[Snyk] Upgrade: lodash, react, react-dom, classnames, moment, antd, babel-plugin-import, cross-fetch, customize-cra, firebase, hls.js, less, node-sass, react-app-rewired, react-redux, react-router, react-router-dom, react-scripts, react-spinners, redux, redux-saga, socket.io-client

[gotrongluan]

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

lodash
from 4.17.15 to 4.17.21 | 6 versions ahead of your current version | 4 years ago
on 2021-02-20
react
from 16.10.2 to 16.14.0 | 5 versions ahead of your current version | 4 years ago
on 2020-10-14
react-dom
from 16.10.2 to 16.14.0 | 5 versions ahead of your current version | 4 years ago
on 2020-10-14
classnames
from 2.2.6 to 2.5.1 | 7 versions ahead of your current version | 9 months ago
on 2023-12-29
moment
from 2.24.0 to 2.30.1 | 14 versions ahead of your current version | 9 months ago
on 2023-12-27
antd
from 3.23.6 to 3.26.20 | 29 versions ahead of your current version | 4 years ago
on 2020-10-27
babel-plugin-import
from 1.12.2 to 1.13.8 | 10 versions ahead of your current version | a year ago
on 2023-07-26
cross-fetch
from 3.0.4 to 3.1.8 | 16 versions ahead of your current version | a year ago
on 2023-07-02
customize-cra
from 0.8.0 to 0.9.1 | 2 versions ahead of your current version | 5 years ago
on 2019-11-16
firebase
from 7.2.2 to 7.24.0 | 681 versions ahead of your current version | 4 years ago
on 2020-10-15
hls.js
from 0.12.4 to 0.14.17 | 329 versions ahead of your current version | 4 years ago
on 2020-12-09
less
from 3.10.3 to 3.13.1 | 17 versions ahead of your current version | 4 years ago
on 2020-12-18
node-sass
from 4.12.0 to 4.14.1 | 4 versions ahead of your current version | 4 years ago
on 2020-05-04
react-app-rewired
from 2.1.3 to 2.2.1 | 11 versions ahead of your current version | 3 years ago
on 2022-02-15
react-redux
from 7.1.1 to 7.2.9 | 13 versions ahead of your current version | 2 years ago
on 2022-09-23
react-router
from 5.1.2 to 5.3.4 | 6 versions ahead of your current version | 2 years ago
on 2022-10-02
react-router-dom
from 5.1.2 to 5.3.4 | 7 versions ahead of your current version | 2 years ago
on 2022-10-02
react-scripts
from 3.2.0 to 3.4.4 | 11 versions ahead of your current version | 4 years ago
on 2020-10-20
react-spinners
from 0.6.1 to 0.14.1 | 63 versions ahead of your current version | 3 months ago
on 2024-06-26
redux
from 4.0.4 to 4.2.1 | 8 versions ahead of your current version | 2 years ago
on 2023-01-28
redux-saga
from 1.1.1 to 1.3.0 | 7 versions ahead of your current version | 8 months ago
on 2024-01-02
socket.io-client
from 2.3.0 to 2.5.0 | 3 versions ahead of your current version | 2 years ago
on 2022-06-26

