Closed narin closed 4 months ago
Approved although AC
All security alerts moderate or higher are gone
technically is not true I don't think, but the lingering one of
NPM IP package vulnerable to Server-Side Request Forgery (SSRF) attacks High
is also present on the flagship app repo which was made public.
Ticket #142
Description of Change
Updated all dependencies with the exception of 5 RN packages required for Expo 50 compatibility.
yarn upgrade-interactive
semver@^7.5.3
to overrides to resolve dependabot security alertTesting Packages
0.6.1-alpha.0
Screenshots/Video
iOS
https://github.com/department-of-veterans-affairs/va-mobile-library/assets/786704/a0231c1f-9531-47c2-98a0-1de392946a85
Android
https://github.com/department-of-veterans-affairs/va-mobile-library/assets/786704/d1a10c12-99ec-46b4-be6f-92b26b4ff3fc
VA Mobile App
https://github.com/department-of-veterans-affairs/va-mobile-library/assets/786704/ab9b7150-391e-4957-96dd-f3e1ec0cf49b
Testing
PR Checklist
Code reviewer validation:
changelog
label applied if it's to be included in the changelogPublish
If changes warrant a new version per the versioning guidelines and the PR is approved and ready to merge:
main
into branchmain