asset-system icon indicating copy to clipboard operation
asset-system copied to clipboard

Published 20 hours ago verified publisher icon godaddy

[Snyk] Security upgrade react-native from 0.52.1 to 0.59.0

Open snyk-bot opened this issue 4 years ago • 0 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • examples/reactnative/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Prototype Pollution
SNYK-JS-MERGE-1040469		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: react-native The new version differs by 250 commits.
  • 7c73f2b [0.59.0] Bump version numbers
  • fa190ba Fix flow error
  • 9f5946b Fix DatePicker tests
  • f6ca4d0 Add prop to configure `importantForAutofill`. (#22763)
  • ffa6d29 Disable Snapshot tests for Text component on iOS
  • f0bc491 Remove duplicated Yoga compile sources to prevent "duplicate symbols" errors when linking using -force_load (#23823)
  • 456a984 Fix image wrong scale factor when load image from file system (#23446)
  • 8d95e73 Text: Implement textAlign justify for android O+ (#22477)
  • caba1cb Fix crash when calling substring() on a string containing emoji. (#23609)
  • 370947d Bump Jest version
  • 9cb4d3f [0.59.0-rc.3] Bump version numbers
  • 52cdb7c React sync for revisions f24a0da...8e25ed2
  • c1392c2 Toggle secureTextEntry cursor spacing (#23524)
  • 8e5eb63 add talkback navigation support for links and header (#22447)
  • 2b7346f Fix two bugs with Location when not using ACCESS_FINE_LOCATION (#10291)
  • d7c4c37 Use existing character set in POST body when possible (#23603)
  • 4cad737 Prevent okhttp from adding ;charset=utf8 to ContentType Header (#23580)
  • fee5031 Fix IllegalArgumentException when creating CookieManager
  • fbf039b add nullable annotations to some ViewManager methods (#23610)
  • f909701 Don't reconnect inspector if connection refused (#22625)
  • 52e5136 ReactTextView extends AppCompatTextView (#23321)
  • 56fc630 SYSTEM_ALERT_WINDOW only in debug builds (#23504)
  • dff3f60 Map TextInput textContentType strings to Objective-C constants (#22611)
  • 40603bc [0.59.0-rc.2] Bump version numbers

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

snyk-bot avatar Nov 16 '20 21:11 snyk-bot