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	340	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	340	Proof of Concept
	Prototype Pollution SNYK-JS-AJV-584908	340	No Known Exploit
	Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	340	Proof of Concept
	Prototype Pollution SNYK-JS-GRPC-598671	340	Proof of Concept
	Asymmetric Resource Consumption (Amplification) SNYK-JS-BODYPARSER-7926860	340	No Known Exploit
	Improper Verification of Cryptographic Signature SNYK-JS-BROWSERIFYSIGN-6037026	340	No Known Exploit
	Remote Memory Exposure SNYK-JS-DNSPACKET-1293563	340	No Known Exploit
	Directory Traversal SNYK-JS-MOMENT-2440688	340	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	340	Proof of Concept
	Code Injection SNYK-JS-LODASH-1040724	340	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-567746	340	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-608086	340	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-6139239	340	Proof of Concept
	Prototype Pollution SNYK-JS-MERGEDEEP-1070277	340	No Known Exploit
	Prototype Pollution SNYK-JS-ASYNC-2441827	340	Proof of Concept
	Prototype Pollution SNYK-JS-NODEFORGE-598677	340	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-536840	340	No Known Exploit
	Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062	340	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-6056521	340	No Known Exploit
	Cryptographic Issues SNYK-JS-ELLIPTIC-571484	340	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ES5EXT-6095076	340	Proof of Concept
	Improper Input Validation SNYK-JS-URLPARSE-2407770	340	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WEBSOCKETEXTENSIONS-570623	340	Proof of Concept
	Arbitrary Code Injection SNYK-JS-XMLHTTPREQUESTSSL-1082936	340	Proof of Concept
	Access Restriction Bypass SNYK-JS-XMLHTTPREQUESTSSL-1255647	340	Proof of Concept
	Prototype Pollution SNYK-JS-OBJECTPATH-1017036	340	Proof of Concept
	Prototype Pollution SNYK-JS-OBJECTPATH-1585658	340	No Known Exploit
	Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	340	No Known Exploit
	Timing Attack SNYK-JS-ELLIPTIC-511941	340	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	340	Proof of Concept
	Denial of Service (DoS) SNYK-JS-SOCKJS-575261	340	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	340	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	340	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	340	No Known Exploit
	Improper Input Validation SNYK-JS-URLPARSE-1078283	340	No Known Exploit
	Open Redirect SNYK-JS-URLPARSE-1533425	340	Proof of Concept
	Cross-site Scripting SNYK-JS-EXPRESS-7926867	340	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	340	Proof of Concept
	Authorization Bypass SNYK-JS-URLPARSE-2407759	340	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTMLMINIFIER-3091181	340	Proof of Concept
	Authorization Bypass Through User-Controlled Key SNYK-JS-URLPARSE-2412697	340	Proof of Concept
	Prototype Pollution SNYK-JS-YARGSPARSER-560381	340	Proof of Concept
	Prototype Pollution SNYK-JS-YARGSPARSER-560381	340	Proof of Concept
	Prototype Pollution SNYK-JS-OBJECTPATH-1569453	340	Proof of Concept
	Cross-site Scripting SNYK-JS-SERVESTATIC-7926865	340	No Known Exploit
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	340	No Known Exploit
	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	340	Proof of Concept
	Use After Free SNYK-JS-NODESASS-535497	340	No Known Exploit
	Open Redirect SNYK-JS-EXPRESS-6474509	340	No Known Exploit
	Access Restriction Bypass SNYK-JS-URLPARSE-2401205	340	Proof of Concept
	Prototype Pollution SNYK-JS-YARGSPARSER-560381	340	Proof of Concept
	Cross-site Scripting SNYK-JS-SEND-7926862	340	No Known Exploit
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577916	340	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577917	340	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577918	340	Proof of Concept
	Information Exposure SNYK-JS-EVENTSOURCE-2823375	340	Proof of Concept
	Denial of Service (DoS) SNYK-JS-HTTPPROXY-569139	340	Proof of Concept
	Denial of Service (DoS) SNYK-JS-NODESASS-542662	340	No Known Exploit

Release notes

Package name: lodash

• 4.17.21 - 2021-02-20
  

  Bump to v4.17.21

• 4.17.20 - 2020-08-13
  

  Bump to v4.17.20.

• 4.17.19 - 2020-07-08
  

  Bump to v4.17.19

• 4.17.18 - 2020-07-08
• 4.17.17 - 2020-07-08
• 4.17.16 - 2020-07-08
  

  Rebuild lodash and docs

• 4.17.15 - 2019-07-19
  

  4.17.15

from lodash GitHub release notes

Package name: react

• 16.14.0 - 2020-10-14
  

  React

  • Add support for the new JSX transform. (@ lunaruan in #18299)
• 16.13.1 - 2020-03-19
  

  React DOM

  • Fix bug in legacy mode Suspense where effect clean-up functions are not fired. This only affects users who use Suspense for data fetching in legacy mode, which is not technically supported. (@ acdlite in #18238)
  • Revert warning for cross-component updates that happen inside class render lifecycles (componentWillReceiveProps, shouldComponentUpdate, and so on). (@ gaearon in #18330)

  Artifacts

  • react: https://unpkg.com/react@16.13.1/umd/
  • react-art: https://unpkg.com/react-art@16.13.1/umd/
  • react-dom: https://unpkg.com/react-dom@16.13.1/umd/
  • react-is: https://unpkg.com/react-is@16.13.1/umd/
  • react-test-renderer: https://unpkg.com/react-test-renderer@16.13.1/umd/
  • scheduler: https://unpkg.com/scheduler@0.19.1/umd/
• 16.13.0 - 2020-02-26
  

  React

  • Warn when a string ref is used in a manner that's not amenable to a future codemod (@ lunaruan in #17864)
  • Deprecate React.createFactory() (@ trueadm in #17878)

  React DOM

  • Warn when changes in style may cause an unexpected collision (@ sophiebits in #14181, #18002)
  • Warn when a function component is updated during another component's render phase (@ acdlite in #17099)
  • Deprecate unstable_createPortal (@ trueadm in #17880)
  • Fix onMouseEnter being fired on disabled buttons (@ AlfredoGJ in #17675)
  • Call shouldComponentUpdate twice when developing in StrictMode (@ bvaughn in #17942)
  • Add version property to ReactDOM (@ ealush in #15780)
  • Don't call toString() of dangerouslySetInnerHTML (@ sebmarkbage in #17773)
  • Show component stacks in more warnings (@ gaearon in #17922, #17586)

  Concurrent Mode (Experimental)

  • Warn for problematic usages of ReactDOM.createRoot() (@ trueadm in #17937)
  • Remove ReactDOM.createRoot() callback params and added warnings on usage (@ bvaughn in #17916)
  • Don't group Idle/Offscreen work with other work (@ sebmarkbage in #17456)
  • Adjust SuspenseList CPU bound heuristic (@ sebmarkbage in #17455)
  • Add missing event plugin priorities (@ trueadm in #17914)
  • Fix isPending only being true when transitioning from inside an input event (@ acdlite in #17382)
  • Fix React.memo components dropping updates when interrupted by a higher priority update (@ acdlite in #18091)
  • Don't warn when suspending at the wrong priority (@ gaearon in #17971)
  • Fix a bug with rebasing updates (@ acdlite and @ sebmarkbage in #17560, #17510, #17483, #17480)

  Artifacts

  • react: https://unpkg.com/react@16.13.0/umd/
  • react-art: https://unpkg.com/react-art@16.13.0/umd/
  • react-dom: https://unpkg.com/react-dom@16.13.0/umd/
  • react-is: https://unpkg.com/react-is@16.13.0/umd/
  • react-test-renderer: https://unpkg.com/react-test-renderer@16.13.0/umd/
  • scheduler: https://unpkg.com/scheduler@0.19.0/umd/
• 16.12.0 - 2019-11-14
  

  React DOM

  • Fix passive effects (useEffect) not being fired in a multi-root app. (@ acdlite in #17347)

  React Is

  • Fix lazy and memo types considered elements instead of components (@ bvaughn in #17278)

  Artifacts

  • react: https://unpkg.com/react@16.12.0/umd/
  • react-art: https://unpkg.com/react-art@16.12.0/umd/
  • react-dom: https://unpkg.com/react-dom@16.12.0/umd/
  • react-is: https://unpkg.com/react-is@16.12.0/umd/
  • react-test-renderer: https://unpkg.com/react-test-renderer@16.12.0/umd/
  • scheduler: https://unpkg.com/scheduler@0.18.0/umd/

• 16.11.0 - 2019-10-22
• 16.10.2 - 2019-10-03

from react GitHub release notes

Package name: react-dom

• 16.14.0 - 2020-10-14
  

  React

  • Add support for the new JSX transform. (@ lunaruan in #18299)
• 16.13.1 - 2020-03-19
  

  React DOM

  • Fix bug in legacy mode Suspense where effect clean-up functions are not fired. This only affects users who use Suspense for data fetching in legacy mode, which is not technically supported. (@ acdlite in #18238)
  • Revert warning for cross-component updates that happen inside class render lifecycles (componentWillReceiveProps, shouldComponentUpdate, and so on). (@ gaearon in #18330)

  Artifacts

  • react: https://unpkg.com/react@16.13.1/umd/
  • react-art: https://unpkg.com/react-art@16.13.1/umd/
  • react-dom: https://unpkg.com/react-dom@16.13.1/umd/
  • react-is: https://unpkg.com/react-is@16.13.1/umd/
  • react-test-renderer: https://unpkg.com/react-test-renderer@16.13.1/umd/
  • scheduler: https://unpkg.com/scheduler@0.19.1/umd/
• 16.13.0 - 2020-02-26
  

  React

  • Warn when a string ref is used in a manner that's not amenable to a future codemod (@ lunaruan in #17864)
  • Deprecate React.createFactory() (@ trueadm in #17878)

  React DOM

  • Warn when changes in style may cause an unexpected collision (@ sophiebits in #14181, #18002)
  • Warn when a function component is updated during another component's render phase (@ acdlite in #17099)
  • Deprecate unstable_createPortal (@ trueadm in #17880)
  • Fix onMouseEnter being fired on disabled buttons (@ AlfredoGJ in #17675)
  • Call shouldComponentUpdate twice when developing in StrictMode (@ bvaughn in #17942)
  • Add version property to ReactDOM (@ ealush in #15780)
  • Don't call toString() of dangerouslySetInnerHTML (@ sebmarkbage in #17773)
  • Show component stacks in more warnings (@ gaearon in #17922, #17586)

  Concurrent Mode (Experimental)

  • Warn for problematic usages of ReactDOM.createRoot() (@ trueadm in #17937)
  • Remove ReactDOM.createRoot() callback params and added warnings on usage (@ bvaughn in #17916)
  • Don't group Idle/Offscreen work with other work (@ sebmarkbage in #17456)
  • Adjust SuspenseList CPU bound heuristic (@ sebmarkbage in #17455)
  • Add missing event plugin priorities (@ trueadm in #17914)
  • Fix isPending only being true when transitioning from inside an input event (@ acdlite in #17382)
  • Fix React.memo components dropping updates when interrupted by a higher priority update (@ acdlite in #18091)
  • Don't warn when suspending at the wrong priority (@ gaearon in #17971)
  • Fix a bug with rebasing updates (@ acdlite and @ sebmarkbage in #17560, #17510, #17483, #17480)

  Artifacts

  • react: https://unpkg.com/react@16.13.0/umd/
  • react-art: https://unpkg.com/react-art@16.13.0/umd/
  • react-dom: https://unpkg.com/react-dom@16.13.0/umd/
  • react-is: https://unpkg.com/react-is@16.13.0/umd/
  • react-test-renderer: https://unpkg.com/react-test-renderer@16.13.0/umd/
  • scheduler: https://unpkg.com/scheduler@0.19.0/umd/
• 16.12.0 - 2019-11-14
  

  React DOM

  • Fix passive effects (useEffect) not being fired in a multi-root app. (@ acdlite in #17347)

  React Is

  • Fix lazy and memo types considered elements instead of components (@ bvaughn in #17278)

  Artifacts

  • react: https://unpkg.com/react@16.12.0/umd/
  • react-art: https://unpkg.com/react-art@16.12.0/umd/
  • react-dom: https://unpkg.com/react-dom@16.12.0/umd/
  • react-is: https://unpkg.com/react-is@16.12.0/umd/
  • react-test-renderer: https://unpkg.com/react-test-renderer@16.12.0/umd/
  • scheduler: https://unpkg.com/scheduler@0.18.0/umd/

• 16.11.0 - 2019-10-22
• 16.10.2 - 2019-10-03

from react-dom GitHub release notes

Package name: classnames

• 2.5.1 - 2023-12-29
  

  Prepare for release of version 2.5.1 (#351)

• 2.5.0 - 2023-12-28
  

  Prepare for release of version 2.5.0 (#344)

• 2.4.0 - 2023-12-26
  

  Prepare for release of version 2.4.0 (#338)

• 2.3.3 - 2023-12-25
  

  Prepare for release of version 2.3.3 (#308)

• 2.3.2 - 2022-09-13
  

  add missing registry for npm publish (#283)

• 2.3.1 - 2021-04-02
  

  2.3.1

• 2.3.0 - 2021-04-01
  

  v2.3.0

• 2.2.6 - 2018-06-08
  

  v2.2.6

from classnames GitHub release notes

Package name: moment

• 2.30.1 - 2023-12-27
  

  2.30.1

• 2.30.0 - 2023-12-26
  

  2.30.0

• 2.29.4 - 2022-07-06
  

  2.29.4

• 2.29.3 - 2022-04-17
  

  2.29.3

• 2.29.2 - 2022-04-03
  

  2.29.2

• 2.29.1 - 2020-10-06
  

  2.29.1

• 2.29.0 - 2020-09-22
  

  2.29.0

• 2.28.0 - 2020-09-13
  

  2.28.0

• 2.27.0 - 2020-06-18
  

  2.27.0

• 2.26.0 - 2020-05-20
  

  2.26.0

• 2.25.3 - 2020-05-04
• 2.25.2 - 2020-05-04
• 2.25.1 - 2020-05-01
• 2.25.0 - 2020-05-01
• 2.24.0 - 2019-01-21

from moment GitHub release notes

Package name: antd

• 3.26.20 - 2020-10-27
• 3.26.19 - 2020-10-25
• 3.26.18 - 2020-06-14
• 3.26.17 - 2020-05-16
• 3.26.16 - 2020-04-26
• 3.26.15 - 2020-04-03
• 3.26.14 - 2020-03-23
• 3.26.13 - 2020-03-07
• 3.26.12 - 2020-02-24
• 3.26.11 - 2020-02-17
• 3.26.10 - 2020-02-17
• 3.26.9 - 2020-02-08
• 3.26.8 - 2020-02-03
• 3.26.7 - 2020-01-14
• 3.26.6 - 2020-01-03
• 3.26.5 - 2019-12-29
• 3.26.4 - 2019-12-23
• 3.26.3 - 2019-12-14
• 3.26.2 - 2019-12-10
• 3.26.1 - 2019-12-09
• 3.26.0 - 2019-12-01
• 3.25.3 - 2019-11-25
• 3.25.2 - 2019-11-17
• 3.25.1 - 2019-11-10
• 3.25.0 - 2019-11-04
• 3.24.3 - 2019-10-27
• 3.24.2 - 2019-10-19
• 3.24.1 - 2019-10-17
• 3.24.0 - 2019-10-16
• 3.23.6 - 2019-10-05

from antd GitHub release notes

Package name: babel-plugin-import

• 1.13.8 - 2023-07-26
  
  • fix: camel case match (#635) 0ed4a17
  • Revert "fix: camel case match (#632)" (#634) 33b05c9

  v1.13.7...v1.13.8

• 1.13.7 - 2023-07-26
  

  1.13.7

• 1.13.6 - 2023-01-05
  
  • test: update expected files since babel upgraded bedae9f
  • feat: 新增SequenceExpression支持 (#625) 54a94bc

  v1.13.5...v1.13.6

• 1.13.5 - 2022-04-14
  
  • chore: fix build 162a66f

  v1.13.4...v1.13.5

• 1.13.4 - 2022-04-11
  
  • chore: update build script 05c959b
  • feat(customStyleName): 完善customStyleName传参 (#603) 469c018
  • fix: newExpression arguments not be traverse issue (#597) d21264e

  v1.13.3...v1.13.4

• 1.13.3 - 2020-11-24
  
  • fix: publish with father-next (#555) a88ee15

  v1.13.2...v1.13.3

• 1.13.3-beta.1 - 2020-11-24
  
  • fix: publish f5f0a29

  v1.13.2...v1.13.3-beta.1

• 1.13.2 - 2020-11-24
  
  • fix variable assignment supports comma expression, also fix istanbul conflicts (#549) 3ac277e

  v1.13.1...v1.13.2

• 1.13.1 - 2020-10-10
  
  • feat: add switch and switchCase treatment (#520) 917e8dc
  • chore(deps-dev): bump eslint from 7.9.0 to 7.10.0 (#522) 4a89311
  • chore(deps-dev): bump eslint-plugin-import from 2.20.2 to 2.22.1 (#523) d3c3bde
  • chore(deps-dev): bump prettier from 2.1.1 to 2.1.2 (#517) 61a46a8
  • chore(deps-dev): bump lint-staged from 10.3.0 to 10.4.0 (#518) 774b64a
  • chore(deps-dev): bump eslint from 7.1.0 to 7.9.0 (#516) 73ed061
  • chore(deps-dev): bump husky from 4.2.5 to 4.3.0 (#515) cca51bd
  • chore(deps-dev): bump @ babel/core from 7.8.4 to 7.11.6 (