[Snyk] Upgrade react-native from 0.63.3 to 0.72.4 #1143

NOUIY · 2023-09-04T15:55:22Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade react-native from 0.63.3 to 0.72.4.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 130 versions ahead of your current version.
The recommended version was released 21 days ago, on 2023-08-14.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	619/1000 Why? Has a fix available, CVSS 8.1	No Known Exploit
Prototype Pollution SNYK-JS-UNSETVALUE-2400660	619/1000 Why? Has a fix available, CVSS 8.1	No Known Exploit
Use After Free SNYK-JS-HERMESENGINE-1309667	619/1000 Why? Has a fix available, CVSS 8.1	No Known Exploit
Out-of-Bounds SNYK-JS-HERMESENGINE-1727253	619/1000 Why? Has a fix available, CVSS 8.1	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-REACTNATIVE-1298632	619/1000 Why? Has a fix available, CVSS 8.1	No Known Exploit
Cross-site Scripting (XSS) SNYK-JS-HERMESENGINE-1015406	619/1000 Why? Has a fix available, CVSS 8.1	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	619/1000 Why? Has a fix available, CVSS 8.1	Proof of Concept
Denial of Service (DoS) SNYK-JS-HERMESENGINE-2342071	619/1000 Why? Has a fix available, CVSS 8.1	No Known Exploit
Prototype Pollution SNYK-JS-HERMESENGINE-608850	619/1000 Why? Has a fix available, CVSS 8.1	No Known Exploit
Denial of Service (DoS) SNYK-JS-HERMESENGINE-629268	619/1000 Why? Has a fix available, CVSS 8.1	No Known Exploit
Out-of-Bounds SNYK-JS-HERMESENGINE-629748	619/1000 Why? Has a fix available, CVSS 8.1	No Known Exploit
Information Exposure SNYK-JS-NODEFETCH-2342118	619/1000 Why? Has a fix available, CVSS 8.1	No Known Exploit
Denial of Service SNYK-JS-NODEFETCH-674311	619/1000 Why? Has a fix available, CVSS 8.1	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: react-native

0.72.4 - 2023-08-14
Added

Android specific
- Native part of fixing ANR when having an inverted FlatList on android API 33+ (6d206a3f54 by @ hannojg)
- For targeting SDK 34 - Added RECEIVER_EXPORTED/RECEIVER_NOT_EXPORTED flag support in DevSupportManagerBase (177d97d8ea by @ apuruni)
Changed
- Bump cli and metro (40ea8ffcc7 by @ lunaleaps)
- Hermes bump for hermes-2023-08-07-RNv0.72.4-813b2def12bc9df026 (e9ea926ba3 by Luna Wei)
- Bump CLI to 11.3.6 (a3cfdf0a08 by @ szymonrybczak)
Fixed
- Allow string transform style in TypeScript (2558c3d4f5 by @ NickGerleman)
- Fix missing Platform in VirtualizedList (7aa8cd55be by Luna Wei)
- Mount react devtools overlay only when devtools are attached (03187b68e5 by @ hoxyq)
Android specific
- Remove option to paste rich text from Android EditText context menu (b1ceea456d by @ fabriziobertoglio1987)
- Fixed ScrollView not responding to Keyboard events when nested inside a KeyboardAvoidingView (c616148a05 by @ andreacassani)
- ANR when having an inverted FlatList on android API 33+ (3dd816c6b7 by @ hannojg)
You can participate in the conversation on the status of this release in this discussion.

To help you upgrade to this version, you can use the upgrade helper ⚛️

You can find the whole changelog history in the changelog.md file.
0.72.3 - 2023-07-12
Fixed

iOS specific
- Revert "Fix pod install for swift libs using new arch (#38121)" to fix build error with Xcode lower than Xcode 14.3 (8f41f25 by @ kelset)
You can participate in the conversation on the status of this release in this discussion.

To help you upgrade to this version, you can use the upgrade helper ⚛️

You can find the whole changelog history in the changelog.md file.
0.72.2 - 2023-07-11
Changed
- Remove deprecated stub types @ types/metro-config from template (63f78ea8de by @ kelset)
- Bump CLI to 11.3.5 and Metro do 0.76.7 (ba5fa9c394 by @ kelset)
- Bump @ react-native/metro-config to 0.72.9 (21daa6e790, f37386176 by @ kelset)
Android specific
- Remove okhttp3 internal util usage (3e3032636d by @ adrianha)
iOS specific
- Update logic to add and remove views in the view registry for the interop layer. (8d2eec367d by @ cipolleschi)
- Disable NSTextStorage caching in OSS (5bda54c1f1 by @ sammy-SC)
Fixed
- global.performance in undefined when starting metro from Expo CLI (0ccbd65581 by @ Kudo)
- Re-enabled debugging for debug builds (41477c898c by Matt Blagden)
- Add global hook to assert that base Metro config is called (29f2602ff9 by @ huntie)
Android specific
- Do not create RuntimeExecutor on non-JSI executors (#38125) (d73b61c7c7 by @ lunaleaps)
- Prevent crash on OnePlus/Oppo devices in runAnimationStep (a46a7cd1 by @ hsource)
iOS specific
- Fix build error when there are multiple EXTRA_COMPILER_ARGS (28f4ebab8a by @ fergusean)
- Build failure with pnpm and use_frameworks! due to incorrect header paths (58adc5e4b9 by evelant)
- Fix onChangeText not firing when clearing the value of TextInput with multiline=true on iOS (0c9c57a9f7 by @ kkoudev)
- Fix pod install for libraries using Swift code when the new architecture is enabled (a4a0655496 by @ louiszawadzki)
⚠️ we are aware of an issue with building iOS apps with Xcode 14.2, please refer to this issue for more details and updates.

You can participate in the conversation on the status of this release in this discussion.

To help you upgrade to this version, you can use the upgrade helper ⚛️

You can find the whole changelog history in the changelog.md file.
0.72.1 - 2023-06-29
0.72.0 - 2023-06-21
0.72.0-rc.6 - 2023-06-13
0.72.0-rc.5 - 2023-06-01
0.72.0-rc.4 - 2023-05-31
0.72.0-rc.3 - 2023-05-11
0.72.0-rc.2 - 2023-05-04
0.72.0-rc.1 - 2023-04-05
0.72.0-rc.0 - 2023-03-20
0.71.13 - 2023-08-22
Added

Android specific
- For targeting SDK 34 - Added RECEIVER_EXPORTED/RECEIVER_NOT_EXPORTED flag support in DevSupportManagerBase (177d97d8ea by @ apuruni)
iOS specific
- Added support to inline the source map via RCTBundleURLProvider
  (f7219ec02d by @ Saadnajmi)
Fixed
- Fix: mount devtools overlay only if react devtools are connected (b3c7a5d4cc by @ hoxyq)
iOS specific
- Fix onChangeText not firing when clearing the value of TextInput with multiline=true on iOS (0c9c57a9f7 by @ kkoudev)
You can participate in the conversation on the status of this release in this discussion.

To help you upgrade to this version, you can use the upgrade helper ⚛️

You can find the whole changelog history in the changelog.md file.
0.71.12 - 2023-07-04
Fixed
- Prevent LogBox from crashing on very long messages (cd56347dca by @ motiz88)
Android specific
- Added CSS logical properties by mapping layout props (2b06a75631 by @ NickGerleman and @ AlexanderEggers) to fix view flattening on Android.
iOS specific
- fix pod install --project-directory=ios failing (fc1abe1d69 by @ tido64)
You can participate in the conversation on the status of this release in this discussion.

To help you upgrade to this version, you can use the upgrade helper ⚛️

You can find the whole changelog history in the changelog.md file.
0.71.11 - 2023-06-14
0.71.10 - 2023-06-07
0.71.9 - 2023-06-07
0.71.8 - 2023-05-10
0.71.7 - 2023-04-19
0.71.6 - 2023-04-03
0.71.5 - 2023-03-29
0.71.4 - 2023-03-08
0.71.3 - 2023-02-14
0.71.2 - 2023-02-01
0.71.1 - 2023-01-19
0.71.0 - 2023-01-12
0.71.0-rc.6 - 2023-01-09
0.71.0-rc.5 - 2022-12-19
0.71.0-rc.4 - 2022-12-14
0.71.0-rc.3 - 2022-11-30
0.71.0-rc.2 - 2022-11-24
0.71.0-rc.1 - 2022-11-23
0.71.0-rc.0 - 2022-11-04
0.70.13 - 2023-07-28
Fixed
- Fix: bumped CLI to address broken backward compatibility (549ff6380a by @ Titozzz)
You can participate in the conversation on the status of this release in this discussion.

To help you upgrade to this version, you can use the upgrade helper ⚛️

You can find the whole changelog history in the changelog.md file.
0.70.12 - 2023-07-05
Fixed

iOS specific
- Prefer Content-Location header in bundle response as JS source URL (671ea383fe by @ robhogan) to address #36794
You can participate in the conversation on the status of this release in this discussion.

To help you upgrade to this version, you can use the upgrade helper ⚛️

You can find the whole changelog history in the changelog.md file.
0.70.11 - 2023-07-04
Changed
- Bump CLI to 9.3.3 and Metro do 0.72.4 (2a9d71dc34 by @ kelset) to address #36794
You can participate in the conversation on the status of this release in this discussion

To help you upgrade to this version, you can use the upgrade helper ⚛️

You can find the whole changelog history in the changelog.md file.
0.70.10 - 2023-06-08
0.70.9 - 2023-04-19
0.70.8 - 2023-04-04
0.70.7 - 2023-01-31
0.70.6 - 2022-11-15
0.70.5 - 2022-11-06
0.70.4 - 2022-10-25
0.70.3 - 2022-10-12
0.70.2 - 2022-10-04
0.70.1 - 2022-09-15
0.70.0 - 2022-09-05
0.70.0-rc.4 - 2022-08-22
0.70.0-rc.3 - 2022-08-15
0.70.0-rc.2 - 2022-08-04
0.70.0-rc.1 - 2022-07-28
0.70.0-rc.0 - 2022-07-15
0.69.12 - 2023-07-04
Changed
- [0.69] Bump CLI to ^8.0.7, Metro to 0.70.4 (56807fadfa by @ robhogan)
iOS specific
- [0.69] Use Content-Location header in bundle response as JS source URL (#37501) (367fc7ad52 by @ robhogan)
Fixed

Android specific
- Prevent crash in runAnimationStep on OnePlus and Oppo devices (#37487) (4db7a10e25 by @ hsource)
0.69.12 is the latest patch the Release Crew will prepare for version 0.69. You can have a look at the latest discussion.

To help you upgrade to this version, you can use the upgrade helper ⚛️

You can find the whole changelog history in the changelog.md file.
0.69.11 - 2023-06-08
0.69.10 - 2023-04-25
0.69.9 - 2023-04-04
0.69.8 - 2023-01-30
0.69.7 - 2022-11-06
0.69.6 - 2022-09-27
0.69.5 - 2022-08-25
0.69.4 - 2022-08-08
0.69.3 - 2022-07-25
0.69.2 - 2022-07-20
0.69.1 - 2022-06-29
0.69.0 - 2022-06-22
0.69.0-rc.6 - 2022-06-01
0.69.0-rc.5 - 2022-05-31
0.69.0-rc.4 - 2022-05-31
0.69.0-rc.3 - 2022-05-24
0.69.0-rc.2 - 2022-05-20
0.69.0-rc.1 - 2022-05-11
0.69.0-rc.0 - 2022-04-28
0.68.7 - 2023-04-26
0.68.6 - 2023-01-30
0.68.5 - 2022-11-06
0.68.4 - 2022-10-10
0.68.3 - 2022-08-08
0.68.2 - 2022-05-09
0.68.1 - 2022-04-13
0.68.0 - 2022-03-30
0.68.0-rc.4 - 2022-03-25
0.68.0-rc.3 - 2022-03-17
0.68.0-rc.2 - 2022-02-24
0.68.0-rc.1 - 2022-02-03
0.68.0-rc.0 - 2022-01-28
0.67.5 - 2022-11-06
0.67.4 - 2022-03-18
0.67.3 - 2022-02-22
0.67.2 - 2022-01-31
0.67.1 - 2022-01-20
0.67.0 - 2022-01-18
0.67.0-rc.6 - 2021-12-14
0.67.0-rc.5 - 2021-12-06
0.67.0-rc.4 - 2021-11-30
0.67.0-rc.3 - 2021-11-05
0.67.0-rc.2 - 2021-10-25
0.67.0-rc.1 - 2021-10-22
0.67.0-rc.0 - 2021-10-16
0.66.5 - 2022-11-06
0.66.4 - 2021-12-09
0.66.3 - 2021-11-10
0.66.2 - 2021-11-04
0.66.1 - 2021-10-15
0.66.0 - 2021-10-01
0.66.0-rc.4 - 2021-09-24
0.66.0-rc.3 - 2021-09-17
0.66.0-rc.2 - 2021-09-10
0.66.0-rc.1 - 2021-09-01
0.66.0-rc.0 - 2021-08-27
0.65.3 - 2022-11-06
0.65.2 - 2021-11-04
0.65.1 - 2021-08-19
0.65.0 - 2021-08-17
0.65.0-rc.4 - 2021-08-11
0.65.0-rc.3 - 2021-07-23
0.65.0-rc.2 - 2021-06-18
0.65.0-rc.1 - 2021-06-17
0.65.0-rc.0 - 2021-06-09
0.64.4 - 2022-11-07
0.64.3 - 2021-11-04
0.64.2 - 2021-06-03
0.64.1 - 2021-05-05
0.64.0 - 2021-03-12
0.64.0-rc.4 - 2021-03-01
0.64.0-rc.3 - 2021-02-05
0.64.0-rc.2 - 2020-12-18
0.64.0-rc.1 - 2020-11-25
0.64.0-rc.0 - 2020-11-23
0.63.5 - 2022-11-07
0.63.4 - 2020-11-30
0.63.3 - 2020-09-29

from react-native GitHub release notes

Commit messages

Package name: react-native

ff27568 [0.72.4] Bump version numbers
fe804b8 bumped packages versions
c7073fd Change comment in @ react-native/metro-config to trigger a release bump
f3e7572 bumped packages versions
9f79218 Reorder test imports in @ react-native/virtualized-lists to trigger a release bump
768c960 Pass hitSlop prop into TextInput Pressability config (Pass hitSlop into usePressability facebook/react-native#38857)
2f6c200 [LOCAL] Fix broken Android tests for 0.72 ([LOCAL] Fix broken Android tests for 0.72 facebook/react-native#38926)
40ea8ff Bump cli and metro (Bump cli and metro facebook/react-native#38898)
5f503b8 Restore checking shadow tree commit cancellation after commit hook execution (Restore checking shadow tree commit cancellation after commit hook execution facebook/react-native#38715)
4f8c87c [LOCAL] Fabric Interop - Properly dispatch integer commands (Fabric Interop - Properly dispatch integer commands facebook/react-native#38527) ([LOCAL] Fabric Interop - Properly dispatch integer commands (#38527) facebook/react-native#38835)
7aa8cd5 Fix missing Platform in VirtualizedList
e9ea926 Hermes bump for hermes-2023-08-07-RNv0.72.4-813b2def12bc9df026
5b45e97 Remove option to paste rich text from Android EditText context menu (Remove option to paste rich text from Android EditText context menu facebook/react-native#38189)
a601b22 fix: Correctly assign the `hermes-engine` pod tag when installing pods from a different folder (fix: Correctly assign the hermes-engine pod tag when installing pods from a different folder facebook/react-native#38754)
3350dd8 Fix Android ScrollView not responding to Keyboard events when nested inside a KeyboardAvoidingView (Fix Android ScrollView not responding to Keyboard events when nested inside a KeyboardAvoidingView facebook/react-native#38728)
7aed30a Fabric Interop - Also normalize direct events (Fabric Interop - Also normalize direct events facebook/react-native#38352)
e4429fa Add workaround fix for [Android] Inverted FlatList + Text Input causing ANR on android 13 facebook/react-native#35350 (Add workaround fix for #35350 facebook/react-native#38073)
22c9739 Add workaround for android API 33 ANR when inverting ScrollView ([Native part] Add workaround for android API 33 ANR when inverting ScrollView facebook/react-native#38071)
3cf94df For targeting SDK 34 - Added RECEIVER_EXPORTED/RECEIVER_NOT_EXPORTED flag support in DevSupportManagerBase (For targeting SDK 34 - Added RECEIVER_EXPORTED/RECEIVER_NOT_EXPORTED flag support in DevSupportManagerBase facebook/react-native#38256)
938bd78 Allow string `transform` style in TypeScript (Allow string transform style in TypeScript facebook/react-native#37569)
e907337 Add enterKeyHint in TextInput type declaration (Add enterKeyHint in TextInput type declaration facebook/react-native#37624)
a3cfdf0 Bump CLI to 11.3.6 (Bump CLI to 11.3.6 facebook/react-native#38778)
03187b6 fix[AppContainer]: mount react devtools overlay only when devtools are attached (fix[AppContainer]: mount react devtools overlay only when devtools are attached facebook/react-native#38785)
79c4ec1 [LOCAL] Port CircleCI Artifact downloads to speed up release testing to 0.72 (Port CircleCI Artifact downloads to speed up release testing to 0.72 facebook/react-native#38553)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade react-native from 0.63.3 to 0.72.4. See this package in npm: https://www.npmjs.com/package/react-native See this project in Snyk: https://app.snyk.io/org/nexuscompute/project/0222b3fd-d039-47e2-9aa3-18449fae0cf0?utm_source=github&utm_medium=referral&page=upgrade-pr

[Snyk] Upgrade react-native from 0.63.3 to 0.72.4 #1143

Are you sure you want to change the base?

[Snyk] Upgrade react-native from 0.63.3 to 0.72.4 #1143

Uh oh!

Conversation

NOUIY commented Sep 4, 2023

Snyk has created this PR to upgrade react-native from 0.63.3 to 0.72.4.

Added

Android specific

Changed

Fixed

Android specific

Fixed

iOS specific

Changed

Android specific

iOS specific

Fixed

Android specific

iOS specific

Added

Android specific

iOS specific

Fixed

iOS specific

Fixed

Android specific

iOS specific

Fixed

Fixed

iOS specific

Changed

Changed

iOS specific

Fixed

Android specific

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants