[Snyk] Upgrade react-native-gesture-handler from 1.8.0 to 1.9.0

[devksingh4]

Snyk has created this PR to upgrade react-native-gesture-handler from 1.8.0 to 1.9.0.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 1 version ahead of your current version.
• The recommended version was released 2 months ago, on 2020-11-23.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-1023599	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-INI-1048974	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Out-of-bounds Read SNYK-JS-ELECTRON-1051000	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-1050999	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Insufficient Validation SNYK-JS-ELECTRON-1050882	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-1049547	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Improper Input Validation SNYK-JS-ELECTRON-1049323	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Improper Access Control SNYK-JS-ELECTRON-1049321	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Heap-based Buffer Overflow SNYK-JS-ELECTRON-1048693	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-1041745	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Mature
	Information Exposure SNYK-JS-ELECTRON-1050427	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: react-native-gesture-handler

• 1.9.0 - 2020-11-23
  

  This release mainly fixes problems with hitslop property and web implementation, adds two-finger scrolling on iPadOS, adds tap sound on touchables, and improves TS typings.

  🐛 Bug fixes

  • Fix GestureHandler isWithinBounds top hitslop (#1202) by @ eeynard
  • Fix destructuring ref.props on the web (#1220) by @ hosseinmd

  👍 Improvements

  • make PressGestureHandler web implementation to pass along the move event and fix the propTypes issue (#1098) by @ connectdotz
  • Support RN headers in both namespaces on iOS (#1183) by @ grit96
  • fix: move Swipeable and DrawerLayout type definition (#955) by @ Naturalclar
  • Fix typings for enums (#1055) by @ iyegoroff
  • Allow two finger touchpad scrolling on iPadOS (#1128) by @ robertherber and @ jakub-gonet
  • Allow minDurationMs=0 in LongPressGestureHandler (#1216) by @ jacobp100
  • Add sound to Touchables on Android (#1172) by @ jakub-gonet

  🔢 Miscellaneous

  • Update docs to 0.63 (#1185) by @ jakub-gonet
  • Add note about onGestureEvent in docs (#1189) by @ jakub-gonet
  • Fix Xcode 12 compatibility (#1193) by @ radko93
  • Update Detox and XCode CI version to 12 (#1191) by @ jakub-gonet
  • Add fbjs as dependency (#1226) by @ jakub-gonet
  • Fix wrong github link (#1229) by @ sunnylqm
  • Fix broken link in docs (#1230) by @ hehex9

  🙌 Thank you for your contributions!

• 1.8.0 - 2020-09-03
  

  In this release, we fixed some long-standing threading issues which were crashing apps integrated with RNGH. Additionally,MAX_POINTERS_COUNT has been increased to support devices that handle up to 12 simultaneous touches.

  🐛 Bug fixes

  • Fix threading issue in RNGestureHandlerStateChangeEvent (#1171) by @ jakub-gonet
  • Fix thread safety of RNGestureHandlerModule methods (#1173) by @ jakub-gonet

  👍 Improvements

  • Increase MAX_POINTERS_COUNT to 12 (#1175) by @ jakub-gonet

  🔢 Miscellaneous

  • Update README.md (#1141) by @ jakub-gonet
  • Fix installation and documentation links (#1144) by @ kaueDM
  • Fix expo links in docs (#1145) by @ jakub-gonet
  • Add issue templates (#1165) by @ jakub-gonet
  • Upgrade hoist-non-react-statics to 3.3+ (#995) by @ davidgovea
  • Removed website directory (#1174) by @ jakub-gonet
  • Remove unused PointerEvents* enums (#1177) by @ jakub-gonet
  • Fix RNGestureHandlerManager to use explicit imports (#1160) by @ PeteTheHeat
  • Update yarn.lock, remove fsevents resolutions, add release-it (#1140) by @ jakub-gonet

  🙌 Thank you for your contributions!

from react-native-gesture-handler GitHub release notes

Commit messages

Package name: react-native-gesture-handler

• fa96bb0 Release 1.9.0 (#1233)
• 6070a36 Add sound to Touchables on Android (#1172)
• 19cddc5 Allow minDurationMs=0 in LongPressGestureHandler (#1216)
• 196782c Fix destructuring `ref.props` on the web (#1220)
• bba5e90 Fix broken link in docs (#1230)
• 2fb54e4 Fix wrong github link (#1229)
• b8f0c8e Allow two finger touchpad scrolling on iPadOS (#1128)
• 1fc98b6 Add fbjs as dependency (#1226)
• 7564162 Fix typings for enums (#1055)
• 8cffaca Update Detox and XCode CI version to 12 (#1191)
• f77326d fix: move Swipeable and DrawerLayout type definition (#955)
• a94d065 Fix Xcode 12 compatibility (#1193)
• e6f1164 Fix GestureHandler isWithinBounds top hitslop (#1202)
• 0f96ac3 Support RN headers in both namespaces on iOS (#1183)
• 7edb337 make PressGestureHandler web implementation to pass along the move event and fix the propTypes issue (#1098)
• b19c218 Add note about `onGestureEvent` in docs (#1189)
• 3639523 Update docs to 0.63 (#1185)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs