[Snyk] Security upgrade react-native from 0.69.4 to 0.72.0 #25

naiba4 · 2023-11-30T20:59:34Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- packages/react-native-editor/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	125/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 0, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.08, Score Version: V5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: react-native

The new version differs by 250 commits.

7a893e4 [0.72.0] Bump version numbers
3863877 [LOCAL] update podfile.lock
ec4771b [0.72.0-rc.6] Bump version numbers
a2df07e [LOCAL] bump CLI to 11.3.2
b2f2737 bumped packages versions
0817eaa Revert "fix: border width top/bottom not matching the border radius" ([History]: Fix redo after update/publish with transient edits WordPress/gutenberg#37840)
0da7e06 Remove CallInvoker parameter from toJs method in Codegen (Palette item is missing hover and selected states WordPress/gutenberg#37832)
2d15f50 Fix Android border clip check (Expose pluralised form of entity label WordPress/gutenberg#37828)
2760042 Fix loading NODE_BINARY inside Generate Legacy Components Interop (Can't access property "ref", navigateRegionsProps is undefined WordPress/gutenberg#37802)
8ed2cfd Add support for building with Xcode 15 (Adding spacer block in 12.3.0 fails WordPress/gutenberg#37758)
73f4a78 Fixed random styling for text nodes with many children (Always show the block appender when its parent is selected WordPress/gutenberg#36656)
dfc64d5 Fix copy / paste menu and simplify controlled text selection on Android (Docs: How to create block pattern WordPress/gutenberg#37424)
bab5bab [LOCAL] bump hermes podlock
a98c7c6 [0.72.0-rc.5] Bump version numbers
7dc11bc bumped packages versions
e11396e [0.72.0-rc.4] Bump version numbers
60a452b [LOCAL] Fix performance issues in Hermes when Debug
32327cc [LOCAL] Fix hermesc for linux ( Opt out of !important CSS rules generated from theme.json WordPress/gutenberg#37591)
52d2065 [LOCAL] Make sure Java Toolchain and source/target level is applied to all projects (Site Editor: Update the template list action labels WordPress/gutenberg#37576)
e0c88fe [LOCAL] Fix Ruby tests
a4aaee0 [LOCAL] Remove double definition of task wrapper after merge conflict
74e3803 bumped packages versions
7c5dc1d [LOCAL] bump metro to 0.76.5 and CLI to 11.3.1
c43bd7a Do not use setNativeState in RuntimeScheduler::Task

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116

vercel · 2023-11-30T20:59:36Z

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
gutenberg	❌ Failed (Inspect)			Nov 30, 2023 9:02pm
gutenberg-wd9x	❌ Failed (Inspect)			Nov 30, 2023 9:02pm

socket-security · 2023-11-30T21:13:11Z

New dependencies detected. Learn more about Socket for GitHub ↗︎

Packages	Version	New capabilities	Transitives	Size	Publisher
react-native	0.72.0	environment	`+65`	120 MB	react-native-bot

