[Snyk] Upgrade react-native from 0.51.0 to 0.71.1 #1

snyk-bot · 2023-02-12T18:59:05Z

Snyk has created this PR to upgrade react-native from 0.51.0 to 0.71.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 206 versions ahead of your current version.
The recommended version was released 24 days ago, on 2023-01-19.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Regular Expression Denial of Service (ReDoS) npm:negotiator:20160616	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) npm:fresh:20170908	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Uninitialized Memory Exposure npm:base64-url:20180512	589/1000 Why? Has a fix available, CVSS 7.5	Mature
Prototype Pollution SNYK-JS-XMLDOM-3042242	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Denial of Service (DoS) npm:ws:20171108	589/1000 Why? Has a fix available, CVSS 7.5	Mature
Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Prototype Override Protection Bypass npm:qs:20170213	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Prototype Poisoning SNYK-JS-QS-3153490	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) npm:plist:20180219	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-PLIST-2405644	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) npm:plist:20180219	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-PLIST-2405644	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-MERGE-1042987	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-MERGE-1040469	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Prototype Pollution SNYK-JS-LODASH-73638	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-608086	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-567746	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-450202	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Command Injection SNYK-JS-LODASH-1040724	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Denial of Service (DoS) npm:mem:20180117	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Prototype Pollution SNYK-JS-YARGSPARSER-560381	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Improper Input Validation SNYK-JS-XMLDOM-1534562	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
XML External Entity (XXE) Injection SNYK-JS-XMLDOM-1084960	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Arbitrary Code Injection SNYK-JS-MORGAN-72579	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-559764	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Prototype Pollution npm:lodash:20180130	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-JSON5-3182856	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-JSON5-3182856	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) npm:ms:20170412	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) npm:ms:20170412	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) npm:mime:20170907	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) npm:debug:20170905	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) npm:braces:20180219	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Improper Input Validation SNYK-JS-XMLDOM-3092935	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-2429795	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: react-native

0.71.1 - 2023-01-19
Added

Android specific
- Add jsinspector to the prefab target (a80cf96fc8 by @ Kudo)
iOS specific
- Add initialProps property to RCTAppDelegate (b314e6f147 by @ jblarriviere)
Changed
- Bump CLI to 10.1.3 (b868970037 by @ kelset)
- Bump RNGP to 0.71.13 (416463c406 by @ cipolleschi)
Fixed
- Fix(cli,metro,babel): bump cli and metro and babel to fix Windows+Metro issue (df7c92ff4c by @ kelset)
Android specific
- Fix ReactRootView crash when root view window insets are null (4cdc2c48e8 by @ enahum)
- Fix for resources not correctly bundlded on release appbundles (60b9d8c2b9 by @ cortinico)
- RNGP - Honor the --active-arch-only when configuring the NDK (470f79b617 by @ cortinico)
- Fixed typo in template build.gradle (38e35df47c by @ Titozzz)
iOS specific
- Exclude react-native-flipper when NO_FLIPPER=1 to prevent iOS build fail (f47b5b8b5d by @ retyui)
- Fix RCTAlertController not showing when using SceneDelegate on iOS 13.0+. (0c53420a7a)
- Handle Null Exception to Validate input in RCTAlertController and in RCTDevLoadingView (79e603c5ab by @ admirsaheta)
- Fixed the potential race condition when dismissing and presentating modal (e948c79bda by @ wood1986)
- Fix build errors when inheriting RCTAppDelegate in Swift modules (5eb25d2186 by @ Kudo)
- OnSelectionChange() is fired before onChange() on multiline TextInput (64475aeb3b by @ s77rt)
- Build: remove deprecated File.exists() method from Hermes podspec. (38e5fa6a96 by @ kelset)
You can participate in the conversation on the status of this release in this discussion

To help you upgrade to this version, you can use the upgrade helper ⚛️

You can find the whole changelog history in the changelog.md file.
0.71.0 - 2023-01-12

0.71 stable is out!
This release includes over 1000 commits from 70+ contributors! Thank you to all our contributors new and old!

See the highlights of the release in our release blog post.

⚠️ Git Bash users on Windows might experience "Unable to resolve" red boxes, because of an issue with Metro (silently fails without discovering any files). It will be fixed in 0.71.1 next week, in the meantime you can set resolver.useWatchman: false in metro.config.js.

You can participate in the conversation on the status of this release in this discussion

To help you upgrade to this version, you can use the upgrade helper ⚛️

You can find the whole changelog history in the changelog.md file.
0.71.0-rc.6 - 2023-01-09
⚙️ Technical Release

This release has no changes from RC5. We are only making it to ensure that after the CircleCI Security Incident, we have rotated all the necessary secrets correctly.

How To Test

Generate a new project with the standard command:

npx react-native init RN0710RC6 --version 0.71.0-rc.6
- You can participate in the conversation on the status of this release in the working group.
- To help you upgrade to this version, you can use the upgrade helper ⚛️
- See changes from this release in the changelog PR
Help us testing 🧪

Let us know how it went by posting a comment in the working group discussion! Please specify with system you tried it on (ex. macos, windows).

Bonus points: It would be even better if you could swap things around: instead of using a fresh new app, use a more complex one - or use a different library that is already leveraging the new architecture!
0.71.0-rc.5 - 2022-12-19
Golden Release Candidate

This is our last release of 2022: we are considering this the golden RC for 0.71, so we'll give it a few weeks to be tested before 0.71.0 in early Jan.

How To Test

Generate a new project with the standard command:

npx react-native init RN0710RC5 --version 0.71.0-rc.5
- You can participate in the conversation on the status of this release in the working group.
- To help you upgrade to this version, you can use the upgrade helper ⚛️
- See changes from this release in the changelog PR
Help us testing 🧪

Let us know how it went by posting a comment in the working group discussion! Please specify with system you tried it on (ex. macos, windows).

Bonus points: It would be even better if you could swap things around: instead of using a fresh new app, use a more complex one - or use a different library that is already leveraging the new architecture!
0.71.0-rc.4 - 2022-12-14
How To Test

Generate a new project with the standard command:

npx react-native init RN0710RC4 --version 0.71.0-rc.4
- You can participate in the conversation on the status of this release in the working group.
- To help you upgrade to this version, you can use the upgrade helper ⚛️
- See changes from this release in the changelog PR
Help us testing 🧪

Let us know how it went by posting a comment in the working group discussion! Please specify with system you tried it on (ex. macos, windows).

Bonus points: It would be even better if you could swap things around: instead of using a fresh new app, use a more complex one - or use a different library that is already leveraging the new architecture!
0.71.0-rc.3 - 2022-11-30
0.71.0-rc.2 - 2022-11-24
0.71.0-rc.1 - 2022-11-23
0.71.0-rc.0 - 2022-11-04
0.70.7 - 2023-01-31
Fixes

Android Specific
- Mitigation for Samsung TextInput Hangs (be69c8b5a7 by @ NickGerleman)
iOS Specific
- Fix the potential race condition when dismissing and presenting modal (279fb52e03 by @ wood1986)
Added

Android
- Add POST_NOTIFICATIONS and deprecate POST_NOTIFICATION (b5280bbc93 by @ dcangulo)
You can participate in the conversation on the status of this release in this discussion

To help you upgrade to this version, you can use the upgrade helper ⚛️

You can find the whole changelog history in the changelog.md file.
0.70.6 - 2022-11-15
0.70.5 - 2022-11-06
0.70.4 - 2022-10-25
0.70.3 - 2022-10-12
0.70.2 - 2022-10-04
0.70.1 - 2022-09-15
0.70.0 - 2022-09-05
0.70.0-rc.4 - 2022-08-22
0.70.0-rc.3 - 2022-08-15
0.70.0-rc.2 - 2022-08-04
0.70.0-rc.1 - 2022-07-28
0.70.0-rc.0 - 2022-07-15
0.69.8 - 2023-01-30
This version is a patch release with a mitigation solution for the Android issue on Samsung devices.

Please let us know in the issue if this new version addresses the problem for you.

You can participate in the conversation on the status of this release in this discussion.

To help you upgrade to this version, you can use the upgrade helper ⚛️

You can find the whole changelog history in the changelog.md file.
0.69.7 - 2022-11-06
0.69.6 - 2022-09-27
0.69.5 - 2022-08-25
0.69.4 - 2022-08-08
0.69.3 - 2022-07-25
0.69.2 - 2022-07-20
0.69.1 - 2022-06-29
0.69.0 - 2022-06-22
0.69.0-rc.6 - 2022-06-01
0.69.0-rc.5 - 2022-05-31
0.69.0-rc.4 - 2022-05-31
0.69.0-rc.3 - 2022-05-24
0.69.0-rc.2 - 2022-05-20
0.69.0-rc.1 - 2022-05-11
0.69.0-rc.0 - 2022-04-28
0.68.6 - 2023-01-30
🚨 IMPORTANT: This is an exceptional release on an unsupported version. We recommend you upgrade to one of the supported versions, listed here.

Hotfix

This version is a patch release with a mitigation solution for the Android issue on Samsung devices.

Please let us know in the issue if this new version addresses the problem for you.

To help you upgrade to new versions, you can use the upgrade helper ⚛️

You can find the whole changelog history in the changelog.md file.
0.68.5 - 2022-11-06
0.68.4 - 2022-10-10
0.68.3 - 2022-08-08
0.68.2 - 2022-05-09
0.68.1 - 2022-04-13
0.68.0 - 2022-03-30
0.68.0-rc.4 - 2022-03-25
0.68.0-rc.3 - 2022-03-17
0.68.0-rc.2 - 2022-02-24
0.68.0-rc.1 - 2022-02-03
0.68.0-rc.0 - 2022-01-28
0.67.5 - 2022-11-06
0.67.4 - 2022-03-18
0.67.3 - 2022-02-22
0.67.2 - 2022-01-31
0.67.1 - 2022-01-20
0.67.0 - 2022-01-18
0.67.0-rc.6 - 2021-12-14
0.67.0-rc.5 - 2021-12-06
0.67.0-rc.4 - 2021-11-30
0.67.0-rc.3 - 2021-11-05
0.67.0-rc.2 - 2021-10-25
0.67.0-rc.1 - 2021-10-22
0.67.0-rc.0 - 2021-10-16
0.66.5 - 2022-11-06
0.66.4 - 2021-12-09
0.66.3 - 2021-11-10
0.66.2 - 2021-11-04
0.66.1 - 2021-10-15
0.66.0 - 2021-10-01
0.66.0-rc.4 - 2021-09-24
0.66.0-rc.3 - 2021-09-17
0.66.0-rc.2 - 2021-09-10
0.66.0-rc.1 - 2021-09-01
0.66.0-rc.0 - 2021-08-27
0.65.3 - 2022-11-06
0.65.2 - 2021-11-04
0.65.1 - 2021-08-19
0.65.0 - 2021-08-17
0.65.0-rc.4 - 2021-08-11
0.65.0-rc.3 - 2021-07-23
0.65.0-rc.2 - 2021-06-18
0.65.0-rc.1 - 2021-06-17
0.65.0-rc.0 - 2021-06-09
0.64.4 - 2022-11-07
0.64.3 - 2021-11-04
0.64.2 - 2021-06-03
0.64.1 - 2021-05-05
0.64.0 - 2021-03-12
0.64.0-rc.4 - 2021-03-01
0.64.0-rc.3 - 2021-02-05
0.64.0-rc.2 - 2020-12-18
0.64.0-rc.1 - 2020-11-25
0.64.0-rc.0 - 2020-11-23
0.63.5 - 2022-11-07
0.63.4 - 2020-11-30
0.63.3 - 2020-09-29
0.63.2 - 2020-07-22
0.63.1 - 2020-07-14
0.63.0 - 2020-07-08
0.63.0-rc.1 - 2020-05-04
0.63.0-rc.0 - 2020-04-16
0.62.3 - 2021-05-05
0.62.2 - 2020-04-08
0.62.1 - 2020-04-03
0.62.0 - 2020-03-26
0.62.0-rc.5 - 2020-03-07
0.62.0-rc.4 - 2020-03-06
0.62.0-rc.3 - 2020-02-25
0.62.0-rc.2 - 2020-02-13
0.62.0-rc.1 - 2020-01-21
0.62.0-rc.0 - 2019-12-18
0.61.5 - 2019-11-23
0.61.4 - 2019-11-04
0.61.3 - 2019-10-29
0.61.2 - 2019-10-02
0.61.1 - 2019-09-25
0.61.0 - 2019-09-24
0.61.0-rc.3 - 2019-09-10
0.61.0-rc.2 - 2019-09-04
0.61.0-rc.0 - 2019-08-27
0.60.6 - 2019-09-24
0.60.5 - 2019-08-13
0.60.4 - 2019-07-18
0.60.3 - 2019-07-11
0.60.2 - 2019-07-11
0.60.1 - 2019-07-11
0.60.0 - 2019-07-03
0.60.0-rc.3 - 2019-06-28
0.60.0-rc.2 - 2019-06-20
0.60.0-rc.1 - 2019-06-10
0.60.0-rc.0 - 2019-05-30
0.59.10 - 2019-07-02
0.59.9 - 2019-06-05
0.59.8 - 2019-05-08
0.59.7 - 2019-05-08
0.59.6 - 2019-04-18
0.59.5 - 2019-04-17
0.59.4 - 2019-04-08
0.59.3 - 2019-04-01
0.59.2 - 2019-03-25
0.59.1 - 2019-03-14
0.59.0 - 2019-03-12
0.59.0-rc.3 - 2019-02-27
0.59.0-rc.2 - 2019-02-18
0.59.0-rc.1 - 2019-02-15
0.59.0-rc.0 - 2019-02-13
0.58.6 - 2019-02-28
0.58.5 - 2019-02-19
0.58.4 - 2019-02-06
0.58.3 - 2019-01-28
0.58.2 - 2019-01-28
0.58.1 - 2019-01-25
0.58.0 - 2019-01-24
0.58.0-rc.3 - 2019-01-17
0.58.0-rc.2 - 2018-12-18
0.58.0-rc.1 - 2018-12-06
0.58.0-rc.0 - 2018-11-22
0.57.8 - 2018-12-13
0.57.7 - 2018-11-27
0.57.6 - 2018-11-26
0.57.5 - 2018-11-13
0.57.4 - 2018-10-25
0.57.3 - 2018-10-12
0.57.2 - 2018-10-04
0.57.1 - 2018-09-21
0.57.0 - 2018-09-12
0.57.0-rc.4 - 2018-09-06
0.57.0-rc.3 - 2018-08-24
0.57.0-rc.2 - 2018-08-22
0.57.0-rc.1 - 2018-08-22
0.57.0-rc.0 - 2018-08-16
0.56.1 - 2018-09-10
0.56.0 - 2018-07-04
0.56.0-rc.5 - 2018-07-04
0.56.0-rc.4 - 2018-06-27
0.56.0-rc.3 - 2018-06-22
0.56.0-rc.2 - 2018-06-15
0.56.0-rc.1 - 2018-06-13
0.56.0-rc - 2018-06-11
0.55.4 - 2018-05-08
0.55.3 - 2018-04-17
0.55.2 - 2018-04-09
0.55.1 - 2018-04-05
0.55.0 - 2018-04-03
0.55.0-rc.2 - 2018-03-29
0.55.0-rc.1 - 2018-03-21
0.55.0-rc.0 - 2018-03-13
0.54.4 - 2018-03-29
0.54.3 - 2018-03-26
0.54.2 - 2018-03-12
0.54.1 - 2018-03-10
0.54.0 - 2018-03-01
0.54.0-rc.4 - 2018-02-27
0.54.0-rc.3 - 2018-02-13
0.54.0-rc.2 - 2018-02-12
0.54.0-rc.0 - 2018-02-12
0.53.3 - 2018-02-20
0.53.2 - 2018-02-19
0.53.0 - 2018-02-05
0.53.0-rc.0 - 2018-01-10
0.52.3 - 2018-02-19
0.52.2 - 2018-01-26
0.52.1 - 2018-01-22
0.52.0 - 2018-01-08
0.52.0-rc.0 - 2017-12-18
0.51.1 - 2018-02-19
0.51.0 - 2017-12-06

from react-native GitHub release notes

Commit messages

Package name: react-native

3978b7c [0.71.1] Bump version numbers
6734d92 fix: ReactRootView checkForKeyboardEvents to check if rootInsets are set (#35869)
416463c [LOCAL]Bump RNGP
b868970 [LOCAL] bump CLI to 10.1.3
56423e2 [LOCAL] bump CLI to 10.1.2 for Android fixes
36e9d87 Bump CMake to 3.22.1 to properly honor CMAKE_BUILD_TYPE (#35857)
1d64766 Fix for resources not correctly bundlded on release appbundles (#35872)
e4051c6 RNGP - Honor the --active-arch-only when configuring the NDK (#35860)
89be5ab feat: add initialProps property to RCTAppDelegate (#35848)
38e5fa6 [LOCAL] build: remove deprecated File.exists() method from Hermes podspec. (#35853)
3d8152e Exclude `react-native-flipper` when `NO_FLIPPER=1` to prevent iOS build fail (#35686)
7bdeed6 Add jsinspector prefab target (#35796)
44f81c0 Fix RCTAlertController not showing when using SceneDelegate on iOS 13.0+ (#35716)
6bdde47 Null Exception Handling | Input Validation - RCTAlertController - RCTDevLoadingView (#35689)
870ce57 fix: fix the potential race condition when dismissing and presentating modal (#35705)
c6bfbf9 Fix build errors when inheriting RCTAppDelegate in Swift modules (#35661)
112bfee Switch order of onSelectionChange and onChange events on iOS (#35603)
77b977f chore: fix typo in build.gradle (#35209)
df7c92f [LOCAL] fix(cli,metro,babel): bump cli and metro and babel to fix Windows+Metro issue (#35786)
5f3c1e1 fix(scripts): add logic for version scripts to account for local E2E test versioning (#35847)
4f94577 Remove PAT_TOKEN and PAT_USERNAME from CircleCI (#35808)
5a251ba [0.71.0] Bump version numbers
7dee5e7 [0.71.0-rc.6] Bump version numbers
06e8577 Update fingerprint for SSH deploy key (#35791)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade react-native from 0.51.0 to 0.71.1. See this package in npm: https://www.npmjs.com/package/react-native See this project in Snyk: https://app.snyk.io/org/cgoochheadstorm.com/project/c5784d1e-f41d-4c59-b6d5-d0f46acae4d6?utm_source=github&utm_medium=referral&page=upgrade-pr

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade react-native from 0.51.0 to 0.71.1 #1

[Snyk] Upgrade react-native from 0.51.0 to 0.71.1 #1

snyk-bot commented Feb 12, 2023

Added

Android specific

iOS specific

Changed

Fixed

Android specific

iOS specific

⚙️ Technical Release

How To Test

Help us testing 🧪

Golden Release Candidate

How To Test

Help us testing 🧪

How To Test

Help us testing 🧪

Fixes

Android Specific

iOS Specific

Added

Android

Hotfix

[Snyk] Upgrade react-native from 0.51.0 to 0.71.1 #1

Are you sure you want to change the base?

[Snyk] Upgrade react-native from 0.51.0 to 0.71.1 #1

Conversation

snyk-bot commented Feb 12, 2023

Snyk has created this PR to upgrade react-native from 0.51.0 to 0.71.1.

Added

Android specific

iOS specific

Changed

Fixed

Android specific

iOS specific

⚙️ Technical Release

How To Test

Help us testing 🧪

Golden Release Candidate

How To Test

Help us testing 🧪

How To Test

Help us testing 🧪

Fixes

Android Specific

iOS Specific

Added

Android

Hotfix