[Snyk] Security upgrade react-native from 0.71.15 to 0.72.0

[naiba4]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	235/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Local, EPSS: 0.0006, Social Trends: No, Days since published: 112, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Critical, Package Popularity Score: 99, Impact: 10.1, Likelihood: 2.33, Score Version: V5	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: react-native

The new version differs by 250 commits.

• 7a893e4 [0.72.0] Bump version numbers
• 3863877 [LOCAL] update podfile.lock
• ec4771b [0.72.0-rc.6] Bump version numbers
• a2df07e [LOCAL] bump CLI to 11.3.2
• b2f2737 bumped packages versions
• 0817eaa Revert "fix: border width top/bottom not matching the border radius" ([History]: Fix redo after update/publish with transient edits WordPress/gutenberg#37840)
• 0da7e06 Remove CallInvoker parameter from toJs method in Codegen (Palette item is missing hover and selected states WordPress/gutenberg#37832)
• 2d15f50 Fix Android border clip check (Expose pluralised form of entity label  WordPress/gutenberg#37828)
• 2760042 Fix loading NODE_BINARY inside Generate Legacy Components Interop (Can't access property "ref", navigateRegionsProps is undefined WordPress/gutenberg#37802)
• 8ed2cfd Add support for building with Xcode 15 (Adding spacer block in 12.3.0 fails WordPress/gutenberg#37758)
• 73f4a78 Fixed random styling for text nodes with many children (Always show the block appender when its parent is selected WordPress/gutenberg#36656)
• dfc64d5 Fix copy / paste menu and simplify controlled text selection on Android (Docs: How to create block pattern WordPress/gutenberg#37424)
• bab5bab [LOCAL] bump hermes podlock
• a98c7c6 [0.72.0-rc.5] Bump version numbers
• 7dc11bc bumped packages versions
• e11396e [0.72.0-rc.4] Bump version numbers
• 60a452b [LOCAL] Fix performance issues in Hermes when Debug
• 32327cc [LOCAL] Fix hermesc for linux ( Opt out of !important CSS rules generated from theme.json WordPress/gutenberg#37591)
• 52d2065 [LOCAL] Make sure Java Toolchain and source/target level is applied to all projects (Site Editor: Update the template list action labels WordPress/gutenberg#37576)
• e0c88fe [LOCAL] Fix Ruby tests
• a4aaee0 [LOCAL] Remove double definition of task wrapper after merge conflict
• 74e3803 bumped packages versions
• 7c5dc1d [LOCAL] bump metro to 0.76.5 and CLI to 11.3.1
• c43bd7a Do not use setNativeState in RuntimeScheduler::Task

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
gutenberg	❌ Failed (Inspect)			Feb 2, 2024 9:01pm
gutenberg-wd9x	❌ Failed (Inspect)			Feb 2, 2024 9:01pm

[pull-request-quantifier-deprecated]

This PR has 2 quantified lines of changes. In general, a change size of upto 200 lines is ideal for the best PR experience!

---

Quantification details

Label      : Extra Small
Size       : +1 -1
Percentile : 0.8%

Total files changed: 1

Change summary by file extension:
.json : +1 -1

Change counts above are quantified counts, based on the PullRequestQuantifier customizations.

Why proper sizing of changes matters

Optimal pull request sizes drive a better predictable PR flow as they strike a
balance between between PR complexity and PR review overhead. PRs within the
optimal size (typical small, or medium sized PRs) mean:

• Fast and predictable releases to production:
  • Optimal size changes are more likely to be reviewed faster with fewer
    iterations.
  • Similarity in low PR complexity drives similar review times.
• Review quality is likely higher as complexity is lower:
  • Bugs are more likely to be detected.
  • Code inconsistencies are more likely to be detected.
• Knowledge sharing is improved within the participants:
  • Small portions can be assimilated better.
• Better engineering practices are exercised:
  • Solving big problems by dividing them in well contained, smaller problems.
  • Exercising separation of concerns within the code changes.

What can I do to optimize my changes

• Use the PullRequestQuantifier to quantify your PR accurately
  • Create a context profile for your repo using the context generator
  • Exclude files that are not necessary to be reviewed or do not increase the review complexity. Example: Autogenerated code, docs, project IDE setting files, binaries, etc. Check out the Excluded section from your prquantifier.yaml context profile.
  • Understand your typical change complexity, drive towards the desired complexity by adjusting the label mapping in your prquantifier.yaml context profile.
  • Only use the labels that matter to you, see context specification to customize your prquantifier.yaml context profile.
• Change your engineering behaviors
  • For PRs that fall outside of the desired spectrum, review the details and check if:
    • Your PR could be split in smaller, self-contained PRs instead
    • Your PR only solves one particular issue. (For example, don't refactor and code new features in the same PR).

How to interpret the change counts in git diff output

• One line was added: +1 -0
• One line was deleted: +0 -1
• One line was modified: +1 -1 (git diff doesn't know about modified, it will
  interpret that line like one addition plus one deletion)
• Change percentiles: Change characteristics (addition, deletion, modification)
  of this PR in relation to all other PRs within the repository.

---

Was this comment helpful? 👍  :ok_hand:  :thumbsdown: (Email)
Customize PullRequestQuantifier for this repository.

[github-actions]

Warning: Type of PR label mismatch

To merge this PR, it requires exactly 1 label indicating the type of PR. Other labels are optional and not being checked here.

• Type-related labels to choose from: [Type] Automated Testing, [Type] Breaking Change, [Type] Bug, [Type] Build Tooling, [Type] Code Quality, [Type] Copy, [Type] Developer Documentation, [Type] Enhancement, [Type] Experimental, [Type] Feature, [Type] New API, [Type] Task, [Type] Technical Prototype, [Type] Performance, [Type] Project Management, [Type] Regression, [Type] Security, [Type] WP Core Ticket, Backport from WordPress Core.
• Labels found: Extra Small.

Read more about Type labels in Gutenberg. Don't worry if you don't have the required permissions to add labels; the PR reviewer should be able to help with the task.

[guardrails]

⚠️ We detected 1 security issue in this pull request:

Vulnerable Libraries (1)

Severity	Details
High	pkg:npm/react-native@0.71.15 (t) upgrade to: > 0.71.15

More info on how to fix Vulnerable Libraries in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.