[Snyk] Upgrade react-native from 0.63.3 to 0.68.2 #220

snyk-bot · 2022-05-30T23:48:55Z

Snyk has created this PR to upgrade react-native from 0.63.3 to 0.68.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 48 versions ahead of your current version.
The recommended version was released 22 days ago, on 2022-05-09.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Regular Expression Denial of Service (ReDoS) SNYK-JS-REACTNATIVE-1298632	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Out-of-Bounds SNYK-JS-HERMESENGINE-1727253	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Use After Free SNYK-JS-HERMESENGINE-1309667	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Denial of Service SNYK-JS-NODEFETCH-674311	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Information Exposure SNYK-JS-NODEFETCH-2342118	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Out-of-Bounds SNYK-JS-HERMESENGINE-629748	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Denial of Service (DoS) SNYK-JS-HERMESENGINE-629268	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Prototype Pollution SNYK-JS-HERMESENGINE-608850	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Denial of Service (DoS) SNYK-JS-HERMESENGINE-2342071	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Cross-site Scripting (XSS) SNYK-JS-HERMESENGINE-1015406	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: react-native

0.68.2 - 2022-05-09

Changed
- Bump used version of react-native-codegen to 0.0.17 (dfda480a98 by @ cortinico)
- Bump react-native-codegen to 0.0.17 (a5ddc2e165 by @ cortinico)
Fixed

Android specific
- Working around Long paths limitation on Windows (62ef6f5fa1 by @ mganandraj)
You can participate in the conversation on the status of this release in this discussion

To help you upgrade to this version, you can use the upgrade helper ⚛️

You can find the whole changelog history in the changelog.md file.
0.68.1 - 2022-04-13
Changed

Android specific
- Bump React Native Gradle plugin to 0.0.6 (9573d7b84d by @ cortinico)
- Don't require yarn for codegen tasks (d5da70e17e by @ danilobuerger)
Fixed
- Fix dynamic_cast (RTTI) by adding key function to ShadowNodeWrapper and related classes (58a2eb7f37 by @ kmagiera)
- Pin use-subscription to < 1.6.0 (5534634892 by @ danilobuerger)
Android specific
- Use NDK 23 only for Windows users. (e48a580080 by @ cortinico)
- Improve support for Android users on M1 machine (4befd2a29c by @ cortinico)
- Template: Specify abiFilters if enableSeparateBuildPerCPUArchitecture is not set. (5dff920177 by @ cortinico)
- Fix for building new architecture sources on Windows (5a8033df98 by @ mganandraj)
You can participate in the conversation on the status of this release at this discussion

To help you upgrade to this version, you can use the upgrade helper ⚛️

You can find the whole changelog history in the changelog.md file.
0.68.0 - 2022-03-30
0.68 stable is out!

This release includes 614 commits by 68 contributors! Thank you to all our contributors new and old! You can find the full changelog here.
- See the highlights of the release in our release blog post.
- You can participate in the conversation on the status of this release at this issue.
- You can upgrade to this version using the upgrade helper webtool ⚛️
0.68.0-rc.4 - 2022-03-25
Includes fixes to Flipper setup on iOS.

To test it, run:
```
npx react-native init RN068RC4 --version 0.68.0-rc.4
```
Please be aware that with 0.68, JDK 11 is required for Android compilation.

You can participate in the conversation on the status of this release in the working group discussion.

To help you upgrade to this version, you can use the upgrade helper ⚛️

See changes from this release in the changelog PR
0.68.0-rc.3 - 2022-03-17
0.68.0-rc.2 - 2022-02-24
0.68.0-rc.1 - 2022-02-03
0.68.0-rc.0 - 2022-01-28
0.67.4 - 2022-03-18
Fixed

Android specific
- Added a null check to native.value in Switch to fix #32594 (8d50bf1133 by @ jonathanmos)
You can participate in the conversation on the status of this release at this discussion

To help you upgrade to this version, you can use the upgrade helper ⚛️

You can find the whole changelog history in the changelog.md file.
0.67.3 - 2022-02-22
0.67.2 - 2022-01-31
0.67.1 - 2022-01-20
0.67.0 - 2022-01-18
0.67.0-rc.6 - 2021-12-14
0.67.0-rc.5 - 2021-12-06
0.67.0-rc.4 - 2021-11-30
0.67.0-rc.3 - 2021-11-05
0.67.0-rc.2 - 2021-10-25
0.67.0-rc.1 - 2021-10-22
0.67.0-rc.0 - 2021-10-16
0.66.4 - 2021-12-09
0.66.3 - 2021-11-10
0.66.2 - 2021-11-04
0.66.1 - 2021-10-15
0.66.0 - 2021-10-01
0.66.0-rc.4 - 2021-09-24
0.66.0-rc.3 - 2021-09-17
0.66.0-rc.2 - 2021-09-10
0.66.0-rc.1 - 2021-09-01
0.66.0-rc.0 - 2021-08-27
0.65.2 - 2021-11-04
0.65.1 - 2021-08-19
0.65.0 - 2021-08-17
0.65.0-rc.4 - 2021-08-11
0.65.0-rc.3 - 2021-07-23
0.65.0-rc.2 - 2021-06-18
0.65.0-rc.1 - 2021-06-17
0.65.0-rc.0 - 2021-06-09
0.64.3 - 2021-11-04
0.64.2 - 2021-06-03
0.64.1 - 2021-05-05
0.64.0 - 2021-03-12
0.64.0-rc.4 - 2021-03-01
0.64.0-rc.3 - 2021-02-05
0.64.0-rc.2 - 2020-12-18
0.64.0-rc.1 - 2020-11-25
0.64.0-rc.0 - 2020-11-23
0.63.4 - 2020-11-30
0.63.3 - 2020-09-29

from react-native GitHub release notes

Commit messages

Package name: react-native

72e1eda [0.68.2] Bump version numbers
dfda480 Bump used version of react-native-codegen to 0.0.17
a5ddc2e Bump react-native-codegen to 0.0.17
62ef6f5 [Main][Windows] Working around Long paths limitation on Windows ([Main][Windows] Working around Long paths limitation on Windows facebook/react-native#33707)
b5f1b26 [0.68.1] Bump version numbers
48113b5 Merge pull request Update yarn.lock with the new react-native-gradle-plugin version facebook/react-native#33628 from fortmarek/fix/yarn-lock-gradle-plugin
faaf256 Update yarn.lock with the new react-native-gradle-plugin version
387ee70 Use NDK 23 only for Windows users. (Use NDK 23 only for Windows users. facebook/react-native#33611)
3fd3fe0 react-native-gradle-plugin should not depend on react-native-codegen NPM package
fdd7848 Replaced windowsAwareYarn with windowsAwareCommandLine for node calls (Replaced windowsAwareYarn with windowsAwareCommandLine for node calls facebook/react-native#33530)
1f48b7b Bump React Native Gradle plugin to 0.0.6 (Bump React Native Gradle plugin to 0.0.6 facebook/react-native#33581)
6268836 Improve support for Android users on M1 machine (Improve support for Android users on M1 machine facebook/react-native#33588)
9efcaff Pin use-subscription to < 1.6.0 (Pin use-subscription to < 1.6.0 facebook/react-native#33541)
8400590 Template: Specify abiFilters if enableSeparateBuildPerCPUArchitecture is not set.
a5c44e6 Fix dynamic_cast (RTTI) by adding key function to ShadowNodeWrapper and related classes (Fix dynamic_cast (RTTI) by adding key function to ShadowNodeWrapper and related classes facebook/react-native#33500)
44ee801 Merge pull request Building new architecture sources on Windows facebook/react-native#33582 from mganandraj/NewArchWinBuild
5a8033d Fix for building new architecture sources on Windows
51f5ea1 [0.68.0] Bump version numbers
a4a6e23 [0.68.0-rc.4] Bump version numbers
e645629 Enable SonarKit and Flipper in React-Core (Enable SonarKit and Flipper in React-Core facebook/react-native#33499)
b3f19d7 [0.68.0-rc.3] Bump version numbers
cb28a26 Bump Flipper-Glog to 0.5.0.4
4163386 fix(ios, flipper): update flipper sub-pods to support macCatalyst (fix(ios, flipper): update flipper sub-pods to support macCatalyst facebook/react-native#33406)
ccd1708 Re-apply: Consider relative to pwd installation root when looking for files in rn module via cocoapods (Re-apply: Consider relative to pwd installation root when looking for files in rn module via cocoapods facebook/react-native#33427)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade react-native from 0.63.3 to 0.68.2. See this package in npm: https://www.npmjs.com/package/react-native See this project in Snyk: https://app.snyk.io/org/nexuscompute/project/0222b3fd-d039-47e2-9aa3-18449fae0cf0?utm_source=github&utm_medium=referral&page=upgrade-pr

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade react-native from 0.63.3 to 0.68.2 #220

[Snyk] Upgrade react-native from 0.63.3 to 0.68.2 #220

snyk-bot commented May 30, 2022

Changed

Fixed

Android specific

Changed

Android specific

Fixed

Android specific

Fixed

Android specific

[Snyk] Upgrade react-native from 0.63.3 to 0.68.2 #220

Are you sure you want to change the base?

[Snyk] Upgrade react-native from 0.63.3 to 0.68.2 #220

Conversation

snyk-bot commented May 30, 2022

Snyk has created this PR to upgrade react-native from 0.63.3 to 0.68.2.

Changed

Fixed

Android specific

Changed

Android specific

Fixed

Android specific

Fixed

Android specific