Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade react-native from 0.60.5 to 0.71.4 #1116

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

snyk-bot
Copy link

@snyk-bot snyk-bot commented Apr 1, 2023

Snyk has created this PR to upgrade react-native from 0.60.5 to 0.71.4.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 124 versions ahead of your current version.
  • The recommended version was released 23 days ago, on 2023-03-08.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Regular Expression Denial of Service (ReDoS)
SNYK-JS-REACTNATIVE-1298632
589/1000
Why? Has a fix available, CVSS 7.5
No Known Exploit
Remote Code Execution (RCE)
SNYK-JS-SHELLQUOTE-1766506
589/1000
Why? Has a fix available, CVSS 7.5
No Known Exploit
Arbitrary File Overwrite
SNYK-JS-TAR-1536528
589/1000
Why? Has a fix available, CVSS 7.5
No Known Exploit
Arbitrary File Overwrite
SNYK-JS-TAR-1536531
589/1000
Why? Has a fix available, CVSS 7.5
No Known Exploit
Prototype Pollution
SNYK-JS-ASYNC-2441827
589/1000
Why? Has a fix available, CVSS 7.5
Proof of Concept
Arbitrary File Write
SNYK-JS-TAR-1579147
589/1000
Why? Has a fix available, CVSS 7.5
No Known Exploit
Arbitrary File Write
SNYK-JS-TAR-1579152
589/1000
Why? Has a fix available, CVSS 7.5
No Known Exploit
Arbitrary File Write
SNYK-JS-TAR-1579155
589/1000
Why? Has a fix available, CVSS 7.5
No Known Exploit
Remote Code Execution (RCE)
SNYK-JS-LOGKITTY-568763
589/1000
Why? Has a fix available, CVSS 7.5
Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-WS-1296835
589/1000
Why? Has a fix available, CVSS 7.5
Proof of Concept
Command Injection
SNYK-JS-NODENOTIFIER-1035794
589/1000
Why? Has a fix available, CVSS 7.5
No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-WS-1296835
589/1000
Why? Has a fix available, CVSS 7.5
Proof of Concept
Prototype Pollution
SNYK-JS-HAPIHOEK-548452
589/1000
Why? Has a fix available, CVSS 7.5
No Known Exploit
Prototype Pollution
SNYK-JS-JSON5-3182856
589/1000
Why? Has a fix available, CVSS 7.5
Proof of Concept
Denial of Service (DoS)
npm:mem:20180117
589/1000
Why? Has a fix available, CVSS 7.5
No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-TAR-1536758
589/1000
Why? Has a fix available, CVSS 7.5
No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: react-native
  • 0.71.4 - 2023-03-08

    Changed

    • Make FlatList permissive of ArrayLike data (c03de97fb4 by @ NickGerleman)
    • Bumping RNGP to ^0.71.16 (3df4a79c3d by @ kelset)
    • Update CLI to 10.2.0, Metro to 0.73.8 (20a6fbd373 by @ robhogan) - contains:
      • fix: Source maps may have invalid entries when using Terser minification. (metro/#928)
      • fix: Mitigate potential source map mismatches with concurrent transformations due to terser#1341. (metro/#929)
    • Bump Hermes Version (291cc0af10) - contains:
      • use ConsecutiveStringStorage to dedup serialized literals (62d58e)
      • Remove register stack size override in hermes.cpp (6146eb)
      • fix: specify currency in locale identifier when formatting currency plural (21f15c)
      • Increase default max stack size (ee2588)
      • Refactor HBC test helper (31fdcf)

    Android specific

    Fixed

    Android specific


    You can participate in the conversation on the status of this release in this discussion.


    To help you upgrade to this version, you can use the upgrade helper ⚛️


    You can find the whole changelog history in the changelog.md file.

  • 0.71.3 - 2023-02-14

    Changed

    Fixed

    • (codegen) Add missing C++ include for prop conversion of complex array type (92fc32aa by @ rshest)

    Android specific

    iOS specific


    You can participate in the conversation on the status of this release in this discussion.


    To help you upgrade to this version, you can use the upgrade helper ⚛️


    You can find the whole changelog history in the changelog.md file.

  • 0.71.2 - 2023-02-01

    Added

    Changed

    • Bump react-native-gradle-plugin to ^0.71.14 in core, @ react-native-community/eslint-config to ^3.2.0 in starting template (785bc8d97b by @ kelset)

    Fixed

    Android specific

    iOS specific


    You can participate in the conversation on the status of this release in this discussion.


    To help you upgrade to this version, you can use the upgrade helper ⚛️


    You can find the whole changelog history in the changelog.md file.

  • 0.71.1 - 2023-01-19

    Added

    Android specific

    iOS specific

    Changed

    Fixed

    • Fix(cli,metro,babel): bump cli and metro and babel to fix Windows+Metro issue (df7c92ff4c by @ kelset)

    Android specific

    iOS specific

    • Exclude react-native-flipper when NO_FLIPPER=1 to prevent iOS build fail (f47b5b8b5d by @ retyui)
    • Fix RCTAlertController not showing when using SceneDelegate on iOS 13.0+. (0c53420a7a)
    • Handle Null Exception to Validate input in RCTAlertController and in RCTDevLoadingView (79e603c5ab by @ admirsaheta)
    • Fixed the potential race condition when dismissing and presentating modal (e948c79bda by @ wood1986)
    • Fix build errors when inheriting RCTAppDelegate in Swift modules (5eb25d2186 by @ Kudo)
    • OnSelectionChange() is fired before onChange() on multiline TextInput (64475aeb3b by @ s77rt)
    • Build: remove deprecated File.exists() method from Hermes podspec. (38e5fa6a96 by @ kelset)

    You can participate in the conversation on the status of this release in this discussion


    To help you upgrade to this version, you can use the upgrade helper ⚛️


    You can find the whole changelog history in the changelog.md file.

  • 0.71.0 - 2023-01-12
  • 0.71.0-rc.6 - 2023-01-09
  • 0.71.0-rc.5 - 2022-12-19
  • 0.71.0-rc.4 - 2022-12-14
  • 0.71.0-rc.3 - 2022-11-30
  • 0.71.0-rc.2 - 2022-11-24
  • 0.71.0-rc.1 - 2022-11-23
  • 0.71.0-rc.0 - 2022-11-04
  • 0.70.7 - 2023-01-31

    Fixes

    Android Specific

    iOS Specific

    Added

    Android


    You can participate in the conversation on the status of this release in this discussion


    To help you upgrade to this version, you can use the upgrade helper ⚛️


    You can find the whole changelog history in the changelog.md file.

  • 0.70.6 - 2022-11-15
  • 0.70.5 - 2022-11-06
  • 0.70.4 - 2022-10-25
  • 0.70.3 - 2022-10-12
  • 0.70.2 - 2022-10-04
  • 0.70.1 - 2022-09-15
  • 0.70.0 - 2022-09-05
  • 0.70.0-rc.4 - 2022-08-22
  • 0.70.0-rc.3 - 2022-08-15
  • 0.70.0-rc.2 - 2022-08-04
  • 0.70.0-rc.1 - 2022-07-28
  • 0.70.0-rc.0 - 2022-07-15
  • 0.69.8 - 2023-01-30

    This version is a patch release with a mitigation solution for the Android issue on Samsung devices.

    Please let us know in the issue if this new version addresses the problem for you.


    You can participate in the conversation on the status of this release in this discussion.


    To help you upgrade to this version, you can use the upgrade helper ⚛️


    You can find the whole changelog history in the changelog.md file.

  • 0.69.7 - 2022-11-06
  • 0.69.6 - 2022-09-27
  • 0.69.5 - 2022-08-25
  • 0.69.4 - 2022-08-08
  • 0.69.3 - 2022-07-25
  • 0.69.2 - 2022-07-20
  • 0.69.1 - 2022-06-29
  • 0.69.0 - 2022-06-22
  • 0.69.0-rc.6 - 2022-06-01
  • 0.69.0-rc.5 - 2022-05-31
  • 0.69.0-rc.4 - 2022-05-31
  • 0.69.0-rc.3 - 2022-05-24
  • 0.69.0-rc.2 - 2022-05-20
  • 0.69.0-rc.1 - 2022-05-11
  • 0.69.0-rc.0 - 2022-04-28
  • 0.68.6 - 2023-01-30

    🚨 IMPORTANT: This is an exceptional release on an unsupported version. We recommend you upgrade to one of the supported versions, listed here.

    Hotfix

    This version is a patch release with a mitigation solution for the Android issue on Samsung devices.

    Please let us know in the issue if this new version addresses the problem for you.


    To help you upgrade to new versions, you can use the upgrade helper ⚛️


    You can find the whole changelog history in the changelog.md file.

  • 0.68.5 - 2022-11-06
  • 0.68.4 - 2022-10-10
  • 0.68.3 - 2022-08-08
  • 0.68.2 - 2022-05-09
  • 0.68.1 - 2022-04-13
  • 0.68.0 - 2022-03-30
  • 0.68.0-rc.4 - 2022-03-25
  • 0.68.0-rc.3 - 2022-03-17
  • 0.68.0-rc.2 - 2022-02-24
  • 0.68.0-rc.1 - 2022-02-03
  • 0.68.0-rc.0 - 2022-01-28
  • 0.67.5 - 2022-11-06
  • 0.67.4 - 2022-03-18
  • 0.67.3 - 2022-02-22
  • 0.67.2 - 2022-01-31
  • 0.67.1 - 2022-01-20
  • 0.67.0 - 2022-01-18
  • 0.67.0-rc.6 - 2021-12-14
  • 0.67.0-rc.5 - 2021-12-06
  • 0.67.0-rc.4 - 2021-11-30
  • 0.67.0-rc.3 - 2021-11-05
  • 0.67.0-rc.2 - 2021-10-25
  • 0.67.0-rc.1 - 2021-10-22
  • 0.67.0-rc.0 - 2021-10-16
  • 0.66.5 - 2022-11-06
  • 0.66.4 - 2021-12-09
  • 0.66.3 - 2021-11-10
  • 0.66.2 - 2021-11-04
  • 0.66.1 - 2021-10-15
  • 0.66.0 - 2021-10-01
  • 0.66.0-rc.4 - 2021-09-24
  • 0.66.0-rc.3 - 2021-09-17
  • 0.66.0-rc.2 - 2021-09-10
  • 0.66.0-rc.1 - 2021-09-01
  • 0.66.0-rc.0 - 2021-08-27
  • 0.65.3 - 2022-11-06
  • 0.65.2 - 2021-11-04
  • 0.65.1 - 2021-08-19
  • 0.65.0 - 2021-08-17
  • 0.65.0-rc.4 - 2021-08-11
  • 0.65.0-rc.3 - 2021-07-23
  • 0.65.0-rc.2 - 2021-06-18
  • 0.65.0-rc.1 - 2021-06-17
  • 0.65.0-rc.0 - 2021-06-09
  • 0.64.4 - 2022-11-07
  • 0.64.3 - 2021-11-04
  • 0.64.2 - 2021-06-03
  • 0.64.1 - 2021-05-05
  • 0.64.0 - 2021-03-12
  • 0.64.0-rc.4 - 2021-03-01
  • 0.64.0-rc.3 - 2021-02-05
  • 0.64.0-rc.2 - 2020-12-18
  • 0.64.0-rc.1 - 2020-11-25
  • 0.64.0-rc.0 - 2020-11-23
  • 0.63.5 - 2022-11-07
  • 0.63.4 - 2020-11-30
  • 0.63.3 - 2020-09-29
  • 0.63.2 - 2020-07-22
  • 0.63.1 - 2020-07-14
  • 0.63.0 - 2020-07-08
  • 0.63.0-rc.1 - 2020-05-04
  • 0.63.0-rc.0 - 2020-04-16
  • 0.62.3 - 2021-05-05
  • 0.62.2 - 2020-04-08
  • 0.62.1 - 2020-04-03
  • 0.62.0 - 2020-03-26
  • 0.62.0-rc.5 - 2020-03-07
  • 0.62.0-rc.4 - 2020-03-06
  • 0.62.0-rc.3 - 2020-02-25
  • 0.62.0-rc.2 - 2020-02-13
  • 0.62.0-rc.1 - 2020-01-21
  • 0.62.0-rc.0 - 2019-12-18
  • 0.61.5 - 2019-11-23
  • 0.61.4 - 2019-11-04
  • 0.61.3 - 2019-10-29
  • 0.61.2 - 2019-10-02
  • 0.61.1 - 2019-09-25
  • 0.61.0 - 2019-09-24
  • 0.61.0-rc.3 - 2019-09-10
  • 0.61.0-rc.2 - 2019-09-04
  • 0.61.0-rc.0 - 2019-08-27
  • 0.60.6 - 2019-09-24
  • 0.60.5 - 2019-08-13
from react-native GitHub release notes
Commit messages
Package name: react-native
  • e0d92c6 [0.71.4] Bump version numbers
  • be199f8 [LOCAL] enforce iPhone 14 simulator on run ios E2E script
  • 291cc0a [LOCAL] Bump Hermes Version
  • 0f8d942 fix: conditional to include rn-tester and react-native-gradle-plugin in settings.gradle.kts (#36188)
  • 41a633d Do not use a mixture of plugins{} and buildscript{}
  • f4546bf [LOCAL] Bump hermes version
  • 56f2aa4 [LOCAL] update podlock
  • 2755f41 consume new RNGP patch
  • 3df4a79 bumping RNGP to new patch
  • 6c5088f Make FlatList permissive of ArrayLike data (#36236)
  • 267b31a Make it easier for users to build from source if needed (#36165)
  • cbaf4c8 RNGP - Fix defaults for PrivateReactExtension
  • f2bfe91 RNGP - ENTRY_FILE should resolve relative paths from root (#36193)
  • de512cd RNGP - Monorepo: Make sure libraries are honoring codegenDir provided by app (#36128)
  • d60da23 Expose `rrc_root` via prefab (#36166)
  • 67ea1f1 Fix incorrect touchable hitSlop and pressRetentionOffset type (#36065)
  • c92e98a Fix TouchableOpacity componentDidUpdate causing an excessive number of pending callbacks (#35387)
  • 4a0b11a Merge pull request #36323 from hoxyq/pick/fixing-ci-packages-bumping-scripts
  • 9c4d0a8 fix: update publishing packages tag message prefix (#36348)
  • 20a6fbd Update CLI to 10.2.0, Metro to 0.73.8
  • ac635f9 refactor(bump-all-updated-packages): use tag instead of custom commit name
  • 411491e fix: update executor for packages publishing workflow
  • d9321c0 [0.71.3] Bump version numbers
  • a3f205a [LOCAL] Bump codegen package

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant