react-native-barcode-mask icon indicating copy to clipboard operation
react-native-barcode-mask copied to clipboard
verified publisher icon nartc

[Snyk] Security upgrade react-native from 0.63.2 to 0.69.12

Open nartc opened this issue 1 year ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
⚠️ Warning 
Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 718/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.5		 Uncontrolled Resource Consumption ('Resource Exhaustion')
SNYK-JS-TAR-6476909		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: react-native The new version differs by 250 commits.
  • 5883b0b [0.69.12] Bump version numbers
  • 4db7a10 Prevent crash in runAnimationStep on OnePlus and Oppo devices (#37487)
  • 56807fa [0.69] Bump CLI to ^8.0.7, Metro to 0.70.4 (#38180)
  • 367fc7a [0.69] Use `Content-Location` header in bundle response as JS source URL (#37501) (#38179)
  • 2407776 [0.69.11] Bump version numbers
  • 37e8df1 [LOCAL] Make 0.69 compatible with Xcode 15 (thanks to @ AlexanderEggers for the commit in main)
  • 4f52bbc [LOCAL] checkout code for hermesc linux in an empty folder
  • 0cfdcb0 [LOCAL] Manually port back the version dependent hermesc for linux and windows
  • 4906002 Revert "Make CircleCI caches for hermesc be version dependent (#37452)"
  • b959dbd Make CircleCI caches for hermesc be version dependent (#37452)
  • 8b9f371 [0.69.10] Bump version numbers
  • 4979381 Fix test e2e script (#37081)
  • 5834cea Merge pull request #37000 from facebook/kelset/attempt-3-backporting-textinput-fixes
  • deb7cda Minimize EditText Spans 8/9: CustomStyleSpan (#36577)
  • 4b9b203 Minimize EditText Spans 7/9: Avoid temp list (#36576)
  • 64eeb81 Minimize EditText Spans 6/9: letterSpacing (#36548)
  • 44a96ac Minimize EditText Spans 5/9: Strikethrough and Underline (#36544)
  • ab6be34 Minimize EditText Spans 4/9: ReactForegroundColorSpan (#36545)
  • e7e2556 Minimize EditText Spans 3/9: ReactBackgroundColorSpan (#36547)
  • 7374892 Minimize EditText Spans 2/9: Make stripAttributeEquivalentSpans generic (#36546)
  • ee2d815 Minimize EditText Spans 1/9: Fix precedence (#36543)
  • 0bcf293 Fix measurement of uncontrolled TextInput after edit
  • f4f3aa3 [0.69.9] Bump version numbers
  • 74ba411 fix(xcode): backport Xcode 14.3 fix to 69 (#36767)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Uncontrolled Resource Consumption ('Resource Exhaustion')

nartc avatar Mar 23 '24 18:03 nartc