search

titanscouting / red-alliance-mobile

Red Alliance App in React
2 stars 5 forks source link

[Snyk] Upgrade @react-navigation/native from 5.8.9 to 5.9.3 #114

Closed snyk-bot closed 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to upgrade @react-navigation/native from 5.8.9 to 5.9.3.

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Prototype Pollution
SNYK-JS-Y18N-1021887		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-UAPARSERJS-1023599		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Command Injection
SNYK-JS-LODASH-1040724		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Prototype Pollution
SNYK-JS-INI-1048974		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Insufficient Validation
SNYK-JS-ELECTRON-1070014		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Use After Free
SNYK-JS-ELECTRON-1064561		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Use After Free
SNYK-JS-ELECTRON-1064558		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Out-of-bounds Read
SNYK-JS-ELECTRON-1051000		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Use After Free
SNYK-JS-ELECTRON-1050999		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Insufficient Validation
SNYK-JS-ELECTRON-1050882		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Use After Free
SNYK-JS-ELECTRON-1050424		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Use After Free
SNYK-JS-ELECTRON-1049547		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Improper Input Validation
SNYK-JS-ELECTRON-1049323		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Improper Access Control
SNYK-JS-ELECTRON-1049321		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Heap-based Buffer Overflow
SNYK-JS-ELECTRON-1048693		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Improper Validation
SNYK-JS-ELECTRON-1047306		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Mature
Use After Free
SNYK-JS-ELECTRON-1041745		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Mature
Regular Expression Denial of Service (ReDoS)
SNYK-JS-UAPARSERJS-1072471		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Use After Free
SNYK-JS-ELECTRON-1070015		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Information Exposure
SNYK-JS-ELECTRON-1065981		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Improper Input Validation
SNYK-JS-ELECTRON-1064555		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Information Exposure
SNYK-JS-ELECTRON-1050427		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-COLORSTRING-1082939		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: @react-navigation/native
  • 5.9.3 - 2021-02-21
  • 5.9.2 - 2021-01-22
  • 5.9.1 - 2021-01-21
  • 5.9.0 - 2021-01-14
  • 5.8.10 - 2020-11-20
  • 5.8.9 - 2020-11-10
from @react-navigation/native GitHub release notes
Commit messages
Package name: @react-navigation/native
  • 7b353a4 chore: publish
  • 3728390 fix: fix getId being called for incorrect routes. closes #9343
  • a8342aa fix: address breaking change in react-native for Linking
  • 860adbf chore: publish
  • 38d6808 fix: fix transparent modal on web
  • cae115f chore: publish
  • 87b5147 fix: fix drawer screen content not being interactable on Android
  • b1b2118 chore: publish
  • 60fe0db fix: fix pointerEvents in ResourceSavingScene
  • bb294b1 chore: publish
  • 4ca2d2d fix: normalize prefix when parsing. fixes #9081
  • 35747a6 chore: publish
  • bae4019 feat: add pressColor and pressOpacity props to drawerItem (#8834)
  • d3a9639 fix: fix StackRouter incorrectly handling invalid route if key is present
  • d88cbcb fix: fix drawer and bottom tabs not being visible on web. closes #9225
  • dc7e876 chore: publish
  • 1e21561 chore: wrap example list in SafeAreaView
  • dd87fa4 fix: enable detachInactiveScreens by default on web for better a11y
  • 09f0ebb chore: update Reactiflux instructions
  • 9633c4d feat: export TransitionPreset for custom TransitionPresets (#9173)
  • 28fac3e chore: set displayName for LinkingContext (#9202)
  • a8b8c27 chore: set displayName for ThemeContext (#9201)
  • b19f76b feat: add a way to specify an unique ID for screens
  • 365a2ad chore: format MaterialBottomTabView.tsx
Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs