Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade react-router-dom from 5.2.0 to 6.0.0 #1034

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

[Snyk] Security upgrade react-router-dom from 5.2.0 to 6.0.0 #1034

wants to merge 1 commit into from
+18 −69

Conversation

timomayer
Copy link

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

  • package.json
  • package-lock.json

Vulnerabilities that will be fixed with an upgrade:

Issue Score
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHTOREGEXP-7925106		   738  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Sep 10, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@what-the-diff What The Diff
Copy link

what-the-diff bot commented Sep 10, 2024

PR Summary

This pull request mainly concentrates on updating and downgrading several libraries used in our project for compatibility and performance improvements.

  • Downgraded react-router-dom version
    The version of react-router-dom has been changed from 5.2.0 to 6.0.0. This will allow us to use the newer features from this library that improve the routing capabilities of our application.

  • Downgraded @babel/runtime version
    The version of @babel/runtime has been updated from 7.7.6 to 7.1.2. This might offer slight performance improvements and resolve certain compatibility issues with some systems.

  • Downgraded history version
    The history library, which is essential in tracking the users' navigation history, has been downgraded from 5.3.0 to 4.9.0.

  • Downgraded react-router version
    The version of react-router is changed from 6.0.0 to 5.2.0 to ensure better compatibility with react-router-dom.

  • Downgraded prop-types version
    The version of prop-types has been changed from 15.6.2 to 15.0.0 to prevent possible issues related to property-checking within our React components.

  • Removal of modules
    A few modules such as mini-create-react-context, path-to-regexp, react-router/node_modules/react-is, tiny-invariant, and tiny-warning have been removed from the project. This is part of ongoing maintenance and cleanup effort.

  • Updated dependencies of react-router
    The dependencies of react-router now use history@4.9.0 and prop-types@15.0.0.

  • Updated dependencies of react-router-dom
    The dependencies of react-router-dom now use react-router@5.2.0. This makes our routing more consistent.

Each change contributes to better software maintenance, some improved performance, and also better compatibility with certain systems.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@timomayer @snyk-bot