[Snyk] Upgrade: , react, react-dom, , , , formik, next, use-remote-data

[alvinrumbaoa]

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

@emotion/styled
from 11.6.0 to 11.13.0 | 12 versions ahead of your current version | 2 months ago
on 2024-07-20
react
from 17.0.0 to 17.0.2 | 2 versions ahead of your current version | 3 years ago
on 2021-03-22
react-dom
from 17.0.0 to 17.0.2 | 2 versions ahead of your current version | 3 years ago
on 2021-03-22
@chakra-ui/icons
from 1.1.1 to 1.1.7 | 6 versions ahead of your current version | 3 years ago
on 2022-02-20
@chakra-ui/react
from 1.7.2 to 1.8.9 | 13 versions ahead of your current version | 2 years ago
on 2022-09-16
@emotion/react
from 11.7.0 to 11.13.3 | 18 versions ahead of your current version | 23 days ago
on 2024-08-21
formik
from 2.2.9 to 2.4.6 | 11 versions ahead of your current version | 5 months ago
on 2024-04-24
next
from 12.0.7 to 12.3.4 | 275 versions ahead of your current version | 2 years ago
on 2022-11-21
use-remote-data
from 0.4.0 to 0.5.1 | 2 versions ahead of your current version | 2 years ago
on 2022-10-14

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	521	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-BROWSERIFYSIGN-6037026	521	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	521	Proof of Concept
	Information Exposure SNYK-JS-NANOID-2332193	521	Proof of Concept
	Denial of Service (DoS) SNYK-JS-NEXT-2388583	521	No Known Exploit
	User Interface (UI) Misrepresentation of Critical Information SNYK-JS-NEXT-2405694	521	No Known Exploit
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577916	521	Proof of Concept
	Information Exposure SNYK-JS-NODEFETCH-2342118	521	No Known Exploit
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577917	521	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577918	521	Proof of Concept
	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	521	No Known Exploit
	Prototype Pollution SNYK-JS-JSON5-3182856	521	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	521	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	521	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-2429795	521	Proof of Concept

Release notes

Package name: @emotion/styled

• 11.13.0 - 2024-07-20
  

  Minor Changes

  • #3198 d8ff8a5 Thanks @ Andarist! - Migrated away from relying on process.env.NODE_ENV checks to differentiate between production and development builds.

    Development builds (and other environment-specific builds) can be used by using proper conditions (see here). Most modern bundlers/frameworks already preconfigure those for the user so no action has to be taken.

    Default files should continue to work in all environments.

  • #3215 a9f6912 Thanks @ Andarist! - Added edge-light and workerd conditions to package.json manifest to better serve users using Vercel Edge and Cloudflare Workers.

  Patch Changes

  • Updated dependencies [d8ff8a5, a9f6912]:
    • @ emotion/serialize@1.3.0
    • @ emotion/use-insertion-effect-with-fallbacks@1.1.0
    • @ emotion/utils@1.4.0
• 11.12.0 - 2024-07-19
• 11.11.5 - 2024-03-29
• 11.11.0 - 2023-05-06
• 11.10.8 - 2023-04-28
• 11.10.6 - 2023-02-16
• 11.10.5 - 2022-10-27
• 11.10.4 - 2022-08-30
• 11.10.0 - 2022-07-31
• 11.9.3 - 2022-06-12
• 11.8.1 - 2022-02-19
• 11.8.0 - 2022-02-19
• 11.6.0 - 2021-11-14

from @emotion/styled GitHub release notes

Package name: react

• 17.0.2 - 2021-03-22
  

  React DOM

  • Remove an unused dependency to address the SharedArrayBuffer cross-origin isolation warning. (@ koba04 and @ bvaughn in #20831, #20832, and #20840)

  Artifacts

  • react: https://unpkg.com/react@17.0.2/umd/
  • react-art: https://unpkg.com/react-art@17.0.2/umd/
  • react-dom: https://unpkg.com/react-dom@17.0.2/umd/
  • react-is: https://unpkg.com/react-is@17.0.2/umd/
  • react-test-renderer: https://unpkg.com/react-test-renderer@17.0.2/umd/
  • scheduler: https://unpkg.com/scheduler@0.20.2/umd/
• 17.0.1 - 2020-10-22
  

  React DOM

  • Fix a crash in IE11. (@ gaearon in #20071)
• 17.0.0 - 2020-10-20
  

  Today, we are releasing React 17!

  Learn more about React 17 and how to update to it on the official React blog.

