[Snyk] Upgrade react-native from 0.63.3 to 0.72.5 #1169

NOUIY · 2023-10-16T15:23:19Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade react-native from 0.63.3 to 0.72.5.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 132 versions ahead of your current version.
The recommended version was released 21 days ago, on 2023-09-25.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Use After Free SNYK-JS-HERMESENGINE-1309667	569/1000 Why? Has a fix available, CVSS 7.1	No Known Exploit
Out-of-Bounds SNYK-JS-HERMESENGINE-1727253	569/1000 Why? Has a fix available, CVSS 7.1	No Known Exploit
Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	569/1000 Why? Has a fix available, CVSS 7.1	No Known Exploit
Prototype Pollution SNYK-JS-UNSETVALUE-2400660	569/1000 Why? Has a fix available, CVSS 7.1	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-REACTNATIVE-1298632	569/1000 Why? Has a fix available, CVSS 7.1	No Known Exploit
Cross-site Scripting (XSS) SNYK-JS-HERMESENGINE-1015406	569/1000 Why? Has a fix available, CVSS 7.1	No Known Exploit
Denial of Service (DoS) SNYK-JS-HERMESENGINE-2342071	569/1000 Why? Has a fix available, CVSS 7.1	No Known Exploit
Prototype Pollution SNYK-JS-HERMESENGINE-608850	569/1000 Why? Has a fix available, CVSS 7.1	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	569/1000 Why? Has a fix available, CVSS 7.1	Proof of Concept
Denial of Service (DoS) SNYK-JS-HERMESENGINE-629268	569/1000 Why? Has a fix available, CVSS 7.1	No Known Exploit
Out-of-Bounds SNYK-JS-HERMESENGINE-629748	569/1000 Why? Has a fix available, CVSS 7.1	No Known Exploit
Information Exposure SNYK-JS-NODEFETCH-2342118	569/1000 Why? Has a fix available, CVSS 7.1	No Known Exploit
Denial of Service SNYK-JS-NODEFETCH-674311	569/1000 Why? Has a fix available, CVSS 7.1	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: react-native

0.72.5 - 2023-09-25

Changed
- Bump CLI to 11.3.7 (6f02d55deb by @ huntie)
- Bump @ react-native/codegen to 0.72.7 (4da991407d by @ Titozzz)
Fixed

Android specific
- Fix building Android on Windows. (054ab62be0 by @ alespergl)
- A bug fix for Android builds with new arch on Windows host. (a323249e0a by @ birdofpreyru)
- Fix null crash when using maintainVisibleContentPosition on Android (1a1a79871b by @ janicduplessis)
iOS specific
- XCode 15 fixes (21763e85e3, 0dbd621c59 & 8a5b2d6735)
- Fix timer background state when App is launched from background (a4ea737ae1 by @ zhongwuzw)
- Guard JSGlobalContextSetInspectable behind a compile time check for Xcode 14.3+ (3eeee11d7a by @ Saadnajmi)
- Re-enable direct debugging with JSC on iOS 16.4+ (8b1bf058c4 by @ huntie)
You can participate in the conversation on the status of this release in this discussion

To help you upgrade to this version, you can use the upgrade helper ⚛️

You can find the whole changelog history in the changelog.md file.
0.72.4 - 2023-08-14
Added

Android specific
- Native part of fixing ANR when having an inverted FlatList on android API 33+ (6d206a3f54 by @ hannojg)
- For targeting SDK 34 - Added RECEIVER_EXPORTED/RECEIVER_NOT_EXPORTED flag support in DevSupportManagerBase (177d97d8ea by @ apuruni)
Changed
- Bump cli and metro (40ea8ffcc7 by @ lunaleaps)
- Hermes bump for hermes-2023-08-07-RNv0.72.4-813b2def12bc9df026 (e9ea926ba3 by Luna Wei)
- Bump CLI to 11.3.6 (a3cfdf0a08 by @ szymonrybczak)
Fixed
- Allow string transform style in TypeScript (2558c3d4f5 by @ NickGerleman)
- Fix missing Platform in VirtualizedList (7aa8cd55be by Luna Wei)
- Mount react devtools overlay only when devtools are attached (03187b68e5 by @ hoxyq)
Android specific
- Remove option to paste rich text from Android EditText context menu (b1ceea456d by @ fabriziobertoglio1987)
- Fixed ScrollView not responding to Keyboard events when nested inside a KeyboardAvoidingView (c616148a05 by @ andreacassani)
- ANR when having an inverted FlatList on android API 33+ (3dd816c6b7 by @ hannojg)
You can participate in the conversation on the status of this release in this discussion.

To help you upgrade to this version, you can use the upgrade helper ⚛️

You can find the whole changelog history in the changelog.md file.
0.72.3 - 2023-07-12
0.72.2 - 2023-07-11
0.72.1 - 2023-06-29
0.72.0 - 2023-06-21
0.72.0-rc.6 - 2023-06-13
0.72.0-rc.5 - 2023-06-01
0.72.0-rc.4 - 2023-05-31
0.72.0-rc.3 - 2023-05-11
0.72.0-rc.2 - 2023-05-04
0.72.0-rc.1 - 2023-04-05
0.72.0-rc.0 - 2023-03-20
0.71.14 - 2023-10-12
Fixed

iOS specific
- Set the max version of Active support to 7.0.8 (ce39931bc2 by @ cipolleschi)
- Xcode 15 patch (287482e57f by @ fortmarek)
You can participate in the conversation on the status of this release in this discussion.

To help you upgrade to this version, you can use the upgrade helper ⚛️

You can find the whole changelog history in the changelog.md file.
0.71.13 - 2023-08-22
Added

Android specific
- For targeting SDK 34 - Added RECEIVER_EXPORTED/RECEIVER_NOT_EXPORTED flag support in DevSupportManagerBase (177d97d8ea by @ apuruni)
iOS specific
- Added support to inline the source map via RCTBundleURLProvider
  (f7219ec02d by @ Saadnajmi)
Fixed
- Fix: mount devtools overlay only if react devtools are connected (b3c7a5d4cc by @ hoxyq)
iOS specific
- Fix onChangeText not firing when clearing the value of TextInput with multiline=true on iOS (0c9c57a9f7 by @ kkoudev)
You can participate in the conversation on the status of this release in this discussion.

To help you upgrade to this version, you can use the upgrade helper ⚛️

You can find the whole changelog history in the changelog.md file.
0.71.12 - 2023-07-04
0.71.11 - 2023-06-14
0.71.10 - 2023-06-07
0.71.9 - 2023-06-07
0.71.8 - 2023-05-10
0.71.7 - 2023-04-19
0.71.6 - 2023-04-03
0.71.5 - 2023-03-29
0.71.4 - 2023-03-08
0.71.3 - 2023-02-14
0.71.2 - 2023-02-01
0.71.1 - 2023-01-19
0.71.0 - 2023-01-12
0.71.0-rc.6 - 2023-01-09
0.71.0-rc.5 - 2022-12-19
0.71.0-rc.4 - 2022-12-14
0.71.0-rc.3 - 2022-11-30
0.71.0-rc.2 - 2022-11-24
0.71.0-rc.1 - 2022-11-23
0.71.0-rc.0 - 2022-11-04
0.70.13 - 2023-07-28
Fixed
- Fix: bumped CLI to address broken backward compatibility (549ff6380a by @ Titozzz)
You can participate in the conversation on the status of this release in this discussion.

To help you upgrade to this version, you can use the upgrade helper ⚛️

You can find the whole changelog history in the changelog.md file.
0.70.12 - 2023-07-05
0.70.11 - 2023-07-04
0.70.10 - 2023-06-08
0.70.9 - 2023-04-19
0.70.8 - 2023-04-04
0.70.7 - 2023-01-31
0.70.6 - 2022-11-15
0.70.5 - 2022-11-06
0.70.4 - 2022-10-25
0.70.3 - 2022-10-12
0.70.2 - 2022-10-04
0.70.1 - 2022-09-15
0.70.0 - 2022-09-05
0.70.0-rc.4 - 2022-08-22
0.70.0-rc.3 - 2022-08-15
0.70.0-rc.2 - 2022-08-04
0.70.0-rc.1 - 2022-07-28
0.70.0-rc.0 - 2022-07-15
0.69.12 - 2023-07-04
0.69.11 - 2023-06-08
0.69.10 - 2023-04-25
0.69.9 - 2023-04-04
0.69.8 - 2023-01-30
0.69.7 - 2022-11-06
0.69.6 - 2022-09-27
0.69.5 - 2022-08-25
0.69.4 - 2022-08-08
0.69.3 - 2022-07-25
0.69.2 - 2022-07-20
0.69.1 - 2022-06-29
0.69.0 - 2022-06-22
0.69.0-rc.6 - 2022-06-01
0.69.0-rc.5 - 2022-05-31
0.69.0-rc.4 - 2022-05-31
0.69.0-rc.3 - 2022-05-24
0.69.0-rc.2 - 2022-05-20
0.69.0-rc.1 - 2022-05-11
0.69.0-rc.0 - 2022-04-28
0.68.7 - 2023-04-26
0.68.6 - 2023-01-30
0.68.5 - 2022-11-06
0.68.4 - 2022-10-10
0.68.3 - 2022-08-08
0.68.2 - 2022-05-09
0.68.1 - 2022-04-13
0.68.0 - 2022-03-30
0.68.0-rc.4 - 2022-03-25
0.68.0-rc.3 - 2022-03-17
0.68.0-rc.2 - 2022-02-24
0.68.0-rc.1 - 2022-02-03
0.68.0-rc.0 - 2022-01-28
0.67.5 - 2022-11-06
0.67.4 - 2022-03-18
0.67.3 - 2022-02-22
0.67.2 - 2022-01-31
0.67.1 - 2022-01-20
0.67.0 - 2022-01-18
0.67.0-rc.6 - 2021-12-14
0.67.0-rc.5 - 2021-12-06
0.67.0-rc.4 - 2021-11-30
0.67.0-rc.3 - 2021-11-05
0.67.0-rc.2 - 2021-10-25
0.67.0-rc.1 - 2021-10-22
0.67.0-rc.0 - 2021-10-16
0.66.5 - 2022-11-06
0.66.4 - 2021-12-09
0.66.3 - 2021-11-10
0.66.2 - 2021-11-04
0.66.1 - 2021-10-15
0.66.0 - 2021-10-01
0.66.0-rc.4 - 2021-09-24
0.66.0-rc.3 - 2021-09-17
0.66.0-rc.2 - 2021-09-10
0.66.0-rc.1 - 2021-09-01
0.66.0-rc.0 - 2021-08-27
0.65.3 - 2022-11-06
0.65.2 - 2021-11-04
0.65.1 - 2021-08-19
0.65.0 - 2021-08-17
0.65.0-rc.4 - 2021-08-11
0.65.0-rc.3 - 2021-07-23
0.65.0-rc.2 - 2021-06-18
0.65.0-rc.1 - 2021-06-17
0.65.0-rc.0 - 2021-06-09
0.64.4 - 2022-11-07
0.64.3 - 2021-11-04
0.64.2 - 2021-06-03
0.64.1 - 2021-05-05
0.64.0 - 2021-03-12
0.64.0-rc.4 - 2021-03-01
0.64.0-rc.3 - 2021-02-05
0.64.0-rc.2 - 2020-12-18
0.64.0-rc.1 - 2020-11-25
0.64.0-rc.0 - 2020-11-23
0.63.5 - 2022-11-07
0.63.4 - 2020-11-30
0.63.3 - 2020-09-29

from react-native GitHub release notes

Commit messages

Package name: react-native

1e38d4d [0.72.5] Bump version numbers
2a041cb Add ld_classic flag to Hermes when building for Xcode 15 (Add ld_classic flag to Hermes when building for Xcode 15 facebook/react-native#39516)
8ccdb2c Fix Xcode 15 RC issues (Fix Xcode 15 RC issues facebook/react-native#39474)
a5e110a Bump IPHONEOS_DEPLOYMENT_TARGET to 13.4 for 3rd party pods (Bump IPHONEOS_DEPLOYMENT_TARGET to 13.4 for 3rd party pods facebook/react-native#39478)
f6fd6b8 【iOS】Fix timer background state when App is launched from background (【iOS】Fix timer background state when App is launched from background facebook/react-native#39347)
4da9914 bumped packages versions
6f02d55 Bump CLI to 11.3.7 (Bump CLI to 11.3.7 facebook/react-native#39280)
a8ec20d Allow RCTBundleURLProvider to request an inline source map ([iOS] Allow RCTBundleURLProvider to request an inline source map facebook/react-native#37878) ([0.72] Allow RCTBundleURLProvider to request an inline source map facebook/react-native#39033)
f77e9af Fix building Android on Windows (Fix building Android on Windows facebook/react-native#39190)
e9eca07 Revert "Fix build failure on iOS with pnpm and use_frameworks! (Fix build failure on iOS with pnpm and use_frameworks! facebook/react-native#38158)" (Revert "Fix build failure on iOS with pnpm and use_frameworks! (#38158)" facebook/react-native#39177)
66441e7 A fix in Codegen for Windows build host ([#36475] A fix in Codegen for Windows build host facebook/react-native#36542)
05d36d9 Guard `JSGlobalContextSetInspectable` behind a compile time check for Xcode 14.3+ (Guard JSGlobalContextSetInspectable behind a compile time check for Xcode 14.3+ facebook/react-native#39037)
26b49f9 Adjust RawPropsPropNameLength's type to account for increased number of props (Adjust RawPropsPropNameLength's type to account for increased number of props facebook/react-native#39008)
7aeadbc Fix null crash when using maintainVisibleContentPosition on Android (Fix null crash when using maintainVisibleContentPosition on Android facebook/react-native#38891)
1794832 Re-enable direct debugging with JSC on iOS 16.4+ (Re-enable direct debugging with JSC on iOS 16.4+ facebook/react-native#37914)
ef8ac7a chore(releases): improve bump oss script to allow less human errors (72 edition) (chore(releases): improve bump oss script to allow less human errors (72 edition) facebook/react-native#38888)
33fc55d Add scripts and pipeline to poll for maven ([LOCAL] Add script poll maven facebook/react-native#38980)
ff27568 [0.72.4] Bump version numbers
fe804b8 bumped packages versions
c7073fd Change comment in @ react-native/metro-config to trigger a release bump
f3e7572 bumped packages versions
9f79218 Reorder test imports in @ react-native/virtualized-lists to trigger a release bump
768c960 Pass hitSlop prop into TextInput Pressability config (Pass hitSlop into usePressability facebook/react-native#38857)
2f6c200 [LOCAL] Fix broken Android tests for 0.72 ([LOCAL] Fix broken Android tests for 0.72 facebook/react-native#38926)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade react-native from 0.63.3 to 0.72.5. See this package in npm: https://www.npmjs.com/package/react-native See this project in Snyk: https://app.snyk.io/org/nexuscompute/project/0222b3fd-d039-47e2-9aa3-18449fae0cf0?utm_source=github&utm_medium=referral&page=upgrade-pr

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade react-native from 0.63.3 to 0.72.5 #1169

[Snyk] Upgrade react-native from 0.63.3 to 0.72.5 #1169

NOUIY commented Oct 16, 2023

Changed

Fixed

Android specific

iOS specific

Added

Android specific

Changed

Fixed

Android specific

Fixed

iOS specific

Added

Android specific

iOS specific

Fixed

iOS specific

Fixed

[Snyk] Upgrade react-native from 0.63.3 to 0.72.5 #1169

Are you sure you want to change the base?

[Snyk] Upgrade react-native from 0.63.3 to 0.72.5 #1169

Conversation

NOUIY commented Oct 16, 2023

Snyk has created this PR to upgrade react-native from 0.63.3 to 0.72.5.

Changed

Fixed

Android specific

iOS specific

Added

Android specific

Changed

Fixed

Android specific

Fixed

iOS specific

Added

Android specific

iOS specific

Fixed

iOS specific

Fixed