sendbird-javascript-samples icon indicating copy to clipboard operation
sendbird-javascript-samples copied to clipboard
verified publisher icon sendbird

[Snyk] Security upgrade @react-native-firebase/app from 14.12.0 to 17.4.3

Open sendbird-security opened this issue 2 years ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • react-native/react-native-hook-local-caching/Sendbird/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Prototype Pollution
SNYK-JS-XML2JS-5414874		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @react-native-firebase/app The new version differs by 249 commits.
  • 3c47228 chore(release): release packages
  • 3e81143 fix(expo): update dependencies of config plugins
  • 4eb336b chore(release): release packages
  • 59b0238 fix(android, auth): phone auth supports Play Integrity now
  • 90a2589 chore(release): release packages
  • c4bb807 fix(app-check, ios): Xcode 14.3 compat bugfix
  • f89dec5 style(app-check, lint): hard cast to eliminate type qualifier warnings
  • 075eb2b test(ios): Xcode 14.3 compatibility workaround
  • 6a0df32 test(deps): bump to react-native 0.70.7
  • f3ff322 test(deps): bump test app lockfile versions
  • 54c1010 docs(app-check, android): note that Play Integrity requires Play Store distribution
  • 8460ab6 fix(crashlytics, android): use v2.9.2 of crashlytics android plugin
  • 38054ba test(deps): bump test app podfile lock
  • 2a79509 chore(release): release packages
  • 500f15a fix(android): bump to firebase-android-sdk 31.3.0
  • 7103473 fix(ios): bump firebase-ios-sdk to 10.7.0
  • ebfb413 fix(app-distribution, android): update the gradle plugin to match BoM 31.2.3 release
  • 64bf598 build(deps): bump pod versions in test app lockfile
  • f49403a docs(app-check): corrected ios config section for debugTokens (#6997)
  • 02df92e feat(storage): Firebase JS SDK v9 modular API (#6958)
  • 4592733 docs(tips-n-tricks): fix spelling in pointer to demo template
  • 3fae6cb docs(messaging): fix typo in android permissions example
  • e118597 chore(release): release packages
  • 24fa17e fix(app, android): adopt firebase-android-sdk 31.2.3

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

sendbird-security avatar Jun 22 '23 20:06 sendbird-security