Merge branch '0.66-stable' into v8_performance_now_fix

Author: msgharpu

.ado/templates/react-native-macos-init.yml

@@ -81,15 +81,10 @@ steps:
       npx beachball publish --branch origin/$(System.PullRequest.TargetBranch) --no-push --registry http://localhost:4873 --yes --access public
     displayName: Publish react-native-macos-init to verdaccio
 
-  - task: CmdLine@2
-    displayName: Install react-native cli
-    inputs:
-      script: npm install -g react-native-cli
-
   - task: CmdLine@2
     displayName: Init new project
     inputs:
-      script: npx react-native init testcli
+      script: npx --yes react-native@0.66.4 init testcli --template react-native@0.66.4
       workingDirectory: $(Agent.BuildDirectory)
 
   - task: CmdLine@2

android-patches/patches/V8/packages/rn-tester/android/app/build.gradle

@@ -0,0 +1,14 @@
+diff --git a/packages/rn-tester/android/app/build.gradle b/packages/rn-tester/android/app/build.gradle
+index 7f04213604..aeaad944c7 100644
+--- a/packages/rn-tester/android/app/build.gradle
++++ b/packages/rn-tester/android/app/build.gradle
+@@ -151,6 +151,9 @@ android {
+         jsc {
+             dimension "vm"
+         }
++        v8 {
++            dimension "vm"
++        }
+     }
+ 
+     defaultConfig {

android-patches/patches/V8/packages/rn-tester/android/app/src/main/java/com/facebook/react/uiapp/RNTesterApplication.java

@@ -0,0 +1,56 @@
+diff --git a/packages/rn-tester/android/app/src/main/java/com/facebook/react/uiapp/RNTesterApplication.java b/packages/rn-tester/android/app/src/main/java/com/facebook/react/uiapp/RNTesterApplication.java
+index 6d014d9dac..6c4b7663f8 100644
+--- a/packages/rn-tester/android/app/src/main/java/com/facebook/react/uiapp/RNTesterApplication.java
++++ b/packages/rn-tester/android/app/src/main/java/com/facebook/react/uiapp/RNTesterApplication.java
+@@ -7,10 +7,14 @@
+ 
+ package com.facebook.react.uiapp;
+ 
++import static com.facebook.react.modules.systeminfo.AndroidInfoHelpers.getFriendlyDeviceName;
++
+ import android.app.Application;
+ import android.content.Context;
+ import androidx.annotation.Nullable;
+ import com.facebook.fbreact.specs.SampleTurboModule;
++import com.facebook.hermes.reactexecutor.HermesExecutorFactory;
++import com.facebook.react.jscexecutor.JSCExecutorFactory;
+ import com.facebook.react.ReactApplication;
+ import com.facebook.react.ReactInstanceManager;
+ import com.facebook.react.ReactNativeHost;
+@@ -22,6 +26,7 @@ import com.facebook.react.bridge.JSIModuleProvider;
+ import com.facebook.react.bridge.JSIModuleSpec;
+ import com.facebook.react.bridge.JSIModuleType;
+ import com.facebook.react.bridge.JavaScriptContextHolder;
++import com.facebook.react.bridge.JavaScriptExecutorFactory;
+ import com.facebook.react.bridge.NativeModule;
+ import com.facebook.react.bridge.ReactApplicationContext;
+ import com.facebook.react.bridge.UIManager;
+@@ -35,6 +40,7 @@ import com.facebook.react.module.model.ReactModuleInfoProvider;
+ import com.facebook.react.shell.MainReactPackage;
+ import com.facebook.react.uimanager.ViewManagerRegistry;
+ import com.facebook.react.views.text.ReactFontManager;
++import com.facebook.react.v8executor.V8ExecutorFactory;
+ import com.facebook.soloader.SoLoader;
+ import java.lang.reflect.InvocationTargetException;
+ import java.util.ArrayList;
+@@ -47,6 +53,20 @@ public class RNTesterApplication extends Application implements ReactApplication
+ 
+   private final ReactNativeHost mReactNativeHost =
+       new ReactNativeHost(this) {
++        @Override
++        public JavaScriptExecutorFactory getJavaScriptExecutorFactory() {
++          if (BuildConfig.FLAVOR.equals("hermes")) {
++            return new HermesExecutorFactory();
++          } else if (BuildConfig.FLAVOR.equals("v8")) {
++            return new V8ExecutorFactory(getApplication().getPackageName(), getFriendlyDeviceName());
++          } else if (BuildConfig.FLAVOR.equals("jsc")) {
++            SoLoader.loadLibrary("jscexecutor");
++            return new JSCExecutorFactory(getApplication().getPackageName(), getFriendlyDeviceName());
++          } else {
++            throw new IllegalArgumentException("Missing handler in getJavaScriptExecutorFactory for build flavor: " + BuildConfig.FLAVOR);
++          }
++        }
++
+         @Override
+         public String getJSMainModuleName() {
+           return "packages/rn-tester/js/RNTesterApp.android";

