search

parse-community / parse-react

[EXPERIMENTAL] React, React Native, and React with SSR (e.g. Next.js) packages to interact with Parse Server backend
https://parseplatform.org/
MIT License
70 stars 27 forks source link

Depends on old version of react-native cli with vulnerabilities in transitive dependencies #101

Open markxnelson opened 2 years ago

markxnelson commented 2 years ago

Hi,

I am trying to upgrade a project to react native 0.69.1, which depends on clii 8.0.2, but i am stuck with cli 5.0.1, which has dependencies with vulnerabilities, since parse/react-native is pulling it in.

Could you please update the deps to a newer version with no vulnerabilities? 

PS C:\Users\markx\AndroidStudioProjects\CloudBank\microservices-datadriven\cloudbank\cloudbank-react-native> npm list @react-native-community/cli
cloudbank@0.0.1 C:\Users\markx\AndroidStudioProjects\CloudBank\microservices-datadriven\cloudbank\cloudbank-react-native
├─┬ @parse/react-native@0.0.1-alpha.18
│ └─┬ @react-native-async-storage/async-storage@1.15.4
│   └─┬ react-native@0.64.3
│     └── @react-native-community/cli@5.0.1
└─┬ react-native@0.69.1 invalid: "^0.0.0-0 || 0.60 - 0.68 || 1000.0.0" from node_modules/@react-native-async-storage/async-storage
  └── @react-native-community/cli@8.0.2