leantechnologies / link-sdk-react-native

LinkSDK for React Native
MIT License
5 stars 6 forks source link

[Snyk] Upgrade react-native from 0.71.7 to 0.72.4 #58

Closed leanBuildBot closed 11 months ago

leanBuildBot commented 1 year ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade react-native from 0.71.7 to 0.72.4.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **19 versions** ahead of your current version. - The recommended version was released **2 months ago**, on 2023-08-14. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity :-------------------------:|:-------------------------|-------------------------|:------------------------- | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-SEMVER-3247795](https://snyk.io/vuln/SNYK-JS-SEMVER-3247795) | **169/1000**
**Why?** Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00091, Social Trends: No, Days since published: 117, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.81, Score Version: V5 | Proof of Concept | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-FASTXMLPARSER-5668858](https://snyk.io/vuln/SNYK-JS-FASTXMLPARSER-5668858) | **169/1000**
**Why?** Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00091, Social Trends: No, Days since published: 117, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.81, Score Version: V5 | No Known Exploit | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-SEMVER-3247795](https://snyk.io/vuln/SNYK-JS-SEMVER-3247795) | **169/1000**
**Why?** Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00091, Social Trends: No, Days since published: 117, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.81, Score Version: V5 | Proof of Concept | Prototype Pollution
[SNYK-JS-UNSETVALUE-2400660](https://snyk.io/vuln/SNYK-JS-UNSETVALUE-2400660) | **169/1000**
**Why?** Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00091, Social Trends: No, Days since published: 117, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.81, Score Version: V5 | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: react-native
  • 0.72.4 - 2023-08-14

    Added

    Android specific

    • Native part of fixing ANR when having an inverted FlatList on android API 33+ (6d206a3f54 by @ hannojg)
    • For targeting SDK 34 - Added RECEIVER_EXPORTED/RECEIVER_NOT_EXPORTED flag support in DevSupportManagerBase (177d97d8ea by @ apuruni)

    Changed

    Fixed

    Android specific


    You can participate in the conversation on the status of this release in this discussion.


    To help you upgrade to this version, you can use the upgrade helper ⚛️


    You can find the whole changelog history in the changelog.md file.

  • 0.72.3 - 2023-07-12
  • 0.72.2 - 2023-07-11
  • 0.72.1 - 2023-06-29
  • 0.72.0 - 2023-06-21
  • 0.72.0-rc.6 - 2023-06-13
  • 0.72.0-rc.5 - 2023-06-01
  • 0.72.0-rc.4 - 2023-05-31
  • 0.72.0-rc.3 - 2023-05-11
  • 0.72.0-rc.2 - 2023-05-04
  • 0.72.0-rc.1 - 2023-04-05
  • 0.72.0-rc.0 - 2023-03-20
  • 0.71.14 - 2023-10-12

    Fixed

    iOS specific


    You can participate in the conversation on the status of this release in this discussion.


    To help you upgrade to this version, you can use the upgrade helper ⚛️


    You can find the whole changelog history in the changelog.md file.

  • 0.71.13 - 2023-08-22

    Added

    Android specific

    • For targeting SDK 34 - Added RECEIVER_EXPORTED/RECEIVER_NOT_EXPORTED flag support in DevSupportManagerBase (177d97d8ea by @ apuruni)

    iOS specific

    Fixed

    • Fix: mount devtools overlay only if react devtools are connected (b3c7a5d4cc by @ hoxyq)

    iOS specific

    • Fix onChangeText not firing when clearing the value of TextInput with multiline=true on iOS (0c9c57a9f7 by @ kkoudev)

    You can participate in the conversation on the status of this release in this discussion.


    To help you upgrade to this version, you can use the upgrade helper ⚛️


    You can find the whole changelog history in the changelog.md file.

  • 0.71.12 - 2023-07-04
  • 0.71.11 - 2023-06-14
  • 0.71.10 - 2023-06-07
  • 0.71.9 - 2023-06-07
  • 0.71.8 - 2023-05-10
  • 0.71.7 - 2023-04-19
from react-native GitHub release notes
Commit messages
Package name: react-native
  • ff27568 [0.72.4] Bump version numbers
  • fe804b8 bumped packages versions
  • c7073fd Change comment in @ react-native/metro-config to trigger a release bump
  • f3e7572 bumped packages versions
  • 9f79218 Reorder test imports in @ react-native/virtualized-lists to trigger a release bump
  • 768c960 Pass hitSlop prop into TextInput Pressability config (#38857)
  • 2f6c200 [LOCAL] Fix broken Android tests for 0.72 (#38926)
  • 40ea8ff Bump cli and metro (#38898)
  • 5f503b8 Restore checking shadow tree commit cancellation after commit hook execution (#38715)
  • 4f8c87c [LOCAL] Fabric Interop - Properly dispatch integer commands (#38527) (#38835)
  • 7aa8cd5 Fix missing Platform in VirtualizedList
  • e9ea926 Hermes bump for hermes-2023-08-07-RNv0.72.4-813b2def12bc9df026
  • 5b45e97 Remove option to paste rich text from Android EditText context menu (#38189)
  • a601b22 fix: Correctly assign the `hermes-engine` pod tag when installing pods from a different folder (#38754)
  • 3350dd8 Fix Android ScrollView not responding to Keyboard events when nested inside a KeyboardAvoidingView (#38728)
  • 7aed30a Fabric Interop - Also normalize direct events (#38352)
  • e4429fa Add workaround fix for #35350 (#38073)
  • 22c9739 Add workaround for android API 33 ANR when inverting ScrollView (#38071)
  • 3cf94df For targeting SDK 34 - Added RECEIVER_EXPORTED/RECEIVER_NOT_EXPORTED flag support in DevSupportManagerBase (#38256)
  • 938bd78 Allow string `transform` style in TypeScript (#37569)
  • e907337 Add enterKeyHint in TextInput type declaration (#37624)
  • a3cfdf0 Bump CLI to 11.3.6 (#38778)
  • 03187b6 fix[AppContainer]: mount react devtools overlay only when devtools are attached (#38785)
  • 79c4ec1 [LOCAL] Port CircleCI Artifact downloads to speed up release testing to 0.72 (#38553)
Compare

**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/justice-league-link-sdk-squad/project/e44d8ce2-f4fb-4ffa-8dd7-aac3d14979a5?utm_source=github-enterprise&utm_medium=referral&page=upgrade-pr) 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/justice-league-link-sdk-squad/project/e44d8ce2-f4fb-4ffa-8dd7-aac3d14979a5/settings/integration?utm_source=github-enterprise&utm_medium=referral&page=upgrade-pr) 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/justice-league-link-sdk-squad/project/e44d8ce2-f4fb-4ffa-8dd7-aac3d14979a5/settings/integration?pkg=react-native&utm_source=github-enterprise&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)