The package react-native-reanimated before 2.10.0 is vulnerable to Regular Expression Denial of Service (ReDoS) due to improper usage of regular expression in the parser of Colors.js.
Release Notes
software-mansion/react-native-reanimated
### [`v2.10.0`](https://togithub.com/software-mansion/react-native-reanimated/releases/tag/2.10.0)
[Compare Source](https://togithub.com/software-mansion/react-native-reanimated/compare/2.9.1...2.10.0)
### 🚀 Main changes
- Added [`useAnimatedKeyboard()`](https://docs.swmansion.com/react-native-reanimated/docs/next/api/hooks/useAnimatedKeyboard/) hook
- Added [`useFrameCallback()`](https://docs.swmansion.com/react-native-reanimated/docs/next/api/hooks/useFrameCallback/) hook
- Added support for React Native 0.70
- Added support for react-native-v8 (building from source only)
- Detect multiple versions of Reanimated.
- And many different fixes.
Build: https://github.com/software-mansion/react-native-reanimated/actions/runs/2889631689
**Full Changelog**: https://github.com/software-mansion/react-native-reanimated/compare/2.9.1...2.10.0
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
~2.9.1
->~2.10.0
GitHub Vulnerability Alerts
CVE-2022-24373
The package react-native-reanimated before 2.10.0 is vulnerable to Regular Expression Denial of Service (ReDoS) due to improper usage of regular expression in the parser of Colors.js.
Release Notes
software-mansion/react-native-reanimated
### [`v2.10.0`](https://togithub.com/software-mansion/react-native-reanimated/releases/tag/2.10.0) [Compare Source](https://togithub.com/software-mansion/react-native-reanimated/compare/2.9.1...2.10.0) ### 🚀 Main changes - Added [`useAnimatedKeyboard()`](https://docs.swmansion.com/react-native-reanimated/docs/next/api/hooks/useAnimatedKeyboard/) hook - Added [`useFrameCallback()`](https://docs.swmansion.com/react-native-reanimated/docs/next/api/hooks/useFrameCallback/) hook - Added support for React Native 0.70 - Added support for react-native-v8 (building from source only) - Detect multiple versions of Reanimated. - And many different fixes. Build: https://github.com/software-mansion/react-native-reanimated/actions/runs/2889631689 **Full Changelog**: https://github.com/software-mansion/react-native-reanimated/compare/2.9.1...2.10.0Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.