[Snyk] Upgrade react-native from 0.60.5 to 0.72.7

[mdfkbtc]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade react-native from 0.60.5 to 0.72.7.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 161 versions ahead of your current version.
• The recommended version was released a month ago, on 2023-11-14.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	410/1000 Why? CVSS 8.2	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	410/1000 Why? CVSS 8.2	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-REACTNATIVE-1298632	410/1000 Why? CVSS 8.2	No Known Exploit
	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	410/1000 Why? CVSS 8.2	No Known Exploit
	Prototype Pollution SNYK-JS-ASYNC-2441827	410/1000 Why? CVSS 8.2	Proof of Concept
	Remote Code Execution (RCE) SNYK-JS-LOGKITTY-568763	410/1000 Why? CVSS 8.2	Proof of Concept
	Arbitrary File Write SNYK-JS-TAR-1579147	410/1000 Why? CVSS 8.2	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579152	410/1000 Why? CVSS 8.2	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579155	410/1000 Why? CVSS 8.2	No Known Exploit
	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	410/1000 Why? CVSS 8.2	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	410/1000 Why? CVSS 8.2	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	410/1000 Why? CVSS 8.2	Proof of Concept
	Command Injection SNYK-JS-NODENOTIFIER-1035794	410/1000 Why? CVSS 8.2	No Known Exploit
	Improper Authorization SNYK-JS-REACTDEVTOOLSCORE-6023999	410/1000 Why? CVSS 8.2	Proof of Concept
	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	410/1000 Why? CVSS 8.2	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	410/1000 Why? CVSS 8.2	Proof of Concept
	Prototype Pollution SNYK-JS-HAPIHOEK-548452	410/1000 Why? CVSS 8.2	No Known Exploit
	Denial of Service (DoS) npm:mem:20180117	410/1000 Why? CVSS 8.2	No Known Exploit
	Prototype Pollution SNYK-JS-JSON5-3182856	410/1000 Why? CVSS 8.2	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	410/1000 Why? CVSS 8.2	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: react-native

• 0.72.7 - 2023-11-14
  

  Changed

  • Bump CLI to v11.3.10 (e844a62ce9 by @ szymonrybczak)
  • Bump deprecated-react-native-prop-types to ^4.2.3 (e031c05cdc by @ huntie)

  Fixed

  • Show correct stack frame on unhandled promise rejections on development mode.
    (18c9797ecc by @ ospfranco)

  Android specific

  • Fix android crash when apply PlatformColor to borders (265af222aa by @ axinvd)
  • Fix broken Loading/Refreshing indicator on Android (5dedf277cb by @ cortinico)

  ---

  You can participate in the conversation on the status of this release in this discussion

  ---

  To help you upgrade to this version, you can use the upgrade helper ⚛️

  ---

  You can find the whole changelog history in the changelog.md file.

• 0.72.6 - 2023-10-12
• 0.72.5 - 2023-09-25
• 0.72.4 - 2023-08-14
• 0.72.3 - 2023-07-12
• 0.72.2 - 2023-07-11
• 0.72.1 - 2023-06-29
• 0.72.0 - 2023-06-21
• 0.72.0-rc.6 - 2023-06-13
• 0.72.0-rc.5 - 2023-06-01
• 0.72.0-rc.4 - 2023-05-31
• 0.72.0-rc.3 - 2023-05-11
• 0.72.0-rc.2 - 2023-05-04
• 0.72.0-rc.1 - 2023-04-05
• 0.72.0-rc.0 - 2023-03-20
• 0.71.14 - 2023-10-12
• 0.71.13 - 2023-08-22
• 0.71.12 - 2023-07-04
• 0.71.11 - 2023-06-14
• 0.71.10 - 2023-06-07
• 0.71.9 - 2023-06-07
• 0.71.8 - 2023-05-10
• 0.71.7 - 2023-04-19
• 0.71.6 - 2023-04-03
• 0.71.5 - 2023-03-29
• 0.71.4 - 2023-03-08
• 0.71.3 - 2023-02-14
• 0.71.2 - 2023-02-01
• 0.71.1 - 2023-01-19
• 0.71.0 - 2023-01-12
• 0.71.0-rc.6 - 2023-01-09
• 0.71.0-rc.5 - 2022-12-19
• 0.71.0-rc.4 - 2022-12-14
• 0.71.0-rc.3 - 2022-11-30
• 0.71.0-rc.2 - 2022-11-24
• 0.71.0-rc.1 - 2022-11-23
• 0.71.0-rc.0 - 2022-11-04
• 0.70.14 - 2023-10-24
  

  Changed

  • Update JSCodeshift to 0.14 (5a695dd by @ stianjensen)

  Fixes (iOS)

  • Fix Gemfile to set the max version of Active support to 7.0.8 (a1a220b by @ cipolleschi)
  • Update Xcode 15 patches to be more robust (735d06c01f by @ cipolleschi)
  • Make Hermes build properly with Xcode 15 (5f4a091 by @ cipolleschi)

  ---

  You can participate in the conversation on the status of this release in this discussion

  ---

  To help you upgrade to this version, you can use the upgrade helper ⚛️

  ---

  You can find the whole changelog history in the changelog.md file.

• 0.70.13 - 2023-07-28
• 0.70.12 - 2023-07-05
• 0.70.11 - 2023-07-04
• 0.70.10 - 2023-06-08
• 0.70.9 - 2023-04-19
• 0.70.8 - 2023-04-04
• 0.70.7 - 2023-01-31
• 0.70.6 - 2022-11-15
• 0.70.5 - 2022-11-06
• 0.70.4 - 2022-10-25
• 0.70.3 - 2022-10-12
• 0.70.2 - 2022-10-04
• 0.70.1 - 2022-09-15
• 0.70.0 - 2022-09-05
• 0.70.0-rc.4 - 2022-08-22
• 0.70.0-rc.3 - 2022-08-15
• 0.70.0-rc.2 - 2022-08-04
• 0.70.0-rc.1 - 2022-07-28
• 0.70.0-rc.0 - 2022-07-15
• 0.69.12 - 2023-07-04
• 0.69.11 - 2023-06-08
• 0.69.10 - 2023-04-25
• 0.69.9 - 2023-04-04
• 0.69.8 - 2023-01-30
• 0.69.7 - 2022-11-06
• 0.69.6 - 2022-09-27
• 0.69.5 - 2022-08-25
• 0.69.4 - 2022-08-08
• 0.69.3 - 2022-07-25
• 0.69.2 - 2022-07-20
• 0.69.1 - 2022-06-29
• 0.69.0 - 2022-06-22
• 0.69.0-rc.6 - 2022-06-01
• 0.69.0-rc.5 - 2022-05-31
• 0.69.0-rc.4 - 2022-05-31
• 0.69.0-rc.3 - 2022-05-24
• 0.69.0-rc.2 - 2022-05-20
• 0.69.0-rc.1 - 2022-05-11
• 0.69.0-rc.0 - 2022-04-28
• 0.68.7 - 2023-04-26
• 0.68.6 - 2023-01-30
• 0.68.5 - 2022-11-06
• 0.68.4 - 2022-10-10
• 0.68.3 - 2022-08-08
• 0.68.2 - 2022-05-09
• 0.68.1 - 2022-04-13
• 0.68.0 - 2022-03-30
• 0.68.0-rc.4 - 2022-03-25
• 0.68.0-rc.3 - 2022-03-17
• 0.68.0-rc.2 - 2022-02-24
• 0.68.0-rc.1 - 2022-02-03
• 0.68.0-rc.0 - 2022-01-28
• 0.67.5 - 2022-11-06
• 0.67.4 - 2022-03-18
• 0.67.3 - 2022-02-22
• 0.67.2 - 2022-01-31
• 0.67.1 - 2022-01-20
• 0.67.0 - 2022-01-18
• 0.67.0-rc.6 - 2021-12-14
• 0.67.0-rc.5 - 2021-12-06
• 0.67.0-rc.4 - 2021-11-30
• 0.67.0-rc.3 - 2021-11-05
• 0.67.0-rc.2 - 2021-10-25
• 0.67.0-rc.1 - 2021-10-22
• 0.67.0-rc.0 - 2021-10-16
• 0.66.5 - 2022-11-06
• 0.66.4 - 2021-12-09
• 0.66.3 - 2021-11-10
• 0.66.2 - 2021-11-04
• 0.66.1 - 2021-10-15
• 0.66.0 - 2021-10-01
• 0.66.0-rc.4 - 2021-09-24
• 0.66.0-rc.3 - 2021-09-17
• 0.66.0-rc.2 - 2021-09-10
• 0.66.0-rc.1 - 2021-09-01
• 0.66.0-rc.0 - 2021-08-27
• 0.65.3 - 2022-11-06
• 0.65.2 - 2021-11-04
• 0.65.1 - 2021-08-19
• 0.65.0 - 2021-08-17
• 0.65.0-rc.4 - 2021-08-11
• 0.65.0-rc.3 - 2021-07-23
• 0.65.0-rc.2 - 2021-06-18
• 0.65.0-rc.1 - 2021-06-17
• 0.65.0-rc.0 - 2021-06-09
• 0.64.4 - 2022-11-07
• 0.64.3 - 2021-11-04
• 0.64.2 - 2021-06-03
• 0.64.1 - 2021-05-05
• 0.64.0 - 2021-03-12
• 0.64.0-rc.4 - 2021-03-01
• 0.64.0-rc.3 - 2021-02-05
• 0.64.0-rc.2 - 2020-12-18
• 0.64.0-rc.1 - 2020-11-25
• 0.64.0-rc.0 - 2020-11-23
• 0.63.5 - 2022-11-07
• 0.63.4 - 2020-11-30
• 0.63.3 - 2020-09-29
• 0.63.2 - 2020-07-22
• 0.63.1 - 2020-07-14
• 0.63.0 - 2020-07-08
• 0.63.0-rc.1 - 2020-05-04
• 0.63.0-rc.0 - 2020-04-16
• 0.62.3 - 2021-05-05
• 0.62.2 - 2020-04-08
• 0.62.1 - 2020-04-03
• 0.62.0 - 2020-03-26
• 0.62.0-rc.5 - 2020-03-07
• 0.62.0-rc.4 - 2020-03-06
• 0.62.0-rc.3 - 2020-02-25
• 0.62.0-rc.2 - 2020-02-13
• 0.62.0-rc.1 - 2020-01-21
• 0.62.0-rc.0 - 2019-12-18
• 0.61.5 - 2019-11-23
• 0.61.4 - 2019-11-04
• 0.61.3 - 2019-10-29
• 0.61.2 - 2019-10-02
• 0.61.1 - 2019-09-25
• 0.61.0 - 2019-09-24
• 0.61.0-rc.3 - 2019-09-10
• 0.61.0-rc.2 - 2019-09-04
• 0.61.0-rc.0 - 2019-08-27
• 0.60.6 - 2019-09-24
• 0.60.5 - 2019-08-13

