Security vulnerability in dependency

[bell-steven]

Environment

Expand

System:
    OS: macOS 10.15.4
    CPU: (4) x64 Intel(R) Core(TM) i5-6267U CPU @ 2.90GHz
    Memory: 20.56 MB / 8.00 GB
    Shell: 5.7.1 - /bin/zsh
  Binaries:
    Node: 13.9.0 - ~/.nvm/versions/node/v13.9.0/bin/node
    Yarn: 1.22.4 - /usr/local/bin/yarn
    npm: 6.13.7 - ~/.nvm/versions/node/v13.9.0/bin/npm
    Watchman: 4.9.0 - /usr/local/bin/watchman
  Managers:
    CocoaPods: 1.9.1 - /usr/local/bin/pod
  SDKs:
    iOS SDK:
      Platforms: iOS 13.4, DriverKit 19.0, macOS 10.15, tvOS 13.4, watchOS 6.2
    Android SDK:
      API Levels: 27, 28, 29
      Build Tools: 28.0.3, 29.0.2, 30.0.0
      System Images: android-29 | Google APIs Intel x86 Atom
      Android NDK: Not Found
  IDEs:
    Android Studio: 3.5 AI-191.8026.42.35.6010548
    Xcode: 11.4.1/11E503a - /usr/bin/xcodebuild
  Languages:
    Java: 1.8.0_242 - /usr/bin/javac
    Python: 2.7.17 - /usr/local/bin/python
  npmPackages:
    @react-native-community/cli: Not Found
    react: Not Found
    react-native: Not Found
  npmGlobalPackages:
    *react-native*: Not Found

Description

I created a clean project with npx react-native init and ran yarn audit.

This was the result:

Here is a link to the security advisory on NPM.

This is an upstream issue

I opened a [PR] in logkitty(zamotany/logkitty#22) so hopefully this will be resolved soon.

I will open a PR here once it has been patched in logkitty.

Reproducible Demo

npx react-native init newProject

yarn audit

[thymikee]

It's within semver range, no action needed from our side. See: zamotany/logkitty#22 (comment)