Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade react-dom from 18.2.0 to 19.0.0 #7

Open
wants to merge 1 commit into
base: Andokas2
Choose a base branch
from

Conversation

snyk-io[bot]
Copy link

@snyk-io snyk-io bot commented Jan 5, 2025

snyk-top-banner

Snyk has created this PR to upgrade react-dom from 18.2.0 to 19.0.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

  • The recommended version is 583 versions ahead of your current version.

  • The recommended version was released a month ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-CROSSSPAWN-8303230
67 Proof of Concept
high severity Acceptance of Extraneous Untrusted Data With Trusted Data
SNYK-JS-NEXT-8025427
67 No Known Exploit
high severity Uncontrolled Recursion
SNYK-JS-NEXT-8186172
67 No Known Exploit
high severity Missing Authorization
SNYK-JS-NEXT-8520073
67 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHTOREGEXP-7925106
67 Proof of Concept
medium severity Improper Input Validation
SNYK-JS-NANOID-8492085
67 No Known Exploit
medium severity Server-Side Request Forgery (SSRF)
SNYK-JS-NEXT-6828457
67 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHTOREGEXP-7925106
67 Proof of Concept
Release notes
Package name: react-dom
  • 19.0.0 - 2024-12-05

    Below is a list of all new features, APIs, deprecations, and breaking changes. Read React 19 release post and React 19 upgrade guide for more information.

    Note: To help make the upgrade to React 19 easier, we’ve published a react@18.3 release that is identical to 18.2 but adds warnings for deprecated APIs and other changes that are needed for React 19. We recommend upgrading to React 18.3.1 first to help identify any issues before upgrading to React 19.

    New Features

    React

    • Actions: startTransition can now accept async functions. Functions passed to startTransition are called “Actions”. A given Transition can include one or more Actions which update state in the background and update the UI with one commit. In addition to updating state, Actions can now perform side effects including async requests, and the Action will wait for the work to finish before finishing the Transition. This feature allows Transitions to include side effects like fetch() in the pending state, and provides support for error handling, and optimistic updates.
    • useActionState: is a new hook to order Actions inside of a Transition with access to the state of the action, and the pending state. It accepts a reducer that can call Actions, and the initial state used for first render. It also accepts an optional string that is used if the action is passed to a form action prop to support progressive enhancement in forms.
    • useOptimistic: is a new hook to update state while a Transition is in progress. It returns the state, and a set function that can be called inside a transition to “optimistically” update the state to expected final value immediately while the Transition completes in the background. When the transition finishes, the state is updated to the new value.
    • use: is a new API that allows reading resources in render. In React 19, use accepts a promise or Context. If provided a promise, use will suspend until a value is resolved. use can only be used in render but can be called conditionally.
    • ref as a prop: Refs can now be used as props, removing the need for forwardRef.
    • Suspense sibling pre-warming: When a component suspends, React will immediately commit the fallback of the nearest Suspense boundary, without waiting for the entire sibling tree to render. After the fallback commits, React will schedule another render for the suspended siblings to “pre-warm” lazy requests.

    React DOM Client

    • <form> action prop: Form Actions allow you to manage forms automatically and integrate with useFormStatus. When a <form> action succeeds, React will automatically reset the form for uncontrolled components. The form can be reset manually with the new requestFormReset API.
    • <button> and <input> formAction prop: Actions can be passed to the formAction prop to configure form submission behavior. This allows using different Actions depending on the input.
    • useFormStatus: is a new hook that provides the status of the parent <form> action, as if the form was a Context provider. The hook returns the values: pending, data, method, and action.
    • Support for Document Metadata: We’ve added support for rendering document metadata tags in components natively. React will automatically hoist them into the <head> section of the document.
    • Support for Stylesheets: React 19 will ensure stylesheets are inserted into the <head> on the client before revealing the content of a Suspense boundary that depends on that stylesheet.
    • Support for async scripts: Async scripts can be rendered anywhere in the component tree and React will handle ordering and deduplication.
    • Support for preloading resources: React 19 ships with preinit, preload, prefetchDNS, and preconnect APIs to optimize initial page loads by moving discovery of additional resources like fonts out of stylesheet loading. They can also be used to prefetch resources used by an anticipated navigation.

    React DOM Server

    • Added prerender and prerenderToNodeStream APIs for static site generation. They are designed to work with streaming environments like Node.js Streams and Web Streams. Unlike renderToString, they wait for data to load for HTML generation.

    React Server Components

    • RSC features such as directives, server components, and server functions are now stable. This means libraries that ship with Server Components can now target React 19 as a peer dependency with a react-server export condition for use in frameworks that support the Full-stack React Architecture. The underlying APIs used to implement a React Server Components bundler or framework do not follow semver and may break between minors in React 19.x. See docs for how to support React Server Components.

    Deprecations

    • Deprecated: element.ref access: React 19 supports ref as a prop, so we’re deprecating element.ref in favor of element.props.ref. Accessing will result in a warning.
    • react-test-renderer: In React 19, react-test-renderer logs a deprecation warning and has switched to concurrent rendering for web usage. We recommend migrating your tests to @ testinglibrary.com/docs/react-testing-library/intro/) or @ testingesting-library.com/docs/react-native-testing-library/intro)

    Breaking Changes

    React 19 brings in a number of breaking changes, including the removals of long-deprecated APIs. We recommend first upgrading to 18.3.1, where we've added additional deprecation warnings. Check out the upgrade guide for more details and guidance on codemodding.

    React

    • New JSX Transform is now required: We introduced a new JSX transform in 2020 to improve bundle size and use JSX without importing React. In React 19, we’re adding additional improvements like using ref as a prop and JSX speed improvements that require the new transform.
    • Errors in render are not re-thrown: Errors that are not caught by an Error Boundary are now reported to window.reportError. Errors that are caught by an Error Boundary are reported to console.error. We’ve introduced onUncaughtError and onCaughtError methods to createRoot and hydrateRoot to customize this error handling.
    • Removed: propTypes: Using propTypes will now be silently ignored. If required, we recommend migrating to TypeScript or another type-checking solution.
    • Removed: defaultProps for functions: ES6 default parameters can be used in place. Class components continue to support defaultProps since there is no ES6 alternative.
    • Removed: contextTypes and getChildContext: Legacy Context for class components has been removed in favor of the contextType API.
    • Removed: string refs: Any usage of string refs need to be migrated to ref callbacks.
    • Removed: Module pattern factories: A rarely used pattern that can be migrated to regular functions.
    • Removed: React.createFactory: Now that JSX is broadly supported, all createFactory usage can be migrated to JSX components.
    • Removed: react-test-renderer/shallow: This has been a re-export of react-shallow-renderer since React 18. If needed, you can continue to use the third-party package directly. We recommend using @ testinglibrary.com/docs/react-testing-library/intro/) or @ testingesting-library.com/docs/react-native-testing-library/intro) instead.

    React DOM

    • Removed: react-dom/test-utils: We’ve moved act from react-dom/test-utils to react. All other utilities have been removed.
    • Removed: ReactDOM.render, ReactDOM.hydrate: These have been removed in favor of the concurrent equivalents: ReactDOM.createRoot and ReactDOM.hydrateRoot.
    • Removed: unmountComponentAtNode: Removed in favor of root.unmount().
    • Removed: ReactDOM.findDOMNode: You can replace ReactDOM.findDOMNode with DOM Refs.

    Notable Changes

    React

    • <Context> as a provider: You can now render <Context> as a provider instead of <Context.Provider>.
    • Cleanup functions for refs: When the component unmounts, React will call the cleanup function returned from the ref callback.
    • useDeferredValue initial value argument: When provided, useDeferredValue will return the initial value for the initial render of a component, then schedule a re-render in the background with the deferredValue returned.
    • Support for Custom Elements: React 19 now passes all tests on Custom Elements Everywhere.
    • StrictMode changes: useMemo and useCallback will now reuse the memoized results from the first render, during the second render. Additionally, StrictMode will now double-invoke ref callback functions on initial mount.
    • UMD builds removed: To load React 19 with a script tag, we recommend using an ESM-based CDN such as esm.sh.

    React DOM

    • Diffs for hydration errors: In the case of a mismatch, React 19 logs a single error with a diff of the mismatched content.
    • Compatibility with third-party scripts and extensions: React will now force a client re-render to fix up any mismatched content caused by elements inserted by third-party JS.

    TypeScript Changes

    The most common changes can be codemodded with npx types-react-codemod@latest preset-19 ./path-to-your-react-ts-files.

    • Removed deprecated TypeScript types:
      • ReactChild (replacement: React.ReactElement | number | string)
      • ReactFragment (replacement: Iterable<React.ReactNode>)
      • ReactNodeArray (replacement: ReadonlyArray<React.ReactNode>)
      • ReactText (replacement: number | string)
      • VoidFunctionComponent (replacement: FunctionComponent)
      • VFC (replacement: FC)
      • Moved to prop-types: Requireable, ValidationMap, Validator, WeakValidationMap
      • Moved to create-react-class: ClassicComponentClass, ClassicComponent, ClassicElement, ComponentSpec, Mixin, ReactChildren, ReactHTML, ReactSVG, SFCFactory
    • Disallow implicit return in refs: refs can now accept cleanup functions. When you return something else, we can’t tell if you intentionally returned something not meant to clean up or returned the wrong value. Implicit returns of anything but functions will now error.
    • Require initial argument to useRef: The initial argument is now required to match useState, createContext etc
    • Refs are mutable by default: Ref objects returned from useRef() are now always mutable instead of sometimes being immutable. This feature was too confusing for users and conflicted with legit cases where refs were managed by React and manually written to.
    • Strict ReactElement typing: The props of React elements now default to unknown instead of any if the element is typed as ReactElement
    • JSX namespace in TypeScript: The global JSX namespace is removed to improve interoperability with other libraries using JSX. Instead, the JSX namespace is available from the React package: import { JSX } from 'react'
    • Better useReducer typings: Most useReducer usage should not require explicit type arguments.
      For example,
      -useReducer<React.Reducer<State, Action>>(reducer)  
      +useReducer(reducer)  
      or
      -useReducer<React.Reducer<State, Action>>(reducer)  
      +useReducer<State, [Action]>(reducer)

    All Changes

    React

    React DOM

Snyk has created this PR to upgrade react-dom from 18.2.0 to 19.0.0.

See this package in npm:
react-dom

See this project in Snyk:
https://app.snyk.io/org/hashim21223445/project/1a893c81-e8ee-45b3-a7f3-17eefff40412?utm_source=github-cloud-app&utm_medium=referral&page=upgrade-pr
Copy link

semanticdiff-com bot commented Jan 5, 2025

Review changes with  SemanticDiff

Changed Files
File Status
  package.json  0% smaller

Copy link
Author

snyk-io bot commented Jan 5, 2025

🎉 Snyk checks have passed. No issues have been found so far.

security/snyk check is complete. No issues have been found. (View Details)

license/snyk check is complete. No issues have been found. (View Details)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants