Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk] Fix for 4 vulnerabilities #46

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 4 vulnerabilities #46

wants to merge 1 commit into from

Conversation

GTVolk
Copy link
Member

@GTVolk GTVolk commented Oct 24, 2024

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 631/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.2		 Missing Release of Resource after Effective Lifetime
SNYK-JS-INFLIGHT-6095116		 No Proof of Concept
low severity 319/1000
Why? Has a fix available, CVSS 2.1		 Cross-site Scripting
SNYK-JS-SEND-7926862		 No No Known Exploit
low severity 319/1000
Why? Has a fix available, CVSS 2.1		 Cross-site Scripting
SNYK-JS-SERVESTATIC-7926865		 No No Known Exploit
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Denial of Service (DoS)
SNYK-JS-WS-7266574		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @react-native/metro-config The new version differs by 250 commits.
  • 2e10ba9 Release 0.76.0
  • 007a8e1 [LOCAL] Fix template publishing (#47116)
  • 1be8c51 [LOCAL] Bump Podfile.lock
  • 9f9e1a4 Release 0.76.0-rc.6
  • c967dea Revert "Fix Android AlertFragment Title Accessibility (#45395)"
  • 55671c0 [0.76] Undo breaking change on UIManager eventDispatcher accessor (#47090)
  • ce16206 Undo breaking change on ViewManagerDelegate.kt String params (#47086)
  • ab0d812 Update Podfile.lock
  • 5e2f3e0 Release 0.76.0-rc.5
  • 45ae0b4 Replace sh scripts with tested JS scripts to release template (#46363)
  • 02b879b [0.76] Fix server.end() usage following Metro bump (#47023)
  • 788dd2e [LOCAL] Fix cherry-pick error
  • 3f8d1fa [0.76] Update Metro to "^0.81.0" (#47013)
  • 0661283 Make PackagerConnectionSettings class open again (#47005)
  • 60a2706 Gradle to 8.10.2 (#46656)
  • d91a12b fix: override podspecs dependencies c++ version (#46888)
  • 111d013 fix crash for Modal not attached to window manager (2) (#46764)
  • 7e14ec5 Exclude dSYM from the archive (#46472)
  • 8d8b8c3 Update Podfile.lock
  • 5106933 Release 0.76.0-rc.4
  • 25a65cd Revert [0.76] Fix errors with component stacks reported as warnings
  • 7a601f4 [0.76] Update debugger-frontend from e8c7943...ce5d32a (#46790)
  • 6047f9c [0.76][Fix] Restore Metro log forwarding, change notice to signal future removal (#46815)
  • 531657b [0.76] Update ReactNativeFlipper deprecation to ERROR (#46840)

See the full diff

Package name: react-native The new version differs by 250 commits.
  • 2e10ba9 Release 0.76.0
  • 007a8e1 [LOCAL] Fix template publishing (#47116)
  • 1be8c51 [LOCAL] Bump Podfile.lock
  • 9f9e1a4 Release 0.76.0-rc.6
  • c967dea Revert "Fix Android AlertFragment Title Accessibility (#45395)"
  • 55671c0 [0.76] Undo breaking change on UIManager eventDispatcher accessor (#47090)
  • ce16206 Undo breaking change on ViewManagerDelegate.kt String params (#47086)
  • ab0d812 Update Podfile.lock
  • 5e2f3e0 Release 0.76.0-rc.5
  • 45ae0b4 Replace sh scripts with tested JS scripts to release template (#46363)
  • 02b879b [0.76] Fix server.end() usage following Metro bump (#47023)
  • 788dd2e [LOCAL] Fix cherry-pick error
  • 3f8d1fa [0.76] Update Metro to "^0.81.0" (#47013)
  • 0661283 Make PackagerConnectionSettings class open again (#47005)
  • 60a2706 Gradle to 8.10.2 (#46656)
  • d91a12b fix: override podspecs dependencies c++ version (#46888)
  • 111d013 fix crash for Modal not attached to window manager (2) (#46764)
  • 7e14ec5 Exclude dSYM from the archive (#46472)
  • 8d8b8c3 Update Podfile.lock
  • 5106933 Release 0.76.0-rc.4
  • 25a65cd Revert [0.76] Fix errors with component stacks reported as warnings
  • 7a601f4 [0.76] Update debugger-frontend from e8c7943...ce5d32a (#46790)
  • 6047f9c [0.76][Fix] Restore Metro log forwarding, change notice to signal future removal (#46815)
  • 531657b [0.76] Update ReactNativeFlipper deprecation to ERROR (#46840)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting
🦉 Denial of Service (DoS)

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@GTVolk @snyk-bot