asset-system icon indicating copy to clipboard operation
asset-system copied to clipboard

Published 20 hours ago verified publisher icon godaddy

[Snyk] Security upgrade react-native from 0.52.1 to 0.63.0

Open decompil3d opened this issue 2 years ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • examples/reactnative/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Prototype Pollution
SNYK-JS-QS-3153490		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: react-native The new version differs by 250 commits.
  • 4f89733 [0.63.0] Bump version numbers
  • 6ed1b39 Fix debugging on android for 0.63 (#29204)
  • 0225f18 Changed iOS LaunchScreen from xib to storyboard (#28239)
  • 0b6fad6 Pressable: Add Support for Inspector Overlay
  • fb429a5 iOS: Fix Animated image crash when CADisplayLink target in RCTWeakProxy is nil
  • 262a3f6 Pressable: Rename pressRectOffset to pressRetentionOffset to be consistent with other touchables
  • 29639e7 Enable with CocoaPods `:configuration` (#28796)
  • 27ccc60 Upgrade Flipper to 0.37.0 (#28545)
  • 48413a4 [0.63.0-rc.1] Bump version numbers
  • 208bd05 Bump @ react-native-community/eslint-config in new app template
  • 574447a Revert D21064653: Remove the post install step
  • 5e51e54 Update react.gradle (#28776)
  • b645f23 Fix folly::dynamic crash when attaching a debugger to Hermes
  • 18f1c69 Allow iOS PlatformColor strings to be ObjC or Swift UIColor selectors (#28703)
  • 87f5b8b Remove the post install step (#28651)
  • ff1558d Upgrade Hermes dependency to 0.5.0
  • e2dd18d [0.63.0-rc.0] Bump version numbers
  • 787a772 (eslint-config) update community eslint plugin in eslint config (#28642)
  • 7acd667 chore: remove Kotlin version from the default template
  • 5f7b44c fix: do not throw on missing `cliPath`, use the default value (#28625)
  • b191809 chore: update CLI
  • 696fb55 Update default Podfile to not depend on a path (#28572)
  • c7f2595 Migrate setNativeProps to commands in iOS text input
  • 00c4d95 Implement event count for TextInput

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

decompil3d avatar Dec 05 '22 04:12 decompil3d