[Snyk] Upgrade react-native from 0.59.10 to 0.66.3 #271

snyk-bot · 2021-12-17T11:36:12Z

Snyk has created this PR to upgrade react-native from 0.59.10 to 0.66.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 63 versions ahead of your current version.
The recommended version was released a month ago, on 2021-11-10.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Regular Expression Denial of Service (ReDoS) SNYK-JS-TMPL-1583443	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
Arbitrary File Write SNYK-JS-TAR-1579155	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579152	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579147	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536531	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536528	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-REACTNATIVE-1298632	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Prototype Pollution SNYK-JS-MERGE-1042987	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-MERGE-1040469	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Prototype Pollution SNYK-JS-INI-1048974	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
Denial of Service (DoS) npm:mem:20180117	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Improper Input Validation SNYK-JS-XMLDOM-1534562	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
XML External Entity (XXE) Injection SNYK-JS-XMLDOM-1084960	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Command Injection SNYK-JS-NODENOTIFIER-1035794	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) npm:braces:20180219	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Validation Bypass SNYK-JS-KINDOF-537849	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: react-native

0.66.3 - 2021-11-10
This release contains a set of improvements to the script we use for npm releases; aside from it:
- Rename deprecated Keyboard.removeEventListener to Keyboard.removeListener. (8880c09076 by @ yungsters)
- Revert changes in Jest preprocessor to fix tests in external projects (142090a5f3fa7 by @ rubennorte)
You can participate in the conversation on the status of this release at this discussion.

To help you upgrade to this version, you can use the upgrade helper ⚛️

You can find the whole changelog history in the changelog.md file.
0.66.2 - 2021-11-04
0.66.2 is out with some fixes:

Fixed
- Compare the LogBoxData ignorePatterns with the right code (a950634 by @ wiseqingyang)
- [iOS] Fix logbox window capturing touch events (72ea0e1 by @ paddlefish)
- Commit generated codegen files as a temporary workaround for devX issue with yarn install removing codegen assets. Proper fix coming in later. (5f7deb5 by @ kelset)
You can participate in the conversation on the status of this release at this discussion.

To help you upgrade to this version, you can use the upgrade helper ⚛️

You can find the whole changelog history in the changelog.md file.
0.66.1 - 2021-10-15
0.66.0 - 2021-10-01
0.66.0-rc.4 - 2021-09-24
0.66.0-rc.3 - 2021-09-17
0.66.0-rc.2 - 2021-09-10
0.66.0-rc.1 - 2021-09-01
0.66.0-rc.0 - 2021-08-27
0.65.2 - 2021-11-04
[0.65.2] Bump version numbers
0.65.1 - 2021-08-19
0.65.0 - 2021-08-17
0.65.0-rc.4 - 2021-08-11
0.65.0-rc.3 - 2021-07-23
0.65.0-rc.2 - 2021-06-18
0.65.0-rc.1 - 2021-06-17
0.65.0-rc.0 - 2021-06-09
0.64.3 - 2021-11-04
0.64.3 is out with a pick of Android Appearance API support (e94f9fa7 by @ mrbrentkelly)

If you have concerns or follow-up, please start or contribute to a relevant 0.64.3 discussion here

To help you upgrade to this version, you can use the upgrade helper ⚛️

You can find the whole changelog history in the changelog.md file.
0.64.2 - 2021-06-03
0.64.1 - 2021-05-05
0.64.0 - 2021-03-12
0.64.0-rc.4 - 2021-03-01
0.64.0-rc.3 - 2021-02-05
0.64.0-rc.2 - 2020-12-18
0.64.0-rc.1 - 2020-11-25
0.64.0-rc.0 - 2020-11-23
0.63.4 - 2020-11-30
0.63.3 - 2020-09-29
0.63.2 - 2020-07-22
0.63.1 - 2020-07-14
0.63.0 - 2020-07-08
0.63.0-rc.1 - 2020-05-04
0.63.0-rc.0 - 2020-04-16
0.62.3 - 2021-05-05
0.62.2 - 2020-04-08
0.62.1 - 2020-04-03
0.62.0 - 2020-03-26
0.62.0-rc.5 - 2020-03-07
0.62.0-rc.4 - 2020-03-06
0.62.0-rc.3 - 2020-02-25
0.62.0-rc.2 - 2020-02-13
0.62.0-rc.1 - 2020-01-21
0.62.0-rc.0 - 2019-12-18
0.61.5 - 2019-11-23
0.61.4 - 2019-11-04
0.61.3 - 2019-10-29
0.61.2 - 2019-10-02
0.61.1 - 2019-09-25
0.61.0 - 2019-09-24
0.61.0-rc.3 - 2019-09-10
0.61.0-rc.2 - 2019-09-04
0.61.0-rc.0 - 2019-08-27
0.60.6 - 2019-09-24
0.60.5 - 2019-08-13
0.60.4 - 2019-07-18
0.60.3 - 2019-07-11
0.60.2 - 2019-07-11
0.60.1 - 2019-07-11
0.60.0 - 2019-07-03
0.60.0-rc.3 - 2019-06-28
0.60.0-rc.2 - 2019-06-20
0.60.0-rc.1 - 2019-06-10
0.60.0-rc.0 - 2019-05-30
0.59.10 - 2019-07-02

from react-native GitHub release notes

Commit messages

Package name: react-native

3b5e446 [0.66.3] Bump version numbers
0981564 RN: Rename `Keyboard.remove{Event =>}Listener`
142090a Revert changes in RN preprocessor
f35369e Fix npm latest tag issue when releasing patches (#32543)
85f1450 Clean up publish-npm.js and use parseVersion
8a67aaa Extract version parsing from release script
d08397a bump-oss-version: Add -v / --to-version argument and use it when bumping nightly releases (now at 20:00 UTC)
6c19dc3 [0.66.2] Bump version numbers
11644d7 Hide the logbox window explicitly. New behavior in iOS SDK appears to… (#32435)
9d601e4 fix: compare the LogBoxData ignorePatterns with the right code (#31977)
7382f55 [LOCAL] reintroduce generated codegen files
d48ed4a [0.66.1] Bump version numbers
80e5abd Fix Android border positioning regression (#32398)
e94f9fa Addressing various issues with the Appearance API (#28823) (#29106)
bd01f16 Fix: find-node.sh location in react-native-xcode.sh script (#32227)
09a21f0 [0.66.0] Bump version numbers
d47fd4a [0.66.0-rc.4] Bump version numbers
a6a983d OSS: bump-oss-version -- update Podfile.lock later in the flow
ef280d6 [LOCAL] Port react-native-codegen new .gitignore from main
9967318 OSS: update Podfile.lock automatically when bumping release version
6b014e8 Don’t hard-code CocoaPods’s sandbox path (#32243)
ab50c6e [0.66.0-rc.3] Bump version numbers
dc453da Update rn-tester Podfile.lock to prepare for 0.66.0-rc.3
8b6d7fd Link RCT-Folly against libc++abi