[Snyk] Security upgrade react from 0.14.10 to 15.0.0

[github-snyk-ca]

Snyk has created this PR to fix 2 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

• example-elm0.19/package.json

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

⚠️ Warning

Failed to update the yarn.lock, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	631
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BRACEEXPANSION-9789073	508

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

[github-snyk-ca]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[github-snyk-ca]

This major version upgrade introduces internal DOM rendering changes and removes previously deprecated patterns. Key changes include the removal of data-reactid attributes and extra <span> tags from the rendered DOM, which could affect specific test selectors. If your code was free of warnings on version 0.14, the upgrade should be straightforward.

Highlights:

• DOM Structure Changes: React no longer renders extra <span> tags around text-only components and has removed the data-reactid attribute from all nodes. This may break tests that rely on specific DOM structures or XPath queries.
• cloneElement() Behavior: undefined props passed to React.cloneElement() will now be resolved to the component's defaultProps, aligning its behavior with createElement().

Source: React documentation
Recommendation: Review and update any integration or end-to-end tests that rely on specific DOM element paths or the data-reactid attribute. Ensure component behavior is consistent after the cloneElement() change.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[github-snyk-ca]

This major version upgrade from React 0.14 to 15.0 introduces significant breaking changes by altering DOM rendering and removing APIs that were deprecated in v0.14. Applications with tests that rely on specific DOM structures are likely to be affected.

• DOM structure changes: React no longer adds data-reactid attributes to DOM elements and has stopped wrapping text output in extra <span> tags. This will break tests (like XPath queries) or styling that specifically targeted this markup.
• Removed APIs: APIs deprecated in v0.14 are now fully removed. This includes findDOMNode and render from the top-level React object (now in ReactDOM), and component methods like setProps and getDOMNode.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[github-snyk-ca]

This major version upgrade from React 0.14.10 to 15.0.0 introduces significant breaking changes, primarily by removing APIs that were deprecated in v0.14 and altering the underlying DOM structure.

Highlights:

• DOM Structure: React no longer adds data-reactid attributes to DOM elements, and no longer wraps text-only components in extra <span> tags. This can break tests (e.g., XPath selectors) or styling that relied on this specific markup.
• API Removals: APIs deprecated in v0.14 are now fully removed. This includes getDOMNode, setProps, and replaceProps from component instances. findDOMNode and render have been moved from the React top-level to ReactDOM.

Source: React documentation
Recommendation: First, ensure your application has no console warnings when running on React 0.14. After upgrading, audit and update any tests that rely on the internal DOM structure (data-reactid or wrapper <span>s). Replace all removed API calls with their modern equivalents.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[github-snyk-ca]

This major version upgrade introduces significant internal changes to DOM rendering and removes patterns deprecated in v0.14. If the application has no warnings when running on React 0.14, the upgrade should be straightforward.

Highlights:

• DOM Structure Changes: React no longer adds data-reactid attributes to DOM nodes, and no longer wraps text-only components in extra <span> elements. This may impact CSS selectors or tests that relied on this specific markup.
• Removed Deprecations: Patterns that were deprecated in React 0.14 are now fully removed.

Source: React documentation
Recommendation: Ensure the application is free of any React warnings on version 0.14.x before upgrading. After upgrading, validate styling and any tests that rely on specific DOM structures.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[github-snyk-ca]

This major version upgrade introduces significant internal changes to DOM rendering and removes patterns deprecated in v0.14. The most notable change is that React no longer outputs extra <span> wrappers for text, which may affect tests that rely on a specific DOM structure.

Highlights:

• No more extra <span>s: Text-only components are no longer wrapped in <span>s. This can break specific DOM queries in tests (e.g., XPath).
• IE8 Support Discontinued: Active support for Internet Explorer 8 is dropped.

Source: React documentation
Recommendation: Review and update any tests that perform specific queries on the rendered DOM structure. Merge if tests pass.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[github-snyk-ca]

This major version upgrade removes previously deprecated patterns, changes DOM rendering, and drops support for IE8. The most significant change is the removal of the data-reactid attribute from DOM nodes, which may break tests that rely on it for element selection.

Highlights:

• No more data-reactid: React no longer renders the data-reactid attribute. Update tests or selectors that depend on this attribute.
• Full SVG Support: All SVG tags and attributes are now fully supported, fixing previous inconsistencies.

Source: React documentation
Recommendation: Audit your test suites for dependencies on data-reactid and ensure your code is free of warnings from React 0.14 before upgrading.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[github-snyk-ca]

This major version upgrade introduces significant internal changes to DOM rendering and removes previously deprecated patterns. Key breaking changes include the removal of extra <span> nodes wrapping text, which may affect CSS selectors, and a cleaner DOM structure without data-reactid attributes. If your application was free of warnings on version 0.14, the upgrade should be straightforward.

Highlights:

• No more extra <span>s: React no longer outputs <span> nodes around text. CSS that targets these spans for styling will need to be updated.
• null renders to comment nodes: Components returning null now render as <!-- react-empty --> instead of <noscript> tags, which can impact :nth-child selectors.

Source: React documentation
Recommendation: Audit CSS selectors that rely on React's old rendering structure (e.g., targeting <span> wrappers or using :nth-child). Merge after validation.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[github-snyk-ca]

This major version upgrade introduces DOM rendering changes and removes previously deprecated patterns. The most significant change is how React interacts with the DOM, which could affect testing and styling. If your application is free of warnings when running under React 0.14, the upgrade should be straightforward.

Highlights:

• DOM Structure Changes: React 15 no longer adds extra <span> wrappers around text-only components and removes the data-reactid attribute from DOM nodes. This can break tests (especially XPath or CSS selectors) that rely on this specific markup.
• API Deprecations Removed: APIs deprecated in v0.14 are now removed.

Source: React documentation
Recommendation: Audit and update any tests that rely on React's internal DOM structure. Ensure all deprecation warnings from React 0.14 have been addressed before upgrading.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.