Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update dependency react to v16 (main) #51

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

mend-for-github-com[bot]
Copy link

@mend-for-github-com mend-for-github-com bot commented Apr 30, 2024

This PR contains the following updates:

Package Type Update Change
react (source) dependencies major ^15.3.2 -> ^16.5.0

By merging this PR, the issue #56 will be automatically resolved and closed:

Severity CVSS Score CVE Reachability
Medium Medium 6.1 CVE-2022-0235
Medium Medium 5.3 CVE-2022-25927
Low Low 2.6 CVE-2020-15168

Release Notes

facebook/react (react)

v16.5.0

Compare Source

React
React DOM
React DOM Server
React Test Renderer and Test Utils
React ART
Schedule (Experimental)
  • New package for cooperatively scheduling work in a browser environment. It's used by React internally, but its public API is not finalized yet. (@​flarnie in #​12624)

v16.4.2

Compare Source

React DOM Server

v16.4.1

Compare Source

React
  • You can now assign propTypes to components returned by React.ForwardRef. (@​bvaughn in #​12911)
React DOM
React DOM Server
React Test Renderer
  • Allow multiple root children in test renderer traversal API. (@​gaearon in #​13017)
  • Fix getDerivedStateFromProps() in the shallow renderer to not discard the pending state. (@​fatfisz in #​13030)

v16.4.0

Compare Source

React
React DOM
React Test Renderer
  • Fix the getDerivedStateFromProps() support to match the new React DOM behavior. (@​koba04 in #​12676)
  • Fix a testInstance.parent crash when the parent is a fragment or another special node. (@​gaearon in #​12813)
  • forwardRef() components are now discoverable by the test renderer traversal methods. (@​gaearon in #​12725)
  • Shallow renderer now ignores setState() updaters that return null or undefined. (@​koba04 in #​12756)
React ART
React Call Return (Experimental)
  • This experiment was deleted because it was affecting the bundle size and the API wasn't good enough. It's likely to come back in the future in some other form. (@​gaearon in #​12820)
React Reconciler (Experimental)

v16.3.2

Compare Source

React
  • Improve the error message when passing null or undefined to React.cloneElement. (@​nicolevy in #​12534)
React DOM
React Test Renderer

v16.3.1

Compare Source

React
React DOM
Create Subscription

v16.3.0

Compare Source

React
React DOM
React DOM Server
React Test Renderer
React Is (New)
React Lifecycles Compat (New)
Create Subscription (New)
React Reconciler (Experimental)
React Call Return (Experimental)

v16.2.0

Compare Source

React
React DOM
React Test Renderer
React Reconciler
  • Expose react-reconciler/reflection with utilities useful to custom renderers. (@​rivenhk in #​11683)
Internal Changes

v16.1.1

Compare Source

React
React DOM
React DOM Server
React Reconciler

v16.1.0

Compare Source

Discontinuing Bower Releases

Starting with 16.1.0, we will no longer be publishing new releases on Bower. You can continue using Bower for old releases, or point your Bower configs to the React UMD builds hosted on unpkg that mirror npm releases and will continue to be updated.

All Packages
React
React DOM
React DOM Server
React Test Renderer and Test Utils
React ART
React Reconciler (Experimental)
React Call Return (Experimental)

v16.0.0

Compare Source

New JS Environment Requirements
New Features
  • Components can now return arrays and strings from render. (Docs coming soon!)
  • Improved error handling with introduction of "error boundaries". Error boundaries are React components that catch JavaScript errors anywhere in their child component tree, log those errors, and display a fallback UI instead of the component tree that crashed.
  • First-class support for declaratively rendering a subtree into another DOM node with ReactDOM.createPortal(). (Docs coming soon!)
  • Streaming mode for server side rendering is enabled with ReactDOMServer.renderToNodeStream() and ReactDOMServer.renderToStaticNodeStream(). (@​aickin in #​10425, #​10044, #​10039, #​10024, #​9264, and others.)
  • React DOM now allows passing non-standard attributes. (@​nhunzaker in #​10385, 10564, #​10495 and others)
Breaking Changes
  • There are several changes to the behavior of scheduling and lifecycle methods:
    • ReactDOM.render() and ReactDOM.unstable_renderIntoContainer() now return null if called from inside a lifecycle method.
    • Minor changes to setState behavior:
      • Calling setState with null no longer triggers an update. This allows you to decide in an updater function if you want to re-render.
      • Calling setState directly in render always causes an update. This was not previously the case. Regardless, you should not be calling setState from render.
      • setState callback (second argument) now fires immediately after componentDidMount / componentDidUpdate instead of after all components have rendered.
    • When replacing <A /> with <B />, B.componentWillMount now always happens before A.componentWillUnmount. Previously, A.componentWillUnmount could fire first in some cases.
    • Previously, changing the ref to a component would always detach the ref before that component's render is called. Now, we change the ref later, when applying the changes to the DOM.
    • It is not safe to re-render into a container that was modified by something other than React. This worked previously in some cases but was never supported. We now emit a warning in this case. Instead you should clean up your component trees using ReactDOM.unmountComponentAtNode. See this example.
    • componentDidUpdate lifecycle no longer receives prevContext param. (@​bvaughn in #​8631)
    • Non-unique keys may now cause children to be duplicated and/or omitted. Using non-unique keys is not (and has never been) supported, but previously it was a hard error.
    • Shallow renderer no longer calls componentDidUpdate() because DOM refs are not available. This also makes it consistent with componentDidMount() (which does not get called in previous versions either).
    • Shallow renderer does not implement unstable_batchedUpdates() anymore.
    • ReactDOM.unstable_batchedUpdates now only takes one extra argument after the callback.
  • The names and paths to the single-file browser builds have changed to emphasize the difference between development and production builds. For example:
    • react/dist/react.jsreact/umd/react.development.js
    • react/dist/react.min.jsreact/umd/react.production.min.js
    • react-dom/dist/react-dom.jsreact-dom/umd/react-dom.development.js
    • react-dom/dist/react-dom.min.jsreact-dom/umd/react-dom.production.min.js
  • The server renderer has been completely rewritten, with some improvements:
    • Server rendering does not use markup validation anymore, and instead tries its best to attach to existing DOM, warning about inconsistencies. It also doesn't use comments for empty components and data-reactid attributes on each node anymore.
    • Hydrating a server rendered container now has an explicit API. Use ReactDOM.hydrate instead of ReactDOM.render if you're reviving server rendered HTML. Keep using ReactDOM.render if you're just doing client-side rendering.
  • When "unknown" props are passed to DOM components, for valid values, React will now render them in the DOM. See this post for more details. (@​nhunzaker in #​10385, 10564, #​10495 and others)
  • Errors in the render and lifecycle methods now unmount the component tree by default. To prevent this, add error boundaries to the appropriate places in the UI.
Removed Deprecations
  • There is no react-with-addons.js build anymore. All compatible addons are published separately on npm, and have single-file browser versions if you need them.
  • The deprecations introduced in 15.x have been removed from the core package. React.createClass is now available as create-react-class, React.PropTypes as prop-types, React.DOM as react-dom-factories, react-addons-test-utils as react-dom/test-utils, and shallow renderer as react-test-renderer/shallow. See 15.5.0 and 15.6.0 blog posts for instructions on migrating code and automated codemods.

v15.7.0

Compare Source

React

v15.6.2

Compare Source

All Packages
  • Switch from BSD + Patents to MIT license
React DOM
  • Fix a bug where modifying document.documentMode would trigger IE detection in other browsers, breaking change events. (@​aweary in #​10032)
  • CSS Columns are treated as unitless numbers. (@​aweary in #​10115)
  • Fix bug in QtWebKit when wrapping synthetic events in proxies. (@​walrusfruitcake in #​10115)
  • Prevent event handlers from receiving extra argument in development. (@​aweary in #​10115)
  • Fix cases where onChange would not fire with defaultChecked on radio inputs. (@​jquense in #​10156)
  • Add support for controlList attribute to allowed DOM properties (@​nhunzaker in #​9940)
  • Fix a bug where creating an element with a ref in a constructor did not throw an error in development. (@​iansu in #​10025)

v15.6.1

Compare Source

React DOM

v15.6.0

Compare Source

React
  • Downgrade deprecation warnings to use console.warn instead of console.error. (@​flarnie in #​9753)
  • Add a deprecation warning for React.createClass. Points users to create-react-class instead. (@​flarnie in #​9771)
  • Add deprecation warnings and separate module for React.DOM factory helpers. (@​nhunzaker in #​8356)
  • Warn for deprecation of React.createMixin helper, which was never used. (@​aweary in #​8853)
React DOM
React Addons

v15.5.4

Compare Source

React Addons
  • Critical Bugfix: Update the version of prop-types to fix critical bug. (@​gaearon in 545c87f)
  • Fix react-addons-create-fragment package to include loose-envify transform for Browserify users. (@​mridgway in #​9642)
React Test Renderer
  • Fix compatibility with Enzyme by exposing batchedUpdates on shallow renderer. (@​gaearon in 9382)

[v15.5.3](https://redirect.github.com/faceboo

@mend-for-github-com mend-for-github-com bot added the security fix Security fix generated by Mend label Apr 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
security fix Security fix generated by Mend
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants