[Snyk] Security upgrade react from 0.14.10 to 15.0.0

[github-snyk-ca]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • example-elm0.19/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	631/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.2	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[t-monaghan]

Automatically closed due to inactivity for more than 30 days.

[github-snyk-ca]

This major version upgrade introduces significant internal DOM rendering changes and removes patterns deprecated in v0.14. Key changes include how React interacts with the DOM, such as no longer adding extra <span> elements or data-reactid attributes. If your code was free of deprecation warnings in v0.14, the upgrade should be straightforward.

Highlights:

• DOM Structure Changes: React no longer renders extra <span> tags around text and has removed the data-reactid attribute from nodes, which may affect specific CSS or test selectors.
• cloneElement() Behavior: React.cloneElement() now correctly resolves defaultProps for undefined props, aligning its behavior with createElement().

Source: React blog and documentation.
Recommendation: Review code that relies on the specific DOM structure generated by React, such as test suites with brittle selectors. Ensure all deprecation warnings from React 0.14 have been addressed before upgrading.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[github-snyk-ca]

This major version upgrade introduces significant changes to React's internal DOM rendering, which can break styling and test selectors. It also removes APIs deprecated in v0.14 and drops support for IE8.

Highlights:

• DOM Structure Changes: React no longer renders data-reactid attributes on every node, and no longer wraps text-only components in <span> elements. CSS and test selectors relying on these will break.
• Removed Deprecations: APIs deprecated in v0.14, such as this.getDOMNode(), are now removed.

Source: React documentation
Recommendation: Audit CSS and test selectors for dependencies on data-reactid or auto-generated <span> tags. Replace calls to removed APIs like getDOMNode() with ReactDOM.findDOMNode().

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[github-snyk-ca]

This major version upgrade introduces significant breaking changes to how React interacts with the DOM and removes APIs that were deprecated in v0.14. Key changes include the removal of data-reactid attributes and extra <span> tags, which can break CSS selectors and tests.

Highlights:

• DOM Structure Changes: React no longer renders data-reactid attributes or wraps text nodes in <span> elements. Code relying on this specific DOM structure for CSS or testing will need to be updated.
• API Removals: APIs deprecated in v0.14, such as setProps and replaceProps on component instances, have been removed.

Source: React blog and changelogs.
Recommendation: Ensure your application runs without any warnings on React 0.14 before upgrading. After upgrading, thoroughly test styling and any code that queries the DOM, as the structure has changed.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[github-snyk-ca]

This major version upgrade introduces significant breaking changes to how React interacts with the DOM, requiring code and test validation. Key changes include the removal of data-reactid attributes and the elimination of extra <span> tags that previously wrapped text-only components.

Highlights:

• DOM Structure Changes: React no longer renders data-reactid attributes, which may break CSS selectors or end-to-end tests that relied on them. Additionally, text is no longer wrapped in <span> elements, simplifying the DOM but potentially affecting specific styling or test queries.
• Deprecated Pattern Removal: Patterns deprecated in version 0.14 are removed. If your application has no warnings when running with React 0.14, the upgrade should be smoother.

Source: React blog and documentation
Recommendation: Audit and update any test suites (e.g., WebDriver, XPath queries) or CSS selectors that depend on data-reactid or the extra <span> wrappers. Ensure all deprecation warnings from React 0.14 are resolved before upgrading.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[github-snyk-ca]

This major version upgrade from React 0.14 to 15.0 introduces several internal DOM handling changes and removes previously deprecated patterns. Key changes include how the DOM is rendered, improved SVG support, and the removal of data-reactid attributes. If your application was free of warnings on version 0.14, the upgrade should be straightforward.

Highlights:

• DOM Structure Changes: React 15 no longer adds extra <span> wrappers for text-only components and has removed the data-reactid attribute from all DOM nodes. This may affect snapshot tests or CSS selectors that relied on this specific markup.
• SVG Support: Full support for all SVG tags and attributes has been added.

Source: React documentation
Recommendation: Review any code that relies on the specific DOM structure generated by React, such as test snapshots or specific CSS selectors. Most applications will not require changes.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[github-snyk-ca]

This major version upgrade changes how React interacts with the DOM, which can impact test suites. The official guidance is that if your application has no warnings under React 0.14, the upgrade should be straightforward. [1]

Highlights:

• DOM Structure Changes: React no longer renders data-reactid attributes or extra <span> tags around text. This can break tests that use specific DOM selectors (e.g., XPath). [1, 12]
• IE8 Support Dropped: Active support for Internet Explorer 8 is discontinued. [2]

Source: Package documentation
Recommendation: Review and update any UI tests that rely on data-reactid or a specific DOM structure. Ensure the application runs without warnings on React 0.14 before upgrading.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[github-snyk-ca]

This major version upgrade introduces significant internal DOM changes that could break tests. React v15 no longer wraps text nodes in extra <span> elements and removes the data-reactid attribute from most nodes.

Highlights:

• Check for brittle tests: Tests that rely on specific DOM structures, like XPath queries or data-reactid selectors, may fail and need updates.
• Removed Deprecations: Patterns deprecated in React v0.14 have been removed. The upgrade should be straightforward if your application shows no warnings on v0.14.

Source: React documentation
Recommendation: Review and update any tests that inspect React's generated DOM structure before merging.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[github-snyk-ca]

This major version upgrade introduces significant internal changes to how React interacts with the DOM, removes previously deprecated APIs, and cleans up the rendered markup. While many applications will upgrade smoothly, those with specific DOM dependencies or using old patterns will require updates.

