[Snyk] Security upgrade react-native from 0.60.6 to 0.65.0

[gbhasha]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	No	Proof of Concept
	711/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.8	Remote Code Execution (RCE) SNYK-JS-LOGKITTY-568763	No	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	No	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-REACTNATIVE-1298632	No	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: react-native

The new version differs by 250 commits.

• 7473ce1 [0.65.0] Bump version numbers
• 5f0b805 [0.65.0-rc.4] Bump version numbers
• 83d9b9b [LOCAL] yarn lock update
• e775957 Revert "fix: Move react-native-codegen to be a direct dependency of react-native (fix for 0.65-stable)"
• 5f7deb5 [LOCAL] reintroduce generated codegen files
• c0df3e0 [LOCAL] autogenerated files
• 54fbe0d - Bump CLI to ^6.0.0 (#31971)
• 5efad92 Codegen: Always prepare filesystem
• dfd324e Extend codegen script to take library name, output dir arguments
• 1b7f95b Reorganize codegen script for clarity
• 041365e fix: codegen - project paths with spaces (#31141)
• 98e1734 fix: Move react-native-codegen to be a direct dependency of react-native (fix for 0.65-stable)
• e8d725a [0.65.0-rc.3] Bump version numbers
• e40f582 fix(deps): bump metro to 0.66.2 + dedup (#31886)
• e53745e Bump Flipper + Bump hermes (#31872)
• 4476fbc Allow PlatformColor to work with RCTView border colors (#29728)
• 49253dc Fix support for blobs larger than 64 KB on Android (#31789)
• 626d25c Android: upgrading to OkHttp from 4.9.0 to 4.9.1 to fix java.lang.NullPointerException: bio == null crash (#31822)
• db7aa7b [0.65.0-rc.2] Bump version numbers
• 121a6a4 Fix Android build sequencing
• ba4424f Revert "Revert "bump buildToolsVersion to 30.0.2 (#31627)""
• be9a669 Revert "Revert "Gradle 6.9, Android Gradle Plugin 4.2.1 (#31593)""
• 0e08b25 [0.65.0-rc.1] Bump version numbers
• ca5b943 [LOCAL] lock files update for 065 branch

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Remote Code Execution (RCE)
🦉 Denial of Service
🦉 More lessons are available in Snyk Learn