from react-native GitHub release notes

Commit messages

Package name: react-native

• 52904ff [0.72.7] Bump version numbers
• 55c2c33 Symbolicate unhandled promise rejections (#40914) (#41377)
• f399afc Fix RNTestProject testing on Android (#41378)
• a304cb4 Make the interop-layer work with components with custom name (#41376)
• 5858fd7 Fix unstable RCTAppDelegate podspec (#41009)
• 2f08813 Fix android platform border color (#39893)
• 981a0a0 Fix normalization of degrees in AnimatedInterpolation (#36645)
• e844a62 Bump CLI to v11.3.10 (#41316)
• 3e23e14 Update node installation on debian (#41276)
• 945c429 Bump Podfile.lock for 0.72 (#41303)
• 3a4d79e Fix broken Loading/Refreshing indicator on Android
• e031c05 Bump deprecated-react-native-prop-types to ^4.2.3
• 4fd3da2 [0.72.6] Bump version numbers
• 6e3a130 [Local] Fix CI for 0.72, with Acitve Support and Xcode15 (#40855)
• 9b3bd63 RN: Switch EventEmitter to `Array.from(...)` (#39525)
• 785f91b Fix Gemfile, setting Active support to < 7.1.0 (#39828)
• 355025d Update Xcode 15 patches to be more robust (#39710)
• 3c4cc59 Move hermes-engine.podspec and hermes-utils.rb from hermes-engine to hermes folders when building (#39575)
• 1e38d4d [0.72.5] Bump version numbers
• 2a041cb Add ld_classic flag to Hermes when building for Xcode 15 (#39516)
• 8ccdb2c Fix Xcode 15 RC issues (#39474)
• a5e110a Bump IPHONEOS_DEPLOYMENT_TARGET to 13.4 for 3rd party pods (#39478)
• f6fd6b8 【iOS】Fix timer background state when App is launched from background (#39347)
• 4da9914 bumped packages versions

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs