[Snyk] Security upgrade react-native from 0.10.1 to 0.63.0

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • SearchBarExample/package.json
  • SearchBarExample/.snyk

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	No	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Prototype Pollution SNYK-JS-LODASH-590103	No	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	No	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-MERGE-1040469	No	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-MERGE-1042987	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	No	No Known Exploit
	551/1000 Why? Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	No	No Known Exploit
	596/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.5	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	No	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	No	Proof of Concept
	529/1000 Why? Has a fix available, CVSS 6.3	Non-Constant Time String Comparison npm:cookie-signature:20160804	No	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:fresh:20170908	No	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	No	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	No	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) npm:ms:20151024	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) npm:qs:20140806	No	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Denial of Service (DoS) npm:qs:20140806-1	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Override Protection Bypass npm:qs:20170213	No	No Known Exploit
	429/1000 Why? Has a fix available, CVSS 4.3	Directory Traversal npm:send:20140912	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Root Path Disclosure npm:send:20151103	No	No Known Exploit
	629/1000 Why? Has a fix available, CVSS 8.3	Improper minification of non-boolean comparisons npm:uglify-js:20150824	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) npm:uglify-js:20151024	No	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Remote Memory Exposure npm:ws:20160104	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) npm:ws:20160624	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Insecure Randomness npm:ws:20160920	No	No Known Exploit
	761/1000 Why? Mature exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) npm:ws:20171108	No	Mature

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: react-native

The new version differs by 250 commits.

• 4f89733 [0.63.0] Bump version numbers
• 6ed1b39 Fix debugging on android for 0.63 (#29204)
• 0225f18 Changed iOS LaunchScreen from xib to storyboard (#28239)
• 0b6fad6 Pressable: Add Support for Inspector Overlay
• fb429a5 iOS: Fix Animated image crash when CADisplayLink target in RCTWeakProxy is nil
• 262a3f6 Pressable: Rename pressRectOffset to pressRetentionOffset to be consistent with other touchables
• 29639e7 Enable with CocoaPods `:configuration` (#28796)
• 27ccc60 Upgrade Flipper to 0.37.0 (#28545)
• 48413a4 [0.63.0-rc.1] Bump version numbers
• 208bd05 Bump @ react-native-community/eslint-config in new app template
• 574447a Revert D21064653: Remove the post install step
• 5e51e54 Update react.gradle (#28776)
• b645f23 Fix folly::dynamic crash when attaching a debugger to Hermes
• 18f1c69 Allow iOS PlatformColor strings to be ObjC or Swift UIColor selectors (#28703)
• 87f5b8b Remove the post install step (#28651)
• ff1558d Upgrade Hermes dependency to 0.5.0
• e2dd18d [0.63.0-rc.0] Bump version numbers
• 787a772 (eslint-config) update community eslint plugin in eslint config (#28642)
• 7acd667 chore: remove Kotlin version from the default template
• 5f7b44c fix: do not throw on missing `cliPath`, use the default value (#28625)
• b191809 chore: update CLI
• 696fb55 Update default Podfile to not depend on a path (#28572)
• c7f2595 Migrate setNativeProps to commands in iOS text input
• 00c4d95 Implement event count for TextInput

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic