[Snyk] Upgrade react-native from 0.63.3 to 0.71.8 #1069

snyk-bot · 2023-06-01T22:11:02Z

Snyk has created this PR to upgrade react-native from 0.63.3 to 0.71.8.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 107 versions ahead of your current version.
The recommended version was released 22 days ago, on 2023-05-10.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Use After Free SNYK-JS-HERMESENGINE-1309667	569/1000 Why? Has a fix available, CVSS 7.1	No Known Exploit
Out-of-Bounds SNYK-JS-HERMESENGINE-1727253	569/1000 Why? Has a fix available, CVSS 7.1	No Known Exploit
Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	569/1000 Why? Has a fix available, CVSS 7.1	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-REACTNATIVE-1298632	569/1000 Why? Has a fix available, CVSS 7.1	No Known Exploit
Cross-site Scripting (XSS) SNYK-JS-HERMESENGINE-1015406	569/1000 Why? Has a fix available, CVSS 7.1	No Known Exploit
Denial of Service (DoS) SNYK-JS-HERMESENGINE-2342071	569/1000 Why? Has a fix available, CVSS 7.1	No Known Exploit
Prototype Pollution SNYK-JS-HERMESENGINE-608850	569/1000 Why? Has a fix available, CVSS 7.1	No Known Exploit
Denial of Service (DoS) SNYK-JS-HERMESENGINE-629268	569/1000 Why? Has a fix available, CVSS 7.1	No Known Exploit
Out-of-Bounds SNYK-JS-HERMESENGINE-629748	569/1000 Why? Has a fix available, CVSS 7.1	No Known Exploit
Information Exposure SNYK-JS-NODEFETCH-2342118	569/1000 Why? Has a fix available, CVSS 7.1	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	569/1000 Why? Has a fix available, CVSS 7.1	Proof of Concept
Denial of Service SNYK-JS-NODEFETCH-674311	569/1000 Why? Has a fix available, CVSS 7.1	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: react-native

0.71.8 - 2023-05-10
Fixed

Android specific
- Read GROUP name in gradle-plugin dependency code (615d9aefc4 by @ douglowder)
- Bump RNGP to 0.71.18 (4bf4c470fe by @ kelset)
iOS specific
- Do not send extra onChangeText even wnen instantianting multiline TextView (a804c0f22b by @ dmytrorykun)
You can participate in the conversation on the status of this release in this discussion.

To help you upgrade to this version, you can use the upgrade helper ⚛️

You can find the whole changelog history in the changelog.md file.
0.71.7 - 2023-04-19
This release is primarily aimed at addressing issues with ANRs using multiline TextInput on Samsung devices (#35936, #35590).

Fixed

iOS specific
- Address Hermes performance regression (9be2959 by @ dmytrorykun)
Android specific
- Resolved bug with Text components in new arch losing text alignment state. (31a8e92cad by @ javache)
- Mimimize EditText Spans 9/9: Remove addSpansForMeasurement() (92b8981499 by @ NickGerleman)
- Minimize EditText Spans 8/N: CustomStyleSpan (b384bb613b by @ NickGerleman)
- Minimize EditText Spans 6/N: letterSpacing (5791cf1f7b by @ NickGerleman)
- Minimize Spans 5/N: Strikethrough and Underline (0869ea29db by @ NickGerleman)
- Minimize Spans 4/N: ReactForegroundColorSpan (8c9c8ba5ad by @ NickGerleman)
- Minimize Spans 3/N: ReactBackgroundColorSpan (cc0ba57ea4 by @ NickGerleman)
- Minimize Spans 1/N: Fix precedence (1743dd7ab4 by @ NickGerleman)
- Fix measurement of uncontrolled TextInput after edit (8a0fe30591 by @ NickGerleman)
You can participate in the conversation on the status of this release in this discussion.

To help you upgrade to this version, you can use the upgrade helper ⚛️

You can find the whole changelog history in the changelog.md file.
0.71.6 - 2023-04-03
0.71.5 - 2023-03-29
0.71.4 - 2023-03-08
0.71.3 - 2023-02-14
0.71.2 - 2023-02-01
0.71.1 - 2023-01-19
0.71.0 - 2023-01-12
0.71.0-rc.6 - 2023-01-09
0.71.0-rc.5 - 2022-12-19
0.71.0-rc.4 - 2022-12-14
0.71.0-rc.3 - 2022-11-30
0.71.0-rc.2 - 2022-11-24
0.71.0-rc.1 - 2022-11-23
0.71.0-rc.0 - 2022-11-04
0.70.9 - 2023-04-19
This release is primarily aimed at addressing issues with ANRs using multiline TextInput on Samsung devices (#35936, #35590).

Changed
- Update Hermes to hermes-2023-04-13-RNv0.70.8-c9b539bf3d7bfa4143ff1a5751886c7b2dd728a2 (7b1441730b), contains:
  - Remove register stack size override in hermes.cpp (03f2df)
  - Increase default max stack size (1b759f4)
Fixed

Android specific
- Resolved bug with Text components in new arch losing text alignment state. (31a8e92cad by @ javache)
- Mimimize EditText Spans 9/9: Remove addSpansForMeasurement() (92b8981499 by @ NickGerleman)
- Minimize EditText Spans 8/N: CustomStyleSpan (b384bb613b by @ NickGerleman)
- Minimize EditText Spans 6/N: letterSpacing (5791cf1f7b by @ NickGerleman)
- Minimize Spans 5/N: Strikethrough and Underline (0869ea29db by @ NickGerleman)
- Minimize Spans 4/N: ReactForegroundColorSpan (8c9c8ba5ad by @ NickGerleman)
- Minimize Spans 3/N: ReactBackgroundColorSpan (cc0ba57ea4 by @ NickGerleman)
- Minimize Spans 1/N: Fix precedence (1743dd7ab4 by @ NickGerleman)
- Fix measurement of uncontrolled TextInput after edit (8a0fe30591 by @ NickGerleman)
iOS specific
- Address Hermes performance regression (1df92c6 by @ kelset)
You can participate in the conversation on the status of this release in this discussion.

To help you upgrade to this version, you can use the upgrade helper ⚛️

You can find the whole changelog history in the changelog.md file.
0.70.8 - 2023-04-04
0.70.7 - 2023-01-31
0.70.6 - 2022-11-15
0.70.5 - 2022-11-06
0.70.4 - 2022-10-25
0.70.3 - 2022-10-12
0.70.2 - 2022-10-04
0.70.1 - 2022-09-15
0.70.0 - 2022-09-05
0.70.0-rc.4 - 2022-08-22
0.70.0-rc.3 - 2022-08-15
0.70.0-rc.2 - 2022-08-04
0.70.0-rc.1 - 2022-07-28
0.70.0-rc.0 - 2022-07-15
0.69.10 - 2023-04-25
This release is primarily aimed at addressing issues with ANRs using multiline TextInput on Samsung devices (#35936, #35590).

Fixed

Android specific
- Minimize EditText Spans 8/N: CustomStyleSpan (b384bb613b by @ NickGerleman)
- Minimize EditText Spans 6/N: letterSpacing (5791cf1f7b by @ NickGerleman)
- Minimize Spans 5/N: Strikethrough and Underline (0869ea29db by @ NickGerleman)
- Minimize Spans 4/N: ReactForegroundColorSpan (8c9c8ba5ad by @ NickGerleman)
- Minimize Spans 3/N: ReactBackgroundColorSpan (cc0ba57ea4 by @ NickGerleman)
- Minimize Spans 1/N: Fix precedence (1743dd7ab4 by @ NickGerleman)
- Fix measurement of uncontrolled TextInput after edit (8a0fe30591 by @ NickGerleman)
You can participate in the conversation on the status of this release in this discussion.

