asset-system icon indicating copy to clipboard operation
asset-system copied to clipboard

Published 20 hours ago verified publisher icon godaddy

[Snyk] Security upgrade react-native from 0.52.1 to 0.60.0

Open decompil3d opened this issue 2 years ago • 1 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • examples/reactnative/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-NODEFETCH-2964180		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: react-native The new version differs by 250 commits.
  • 769e35b [0.60.0] Bump version numbers
  • 35aeb8c [LOCAL] bump CLI
  • 8fdecf3 - Publish `react-native.config.js` (#25436)
  • ff9855c Check if mCurrentActivity is set according to LifecycleState (#23336)
  • 8a43321 [0.60.0-rc.3] Bump version numbers
  • db1d60f bump jsc dep
  • 93c8318 bump CLI rc
  • 9837d24 Fix some languages wrapped texts are cut off on android (#25306)
  • b68966e Use CALayers to draw text (#24387)
  • 99bc31c Fix regression of improper assets copy (revert #24518 #24778) (#25363)
  • c36c481 bump fresco to 2.0.0, supports AndroidX (#25358)
  • 13f4fa0 custom fontWeight numeric values for Text on Android (#25341)
  • 9792f2c [0.60.0-rc.2] Bump version numbers
  • 53cec2d [LOCAL] bump version in template to match repo
  • b4f3d4b Move scheduler to dependencies
  • e741488 Implement changes to enable native modules auto linking (#24506)
  • bf4ee6f Bump CLI to 2.0.0-rc.2 (#25241)
  • cecba01 Removed autoresizing mask for modal host container view (#25150)
  • 06fffc2 [0.60.0-rc.1] Bump version numbers
  • 5ecc87b bump versions to match the requirements
  • 7082c3e re-add the hasteImpl
  • 39ce412 Bump CLI to 2.0.0-rc.0 (#25175)
  • 00c7cf3 Fix: RefreshControl in FlatList makes borderWidth not working (#24411)
  • a916dd6 Android Fix for 9145: No longer hard code build port (#23616)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

decompil3d avatar Aug 01 '22 04:08 decompil3d

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

sonarqubecloud[bot] avatar Aug 01 '22 04:08 sonarqubecloud[bot]