Bump cheerio to @1.0.0-rc.11

[vinodkumarsharma276]

Due to recent security vulnerability in nth-checkv1.2.0 which is fetched transitively from enzyme --> cheerio --> css-select --> .... --> nth-checkv1.2.0.

cherrio@1.0.0-rc.11 removes dependency of css-select which ultimately removes dependency of nth-check

[vinodkumarsharma276]

Hi @ljharb / @lelandrichardson @koba04 @nfcampos ,
Can someone take a look at this PR and approve. This will fix security vulnerability with nth-check@1.2.0 which is downloaded transitively using enzyme.

[codecov]

Codecov Report

Merging #2561 (6c63667) into master (3d286a4) will decrease coverage by 1.68%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master    #2561      +/-   ##
==========================================
- Coverage   96.31%   94.62%   -1.69%     
==========================================
  Files          49       32      -17     
  Lines        4207     2717    -1490     
  Branches     1130      777     -353     
==========================================
- Hits         4052     2571    -1481     
+ Misses        155      146       -9     

Impacted Files	Coverage Δ
...enzyme-adapter-utils/src/wrapWithSimpleWrapper.jsx	61.11% <0.00%> (-38.89%)	⬇️
packages/enzyme/src/EnzymeAdapter.js	75.00% <0.00%> (-25.00%)	⬇️
...ges/enzyme-adapter-react-16/src/detectFiberTags.js	85.24% <0.00%> (-8.20%)	⬇️
packages/enzyme/src/ShallowWrapper.js	94.86% <0.00%> (-4.26%)	⬇️
...enzyme-adapter-react-16/src/ReactSixteenAdapter.js	93.73% <0.00%> (-1.73%)	⬇️
packages/enzyme/src/RSTTraversal.js	96.36% <0.00%> (-0.91%)	⬇️
packages/enzyme/src/ReactWrapper.js	99.27% <0.00%> (-0.25%)	⬇️
packages/enzyme-adapter-react-14/src/index.js
packages/enzyme-adapter-react-13/src/index.js
packages/enzyme-adapter-react-15.4/src/index.js
... and 14 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 3d286a4...6c63667. Read the comment docs.

[ljharb]

It's worth noting that this is not actually a vulnerability, it's a false positive, at least for enzyme's use case.

[ljharb]

Suggested change

	"cheerio": "=1.0.0-rc.11",
	"cheerio": "^1.0.0-rc.11",

i suspect this will break tests, which is why it's pinned to rc3.

[ChristopherChudzicki]

FYI: People (me included!) have been having problems with cheerio 1.0.0-rc.11 see ... cheeriojs/cheerio#2545. It's not clear to me whether this is actually a cheerio issue, or something a bit wonky with mine and others webpack/babel configs.

I mention it here because I, like others in that thread, encountered it through the dependency from enzyme.

[tbowmo]

cheerio 1.0.0 is now released, so perhaps (if anyone ever comes around) it should be updated to that package

[ljharb]

Due to engine requirements, we may never be able to update to it. We’re far more likely to drop the render API.