This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade react-bootstrap from 2.7.2 to 2.8.0.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **3 versions** ahead of your current version.
- The recommended version was released **2 months ago**, on 2023-06-23.
The recommended version fixes:
Severity | Issue | PriorityScore (*) | Exploit Maturity |
:-------------------------:|:-------------------------|-------------------------|:-------------------------
| Regular Expression Denial of Service (ReDoS) [SNYK-JS-SEMVER-3247795](https://snyk.io/vuln/SNYK-JS-SEMVER-3247795) | **482/1000** **Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept
| Regular Expression Denial of Service (ReDoS) [SNYK-JS-SEMVER-3247795](https://snyk.io/vuln/SNYK-JS-SEMVER-3247795) | **482/1000** **Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept
| Prototype Pollution [SNYK-JS-TOUGHCOOKIE-5672873](https://snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873) | **482/1000** **Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept
| Regular Expression Denial of Service (ReDoS) [SNYK-JS-WORDWRAP-3149973](https://snyk.io/vuln/SNYK-JS-WORDWRAP-3149973) | **482/1000** **Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept
(*) Note that the real score may have changed since the PR was raised.
Release notes Package name: react-bootstrap
3898c72 fix: downgrade uncontrollable to 7.2.1 (#6592)
Compare
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.*
For more information:
🧐 [View latest project report](https://app.snyk.io/org/nicholasjackson-c50/project/f001f7ef-6149-4bb2-b48f-20e82e197a24?utm_source=github&utm_medium=referral&page=upgrade-pr)
🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/nicholasjackson-c50/project/f001f7ef-6149-4bb2-b48f-20e82e197a24/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr)
🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/nicholasjackson-c50/project/f001f7ef-6149-4bb2-b48f-20e82e197a24/settings/integration?pkg=react-bootstrap&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade react-bootstrap from 2.7.2 to 2.8.0.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.- The recommended version is **3 versions** ahead of your current version. - The recommended version was released **2 months ago**, on 2023-06-23. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:-------------------------
[SNYK-JS-SEMVER-3247795](https://snyk.io/vuln/SNYK-JS-SEMVER-3247795) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept
[SNYK-JS-SEMVER-3247795](https://snyk.io/vuln/SNYK-JS-SEMVER-3247795) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept
[SNYK-JS-TOUGHCOOKIE-5672873](https://snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept
[SNYK-JS-WORDWRAP-3149973](https://snyk.io/vuln/SNYK-JS-WORDWRAP-3149973) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: react-bootstrap
-
2.8.0 - 2023-06-23
- Tooltip: fix offset (#6622) (3c094ec)
- PageItem: add linkStyle and linkClassName props (#6636) (cc8efc3)
- add underline variant for Nav/Tabs (#6623) (600364b)
-
2.7.4 - 2023-04-15
- downgrade uncontrollable to 7.2.1 (#6592) (3898c72)
- update dependencies (#6587) (753dc53)
-
2.7.3 - 2023-04-12
- ToastContainer: allow setting
- switch from defaultProps to JS default params (#6568) (1d5b726)
-
2.7.2 - 2023-02-14
- Overlay: fix arrow animation (#6551) (21b9981)
from react-bootstrap GitHub release notes2.8.0 (2023-06-23)
Bug Fixes
Features
2.7.4 (2023-04-15)
Bug Fixes
2.7.3 (2023-04-12)
Bug Fixes
containerPositionwithoutposition(#6574) (41ec134)2.7.2 (2023-02-14)
Bug Fixes
Commit messages
Package name: react-bootstrap
- 1498aba Publish v2.8.0
- cc8efc3 feat(PageItem): add linkStyle and linkClassName props (#6636)
- aeecea8 docs: fix broken color modes link (#6638)
- f699f2a docs: add dark mode (#6633)
- c5134c6 chore(deps): update all non-major dependencies (#6632)
- 32501ce docs: fix broken migration link (#6634)
- 3256baf chore(deps): replace dependency babel-eslint with @ babel/eslint-parser ^7.11.0 (#6590)
- 3a1989d chore(deps): update all non-major dependencies (#6625)
- b99bfa8 docs: refactor nav/tab docs (#6629)
- 600364b feat: add underline variant for Nav/Tabs (#6623)
- 3c094ec fix(Tooltip): fix offset (#6622)
- 5dca570 chore(deps): update bootstrap to 5.3.0 (#6621)
- e146ffb docs: fix deployment project (#6620)
- d2015b1 docs(Button): add onClick to button docs (#6613)
- 3c65d75 chore(deps): bump yaml from 2.2.1 to 2.2.2 (#6610)
- f3f79a2 chore: update bug report template (#6609)
- 4c84daa docs: fix playground tabbing and add copy button (#6608)
- bdb4f8d chore: update dev dependencies (#6596)
- 4bebc7a chore(deps): bump ua-parser-js from 0.7.32 to 0.7.35 in /www (#6585)
- 22a1c71 chore(deps): bump @ sideway/formula from 3.0.0 to 3.0.1 in /www (#6584)
- 1d02dd3 chore(deps): bump webpack from 5.75.0 to 5.79.0 in /www (#6583)
- 7c49dab chore(deps): bump http-cache-semantics from 4.1.0 to 4.1.1 in /www (#6582)
- d4582d6 Publish v2.7.4
- 3898c72 fix: downgrade uncontrollable to 7.2.1 (#6592)
Compare**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: