This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
#### Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
⚠️ Warning
```
Failed to update the package-lock.json, please update manually before merging.
```
#### Vulnerabilities that will be fixed
##### With an upgrade:
Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity
:-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------
 | **823/1000** **Why?** Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.6 | Server-side Request Forgery (SSRF) [SNYK-JS-IP-6240864](https://snyk.io/vuln/SNYK-JS-IP-6240864) | No | Proof of Concept
(*) Note that the real score may have changed since the PR was raised.
Commit messagesPackage name: react-native
The new version differs by 43 commits.
74ba411 fix(xcode): backport Xcode 14.3 fix to 69 (#36767)
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project.
------------
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.*
For more information:
🧐 [View latest project report](https://app.snyk.io/org/laijackylai/project/de052458-cf36-4be9-ba29-f2fdba0f0952?utm_source=github&utm_medium=referral&page=fix-pr)
🛠 [Adjust project settings](https://app.snyk.io/org/laijackylai/project/de052458-cf36-4be9-ba29-f2fdba0f0952?utm_source=github&utm_medium=referral&page=fix-pr/settings)
📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities)
[//]: # (snyk:metadata:{"prId":"07cf2c15-2a9b-4816-ae1f-83d1c94452bf","prPublicId":"07cf2c15-2a9b-4816-ae1f-83d1c94452bf","dependencies":[{"name":"react-native","from":"0.69.4","to":"0.69.12"}],"packageManager":"npm","projectPublicId":"de052458-cf36-4be9-ba29-f2fdba0f0952","projectUrl":"https://app.snyk.io/org/laijackylai/project/de052458-cf36-4be9-ba29-f2fdba0f0952?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-IP-6240864"],"upgrade":["SNYK-JS-IP-6240864"],"isBreakingChange":false,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","pr-warning-shown","priorityScore"],"priorityScoreList":[823],"remediationStrategy":"vuln"})
---
**Learn how to fix vulnerabilities with free interactive lessons:**
🦉 [Server-side Request Forgery (SSRF)](https://learn.snyk.io/lesson/ssrf-server-side-request-forgery/?loc=fix-pr)
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json⚠️ Warning
``` Failed to update the package-lock.json, please update manually before merging. ```**Why?** Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.6 | Server-side Request Forgery (SSRF)
[SNYK-JS-IP-6240864](https://snyk.io/vuln/SNYK-JS-IP-6240864) | No | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: react-native
The new version differs by 43 commits.- 5883b0b [0.69.12] Bump version numbers
- 4db7a10 Prevent crash in runAnimationStep on OnePlus and Oppo devices (#37487)
- 56807fa [0.69] Bump CLI to ^8.0.7, Metro to 0.70.4 (#38180)
- 367fc7a [0.69] Use `Content-Location` header in bundle response as JS source URL (#37501) (#38179)
- 2407776 [0.69.11] Bump version numbers
- 37e8df1 [LOCAL] Make 0.69 compatible with Xcode 15 (thanks to @ AlexanderEggers for the commit in main)
- 4f52bbc [LOCAL] checkout code for hermesc linux in an empty folder
- 0cfdcb0 [LOCAL] Manually port back the version dependent hermesc for linux and windows
- 4906002 Revert "Make CircleCI caches for hermesc be version dependent (#37452)"
- b959dbd Make CircleCI caches for hermesc be version dependent (#37452)
- 8b9f371 [0.69.10] Bump version numbers
- 4979381 Fix test e2e script (#37081)
- 5834cea Merge pull request #37000 from facebook/kelset/attempt-3-backporting-textinput-fixes
- deb7cda Minimize EditText Spans 8/9: CustomStyleSpan (#36577)
- 4b9b203 Minimize EditText Spans 7/9: Avoid temp list (#36576)
- 64eeb81 Minimize EditText Spans 6/9: letterSpacing (#36548)
- 44a96ac Minimize EditText Spans 5/9: Strikethrough and Underline (#36544)
- ab6be34 Minimize EditText Spans 4/9: ReactForegroundColorSpan (#36545)
- e7e2556 Minimize EditText Spans 3/9: ReactBackgroundColorSpan (#36547)
- 7374892 Minimize EditText Spans 2/9: Make stripAttributeEquivalentSpans generic (#36546)
- ee2d815 Minimize EditText Spans 1/9: Fix precedence (#36543)
- 0bcf293 Fix measurement of uncontrolled TextInput after edit
- f4f3aa3 [0.69.9] Bump version numbers
- 74ba411 fix(xcode): backport Xcode 14.3 fix to 69 (#36767)
See the full diff