[Snyk] Upgrade react-native from 0.60.5 to 0.71.4 #1116

snyk-bot · 2023-04-01T00:59:43Z

Snyk has created this PR to upgrade react-native from 0.60.5 to 0.71.4.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 124 versions ahead of your current version.
The recommended version was released 23 days ago, on 2023-03-08.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Regular Expression Denial of Service (ReDoS) SNYK-JS-REACTNATIVE-1298632	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536528	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536531	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Prototype Pollution SNYK-JS-ASYNC-2441827	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Arbitrary File Write SNYK-JS-TAR-1579147	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579152	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579155	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Remote Code Execution (RCE) SNYK-JS-LOGKITTY-568763	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Command Injection SNYK-JS-NODENOTIFIER-1035794	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-HAPIHOEK-548452	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Prototype Pollution SNYK-JS-JSON5-3182856	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Denial of Service (DoS) npm:mem:20180117	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: react-native

0.71.4 - 2023-03-08
Changed
- Make FlatList permissive of ArrayLike data (c03de97fb4 by @ NickGerleman)
- Bumping RNGP to ^0.71.16 (3df4a79c3d by @ kelset)
- Update CLI to 10.2.0, Metro to 0.73.8 (20a6fbd373 by @ robhogan) - contains:
  - fix: Source maps may have invalid entries when using Terser minification. (metro/#928)
  - fix: Mitigate potential source map mismatches with concurrent transformations due to terser#1341. (metro/#929)
- Bump Hermes Version (291cc0af10) - contains:
  - use ConsecutiveStringStorage to dedup serialized literals (62d58e)
  - Remove register stack size override in hermes.cpp (6146eb)
  - fix: specify currency in locale identifier when formatting currency plural (21f15c)
  - Increase default max stack size (ee2588)
  - Refactor HBC test helper (31fdcf)
Android specific
- Expose rrc_root via prefab. (3418f65d88 by @ tomekzaw)
Fixed
- Fix touchable hitSlop type (23607aea68 by @ bigcupcoffee)
- Fix TouchableOpacity componentDidUpdate causing an excessive number of pending callbacks (8b1f6e09c1 by @ gabrieldonadel)
Android specific
- ENTRY_FILE should resolve relative paths from root (6dde1dc7cb by @ cortinico)
- Better Monorepo support for New Architecture (0487108461 by @ cortinico)
You can participate in the conversation on the status of this release in this discussion.

To help you upgrade to this version, you can use the upgrade helper ⚛️

You can find the whole changelog history in the changelog.md file.
0.71.3 - 2023-02-14
Changed
- Bump package versions (4b84888a90 by @ cipolleschi), (60f0a71060 by @ cipolleschi), (a3f205a27b by @ cipolleschi):
  - react-native-codegen to 0.71.5
  - react-native-gradle-plugin to 0.71.15
Fixed
- (codegen) Add missing C++ include for prop conversion of complex array type (92fc32aa by @ rshest)
Android specific
- Fixed jscexecutor crash on Android which is caused from NDK incompatibility (a232decbb1 by @ Kudo)
- Used relative paths for gradle commands (bb02ccf13f by @ shivenmian)
iOS specific
- fix pod install --project-directory=... (ad1ddc241a by @ tido64)
You can participate in the conversation on the status of this release in this discussion.

To help you upgrade to this version, you can use the upgrade helper ⚛️

You can find the whole changelog history in the changelog.md file.
0.71.2 - 2023-02-01
Added
- Added AlertOptions argument to the type definition for Alert.prompt to bring it into parity with the js code. (305ca337c0 by @ paulmand3l)
- Added missing accessibilityLabelledBy TypeScript type (e162b07982 by @ DimitarNestorov)
- Added missing accessibilityLanguage TypeScript type (71c4f57baf by @ DimitarNestorov)
Changed
- Bump react-native-gradle-plugin to ^0.71.14 in core, @ react-native-community/eslint-config to ^3.2.0 in starting template (785bc8d97b by @ kelset)
Fixed
- Add TextInput's inputMode TypeScript types (fac7859863 by @ eps1lon)
- Fix crash by conditional value of aspectRatio style value (a8166bd75b by @ mym0404)
- Fix TurboModuleRegistry TS type (c289442848 by @ janicduplessis)
- Fix invariant violation when nesting VirtualizedList inside ListEmptyComponent (1fef376812 by @ NickGerleman)
Android specific
- [RNGP] Properly set the jsRootDir default value (c0004092f9 by @ cortinico)
- Do not use WindowInsetsCompat for Keyboard Events (32f54877ff by @ NickGerleman)
- Mitigation for Samsung TextInput Hangs (4650ef3 by @ NickGerleman)
iOS specific
- Add Back dynamic framework support for the Old Architecture with Hermes (b3040ec624 by @ cipolleschi)
- Add Back dynamic framework support for the old architecture (da270d038c by @ cipolleschi)
You can participate in the conversation on the status of this release in this discussion.

To help you upgrade to this version, you can use the upgrade helper ⚛️

You can find the whole changelog history in the changelog.md file.
0.71.1 - 2023-01-19
Added

Android specific
- Add jsinspector to the prefab target (a80cf96fc8 by @ Kudo)
iOS specific
- Add initialProps property to RCTAppDelegate (b314e6f147 by @ jblarriviere)
Changed
- Bump CLI to 10.1.3 (b868970037 by @ kelset)
- Bump RNGP to 0.71.13 (416463c406 by @ cipolleschi)
Fixed
- Fix(cli,metro,babel): bump cli and metro and babel to fix Windows+Metro issue (df7c92ff4c by @ kelset)
Android specific
- Fix ReactRootView crash when root view window insets are null (4cdc2c48e8 by @ enahum)
- Fix for resources not correctly bundlded on release appbundles (60b9d8c2b9 by @ cortinico)
- RNGP - Honor the --active-arch-only when configuring the NDK (470f79b617 by @ cortinico)
- Fixed typo in template build.gradle (38e35df47c by @ Titozzz)
iOS specific
- Exclude react-native-flipper when NO_FLIPPER=1 to prevent iOS build fail (f47b5b8b5d by @ retyui)
- Fix RCTAlertController not showing when using SceneDelegate on iOS 13.0+. (0c53420a7a)
- Handle Null Exception to Validate input in RCTAlertController and in RCTDevLoadingView (79e603c5ab by @ admirsaheta)
- Fixed the potential race condition when dismissing and presentating modal (e948c79bda by @ wood1986)
- Fix build errors when inheriting RCTAppDelegate in Swift modules (5eb25d2186 by @ Kudo)
- OnSelectionChange() is fired before onChange() on multiline TextInput (64475aeb3b by @ s77rt)
- Build: remove deprecated File.exists() method from Hermes podspec. (38e5fa6a96 by @ kelset)
You can participate in the conversation on the status of this release in this discussion

To help you upgrade to this version, you can use the upgrade helper ⚛️

You can find the whole changelog history in the changelog.md file.
0.71.0 - 2023-01-12
0.71.0-rc.6 - 2023-01-09
0.71.0-rc.5 - 2022-12-19
0.71.0-rc.4 - 2022-12-14
0.71.0-rc.3 - 2022-11-30
0.71.0-rc.2 - 2022-11-24
0.71.0-rc.1 - 2022-11-23
0.71.0-rc.0 - 2022-11-04
0.70.7 - 2023-01-31
Fixes

Android Specific
- Mitigation for Samsung TextInput Hangs (be69c8b5a7 by @ NickGerleman)
iOS Specific
- Fix the potential race condition when dismissing and presenting modal (279fb52e03 by @ wood1986)
Added

Android
- Add POST_NOTIFICATIONS and deprecate POST_NOTIFICATION (b5280bbc93 by @ dcangulo)
You can participate in the conversation on the status of this release in this discussion

To help you upgrade to this version, you can use the upgrade helper ⚛️

You can find the whole changelog history in the changelog.md file.
0.70.6 - 2022-11-15
0.70.5 - 2022-11-06
0.70.4 - 2022-10-25
0.70.3 - 2022-10-12
0.70.2 - 2022-10-04
0.70.1 - 2022-09-15
0.70.0 - 2022-09-05
0.70.0-rc.4 - 2022-08-22
0.70.0-rc.3 - 2022-08-15
0.70.0-rc.2 - 2022-08-04
0.70.0-rc.1 - 2022-07-28
0.70.0-rc.0 - 2022-07-15
0.69.8 - 2023-01-30
This version is a patch release with a mitigation solution for the Android issue on Samsung devices.

Please let us know in the issue if this new version addresses the problem for you.

You can participate in the conversation on the status of this release in this discussion.

To help you upgrade to this version, you can use the upgrade helper ⚛️

You can find the whole changelog history in the changelog.md file.
0.69.7 - 2022-11-06
0.69.6 - 2022-09-27
0.69.5 - 2022-08-25
0.69.4 - 2022-08-08
0.69.3 - 2022-07-25
0.69.2 - 2022-07-20
0.69.1 - 2022-06-29
0.69.0 - 2022-06-22
0.69.0-rc.6 - 2022-06-01
0.69.0-rc.5 - 2022-05-31
0.69.0-rc.4 - 2022-05-31
0.69.0-rc.3 - 2022-05-24
0.69.0-rc.2 - 2022-05-20
0.69.0-rc.1 - 2022-05-11
0.69.0-rc.0 - 2022-04-28
0.68.6 - 2023-01-30
🚨 IMPORTANT: This is an exceptional release on an unsupported version. We recommend you upgrade to one of the supported versions, listed here.

Hotfix

This version is a patch release with a mitigation solution for the Android issue on Samsung devices.

Please let us know in the issue if this new version addresses the problem for you.

To help you upgrade to new versions, you can use the upgrade helper ⚛️

You can find the whole changelog history in the changelog.md file.
0.68.5 - 2022-11-06
0.68.4 - 2022-10-10
0.68.3 - 2022-08-08
0.68.2 - 2022-05-09
0.68.1 - 2022-04-13
0.68.0 - 2022-03-30
0.68.0-rc.4 - 2022-03-25
0.68.0-rc.3 - 2022-03-17
0.68.0-rc.2 - 2022-02-24
0.68.0-rc.1 - 2022-02-03
0.68.0-rc.0 - 2022-01-28
0.67.5 - 2022-11-06
0.67.4 - 2022-03-18
0.67.3 - 2022-02-22
0.67.2 - 2022-01-31
0.67.1 - 2022-01-20
0.67.0 - 2022-01-18
0.67.0-rc.6 - 2021-12-14
0.67.0-rc.5 - 2021-12-06
0.67.0-rc.4 - 2021-11-30
0.67.0-rc.3 - 2021-11-05
0.67.0-rc.2 - 2021-10-25
0.67.0-rc.1 - 2021-10-22
0.67.0-rc.0 - 2021-10-16
0.66.5 - 2022-11-06
0.66.4 - 2021-12-09
0.66.3 - 2021-11-10
0.66.2 - 2021-11-04
0.66.1 - 2021-10-15
0.66.0 - 2021-10-01
0.66.0-rc.4 - 2021-09-24
0.66.0-rc.3 - 2021-09-17
0.66.0-rc.2 - 2021-09-10
0.66.0-rc.1 - 2021-09-01
0.66.0-rc.0 - 2021-08-27
0.65.3 - 2022-11-06
0.65.2 - 2021-11-04
0.65.1 - 2021-08-19
0.65.0 - 2021-08-17
0.65.0-rc.4 - 2021-08-11
0.65.0-rc.3 - 2021-07-23
0.65.0-rc.2 - 2021-06-18
0.65.0-rc.1 - 2021-06-17
0.65.0-rc.0 - 2021-06-09
0.64.4 - 2022-11-07
0.64.3 - 2021-11-04
0.64.2 - 2021-06-03
0.64.1 - 2021-05-05
0.64.0 - 2021-03-12
0.64.0-rc.4 - 2021-03-01
0.64.0-rc.3 - 2021-02-05
0.64.0-rc.2 - 2020-12-18
0.64.0-rc.1 - 2020-11-25
0.64.0-rc.0 - 2020-11-23
0.63.5 - 2022-11-07
0.63.4 - 2020-11-30
0.63.3 - 2020-09-29
0.63.2 - 2020-07-22
0.63.1 - 2020-07-14
0.63.0 - 2020-07-08
0.63.0-rc.1 - 2020-05-04
0.63.0-rc.0 - 2020-04-16
0.62.3 - 2021-05-05
0.62.2 - 2020-04-08
0.62.1 - 2020-04-03
0.62.0 - 2020-03-26
0.62.0-rc.5 - 2020-03-07
0.62.0-rc.4 - 2020-03-06
0.62.0-rc.3 - 2020-02-25
0.62.0-rc.2 - 2020-02-13
0.62.0-rc.1 - 2020-01-21
0.62.0-rc.0 - 2019-12-18
0.61.5 - 2019-11-23
0.61.4 - 2019-11-04
0.61.3 - 2019-10-29
0.61.2 - 2019-10-02
0.61.1 - 2019-09-25
0.61.0 - 2019-09-24
0.61.0-rc.3 - 2019-09-10
0.61.0-rc.2 - 2019-09-04
0.61.0-rc.0 - 2019-08-27
0.60.6 - 2019-09-24
0.60.5 - 2019-08-13

from react-native GitHub release notes

Commit messages

Package name: react-native

e0d92c6 [0.71.4] Bump version numbers
be199f8 [LOCAL] enforce iPhone 14 simulator on run ios E2E script
291cc0a [LOCAL] Bump Hermes Version
0f8d942 fix: conditional to include rn-tester and react-native-gradle-plugin in settings.gradle.kts (#36188)
41a633d Do not use a mixture of plugins{} and buildscript{}
f4546bf [LOCAL] Bump hermes version
56f2aa4 [LOCAL] update podlock
2755f41 consume new RNGP patch
3df4a79 bumping RNGP to new patch
6c5088f Make FlatList permissive of ArrayLike data (#36236)
267b31a Make it easier for users to build from source if needed (#36165)
cbaf4c8 RNGP - Fix defaults for PrivateReactExtension
f2bfe91 RNGP - ENTRY_FILE should resolve relative paths from root (#36193)
de512cd RNGP - Monorepo: Make sure libraries are honoring codegenDir provided by app (#36128)
d60da23 Expose `rrc_root` via prefab (#36166)
67ea1f1 Fix incorrect touchable hitSlop and pressRetentionOffset type (#36065)
c92e98a Fix TouchableOpacity componentDidUpdate causing an excessive number of pending callbacks (#35387)
4a0b11a Merge pull request #36323 from hoxyq/pick/fixing-ci-packages-bumping-scripts
9c4d0a8 fix: update publishing packages tag message prefix (#36348)
20a6fbd Update CLI to 10.2.0, Metro to 0.73.8
ac635f9 refactor(bump-all-updated-packages): use tag instead of custom commit name
411491e fix: update executor for packages publishing workflow
d9321c0 [0.71.3] Bump version numbers
a3f205a [LOCAL] Bump codegen package

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade react-native from 0.60.5 to 0.71.4. See this package in npm: https://www.npmjs.com/package/react-native See this project in Snyk: https://app.snyk.io/org/mdfkbtc/project/a2088718-36c2-4867-a45b-42143012aac0?utm_source=github&utm_medium=referral&page=upgrade-pr

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade react-native from 0.60.5 to 0.71.4 #1116

[Snyk] Upgrade react-native from 0.60.5 to 0.71.4 #1116

snyk-bot commented Apr 1, 2023

Changed

Android specific

Fixed

Android specific

Changed

Fixed

Android specific

iOS specific

Added

Changed

Fixed

Android specific

iOS specific

Added

Android specific

iOS specific

Changed

Fixed

Android specific

iOS specific

Fixes

Android Specific

iOS Specific

Added

Android

Hotfix

[Snyk] Upgrade react-native from 0.60.5 to 0.71.4 #1116

Are you sure you want to change the base?

[Snyk] Upgrade react-native from 0.60.5 to 0.71.4 #1116

Conversation

snyk-bot commented Apr 1, 2023

Snyk has created this PR to upgrade react-native from 0.60.5 to 0.71.4.

Changed

Android specific

Fixed

Android specific

Changed

Fixed

Android specific

iOS specific

Added

Changed

Fixed

Android specific

iOS specific

Added

Android specific

iOS specific

Changed

Fixed

Android specific

iOS specific

Fixes

Android Specific

iOS Specific

Added

Android

Hotfix