Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Snyk] Upgrade formik from 2.2.9 to 2.4.2 (#696)
<p>This PR was automatically created by Snyk using the credentials of a real user.</p><br /><h3>Snyk has created this PR to upgrade formik from 2.2.9 to 2.4.2.</h3> :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/> - The recommended version is **7 versions** ahead of your current version. - The recommended version was released **a month ago**, on 2023-06-14. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> | Regular Expression Denial of Service (ReDoS)<br/> [SNYK-JS-SEMVER-3247795](https://snyk.io/vuln/SNYK-JS-SEMVER-3247795) | **482/1000** <br/> **Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> | Prototype Pollution<br/> [SNYK-JS-LOADERUTILS-3043105](https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3043105) | **482/1000** <br/> **Why?** Proof of Concept exploit, CVSS 7.5 | No Known Exploit <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> | Regular Expression Denial of Service (ReDoS)<br/> [SNYK-JS-SEMVER-3247795](https://snyk.io/vuln/SNYK-JS-SEMVER-3247795) | **482/1000** <br/> **Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> | Regular Expression Denial of Service (ReDoS)<br/> [SNYK-JS-SEMVER-3247795](https://snyk.io/vuln/SNYK-JS-SEMVER-3247795) | **482/1000** <br/> **Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> | Sandbox Bypass<br/> [SNYK-JS-WEBPACK-3358798](https://snyk.io/vuln/SNYK-JS-WEBPACK-3358798) | **482/1000** <br/> **Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> | Prototype Pollution<br/> [SNYK-JS-JSON5-3182856](https://snyk.io/vuln/SNYK-JS-JSON5-3182856) | **482/1000** <br/> **Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> | Prototype Pollution<br/> [SNYK-JS-JSON5-3182856](https://snyk.io/vuln/SNYK-JS-JSON5-3182856) | **482/1000** <br/> **Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> | Regular Expression Denial of Service (ReDoS)<br/> [SNYK-JS-LOADERUTILS-3042992](https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3042992) | **482/1000** <br/> **Why?** Proof of Concept exploit, CVSS 7.5 | No Known Exploit <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> | Regular Expression Denial of Service (ReDoS)<br/> [SNYK-JS-LOADERUTILS-3105943](https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3105943) | **482/1000** <br/> **Why?** Proof of Concept exploit, CVSS 7.5 | No Known Exploit <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> | Regular Expression Denial of Service (ReDoS)<br/> [SNYK-JS-LOADERUTILS-3042992](https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3042992) | **482/1000** <br/> **Why?** Proof of Concept exploit, CVSS 7.5 | No Known Exploit <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> | Regular Expression Denial of Service (ReDoS)<br/> [SNYK-JS-LOADERUTILS-3105943](https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3105943) | **482/1000** <br/> **Why?** Proof of Concept exploit, CVSS 7.5 | No Known Exploit <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> | Regular Expression Denial of Service (ReDoS)<br/> [SNYK-JS-MINIMATCH-3050818](https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818) | **482/1000** <br/> **Why?** Proof of Concept exploit, CVSS 7.5 | No Known Exploit <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> | Prototype Pollution<br/> [SNYK-JS-TOUGHCOOKIE-5672873](https://snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873) | **482/1000** <br/> **Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> | Regular Expression Denial of Service (ReDoS)<br/> [SNYK-JS-UAPARSERJS-3244450](https://snyk.io/vuln/SNYK-JS-UAPARSERJS-3244450) | **482/1000** <br/> **Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/l.png" width="20" height="20" title="low severity"/> | Regular Expression Denial of Service (ReDoS)<br/> [SNYK-JS-WORDWRAP-3149973](https://snyk.io/vuln/SNYK-JS-WORDWRAP-3149973) | **482/1000** <br/> **Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept (*) Note that the real score may have changed since the PR was raised. <details> <summary><b>Release notes</b></summary> <br/> <details> <summary>Package name: <b>formik</b></summary> <ul> <li> <b>2.4.2</b> - <a href="https://snyk.io/redirect/github/jaredpalmer/formik/releases/tag/formik%402.4.2">2023-06-14</a></br><h3>Patch Changes</h3> <ul> <li><a href="https://snyk.io/redirect/github/jaredpalmer/formik/commit/96280d388eaa0f2e9fb84e7fd2aa45450de3a949"><code>96280d3</code></a> <a href="https://snyk.io/redirect/github/jaredpalmer/formik/pull/3817" data-hovercard-type="pull_request" data-hovercard-url="/jaredpalmer/formik/pull/3817/hovercard">#3817</a> Thanks <a href="https://snyk.io/redirect/github/probablyup">@ probablyup</a>! - Updated internal types to support React 18.