[Snyk] Security upgrade react from 0.14.10 to 15.0.0

[github-snyk-ca]

Snyk has created this PR to fix 2 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

• example-elm0.18/package.json

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

⚠️ Warning

Failed to update the yarn.lock, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	631
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BRACEEXPANSION-9789073	508

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

[github-snyk-ca]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[github-snyk-ca]

This major version upgrade introduces significant breaking changes by moving core APIs to new packages and altering the underlying DOM structure, which will likely break tests and require code modifications.

Highlights:

• Update API imports: APIs like render and findDOMNode are no longer available on the main React object and must be imported from react-dom. [5]
• Review DOM-dependent logic: Tests or logic relying on data-reactid attributes will fail, as React no longer adds them to DOM nodes. [1, 4, 7]

Source: React documentation
Recommendation: Update imports from react-dom and audit tests for dependencies on internal DOM structure before merging.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[github-snyk-ca]

This major version upgrade from React 0.14 to 15.0 introduces significant breaking changes by removing previously deprecated APIs and altering the underlying DOM structure.

Highlights:

• DOM Structure Changes: React no longer adds data-reactid attributes to DOM nodes or wraps text-only components in extra <span> elements. This will likely break snapshot tests or any queries that rely on the old structure.
• Removed APIs: APIs deprecated in v0.14 are now removed. This includes setProps and getDOMNode on component instances, and moving DOM-related APIs like findDOMNode and render from the react package to react-dom.

Source: React documentation
Recommendation: Address any warnings from React 0.14 first. Then, update tests to match the new DOM structure and replace any removed APIs with their react-dom counterparts before merging.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[github-snyk-ca]

This major version upgrade introduces significant breaking changes to the DOM structure and removes APIs that were deprecated in v0.14. Tests that rely on specific DOM markup will likely fail and require updates.

Highlights:

• DOM structure changes: React no longer renders data-reactid attributes or wraps text in extra <span> elements. This can break snapshot tests and queries that rely on the old structure.
• API removals: APIs deprecated in v0.14 are now fully removed, including setProps, replaceProps, and getDOMNode from component instances.

Source: React documentation
Recommendation: Audit and update tests that rely on the internal DOM structure. Replace any usage of removed APIs with their modern equivalents, which should have been flagged by warnings in v0.14.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[github-snyk-ca]

This major version upgrade introduces significant breaking changes to how React interacts with the DOM and removes APIs deprecated in v0.14. Tests that rely on specific DOM structures are likely to break.

Highlights:

• DOM Structure Changes: React no longer renders the data-reactid attribute on DOM nodes. Tests using this attribute for selectors must be updated. [1, 2]
• Removed APIs: APIs deprecated in v0.14 are now removed. This includes getDOMNode, setProps, and replaceProps. Top-level APIs like findDOMNode and render must now be imported from ReactDOM. [4]

Source: React documentation
Recommendation: Audit and update tests that rely on data-reactid. Ensure all APIs deprecated in v0.14 have been migrated before upgrading.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[github-snyk-ca]

This major version upgrade removes APIs deprecated in v0.14 and changes some internal behaviors. Applications without deprecation warnings in v0.14 should have a straightforward upgrade. The most significant change is the removal of the data-reactid attribute from DOM nodes. [1]

Highlights:

• Removed Deprecations: APIs deprecated in v0.14, such as those related to the react-dom package split (e.g., React.render), are now fully removed. [1, 5]
• cloneElement Behavior: React.cloneElement() now correctly applies defaultProps for undefined props, which may alter component behavior in some edge cases. [1]

Source: React documentation
Recommendation: Ensure all deprecation warnings from React v0.14 have been resolved before upgrading. Test components using React.cloneElement for unintended changes.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[github-snyk-ca]

This major version upgrade introduces several breaking changes, primarily by removing previously deprecated patterns and changing how React interacts with the DOM. The most significant change is the removal of the data-reactid attribute from DOM nodes, which may break tests that rely on it. Additionally, support for IE8 is officially dropped.

Highlights:

• No more data-reactid: The data-reactid attribute is no longer rendered on DOM nodes. End-to-end tests that use this attribute for selecting elements will need to be updated.
• IE8 Support Dropped: React 15 no longer actively supports Internet Explorer 8. While it may still work, no new issues specific to IE8 will be fixed.

Source: React documentation
Recommendation: Audit and update any tests that rely on data-reactid for element selection. Ensure that dropping IE8 support is acceptable for your application's user base.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[github-snyk-ca]

This major version upgrade removes previously deprecated APIs and changes the underlying DOM structure. While most modern applications should be compatible if they are free of warnings on v0.14, code relying on specific DOM-rendering behavior or removed APIs will break.

Highlights:

• DOM Structure Changes: React no longer renders extra <span> wrappers around text nodes and has removed the data-reactid attribute from client-rendered elements. This can break tests that rely on specific DOM queries (e.g., XPath).
• Removed APIs: Methods deprecated in v0.14 are now removed. findDOMNode, render, and renderToString must now be imported from ReactDOM or ReactDOMServer.

Source: React documentation
Recommendation: Ensure your application has no console warnings on React 0.14.x. Audit tests for dependencies on internal DOM structure and update API imports before merging.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[github-snyk-ca]

This major version upgrade introduces significant internal changes to DOM rendering and removes previously deprecated patterns. Key changes include how React interacts with the DOM, which could affect CSS selectors and snapshot tests. If the application was free of warnings on version 0.14, the upgrade should be straightforward.

Highlights:

• DOM Structure Changes: React 15 no longer adds data-reactid attributes to DOM nodes and does not wrap text-only components in extra <span> elements. This results in a cleaner and lighter DOM structure but may break CSS selectors or tests that rely on this specific markup.
• null Rendering: Components that render null now render as comment nodes (<!-- -->) instead of <noscript> tags, which could affect CSS :nth-child selectors.

Source: React documentation
Recommendation: Audit CSS and test selectors for dependencies on the old DOM structure (e.g., data-reactid, extra <span>s). After updating, merge for compatibility.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[github-snyk-ca]

This major version upgrade removes patterns deprecated in v0.14 and changes how React interacts with the DOM. According to the official release notes, if your application is free of warnings when running under React 0.14, the upgrade should be straightforward.

Highlights:

• DOM Structure: React 15 no longer adds extra <span> wrappers around text nodes and removes the data-reactid attribute from client-rendered elements, resulting in a cleaner and lighter DOM.
• SVG: Full support for all SVG elements and attributes is now included.

Source: React documentation
Recommendation: Address any console warnings present in version 0.14 before upgrading. After upgrading, verify that any styling or tests dependent on the old DOM structure (e.g., data-reactid selectors) are updated.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.