[Snyk] Upgrade react-native from 0.62.2 to 0.68.2

[juanandrade]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade react-native from 0.62.2 to 0.68.2.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 55 versions ahead of your current version.
• The recommended version was released 2 months ago, on 2022-05-09.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-ASYNC-2441827	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Use After Free SNYK-JS-HERMESENGINE-1309667	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Out-of-Bounds SNYK-JS-HERMESENGINE-1727253	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Prototype Pollution SNYK-JS-PLIST-2405644	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-REACTNATIVE-1298632	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TMPL-1583443	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-1023599	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-610226	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-Y18N-1021887	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-HERMESENGINE-1015406	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Denial of Service (DoS) SNYK-JS-HERMESENGINE-2342071	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Prototype Pollution SNYK-JS-HERMESENGINE-608850	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Denial of Service (DoS) SNYK-JS-HERMESENGINE-629268	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Out-of-Bounds SNYK-JS-HERMESENGINE-629748	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Information Exposure SNYK-JS-NODEFETCH-2342118	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Denial of Service SNYK-JS-NODEFETCH-674311	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Information Exposure SNYK-JS-NODEFETCH-2342118	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Denial of Service SNYK-JS-NODEFETCH-674311	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-1072471	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	XML External Entity (XXE) Injection SNYK-JS-XMLDOM-1084960	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Improper Input Validation SNYK-JS-XMLDOM-1534562	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: react-native

• 0.68.2 - 2022-05-09

  Changed

  • Bump used version of react-native-codegen to 0.0.17 (dfda480a98 by @ cortinico)
  • Bump react-native-codegen to 0.0.17 (a5ddc2e165 by @ cortinico)

  Fixed

  Android specific

  • Working around Long paths limitation on Windows (62ef6f5fa1 by @ mganandraj)

  ---

  You can participate in the conversation on the status of this release in this discussion

  ---

  To help you upgrade to this version, you can use the upgrade helper ⚛️

  ---

  You can find the whole changelog history in the changelog.md file.

• 0.68.1 - 2022-04-13
• 0.68.0 - 2022-03-30
• 0.68.0-rc.4 - 2022-03-25
• 0.68.0-rc.3 - 2022-03-17
• 0.68.0-rc.2 - 2022-02-24
• 0.68.0-rc.1 - 2022-02-03
• 0.68.0-rc.0 - 2022-01-28
• 0.67.4 - 2022-03-18
• 0.67.3 - 2022-02-22
• 0.67.2 - 2022-01-31
• 0.67.1 - 2022-01-20
• 0.67.0 - 2022-01-18
• 0.67.0-rc.6 - 2021-12-14
• 0.67.0-rc.5 - 2021-12-06
• 0.67.0-rc.4 - 2021-11-30
• 0.67.0-rc.3 - 2021-11-05
• 0.67.0-rc.2 - 2021-10-25
• 0.67.0-rc.1 - 2021-10-22
• 0.67.0-rc.0 - 2021-10-16
• 0.66.4 - 2021-12-09
• 0.66.3 - 2021-11-10
• 0.66.2 - 2021-11-04
• 0.66.1 - 2021-10-15
• 0.66.0 - 2021-10-01
• 0.66.0-rc.4 - 2021-09-24
• 0.66.0-rc.3 - 2021-09-17
• 0.66.0-rc.2 - 2021-09-10
• 0.66.0-rc.1 - 2021-09-01
• 0.66.0-rc.0 - 2021-08-27
• 0.65.2 - 2021-11-04
• 0.65.1 - 2021-08-19
• 0.65.0 - 2021-08-17
• 0.65.0-rc.4 - 2021-08-11
• 0.65.0-rc.3 - 2021-07-23
• 0.65.0-rc.2 - 2021-06-18
• 0.65.0-rc.1 - 2021-06-17
• 0.65.0-rc.0 - 2021-06-09
• 0.64.3 - 2021-11-04
• 0.64.2 - 2021-06-03
• 0.64.1 - 2021-05-05
• 0.64.0 - 2021-03-12
• 0.64.0-rc.4 - 2021-03-01
• 0.64.0-rc.3 - 2021-02-05
• 0.64.0-rc.2 - 2020-12-18
• 0.64.0-rc.1 - 2020-11-25
• 0.64.0-rc.0 - 2020-11-23
• 0.63.4 - 2020-11-30
• 0.63.3 - 2020-09-29
• 0.63.2 - 2020-07-22
• 0.63.1 - 2020-07-14
• 0.63.0 - 2020-07-08
• 0.63.0-rc.1 - 2020-05-04
• 0.63.0-rc.0 - 2020-04-16
• 0.62.3 - 2021-05-05
• 0.62.2 - 2020-04-08

from react-native GitHub release notes

Commit messages

Package name: react-native

• 72e1eda [0.68.2] Bump version numbers
• dfda480 Bump used version of react-native-codegen to 0.0.17
• a5ddc2e Bump react-native-codegen to 0.0.17
• 62ef6f5 [Main][Windows] Working around Long paths limitation on Windows (#33707)
• b5f1b26 [0.68.1] Bump version numbers
• 48113b5 Merge pull request #33628 from fortmarek/fix/yarn-lock-gradle-plugin
• faaf256 Update yarn.lock with the new react-native-gradle-plugin version
• 387ee70 Use NDK 23 only for Windows users. (#33611)
• 3fd3fe0 react-native-gradle-plugin should not depend on react-native-codegen NPM package
• fdd7848 Replaced windowsAwareYarn with windowsAwareCommandLine for node calls (#33530)
• 1f48b7b Bump React Native Gradle plugin to 0.0.6 (#33581)
• 6268836 Improve support for Android users on M1 machine (#33588)
• 9efcaff Pin use-subscription to < 1.6.0 (#33541)
• 8400590 Template: Specify abiFilters if enableSeparateBuildPerCPUArchitecture is not set.
• a5c44e6 Fix dynamic_cast (RTTI) by adding key function to ShadowNodeWrapper and related classes (#33500)
• 44ee801 Merge pull request #33582 from mganandraj/NewArchWinBuild
• 5a8033d Fix for building new architecture sources on Windows
• 51f5ea1 [0.68.0] Bump version numbers
• a4a6e23 [0.68.0-rc.4] Bump version numbers
• e645629 Enable SonarKit and Flipper in React-Core (#33499)
• b3f19d7 [0.68.0-rc.3] Bump version numbers
• cb28a26 Bump Flipper-Glog to 0.5.0.4
• 4163386 fix(ios, flipper): update flipper sub-pods to support macCatalyst (#33406)
• ccd1708 Re-apply: Consider relative to pwd installation root when looking for files in rn module via cocoapods (#33427)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[JagadeeshKaricherla-branch]

Needs a lot of other related changes also to be done as part of the upgrade : https://react-native-community.github.io/upgrade-helper/?from=0.62.2&to=0.68.2 and thoroughly tested.

[gdeluna-branch]

Rejecting until we perform other required changes as @JagadeeshKaricherla-branch mentioned.