[Snyk] Upgrade react-spinners from 0.11.0 to 0.13.8 #572

wambugucoder · 2024-03-28T11:53:12Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade react-spinners from 0.11.0 to 0.13.8.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 25 versions ahead of your current version.
The recommended version was released a year ago, on 2023-01-19.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Prototype Poisoning SNYK-JS-QS-3153490	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Prototype Poisoning SNYK-JS-QS-3153490	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Remote Memory Exposure SNYK-JS-DNSPACKET-1293563	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Remote Code Execution (RCE) SNYK-JS-EJS-2803307	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Arbitrary File Write SNYK-JS-TAR-1579155	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Directory Traversal SNYK-JS-MOMENT-2440688	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-TMPL-1583443	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Sandbox Bypass SNYK-JS-WEBPACK-3358798	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Path Traversal SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Arbitrary File Overwrite SNYK-JS-TAR-1536528	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536531	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579147	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579152	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-LOADERUTILS-3043105	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Prototype Pollution SNYK-JS-LOADERUTILS-3043105	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-ASYNC-2441827	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Denial of Service (DoS) SNYK-JS-NWSAPI-2841516	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Information Exposure SNYK-JS-NODEFETCH-2342118	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Denial of Service SNYK-JS-NODEFETCH-674311	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Open Redirect SNYK-JS-EXPRESS-6474509	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-HTTPCACHESEMANTICS-3248783	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Prototype Pollution SNYK-JS-JSON5-3182856	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-JSON5-3182856	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-2429795	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-WORDWRAP-3149973	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) npm:debug:20170905	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: react-spinners

0.13.8 - 2023-01-19
What's Changed
- Bump decode-uri-component from 0.2.0 to 0.2.2 by @ dependabot in #555
- chore: update devDependencies to latest versions by @ davidhu2000 in #556
- Bump json5 from 1.0.1 to 1.0.2 by @ dependabot in #559
- Remove Animation Fill Mode by @ Lucien950 in #558
- docs: fix radius prop type in storybook to be number instead of object by @ davidhu2000 in #561
New Contributors
- @ Lucien950 made their first contribution in #558
Full Changelog: v0.13.7...v0.13.8
0.13.7 - 2022-12-03
What's Changed

fix: PacmanLoader container height/width to adjust with size prop
0.13.6 - 2022-10-08
0.13.6
0.13.5 - 2022-10-04
0.13.5
0.13.4 - 2022-07-30
0.13.3 - 2022-07-01
0.13.3
0.13.2 - 2022-06-28
0.13.2
0.13.1 - 2022-06-25
0.13.1
0.13.0 - 2022-06-25
Major Changes

Feature: Removed @ emotion/react as a dependency and rewrote all components as functional components. This library now has ZERO dependencies.

This resulted in a huge component size reduction. As compared between 0.12.0 and 0.13.0

0.13.0

0.12.0

Feature: Add support for custom props such as aria-label
Feature: Updated RiseLoader rise amount to be the same as size prop instead of hard coded 30px

Breaking Change: css prop is renamed to cssOverride to avoid conflicts with css-in-js libraries

Storybook is introduced to better demo the components. The demo site is simplified to only allow color changes.

Minor Changes
- replaced enzyme with react testing library
- bugfix: add display: inherit to the default styles to fix the rendering issue
- bugfix: GridLoader's rendering issue
0.13.0-beta.7 - 2022-06-25
0.13.0-beta.6 - 2022-06-25
0.13.0-beta.5 - 2022-06-07
0.13.0-beta.4 - 2022-06-05
0.13.0-beta.3 - 2022-05-26
0.13.0-beta.2 - 2022-05-26
0.13.0-beta.1 - 2022-05-26
0.13.0-alpha.5 - 2022-05-22
0.13.0-alpha.4 - 2022-05-22
0.13.0-alpha.3 - 2022-05-16
0.13.0-alpha.1 - 2022-05-16
0.12.0 - 2022-05-16
Major Changes
- Feature: output commonjs, es module, and umd file types.
- Feature: add support for react 18 #464
Minor Changes
- bugfix: Update pragma to /** @ jsxImportSource @ emotion/react */ to fix issue with the new jsx runtime.
0.12.0-beta.1 - 2022-05-16
0.12.0-alpha.3 - 2022-05-03
0.12.0-alpha.2 - 2021-10-06
0.12.0-alpha.1 - 2021-09-25
0.11.0 - 2021-05-21

from react-spinners GitHub release notes

Commit messages

Package name: react-spinners

61ad627 0.13.8
b4f044d add changelog for 0.13.8
38448c5 docs: fix radius prop type in storybook to be number instead of object ([Snyk] Upgrade @testing-library/react from 10.0.0 to 10.4.9 #561)
b33fb0d Remove Animation Fill Mode from CircleLoader to fix SSR ([Snyk] Upgrade @testing-library/jest-dom from 5.1.0 to 5.17.0 #558)
1ef6575 Bump json5 from 1.0.1 to 1.0.2 ([Snyk] Upgrade @testing-library/react from 10.0.0 to 10.4.9 #559)
b8eb6ca chore: update devDependencies to latest versions ([Snyk] Upgrade @testing-library/react from 10.0.0 to 10.4.9 #556)
536c4eb Bump decode-uri-component from 0.2.0 to 0.2.2 ([Snyk] Upgrade @testing-library/jest-dom from 5.1.0 to 5.17.0 #555)
0b83da8 0.13.7
d575a3e fix PacmanLoader container height/width to adjust with size prop
388e04d Bump loader-utils from 1.4.1 to 1.4.2 ([Snyk] Upgrade @testing-library/react from 10.0.0 to 10.4.9 #554)
a6c877e Bump deep-object-diff from 1.1.7 to 1.1.9 ([Snyk] Upgrade @testing-library/jest-dom from 5.1.0 to 5.17.0 #553)
c6da343 Bump terser from 4.8.0 to 4.8.1 ([Snyk] Upgrade bootstrap from 5.1.3 to 5.3.2 #552)
409beec Bump loader-utils from 1.4.0 to 1.4.1 ([Snyk] Upgrade @testing-library/jest-dom from 5.1.0 to 5.17.0 #551)
b3827ba fix blog link in footer
3859e8f 0.13.6
87c512f improve readme format of example code
f6e91fc fix gh pages action when cache does not exist ([Snyk] Upgrade @testing-library/react from 10.0.0 to 10.4.9 #547)
84c83b9 0.13.5
814f524 update readme with include info on additional html props
f87bde7 fix fork on github banner cause footer style issues
a77fe1e move script into docs code instead of standpoint script
9b8a475 add google adsense to demo & storybook
4c69b22 fix darkmode on storybook ([Snyk] Upgrade @testing-library/jest-dom from 5.1.0 to 5.17.0 #544)
393b126 add darkmode to storybook, add canoical link, cleanup babel plugins ([Snyk] Upgrade @testing-library/jest-dom from 5.1.0 to 5.17.0 #543)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade react-spinners from 0.11.0 to 0.13.8. See this package in npm: https://www.npmjs.com/package/react-spinners See this project in Snyk: https://app.snyk.io/org/wambugucoder/project/4ad982c5-88ce-4f1c-98fc-b63137218714?utm_source=github&utm_medium=referral&page=upgrade-pr

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Snyk] Upgrade react-spinners from 0.11.0 to 0.13.8 #572

[Snyk] Upgrade react-spinners from 0.11.0 to 0.13.8 #572

Uh oh!

wambugucoder commented Mar 28, 2024

What's Changed

New Contributors

What's Changed

Major Changes

Minor Changes

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

[Snyk] Upgrade react-spinners from 0.11.0 to 0.13.8 #572

Are you sure you want to change the base?

[Snyk] Upgrade react-spinners from 0.11.0 to 0.13.8 #572

Uh oh!

Conversation

wambugucoder commented Mar 28, 2024

Snyk has created this PR to upgrade react-spinners from 0.11.0 to 0.13.8.

What's Changed

New Contributors

What's Changed

Major Changes

Minor Changes

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants