[Snyk] Security upgrade react-native-svg from 12.1.0 to 12.3.0

[joelbettner]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: react-native-svg

The new version differs by 52 commits.

• b2c86c7 feat: add release-it (Update version to 1.0.2-27 #1714)
• 69ff5f0 fix#1471: every element is focusable on web (Download attachments in the chat #1585)
• 2484baa feat: move Example to TS (Test StagingDeployCash #1712)
• 59a48e7 Fix low-quality masks on iOS (Update version to 1.0.2-6 #1658)
• f277c27 Fixed typo in README.md (Move Search to the RightDockedModal #1448)
• cbc6d58 Fix typo in README (Get native versions resynced with package.json #1427)
• 39c8332 Adding mavenCentral() as jcenter() is shutting (Add Unread Action Indicator #1570)
• 2826fd9 Updated README.md (Move Git and Github utils from expensify common #1690)
• bac4986 feat: add macos CI (Add a Github Action check for Podfile lock changes #1704)
• 5b519c1 feat: add empty CI job so it runs on PR then (Improve performance of all screens using OptionsList #1705)
• b007efe fix: PlatformColor crashes on iOS and Android (New GH Action: CreateOrUpdateStagingDeployCash #1703)
• d35878b Support PlatformColor ([IOU] Create IOUModal with steps #1561)
• 8681303 chore: add example with test cases (Update version to 1.0.2-24 #1702)
• 3bc3338 Update to css-select to avoid security warnings (Update version to 1.0.2-20 #1692)
• f6ab25c Merge pull request Focus the compose field after closing modals #1699 from react-native-svg/@ wolewicki/fix-android-ci
• 14c1124 fix: try add gradle-wrapper
• c42c9eb feat: add Example app build workflows
• bcc9e1d fix: add newlines at the end of files
• 29fbc51 fix: change ios to apple
• 1296a2c Merge branch 'develop' into @ wolewicki/add-example-build-workflows
• 25a6eb5 chore: add Example to repo
• eb5543b feat: add example build workflows
• 522c2e3 chore: add Example to repo
• fa71673 Release v12.2.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[joelbettner]

@flodnv I followed the instructions found here: https://stackoverflow.com/c/expensify/questions/3465

But it looks like the Snyk automated fix is trying to upgrade multiple different dependencies all at once. Let me know what you think.

[flodnv]

It's upgrading several dependencies because they are dependencies of react-native-svg. We need to:

1. Check the changelog
2. Probably test whatever is using this package, on all platforms...

Feel free to turn this task into an External one (by adding the External label onto the original GH issue)

[joelbettner]

I made the issue External. I'll go ahead and close this.