Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump version of folly to at least 2021.07.22.00 #33824

Closed
luissantana opened this issue May 12, 2022 · 5 comments
Closed

Bump version of folly to at least 2021.07.22.00 #33824

luissantana opened this issue May 12, 2022 · 5 comments
Labels
Resolution: Answered When the issue is resolved with a simple answer Resolution: PR Submitted A pull request with a fix has been provided.

Comments

@luissantana
Copy link
Contributor

Description

Prior versions of folly are flagged with a security bug (CVE-2021-24036) that should not affect RN apps yet it causes noise in our 0.65 RN environment.

Version

0.65.0 -> current

Output of npx react-native info

System:
OS: macOS 12.3.1
CPU: (16) x64 Intel(R) Core(TM) i9-9980HK CPU @ 2.40GHz
Memory: 38.73 MB / 16.00 GB
Shell: 5.8 - /bin/zsh
Binaries:
Node: 16.14.0 - /usr/local/bin/node
Yarn: 1.22.18 - ~/workspace/MEE-PRO-EEP-UX-Client/mobile/node_modules/.bin/yarn
npm: 6.14.15 - ~/workspace/MEE-PRO-EEP-UX-Client/mobile/node_modules/.bin/npm
Watchman: 2022.02.28.00 - /usr/local/bin/watchman
Managers:
CocoaPods: 1.11.3 - /usr/local/bin/pod
SDKs:
iOS SDK:
Platforms: DriverKit 21.4, iOS 15.4, macOS 12.3, tvOS 15.4, watchOS 8.5
Android SDK:
API Levels: 23, 27, 28, 29, 30, 31
Build Tools: 29.0.2, 30.0.2, 31.0.0, 32.0.0, 32.1.0
System Images: android-28 | Google APIs Intel x86 Atom, android-28 | Google Play Intel x86 Atom, android-29 | Google APIs Intel x86 Atom, android-29 | Google Play Intel x86 Atom
Android NDK: 22.1.7171670
IDEs:
Android Studio: 2021.1 AI-211.7628.21.2111.8193401
Xcode: 13.3.1/13E500a - /usr/bin/xcodebuild
Languages:
Java: 11.0.14.1 - /usr/bin/javac
npmPackages:
@react-native-community/cli: Not Found
react: 17.0.2 => 17.0.2
react-native: 0.65.1 => 0.65.1
react-native-macos: Not Found
npmGlobalPackages:
react-native: Not Found

Steps to reproduce

installing pods will fetch the IOIBuf.cpp offending file
$ pod install
...
Installing PointrKit (6.3.5)
Installing RCT-Folly (2021.04.26.00)
Installing RCTRequired (0.65.1)
...

Snack, code example, screenshot, or link to a repository

No response
@fortmarek
Copy link
Contributor

Hey, the current version of RCT-Folly is 2021.06.28.00 (see here). I would consider updating to the latest release, we don't have any plans to release a patc for 0.65.

As a temporary measure, you can try to patch your react-native and update the version here but no guarantees the compilation will succeed.

@cipolleschi cipolleschi added Resolution: Answered When the issue is resolved with a simple answer and removed Needs: Triage 🔍 labels May 17, 2022
@luissantana
Copy link
Contributor Author

Hi @fortmarek I have a working PR for this in the latest from master. #33841, will aim to upgrde our RN version to latest if this gets fix in the current version.

@berrywong2047
Copy link

Hi @fortmarek

Could you explain more how to patch react-native and update Folly, I have to do this. Thank you so much

@fortmarek
Copy link
Contributor

Hey @berrywong2047,

I'd suggest following this comment or wait for the PR to be updated with all the necessary steps.

@cortinico
Copy link
Contributor

Fixed by #33841

@cortinico cortinico added the Resolution: PR Submitted A pull request with a fix has been provided. label Jun 21, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Resolution: Answered When the issue is resolved with a simple answer Resolution: PR Submitted A pull request with a fix has been provided.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@luissantana @cortinico @fortmarek @cipolleschi @berrywong2047