[Snyk] Fix for 10 vulnerabilities

[leojoy95]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/react-components/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	No	Proof of Concept
	429/1000 Why? Has a fix available, CVSS 4.3	Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-MERGE-1040469	No	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-MERGE-1042987	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-REACTNATIVE-1298632	No	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	No	Proof of Concept
	469/1000 Why? Has a fix available, CVSS 5.1	Denial of Service (DoS) npm:mem:20180117	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: jest

The new version differs by 22 commits.

• ff9269b chore: bump most dated deps (Add contractkit function to return CIP8 storage roots array celo-org/celo-monorepo#8850)
• 7594141 chore: upgrade to eslint@6 (Reduce Attestation On-call Burden celo-org/celo-monorepo#8855)
• b33ce0d chore: upgrade to micromatch v4 (Celo: <Issue Title>Wrong Transiotion and wrong addressed celo-org/celo-monorepo#8852)
• d6ff72a chore: add node 12 to CI (Deliver frozen audit 51 scope to OpenZeppelin celo-org/celo-monorepo#8411)
• 7e9b4ea chore: upgrade jsdom ([on-call] look into discrepancy between validator AS dashboards celo-org/celo-monorepo#8851)
• 4bb7a2d Use `weak-napi` instead of `weak` in `jest-leak-detector`
• ce47c6c Get rid of Node 6 support (Investigate Economic Test and Documentation Coverage celo-org/celo-monorepo#8455)
• bc5c3c7 jest-snapshot: Remove only the added newlines in multiline snapshots (Add signature verification code for CIP-40 requests celo-org/celo-monorepo#8859)
• d523fa8 bug.md: highlights placeholder should be removed (Fix bug in signature parsing for EIP712TypedData celo-org/celo-monorepo#8836)
• 08f109c expect: Display expectedDiff more carefully in toBeCloseTo (Merge release 5 to master celo-org/celo-monorepo#8389)
• b09de2d chore: bump node-notifier for node v6 support
• 557a39f fix(linter): Fix linting failure introduced in Provide security guidance for ODIS key celo-org/celo-monorepo#8847 😓 (Exclude phoenix metrics in grafana cloud celo-org/celo-monorepo#8849)
• 012472b fix(docs): Update broken links in docs. (Provide security guidance for ODIS key celo-org/celo-monorepo#8847)
• ee2bea1 chore: sort member in imports (Set vulnerable dependency to fixed version celo-org/celo-monorepo#8846)
• 9ba4594 add Chinese Jest work with AngularJS tutorial (LockedGold.slash() should only payout to reporters who are registered on Accounts celo-org/celo-monorepo#8828)
• 0e5b363 chore: reduce reliance on esModuleInterop ([Valora] Investigate Methods for identifying for Merchant Payments and Mirror Refunds in Valora Feed celo-org/celo-monorepo#8842)
• d69f8d3 getTimerCount will not include cancelled immediates (Code cleanup celo-org/celo-monorepo#8764)
• b4bd77b Fix grammar: "your jest's config"->"your Jest..." ([Valora] Show copy to indicate merchant payments and refunds in Transaction Feed celo-org/celo-monorepo#8843)
• 54b3dcf Fix grammar: "a known issues"->"a known issue" (Figure out how Wallets Recognize a Mirror Transaction as a Merchant Refund celo-org/celo-monorepo#8844)
• e76c7da docs: update matchMedia methods (Add Result type guards celo-org/celo-monorepo#8835)
• 23b9860 chore: roll new version of docs
• 3cdbd55 Release 24.9.0

See the full diff

Package name: react-native

The new version differs by 250 commits.

• 7473ce1 [0.65.0] Bump version numbers
• 5f0b805 [0.65.0-rc.4] Bump version numbers
• 83d9b9b [LOCAL] yarn lock update
• e775957 Revert "fix: Move react-native-codegen to be a direct dependency of react-native (fix for 0.65-stable)"
• 5f7deb5 [LOCAL] reintroduce generated codegen files
• c0df3e0 [LOCAL] autogenerated files
• 54fbe0d - Bump CLI to ^6.0.0 (#31971)
• 5efad92 Codegen: Always prepare filesystem
• dfd324e Extend codegen script to take library name, output dir arguments
• 1b7f95b Reorganize codegen script for clarity
• 041365e fix: codegen - project paths with spaces (#31141)
• 98e1734 fix: Move react-native-codegen to be a direct dependency of react-native (fix for 0.65-stable)
• e8d725a [0.65.0-rc.3] Bump version numbers
• e40f582 fix(deps): bump metro to 0.66.2 + dedup (#31886)
• e53745e Bump Flipper + Bump hermes (#31872)
• 4476fbc Allow PlatformColor to work with RCTView border colors (#29728)
• 49253dc Fix support for blobs larger than 64 KB on Android (#31789)
• 626d25c Android: upgrading to OkHttp from 4.9.0 to 4.9.1 to fix java.lang.NullPointerException: bio == null crash (#31822)
• db7aa7b [0.65.0-rc.2] Bump version numbers
• 121a6a4 Fix Android build sequencing
• ba4424f Revert "Revert "bump buildToolsVersion to 30.0.2 (#31627)""
• be9a669 Revert "Revert "Gradle 6.9, Android Gradle Plugin 4.2.1 (#31593)""
• 0e08b25 [0.65.0-rc.1] Bump version numbers
• ca5b943 [LOCAL] lock files update for 065 branch

See the full diff

Package name: ts-jest

The new version differs by 165 commits.

