Skip to content

Conversation

@q1blue
Copy link
Collaborator

@q1blue q1blue commented Jan 25, 2025

snyk-top-banner

Snyk has created this PR to upgrade react from 17.0.2 to 19.0.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

  • The recommended version is 824 versions ahead of your current version.

  • The recommended version was released 2 months ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795
159 Proof of Concept
Release notes
Package name: react
  • 19.0.0 - 2024-12-05

    Below is a list of all new features, APIs, deprecations, and breaking changes. Read React 19 release post and React 19 upgrade guide for more information.

    Note: To help make the upgrade to React 19 easier, we’ve published a [email protected] release that is identical to 18.2 but adds warnings for deprecated APIs and other changes that are needed for React 19. We recommend upgrading to React 18.3.1 first to help identify any issues before upgrading to React 19.

    New Features

    React

    • Actions: startTransition can now accept async functions. Functions passed to startTransition are called “Actions”. A given Transition can include one or more Actions which update state in the background and update the UI with one commit. In addition to updating state, Actions can now perform side effects including async requests, and the Action will wait for the work to finish before finishing the Transition. This feature allows Transitions to include side effects like fetch() in the pending state, and provides support for error handling, and optimistic updates.
    • useActionState: is a new hook to order Actions inside of a Transition with access to the state of the action, and the pending state. It accepts a reducer that can call Actions, and the initial state used for first render. It also accepts an optional string that is used if the action is passed to a form action prop to support progressive enhancement in forms.
    • useOptimistic: is a new hook to update state while a Transition is in progress. It returns the state, and a set function that can be called inside a transition to “optimistically” update the state to expected final value immediately while the Transition completes in the background. When the transition finishes, the state is updated to the new value.
    • use: is a new API that allows reading resources in render. In React 19, use accepts a promise or Context. If provided a promise, use will suspend until a value is resolved. use can only be used in render but can be called conditionally.
    • ref as a prop: Refs can now be used as props, removing the need for forwardRef.
    • Suspense sibling pre-warming: When a component suspends, React will immediately commit the fallback of the nearest Suspense boundary, without waiting for the entire sibling tree to render. After the fallback commits, React will schedule another render for the suspended siblings to “pre-warm” lazy requests.

    React DOM Client

    • <form> action prop: Form Actions allow you to manage forms automatically and integrate with useFormStatus. When a <form> action succeeds, React will automatically reset the form for uncontrolled components. The form can be reset manually with the new requestFormReset API.
    • <button> and <input> formAction prop: Actions can be passed to the formAction prop to configure form submission behavior. This allows using different Actions depending on the input.
    • useFormStatus: is a new hook that provides the status of the parent <form> action, as if the form was a Context provider. The hook returns the values: pending, data, method, and action.
    • Support for Document Metadata: We’ve added support for rendering document metadata tags in components natively. React will automatically hoist them into the <head> section of the document.
    • Support for Stylesheets: React 19 will ensure stylesheets are inserted into the <head> on the client before revealing the content of a Suspense boundary that depends on that stylesheet.
    • Support for async scripts: Async scripts can be rendered anywhere in the component tree and React will handle ordering and deduplication.
    • Support for preloading resources: React 19 ships with preinit, preload, prefetchDNS, and preconnect APIs to optimize initial page loads by moving discovery of additional resources like fonts out of stylesheet loading. They can also be used to prefetch resources used by an anticipated navigation.

    React DOM Server

    • Added prerender and prerenderToNodeStream APIs for static site generation. They are designed to work with streaming environments like Node.js Streams and Web Streams. Unlike renderToString, they wait for data to load for HTML generation.

    React Server Components

    • RSC features such as directives, server components, and server functions are now stable. This means libraries that ship with Server Components can now target React 19 as a peer dependency with a react-server export condition for use in frameworks that support the Full-stack React Architecture. The underlying APIs used to implement a React Server Components bundler or framework do not follow semver and may break between minors in React 19.x. See docs for how to support React Server Components.

    Deprecations

    • Deprecated: element.ref access: React 19 supports ref as a prop, so we’re deprecating element.ref in favor of element.props.ref. Accessing will result in a warning.
    • react-test-renderer: In React 19, react-test-renderer logs a deprecation warning and has switched to concurrent rendering for web usage. We recommend migrating your tests to @ testinglibrary.com/docs/react-testing-library/intro/) or @ testingesting-library.com/docs/react-native-testing-library/intro)

    Breaking Changes

    React 19 brings in a number of breaking changes, including the removals of long-deprecated APIs. We recommend first upgrading to 18.3.1, where we've added additional deprecation warnings. Check out the upgrade guide for more details and guidance on codemodding.

    React

    • New JSX Transform is now required: We introduced a new JSX transform in 2020 to improve bundle size and use JSX without importing React. In React 19, we’re adding additional improvements like using ref as a prop and JSX speed improvements that require the new transform.
    • Errors in render are not re-thrown: Errors that are not caught by an Error Boundary are now reported to window.reportError. Errors that are caught by an Error Boundary are reported to console.error. We’ve introduced onUncaughtError and onCaughtError methods to createRoot and hydrateRoot to customize this error handling.
    • Removed: propTypes: Using propTypes will now be silently ignored. If required, we recommend migrating to TypeScript or another type-checking solution.
    • Removed: defaultProps for functions: ES6 default parameters can be used in place. Class components continue to support defaultProps since there is no ES6 alternative.
    • Removed: contextTypes and getChildContext: Legacy Context for class components has been removed in favor of the contextType API.
    • Removed: string refs: Any usage of string refs need to be migrated to ref callbacks.
    • Removed: Module pattern factories: A rarely used pattern that can be migrated to regular functions.
    • Removed: React.createFactory: Now that JSX is broadly supported, all createFactory usage can be migrated to JSX components.
    • Removed: react-test-renderer/shallow: This has been a re-export of react-shallow-renderer since React 18. If needed, you can continue to use the third-party package directly. We recommend using @ testinglibrary.com/docs/react-testing-library/intro/) or @ testingesting-library.com/docs/react-native-testing-library/intro) instead.

    React DOM

    • Removed: react-dom/test-utils: We’ve moved act from react-dom/test-utils to react. All other utilities have been removed.
    • Removed: ReactDOM.render, ReactDOM.hydrate: These have been removed in favor of the concurrent equivalents: ReactDOM.createRoot and ReactDOM.hydrateRoot.
    • Removed: unmountComponentAtNode: Removed in favor of root.unmount().
    • Removed: ReactDOM.findDOMNode: You can replace ReactDOM.findDOMNode with DOM Refs.

    Notable Changes

    React

    • <Context> as a provider: You can now render <Context> as a provider instead of <Context.Provider>.
    • Cleanup functions for refs: When the component unmounts, React will call the cleanup function returned from the ref callback.
    • useDeferredValue initial value argument: When provided, useDeferredValue will return the initial value for the initial render of a component, then schedule a re-render in the background with the deferredValue returned.
    • Support for Custom Elements: React 19 now passes all tests on Custom Elements Everywhere.
    • StrictMode changes: useMemo and useCallback will now reuse the memoized results from the first render, during the second render. Additionally, StrictMode will now double-invoke ref callback functions on initial mount.
    • UMD builds removed: To load React 19 with a script tag, we recommend using an ESM-based CDN such as esm.sh.

    React DOM

    • Diffs for hydration errors: In the case of a mismatch, React 19 logs a single error with a diff of the mismatched content.
    • Compatibility with third-party scripts and extensions: React will now force a client re-render to fix up any mismatched content caused by elements inserted by third-party JS.

    TypeScript Changes

    The most common changes can be codemodded with npx types-react-codemod@latest preset-19 ./path-to-your-react-ts-files.

    • Removed deprecated TypeScript types:
      • ReactChild (replacement: React.ReactElement | number | string)
      • ReactFragment (replacement: Iterable<React.ReactNode>)
      • ReactNodeArray (replacement: ReadonlyArray<React.ReactNode>)
      • ReactText (replacement: number | string)
      • VoidFunctionComponent (replacement: FunctionComponent)
      • VFC (replacement: FC)
      • Moved to prop-types: Requireable, ValidationMap, Validator, WeakValidationMap
      • Moved to create-react-class: ClassicComponentClass, ClassicComponent, ClassicElement, ComponentSpec, Mixin, ReactChildren, ReactHTML, ReactSVG, SFCFactory
    • Disallow implicit return in refs: refs can now accept cleanup functions. When you return something else, we can’t tell if you intentionally returned something not meant to clean up or returned the wrong value. Implicit returns of anything but functions will now error.
    • Require initial argument to useRef: The initial argument is now required to match useState, createContext etc
    • Refs are mutable by default: Ref objects returned from useRef() are now always mutable instead of sometimes being immutable. This feature was too confusing for users and conflicted with legit cases where refs were managed by React and manually written to.
    • Strict ReactElement typing: The props of React elements now default to unknown instead of any if the element is typed as ReactElement
    • JSX namespace in TypeScript: The global JSX namespace is removed to improve interoperability with other libraries using JSX. Instead, the JSX namespace is available from the React package: import { JSX } from 'react'
    • Better useReducer typings: Most useReducer usage should not require explicit type arguments.
      For example,
      -useReducer<React.Reducer<State, Action>>(reducer)  
      +useReducer(reducer)  
      or
      -useReducer<React.Reducer<State, Action>>(reducer)  
      +useReducer<State, [Action]>(reducer)

    All Changes

    React

    React DOM

Snyk has created this PR to upgrade react from 17.0.2 to 19.0.0.

See this package in npm:
react

See this project in Snyk:
https://app.snyk.io/org/q1blue-rxw/project/1483b839-bf44-4d3b-98ba-e21cf868ab99?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants