[Snyk] Upgrade react-native from 0.60.5 to 0.71.6 #1160

mdfkbtc · 2023-05-02T18:42:16Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade react-native from 0.60.5 to 0.71.6.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 131 versions ahead of your current version.
The recommended version was released a month ago, on 2023-04-03.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Prototype Pollution SNYK-JS-ASYNC-2441827	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-REACTNATIVE-1298632	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536528	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536531	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579152	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579155	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Remote Code Execution (RCE) SNYK-JS-LOGKITTY-568763	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Arbitrary File Write SNYK-JS-TAR-1579147	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-HAPIHOEK-548452	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Prototype Pollution SNYK-JS-JSON5-3182856	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Denial of Service (DoS) npm:mem:20180117	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Command Injection SNYK-JS-NODENOTIFIER-1035794	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Exposure of Resource to Wrong Sphere SNYK-JS-FSEVENTS-5487987	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Mature

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: react-native

0.71.6 - 2023-04-03
Fixed

iOS specific
- Fix React Codegen podspec to build on Xcode 14.3 (0010c3807d by @ cipolleschi)
You can participate in the conversation on the status of this release in this discussion.

To help you upgrade to this version, you can use the upgrade helper ⚛️

You can find the whole changelog history in the changelog.md file.
0.71.5 - 2023-03-29
Changed
- Bump CLI to 10.2.2 and Metro to 0.73.9 (4c3bc24893 by @ kelset), contains:
  - CLI fix: correctly list ios devices and simulators (relevant PR)
  - Metro fix: fix watching contents of new directories in NodeWatcher (ab86982 by @ robhogan)
Android specific
- Bump react-native-gradle-plugin to 0.71.17 (bf490d379f by @ kelset), contains:
  - Fix patch for codegen for 0.71 (ec3681143e by @ kelset)
iOS specific
- Remove ruby-version from 0.71 (1d22e29146 by @ cipolleschi)
Fixed

Android specific
- Fix race condition in ReadableNativeMap (9aac13d by @ rshest)
iOS specific
- Give precedence to textContentType property for backwards compat as mentioned in #36229 (comment) (c0abff11b6 by @ lunaleaps)
- Blob data is no longer prematurely deallocated when using blob.slice (36cc71ab36 by @ awinograd)
You can participate in the conversation on the status of this release in this discussion.

To help you upgrade to this version, you can use the upgrade helper ⚛️

You can find the whole changelog history in the changelog.md file.
0.71.4 - 2023-03-08
0.71.3 - 2023-02-14
0.71.2 - 2023-02-01
0.71.1 - 2023-01-19
0.71.0 - 2023-01-12
0.71.0-rc.6 - 2023-01-09
0.71.0-rc.5 - 2022-12-19
0.71.0-rc.4 - 2022-12-14
0.71.0-rc.3 - 2022-11-30
0.71.0-rc.2 - 2022-11-24
0.71.0-rc.1 - 2022-11-23
0.71.0-rc.0 - 2022-11-04
0.70.9 - 2023-04-19
This release is primarily aimed at addressing issues with ANRs using multiline TextInput on Samsung devices (#35936, #35590).

Changed
- Update Hermes to hermes-2023-04-13-RNv0.70.8-c9b539bf3d7bfa4143ff1a5751886c7b2dd728a2 (7b1441730b), contains:
  - Remove register stack size override in hermes.cpp (03f2df)
  - Increase default max stack size (1b759f4)
Fixed

Android specific
- Resolved bug with Text components in new arch losing text alignment state. (31a8e92cad by @ javache)
- Mimimize EditText Spans 9/9: Remove addSpansForMeasurement() (92b8981499 by @ NickGerleman)
- Minimize EditText Spans 8/N: CustomStyleSpan (b384bb613b by @ NickGerleman)
- Minimize EditText Spans 6/N: letterSpacing (5791cf1f7b by @ NickGerleman)
- Minimize Spans 5/N: Strikethrough and Underline (0869ea29db by @ NickGerleman)
- Minimize Spans 4/N: ReactForegroundColorSpan (8c9c8ba5ad by @ NickGerleman)
- Minimize Spans 3/N: ReactBackgroundColorSpan (cc0ba57ea4 by @ NickGerleman)
- Minimize Spans 1/N: Fix precedence (1743dd7ab4 by @ NickGerleman)
- Fix measurement of uncontrolled TextInput after edit (8a0fe30591 by @ NickGerleman)
iOS specific
- Address Hermes performance regression (1df92c6 by @ kelset)
You can participate in the conversation on the status of this release in this discussion.

To help you upgrade to this version, you can use the upgrade helper ⚛️

You can find the whole changelog history in the changelog.md file.
0.70.8 - 2023-04-04
Changed

iOS specific
- Relax Ruby requirements (e3a5fbe72f by @ cipolleschi)
Fixed

iOS specific
- Fix React Codegen podspec to build on Xcode 14.3 (34f3794f18 by @ cipolleschi)
- Blob data is no longer prematurely deallocated when using blob.slice (36cc71ab36 by @ awinograd)
You can participate in the conversation on the status of this release in this discussion.

To help you upgrade to this version, you can use the upgrade helper ⚛️

You can find the whole changelog history in the changelog.md file.
0.70.7 - 2023-01-31
0.70.6 - 2022-11-15
0.70.5 - 2022-11-06
0.70.4 - 2022-10-25
0.70.3 - 2022-10-12
0.70.2 - 2022-10-04
0.70.1 - 2022-09-15
0.70.0 - 2022-09-05
0.70.0-rc.4 - 2022-08-22
0.70.0-rc.3 - 2022-08-15
0.70.0-rc.2 - 2022-08-04
0.70.0-rc.1 - 2022-07-28
0.70.0-rc.0 - 2022-07-15
0.69.10 - 2023-04-25
This release is primarily aimed at addressing issues with ANRs using multiline TextInput on Samsung devices (#35936, #35590).

Fixed

Android specific
- Minimize EditText Spans 8/N: CustomStyleSpan (b384bb613b by @ NickGerleman)
- Minimize EditText Spans 6/N: letterSpacing (5791cf1f7b by @ NickGerleman)
- Minimize Spans 5/N: Strikethrough and Underline (0869ea29db by @ NickGerleman)
- Minimize Spans 4/N: ReactForegroundColorSpan (8c9c8ba5ad by @ NickGerleman)
- Minimize Spans 3/N: ReactBackgroundColorSpan (cc0ba57ea4 by @ NickGerleman)
- Minimize Spans 1/N: Fix precedence (1743dd7ab4 by @ NickGerleman)
- Fix measurement of uncontrolled TextInput after edit (8a0fe30591 by @ NickGerleman)
You can participate in the conversation on the status of this release in this discussion.

To help you upgrade to this version, you can use the upgrade helper ⚛️

You can find the whole changelog history in the changelog.md file.
0.69.9 - 2023-04-04
Changed

iOS specific
- Relax Ruby requirements (4e015c69d6 by @ cipolleschi)
Fixed

iOS specific
- Fix React Codegen podspec to build on Xcode 14.3 (74ba411b55 by @ cipolleschi)
- Blob data is no longer prematurely deallocated when using blob.slice (36cc71ab36 by @ awinograd)
You can participate in the conversation on the status of this release in this discussion.

To help you upgrade to this version, you can use the upgrade helper ⚛️

You can find the whole changelog history in the changelog.md file.
0.69.8 - 2023-01-30
0.69.7 - 2022-11-06
0.69.6 - 2022-09-27
0.69.5 - 2022-08-25
0.69.4 - 2022-08-08
0.69.3 - 2022-07-25
0.69.2 - 2022-07-20
0.69.1 - 2022-06-29
0.69.0 - 2022-06-22
0.69.0-rc.6 - 2022-06-01
0.69.0-rc.5 - 2022-05-31
0.69.0-rc.4 - 2022-05-31
0.69.0-rc.3 - 2022-05-24
0.69.0-rc.2 - 2022-05-20
0.69.0-rc.1 - 2022-05-11
0.69.0-rc.0 - 2022-04-28
0.68.7 - 2023-04-26
🚨 IMPORTANT: This is an exceptional release on an unsupported version. We recommend you upgrade to one of the supported versions, listed here.

Hotfix

This release is primarily aimed at addressing issues with ANRs using multiline TextInput on Samsung devices (#35936, #35590).

Fixed
- Use logical operator instead of bit operation in Yoga (c3ad8 by @ cuva)
Android specific
- Minimize EditText Spans 8/N: CustomStyleSpan (b384bb613b by @ NickGerleman)
- Minimize EditText Spans 6/N: letterSpacing (5791cf1f7b by @ NickGerleman)
- Minimize Spans 5/N: Strikethrough and Underline (0869ea29db by @ NickGerleman)
- Minimize Spans 4/N: ReactForegroundColorSpan (8c9c8ba5ad by @ NickGerleman)
- Minimize Spans 3/N: ReactBackgroundColorSpan (cc0ba57ea4 by @ NickGerleman)
- Minimize Spans 1/N: Fix precedence (1743dd7ab4 by @ NickGerleman)
- Fix measurement of uncontrolled TextInput after edit (8a0fe30591 by @ NickGerleman)
You can find the whole changelog history in the changelog.md file.
0.68.6 - 2023-01-30
0.68.5 - 2022-11-06
0.68.4 - 2022-10-10
0.68.3 - 2022-08-08
0.68.2 - 2022-05-09
0.68.1 - 2022-04-13
0.68.0 - 2022-03-30
0.68.0-rc.4 - 2022-03-25
0.68.0-rc.3 - 2022-03-17
0.68.0-rc.2 - 2022-02-24
0.68.0-rc.1 - 2022-02-03
0.68.0-rc.0 - 2022-01-28
0.67.5 - 2022-11-06
0.67.4 - 2022-03-18
0.67.3 - 2022-02-22
0.67.2 - 2022-01-31
0.67.1 - 2022-01-20
0.67.0 - 2022-01-18
0.67.0-rc.6 - 2021-12-14
0.67.0-rc.5 - 2021-12-06
0.67.0-rc.4 - 2021-11-30
0.67.0-rc.3 - 2021-11-05
0.67.0-rc.2 - 2021-10-25
0.67.0-rc.1 - 2021-10-22
0.67.0-rc.0 - 2021-10-16
0.66.5 - 2022-11-06
0.66.4 - 2021-12-09
0.66.3 - 2021-11-10
0.66.2 - 2021-11-04
0.66.1 - 2021-10-15
0.66.0 - 2021-10-01
0.66.0-rc.4 - 2021-09-24
0.66.0-rc.3 - 2021-09-17
0.66.0-rc.2 - 2021-09-10
0.66.0-rc.1 - 2021-09-01
0.66.0-rc.0 - 2021-08-27
0.65.3 - 2022-11-06
0.65.2 - 2021-11-04
0.65.1 - 2021-08-19
0.65.0 - 2021-08-17
0.65.0-rc.4 - 2021-08-11
0.65.0-rc.3 - 2021-07-23
0.65.0-rc.2 - 2021-06-18
0.65.0-rc.1 - 2021-06-17
0.65.0-rc.0 - 2021-06-09
0.64.4 - 2022-11-07
0.64.3 - 2021-11-04
0.64.2 - 2021-06-03
0.64.1 - 2021-05-05
0.64.0 - 2021-03-12
0.64.0-rc.4 - 2021-03-01
0.64.0-rc.3 - 2021-02-05
0.64.0-rc.2 - 2020-12-18
0.64.0-rc.1 - 2020-11-25
0.64.0-rc.0 - 2020-11-23
0.63.5 - 2022-11-07
0.63.4 - 2020-11-30
0.63.3 - 2020-09-29
0.63.2 - 2020-07-22
0.63.1 - 2020-07-14
0.63.0 - 2020-07-08
0.63.0-rc.1 - 2020-05-04
0.63.0-rc.0 - 2020-04-16
0.62.3 - 2021-05-05
0.62.2 - 2020-04-08
0.62.1 - 2020-04-03
0.62.0 - 2020-03-26
0.62.0-rc.5 - 2020-03-07
0.62.0-rc.4 - 2020-03-06
0.62.0-rc.3 - 2020-02-25
0.62.0-rc.2 - 2020-02-13
0.62.0-rc.1 - 2020-01-21
0.62.0-rc.0 - 2019-12-18
0.61.5 - 2019-11-23
0.61.4 - 2019-11-04
0.61.3 - 2019-10-29
0.61.2 - 2019-10-02
0.61.1 - 2019-09-25
0.61.0 - 2019-09-24
0.61.0-rc.3 - 2019-09-10
0.61.0-rc.2 - 2019-09-04
0.61.0-rc.0 - 2019-08-27
0.60.6 - 2019-09-24
0.60.5 - 2019-08-13

from react-native GitHub release notes

Commit messages

Package name: react-native

030ab8e [0.71.6] Bump version numbers
509f8f2 [LOCAL] fix definition of local mock for ruby test
0010c38 fix(xcode): backport Xcode 14.3 fix to 71 (#36769)
5162e0b Use packaged react-native in test-e2e-local script (#36703)
e137040 [LOCAL] update rntester podlock post 0.71.5 release
1d282da [0.71.5] Bump version numbers
e492858 [LOCAL] update snapshot test to fix CI
98f346b [LOCAL] update post 0.71.4 release
bf490d3 [LOCAL] bump RNGP to 0.71.17
8c20bb7 bumped packages versions
4c3bc24 [LOCAL] bump CLI to 10.2.2 and Metro to 0.73.9
ec36811 [LOCAL] fix patch for codegen for 0.71
0d3c70b Fix race condition in ReadableNativeMap (#36201)
a413e3e Precedent textContentType when set
96dc2c1 Prevent native blob resource from being de-allocated prematurely (#31392)
7488e9a Add option to commit with generic message (#36421)
1d22e29 chore: Remove ruby-version from 0.71 (#36423)
e0d92c6 [0.71.4] Bump version numbers
be199f8 [LOCAL] enforce iPhone 14 simulator on run ios E2E script
291cc0a [LOCAL] Bump Hermes Version
0f8d942 fix: conditional to include rn-tester and react-native-gradle-plugin in settings.gradle.kts (#36188)
41a633d Do not use a mixture of plugins{} and buildscript{}
f4546bf [LOCAL] Bump hermes version
56f2aa4 [LOCAL] update podlock

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade react-native from 0.60.5 to 0.71.6. See this package in npm: https://www.npmjs.com/package/react-native See this project in Snyk: https://app.snyk.io/org/mdfkbtc/project/a2088718-36c2-4867-a45b-42143012aac0?utm_source=github&utm_medium=referral&page=upgrade-pr

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade react-native from 0.60.5 to 0.71.6 #1160

[Snyk] Upgrade react-native from 0.60.5 to 0.71.6 #1160

mdfkbtc commented May 2, 2023

Fixed

iOS specific

Changed

Android specific

iOS specific

Fixed

Android specific

iOS specific

Changed

Fixed

Android specific

iOS specific

Changed

iOS specific

Fixed

iOS specific

Fixed

Android specific

Changed

iOS specific

Fixed

iOS specific

Hotfix

Fixed

Android specific

[Snyk] Upgrade react-native from 0.60.5 to 0.71.6 #1160

Are you sure you want to change the base?

[Snyk] Upgrade react-native from 0.60.5 to 0.71.6 #1160

Conversation

mdfkbtc commented May 2, 2023

Snyk has created this PR to upgrade react-native from 0.60.5 to 0.71.6.

Fixed

iOS specific

Changed

Android specific

iOS specific

Fixed

Android specific

iOS specific

Changed

Fixed

Android specific

iOS specific

Changed

iOS specific

Fixed

iOS specific

Fixed

Android specific

Changed

iOS specific

Fixed

iOS specific

Hotfix

Fixed

Android specific