithub.com/trueadm) in [#​18970](https://togithub.com/facebook/react/pull/18970)) ##### React DOM Server - Make `useCallback` behavior consistent with `useMemo` for the server renderer. ([@​alexmckenley](https://togithub.com/alexmckenley) in [#​18783](https://togithub.com/facebook/react/pull/18783)) - Fix state leaking when a function component throws. ([@​pmaccart](https://togithub.com/pmaccart) in [#​19212](https://togithub.com/facebook/react/pull/19212)) ##### React Test Renderer - Improve `findByType` error message. ([@​henryqdineen](https://togithub.com/henryqdineen) in [#​17439](https://togithub.com/facebook/react/pull/17439)) ##### Concurrent Mode (Experimental) - Revamp the priority batching heuristics. ([@​acdlite](https://togithub.com/acdlite) in [#​18796](https://togithub.com/facebook/react/pull/18796)) - Add the `unstable_` prefix before the experimental APIs. ([@​acdlite](https://togithub.com/acdlite) in [#​18825](https://togithub.com/facebook/react/pull/18825)) - Remove `unstable_discreteUpdates` and `unstable_flushDiscreteUpdates`. ([@​trueadm](https://togithub.com/trueadm) in [#​18825](https://togithub.com/facebook/react/pull/18825)) - Remove the `timeoutMs` argument. ([@​acdlite](https://togithub.com/acdlite) in [#​19703](https://togithub.com/facebook/react/pull/19703)) - Disable `