socket-security · 2023-11-30T21:13:17Z

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Issue	Package	Version	Note	Source
Chronological version anomaly	@react-native/virtualized-lists	0.72.8	Previous Chronological: @react-native/virtualized-lists@0.73.0-nightly-20230808-93d9248e0 (8/8/2023, 9:18:54 PM) Previous Semver: @react-native/virtualized-lists@0.72.6 (6/28/2023, 2:40:48 PM)	@wordpress/react-native-editor@1.88.0 via `package.json` @react-native-clipboard/clipboard@1.9.0, @react-native-community/blur@4.2.0, @react-native-masked-view/masked-view@0.2.6, @react-navigation/native@5.7.0, @react-navigation/stack@5.6.2, react-native@0.72.0, react-native-fast-image@8.5.11, react-native-get-random-values@1.4.0, react-native-modal@11.10.0, react-native-safe-area-context@3.2.0, react-native-sass-transformer@1.4.0, react-native-screens@2.9.0, react-native-svg@9.13.6 via `packages/react-native-editor/package.json`
No README	@react-native/virtualized-lists	0.72.8	Location: Package overview	@wordpress/react-native-editor@1.88.0 via `package.json` @react-native-clipboard/clipboard@1.9.0, @react-native-community/blur@4.2.0, @react-native-masked-view/masked-view@0.2.6, @react-navigation/native@5.7.0, @react-navigation/stack@5.6.2, react-native@0.72.0, react-native-fast-image@8.5.11, react-native-get-random-values@1.4.0, react-native-modal@11.10.0, react-native-safe-area-context@3.2.0, react-native-sass-transformer@1.4.0, react-native-screens@2.9.0, react-native-svg@9.13.6 via `packages/react-native-editor/package.json`
No v1	@react-native/virtualized-lists	0.72.8	Location: Package overview	@wordpress/react-native-editor@1.88.0 via `package.json` @react-native-clipboard/clipboard@1.9.0, @react-native-community/blur@4.2.0, @react-native-masked-view/masked-view@0.2.6, @react-navigation/native@5.7.0, @react-navigation/stack@5.6.2, react-native@0.72.0, react-native-fast-image@8.5.11, react-native-get-random-values@1.4.0, react-native-modal@11.10.0, react-native-safe-area-context@3.2.0, react-native-sass-transformer@1.4.0, react-native-screens@2.9.0, react-native-svg@9.13.6 via `packages/react-native-editor/package.json`
Chronological version anomaly	jsc-android	250231.0.0	Previous Chronological: jsc-android@294992.0.0-unstripped (7/13/2022, 8:05:31 AM) Previous Semver: jsc-android@250230.2.1 (3/21/2021, 1:06:55 PM)	@wordpress/react-native-editor@1.88.0 via `package.json` @react-native-clipboard/clipboard@1.9.0, @react-native-community/blur@4.2.0, @react-native-masked-view/masked-view@0.2.6, @react-navigation/native@5.7.0, @react-navigation/stack@5.6.2, react-native@0.72.0, react-native-fast-image@8.5.11, react-native-get-random-values@1.4.0, react-native-modal@11.10.0, react-native-safe-area-context@3.2.0, react-native-sass-transformer@1.4.0, react-native-screens@2.9.0, react-native-svg@9.13.6 via `packages/react-native-editor/package.json`
Chronological version anomaly	@react-native-community/cli-doctor	11.3.2	Previous Chronological: @react-native-community/cli-doctor@10.2.4 (6/12/2023, 11:52:44 AM) Previous Semver: @react-native-community/cli-doctor@11.3.1 (5/25/2023, 4:05:23 PM)	@wordpress/react-native-editor@1.88.0 via `package.json` @react-native-clipboard/clipboard@1.9.0, @react-native-community/blur@4.2.0, @react-native-masked-view/masked-view@0.2.6, @react-navigation/native@5.7.0, @react-navigation/stack@5.6.2, react-native@0.72.0, react-native-fast-image@8.5.11, react-native-get-random-values@1.4.0, react-native-modal@11.10.0, react-native-safe-area-context@3.2.0, react-native-sass-transformer@1.4.0, react-native-screens@2.9.0, react-native-svg@9.13.6 via `packages/react-native-editor/package.json`
Environment variable access	@react-native-community/cli-doctor	11.3.2	Env Vars: Location: build/tools/healthchecks/adb.js	@wordpress/react-native-editor@1.88.0 via `package.json` @react-native-clipboard/clipboard@1.9.0, @react-native-community/blur@4.2.0, @react-native-masked-view/masked-view@0.2.6, @react-navigation/native@5.7.0, @react-navigation/stack@5.6.2, react-native@0.72.0, react-native-fast-image@8.5.11, react-native-get-random-values@1.4.0, react-native-modal@11.10.0, react-native-safe-area-context@3.2.0, react-native-sass-transformer@1.4.0, react-native-screens@2.9.0, react-native-svg@9.13.6 via `packages/react-native-editor/package.json`