  React

  • Add react/jsx-runtime and react/jsx-dev-runtime for the new JSX transform. (@ lunaruan in #18299)
  • Build component stacks from native error frames. (@ sebmarkbage in #18561)
  • Allow to specify displayName on context for improved stacks. (@ eps1lon in #18224)
  • Prevent 'use strict' from leaking in the UMD bundles. (@ koba04 in #19614)
  • Stop using fb.me for redirects. (@ cylim in #19598)

  React DOM

  • Delegate events to roots instead of document. (@ trueadm in #18195 and others)
  • Clean up all effects before running any next effects. (@ bvaughn in #17947)
  • Run useEffect cleanup functions asynchronously. (@ bvaughn in #17925)
  • Use browser focusin and focusout for onFocus and onBlur. (@ trueadm in #19186)
  • Make all Capture events use the browser capture phase. (@ trueadm in #19221)
  • Don't emulate bubbling of the onScroll event. (@ gaearon in #19464)
  • Throw if forwardRef or memo component returns undefined. (@ gaearon in #19550)
  • Remove event pooling. (@ trueadm in #18969)
  • Stop exposing internals that won’t be needed by React Native Web. (@ necolas in #18483)
  • Attach all known event listeners when the root mounts. (@ gaearon in #19659)
  • Disable console in the second render pass of DEV mode double render. (@ sebmarkbage in #18547)
  • Deprecate the undocumented and misleading ReactTestUtils.SimulateNative API. (@ gaearon in #13407)
  • Rename private field names used in the internals. (@ gaearon in #18377)
  • Don't call User Timing API in development. (@ gaearon in #18417)
  • Disable console during the repeated render in Strict Mode. (@ sebmarkbage in #18547)
  • In Strict Mode, double-render components without Hooks too. (@ eps1lon in #18430)
  • Allow calling ReactDOM.flushSync during lifecycle methods (but warn). (@ sebmarkbage in #18759)
  • Add the code property to the keyboard event objects. (@ bl00mber in #18287)
  • Add the disableRemotePlayback property for video elements. (@ tombrowndev in #18619)
  • Add the enterKeyHint property for input elements. (@ eps1lon in #18634)
  • Warn when no value is provided to <Context.Provider>. (@ charlie1404 in #19054)
  • Warn when memo or forwardRef components return undefined. (@ bvaughn in #19550)
  • Improve the error message for invalid updates. (@ JoviDeCroock in #18316)
  • Exclude forwardRef and memo from stack frames. (@ sebmarkbage in #18559)
  • Improve the error message when switching between controlled and uncontrolled inputs. (@ vcarl in #17070)
  • Keep onTouchStart, onTouchMove, and onWheel passive. (@ gaearon in #19654)
  • Fix setState hanging in development inside a closed iframe. (@ gaearon in #19220)
  • Fix rendering bailout for lazy components with defaultProps. (@ jddxf in #18539)
  • Fix a false positive warning when dangerouslySetInnerHTML is undefined. (@ eps1lon in #18676)
  • Fix Test Utils with non-standard require implementation. (@ just-boris in #18632)
  • Fix onBeforeInput reporting an incorrect event.type. (@ eps1lon in #19561)
  • Fix event.relatedTarget reported as undefined in Firefox. (@ claytercek in #19607)
  • Fix "unspecified error" in IE11. (@ hemakshis in #19664)
  • Fix rendering into a shadow root. (@ Jack-Works in #15894)
  • Fix movementX/Y polyfill with capture events. (@ gaearon in #19672)
  • Use delegation for onSubmit and onReset events. (@ gaearon in #19333)
  • Improve memory usage. (@ trueadm in #18970)

  React DOM Server

  • Make useCallback behavior consistent with useMemo for the server renderer. (@ alexmckenley in #18783)
  • Fix state leaking when a function component throws. (@ pmaccart in #19212)

  React Test Renderer

  • Improve findByType error message. (@ henryqdineen in #17439)

  Concurrent Mode (Experimental)

  • Revamp the priority batching heuristics. (@ acdlite in #18796)
  • Add the unstable_ prefix before the experimental APIs. (@ acdlite in #18825)
  • Remove unstable_discreteUpdates and unstable_flushDiscreteUpdates. (@ trueadm in #18825)
  • Remove the timeoutMs argument. (@ acdlite in #19703)
  • Disable <div hidden /> prerendering in favor of a different future API. (@ acdlite in #18917)
  • Add unstable_expectedLoadTime to Suspense for CPU-bound trees. (@ acdlite in #19936)
  • Add an experimental unstable_useOpaqueIdentifier Hook. (@ lunaruan in #17322)
  • Add an experimental unstable_startTransition API. (@ rickhanlonii in #19696)
  • Using act in the test renderer no longer flushes Suspense fallbacks. (@ acdlite in #18596)
  • Use global render timeout for CPU Suspense. (@ sebmarkbage in #19643)
  • Clear the existing root content before mounting. (@ bvaughn in #18730)
  • Fix a bug with error boundaries. (@ acdlite in #18265)
  • Fix a bug causing dropped updates in a suspended tree. (@ acdlite in #18384 and #18457)
  • Fix a bug causing dropped render phase updates. (@ acdlite in #18537)
  • Fix a bug in SuspenseList. (@ sebmarkbage in #18412)
  • Fix a bug causing Suspense fallback to show too early. (@ acdlite in #18411)
  • Fix a bug with class components inside SuspenseList. (@ sebmarkbage in #18448)
  • Fix a bug with inputs that may cause updates to be dropped. (@ jddxf in #18515 and @ acdlite in #18535)
  • Fix a bug causing Suspense fallback to get stuck. (@ acdlite in #18663)
  • Don't cut off the tail of a SuspenseList if hydrating. (@ sebmarkbage in #18854)
  • Fix a bug in useMutableSource that may happen when getSnapshot changes. (@ bvaughn in #18297)
  • Fix a tearing bug in useMutableSource. (@ bvaughn in #18912)
  • Warn if calling setState outside of render but before commit. (@ sebmarkbage in #18838)

  Artifacts

  • react: https://unpkg.com/react@17.0.1/umd/
  • react-art: https://unpkg.com/react-art@17.0.1/umd/
  • react-dom: https://unpkg.com/react-dom@17.0.1/umd/
  • react-is: https://unpkg.com/react-is@17.0.1/umd/
  • react-test-renderer: https://unpkg.com/react-test-renderer@17.0.1/umd/
  • scheduler: https://unpkg.com/scheduler@0.20.1/umd/

from react GitHub release notes

Package name: react-dom

• 17.0.2 - 2021-03-22
  

  React DOM

  • Remove an unused dependency to address the SharedArrayBuffer cross-origin isolation warning. (@ koba04 and @ bvaughn in #20831, #20832, and #20840)

  Artifacts

  • react: https://unpkg.com/react@17.0.2/umd/
  • react-art: https://unpkg.com/react-art@17.0.2/umd/
  • react-dom: https://unpkg.com/react-dom@17.0.2/umd/
  • react-is: https://unpkg.com/react-is@17.0.2/umd/
  • react-test-renderer: https://unpkg.com/react-test-renderer@17.0.2/umd/
  • scheduler: https://unpkg.com/scheduler@0.20.2/umd/
• 17.0.1 - 2020-10-22
  

  React DOM

  • Fix a crash in IE11. (@ gaearon in #20071)
• 17.0.0 - 2020-10-20
  

  Today, we are releasing React 17!

  Learn more about React 17 and how to update to it on the official React blog.

  React

  • Add react/jsx-runtime and react/jsx-dev-runtime for the new JSX transform. (@ lunaruan in #18299)
  • Build component stacks from native error frames. (@ sebmarkbage in #18561)
  • Allow to specify displayName on context for improved stacks. (@ eps1lon in #18224)
  • Prevent 'use strict' from leaking in the UMD bundles. (@ koba04 in #19614)
  • Stop using fb.me for redirects. (@ cylim in #19598)

  React DOM

  • Delegate events to roots instead of document. (@ trueadm in #18195 and others)
  • Clean up all effects before running any next effects. (@ bvaughn in #17947)
  • Run useEffect cleanup functions asynchronously. (@ bvaughn in #17925)
  • Use browser focusin and focusout for onFocus and onBlur. (@ trueadm in #19186)
  • Make all Capture events use the browser capture phase. (@ trueadm in #19221)
  • Don't emulate bubbling of the onScroll event. (@ gaearon in #19464)
  • Throw if forwardRef or memo component returns undefined. (@ gaearon in #19550)
  • Remove event pooling. (@ trueadm in #18969)
  • Stop exposing internals that won’t be needed by React Native Web. (@ necolas in #18483)
  • Attach all known event listeners when the root mounts. (@ gaearon in #19659)
  • Disable console in the second render pass of DEV mode double render. (@ sebmarkbage in #18547)
  • Deprecate the undocumented and misleading ReactTestUtils.SimulateNative API. (@ gaearon in #13407)
  • Rename private field names used in the internals. (@ gaearon in #18377)
  • Don't call User Timing API in development. (@ gaearon in #18417)
  • Disable console during the repeated render in Strict Mode. (@ sebmarkbage in #18547)
  • In Strict Mode, double-render components without Hooks too. (@ eps1lon in #18430)
  • Allow calling ReactDOM.flushSync during lifecycle methods (but warn). (@ sebmarkbage in #18759)
  • Add the code property to the keyboard event objects. (@ bl00mber in #18287)
  • Add the disableRemotePlayback property for video elements. (@ tombrowndev in #18619)
  • Add the enterKeyHint property for input elements. (@ eps1lon in #18634)
  • Warn when no value is provided to <Context.Provider>. (@ charlie1404 in #19054)
  • Warn when memo or forwardRef components return undefined. (@ bvaughn in #19550)
  • Improve the error message for invalid updates. (@ JoviDeCroock in #18316)
  • Exclude forwardRef and memo from stack frames. (@ sebmarkbage in #18559)
  • Improve the error message when switching between controlled and uncontrolled inputs. (@ vcarl in #17070)
  • Keep onTouchStart, onTouchMove, and onWheel passive. (@ gaearon in #19654)
  • Fix setState hanging in development inside a closed iframe. (@ gaearon in #19220)
  • Fix rendering bailout for lazy components with defaultProps. (@ jddxf in #18539)
  • Fix a false positive warning when dangerouslySetInnerHTML is undefined. (@ eps1lon in #18676)
  • Fix Test Utils with non-standard require implementation. (@ just-boris in #18632)
  • Fix onBeforeInput reporting an incorrect event.type. (@ eps1lon in #19561)
  • Fix event.relatedTarget reported as undefined in Firefox. (@ claytercek in #19607)
  • Fix "unspecified error" in IE11. (@ hemakshis in #19664)
  • Fix rendering into a shadow root. (@ Jack-Works in #15894)
  • Fix movementX/Y polyfill with capture events. (@ gaearon in #19672)
  • Use delegation for onSubmit and onReset events. (@ gaearon in #19333)
  • Improve memory usage. (@ trueadm in #18970)

  React DOM Server

  • Make useCallback behavior consistent with useMemo for the server renderer. (@ alexmckenley in #18783)
  • Fix state leaking when a function component throws. (@ pmaccart in #19212)

  React Test Renderer

  • Improve findByType error message. (@ henryqdineen in #17439)

  Concurrent Mode (Experimental)

  • Revamp the priority batching heuristics. (@ acdlite in #18796)
  • Add the unstable_ prefix before the experimental APIs. (@ acdlite in #18825)
  • Remove unstable_discreteUpdates and unstable_flushDiscreteUpdates. (@ trueadm in #18825)
  • Remove the timeoutMs argument. (@ acdlite in #19703)
  • Disable <div hidden /> prerendering in favor of a different future API. (@ acdlite in #18917)
  • Add unstable_expectedLoadTime to Suspense for CPU-bound trees. (@ acdlite in #19936)
  • Add an experimental unstable_useOpaqueIdentifier Hook. (@ lunaruan in #17322)
  • Add an experimental unstable_startTransition API. (@ rickhanlonii in #19696)
  • Using act in the test renderer no longer flushes Suspense fallbacks. (@ acdlite in #18596)
  • Use global render timeout for CPU Suspense. (@ sebmarkbage in #19643)
  • Clear the existing root content before mounting. (@ bvaughn in #18730)
  • Fix a bug with error boundaries. (@ acdlite in #18265)
  • Fix a bug causing dropped updates in a suspended tree. (@ acdlite in #18384 and #18457)
  • Fix a bug causing dropped render phase updates. (@ acdlite in #18537)
  • Fix a bug in SuspenseList. (@ sebmarkbage in #18412)
  • Fix a bug causing Suspense fallback to show too early. (@ acdlite in #18411)
  • Fix a bug with class components inside SuspenseList. (@ sebmarkbage in #18448)
  • Fix a bug with inputs that may cause updates to be dropped. (@ jddxf in #18515 and @ acdlite in #18535)
  • Fix a bug causing Suspense fallback to get stuck. (@ acdlite in #18663)
  • Don't cut off the tail of a SuspenseList if hydrating. (@ sebmarkbage in #18854)
  • Fix a bug in useMutableSource that may happen when getSnapshot changes. (@ bvaughn in #18297)
  • Fix a tearing bug in useMutableSource. (@ bvaughn in #18912)
  • Warn if calling setState outside of render but before commit. (@ sebmarkbage in #18838)