package.json

@@ -214,11 +214,13 @@
   "resolutions": {
     "async": "^3.2.2",
     "es5-ext": "0.10.53",
+    "shell-quote": "^1.7.3",
     "workspace-tools": "^0.18.4"
   },
   "_justification": {
     "async": "Versions of async prior to 3.2.2 are vulnerable to prototype pollution",
     "es5-ext": "Packages after 0.10.54 and at the moment up until 0.10.59 contain a protest message. A policy prevents us from using packages with protestware, therefore downgrading to the latest release without the message.",
+    "shell-quote": "Versions prior to 1.7.3 have an RCE vulnerability. Should be removable once we upgrade CLI tools to ^8.0.0 with RN 0.69.",
     "workspace-tools": "Versions prior to 0.18.4 are vulnerable to command injection and prototype pollution attacks"
   }
 }

yarn.lock

@@ -1778,19 +1778,14 @@ array-each@^1.0.0, array-each@^1.0.1:
   resolved "https://registry.yarnpkg.com/array-each/-/array-each-1.0.1.tgz#a794af0c05ab1752846ee753a1f211a05ba0c44f"
   integrity sha1-p5SvDAWrF1KEbudTofIRoFugxE8=
 
-array-filter@~0.0.0:
-  version "0.0.1"
-  resolved "https://registry.yarnpkg.com/array-filter/-/array-filter-0.0.1.tgz#7da8cf2e26628ed732803581fd21f67cacd2eeec"
-  integrity sha1-fajPLiZijtcygDWB/SH2fKzS7uw=
-
 array-includes@^3.0.3, array-includes@^3.1.1, array-includes@^3.1.4:
-  version "3.1.4"
-  resolved "https://registry.yarnpkg.com/array-includes/-/array-includes-3.1.4.tgz#f5b493162c760f3539631f005ba2bb46acb45ba9"
-  integrity sha512-ZTNSQkmWumEbiHO2GF4GmWxYVTiQyJy2XOTa15sdQSrvKn7l+180egQMqlrMOUMCyLMD7pmyQe4mMDUT6Behrw==
+  version "3.1.5"
+  resolved "https://registry.yarnpkg.com/array-includes/-/array-includes-3.1.5.tgz#2c320010db8d31031fd2a5f6b3bbd4b1aad31bdb"
+  integrity sha512-iSDYZMMyTPkiFasVqfuAQnWAYcvO/SeBSCGKePoEthjp4LEMTe4uLc7b025o4jAZpHhihh8xPo99TNWUWWkGDQ==
   dependencies:
     call-bind "^1.0.2"
-    define-properties "^1.1.3"
-    es-abstract "^1.19.1"
+    define-properties "^1.1.4"
+    es-abstract "^1.19.5"
     get-intrinsic "^1.1.1"
     is-string "^1.0.7"
 
@@ -1809,16 +1804,6 @@ array-last@^1.1.1:
   dependencies:
     is-number "^4.0.0"
 
-array-map@~0.0.0:
-  version "0.0.0"
-  resolved "https://registry.yarnpkg.com/array-map/-/array-map-0.0.0.tgz#88a2bab73d1cf7bcd5c1b118a003f66f665fa662"
-  integrity sha1-iKK6tz0c97zVwbEYoAP2b2ZfpmI=
-
-array-reduce@~0.0.0:
-  version "0.0.0"
-  resolved "https://registry.yarnpkg.com/array-reduce/-/array-reduce-0.0.0.tgz#173899d3ffd1c7d9383e4479525dbe278cab5f2b"
-  integrity sha1-FziZ0//Rx9k4PkR5Ul2+J4yrXys=
-
 array-slice@^1.0.0:
   version "1.1.0"
   resolved "https://registry.yarnpkg.com/array-slice/-/array-slice-1.1.0.tgz#e368ea15f89bc7069f7ffb89aec3a6c7d4ac22d4"
@@ -5330,11 +5315,6 @@ jsonfile@^4.0.0:
   optionalDependencies:
     graceful-fs "^4.1.6"
 
-jsonify@~0.0.0:
-  version "0.0.0"
-  resolved "https://registry.yarnpkg.com/jsonify/-/jsonify-0.0.0.tgz#2c74b6ee41d93ca51b7b5aaee8f503631d252a73"
-  integrity sha1-LHS27kHZPKUbe1qu6PUDYx0lKnM=
-
 jsprim@^1.2.2:
   version "1.4.2"
   resolved "https://registry.yarnpkg.com/jsprim/-/jsprim-1.4.2.tgz#712c65533a15c878ba59e9ed5f0e26d5b77c5feb"
@@ -5568,7 +5548,7 @@ lodash.truncate@^4.4.2:
   resolved "https://registry.yarnpkg.com/lodash.truncate/-/lodash.truncate-4.4.2.tgz#5a350da0b1113b837ecfffd5812cbe58d6eae193"
   integrity sha1-WjUNoLERO4N+z//VgSy+WNbq4ZM=
 
-lodash@^4.17.14, lodash@^4.17.15, lodash@^4.17.21, lodash@^4.17.5, lodash@^4.7.0:
+lodash@^4.17.15, lodash@^4.17.21, lodash@^4.17.5, lodash@^4.7.0:
   version "4.17.21"
   resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.21.tgz#679591c564c3bffaae8454cf0b3df370c3d6911c"
   integrity sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==
@@ -7441,17 +7421,7 @@ shebang-regex@^3.0.0:
   resolved "https://registry.yarnpkg.com/shebang-regex/-/shebang-regex-3.0.0.tgz#ae16f1644d873ecad843b0307b143362d4c42172"
   integrity sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==
 
-shell-quote@1.6.1:
-  version "1.6.1"
-  resolved "https://registry.yarnpkg.com/shell-quote/-/shell-quote-1.6.1.tgz#f4781949cce402697127430ea3b3c5476f481767"
-  integrity sha1-9HgZSczkAmlxJ0MOo7PFR29IF2c=
-  dependencies:
-    array-filter "~0.0.0"
-    array-map "~0.0.0"
-    array-reduce "~0.0.0"
-    jsonify "~0.0.0"
-
-shell-quote@^1.6.1, shell-quote@^1.7.2:
+shell-quote@1.6.1, shell-quote@^1.6.1, shell-quote@^1.7.2, shell-quote@^1.7.3:
   version "1.7.3"
   resolved "https://registry.yarnpkg.com/shell-quote/-/shell-quote-1.7.3.tgz#aa40edac170445b9a431e17bb62c0b881b9c4123"
   integrity sha512-Vpfqwm4EnqGdlsBFNmHhxhElJYrdfcxPThu+ryKS5J8L/fhAwLazFZtq+S+TWZ9ANj2piSQLGj6NQg+lKPmxrw==