search

mernjs / create-mern-app

Create MERN App provides a simple file and folder structure that you can easily customize to fit your project requirements.
https://mernjs.github.io/create-mern-app
MIT License
123 stars 13 forks source link

[Snyk] Security upgrade expo from 47.0.14 to 51.0.0 #77

Closed mernjs closed 5 months ago

mernjs commented 6 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - templates/app/react-native-boilerplate/package.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-SEMVER-3247795](https://snyk.io/vuln/SNYK-JS-SEMVER-3247795) | Yes | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: expo The new version differs by 250 commits.
  • 2975b6d Publish packages
  • 7995f30 Publish packages
  • 2b6c5cb [docs] Fix Image blurhash syntax in placeholder prop
  • a5cd2f4 [template] Add privacy_file_aggregation_enabled to the correct place
  • 4d8aaab [template] Add missing comma
  • 14ff547 [packages] Commit build files
  • 9a1f53f [build-properties] Add field to enable/disable privacy manifest aggregation (#28646)
  • 19f4c9a chore(cli): bump canary to support React 19 beta (#28592)
  • 6d629fd feature(expo-build-properties): add `ios.ccacheEnabled` option to enable c++ compiler cache (#28638)
  • 87efd0c Add additional config flag to allow forcing RTL on LTR locales (#28129)
  • 9c8b6d4 [core][Android] Remove Kotlin warnings (#28629)
  • 9782fb3 [core][Android] Add the method name to unexpected exception (#28626)
  • 338477c [video][Android] Remove Kotlin warnings (#28628)
  • 2ec644a [device][Android] Replace deprecated method to get rotation (#28627)
  • 46dc5b3 [docs] Update new arch guide to account for fixed navigation issue
  • 6df141b [docs] Fix `zulu` installation command for SDK 49 and below (#28612)
  • 393ca27 [docs] Improve example in Use Bun guide (#28615)
  • b142541 [iOS] Make it easier to use the new architecture in bare-expo (#28616)
  • 1fcceda [core][Android] Make `defaultAppContextMock` private (#28620)
  • 0adb5e6 [docs] show "Unversioned" API version in PR previews (#28588)
  • 72fd8e2 [expo-go] Remove unused queries and overfetched fields (#28619)
  • f57dfd1 [templates] Update to latest [skip ci]
  • 2d80ee3 Publish packages
  • a8060e8 Publish packages
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: šŸ§ [View latest project report](https://app.snyk.io/org/create-mern-app/project/caa46737-c49e-4ab5-a73b-b0b4cdbacf59?utm_source=github&utm_medium=referral&page=fix-pr) šŸ›  [Adjust project settings](https://app.snyk.io/org/create-mern-app/project/caa46737-c49e-4ab5-a73b-b0b4cdbacf59?utm_source=github&utm_medium=referral&page=fix-pr/settings) šŸ“š [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"df52a071-1d62-49c2-bbd9-816d609d707e","prPublicId":"df52a071-1d62-49c2-bbd9-816d609d707e","dependencies":[{"name":"expo","from":"47.0.14","to":"51.0.0"}],"packageManager":"npm","projectPublicId":"caa46737-c49e-4ab5-a73b-b0b4cdbacf59","projectUrl":"https://app.snyk.io/org/create-mern-app/project/caa46737-c49e-4ab5-a73b-b0b4cdbacf59?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-SEMVER-3247795"],"upgrade":["SNYK-JS-SEMVER-3247795"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore"],"priorityScoreList":[696],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** šŸ¦‰ [Regular Expression Denial of Service (ReDoS)](https://learn.snyk.io/lesson/redos/?loc=fix-pr)
vercel[bot] commented 6 months ago

The latest updates on your projects. Learn more about Vercel for Git ā†—ļøŽ

Name Status Preview Comments Updated (UTC)
create-mern-app-gatsbyjs āœ… Ready (Inspect) Visit Preview šŸ’¬ Add feedback May 7, 2024 9:47pm
create-mern-app-nextjs āœ… Ready (Inspect) Visit Preview šŸ’¬ Add feedback May 7, 2024 9:47pm
create-mern-app-reactjs āœ… Ready (Inspect) Visit Preview šŸ’¬ Add feedback May 7, 2024 9:47pm