Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
deps: Upgrade react-native-webview to 11.6.4, the latest.
To get a version that has the React Native peer dep range bumped to include React Native v0.64, which we hope to upgrade to soon (zulip#4426). There is one announced breaking change for Android; the `setSupportMultipleWindows` prop is introduced, defaulting to `true` [1]. This is to "mitigate the security advisory CVE-2020-6506". The advisory says, "This vulnerability affects React Native apps which use a react-native-webview that allows navigation to arbitrary URLs, and when that app runs on systems with an Android WebView version prior to 83.0.4103.106." I'm skeptical that we were affected, because I don't think we allow navigation to arbitrary URLs; see our comments on our use of the `originWhitelist` and `onShouldStartLoadWithRequest` props. But good that they're addressing reported vulnerabilities. [1] https://github.com/react-native-webview/react-native-webview/releases/tag/v11.0.0
- Loading branch information