  Artifacts

  • react: https://unpkg.com/react@17.0.1/umd/
  • react-art: https://unpkg.com/react-art@17.0.1/umd/
  • react-dom: https://unpkg.com/react-dom@17.0.1/umd/
  • react-is: https://unpkg.com/react-is@17.0.1/umd/
  • react-test-renderer: https://unpkg.com/react-test-renderer@17.0.1/umd/
  • scheduler: https://unpkg.com/scheduler@0.20.1/umd/

from react-dom GitHub release notes

Package name: @chakra-ui/icons

• 1.1.7 - 2022-02-20
• 1.1.6 - 2022-02-17
• 1.1.5 - 2022-02-05
• 1.1.4 - 2022-02-04
• 1.1.3 - 2022-01-25
• 1.1.2 - 2021-12-09
• 1.1.1 - 2021-11-12

from @chakra-ui/icons GitHub release notes

Package name: @chakra-ui/react

• 1.8.9 - 2022-09-16
• 1.8.8 - 2022-04-07
• 1.8.7 - 2022-03-27
• 1.8.6 - 2022-02-28
• 1.8.5 - 2022-02-20
• 1.8.4 - 2022-02-14
• 1.8.3 - 2022-02-05
• 1.8.2 - 2022-01-31
• 1.8.1 - 2022-01-26
• 1.8.0 - 2022-01-25
• 1.7.5 - 2022-01-09
• 1.7.4 - 2022-01-04
• 1.7.3 - 2021-12-09
• 1.7.2 - 2021-11-17

from @chakra-ui/react GitHub release notes

Package name: @emotion/react

• 11.13.3 - 2024-08-21
  

  Patch Changes

  • #3232 0ce3ed0 Thanks @ ENvironmentSet! - Distribute css prop attachment over props that are union types

  • Updated dependencies []:

    • @ emotion/serialize@1.3.1
• 11.13.0 - 2024-07-20
  

  Minor Changes

  • #3198 d8ff8a5 Thanks @ Andarist! - Migrated away from relying on process.env.NODE_ENV checks to differentiate between production and development builds.

    Development builds (and other environment-specific builds) can be used by using proper conditions (see here). Most modern bundlers/frameworks already preconfigure those for the user so no action has to be taken.

    Default files should continue to work in all environments.

  • #3215 a9f6912 Thanks @ Andarist! - Added edge-light and workerd conditions to package.json manifest to better serve users using Vercel Edge and Cloudflare Workers.

  Patch Changes

  • Updated dependencies [d8ff8a5, a9f6912]:
    • @ emotion/serialize@1.3.0
    • @ emotion/use-insertion-effect-with-fallbacks@1.1.0
    • @ emotion/utils@1.4.0
• 11.12.0 - 2024-07-19
• 11.11.4 - 2024-02-27
• 11.11.3 - 2023-12-23
• 11.11.1 - 2023-06-07
• 11.11.0 - 2023-05-06
• 11.10.8 - 2023-04-28
• 11.10.6 - 2023-02-16
• 11.10.5 - 2022-10-27
• 11.10.4 - 2022-08-30
• 11.10.0 - 2022-07-31
• 11.9.3 - 2022-06-12
• 11.9.0 - 2022-04-06
• 11.8.2 - 2022-03-10
• 11.8.1 - 2022-02-19
• 11.8.0 - 2022-02-19
• 11.7.1 - 2021-12-12
• 11.7.0 - 2021-11-26

from @emotion/react GitHub release notes

Package name: formik

• 2.4.6 - 2024-04-24
  

  Patch Changes

  • f57ca9b #3949 Thanks @ DeveloperRaj! - Changing the state inside formik was changing reference of initialValues provided via props, deep cloning the initialvalues will fix it.
• 2.4.5 - 2023-09-17
  

  Patch Changes

  • d7db9cd #3860 Thanks @ patik! - Add missing dependency @ types/hoist-non-react-statics, closes #3837

  • fe4ed7e #3501 Thanks @ markspolakovs! - Mark formik as side-effect free in package.json

• 2.4.4 - 2023-09-06
  

  Patch Changes

  • 41720c2 #3862 Thanks @ yazaldefilimonepinto! - Forward className for custom components used with Field

  • ...