search

software-mansion / react-native-reanimated

React Native's Animated library reimplemented
https://docs.swmansion.com/react-native-reanimated/
MIT License
8.59k stars 1.26k forks source link

Security issues #6166

Closed badredaha closed 2 days ago

badredaha commented 5 days ago

Description

Hi,

We use Snyk as a security SAST. When the scan is finished, the report show us:

com.google.protobuf:protobuf-java and io.netty:netty-codec-http2 as dependencies need to be updated to avoid a Denial of Service (DoS) attack.

I use reanimated 3.11 should update to the latest ?

Steps to reproduce

scan with Snyk tools ( a security SAST tools)

Snack or a link to a repository

https://myoungit.com

Reanimated version

3.11.0

React Native version

0.73.6

Platforms

Android

JavaScript runtime

Hermes

Workflow

React Native

Architecture

Paper (Old Architecture)

Build type

Debug app & dev bundle

Device

None

Device model

No response

Acknowledgements

Yes

github-actions[bot] commented 5 days ago

Hey! 👋

The issue doesn't seem to contain a minimal reproduction.

Could you provide a snack or a link to a GitHub repository under your username that reproduces the problem?

szydlovsky commented 5 days ago

@badredaha do we really need these dependencies updated? We are not using them directly (might be dependencies of our dependencies), but Reanimated has nothing to do with networking.