[Snyk] Security upgrade react from 0.14.10 to 15.0.0

[github-snyk-ca]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • example-elm0.18/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	631/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.2	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[t-monaghan]

Automatically closed due to inactivity for more than 30 days.

[github-snyk-ca]

This major version upgrade introduces significant breaking changes to how React interacts with the DOM and removes support for older technologies.

Highlights:

• DOM Structure Change: The data-reactid attribute is no longer rendered on DOM nodes, which will break tests and selectors that rely on it. React now uses document.createElement instead of innerHTML for initial renders. [1, 2, 7]
• Browser Support: Active support for Internet Explorer 8 has been discontinued. While the library might still function, issues specific to IE8 will no longer be fixed. [1, 2]

Source: React documentation
Recommendation: Audit your test suite and any query selectors to remove dependencies on the data-reactid attribute. Confirm that dropping IE8 support is acceptable before merging this upgrade.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[github-snyk-ca]

This major version upgrade introduces significant internal changes to DOM rendering and removes previously deprecated patterns. Key breaking changes include how React interacts with the DOM and the removal of <span> wrappers, which could affect tests that rely on specific DOM structures.

Highlights:

• DOM Structure Changes: React 15 no longer outputs extra <span> wrappers around text-only components and uses document.createElement instead of innerHTML. This also removes the data-reactid attribute from every node, making the DOM lighter but potentially breaking CSS selectors or tests that relied on it.
• Removed Deprecated APIs: APIs that were deprecated in React 0.14 are now fully removed. If your application has no warnings when running under React 0.14, the upgrade should be straightforward.

Source: React documentation
Recommendation: Audit and update any tests (especially snapshot and XPath/CSS selector-based tests) that rely on the old DOM structure. Ensure all deprecation warnings from React 0.14 have been resolved before upgrading.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[github-snyk-ca]

This major version upgrade introduces significant changes to the underlying DOM structure which may affect CSS selectors and testing. If your application is free of warnings when running under React 0.14, the upgrade should be straightforward.

Highlights:

• DOM Structure Changes: React no longer renders data-reactid attributes on DOM nodes, and no longer wraps text-only components in extra <span> elements. This can break CSS selectors or tests that rely on this specific markup.
• null Rendering: Components returning null now render as comment nodes instead of <noscript> tags, which could affect :nth-child CSS selectors.

Source: React documentation
Recommendation: Review and update CSS selectors and DOM-based tests that rely on the old data-reactid attributes or wrapper <span> elements. Merge after validation.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[github-snyk-ca]

This major version upgrade changes how React interacts with the DOM, which can break tests that rely on specific markup. React no longer adds data-reactid attributes to DOM nodes or wraps text in extra <span> elements.

Highlights:

• DOM Structure: Test suites using specific XPath queries or depending on data-reactid may fail and require updates.
• IE8 Support: Active support for Internet Explorer 8 is discontinued.

Source: React documentation
Recommendation: Review and update any tests that assert on the specific DOM structure generated by React. If your application is free of warnings on version 0.14, the upgrade should be straightforward.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[github-snyk-ca]

This major version upgrade introduces behind-the-scenes DOM interaction changes and removes previously deprecated patterns. The most significant change is how React interacts with the DOM, now using document.createElement instead of innerHTML, which removes the data-reactid attribute from DOM nodes. If the application was free of warnings on version 0.14, the upgrade should be straightforward.

Highlights:

• DOM Structure Change: The data-reactid attribute is no longer rendered on DOM nodes, which may affect tests or logic that relied on it.
• Removed APIs: APIs deprecated in v0.14 are removed. This includes setProps, replaceProps on component instances, and cloneWithProps from addons.

Source: React documentation
Recommendation: Review any code (especially tests) that queries for the data-reactid attribute. Ensure no deprecated APIs from v0.14 are in use before merging.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[github-snyk-ca]

This major version upgrade alters React's underlying DOM rendering, which can break tests. The main changes include the removal of data-reactid attributes from DOM nodes and no longer wrapping text-only components in extra <span> elements. [1, 5] If your application has tests that rely on specific DOM structures or the data-reactid attribute, they will likely need updates. [1] Active support for Internet Explorer 8 is also discontinued. [2]

Source: React documentation
Recommendation: Review and update any test suites (especially those using XPath or fragile CSS selectors) that inspect the DOM structure, then merge the upgrade.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[github-snyk-ca]

This major version upgrade changes how React interacts with the DOM, which can break CSS selectors and tests. The official guidance states that if your application has no warnings when running on version 0.14, the upgrade should be straightforward.

Highlights:

• DOM Structure Changes: React no longer renders the data-reactid attribute on DOM nodes. Additionally, it no longer wraps text nodes in extra <span> elements. This can break CSS or test selectors relying on them.
• Rendering null: Components rendering null now create a comment node (<!-- -->) instead of a <noscript> tag, which may affect :nth-child CSS selectors.

Source: React documentation
Recommendation: Audit CSS and integration tests for dependencies on data-reactid attributes or <span> tags that wrap text. Merge after validation.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[github-snyk-ca]

This major version upgrade introduces significant changes to React's DOM rendering, which may affect CSS selectors and snapshot tests. If your application is free of warnings when running under React 0.14, the upgrade should be straightforward.

Highlights:

• DOM Structure Changes: React no longer adds data-reactid attributes to DOM nodes, and no longer wraps text-only components in extra <span> elements. This can make the DOM lighter but may break CSS or tests that relied on this structure.
• null Rendering: Components that return null now render as comment nodes (<!-- -->) instead of <noscript> tags, which could affect :nth-child CSS selectors.

Source: React documentation
Recommendation: Review and update CSS selectors and snapshot tests that rely on the old DOM structure. Merge after validation.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[github-snyk-ca]

This major version upgrade from React 0.14 to 15.0.0 introduces several breaking changes, primarily by removing patterns that were deprecated in v0.14. Key changes include how React interacts with the DOM and full SVG support. If your application was free of deprecation warnings on v0.14, the upgrade should be straightforward.

Highlights:

• DOM Structure Changes: React no longer wraps text-only components in extra <span> elements, which may break tests that rely on a specific DOM structure.
• Removed Deprecations: Patterns deprecated in v0.14 are now fully removed. This includes this.getDOMNode() (use ReactDOM.findDOMNode(this)) and certain add-ons that were moved to separate packages.

Source: React documentation
Recommendation: Ensure your application has no console warnings when running on React 0.14.x. After upgrading, validate tests that depend on specific DOM rendering, especially those using XPath or renderToStaticMarkup.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[github-snyk-ca]

This major version upgrade introduces DOM rendering changes and removes previously deprecated patterns. Key breaking changes include how the DOM is structured and a bug fix in React.cloneElement. If your code was free of warnings in v0.14, the upgrade should be straightforward.

Highlights:

• No more extra <span> wrappers: React no longer wraps text nodes in <span> elements. CSS selectors targeting these spans may break.
• null renders to comment nodes: Components returning null now render as <!-- react-empty --> instead of <noscript> tags, which can affect CSS :nth-child selectors.

Source: React documentation
Recommendation: Review CSS selectors that rely on React's old rendering behavior. Ensure your application has no warnings when running on React 0.14 before upgrading.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[github-snyk-ca]

This major version upgrade removes APIs deprecated in v0.14 and changes the underlying DOM structure. The upgrade should be straightforward if your application has no warnings when running on React 0.14.

Highlights:

• DOM APIs moved: findDOMNode, render, and unmountComponentAtNode are no longer available on the React top-level package; they must be imported from ReactDOM.
• DOM structure changes: React no longer generates data-reactid attributes or wraps text nodes in extra <span> elements. This may break tests that rely on a specific DOM structure.

Source: React documentation
Recommendation: Ensure your code has no deprecation warnings on v0.14. Update imports to use ReactDOM for DOM-related APIs and validate tests that depend on the previous DOM structure.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[github-snyk-ca]

This major version upgrade introduces significant internal changes to how React interacts with the DOM, which may break CSS or test selectors. If your application was free of warnings on React 0.14, the upgrade should be straightforward.

Highlights:

• No more data-reactid: React no longer adds the data-reactid attribute to every DOM node. Tests or styles relying on this attribute must be updated.
• No more <span>s: React no longer wraps text nodes in <span> tags. This can affect CSS selectors like :nth-child.

Source: React documentation
Recommendation: Audit CSS and test selectors for dependencies on React's internal DOM structure (e.g., data-reactid, wrapper <span>s) before merging.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[github-snyk-ca]

This major version upgrade introduces significant internal changes to DOM rendering and removes previously deprecated patterns. Key breaking changes include the removal of data-reactid attributes and changes to how text and null values are rendered, which could affect CSS selectors and snapshot tests.

Highlights:

• DOM Structure Changes: React no longer wraps text-only components in <span> elements and renders null to a <noscript> tag instead of a comment node. This can break CSS selectors like :nth-child and UI snapshot tests.
• data-reactid Removed: The data-reactid attribute is no longer rendered on client-side rendered DOM nodes, which may impact end-to-end tests or other tools that relied on this attribute for element identification.

Source: React documentation
Recommendation: Audit CSS for selectors that rely on React's old rendering structure (e.g., extra <span>s) and update any tests that depend on data-reactid or the previous DOM output for null.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[github-snyk-ca]

This major version upgrade introduces significant changes to how React interacts with the DOM, which may break tests or styling. APIs deprecated in v0.14 have been removed.

Highlights:

• No more extra <span>s: React no longer wraps text-only components in <span> tags. This can break CSS and test selectors that relied on this structure.
• data-reactid removed: The data-reactid attribute is no longer rendered on DOM nodes, which may affect end-to-end or unit tests that used it for querying elements.

Source: React documentation
Recommendation: Audit CSS selectors and component tests that rely on the old DOM structure (extra <span>s or data-reactid attributes) before merging.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[github-snyk-ca]

This major version upgrade removes APIs deprecated in v0.14 and changes the underlying DOM structure. Applications that were free of warnings on React 0.14 should have a straightforward upgrade path.

Highlights:

• DOM Structure: React no longer renders extra <span>s around text nodes and has removed the data-reactid attribute from client-rendered elements. This may impact tests that rely on a specific DOM structure (e.g., XPath queries).
• API Removals: APIs like render() and findDOMNode() have been completely removed from the react package and must be imported from react-dom instead.

Source: React documentation
Recommendation: Update code to import APIs from react-dom and validate tests that depend on the previous DOM structure.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[github-snyk-ca]

This major version upgrade removes APIs deprecated in v0.14, changes how components interact with the DOM, and could break styling and tests.

Highlights:

• DOM Structure Changes: React no longer renders data-reactid attributes on nodes, and no longer wraps text-only components in <span> elements. This can break CSS selectors and snapshot tests. [1, 4]
• API Removals: findDOMNode, render, and renderToString have been removed from the React object. They must now be imported from react-dom and react-dom/server. [4]

Source: React documentation
Recommendation: First, ensure your application has zero deprecation warnings on version 0.14. After upgrading, review CSS selectors and tests that rely on data-reactid or auto-generated <span> tags.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[github-snyk-ca]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[github-snyk-ca]

This major version upgrade introduces significant changes to React's DOM structure which may break CSS selectors and testing utilities. React 15 removes extra <span> tags around text and no longer adds data-reactid attributes to DOM nodes.

Highlights:

• Check CSS selectors: Styles using :nth-child may be affected as null now renders as a comment node instead of a <noscript> tag.
• Update tests: Tests relying on data-reactid or specific <span> wrappers for text nodes will need to be updated.

Source: React documentation
Recommendation: Audit CSS and integration tests for dependencies on React's internal DOM structure before merging.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.