search

microsoft / react-native-code-push

React Native module for CodePush
http://appcenter.ms
Other
8.98k stars 1.47k forks source link

Bump SSZipArchive from 2.2.2 to 2.5.4, resolving Arbitrary File Write via Archive Extraction #2528

Closed TheSolly closed 9 months ago

TheSolly commented 1 year ago

Hi! πŸ‘‹

Firstly, thanks for your work on this project! πŸ™‚

Today I used patch-package to patch react-native-code-push@8.0.2 for the project I'm working on.

Here is the diff that solved my problem:

diff --git a/node_modules/react-native-code-push/CodePush.podspec b/node_modules/react-native-code-push/CodePush.podspec
index d20c4f4..30d9ff2 100644
--- a/node_modules/react-native-code-push/CodePush.podspec
+++ b/node_modules/react-native-code-push/CodePush.podspec
@@ -21,7 +21,7 @@ Pod::Spec.new do |s|
   # we explicitly let CocoaPods pull in the versions below so all dependencies are resolved and 
   # linked properly at a parent workspace level.
   s.dependency 'React-Core'
-  s.dependency 'SSZipArchive', '~> 2.2.2'
+  s.dependency 'SSZipArchive', '~> 2.5.4'
   s.dependency 'JWT', '~> 3.0.0-beta.12'
   s.dependency 'Base64', '~> 1.1'
 end

This issue body was partially generated by patch-package.

microsoft-github-policy-service[bot] commented 1 year ago

This issue has been automatically marked as stale because it has not had any activity for 60 days. It will be closed if no further activity occurs within 15 days of this comment.

microsoft-github-policy-service[bot] commented 1 year ago

This issue has been automatically marked as stale because it has not had any activity for 60 days. It will be closed if no further activity occurs within 15 days of this comment.

kg-currenxie commented 10 months ago

Same issue here. 6 months later... image

microsoft-github-policy-service[bot] commented 9 months ago

This issue will now be closed because it hasn't had any activity for 15 days after stale. Please feel free to open a new issue if you still have a question/issue or suggestion.