• ad58c9b chore(release): 25.3.0
• 949e3e1 chore: update package-lock.json
• b8ebf36 docs: add Troubleshoting section ([Wallet] Upgrade app version to v1.5.1 celo-org/celo-monorepo#1463)
• 8b5325e chore(transformer): only do type checking for js/jsx/ts/tsx file (Set usage of shuffled round robin in the genesis block celo-org/celo-monorepo#1464)
• 58b05b1 chore: replace travis-ci.org with travis-ci.com (Point end-to-end tests back to master celo-org/celo-monorepo#1469)
• 79e8fdf build(deps-dev): bump jest from 25.2.3 to 25.2.4 (Validate Attestation Requests celo-org/celo-monorepo#1468)
• dddce1c build(deps-dev): bump @ jest/transform from 25.2.3 to 25.2.4 (Allow a specified address to disable/enable the Exchange  celo-org/celo-monorepo#1467)
• d811bae build(deps-dev): bump lint-staged from 10.0.9 to 10.0.10 (Aaronmgdr/airtable upgrade celo-org/celo-monorepo#1466)
• ecc8312 build(deps-dev): bump @ types/react from 16.9.26 to 16.9.27 (Added txpool family to geth apis. Sorted geth cmd options celo-org/celo-monorepo#1462)
• c10ad4a chore(compiler): improve performance for language service (Application crashes when changing the local currency celo-org/celo-monorepo#1461)
• 455ee5b build(deps-dev): bump @ jest/transform from 25.2.1 to 25.2.3 ( [iOS] Sorry something went wrong is shown when user taps on Licenses option from the setting celo-org/celo-monorepo#1459)
• 1641cfb build(deps-dev): bump jest from 25.2.2 to 25.2.3 ([iOS,Android] Error “Failure sending invite” is shown when user send an invitation via SMS.  celo-org/celo-monorepo#1460)
• 3010ec8 build(deps-dev): bump @ jest/types from 25.2.1 to 25.2.3 (Minor UI issues in the new backup flow on iOS celo-org/celo-monorepo#1458)
• 26a81f0 build(deps-dev): bump @ types/react from 16.9.25 to 16.9.26 (Tapping the text next to the toggle in the new backup flow should toggle it celo-org/celo-monorepo#1457)
• 99c552d build(deps-dev): bump jest from 25.2.1 to 25.2.2 ([iOS] Continues Loading indicator is shown on “Reclaim Payment” screen when user navigate back to “Reclaim Payment” screen from “Enter PIN” screen without entering PIN.  celo-org/celo-monorepo#1455)
• 5214f1b build(deps): bump yargs-parser from 18.1.1 to 18.1.2 ( [iOS] Celo Gold amount is cut from bottom on “Exchange” page while user exchanging the cUSD to cGLD.  celo-org/celo-monorepo#1456)
• 79478ae build(deps-dev): bump tslint-plugin-prettier from 2.2.0 to 2.3.0 ([Wallet] Prevent error from Avatar when name is missing celo-org/celo-monorepo#1454)
• 107e062 fix: always do type check for all files provided to ts-jest transformer (Upgrading a testnet without resetting should not init with a new genesis file celo-org/celo-monorepo#1450)
• 1e34075 build(deps-dev): bump @ jest/types from 25.2.0 to 25.2.1 ([Wallet] Use new segment api keys used by both iOS and Android celo-org/celo-monorepo#1452)
• ba5a6c4 build(deps-dev): bump @ jest/transform from 25.2.0 to 25.2.1 (Analytics should be reported from the iOS app celo-org/celo-monorepo#1451)
• e857f5b build(deps-dev): bump jest from 25.2.0 to 25.2.1 ([Wallet] Show splash screen until JS is ready on iOS celo-org/celo-monorepo#1453)
• 4981da8 Merge pull request EU Cookies Behavior Change celo-org/celo-monorepo#1447 from kulshekhar/dependabot/npm_and_yarn/jest/types-25.2.0
• ea8240a Merge pull request Move from let's encrypt v1 API to v2; kube-lego to cert-manager celo-org/celo-monorepo#1448 from kulshekhar/dependabot/npm_and_yarn/jest/transform-25.2.0
• e50db11 build(deps-dev): bump @ jest/types from 25.1.0 to 25.2.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Remote Code Execution (RCE)