Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade react-native from 0.60.5 to 0.72.3 #1291

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

mdfkbtc
Copy link
Owner

@mdfkbtc mdfkbtc commented Aug 2, 2023

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade react-native from 0.60.5 to 0.72.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 154 versions ahead of your current version.
  • The recommended version was released 21 days ago, on 2023-07-12.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Prototype Pollution
SNYK-JS-ASYNC-2441827
482/1000
Why? Proof of Concept exploit, CVSS 7.5
Proof of Concept
Remote Code Execution (RCE)
SNYK-JS-SHELLQUOTE-1766506
482/1000
Why? Proof of Concept exploit, CVSS 7.5
No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-REACTNATIVE-1298632
482/1000
Why? Proof of Concept exploit, CVSS 7.5
No Known Exploit
Arbitrary File Overwrite
SNYK-JS-TAR-1536528
482/1000
Why? Proof of Concept exploit, CVSS 7.5
No Known Exploit
Arbitrary File Overwrite
SNYK-JS-TAR-1536531
482/1000
Why? Proof of Concept exploit, CVSS 7.5
No Known Exploit
Arbitrary File Write
SNYK-JS-TAR-1579147
482/1000
Why? Proof of Concept exploit, CVSS 7.5
No Known Exploit
Arbitrary File Write
SNYK-JS-TAR-1579152
482/1000
Why? Proof of Concept exploit, CVSS 7.5
No Known Exploit
Arbitrary File Write
SNYK-JS-TAR-1579155
482/1000
Why? Proof of Concept exploit, CVSS 7.5
No Known Exploit
Prototype Pollution
SNYK-JS-UNSETVALUE-2400660
482/1000
Why? Proof of Concept exploit, CVSS 7.5
No Known Exploit
Remote Code Execution (RCE)
SNYK-JS-LOGKITTY-568763
482/1000
Why? Proof of Concept exploit, CVSS 7.5
Proof of Concept
Prototype Pollution
SNYK-JS-HAPIHOEK-548452
482/1000
Why? Proof of Concept exploit, CVSS 7.5
No Known Exploit
Prototype Pollution
SNYK-JS-JSON5-3182856
482/1000
Why? Proof of Concept exploit, CVSS 7.5
Proof of Concept
Denial of Service (DoS)
npm:mem:20180117
482/1000
Why? Proof of Concept exploit, CVSS 7.5
No Known Exploit
Command Injection
SNYK-JS-NODENOTIFIER-1035794
482/1000
Why? Proof of Concept exploit, CVSS 7.5
No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-WS-1296835
482/1000
Why? Proof of Concept exploit, CVSS 7.5
Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-WS-1296835
482/1000
Why? Proof of Concept exploit, CVSS 7.5
Proof of Concept
Exposure of Resource to Wrong Sphere
SNYK-JS-FSEVENTS-5487987
482/1000
Why? Proof of Concept exploit, CVSS 7.5
Mature
Regular Expression Denial of Service (ReDoS)
SNYK-JS-TAR-1536758
482/1000
Why? Proof of Concept exploit, CVSS 7.5
No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: react-native
  • 0.72.3 - 2023-07-12

    Fixed

    iOS specific


    You can participate in the conversation on the status of this release in this discussion.


    To help you upgrade to this version, you can use the upgrade helper ⚛️


    You can find the whole changelog history in the changelog.md file.

  • 0.72.2 - 2023-07-11

    Changed

    Android specific

    iOS specific

    Fixed

    • global.performance in undefined when starting metro from Expo CLI (0ccbd65581 by @ Kudo)
    • Re-enabled debugging for debug builds (41477c898c by Matt Blagden)
    • Add global hook to assert that base Metro config is called (29f2602ff9 by @ huntie)

    Android specific

    iOS specific

    • Fix build error when there are multiple EXTRA_COMPILER_ARGS (28f4ebab8a by @ fergusean)
    • Build failure with pnpm and use_frameworks! due to incorrect header paths (58adc5e4b9 by evelant)
    • Fix onChangeText not firing when clearing the value of TextInput with multiline=true on iOS (0c9c57a9f7 by @ kkoudev)
    • Fix pod install for libraries using Swift code when the new architecture is enabled (a4a0655496 by @ louiszawadzki)

    ⚠️ we are aware of an issue with building iOS apps with Xcode 14.2, please refer to this issue for more details and updates.


    You can participate in the conversation on the status of this release in this discussion.


    To help you upgrade to this version, you can use the upgrade helper ⚛️


    You can find the whole changelog history in the changelog.md file.

  • 0.72.1 - 2023-06-29

    Added

    iOS specific

    Changed

    • react-native/metro-config now includes all base config values from metro-config (bbcedd385b by @ huntie)
    • Bump CLI to 11.3.3 (da84901f78 by @ kelset)
    • Bumped @ react-native/metro-config to 0.72.7, @ react-native/gradle-plugin to 0.72.11, @ react-native/virtualized-lists to 0.72.6 (95db9f98f2 by @ kelset)

    Fixed

    • react-native/virtualized-lists does not need react-test-renderer at runtime (7a2a3278d0 by @ tido64)

    Android specific

    iOS specific


    You can participate in the conversation on the status of this release in this discussion.


    To help you upgrade to this version, you can use the upgrade helper ⚛️


    You can find the whole changelog history in the changelog.md file.

  • 0.72.0 - 2023-06-21

    🎉 0.72 stable is out 🎉

    This release includes over 1100 commits from 70+ contributors! Thank you to all our contributors new and old!

    See the highlights of the release in our release blog post.


    You can participate in the conversation on the status of this release in this discussion.


    To help you upgrade to this version, you can use the upgrade helper ⚛️


    You can find the whole changelog history in the changelog.md file.

  • 0.72.0-rc.6 - 2023-06-13
  • 0.72.0-rc.5 - 2023-06-01
  • 0.72.0-rc.4 - 2023-05-31
  • 0.72.0-rc.3 - 2023-05-11
  • 0.72.0-rc.2 - 2023-05-04
  • 0.72.0-rc.1 - 2023-04-05
  • 0.72.0-rc.0 - 2023-03-20
  • 0.71.12 - 2023-07-04

    Fixed

    Android specific

    iOS specific


    You can participate in the conversation on the status of this release in this discussion.


    To help you upgrade to this version, you can use the upgrade helper ⚛️


    You can find the whole changelog history in the changelog.md file.

  • 0.71.11 - 2023-06-14
  • 0.71.10 - 2023-06-07
  • 0.71.9 - 2023-06-07
  • 0.71.8 - 2023-05-10
  • 0.71.7 - 2023-04-19
  • 0.71.6 - 2023-04-03
  • 0.71.5 - 2023-03-29
  • 0.71.4 - 2023-03-08
  • 0.71.3 - 2023-02-14
  • 0.71.2 - 2023-02-01
  • 0.71.1 - 2023-01-19
  • 0.71.0 - 2023-01-12
  • 0.71.0-rc.6 - 2023-01-09
  • 0.71.0-rc.5 - 2022-12-19
  • 0.71.0-rc.4 - 2022-12-14
  • 0.71.0-rc.3 - 2022-11-30
  • 0.71.0-rc.2 - 2022-11-24
  • 0.71.0-rc.1 - 2022-11-23
  • 0.71.0-rc.0 - 2022-11-04
  • 0.70.13 - 2023-07-28

    Fixed


    You can participate in the conversation on the status of this release in this discussion.


    To help you upgrade to this version, you can use the upgrade helper ⚛️


    You can find the whole changelog history in the changelog.md file.

  • 0.70.12 - 2023-07-05

    Fixed

    iOS specific


    You can participate in the conversation on the status of this release in this discussion.


    To help you upgrade to this version, you can use the upgrade helper ⚛️


    You can find the whole changelog history in the changelog.md file.

  • 0.70.11 - 2023-07-04

    Changed


    You can participate in the conversation on the status of this release in this discussion


    To help you upgrade to this version, you can use the upgrade helper ⚛️


    You can find the whole changelog history in the changelog.md file.

  • 0.70.10 - 2023-06-08
  • 0.70.9 - 2023-04-19
  • 0.70.8 - 2023-04-04
  • 0.70.7 - 2023-01-31
  • 0.70.6 - 2022-11-15
  • 0.70.5 - 2022-11-06
  • 0.70.4 - 2022-10-25
  • 0.70.3 - 2022-10-12
  • 0.70.2 - 2022-10-04
  • 0.70.1 - 2022-09-15
  • 0.70.0 - 2022-09-05
  • 0.70.0-rc.4 - 2022-08-22
  • 0.70.0-rc.3 - 2022-08-15
  • 0.70.0-rc.2 - 2022-08-04
  • 0.70.0-rc.1 - 2022-07-28
  • 0.70.0-rc.0 - 2022-07-15
  • 0.69.12 - 2023-07-04

    Changed

    iOS specific

    Fixed

    Android specific


    0.69.12 is the latest patch the Release Crew will prepare for version 0.69. You can have a look at the latest discussion.


    To help you upgrade to this version, you can use the upgrade helper ⚛️


    You can find the whole changelog history in the changelog.md file.

  • 0.69.11 - 2023-06-08
  • 0.69.10 - 2023-04-25
  • 0.69.9 - 2023-04-04
  • 0.69.8 - 2023-01-30
  • 0.69.7 - 2022-11-06
  • 0.69.6 - 2022-09-27
  • 0.69.5 - 2022-08-25
  • 0.69.4 - 2022-08-08
  • 0.69.3 - 2022-07-25
  • 0.69.2 - 2022-07-20
  • 0.69.1 - 2022-06-29
  • 0.69.0 - 2022-06-22
  • 0.69.0-rc.6 - 2022-06-01
  • 0.69.0-rc.5 - 2022-05-31
  • 0.69.0-rc.4 - 2022-05-31
  • 0.69.0-rc.3 - 2022-05-24
  • 0.69.0-rc.2 - 2022-05-20
  • 0.69.0-rc.1 - 2022-05-11
  • 0.69.0-rc.0 - 2022-04-28
  • 0.68.7 - 2023-04-26
  • 0.68.6 - 2023-01-30
  • 0.68.5 - 2022-11-06
  • 0.68.4 - 2022-10-10
  • 0.68.3 - 2022-08-08
  • 0.68.2 - 2022-05-09
  • 0.68.1 - 2022-04-13
  • 0.68.0 - 2022-03-30
  • 0.68.0-rc.4 - 2022-03-25
  • 0.68.0-rc.3 - 2022-03-17
  • 0.68.0-rc.2 - 2022-02-24
  • 0.68.0-rc.1 - 2022-02-03
  • 0.68.0-rc.0 - 2022-01-28
  • 0.67.5 - 2022-11-06
  • 0.67.4 - 2022-03-18
  • 0.67.3 - 2022-02-22
  • 0.67.2 - 2022-01-31
  • 0.67.1 - 2022-01-20
  • 0.67.0 - 2022-01-18
  • 0.67.0-rc.6 - 2021-12-14
  • 0.67.0-rc.5 - 2021-12-06
  • 0.67.0-rc.4 - 2021-11-30
  • 0.67.0-rc.3 - 2021-11-05
  • 0.67.0-rc.2 - 2021-10-25
  • 0.67.0-rc.1 - 2021-10-22
  • 0.67.0-rc.0 - 2021-10-16
  • 0.66.5 - 2022-11-06
  • 0.66.4 - 2021-12-09
  • 0.66.3 - 2021-11-10
  • 0.66.2 - 2021-11-04
  • 0.66.1 - 2021-10-15
  • 0.66.0 - 2021-10-01
  • 0.66.0-rc.4 - 2021-09-24
  • 0.66.0-rc.3 - 2021-09-17
  • 0.66.0-rc.2 - 2021-09-10
  • 0.66.0-rc.1 - 2021-09-01
  • 0.66.0-rc.0 - 2021-08-27
  • 0.65.3 - 2022-11-06
  • 0.65.2 - 2021-11-04
  • 0.65.1 - 2021-08-19
  • 0.65.0 - 2021-08-17
  • 0.65.0-rc.4 - 2021-08-11
  • 0.65.0-rc.3 - 2021-07-23
  • 0.65.0-rc.2 - 2021-06-18
  • 0.65.0-rc.1 - 2021-06-17
  • 0.65.0-rc.0 - 2021-06-09
  • 0.64.4 - 2022-11-07
  • 0.64.3 - 2021-11-04
  • 0.64.2 - 2021-06-03
  • 0.64.1 - 2021-05-05
  • 0.64.0 - 2021-03-12
  • 0.64.0-rc.4 - 2021-03-01
  • 0.64.0-rc.3 - 2021-02-05
  • 0.64.0-rc.2 - 2020-12-18
  • 0.64.0-rc.1 - 2020-11-25
  • 0.64.0-rc.0 - 2020-11-23
  • 0.63.5 - 2022-11-07
  • 0.63.4 - 2020-11-30
  • 0.63.3 - 2020-09-29
  • 0.63.2 - 2020-07-22
  • 0.63.1 - 2020-07-14
  • 0.63.0 - 2020-07-08
  • 0.63.0-rc.1 - 2020-05-04
  • 0.63.0-rc.0 - 2020-04-16
  • 0.62.3 - 2021-05-05
  • 0.62.2 - 2020-04-08
  • 0.62.1 - 2020-04-03
  • 0.62.0 - 2020-03-26
  • 0.62.0-rc.5 - 2020-03-07
  • 0.62.0-rc.4 - 2020-03-06
  • 0.62.0-rc.3 - 2020-02-25
  • 0.62.0-rc.2 - 2020-02-13
  • 0.62.0-rc.1 - 2020-01-21
  • 0.62.0-rc.0 - 2019-12-18
  • 0.61.5 - 2019-11-23
  • 0.61.4 - 2019-11-04
  • 0.61.3 - 2019-10-29
  • 0.61.2 - 2019-10-02
  • 0.61.1 - 2019-09-25
  • 0.61.0 - 2019-09-24
  • 0.61.0-rc.3 - 2019-09-10
  • 0.61.0-rc.2 - 2019-09-04
  • 0.61.0-rc.0 - 2019-08-27
  • 0.60.6 - 2019-09-24
  • 0.60.5 - 2019-08-13
from react-native GitHub release notes
Commit messages
Package name: react-native
  • 24b6820 [0.72.3] Bump version numbers
  • 8f41f25 Revert "Fix pod install for swift libs using new arch (#38121)"
  • b95c87d [0.72.2] Bump version numbers
  • 63f78ea [LOCAL] remove stub types from dependencies
  • 839091b Revert "[LOCAL] fix the metro-config version or it will pick the wrong one on CI"
  • 73ca044 [LOCAL] fix the metro-config version or it will pick the wrong one on CI
  • f373861 bumped packages versions
  • ba5fa9c [LOCAL] bump CLI to 11.3.5 and Metro do 0.76.7
  • 9781850 Restore envinfo for test_windows (#38062)
  • 21daa6e bumped packages versions
  • 4704497 Update when view are added to the ViewRegistry (#38223)
  • 1683b12 add InitializeCore in getModulesRunBeforeMainModule (#38207)
  • e163a13 fix: repairs $EXTRA_COMPILER_ARGS error with multiple args (#38147)
  • ee8d5e0 Compile hermes-engine with -DHERMES_ENABLE_DEBUGGER=False on Release (#38212)
  • fe2964a Fix build failure on iOS with pnpm and use_frameworks! (#38158)
  • 965169f Enable debugging in debug build (#38205)
  • 0759422 Fix onChangeText not firing when clearing the value of TextInput with multiline=true on iOS (#37958)
  • 914db09 Disable nstextstorage_caching in OSS (#38129)
  • 7a4ae79 Fix pod install for swift libs using new arch (#38121)
  • e250676 Add global hook to assert that base Metro config is called (#38126)
  • 03b9b52 Remove okhttp internal util usage (#37843)
  • a46a7cd Prevent crash in runAnimationStep on OnePlus and Oppo devices (#37487)
  • d73b61c Do not create RuntimeExecutor on non-JSI executors (#38125) (#38142)
  • e22bd7f [LOCAL] update podlock

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants