asset-system icon indicating copy to clipboard operation
asset-system copied to clipboard

Published 20 hours ago verified publisher icon godaddy

[Snyk] Security upgrade react-native from 0.52.1 to 0.63.0

Open snyk-bot opened this issue 5 years ago • 0 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • examples/reactnative/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
medium severity Arbitrary Code Injection
SNYK-JS-MORGAN-72579		 No Proof of Concept
high severity Uninitialized Memory Exposure
npm:base64-url:20180512		 No Mature
low severity Regular Expression Denial of Service (ReDoS)
npm:debug:20170905		 No No Known Exploit
high severity Regular Expression Denial of Service (ReDoS)
npm:fresh:20170908		 No No Known Exploit
low severity Regular Expression Denial of Service (ReDoS)
npm:mime:20170907		 No No Known Exploit
low severity Regular Expression Denial of Service (ReDoS)
npm:ms:20170412		 No No Known Exploit
high severity Regular Expression Denial of Service (ReDoS)
npm:negotiator:20160616		 No No Known Exploit
high severity Prototype Override Protection Bypass
npm:qs:20170213		 No No Known Exploit
Commit messages
Package name: react-native The new version differs by 250 commits.
  • 4f89733 [0.63.0] Bump version numbers
  • 6ed1b39 Fix debugging on android for 0.63 (#29204)
  • 0225f18 Changed iOS LaunchScreen from xib to storyboard (#28239)
  • 0b6fad6 Pressable: Add Support for Inspector Overlay
  • fb429a5 iOS: Fix Animated image crash when CADisplayLink target in RCTWeakProxy is nil
  • 262a3f6 Pressable: Rename pressRectOffset to pressRetentionOffset to be consistent with other touchables
  • 29639e7 Enable with CocoaPods `:configuration` (#28796)
  • 27ccc60 Upgrade Flipper to 0.37.0 (#28545)
  • 48413a4 [0.63.0-rc.1] Bump version numbers
  • 208bd05 Bump @react-native-community/eslint-config in new app template
  • 574447a Revert D21064653: Remove the post install step
  • 5e51e54 Update react.gradle (#28776)
  • b645f23 Fix folly::dynamic crash when attaching a debugger to Hermes
  • 18f1c69 Allow iOS PlatformColor strings to be ObjC or Swift UIColor selectors (#28703)
  • 87f5b8b Remove the post install step (#28651)
  • ff1558d Upgrade Hermes dependency to 0.5.0
  • e2dd18d [0.63.0-rc.0] Bump version numbers
  • 787a772 (eslint-config) update community eslint plugin in eslint config (#28642)
  • 7acd667 chore: remove Kotlin version from the default template
  • 5f7b44c fix: do not throw on missing `cliPath`, use the default value (#28625)
  • b191809 chore: update CLI
  • 696fb55 Update default Podfile to not depend on a path (#28572)
  • c7f2595 Migrate setNativeProps to commands in iOS text input
  • 00c4d95 Implement event count for TextInput

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

snyk-bot avatar Jul 08 '20 21:07 snyk-bot