Change/hide React 16.14.0

Hi, i see that de sonar 9.9.0 in web/js/ uses React 16.14.0, Could I update the version of React to version 18.0.0?

In the login page of sonar, if i write in console console.log(React.version) i can see React version.
Is there a way to not show the version of react it uses?

Hey there.

SonarQube is open-source, so there’s really no purpose to have the version of react be hidden (you can see it right here).

React will, for no other reason that bumping package versions, be updated to 18.3 in SonarQube v10.1 (the next release).

It’s not possible to adjust the version of React yourself.

Hi @danPin,

Could you share why this is important to you?

Does this come from a security concern or something else?


For security reasons, it is better not to see the versions of the tools used by the application. (vulneravilities)

Thanks for sharing! I raised an internal insight to explore this further.

Just to understand a bit more, are you doing this proactively in your company or do you have to comply with some security policy, auditing, or something? Maybe picked up by some security tool?

From rhe security/hacking department of my company

1 Like