asset-system icon indicating copy to clipboard operation
asset-system copied to clipboard

Published 20 hours ago verified publisher icon godaddy

[Snyk] Security upgrade react-native from 0.52.1 to 0.64.1

Open snyk-bot opened this issue 3 years ago • 0 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • examples/reactnative/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-REACTNATIVE-1298632		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: react-native The new version differs by 250 commits.
  • 787567a [0.64.1] Bump version numbers
  • cf8a364 [local] change post-install to patch RTC-Folly
  • 1c4ac48 [local] yarn lock update (?)
  • 76f45d3 [local] update RNTester files for 0.64
  • 3912fef Update validateBaseUrl to use latest regex
  • ace025d [0.64.0] Bump version numbers
  • 728d55a Fixing the git attrs for all the people and all the files and all future 🙌
  • 8a6ac1f chore: Update React.podspec to require cocoapods >= 1.10.1
  • 138fdbc fix: restore refresh control fix
  • 7f3f80f Fix RefreshControl layout when removed from window (#31024)
  • 1aa4f47 [0.64.0-rc.4] Bump version numbers
  • 48a97d7 chore: fix conflict in Podfile.lock
  • e7e4b00 fix: disable fabric
  • 14db556 fix: React Native CodeGen integration for 0.64-stable (#31027)
  • 4b68734 Generalize node search logic
  • 7159bcb Update flipper in RNTester and template (#31010)
  • e846740 [0.64.0-rc.3] Bump version numbers
  • c023a40 chore: bump codegen script
  • 7004cac Invoke `node` directly in generate-specs.sh (#30781)
  • 5ada078 Make codegen more reliable on iOS (#30792)
  • 937ced3 Optionally override codegen script defaults via envvars
  • e5888de Add use_react_native_codegen!
  • 0636c45 Use Fabric builds in iOS tests (#30639)
  • 224c85a Update iOS Fabric-related files to compile on OSS (#29810)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

snyk-bot avatar Jun 03 '21 00:06 snyk-bot