Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update dependency react-scripts to v3 - autoclosed #155

Closed
wants to merge 1 commit into from
Closed

chore(deps): update dependency react-scripts to v3 - autoclosed #155

wants to merge 1 commit into from

Conversation

mend-for-github.lhy31512.workers.dev[bot]
Copy link

This PR contains the following updates:

Package Type Update Change
react-scripts (source) dependencies major 1.0.17 -> 3.0.0

By merging this PR, the issue #46 will be automatically resolved and closed:

Severity CVSS Score CVE Reachability
Critical Critical 9.8 CVE-2018-13797
Critical Critical 9.8 CVE-2018-16492
Critical Critical 9.8 CVE-2020-7720
Critical Critical 9.8 CVE-2023-42282
High High 8.1 CVE-2022-1650
High High 7.7 CVE-2020-13822
High High 7.5 CVE-2018-16469
High High 7.5 CVE-2018-3737
High High 7.5 CVE-2021-28092
High High 7.5 CVE-2021-29059
High High 7.5 CVE-2021-3777
High High 7.5 CVE-2024-45296
High High 7.5 CVE-2024-45296
High High 7.5 WS-2019-0541
High High 7.5 WS-2020-0450
High High 7.4 WS-2018-0588
High High 7.4 WS-2018-0588
High High 7.3 CVE-2020-28499
High High 7.3 CVE-2020-8116
Medium Medium 6.8 CVE-2020-28498
Medium Medium 6.5 CVE-2018-21270
Medium Medium 5.9 WS-2019-0424
Medium Medium 5.9 WS-2019-0427
Medium Medium 5.6 CVE-2020-7598
Medium Medium 5.6 CVE-2020-7598
Medium Medium 5.6 CVE-2020-7598
Medium Medium 5.6 CVE-2020-7789
Medium Medium 5.6 CVE-2021-23369
Medium Medium 5.6 CVE-2021-23383
Medium Medium 5.3 CVE-2017-16028
Medium Medium 5.3 CVE-2021-23343
Medium Medium 5.3 CVE-2021-23362
Medium Medium 5.3 CVE-2022-33987
Medium Medium 5.1 WS-2019-0307
Medium Medium 4.8 WS-2018-0103

Release Notes

facebook/create-react-app (react-scripts)

v3.0.0

Compare Source

3.0.0 (April 22, 2019)

Create React App 3.0 brings some exciting new features including support for Hooks!

Thanks to all the maintainers and contributors who worked so hard on this release! 🎉

Highlights

Migrating from 2.1.x to 3.0.0

Inside any created project that has not been ejected, run:

npm install --save --save-exact [email protected]

or

yarn add --exact [email protected]

If you previously ejected but now want to upgrade, one common solution is to find the commits where you ejected (and any subsequent commits changing the configuration), revert them, upgrade, and later optionally eject again. It’s also possible that the feature you ejected for is now supported out of the box.

Breaking Changes

Like any major release, [email protected] contains a few breaking changes. We expect that they won't affect every user, but we recommend you look over this section to see if something is relevant to you. If we missed something, please file a new issue.

Jest 24

We've updated from Jest 23 to get the latest improvements in Jest 24. We've noticed some differences in snapshot serialization in Jest 24, so you may need to adjust your tests slightly once you update. You can read more about what's changed in the Jest 24 blog post.

Hooks support

We now enforce Rules of Hooks with eslint-plugin-react-hooks. If you are breaking any of the rules of Hooks this will cause your build to fail.

TypeScript linting

We now lint TypeScript files. You can see the list of rules we enforce to check if your project is compatible. If you're using Visual Studio Code you can follow our guide to setup up your editor to display lint warnings.

browserslist support in @​babel/preset-env

The browserslist config in your package.json is now used to control the output of your JavaScript files. You can use separate configuration for development and production. See here for a good starting point which gives a good development experience, especially when using language features such as async/await, but still provides high compatibility with many browsers in production

Remove --no-watch flag

We've removed the --no-watch flag from the start script in favor of Jest's own --watchAll=false.

New structure in asset-manifest.json

All asset paths have been moved under the files key in asset-manifest.json.

New Features

using jsconfig.json/tsconfig.json

We now support setting baseUrl in jsconfig.json and tsconfig.json. To configure baseUrl to point to the src directory in your JavaScript project, create a jsconfig.json file in your project root:

```json
{
  "compilerOptions": {
    "baseUrl": "src"
  },
  "include": ["src"]
}
```

If you have a TypeScript project you can configure baseUrl the same way in your tsconfig.json.

Currently the only supported options for baseUrl are node_modules (the default) and src.

PostCSS Normalize

You can now include a version of Normalize.css in your project that will use your browserslist setting to generate the appropriate styles for your target browsers. To include it simply add @import-normalize at the top of one of your CSS files.

Detailed Changelog

🚀 New Feature
💥 Breaking Change
🐛 Bug Fix
💅 Enhancement
📝 Documentation
🏠 Internal
🔨 Underlying Tools
Committers: 49

v2.1.8

Compare Source

2.1.8 (March 7, 2019)

v2.1.8 is a maintenance release that reapplies the TypeScript speed improvements (#​6406) in a new major version of react-dev-utils.

Migrating from 2.1.7 to 2.1.8

Inside any created project that has not been ejected, run:

npm install --save --save-exact [email protected]

or

yarn add --exact [email protected]

v2.1.7

Compare Source

2.1.7 (March 7, 2019)

v2.1.7 is a maintenance release that temporarily reverts the TypeScript speed improvements (#​6406) to fix a dependency issue in react-dev-utils.

Migrating from 2.1.6 to 2.1.7

Inside any created project that has not been ejected, run:

npm install --save --save-exact [email protected]

or

yarn add --exact [email protected]

v2.1.6

Compare Source

2.1.6 (March 6, 2019)

v2.1.6 is a maintenance release that brings a few new improvements, most notably:

  • 🚀 Reduced TypeScript rebuild times while running the development server. This was previously introduced in v2.1.4 but had to be reverted. Thanks to @​ianschmitz for getting this ready.
🐛 Bug Fix
💅 Enhancement
📝 Documentation
🏠 Internal
🔨 Underlying Tools
Committers: 15
Migrating from 2.1.5 to 2.1.6

Inside any created project that has not been ejected, run:

npm install --save --save-exact [email protected]

or

yarn add --exact [email protected]

v2.1.5

Compare Source

2.1.5 (February 11, 2019)

v2.1.5 is a maintenance release that reverts the TypeScript speed improvements (#​5903) to fix a dependency issue in react-dev-utils.

Migrating from 2.1.4 to 2.1.5

Inside any created project that has not been ejected, run:

npm install --save --save-exact [email protected]

or

yarn add --exact [email protected]

v2.1.4

Compare Source

2.1.4 (February 10, 2019)

v2.1.4 is a maintenance release that brings a number of awesome improvements. A few notable ones include:

  • 🚀 Reduced TypeScript rebuild times while running the development server. TypeScript is now blazing fast! Special thanks to @​deftomat and @​johnnyreilly and the other contributors for their hard work on this. (#​5903)
  • Jest type ahead support which provides a much nicer experience when filtering your tests using the Jest CLI (#​5213)
  • And many more improvements!
🐛 Bug Fix
💅 Enhancement
📝 Documentation
🏠 Internal
🔨 Underlying Tools
  • babel-preset-react-app, react-app-polyfill, react-dev-utils, react-scripts
  • babel-preset-react-app
  • eslint-config-react-app, react-scripts
Committers: 29
Migrating from 2.1.3 to 2.1.4

Inside any created project that has not been ejected, run:

npm install --save --save-exact [email protected]

or

yarn add --exact [email protected]

v2.1.3

Compare Source

2.1.3 (January 4, 2019)

v2.1.3 is a maintenance release to fix a vulnerability in webpack-dev-server.

📝 Documentation
🏠 Internal
🔨 Underlying Tools
Committers: 8
Migrating from 2.1.2 to 2.1.3

Inside any created project that has not been ejected, run:

npm install --save --save-exact [email protected]

or

yarn add --exact [email protected]

v2.1.2

Compare Source

2.1.2 (December 23, 2018)

v2.1.2 is a maintenance release including various bug fixes.

🚀 New Feature
  • babel-preset-react-app
🐛 Bug Fix
💅 Enhancement
📝 Documentation

@mend-for-github.lhy31512.workers.dev mend-for-github.lhy31512.workers.dev bot added the security fix Security fix generated by Mend label Dec 9, 2024
@mend-for-github.lhy31512.workers.dev mend-for-github.lhy31512.workers.dev bot changed the title chore(deps): update dependency react-scripts to v3 chore(deps): update dependency react-scripts to v3 - autoclosed Dec 13, 2024
@mend-for-github.lhy31512.workers.dev mend-for-github.lhy31512.workers.dev bot deleted the whitesource-remediate/react-scripts-3.x branch December 13, 2024 00:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
security fix Security fix generated by Mend
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants