This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `yarn` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.
Vulnerabilities that will be fixed
With an upgrade:
| Severity |
Priority Score (*) |
Issue |
Breaking Change |
Exploit Maturity |
 |
768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5 |
Prototype Pollution
SNYK-JS-LODASH-6139239 |
Yes |
Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: 
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Prototype Pollution
New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
| Package |
New capabilities |
Transitives |
Size |
Publisher |
| npm/@babel/[email protected] |
environment |
+1 |
29.8 kB |
nicolo-ribaudo |
| npm/@babel/[email protected] |
None |
0 |
65.2 kB |
nicolo-ribaudo |
| npm/@babel/[email protected] |
environment, filesystem, unsafe |
+11 |
2.12 MB |
nicolo-ribaudo |
| npm/@babel/[email protected] |
None |
+3 |
624 kB |
nicolo-ribaudo |
| npm/@babel/[email protected] |
None |
+1 |
63.7 kB |
nicolo-ribaudo |
| npm/@babel/[email protected] |
None |
+5 |
543 kB |
nicolo-ribaudo |
| npm/@babel/[email protected] |
None |
+1 |
31 kB |
nicolo-ribaudo |
| npm/@babel/[email protected] |
None |
0 |
6.56 kB |
nicolo-ribaudo |
| npm/@babel/[email protected] |
None |
0 |
21.6 kB |
nicolo-ribaudo |
| npm/@babel/[email protected] |
None |
0 |
63.8 kB |
nicolo-ribaudo |
| npm/@babel/[email protected] |
None |
0 |
11.7 kB |
nicolo-ribaudo |
| npm/@babel/[email protected] |
None |
+2 |
29.4 kB |
nicolo-ribaudo |
| npm/@babel/[email protected] |
None |
0 |
5.96 kB |
nicolo-ribaudo |
| npm/@babel/[email protected] |
None |
0 |
1.88 MB |
nicolo-ribaudo |
| npm/@babel/[email protected] |
None |
0 |
3.34 kB |
nicolo-ribaudo |
| npm/@babel/[email protected] |
None |
0 |
4.41 kB |
nicolo-ribaudo |
| npm/@babel/[email protected] |
None |
0 |
33.2 kB |
nicolo-ribaudo |
| npm/@babel/[email protected] |
None |
0 |
3.68 kB |
nicolo-ribaudo |
| npm/@babel/[email protected] |
None |
0 |
4.14 kB |
nicolo-ribaudo |
| npm/@babel/[email protected] |
None |
0 |
2.63 kB |
nicolo-ribaudo |
| npm/@babel/[email protected] |
None |
0 |
2.53 kB |
nicolo-ribaudo |
| npm/@babel/[email protected] |
None |
0 |
2.52 kB |
nicolo-ribaudo |
| npm/@babel/[email protected] |
None |
+4 |
274 kB |
nicolo-ribaudo |
| npm/@babel/[email protected] |
None |
0 |
64.9 kB |
nicolo-ribaudo |
| npm/@babel/[email protected] |
None |
+2 |
143 kB |
nicolo-ribaudo |
| npm/@babel/[email protected] |
None |
0 |
68.9 kB |
nicolo-ribaudo |
| npm/@babel/[email protected] |
None |
+3 |
673 kB |
nicolo-ribaudo |
| npm/@babel/[email protected] |
environment |
+3 |
2.5 MB |
nicolo-ribaudo |
| npm/@hapi/[email protected] |
None |
0 |
51.5 kB |
devinivy |
| npm/@jridgewell/[email protected] |
None |
0 |
45.9 kB |
jridgewell |
| npm/@jridgewell/[email protected] |
None |
+1 |
222 kB |
jridgewell |
| npm/@types/[email protected] |
None |
0 |
5.45 kB |
types |
| npm/[email protected] |
None |
0 |
16.8 kB |
dougwilson |
| npm/[email protected] |
environment, filesystem Transitive: shell |
+5 |
2.17 MB |
ai |
| npm/[email protected] |
filesystem, shell |
0 |
62.4 kB |
abetomo |
| npm/[email protected] |
None |
0 |
6.3 kB |
sindresorhus |
| npm/[email protected] |
filesystem Transitive: unsafe |
+7 |
70.4 kB |
davidtheclark |
| npm/[email protected] |
None |
0 |
7.86 kB |
dougwilson |
| npm/[email protected] |
None |
+1 |
13.1 kB |
qix |
| npm/[email protected] |
None |
0 |
189 kB |
mysticatea |
| npm/[email protected] |
None |
0 |
31.4 kB |
ljharb |
| npm/[email protected] |
None |
0 |
35.7 kB |
indutny |
| npm/[email protected] |
environment, shell |
+4 |
2.19 MB |
simenb |
| npm/[email protected] |
None |
0 |
4.78 kB |
blakeembrey |
| npm/[email protected] |
filesystem Transitive: network |
+5 |
482 kB |
metro-bot |
| npm/[email protected] |
Transitive: environment, filesystem, network, shell |
+10 |
205 kB |
metro-bot |
| npm/[email protected] |
environment, filesystem Transitive: unsafe |
+32 |
2.58 MB |
metro-bot |
| npm/[email protected] |
None |
+1 |
47.6 kB |
metro-bot |
| npm/[email protected] |
None |
+2 |
370 kB |
metro-bot |
| npm/[email protected] |
environment, filesystem, network Transitive: shell, unsafe |
+104 |
9.88 MB |
metro-bot |
| npm/[email protected] |
None |
0 |
206 kB |
dougwilson |
| npm/[email protected] |
None |
0 |
18.3 kB |
dougwilson |
| npm/[email protected] |
None |
0 |
27.4 kB |
dougwilson |
| npm/[email protected] |
None |
0 |
10.3 kB |
dougwilson |
| npm/[email protected] |
None |
0 |
90 kB |
mrmlnc |
| npm/[email protected] |
None |
0 |
8.46 kB |
dougwilson |
| npm/[email protected] |
environment |
0 |
24.8 kB |
gaearon |
| npm/[email protected] |
environment, network Transitive: eval, filesystem, shell |
+161 |
214 MB |
react-native-bot |
| npm/[email protected] |
None |
0 |
698 B |
satya164 |
| npm/[email protected] |
None |
0 |
31.7 kB |
feross |
| npm/[email protected] |
None |
0 |
45 kB |
ljharb |
| npm/[email protected] |
None |
0 |
11 kB |
dougwilson |
| npm/[email protected] |
None |
+3 |
61.5 kB |
sindresorhus |
| npm/[email protected] |
None |
0 |
4.64 kB |
blakeembrey |
| npm/[email protected] |
filesystem |
0 |
5.8 kB |
daaku |
🚮 Removed packages: npm/@expo/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected]
View full report↗︎
example-app-react-native copied to clipboard
sanity-io
![socket-security[bot] avatar](https://avatars.githubusercontent.com/in/156372?v=4 "Published by a pub.dev verified publisher"){kind=small}