search

meliorence / react-native-render-html

iOS/Android pure javascript react-native component that renders your HTML into 100% native views
https://meliorence.github.io/react-native-render-html/
BSD 2-Clause "Simplified" License
3.48k stars 589 forks source link

Fix for ReDoS vulnerability issue found in ramda@0.27.1 #543

Closed ap-shahar closed 2 years ago

ap-shahar commented 2 years ago

Hi! 👋

Firstly, thanks for your work on this project! 🙂

Today I used patch-package to patch react-native-render-html@6.3.0 for the project I'm working on.

We're trying to upgrade to the latest version of this package for a while now and were blocked by a volubility issue found on the package ramda@0.27.1 which is used by this package. Today this package got a new release 0.27.2 with the fix.

Here is the diff that solved my problem:

diff --git a/node_modules/react-native-render-html/package.json b/node_modules/react-native-render-html/package.json
index 3856cf6..e77b6a6 100644
--- a/node_modules/react-native-render-html/package.json
+++ b/node_modules/react-native-render-html/package.json
@@ -95,7 +95,7 @@
     "@types/ramda": "^0.27.40",
     "@types/urijs": "^1.19.15",
     "prop-types": "^15.5.7",
-    "ramda": "^0.27.1",
+    "ramda": "^0.27.2",
     "stringify-entities": "^3.1.0",
     "urijs": "^1.19.6"
   }

This issue body was partially generated by patch-package.

jsamr commented 2 years ago

Thank you! fixed in v6.3.2