[Snyk] Upgrade: , , prop-types, clsx, , , , formik, history, react-feather, react-router, react-router-dom, react-scripts, yup

[udilbar]

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

@material-ui/core
from 4.11.0 to 4.12.4 | 11 versions ahead of your current version | 2 years ago
on 2022-04-03
@material-ui/icons
from 4.9.1 to 4.11.3 | 2 versions ahead of your current version | 2 years ago
on 2022-04-03
prop-types
from 15.7.2 to 15.8.1 | 2 versions ahead of your current version | 3 years ago
on 2022-01-05
clsx
from 1.1.1 to 1.2.1 | 2 versions ahead of your current version | 2 years ago
on 2022-07-06
@material-ui/styles
from 4.10.0 to 4.11.5 | 7 versions ahead of your current version | 2 years ago
on 2022-04-03
@testing-library/jest-dom
from 5.1.0 to 5.17.0 | 36 versions ahead of your current version | a year ago
on 2023-07-18
@testing-library/react
from 10.0.0 to 10.4.9 | 23 versions ahead of your current version | 4 years ago
on 2020-08-21
formik
from 2.2.1 to 2.4.6 | 19 versions ahead of your current version | 5 months ago
on 2024-04-24
history
from 5.0.0 to 5.3.0 | 7 versions ahead of your current version | 3 years ago
on 2022-02-22
react-feather
from 2.0.8 to 2.0.10 | 2 versions ahead of your current version | 2 years ago
on 2022-05-30
react-router
from 6.0.0-beta.0 to 6.26.1 | 166 versions ahead of your current version | a month ago
on 2024-08-15
react-router-dom
from 6.0.0-beta.0 to 6.26.1 | 166 versions ahead of your current version | a month ago
on 2024-08-15
react-scripts
from 5.0.0 to 5.0.1 | 1 version ahead of your current version | 2 years ago
on 2022-04-12
yup
from 0.29.3 to 0.32.11 | 15 versions ahead of your current version | 3 years ago
on 2021-10-12

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Prototype Pollution SNYK-JS-YUP-2420835	601	Proof of Concept
	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	601	Proof of Concept
	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	601	Proof of Concept
	Code Injection SNYK-JS-LODASHES-2434284	601	Proof of Concept
	Prototype Pollution SNYK-JS-LODASHES-2434285	601	Proof of Concept
	Code Injection SNYK-JS-LODASH-1040724	601	Proof of Concept
	Prototype Pollution SNYK-JS-LODASHES-2434283	601	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASHES-2434289	601	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	601	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	601	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	601	Proof of Concept

Release notes

Package name: @material-ui/core

• 4.12.4 - 2022-04-03
• 4.12.3 - 2021-07-30
• 4.12.2 - 2021-07-19
• 4.12.1 - 2021-07-07
• 4.12.0 - 2021-07-06
• 4.11.4 - 2021-04-27
• 4.11.3 - 2021-01-24
• 4.11.3-deprecations.1 - 2021-01-25
• 4.11.3-deprecations.0 - 2021-01-24
• 4.11.2 - 2020-12-02
• 4.11.1 - 2020-11-24
• 4.11.0 - 2020-06-30

from @material-ui/core GitHub release notes

Package name: @material-ui/icons

• 4.11.3 - 2022-04-03
• 4.11.2 - 2020-12-02
• 4.9.1 - 2020-02-02

from @material-ui/icons GitHub release notes

Package name: prop-types

• 15.8.1 - 2022-01-05
  
  • [Fix] fix crash when a custom propType return lacks .data; call hasOwnProperty properly (#370)
  • [meta] Fix formatting in CHANGELOG.md (#367)
  • [Tests] add missing test coverage (#370)
  • [Tests] convert normal it functions to arrow functions (#370)
  • [Tests] do not fail fast; add react 17 (#366)
  • [Dev Deps] update eslint
• 15.8.0 - 2021-12-22
  
  • [New] add PropTypes.bigint (#365)
  • [New] oneOfType: Add expected types to warning (#198)
  • [New] Add type check for validator for 'shape' and 'exact' (#234)
  • [Fix] checkPropTypes: Friendlier message when using a type checker that is not a function (#51)
  • [Refactor] extract has (#261, #125, #124)
  • [readme] Fix branch name (master -> main) (#364)
  • [readme] Clarify usage of elementType (#335)
  • [docs] highlighted the func name (#321)
  • [docs] Typo fix in example (#300)
  • [docs] Add instructions for intentional inclusion of validation in production. (#262)
  • [docs] PropTypes.node: add link to react docs
  • [docs] Improve wording for checkPropTypes (#258)
  • [meta] Add a package sideEffects field. (#350)
  • [meta] use in-publish to avoid running the build on install
  • [deps] regenerate yarn.lock
  • [deps] update react-is (#347, #346, #345, #340, #338)
  • [eslint] enable some rules (#360)
  • [Tests] Use GH Actions (#363)
  • [Tests] Fix spelling (#318)
  • [Tests] Fixed typo: 'Any type should accept any value' (#281)
  • [Tests] fix broken tests; test the build process
  • [Dev Deps] update browserify, bundle-collapser, eslint, in-publish, react, uglifyify, uglifyjs
• 15.7.2 - 2019-02-13
  

  v15.7.2

from prop-types GitHub release notes

Package name: clsx

• 1.2.1 - 2022-07-06
  

  Patches

  • Ensure CommonJS and UMD entrypoints have the named clsx export too

  Chores

  • Build CJS & UMD files manually (#50): 3712966, 2114f5b

  ---

  Full Changelog: v1.2.0...v1.2.1

• 1.2.0 - 2022-07-02
  

  Features

  • Add named clsx export alias (#43, #44): 56ab81f
    Thank you @ danikaze~!
    
    This is purely an alias for the default export so that TypeScript users can avoid the esModuleInterop setting. In other words, the follow import statements are effectively identical, but the latter is preferred by TypeScript:

    import clsx from 'clsx';
    // or
    import { clsx } from 'clsx';

    Important: Just to reiterate, both still work!

  Chores

  • Migrate from tape to uvu for tests: 1c36d10
  • Add Node 14 and Node 16 to CI test matrix: bc4f827
  • Update "string variadic" tests (#30): 74cefa6
    Thank you @ gingerrific~!
  • Enable GitHub Sponsors button: 400b848

  ---

  Full Changelog: v1.1.1...v1.2.0

• 1.1.1 - 2020-05-30
  

  Note: This is a performance-related patch only!
  Across all benchmarks, this version of clsx is ~1M ops/sec faster than [email protected].
  ...It also happens to be 1 byte (gzip) smaller 😅🎉

  Patches

  • fix: Remove needless spacer on string/number condition: ff11464
  • fix: Remove unnecessary recursive caller for object keys: f43dd23
  • perf: Guard all toVal calls with truthy assertions: 4fa8811, 019ec02
  • perf: Reorder typeof checks for common case: 08a5a7f

  Chores

  • Run CI via GitHub Actions: 64af363, 883363b, 866620d, 768ffab, 5e92fdf
  • Report code coverage within CI script: 0fb6d98
  • Use esm hook with tests: 0287e40
  • Update module size (-1 byte): 7e8c75e
  • Update benchmark results: 75053c0
  • Lock all dev-deps: 3c6aa3f
  • Update badges: fd1533f

  Benchmarks

  Run on Node.js v10.13.0.
  You may find updated browser benchmarks here.

  The snippet below is comparing [email protected] (this version) to the previous version, and to classnames for ballpark comparison. All candidates are functionally identical!

  # Strings
  classnames x 3,992,284 ops/sec ±1.64% (94 runs sampled)
  [email protected] x 11,253,372 ops/sec ±0.35% (96 runs sampled)
  [email protected] x 12,784,134 ops/sec ±0.42% (97 runs sampled)

  Objects

  classnames x 3,772,978 ops/sec ±0.46% (96 runs sampled)
  [email protected] x 7,288,178 ops/sec ±0.31% (96 runs sampled)
  [email protected] x 9,412,010 ops/sec ±0.42% (95 runs sampled)

  Arrays

  classnames x 1,665,275 ops/sec ±1.83% (93 runs sampled)
  [email protected] x 8,340,174 ops/sec ±0.53% (96 runs sampled)
  [email protected] x 9,141,916 ops/sec ±0.42% (95 runs sampled)

  Nested Arrays

  classnames x 1,164,706 ops/sec ±1.60% (95 runs sampled)
  [email protected] x 6,284,485 ops/sec ±0.58% (90 runs sampled)
  [email protected] x 7,165,151 ops/sec ±0.47% (91 runs sampled)