Highlights:

• DOM Markup Changes: React no longer adds data-reactid attributes to DOM nodes, and it no longer outputs extra <span> elements to wrap text-only components. This can break tests or styling that specifically target these implementation details.
• API Removals: APIs deprecated in v0.14 are now removed. This includes setProps, replaceProps, and getDOMNode on component instances.

Source: React documentation
Recommendation: Review and update any tests (especially snapshot or XPath/CSS selector-based tests) that rely on the old DOM structure. Replace any usage of removed component instance methods.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[github-snyk-ca]

This major version upgrade introduces significant internal changes to how React interacts with the DOM, but has a low risk of breaking most applications. The official guidance states that if your application has no warnings when running under React 0.14, the upgrade should be straightforward.

Highlights:

• DOM Structure Changes: React no longer adds data-reactid attributes to DOM nodes and has stopped wrapping text nodes in extra <span> elements. This makes the DOM lighter but could affect tests or styling that specifically targeted this structure.
• Improved SVG Support: Full support for all SVG tags and attributes has been added.

Source: React documentation
Recommendation: Review any tests that rely on data-reactid or specific DOM nesting with <span> tags. After updating, test the application thoroughly to ensure rendering and styling behave as expected.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[github-snyk-ca]

This major version upgrade changes how React interacts with the DOM, which may affect tests and styling. Patterns deprecated in v0.14 are now removed, but if your code was warning-free, the upgrade should be straightforward.

Highlights:

• DOM Structure Changes: React no longer wraps text nodes in extra <span> elements and has removed the data-reactid attribute from DOM nodes. This can break tests or CSS that specifically targeted them.
• null Renders as Comment: Components returning null now render as comment nodes instead of <noscript> tags, which could affect :nth-child CSS selectors.

Source: React documentation
Recommendation: Review and update any tests or CSS selectors that rely on the old DOM structure (e.g., data-reactid attributes or auto-generated <span> tags) before merging.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[github-snyk-ca]

This major version upgrade introduces significant changes to how React interacts with the DOM, which may break tests or styling that rely on the old structure. If your application has no warnings when running under React 0.14, the upgrade should be straightforward.

Highlights:

• No more extra <span>s: React no longer wraps text-only components in a <span>. This can affect CSS selectors and snapshot tests.
• data-reactid removed: The data-reactid attribute is no longer rendered on DOM nodes, making the DOM lighter but breaking any tests that query for this attribute.

Source: React documentation
Recommendation: Review and update any tests (especially snapshot and XPath-based tests) that rely on React's internal DOM structure. Merge after validation.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[github-snyk-ca]

This major version upgrade removes the data-reactid attribute from all DOM nodes, which will break tests and selectors that rely on it. It also removes APIs deprecated in v0.14 and changes how null props are rendered.

Highlights:

• Check for data-reactid: Any tests, CSS, or scripts that use the data-reactid attribute must be updated as it is no longer rendered.
• Update null prop usage: Setting a prop to null (e.g., href={null}) now removes the attribute from the DOM entirely.

Source: React documentation
Recommendation: Audit your test suite and CSS for data-reactid selectors before merging this upgrade.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[github-snyk-ca]

This major version upgrade introduces significant internal changes to DOM rendering, which could affect applications that rely on specific DOM structures or use CSS selectors like :nth-child. The official guidance states that if your application has no warnings when running under React 0.14, the upgrade should be straightforward.

Highlights:

• DOM Structure Changes: React 15 no longer adds extra <span> wrappers around text content and removes the data-reactid attribute from DOM nodes. This can break CSS or testing selectors that depend on this specific markup.
• null Rendering: Components that render null now produce a comment node (<!-- react-empty -->) instead of a <noscript> tag. This may impact CSS selectors like :nth-child.

Source: React documentation
Recommendation: Audit your CSS and test selectors for dependencies on React's internal DOM structure. Ensure your application is free of warnings on version 0.14 before upgrading.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[github-snyk-ca]

This major version upgrade introduces significant changes to React's interaction with the DOM, which could affect testing and styling. React 15 no longer adds extra <span> wrappers around text, and the data-reactid attribute has been removed from DOM nodes. These changes make the DOM lighter but may break selectors in tests or CSS that relied on this specific structure.

Source: React documentation
Recommendation: Review and update any CSS or test selectors that target <span> tags within components or rely on the data-reactid attribute for element traversal.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[github-snyk-ca]

This major version upgrade removes previously deprecated APIs and changes how React interacts with the DOM, which could affect styling and test automation. According to the official documentation, if your application has no warnings when running on React 0.14, the upgrade should be straightforward.

Highlights:

• DOM Structure Changes: React no longer outputs data-reactid attributes on nodes, and no longer wraps text-only components in extra <span> elements. This may break CSS selectors or tests that rely on this specific markup.
• null Rendering: Components that return null now render as comment nodes (<!-- -->) instead of <noscript> tags, which can affect CSS selectors like :nth-child.

Source: React documentation
Recommendation: Address any console warnings from React 0.14 before upgrading. After upgrading, verify that styling and component/element selectors in tests are not affected by the DOM structure changes.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[github-snyk-ca]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[github-snyk-ca]

This major version upgrade changes how React interacts with the DOM, making it more lightweight. The primary breaking changes affect the rendered HTML structure, which could impact snapshot tests or specific CSS selectors. According to the official announcement, if your application has no warnings on version 0.14, the upgrade should be straightforward. [9]DOM Structure Changes: The data-reactid attribute is no longer rendered on every DOM node, and extra <span> nodes around text have been removed. This can affect snapshot tests and CSS selectors that relied on this specific structure. [9]SVG Support: Full support for all SVG attributes is now included. Previously unsupported SVG tags and attributes should now work correctly. [9]

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.