</li> </ul> </li> <li> <b>2.4.1</b> - <a href="https://snyk.io/redirect/github/jaredpalmer/formik/releases/tag/formik%402.4.1">2023-05-31</a></br><h3>Patch Changes</h3> <ul> <li> <p><a href="https://snyk.io/redirect/github/jaredpalmer/formik/commit/2b194c287dc281ec2a8ff691d75c6b798ab5f70c"><code>2b194c2</code></a> <a href="https://snyk.io/redirect/github/jaredpalmer/formik/pull/3808" data-hovercard-type="pull_request" data-hovercard-url="/jaredpalmer/formik/pull/3808/hovercard">#3808</a> Thanks <a href="https://snyk.io/redirect/github/NagaiKoki">@ NagaiKoki</a>! - fix type of setFieldValue function</p> </li> <li> <p><a href="https://snyk.io/redirect/github/jaredpalmer/formik/commit/708bcb24785f1f8fbb5dfd649de3df4fddf7a113"><code>708bcb2</code></a> <a href="https://snyk.io/redirect/github/jaredpalmer/formik/pull/3813" data-hovercard-type="pull_request" data-hovercard-url="/jaredpalmer/formik/pull/3813/hovercard">#3813</a> Thanks <a href="https://snyk.io/redirect/github/probablyup">@ probablyup</a>! - Revert <code>FieldArray</code> "shouldComponentUpdate" performance optimization. As it turns out, it's a common use case to have JSX controlled via non-Formik state/props inside of <code>FieldArray</code>, so it's not safe to cancel re-renders here.</p> </li> <li> <p><a href="https://snyk.io/redirect/github/jaredpalmer/formik/commit/187e47de0c4289cb279e25d69f8172cfa14369d2"><code>187e47d</code></a> <a href="https://snyk.io/redirect/github/jaredpalmer/formik/pull/3815" data-hovercard-type="pull_request" data-hovercard-url="/jaredpalmer/formik/pull/3815/hovercard">#3815</a> Thanks <a href="https://snyk.io/redirect/github/probablyup">@ probablyup</a>! - Revert Yup transform support for the time being, this may be re-introduced in a future release under an opt-in prop.</p> </li> </ul> </li> <li> <b>2.4.0</b> - <a href="https://snyk.io/redirect/github/jaredpalmer/formik/releases/tag/formik%402.4.0">2023-05-27</a></br><h3>Minor Changes</h3> <ul> <li><a href="https://snyk.io/redirect/github/jaredpalmer/formik/commit/2f53b70ef9c086a268330fa263390a2edd0164dd"><code>2f53b70</code></a> <a href="https://snyk.io/redirect/github/jaredpalmer/formik/pull/3796" data-hovercard-type="pull_request" data-hovercard-url="/jaredpalmer/formik/pull/3796/hovercard">#3796</a> Thanks <a href="https://snyk.io/redirect/github/probablyup">@ probablyup</a>! - Add support for Yup <a href="https://snyk.io/redirect/github/jquense/yup#parsing-transforms">"transforms"</a>.</li> </ul> </li> <li> <b>2.3.3</b> - <a href="https://snyk.io/redirect/github/jaredpalmer/formik/releases/tag/formik%402.3.3">2023-05-27</a></br><h3>Patch Changes</h3> <ul> <li><a href="https://snyk.io/redirect/github/jaredpalmer/formik/commit/f075a0cf8228c135ff71c58e139246ad24aae529"><code>f075a0c</code></a> <a href="https://snyk.io/redirect/github/jaredpalmer/formik/pull/3798" data-hovercard-type="pull_request" data-hovercard-url="/jaredpalmer/formik/pull/3798/hovercard">#3798</a> Thanks <a href="https://snyk.io/redirect/github/probablyup">@ probablyup</a>! - Fixed the use of generics for the <code>ArrayHelpers</code> type such that <code>any[]</code> is the default array type and for each individual method the array item type can be overridden if necessary.</li> </ul> </li> <li> <b>2.3.2</b> - 2023-05-26 </li> <li> <b>2.3.0</b> - 2023-05-26 </li> <li> <b>2.2.10</b> - 2023-05-26 </li> <li> <b>2.2.9</b> - 2021-06-02 </li> </ul> from <a href="https://snyk.io/redirect/github/formium/formik/releases">formik GitHub release notes</a> </details> </details> <hr/> **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI4MzM4Mzk4NC1kZjM0LTQ4NDktYmI3Zi1hZWFmNDdjMDRjODYiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjgzMzgzOTg0LWRmMzQtNDg0OS1iYjdmLWFlYWY0N2MwNGM4NiJ9fQ==" width="0" height="0"/> 🧐 [View latest project report](https://app.snyk.io/org/mtes-mct/project/afb3e19a-88e3-4a0e-9409-d0f9cfdc75b5?utm_source=github&utm_medium=referral&page=upgrade-pr) 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/mtes-mct/project/afb3e19a-88e3-4a0e-9409-d0f9cfdc75b5/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/mtes-mct/project/afb3e19a-88e3-4a0e-9409-d0f9cfdc75b5/settings/integration?pkg=formik&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades) <!--- (snyk:metadata:{"prId":"83383984-df34-4849-bb7f-aeaf47c04c86","prPublicId":"83383984-df34-4849-bb7f-aeaf47c04c86","dependencies":[{"name":"formik","from":"2.2.9","to":"2.4.2"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/mtes-mct/project/afb3e19a-88e3-4a0e-9409-d0f9cfdc75b5?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"afb3e19a-88e3-4a0e-9409-d0f9cfdc75b5","env":"prod","prType":"upgrade","vulns":["SNYK-JS-SEMVER-3247795","SNYK-JS-LOADERUTILS-3043105","SNYK-JS-SEMVER-3247795","SNYK-JS-SEMVER-3247795","SNYK-JS-WEBPACK-3358798","SNYK-JS-JSON5-3182856","SNYK-JS-JSON5-3182856","SNYK-JS-LOADERUTILS-3042992","SNYK-JS-LOADERUTILS-3105943","SNYK-JS-LOADERUTILS-3042992","SNYK-JS-LOADERUTILS-3105943","SNYK-JS-MINIMATCH-3050818","SNYK-JS-TOUGHCOOKIE-5672873","SNYK-JS-UAPARSERJS-3244450","SNYK-JS-WORDWRAP-3149973"],"issuesToFix":[{"issueId":"SNYK-JS-SEMVER-3247795","severity":"high","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"proof-of-concept","priorityScore":482,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}]},{"issueId":"SNYK-JS-LOADERUTILS-3043105","severity":"high","title":"Prototype Pollution","exploitMaturity":"no-known-exploit","priorityScore":375,"priorityScoreFactors":[{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}]},{"issueId":"SNYK-JS-SEMVER-3247795","severity":"high","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"proof-of-concept","priorityScore":482,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}]},{"issueId":"SNYK-JS-SEMVER-3247795","severity":"high","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"proof-of-concept","priorityScore":482,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}]},{"issueId":"SNYK-JS-WEBPACK-3358798","severity":"high","title":"Sandbox Bypass","exploitMaturity":"proof-of-concept","priorityScore":522,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"8.3","score":415},{"type":"scoreVersion","label":"v1","score":1}]},{"issueId":"SNYK-JS-JSON5-3182856","severity":"medium","title":"Prototype Pollution","exploitMaturity":"proof-of-concept","priorityScore":427,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"6.4","score":320},{"type":"scoreVersion","label":"v1","score":1}]},{"issueId":"SNYK-JS-JSON5-3182856","severity":"medium","title":"Prototype Pollution","exploitMaturity":"proof-of-concept","priorityScore":427,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"6.4","score":320},{"type":"scoreVersion","label":"v1","score":1}]},{"issueId":"SNYK-JS-LOADERUTILS-3042992","severity":"medium","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"no-known-exploit","priorityScore":265,"priorityScoreFactors":[{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}]},{"issueId":"SNYK-JS-LOADERUTILS-3105943","severity":"medium","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"no-known-exploit","priorityScore":265,"priorityScoreFactors":[{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}]},{"issueId":"SNYK-JS-LOADERUTILS-3042992","severity":"medium","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"no-known-exploit","priorityScore":265,"priorityScoreFactors":[{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}]},{"issueId":"SNYK-JS-LOADERUTILS-3105943","severity":"medium","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"no-known-exploit","priorityScore":265,"priorityScoreFactors":[{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}]},{"issueId":"SNYK-JS-MINIMATCH-3050818","severity":"medium","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"no-known-exploit","priorityScore":265,"priorityScoreFactors":[{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}]},{"issueId":"SNYK-JS-TOUGHCOOKIE-5672873","severity":"medium","title":"Prototype Pollution","exploitMaturity":"proof-of-concept","priorityScore":432,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}]},{"issueId":"SNYK-JS-UAPARSERJS-3244450","severity":"medium","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"proof-of-concept","priorityScore":372,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}]},{"issueId":"SNYK-JS-WORDWRAP-3149973","severity":"low","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"proof-of-concept","priorityScore":292,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}]}],"upgrade":["SNYK-JS-SEMVER-3247795","SNYK-JS-LOADERUTILS-3043105","SNYK-JS-SEMVER-3247795","SNYK-JS-SEMVER-3247795","SNYK-JS-WEBPACK-3358798","SNYK-JS-JSON5-3182856","SNYK-JS-JSON5-3182856","SNYK-JS-LOADERUTILS-3042992","SNYK-JS-LOADERUTILS-3105943","SNYK-JS-LOADERUTILS-3042992","SNYK-JS-LOADERUTILS-3105943","SNYK-JS-MINIMATCH-3050818","SNYK-JS-TOUGHCOOKIE-5672873","SNYK-JS-UAPARSERJS-3244450","SNYK-JS-WORDWRAP-3149973"],"upgradeInfo":{"versionsDiff":7,"publishedDate":"2023-06-14T17:12:21.822Z"},"templateVariants":["priorityScore"],"hasFixes":true,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[482,375,482,482,522,427,427,265,265,265,265,265,432,372,292]}) --->
- Loading branch information