  Nested Arrays w/ Objects

  classnames x 1,597,180 ops/sec ±1.49% (93 runs sampled)
  [email protected] x 6,345,248 ops/sec ±0.21% (95 runs sampled)
  [email protected] x 7,651,411 ops/sec ±0.56% (95 runs sampled)

  Mixed

  classnames x 2,129,199 ops/sec ±1.46% (94 runs sampled)
  [email protected] x 6,557,515 ops/sec ±0.73% (91 runs sampled)
  [email protected] x 8,119,210 ops/sec ±0.42% (93 runs sampled)

  Mixed (Bad Data)

  classnames x 1,166,577 ops/sec ±0.84% (94 runs sampled)
[email protected] x 2,018,654 ops/sec ±0.15% (98 runs sampled)
[email protected] x 2,238,939 ops/sec ±0.34% (95 runs sampled)


  
  

from clsx GitHub release notes

Package name: @material-ui/styles

• 4.11.5 - 2022-04-03
• 4.11.4 - 2021-04-27
• 4.11.3 - 2021-01-24
• 4.11.3-deprecations.1 - 2021-01-25
• 4.11.3-deprecations.0 - 2021-01-24
• 4.11.2 - 2020-12-02
• 4.11.1 - 2020-11-24
• 4.10.0 - 2020-05-23

from @material-ui/styles GitHub release notes

Package name: @testing-library/jest-dom

• 5.17.0 - 2023-07-18
  

  5.17.0 (2023-07-18)

  Features

  • New toHaveAccessibleErrorMessage better implementing the spec, deprecate toHaveErrorMessage (#503) (d717c66)
• 5.16.5 - 2022-08-04
  

  5.16.5 (2022-08-04)

  Bug Fixes

  • migrate ccs v3 to @ adobe/css-tools v4 (#470) (948d90f)
• 5.16.4 - 2022-04-05
  

  5.16.4 (2022-04-05)

  Bug Fixes

  • Support unenclosed inner text for details elements in to be visible (#396) (af18453)
• 5.16.3 - 2022-03-24
  

  5.16.3 (2022-03-24)

  Bug Fixes

  • clarify toHaveFocus message when using .not (#447) (6988a67)
• 5.16.2 - 2022-02-03
  

  5.16.2 (2022-02-03)

  Bug Fixes

  • add custom element support to toBeDisabled (#368) (8162115)
• 5.16.1 - 2021-12-06
  

  5.16.1 (2021-12-06)

  Bug Fixes

  • Improve toHaveClass error message format (#405) (a9beb47)
• 5.16.0 - 2021-12-03
  

  5.16.0 (2021-12-03)

  Features

  • Update aria-query to 5.0.0 (#414) (de26c7a)
• 5.15.1 - 2021-11-23
  

  5.15.1 (2021-11-23)

  Bug Fixes

  • wrong deprecate error message (#422) (dfcefa2)
• 5.15.0 - 2021-11-02
  

  5.15.0 (2021-11-02)

  Features

  • import parse directly from css (#415) (4cb606c)
• 5.14.1 - 2021-06-11
  

  5.14.1 (2021-06-11)

  Bug Fixes

  • Updates deprecated matchers info (#378) (fc9ce6d)
• 5.14.0 - 2021-06-11
• 5.13.0 - 2021-06-03
• 5.12.0 - 2021-04-22
• 5.11.10 - 2021-03-25
• 5.11.9 - 2021-01-12
• 5.11.8 - 2020-12-30
• 5.11.7 - 2020-12-30
• 5.11.6 - 2020-11-13
• 5.11.5 - 2020-10-23
• 5.11.4 - 2020-08-22
• 5.11.3 - 2020-08-11
• 5.11.2 - 2020-07-28
• 5.11.1 - 2020-07-15
• 5.11.0 - 2020-06-25
• 5.10.1 - 2020-06-14
• 5.10.0 - 2020-06-11
• 5.9.0 - 2020-05-28
• 5.8.0 - 2020-05-19
• 5.7.0 - 2020-05-07
• 5.7.0-beta.1 - 2020-05-08
• 5.6.0 - 2020-05-07
• 5.5.0 - 2020-04-09
• 5.4.0 - 2020-04-08
• 5.3.0 - 2020-03-26
• 5.2.0 - 2020-03-25
• 5.1.1 - 2020-02-03
• 5.1.0 - 2020-01-31

from @testing-library/jest-dom GitHub release notes

Package name: @testing-library/react

• 10.4.9 - 2020-08-21
  

  10.4.9 (2020-08-21)

  Bug Fixes

  • Bump @ testing-library/dom to 7.22.3 (#766) (276eb65)
• 10.4.8 - 2020-08-05
  

  10.4.8 (2020-08-05)

  Bug Fixes

  • fireEvent: Make sure react dispatches focus/blur events (#758) (9aac157)
• 10.4.7 - 2020-07-15
  

  10.4.7 (2020-07-15)

  Bug Fixes

  • unmount: Flush useEffect cleanup functions syncronously (#746) (b82773c)
• 10.4.6 - 2020-07-13
  

  10.4.6 (2020-07-13)

  Bug Fixes

  • cleanup: remove scheduler code from flush-microtasks (#744) (240900c)
• 10.4.5 - 2020-07-08
  

  10.4.5 (2020-07-08)

  Bug Fixes

  • flushMicroTasks: fallback to no scheduler (#739) (9e5cf59)
• 10.4.4 - 2020-07-05
  

  10.4.4 (2020-07-05)

  Bug Fixes

  • React next fails on build (#726) (#732) (604d3e9)
• 10.4.3 - 2020-06-25
  

  10.4.3 (2020-06-25)

  Bug Fixes

  • cleanup: Cleanup should flush microtask queue after unmount (#632) (aac2e44)
• 10.4.2 - 2020-06-24
  

  10.4.2 (2020-06-24)

  Bug Fixes

  • cleanup: microtask flushing now supports fake timers (#720) (5814b29)
• 10.4.1 - 2020-06-23
  

  10.4.1 (2020-06-23)

  Bug Fixes

  • update @ testing-library/dom to get a bug fix (6558845)
• 10.4.0 - 2020-06-23
  

  10.4.0 (2020-06-23)

  Features

  • force update of @ testing-library/dom (d10a13d)

  Latest DOM Testing Library release page: https://github.com/testing-library/dom-testing-library/releases/tag/v7.17.0

  The big feature is fake timers working with async utils out of the box

• 10.3.1-alpha.2 - 2020-06-23
• 10.3.1-alpha.1 - 2020-06-23
• 10.3.0 - 2020-06-18
• 10.3.0-alpha.1 - 2020-06-14
• 10.2.1 - 2020-06-05
• 10.2.0 - 2020-06-04
• 10.1.0 - 2020-06-04
• 10.0.6 - 2020-06-02
• 10.0.5 - 2020-06-01
• 10.0.4 - 2020-04-30
• 10.0.3 - 2020-04-20
• 10.0.2 - 2020-03-30
• 10.0.1 - 2020-03-13
• 10.0.0 - 2020-03-12

from @testing-library/react GitHub release notes

Package name: formik

• 2.4.6 - 2024-04-24
  

  Patch Changes

  • f57ca9b #3949 Thanks @ DeveloperRaj! - Changing the state inside formik was changing reference of initialValues provided via props, deep cloning the initialvalues will fix it.
• 2.4.5 - 2023-09-17
  

  Patch Changes

  • d7db9cd #3860 Thanks @ patik! - Add missing dependency @ types/hoist-non-react-statics, closes #3837

  • fe4ed7e #3501 Thanks @ markspolakovs! - Mark formik as side-effect free in package.json

• 2.4.4 - 2023-09-06
  

  Patch Changes

  • 41720c2 #3862 Thanks @ yazaldefilimonepinto! - Forward className for custom components used with Field

  • da58b29 #3858 Thanks @ alaanescobedo! - Remove use of deprecated StatelessComponent type in favor of FunctionComponent

  • 5c01ee7 #3872 Thanks @ rajpatelbot! - FIX: Fixed resetForm function dependency issue

• 2.4.3 - 2023-08-02
  

  Patch Changes

  • 9e0a661 #3843 Thanks @ bonimba! - Fix FormikHelper and FieldHelperProps types
• 2.4.2 - 2023-06-14
  

  Patch Changes

  • 96280d3 #3817 Thanks @ probablyup! - Updated internal types to support React 18.
• 2.4.1 - 2023-05-31
• 2.4.0 - 2023-05-27
• 2.3.3 - 2023-05-27
• 2.3.2 - 2023-05-26
• 2.3.0 - 2023-05-26
• 2.2.10 - 2023-05-26
• 2.2.9 - 2021-06-02
• 2.2.8 - 2021-05-21
• 2.2.7 - 2021-05-19
• 2.2.6 - 2020-12-10
• 2.2.5 - 2020-11-11
• 2.2.4 - 2020-11-10
• 2.2.3 - 2020-11-07
• 2.2.2 - 2020-11-05
• 2.2.1 - 2020-10-23

from formik GitHub release notes

Package name: history

• 5.3.0 - 2022-02-22
  

  This release provides support for native ESM consumption of all exports.

• 5.3.0-pre.0 - 2022-02-18
  No content.
• 5.2.0 - 2021-12-17
  

  🐛 Bug fixes

  • Fixed a few type declarations and deprecated the following types:
    • State (now set to unknown which will require consumer type narrowing)
    • PartialPath (use Partial<Path> instead)
    • PartialLocation (use Partial<Location> instead)
  • Fixed a regression related to the createPath return value (#813)

  ✨ Features

  • We now use statically analyzable CJS exports. This enables named imports in Node ESM scripts (See the commit).

  Full Changelog: v5.1.0...v5.2.0

• 5.1.0 - 2021-11-02
  

  Because the prior 5.0.2 release removed the State type parameter from Location, this was technically a breaking change. To correct for this, I'm bumping this as a minor release. It won't affect runtime code, but it may affect your development experience and tests if you were using that parameter.

  The State type export is also restored, so you shouldn't have issues with installing React Router v6.

  Oh, by the way, did you hear we released React Router v6?

  Full Changelog: v5.0.3...v5.1.0

• 5.0.3 - 2021-11-01
  

  Fixed parsePath adding incorrectly adding search

• 5.0.2 - 2021-11-01
  

  Just a couple fixes:

  • Fixed search params persisting on redirects
  • Changed the location.state type to any and removed the generic on Location

  Full Changelog: v5.0.1...v5.0.2

• 5.0.1 - 2021-08-13
  

  This patch release contains a tiny TypeScript update to use the built-in Partial utility for PartialPath and PartialLocation. We always love it when we can ship just a little less code!

  🙏 Credits

  Thanks to @ liuhanqu, @ hanquliu, @ chaance and @ mjackson for your contributions!

• 5.0.0 - 2020-06-12
  

  Today we are very pleased to announce the stable release of history version 5!

  Overview

  This version includes many enhancements and fixes a few important issues with the library.

  New Features

  • Hash history now has support for location.state
  • Better history.block API, with support for retrying transitions
  • Full TypeScript declarations and IntelliSense docs
  • Adds development and production builds for <script type=module> users
  • Both browser and hash history have support for iframes (custom window objects)
  • About 50% smaller than v4 (and no dependencies)

  Bugfixes

  • Fixed some long-standing encoding issues with location.pathname
  • Removed unfixable warnings about pushing the same path in hash history
  • Renamed browser global to HistoryLibrary so it doesn't conflict with window.History

  Breaking Changes

  • Removed support for browsers that do not support the HTML5 history API (no pushState)
  • Removed relative pathname support in hash history and memory history
  • Removed getUserConfirmation, keyLength, and hashType APIs

  Usage

  Please refer to our installation guide for instructions about how to install the library.

  There is also a getting started guide as well as a complete API reference in the docs folder.

  We are very excited about this release, especially because it will serve as the foundation for the upcoming release of React Router version 6.

  Thank you for your support. Enjoy! 😀

from history GitHub release notes

Package name: react-feather

• 2.0.10 - 2022-05-30
• 2.0.9 - 2020-11-17
• 2.0.8 - 2020-04-25

from react-feather GitHub release notes

Package name: react-router

• 6.26.1 - 2024-08-15
  

  [email protected]

• 6.26.1-pre.0 - 2024-08-14
  

  [email protected]

• 6.26.0 - 2024-08-01
• 6.26.0-pre.1 - 2024-07-31
• 6.26.0-pre.0 - 2024-07-30
• 6.25.1 - 2024-07-17
• 6.25.1-pre.0 - 2024-07-17
• 6.25.0 - 2024-07-16
• 6.25.0-pre.0 - 2024-07-12
• 6.24.1 - 2024-07-03
• 6.24.1-pre.0 - 2024-07-01
• 6.24.0 - 2024-06-24
• 6.24.0-pre.0 - 2024-06-14
• 6.23.1 - 2024-05-10
• 6.23.1-pre.1 - 2024-05-09
• 6.23.1-pre.0 - 2024-04-30
• 6.23.0 - 2024-04-23
• 6.23.0-pre...