[HOLD for payment 2022-10-12] [$250] Upgrade react-native-svg package to the latest version

[trjExpensify]

If you haven’t already, check out our contributing guidelines for onboarding and email contributors@expensify.com to request to join our Slack channel!

---

Snyk ID: SNYK-JS-NTHCHECK-1586032
Package: nth-check
Version: 1.0.2
Language: js
Date Introduced: 2022-07-04

Flo/Expensidev/App [main]  $ npm list nth-check                                                                                                                                                                                                                                    [18:34:14]
new.expensify@1.1.82-5 /Users/flo/Expensidev/App
├─┬ @svgr/webpack@5.5.0
│ └─┬ @svgr/plugin-svgo@5.5.0
│   └─┬ svgo@1.3.2
│     └─┬ css-select@2.1.0
│       └── nth-check@1.0.2  deduped
├─┬ html-webpack-plugin@4.5.0
│ └─┬ pretty-error@2.1.2
│   └─┬ renderkid@2.0.4
│     └─┬ css-select@1.2.0
│       └── nth-check@1.0.2  deduped
└─┬ react-native-svg@12.1.0
  └─┬ css-select@2.1.0
    └── nth-check@1.0.2 

(Internal reference) CC: @flodnv @joelbettner
Upwork job URL: https://www.upwork.com/jobs/~014e2ad669b286cdd1

For the proposal it would be good to see:

• A summary of breaking changes between our current version and the latest version
• A summary of any peer dependencies that need to be upgraded
• A list of which breaking changes (if any), affect us, and how to address those changes.

[melvin-bot]

Current assignee @trjExpensify is eligible for the External assigner, not assigning anyone new.

[melvin-bot]

Triggered auto assignment to @AndrewGable (Engineering), see https://stackoverflow.com/c/expensify/questions/4319 for more details.

[melvin-bot]

Triggered auto assignment to Contributor-plus team member for initial proposal review - @parasharrajat (Exported)

[melvin-bot]

Current assignee @AndrewGable is eligible for the Exported assigner, not assigning anyone new.

[mateusbra]

PROPOSAL

We need to upgrade the version of react-native-svg to the latest on package.json:

App/package.json

Line 105 in 28778a0

"react-native-svg": "^12.1.0",

to:

"react-native-svg": "^12.4.3",

I tested npm install and it worked fine, so I don't think we are going to have to update any peer deps.

[parasharrajat]

@mateusbra Looks good. These things need to be tested and verified on the PR.

1. A thorough check of the app where SVG's are used. Videos should be attached for the same.
2. Changelog.

cc: @AndrewGable

🎀 👀 🎀 C+ reviewed

[parasharrajat]

Bump @AndrewGable.

[AndrewGable]

Thanks for bump, looks good.

[melvin-bot]

📣 @mateusbra You have been assigned to this job by @AndrewGable!
Please apply to this job in Upwork and leave a comment on the Github issue letting us know when we can expect a PR to be ready for review 🧑‍💻
Keep in mind: Code of Conduct | Contributing 📖

[trjExpensify]

Sweet! @mateusbra & @parasharrajat can you both apply to the Upwork job here, please?

[parasharrajat]

@mateusbra When can we expect the PR?

[trjExpensify]

Waiting on some input from @AndrewGable - who's back on Monday!

[trjExpensify]

^^ no change since Friday melv, jeez!

[trjExpensify]

How can we get this one unblocked as it has stalled in review. @AndrewGable, are you able to take a look please?

[parasharrajat]

I need someone from the internal team to review the vulnerability status that we are trying to fix on that PR. I do not have access to Synk so I can't do that.

PR is looking good but there is no use for my approval if the PR does not serve the purpose for what it is created.

[AndrewGable]

The vulnerability fix is in nth-check versions <2.0.1 (mentioned here). Running the "list" command shows it's been updated to 2.1.1

andrew ➜ (upgrade-react-native-svg) App npm list nth-check
new.expensify@1.2.1-0 /Users/andrew/Expensidev/App
├─┬ @storybook/react@6.5.10
│ └─┬ @storybook/core@6.5.10
│   └─┬ @storybook/core-server@6.5.10
│     ├─┬ @storybook/builder-webpack4@6.5.10
│     │ └─┬ html-webpack-plugin@4.5.2
│     │   └─┬ pretty-error@2.1.2
│     │     └─┬ renderkid@2.0.7
│     │       └─┬ css-select@4.3.0
│     │         └── nth-check@2.1.1 deduped
│     └─┬ @storybook/manager-webpack4@6.5.10
│       └─┬ html-webpack-plugin@4.5.2
│         └─┬ pretty-error@2.1.2
│           └─┬ renderkid@2.0.7
│             └─┬ css-select@4.3.0
│               └── nth-check@2.1.1 deduped
├─┬ @svgr/webpack@5.5.0
│ └─┬ @svgr/plugin-svgo@5.5.0
│   └─┬ svgo@1.3.2
│     └─┬ css-select@2.1.0
│       └── nth-check@1.0.2
├─┬ html-webpack-plugin@5.5.0
│ └─┬ pretty-error@4.0.0
│   └─┬ renderkid@3.0.0
│     └─┬ css-select@4.3.0
│       └── nth-check@2.1.1 deduped
└─┬ react-native-svg@12.4.4
  └─┬ css-select@5.1.0
    └── nth-check@2.1.1

[parasharrajat]

Ok. Thanks

[melvin-bot]

@AndrewGable, @trjExpensify, @parasharrajat, @mateusbra Whoops! This issue is 2 days overdue. Let's get this updated quick!

[trjExpensify]

Not overdue, the PR has merged awaiting a deploy to prod.

[melvin-bot]

The solution for this issue has been 🚀 deployed to production 🚀 in version 1.2.11-4 and is now subject to a 7-day regression period 📆. Here is the list of pull requests that resolve this issue:

• upgrade react-native-svg version to 12.4.4 #10827

If no regressions arise, payment will be issued on 2022-10-12. 🎊

[AndrewGable]

Waiting payment

[trjExpensify]

Hm, that's annoying. I didn't think Upwork closed jobs with hires. 🤔

New job is here and I've sent offers to both @parasharrajat & @mateusbra.

[trjExpensify]

@mateusbra - paid!

[trjExpensify]

@parasharrajat - paid!