search

leantechnologies / link-sdk-react-native

LinkSDK for React Native
MIT License
5 stars 6 forks source link

[Snyk] Upgrade react-native from 0.71.7 to 0.72.6 #70

Closed leanSecurityBot closed 6 months ago

leanSecurityBot commented 9 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade react-native from 0.71.7 to 0.72.6.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **21 versions** ahead of your current version. - The recommended version was released **a month ago**, on 2023-10-12. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity :-------------------------:|:-------------------------|-------------------------|:------------------------- | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-FASTXMLPARSER-5668858](https://snyk.io/vuln/SNYK-JS-FASTXMLPARSER-5668858) | **124/1000**
**Why?** Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00044, Social Trends: No, Days since published: 168, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.06, Score Version: V5 | No Known Exploit | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-SEMVER-3247795](https://snyk.io/vuln/SNYK-JS-SEMVER-3247795) | **124/1000**
**Why?** Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00044, Social Trends: No, Days since published: 168, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.06, Score Version: V5 | Proof of Concept | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-SEMVER-3247795](https://snyk.io/vuln/SNYK-JS-SEMVER-3247795) | **124/1000**
**Why?** Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00044, Social Trends: No, Days since published: 168, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.06, Score Version: V5 | Proof of Concept | Prototype Pollution
[SNYK-JS-UNSETVALUE-2400660](https://snyk.io/vuln/SNYK-JS-UNSETVALUE-2400660) | **124/1000**
**Why?** Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00044, Social Trends: No, Days since published: 168, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.06, Score Version: V5 | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: react-native
  • 0.72.6 - 2023-10-12

    Fixed

    • Fix a potential bug in EventEmitter when used with certain Babel configurations that incorrectly polyfill the spread operator for iterables (9b3bd63723 by @ yungsters)

    iOS specific

    You can participate in the conversation on the status of this release in this discussion

    To help you upgrade to this version, you can use the upgrade helper ⚛️

    You can find the whole changelog history in the changelog.md file.

  • 0.72.5 - 2023-09-25
  • 0.72.4 - 2023-08-14
  • 0.72.3 - 2023-07-12
  • 0.72.2 - 2023-07-11
  • 0.72.1 - 2023-06-29
  • 0.72.0 - 2023-06-21
  • 0.72.0-rc.6 - 2023-06-13
  • 0.72.0-rc.5 - 2023-06-01
  • 0.72.0-rc.4 - 2023-05-31
  • 0.72.0-rc.3 - 2023-05-11
  • 0.72.0-rc.2 - 2023-05-04
  • 0.72.0-rc.1 - 2023-04-05
  • 0.72.0-rc.0 - 2023-03-20
  • 0.71.14 - 2023-10-12

    Fixed

    iOS specific

    You can participate in the conversation on the status of this release in this discussion.

    To help you upgrade to this version, you can use the upgrade helper ⚛️

    You can find the whole changelog history in the changelog.md file.

  • 0.71.13 - 2023-08-22
  • 0.71.12 - 2023-07-04
  • 0.71.11 - 2023-06-14
  • 0.71.10 - 2023-06-07
  • 0.71.9 - 2023-06-07
  • 0.71.8 - 2023-05-10
  • 0.71.7 - 2023-04-19
from react-native GitHub release notes
Commit messages
Package name: react-native
  • 4fd3da2 [0.72.6] Bump version numbers
  • 6e3a130 [Local] Fix CI for 0.72, with Acitve Support and Xcode15 (#40855)
  • 9b3bd63 RN: Switch EventEmitter to `Array.from(...)` (#39525)
  • 785f91b Fix Gemfile, setting Active support to < 7.1.0 (#39828)
  • 355025d Update Xcode 15 patches to be more robust (#39710)
  • 3c4cc59 Move hermes-engine.podspec and hermes-utils.rb from hermes-engine to hermes folders when building (#39575)
  • 1e38d4d [0.72.5] Bump version numbers
  • 2a041cb Add ld_classic flag to Hermes when building for Xcode 15 (#39516)
  • 8ccdb2c Fix Xcode 15 RC issues (#39474)
  • a5e110a Bump IPHONEOS_DEPLOYMENT_TARGET to 13.4 for 3rd party pods (#39478)
  • f6fd6b8 【iOS】Fix timer background state when App is launched from background (#39347)
  • 4da9914 bumped packages versions
  • 6f02d55 Bump CLI to 11.3.7 (#39280)
  • a8ec20d Allow RCTBundleURLProvider to request an inline source map (#37878) (#39033)
  • f77e9af Fix building Android on Windows (#39190)
  • e9eca07 Revert "Fix build failure on iOS with pnpm and use_frameworks! (#38158)" (#39177)
  • 66441e7 A fix in Codegen for Windows build host (#36542)
  • 05d36d9 Guard `JSGlobalContextSetInspectable` behind a compile time check for Xcode 14.3+ (#39037)
  • 26b49f9 Adjust RawPropsPropNameLength's type to account for increased number of props (#39008)
  • 7aeadbc Fix null crash when using maintainVisibleContentPosition on Android (#38891)
  • 1794832 Re-enable direct debugging with JSC on iOS 16.4+ (#37914)
  • ef8ac7a chore(releases): improve bump oss script to allow less human errors (72 edition) (#38888)
  • 33fc55d Add scripts and pipeline to poll for maven (#38980)
  • ff27568 [0.72.4] Bump version numbers
Compare
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/justice-league-link-sdk-squad/project/e44d8ce2-f4fb-4ffa-8dd7-aac3d14979a5?utm_source=github-enterprise&utm_medium=referral&page=upgrade-pr) 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/justice-league-link-sdk-squad/project/e44d8ce2-f4fb-4ffa-8dd7-aac3d14979a5/settings/integration?utm_source=github-enterprise&utm_medium=referral&page=upgrade-pr) 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/justice-league-link-sdk-squad/project/e44d8ce2-f4fb-4ffa-8dd7-aac3d14979a5/settings/integration?pkg=react-native&utm_source=github-enterprise&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)