search

bubble-dev / _

🍱 metarepo of many packages and various monorepos
52 stars 6 forks source link

♻️ update react-native to v0.64.1 [SECURITY] #513

Open renovate[bot] opened 3 years ago

renovate[bot] commented 3 years ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
react-native (changelog) 0.64.0 -> 0.64.1 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2020-1920

A regular expression denial of service (ReDoS) vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash. This was introduced in react-native version 0.59.0 and fixed in version 0.64.1.

Release Notes

facebook/react-native ### [`v0.64.1`](https://togithub.com/facebook/react-native/releases/tag/v0.64.1) [Compare Source](https://togithub.com/facebook/react-native/compare/v0.64.0...v0.64.1) This patch release is specifically targetted towards fixing iOS build problems in Xcode 12.5. If it doesn't help, please refer to [this issue](https://togithub.com/facebook/react-native/issues/31480). Aside from bumping your version from 0.64.0 to 0.64.1, please check your podfile.lock and make sure that Flipper is on 0.75 or higher, and Flipper-Folly is 2.5.3 or higher; if not, add this line to your podfile (or modify it if you already had it): use_flipper!('Flipper' => '0.75.1', 'Flipper-Folly' => '2.5.3', 'Flipper-RSocket' => '1.3.1') After which, do all the classic necessary cleans (node_modules, caches, pod folders, etc)([react-native-clean-project](https://togithub.com/pmadruga/react-native-clean-project) is your ally) then do `yarn install` and a `pod install --repo-update` (if pod install fails on an error about a Flipper package, just remove the relevant lines from the podfile.lock and run the pod install again). The only other commit picked & released along the Xcode 12.5 fixes is: - Update validateBaseUrl to use latest regex ([commit](https://togithub.com/facebook/react-native/commit/ca09ae82715e33c9ac77b3fa55495cf84ba891c7)) which fixes CVE-2020-1920, GHSL-2020-293. *** You can participate in the conversation on the status of this release at [this issue](https://togithub.com/react-native-community/releases/issues/224). *** To help you upgrade to this version, you can use the [upgrade helper](https://react-native-community.github.io/upgrade-helper/) ⚛️ *** You can find the whole [changelog history](https://togithub.com/react-native-community/react-native-releases/blob/master/CHANGELOG.md) over at `react-native-releases`.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Mend Renovate. View repository job log here.

renovate[bot] commented 1 year ago

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.