To help you upgrade to this version, you can use the upgrade helper ⚛️

You can find the whole changelog history in the changelog.md file.
0.69.9 - 2023-04-04
0.69.8 - 2023-01-30
0.69.7 - 2022-11-06
0.69.6 - 2022-09-27
0.69.5 - 2022-08-25
0.69.4 - 2022-08-08
0.69.3 - 2022-07-25
0.69.2 - 2022-07-20
0.69.1 - 2022-06-29
0.69.0 - 2022-06-22
0.69.0-rc.6 - 2022-06-01
0.69.0-rc.5 - 2022-05-31
0.69.0-rc.4 - 2022-05-31
0.69.0-rc.3 - 2022-05-24
0.69.0-rc.2 - 2022-05-20
0.69.0-rc.1 - 2022-05-11
0.69.0-rc.0 - 2022-04-28
0.68.7 - 2023-04-26
🚨 IMPORTANT: This is an exceptional release on an unsupported version. We recommend you upgrade to one of the supported versions, listed here.

Hotfix

This release is primarily aimed at addressing issues with ANRs using multiline TextInput on Samsung devices (#35936, #35590).

Fixed
- Use logical operator instead of bit operation in Yoga (c3ad8 by @ cuva)
Android specific
- Minimize EditText Spans 8/N: CustomStyleSpan (b384bb613b by @ NickGerleman)
- Minimize EditText Spans 6/N: letterSpacing (5791cf1f7b by @ NickGerleman)
- Minimize Spans 5/N: Strikethrough and Underline (0869ea29db by @ NickGerleman)
- Minimize Spans 4/N: ReactForegroundColorSpan (8c9c8ba5ad by @ NickGerleman)
- Minimize Spans 3/N: ReactBackgroundColorSpan (cc0ba57ea4 by @ NickGerleman)
- Minimize Spans 1/N: Fix precedence (1743dd7ab4 by @ NickGerleman)
- Fix measurement of uncontrolled TextInput after edit (8a0fe30591 by @ NickGerleman)
You can find the whole changelog history in the changelog.md file.
0.68.6 - 2023-01-30
0.68.5 - 2022-11-06
0.68.4 - 2022-10-10
0.68.3 - 2022-08-08
0.68.2 - 2022-05-09
0.68.1 - 2022-04-13
0.68.0 - 2022-03-30
0.68.0-rc.4 - 2022-03-25
0.68.0-rc.3 - 2022-03-17
0.68.0-rc.2 - 2022-02-24
0.68.0-rc.1 - 2022-02-03
0.68.0-rc.0 - 2022-01-28
0.67.5 - 2022-11-06
0.67.4 - 2022-03-18
0.67.3 - 2022-02-22
0.67.2 - 2022-01-31
0.67.1 - 2022-01-20
0.67.0 - 2022-01-18
0.67.0-rc.6 - 2021-12-14
0.67.0-rc.5 - 2021-12-06
0.67.0-rc.4 - 2021-11-30
0.67.0-rc.3 - 2021-11-05
0.67.0-rc.2 - 2021-10-25
0.67.0-rc.1 - 2021-10-22
0.67.0-rc.0 - 2021-10-16
0.66.5 - 2022-11-06
0.66.4 - 2021-12-09
0.66.3 - 2021-11-10
0.66.2 - 2021-11-04
0.66.1 - 2021-10-15
0.66.0 - 2021-10-01
0.66.0-rc.4 - 2021-09-24
0.66.0-rc.3 - 2021-09-17
0.66.0-rc.2 - 2021-09-10
0.66.0-rc.1 - 2021-09-01
0.66.0-rc.0 - 2021-08-27
0.65.3 - 2022-11-06
0.65.2 - 2021-11-04
0.65.1 - 2021-08-19
0.65.0 - 2021-08-17
0.65.0-rc.4 - 2021-08-11
0.65.0-rc.3 - 2021-07-23
0.65.0-rc.2 - 2021-06-18
0.65.0-rc.1 - 2021-06-17
0.65.0-rc.0 - 2021-06-09
0.64.4 - 2022-11-07
0.64.3 - 2021-11-04
0.64.2 - 2021-06-03
0.64.1 - 2021-05-05
0.64.0 - 2021-03-12
0.64.0-rc.4 - 2021-03-01
0.64.0-rc.3 - 2021-02-05
0.64.0-rc.2 - 2020-12-18
0.64.0-rc.1 - 2020-11-25
0.64.0-rc.0 - 2020-11-23
0.63.5 - 2022-11-07
0.63.4 - 2020-11-30
0.63.3 - 2020-09-29

from react-native GitHub release notes

Commit messages

Package name: react-native

d2a8739 [0.71.8] Bump version numbers
a93778c [LOCAL] update podlock
4bf4c47 [LOCAL] bump RNGP to 0.71.18
fb76526 bumped packages versions
0dda452 Read Maven group from GROUP property ([gradle-plugin] Read Maven group from GROUP property facebook/react-native#37204)
1fbfd8c Do not send extra onChangeText even wnen instantianting multiline TextView (Do not send extra onChangeText even wnen instantianting multiline TextView facebook/react-native#36930)
6115ce5 [0.71.7] Bump version numbers
843d57e Fix TextView alignment being reset on state updates
9be2959 Use RN Build Utils for Building Hermes Artifacts
256e25c Merge pull request fix(textinput): backporting of fixes for next 0.71 patch release facebook/react-native#36874 from facebook/kelset/071-backport-textinput-fixes
181bd38 Mimimize EditText Spans 9/9: Remove addSpansForMeasurement() (Mimimize EditText Spans 9/9: Remove addSpansForMeasurement facebook/react-native#36575)
77bd902 Minimize EditText Spans 8/9: CustomStyleSpan (Minimize EditText Spans 8/9: CustomStyleSpan facebook/react-native#36577)
2e2ce8a Minimize EditText Spans 7/9: Avoid temp list (Minimize EditText Spans 7/9: Avoid temp list facebook/react-native#36576)
e89d23c Minimize EditText Spans 6/9: letterSpacing (Minimize EditText Spans 6/N: letterSpacing facebook/react-native#36548)
ba4c2f5 Minimize EditText Spans 5/9: Strikethrough and Underline (Minimize EditText Spans 5/N: Strikethrough and Underline facebook/react-native#36544)
644a3da Minimize EditText Spans 4/9: ReactForegroundColorSpan (Minimize EditText Spans 4/N: ReactForegroundColorSpan facebook/react-native#36545)
d145957 Minimize EditText Spans 3/9: ReactBackgroundColorSpan (Minimize EditText Spans 3/N: ReactBackgroundColorSpan facebook/react-native#36547)
e7122df Minimize EditText Spans 2/9: Make stripAttributeEquivalentSpans generic (Minimize EditText Spans 2/N: Make stripAttributeEquivalentSpans generic facebook/react-native#36546)
8ad6496 Minimize EditText Spans 1/9: Fix precedence (Minimize EditText Spans 1/N: Fix precedence facebook/react-native#36543)
0d3600b Fix measurement of uncontrolled TextInput after edit
a0a2301 [LOCAL] update podlock post release to fix CI
030ab8e [0.71.6] Bump version numbers
509f8f2 [LOCAL] fix definition of local mock for ruby test
0010c38 fix(xcode): backport Xcode 14.3 fix to 71 (fix(xcode): backport Xcode 14.3 fix to 71 facebook/react-native#36769)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade react-native from 0.63.3 to 0.71.8. See this package in npm: https://www.npmjs.com/package/react-native See this project in Snyk: https://app.snyk.io/org/nexuscompute/project/0222b3fd-d039-47e2-9aa3-18449fae0cf0?utm_source=github&utm_medium=referral&page=upgrade-pr

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade react-native from 0.63.3 to 0.71.8 #1069

[Snyk] Upgrade react-native from 0.63.3 to 0.71.8 #1069

snyk-bot commented Jun 1, 2023

Fixed

Android specific

iOS specific

Fixed

iOS specific

Android specific

Changed

Fixed

Android specific

iOS specific

Fixed

Android specific

Hotfix

Fixed

Android specific

[Snyk] Upgrade react-native from 0.63.3 to 0.71.8 #1069

Are you sure you want to change the base?

[Snyk] Upgrade react-native from 0.63.3 to 0.71.8 #1069

Conversation

snyk-bot commented Jun 1, 2023

Snyk has created this PR to upgrade react-native from 0.63.3 to 0.71.8.

Fixed

Android specific

iOS specific

Fixed

iOS specific

Android specific

Changed

Fixed

Android specific

iOS specific

Fixed

Android specific

Hotfix

Fixed

Android specific