[Snyk-dev] Fix for 42 vulnerabilities

[lili2311]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/mobile/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	No	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-DECOMPRESSTAR-559095	Yes	Proof of Concept
	554/1000 Why? Has a fix available, CVSS 6.8	Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	Yes	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Timing Attack SNYK-JS-ELLIPTIC-511941	Yes	No Known Exploit
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Cryptographic Issues SNYK-JS-ELLIPTIC-571484	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	No	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	No	No Known Exploit
	561/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.8	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTMLPARSESTRINGIFY2-1079307	Yes	Proof of Concept
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Prototype Pollution SNYK-JS-JSON5-3182856	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-JSONBIGINT-608659	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	No	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-MERGE-1040469	No	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-MERGE-1042987	No	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-MOUT-1014544	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-MOUT-2342654	Yes	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	No	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	No	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	No	Proof of Concept
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	Yes	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	596/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.5	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	No	No Known Exploit
	379/1000 Why? Has a fix available, CVSS 3.3	Insecure Credential Storage SNYK-JS-WEB3-174533	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	Yes	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Improper Input Validation SNYK-JS-XMLDOM-1534562	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Prototype Pollution SNYK-JS-XMLDOM-3042242	No	No Known Exploit
	811/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.8	Improper Input Validation SNYK-JS-XMLDOM-3092935	No	Proof of Concept
	469/1000 Why? Has a fix available, CVSS 5.1	Denial of Service (DoS) npm:mem:20180117	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: react-i18next

The new version differs by 250 commits.

• 2bd69a2 11.8.13
• e5c77c2 prepare version
• 4b9b8c5 Replace html-parse-stringify2 with html-parse-stringify (Android] "Failure redeeming code" error is shown when the user tap on "Paste invite code!" from the "Enter Invite Code" screen when invited users install the app from received invite code. celo-org/celo-monorepo#1283)
• deb8b62 update razzle example
• e856175 update the new examples
• 4c005be Bump y18n from 3.2.1 to 3.2.2 in /example/react-native (Feature/909 proxy delegatecall celo-org/celo-monorepo#1289)
• 8bdb666 11.8.12
• 1e1bf1c rebuild
• e83da8a Merge pull request [Android] Error “Bad Connection...” is overlaps on QR code icon when device internet connection is bad.  celo-org/celo-monorepo#1286 from TQjona/master
• 740c4e3 refactor: remove unneeded object
• ffbe35e 11.8.11
• 17b40b2 rebuild
• f9bfd55 Merge pull request #1284 from pedrodurek/master
• 83a62a2 update i18next dep
• 9aedf85 Fix DefaultNamespace conditional type
• 34c87ff Fix TransProps key to accept array of keys
• 228c55f 11.8.10
• 303dc11 rebuild
• 7e089dc Merge pull request [Android] App logo is not shown after launching it when app is closed by tapping on device back button.  celo-org/celo-monorepo#1276 from pedrodurek/master
• f9db6be Fix react-i18next path
• 408db63 Move types
• 44ad9cd 11.8.9
• 5215a4d rebuild
• 13c95ce Merge pull request [Android] White space is not trimmed before the text on ‘Review Payment’ page when user enter text with space in ‘For’ field while sending money.  celo-org/celo-monorepo#1273 from medihack/replaceable-i18n-instance

See the full diff

Package name: react-native

The new version differs by 250 commits.

• 7473ce1 [0.65.0] Bump version numbers
• 5f0b805 [0.65.0-rc.4] Bump version numbers
• 83d9b9b [LOCAL] yarn lock update
• e775957 Revert "fix: Move react-native-codegen to be a direct dependency of react-native (fix for 0.65-stable)"
• 5f7deb5 [LOCAL] reintroduce generated codegen files
• c0df3e0 [LOCAL] autogenerated files
• 54fbe0d - Bump CLI to ^6.0.0 (#31971)
• 5efad92 Codegen: Always prepare filesystem
• dfd324e Extend codegen script to take library name, output dir arguments
• 1b7f95b Reorganize codegen script for clarity
• 041365e fix: codegen - project paths with spaces (#31141)
• 98e1734 fix: Move react-native-codegen to be a direct dependency of react-native (fix for 0.65-stable)
• e8d725a [0.65.0-rc.3] Bump version numbers
• e40f582 fix(deps): bump metro to 0.66.2 + dedup (#31886)
• e53745e Bump Flipper + Bump hermes (#31872)
• 4476fbc Allow PlatformColor to work with RCTView border colors (#29728)
• 49253dc Fix support for blobs larger than 64 KB on Android (#31789)
• 626d25c Android: upgrading to OkHttp from 4.9.0 to 4.9.1 to fix java.lang.NullPointerException: bio == null crash (#31822)
• db7aa7b [0.65.0-rc.2] Bump version numbers
• 121a6a4 Fix Android build sequencing
• ba4424f Revert "Revert "bump buildToolsVersion to 30.0.2 (#31627)""
• be9a669 Revert "Revert "Gradle 6.9, Android Gradle Plugin 4.2.1 (#31593)""
• 0e08b25 [0.65.0-rc.1] Bump version numbers
• ca5b943 [LOCAL] lock files update for 065 branch

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Cryptographic Issues
🦉 More lessons are available in Snyk Learn