Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade react-live from 2.2.3 to 2.4.1 #94

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade react-live from 2.2.3 to 2.4.1 #94

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link
Contributor

Snyk has created this PR to upgrade react-live from 2.2.3 to 2.4.1.

merge advice
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 3 versions ahead of your current version.
  • The recommended version was released 3 months ago, on 2022-01-18.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Prototype Pollution
SNYK-JS-MINIMIST-2429795		 185/1000
Why? CVSS 3.7		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: react-live
  • 2.4.1 - 2022-01-18

    🐛 Bugfixes 🐛

  • 2.4.0 - 2021-08-05

    This release is intended to upgrade some of the core dependencies ahead of more significant changes coming in the next major release.

    ✨ Features ✨

    • upgrade Babel, Rollup, Storybook #268

    🔐 Security 🔐

  • 2.3.0 - 2021-06-28

    ✨ Features ✨

    • add transpileOptions prop to LiveProvider #260
    • migrate other Live components to fn components #264
      • Editor is now a functional component

    ⚠️ Please note -- if you have implemented a custom editor that extended the previous class implementation of Editor, this will no longer work.

    Please see the Custom Editor story for an example of how to implement a custom editor without extending the built-in one.

    🐛 Bugfixes 🐛

    • Move LiveProvider to hooks #226
      • fixes warnings about unsafe lifecycle methods (componentDidMount)
    • remove onChange prop again before spreading to react-simple-code-editor #262
    • fixup lint errors #263

    🔐 Security 🔐

    • update dependencies #259
      • core-js bumped from ^2.4.1 to ^3.14.0

    📖 Documentation 📖

    • update demo site #257

    h/t to @ tomByrer, @ bkonkle, @ maksnester

  • 2.2.3 - 2020-11-06

    🐛 Bugfixes 🐛

    • Remove create-react-context #225

    ⚠️ Please note -- this change officially breaks support for React 15. I decided against a major release since React 15 support has been unofficially broken since 2.0.0

    📖 Documentation 📖

    • modernise demo site #223
from react-live GitHub release notes
Commit messages
Package name: react-live
  • 4497afe v2.4.1
  • cd481af Merge pull request #288 from AaronPowell96/fix/#283-console-crashing
  • 09074af Merge pull request #289 from FormidableLabs/jp-fixup-lint
  • 9b65e58 fixup lint task
  • eaa1c1a fix: Verify valid element before rendering
  • 68fce44 v2.4.0
  • 4db5a4c Merge pull request #268 from FormidableLabs/jp-upgrade-babel
  • 109e8c8 upgrade Babel, Rollup, Storybook
  • 07cf902 v2.3.0
  • 526e8da fixup yarn.lock
  • 34a6041 Merge pull request #260 from maksnester/mn/disable-transpilation-option
  • 08b945d feat: add transpileOptions prop to LiveProvider
  • c09b4bc Merge pull request #264 from FormidableLabs/jp-fn-components
  • 33b54e2 migrate other Live components to fn components
  • 0df3e76 Merge pull request #263 from FormidableLabs/jp-fix-lint-errors
  • 6739e5c fixup lint errors
  • 5478430 Merge pull request #262 from FormidableLabs/jp-fix-custom-onchange
  • cfe62b1 remove onChange prop again before spreading to react-simple-code-editor
  • edba11c Merge pull request #226 from FormidableLabs/issue/220-no-component-will-mount
  • b9385d9 fixup webpack resolution for demo site
  • 1b93fc5 Merge pull request #259 from FormidableLabs/jp-update-deps
  • b4deaf5 update dependencies
  • 837a2de Merge pull request #257 from FormidableLabs/jp-update-demo
  • 3a29eb8 NODE_VERSION is a string

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot