[Snyk] Upgrade react-native from 0.60.5 to 0.72.3 #1300
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade react-native from 0.60.5 to 0.72.3.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version fixes:
SNYK-JS-ASYNC-2441827
Why? Proof of Concept exploit, CVSS 7.5
SNYK-JS-SHELLQUOTE-1766506
Why? Proof of Concept exploit, CVSS 7.5
SNYK-JS-REACTNATIVE-1298632
Why? Proof of Concept exploit, CVSS 7.5
SNYK-JS-TAR-1536528
Why? Proof of Concept exploit, CVSS 7.5
SNYK-JS-TAR-1536531
Why? Proof of Concept exploit, CVSS 7.5
SNYK-JS-TAR-1579147
Why? Proof of Concept exploit, CVSS 7.5
SNYK-JS-TAR-1579152
Why? Proof of Concept exploit, CVSS 7.5
SNYK-JS-TAR-1579155
Why? Proof of Concept exploit, CVSS 7.5
SNYK-JS-UNSETVALUE-2400660
Why? Proof of Concept exploit, CVSS 7.5
SNYK-JS-LOGKITTY-568763
Why? Proof of Concept exploit, CVSS 7.5
SNYK-JS-HAPIHOEK-548452
Why? Proof of Concept exploit, CVSS 7.5
SNYK-JS-JSON5-3182856
Why? Proof of Concept exploit, CVSS 7.5
npm:mem:20180117
Why? Proof of Concept exploit, CVSS 7.5
SNYK-JS-NODENOTIFIER-1035794
Why? Proof of Concept exploit, CVSS 7.5
SNYK-JS-WS-1296835
Why? Proof of Concept exploit, CVSS 7.5
SNYK-JS-WS-1296835
Why? Proof of Concept exploit, CVSS 7.5
SNYK-JS-FSEVENTS-5487987
Why? Proof of Concept exploit, CVSS 7.5
SNYK-JS-TAR-1536758
Why? Proof of Concept exploit, CVSS 7.5
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: react-native
Fixed
iOS specific
You can participate in the conversation on the status of this release in this discussion.
To help you upgrade to this version, you can use the upgrade helper ⚛️
You can find the whole changelog history in the changelog.md file.
Changed
@ types/metro-config
from template (63f78ea8de by @ kelset)@ react-native/metro-config
to0.72.9
(21daa6e790, f37386176 by @ kelset)Android specific
iOS specific
Fixed
global.performance
in undefined when starting metro from Expo CLI (0ccbd65581 by @ Kudo)Android specific
iOS specific
You can participate in the conversation on the status of this release in this discussion.
To help you upgrade to this version, you can use the upgrade helper ⚛️
You can find the whole changelog history in the changelog.md file.
Added
iOS specific
Changed
react-native/metro-config
now includes all base config values frommetro-config
(bbcedd385b by @ huntie)@ react-native/metro-config
to0.72.7
,@ react-native/gradle-plugin
to0.72.11
,@ react-native/virtualized-lists
to0.72.6
(95db9f98f2 by @ kelset)Fixed
react-native/virtualized-lists
does not needreact-test-renderer
at runtime (7a2a3278d0 by @ tido64)Android specific
-Set kotlin.jvm.target.validation.mode=warning on user projects (10beefbbfa by @ cortinico)
iOS specific
pod install --project-directory=ios
failing (0b96bdcf32 by @ tido64)You can participate in the conversation on the status of this release in this discussion.
To help you upgrade to this version, you can use the upgrade helper ⚛️
You can find the whole changelog history in the changelog.md file.
🎉 0.72 stable is out 🎉
This release includes over 1100 commits from 70+ contributors! Thank you to all our contributors new and old!
See the highlights of the release in our release blog post.
You can participate in the conversation on the status of this release in this discussion.
To help you upgrade to this version, you can use the upgrade helper ⚛️
You can find the whole changelog history in the changelog.md file.
Fixed
Android specific
iOS specific
pod install --project-directory=ios
failing (fc1abe1d69 by @ tido64)You can participate in the conversation on the status of this release in this discussion.
To help you upgrade to this version, you can use the upgrade helper ⚛️
You can find the whole changelog history in the changelog.md file.
Fixed
You can participate in the conversation on the status of this release in this discussion.
To help you upgrade to this version, you can use the upgrade helper ⚛️
You can find the whole changelog history in the changelog.md file.
Fixed
iOS specific
Content-Location
header in bundle response as JS source URL (671ea383fe by @ robhogan) to address #36794You can participate in the conversation on the status of this release in this discussion.
To help you upgrade to this version, you can use the upgrade helper ⚛️
You can find the whole changelog history in the changelog.md file.
Changed
You can participate in the conversation on the status of this release in this discussion
To help you upgrade to this version, you can use the upgrade helper ⚛️
You can find the whole changelog history in the changelog.md file.
Changed
iOS specific
Content-Location
header in bundle response as JS source URL (#37501) (367fc7ad52 by @ robhogan)Fixed
Android specific
0.69.12 is the latest patch the Release Crew will prepare for version 0.69. You can have a look at the latest discussion.
To help you upgrade to this version, you can use the upgrade helper ⚛️
You can find the whole changelog history in the changelog.md file.
Commit messages
Package name: react-native
Compare
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs