The Code Sentry scan reports code vulnerabilities - facebook/hermes

KanchanaNaikAmetek commented 1 month ago

Bug Description

We have scanned the React Native project using Code Sentry for code vulnerabilities. We found that some components used in the library have critical and high vulnerabilities. Could you please fix this issue and let us know how to proceed in this scenario? The release is being blocked due to the vulnerabilities detected.

You can find the vulnerabilities Id's mentioned in the screenshot

[ ] I have run gradle clean and confirmed this bug does not occur with JSC - done
[ ] The issue is reproducible with the latest version of React Native.

Hermes git revision (if applicable): 0.12.0 React Native version: "^0.72.6", OS: Platform (most likely one of arm64-v8a, armeabi-v7a, x86, x86_64):

Steps To Reproduce

Run the react native sample project using code sentry.

code example:

The Expected Behavior

It should not comes under the vulnerabilities list.

tmikov commented 1 month ago

I am sorry, I do not know what Code Sentry is and I do not really understand the question. What vulnerabilities? From what?

If there are things that need to be fixed, please be specific.

tmikov commented 3 weeks ago

Closing because of inactivity

facebook / hermes