search

expo / expo-cli

Tools for creating, running, and deploying universal Expo and React Native apps
https://docs.expo.io/workflow/expo-cli/
2.6k stars 477 forks source link

update semver to fix vulnerabilities #4777

Closed janpe closed 6 months ago

janpe commented 8 months ago

Why

Fix vulnerability with semver (https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795)

How

Update semver to > 7.5.3

closes expo/expo-webpack-integrations#20

AugustoAleGon commented 6 months ago

This should be merge soon.

janpe commented 6 months ago

@byCedric do you think this would be a reasonable thing to have merged?

byCedric commented 6 months ago

Hi @janpe! Yes, that seems reasonable, but only for webpack-config. Both xdl and expo-cli are currently deprecated and not maintained anymore.

We are also cleaning up this repository and moving some packages around, so I'll move your patch to the right location.

byCedric commented 6 months ago

Merged through https://github.com/expo/expo-webpack-integrations/pull/4