🚨 [security] Upgrade react-dom: 16.2.0 → 16.2.1 (patch)

[depfu[bot]]

---

🚨 Your version of react-dom has known security vulnerabilities 🚨

Advisory: CVE-2018-6341 Disclosed: January 04, 2019 URL: https://nvd.nist.gov/vuln/detail/CVE-2018-6341

Low severity vulnerability that affects react-dom

React applications which rendered to HTML using the ReactDOMServer API were not escaping user-supplied attribute names at render-time. That lack of escaping could lead to a cross-site scripting vulnerability. This vulnerability can only affect some server-rendered React apps. Purely client-rendered apps are not affected.

This issue affected minor releases 16.0.x, 16.1.x, 16.2.x, 16.3.x, and 16.4.x. It was fixed in 16.0.1, 16.1.2, 16.2.1, 16.3.3, and 16.4.2.

🚨 We recommend to merge and deploy this update as soon as possible! 🚨

---

Here is everything you need to know about this upgrade. Please take a good look at what changed and the test results before merging this pull request.

What changed?

✳️ react-dom (16.2.0 → 16.2.1) · Repo · Changelog

---

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands

@​depfu rebase

Rebases against your default branch and redoes this update

@​depfu merge

Merges this PR once your tests are passing and conflicts are resolved

@​depfu reopen

Restores the branch and reopens this PR (if it's closed)

@​depfu pause

Ignores all future updates for this dependency and closes this PR

@​depfu pause [minor|major]

Ignores all future minor/major updates for this dependency and closes this PR

@​depfu resume

Future versions of this dependency will create PRs again (leaves this PR as is)