Filesystem access	@react-native-community/cli-doctor	11.3.2	Module: fs-extra Location: build/commands/info.js +1 more instances...	@wordpress/react-native-editor@1.88.0 via `package.json` @react-native-clipboard/clipboard@1.9.0, @react-native-community/blur@4.2.0, @react-native-masked-view/masked-view@0.2.6, @react-navigation/native@5.7.0, @react-navigation/stack@5.6.2, react-native@0.72.0, react-native-fast-image@8.5.11, react-native-get-random-values@1.4.0, react-native-modal@11.10.0, react-native-safe-area-context@3.2.0, react-native-sass-transformer@1.4.0, react-native-screens@2.9.0, react-native-svg@9.13.6 via `packages/react-native-editor/package.json`
Chronological version anomaly	@react-native/gradle-plugin	0.72.11	Previous Chronological: @react-native/gradle-plugin@0.73.0-nightly-20230622-0201e51bb (6/22/2023, 9:35:17 PM) Previous Semver: @react-native/gradle-plugin@0.72.10 (6/1/2023, 7:26:11 AM)	@wordpress/react-native-editor@1.88.0 via `package.json` @react-native-clipboard/clipboard@1.9.0, @react-native-community/blur@4.2.0, @react-native-masked-view/masked-view@0.2.6, @react-navigation/native@5.7.0, @react-navigation/stack@5.6.2, react-native@0.72.0, react-native-fast-image@8.5.11, react-native-get-random-values@1.4.0, react-native-modal@11.10.0, react-native-safe-area-context@3.2.0, react-native-sass-transformer@1.4.0, react-native-screens@2.9.0, react-native-svg@9.13.6 via `packages/react-native-editor/package.json`
Empty package	@react-native/gradle-plugin	0.72.11	Location: Package overview	@wordpress/react-native-editor@1.88.0 via `package.json` @react-native-clipboard/clipboard@1.9.0, @react-native-community/blur@4.2.0, @react-native-masked-view/masked-view@0.2.6, @react-navigation/native@5.7.0, @react-navigation/stack@5.6.2, react-native@0.72.0, react-native-fast-image@8.5.11, react-native-get-random-values@1.4.0, react-native-modal@11.10.0, react-native-safe-area-context@3.2.0, react-native-sass-transformer@1.4.0, react-native-screens@2.9.0, react-native-svg@9.13.6 via `packages/react-native-editor/package.json`
No v1	@react-native/gradle-plugin	0.72.11	Location: Package overview	@wordpress/react-native-editor@1.88.0 via `package.json` @react-native-clipboard/clipboard@1.9.0, @react-native-community/blur@4.2.0, @react-native-masked-view/masked-view@0.2.6, @react-navigation/native@5.7.0, @react-navigation/stack@5.6.2, react-native@0.72.0, react-native-fast-image@8.5.11, react-native-get-random-values@1.4.0, react-native-modal@11.10.0, react-native-safe-area-context@3.2.0, react-native-sass-transformer@1.4.0, react-native-screens@2.9.0, react-native-svg@9.13.6 via `packages/react-native-editor/package.json`
Chronological version anomaly	@sinonjs/commons	3.0.0	Previous Chronological: @sinonjs/commons@1.8.6 (11/28/2022, 5:37:36 PM) Previous Semver: @sinonjs/commons@2.0.0 (11/7/2022, 4:50:09 PM)	@wordpress/react-native-editor@1.88.0 via `package.json` @react-native-clipboard/clipboard@1.9.0, @react-native-community/blur@4.2.0, @react-native-masked-view/masked-view@0.2.6, @react-navigation/native@5.7.0, @react-navigation/stack@5.6.2, react-native@0.72.0, react-native-fast-image@8.5.11, react-native-get-random-values@1.4.0, react-native-modal@11.10.0, react-native-safe-area-context@3.2.0, react-native-sass-transformer@1.4.0, react-native-screens@2.9.0, react-native-svg@9.13.6 via `packages/react-native-editor/package.json`
Chronological version anomaly	scheduler	0.24.0-canary-efb381bbf-20230505	Previous Chronological: scheduler@0.0.0-experimental-b00e27342-20230505 (5/5/2023, 4:15:27 PM) Previous Semver: scheduler@0.24.0-canary-b7972822b-20230503 (5/3/2023, 6:33:20 PM)	@wordpress/react-native-editor@1.88.0 via `package.json` @react-native-clipboard/clipboard@1.9.0, @react-native-community/blur@4.2.0, @react-native-masked-view/masked-view@0.2.6, @react-navigation/native@5.7.0, @react-navigation/stack@5.6.2, react-native@0.72.0, react-native-fast-image@8.5.11, react-native-get-random-values@1.4.0, react-native-modal@11.10.0, react-native-safe-area-context@3.2.0, react-native-sass-transformer@1.4.0, react-native-screens@2.9.0, react-native-svg@9.13.6 via `packages/react-native-editor/package.json`
Chronological version anomaly	@react-native-community/cli-plugin-metro	11.3.2	Previous Chronological: @react-native-community/cli-plugin-metro@10.2.3 (6/12/2023, 11:18:19 AM) Previous Semver: @react-native-community/cli-plugin-metro@11.3.1 (5/25/2023, 4:05:23 PM)	@wordpress/react-native-editor@1.88.0 via `package.json` @react-native-clipboard/clipboard@1.9.0, @react-native-community/blur@4.2.0, @react-native-masked-view/masked-view@0.2.6, @react-navigation/native@5.7.0, @react-navigation/stack@5.6.2, react-native@0.72.0, react-native-fast-image@8.5.11, react-native-get-random-values@1.4.0, react-native-modal@11.10.0, react-native-safe-area-context@3.2.0, react-native-sass-transformer@1.4.0, react-native-screens@2.9.0, react-native-svg@9.13.6 via `packages/react-native-editor/package.json`
Filesystem access	@react-native-community/cli-plugin-metro	11.3.2	Module: fs Location: build/commands/bundle/saveAssets.js +1 more instances...	@wordpress/react-native-editor@1.88.0 via `package.json` @react-native-clipboard/clipboard@1.9.0, @react-native-community/blur@4.2.0, @react-native-masked-view/masked-view@0.2.6, @react-navigation/native@5.7.0, @react-navigation/stack@5.6.2, react-native@0.72.0, react-native-fast-image@8.5.11, react-native-get-random-values@1.4.0, react-native-modal@11.10.0, react-native-safe-area-context@3.2.0, react-native-sass-transformer@1.4.0, react-native-screens@2.9.0, react-native-svg@9.13.6 via `packages/react-native-editor/package.json`
Chronological version anomaly	@react-native-community/cli-platform-ios	11.3.2	Previous Chronological: @react-native-community/cli-platform-ios@10.2.4 (6/12/2023, 11:52:42 AM) Previous Semver: @react-native-community/cli-platform-ios@11.3.1 (5/25/2023, 4:05:17 PM)	@wordpress/react-native-editor@1.88.0 via `package.json` @react-native-clipboard/clipboard@1.9.0, @react-native-community/blur@4.2.0, @react-native-masked-view/masked-view@0.2.6, @react-navigation/native@5.7.0, @react-navigation/stack@5.6.2, react-native@0.72.0, react-native-fast-image@8.5.11, react-native-get-random-values@1.4.0, react-native-modal@11.10.0, react-native-safe-area-context@3.2.0, react-native-sass-transformer@1.4.0, react-native-screens@2.9.0, react-native-svg@9.13.6 via `packages/react-native-editor/package.json`
Filesystem access	@react-native-community/cli-platform-ios	11.3.2	Module: fs Location: build/commands/runIOS/index.js +2 more instances...	@wordpress/react-native-editor@1.88.0 via `package.json` @react-native-clipboard/clipboard@1.9.0, @react-native-community/blur@4.2.0, @react-native-masked-view/masked-view@0.2.6, @react-navigation/native@5.7.0, @react-navigation/stack@5.6.2, react-native@0.72.0, react-native-fast-image@8.5.11, react-native-get-random-values@1.4.0, react-native-modal@11.10.0, react-native-safe-area-context@3.2.0, react-native-sass-transformer@1.4.0, react-native-screens@2.9.0, react-native-svg@9.13.6 via `packages/react-native-editor/package.json`
Chronological version anomaly	@react-native-community/cli	11.3.2	Previous Chronological: @react-native-community/cli@10.2.4 (6/12/2023, 11:52:46 AM) Previous Semver: @react-native-community/cli@11.3.1 (5/25/2023, 4:05:25 PM)	@wordpress/react-native-editor@1.88.0 via `package.json` @react-native-clipboard/clipboard@1.9.0, @react-native-community/blur@4.2.0, @react-native-masked-view/masked-view@0.2.6, @react-navigation/native@5.7.0, @react-navigation/stack@5.6.2, react-native@0.72.0, react-native-fast-image@8.5.11, react-native-get-random-values@1.4.0, react-native-modal@11.10.0, react-native-safe-area-context@3.2.0, react-native-sass-transformer@1.4.0, react-native-screens@2.9.0, react-native-svg@9.13.6 via `packages/react-native-editor/package.json`
Chronological version anomaly	react-native	0.72.0	Previous Chronological: react-native@0.73.0-nightly-20230620-936936ca5 (6/20/2023, 9:28:20 PM) Previous Semver: react-native@0.72.0-rc.6 (6/13/2023, 9:12:26 PM)	@wordpress/react-native-editor@1.88.0 via `package.json` @react-native-clipboard/clipboard@1.9.0, @react-native-community/blur@4.2.0, @react-native-masked-view/masked-view@0.2.6, @react-navigation/native@5.7.0, @react-navigation/stack@5.6.2, react-native-fast-image@8.5.11, react-native-get-random-values@1.4.0, react-native-modal@11.10.0, react-native-safe-area-context@3.2.0, react-native-sass-transformer@1.4.0, react-native-screens@2.9.0, react-native-svg@9.13.6 via `packages/react-native-editor/package.json` `packages/react-native-editor/package.json`
Dynamic require	react-native	0.72.0	Location: flow-typed/npm/yargs_v17.x.x.js +3 more instances...	@wordpress/react-native-editor@1.88.0 via `package.json` @react-native-clipboard/clipboard@1.9.0, @react-native-community/blur@4.2.0, @react-native-masked-view/masked-view@0.2.6, @react-navigation/native@5.7.0, @react-navigation/stack@5.6.2, react-native-fast-image@8.5.11, react-native-get-random-values@1.4.0, react-native-modal@11.10.0, react-native-safe-area-context@3.2.0, react-native-sass-transformer@1.4.0, react-native-screens@2.9.0, react-native-svg@9.13.6 via `packages/react-native-editor/package.json` `packages/react-native-editor/package.json`
Environment variable access	react-native	0.72.0	Env Vars: Location: scripts/hermes/prepare-hermes-for-build.js	@wordpress/react-native-editor@1.88.0 via `package.json` @react-native-clipboard/clipboard@1.9.0, @react-native-community/blur@4.2.0, @react-native-masked-view/masked-view@0.2.6, @react-navigation/native@5.7.0, @react-navigation/stack@5.6.2, react-native-fast-image@8.5.11, react-native-get-random-values@1.4.0, react-native-modal@11.10.0, react-native-safe-area-context@3.2.0, react-native-sass-transformer@1.4.0, react-native-screens@2.9.0, react-native-svg@9.13.6 via `packages/react-native-editor/package.json` `packages/react-native-editor/package.json`
Chronological version anomaly	@react-native/codegen	0.72.7	Previous Chronological: @react-native/codegen@0.73.0-nightly-20230830-5f1404de0 (8/30/2023, 9:37:34 PM) Previous Semver: @react-native/codegen@0.72.6 (6/13/2023, 2:55:41 PM)	@wordpress/react-native-editor@1.88.0 via `package.json` @react-native-clipboard/clipboard@1.9.0, @react-native-community/blur@4.2.0, @react-native-masked-view/masked-view@0.2.6, @react-navigation/native@5.7.0, @react-navigation/stack@5.6.2, react-native@0.72.0, react-native-fast-image@8.5.11, react-native-get-random-values@1.4.0, react-native-modal@11.10.0, react-native-safe-area-context@3.2.0, react-native-sass-transformer@1.4.0, react-native-screens@2.9.0, react-native-svg@9.13.6 via `packages/react-native-editor/package.json`
Filesystem access	@react-native/codegen	0.72.7	Module: fs Location: lib/cli/combine/combine-js-to-schema-cli.js

fix: packages/react-native-editor/package.json to reduce vulnerabilities

9289501

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116

vercel bot had a problem deploying to Preview – gutenberg-wd9x November 30, 2023 21:01 Failure

vercel bot had a problem deploying to Preview – gutenberg November 30, 2023 21:02 Failure

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Security upgrade react-native from 0.69.4 to 0.72.0 #25

[Snyk] Security upgrade react-native from 0.69.4 to 0.72.0 #25

naiba4 commented Nov 30, 2023

vercel bot commented Nov 30, 2023 •

edited

socket-security bot commented Nov 30, 2023

socket-security bot commented Nov 30, 2023

[Snyk] Security upgrade react-native from 0.69.4 to 0.72.0 #25

Are you sure you want to change the base?

[Snyk] Security upgrade react-native from 0.69.4 to 0.72.0 #25

Conversation

naiba4 commented Nov 30, 2023

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:

vercel bot commented Nov 30, 2023 • edited

socket-security bot commented Nov 30, 2023

socket-security bot commented Nov 30, 2023

vercel bot commented Nov 30, 2023 •

edited