[Snyk] Upgrade react-native from 0.60.5 to 0.69.1 #808

snyk-bot · 2022-07-28T02:50:42Z

Snyk has created this PR to upgrade react-native from 0.60.5 to 0.69.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 83 versions ahead of your current version.
The recommended version was released a month ago, on 2022-06-29.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Arbitrary File Write SNYK-JS-TAR-1579155	425/1000 Why? CVSS 8.5	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579152	425/1000 Why? CVSS 8.5	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579147	425/1000 Why? CVSS 8.5	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536531	425/1000 Why? CVSS 8.5	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536528	425/1000 Why? CVSS 8.5	No Known Exploit
Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	425/1000 Why? CVSS 8.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-REACTNATIVE-1298632	425/1000 Why? CVSS 8.5	No Known Exploit
Remote Code Execution (RCE) SNYK-JS-LOGKITTY-568763	425/1000 Why? CVSS 8.5	Proof of Concept
Prototype Pollution SNYK-JS-ASYNC-2441827	425/1000 Why? CVSS 8.5	Proof of Concept
Denial of Service (DoS) npm:mem:20180117	425/1000 Why? CVSS 8.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	425/1000 Why? CVSS 8.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	425/1000 Why? CVSS 8.5	Proof of Concept
Command Injection SNYK-JS-NODENOTIFIER-1035794	425/1000 Why? CVSS 8.5	No Known Exploit
Prototype Pollution SNYK-JS-HAPIHOEK-548452	425/1000 Why? CVSS 8.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	425/1000 Why? CVSS 8.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: react-native

0.69.1 - 2022-06-29

Changed

iOS specific
- Make all Yoga headers public and add #ifdef __cplusplus (43f831b23c by @ janicduplessis)
Fixed
- Use monotonic clock for performance.now() (114d31feee)
iOS specific
- Fix build for React-RCTText (4ea38e16bf by @ ph4r05)
- Fix RCT-Folly build error when use_frameworks! and hermes are both enabled (79baca678a by @ Kudo)
- Fix use_frameworks! for 0.69 (f97c6a5b49 by @ Kudo)
You can participate in the conversation on the status of this release in this discussion

To help you upgrade to this version, you can use the upgrade helper ⚛️

You can find the whole changelog history in the changelog.md file.
0.69.0 - 2022-06-22
0.69 stable is out!

This release includes 629 commits with 80 contributors! Thank you to all our contributors new and old! See the highlights of the release in our release blog post.

You can participate in the conversation on the status of this release in this discussion

To help you upgrade to this version, you can use the upgrade helper ⚛️

You can find the whole changelog history in the changelog.md file.
0.69.0-rc.6 - 2022-06-01
To test it, run:

npx react-native init RN069RC6 --version 0.69.0-rc.6

You can participate in the conversation on the status of this release in the working group.

To help you upgrade to this version, you can use the upgrade helper ⚛️

See changes from this release in the changelog PR
0.69.0-rc.5 - 2022-05-31
To test it, run:

npx react-native init RN069RC5 --version 0.69.0-rc.5

You can participate in the conversation on the status of this release in the working group.

To help you upgrade to this version, you can use the upgrade helper ⚛️

See changes from this release in the changelog PR
0.69.0-rc.4 - 2022-05-31
To test it, run:

npx react-native init RN069RC4 --version 0.69.0-rc.4
NOTE: Installing hermes on iOS is currently broken and will be fixed in the next RC.

You can participate in the conversation on the status of this release in the working group.

To help you upgrade to this version, you can use the upgrade helper ⚛️

See changes from this release in the changelog PR
0.69.0-rc.3 - 2022-05-24
To test it, run:

npx react-native init RN069RC3 --version 0.69.0-rc.3

You can participate in the conversation on the status of this release in the working group.

To help you upgrade to this version, you can use the upgrade helper ⚛️

See changes from this release in the changelog PR
0.69.0-rc.2 - 2022-05-20
0.69.0-rc.1 - 2022-05-11
0.69.0-rc.0 - 2022-04-28
0.68.2 - 2022-05-09
0.68.1 - 2022-04-13
0.68.0 - 2022-03-30
0.68.0-rc.4 - 2022-03-25
0.68.0-rc.3 - 2022-03-17
0.68.0-rc.2 - 2022-02-24
0.68.0-rc.1 - 2022-02-03
0.68.0-rc.0 - 2022-01-28
0.67.4 - 2022-03-18
0.67.3 - 2022-02-22
0.67.2 - 2022-01-31
0.67.1 - 2022-01-20
0.67.0 - 2022-01-18
0.67.0-rc.6 - 2021-12-14
0.67.0-rc.5 - 2021-12-06
0.67.0-rc.4 - 2021-11-30
0.67.0-rc.3 - 2021-11-05
0.67.0-rc.2 - 2021-10-25
0.67.0-rc.1 - 2021-10-22
0.67.0-rc.0 - 2021-10-16
0.66.4 - 2021-12-09
0.66.3 - 2021-11-10
0.66.2 - 2021-11-04
0.66.1 - 2021-10-15
0.66.0 - 2021-10-01
0.66.0-rc.4 - 2021-09-24
0.66.0-rc.3 - 2021-09-17
0.66.0-rc.2 - 2021-09-10
0.66.0-rc.1 - 2021-09-01
0.66.0-rc.0 - 2021-08-27
0.65.2 - 2021-11-04
0.65.1 - 2021-08-19
0.65.0 - 2021-08-17
0.65.0-rc.4 - 2021-08-11
0.65.0-rc.3 - 2021-07-23
0.65.0-rc.2 - 2021-06-18
0.65.0-rc.1 - 2021-06-17
0.65.0-rc.0 - 2021-06-09
0.64.3 - 2021-11-04
0.64.2 - 2021-06-03
0.64.1 - 2021-05-05
0.64.0 - 2021-03-12
0.64.0-rc.4 - 2021-03-01
0.64.0-rc.3 - 2021-02-05
0.64.0-rc.2 - 2020-12-18
0.64.0-rc.1 - 2020-11-25
0.64.0-rc.0 - 2020-11-23
0.63.4 - 2020-11-30
0.63.3 - 2020-09-29
0.63.2 - 2020-07-22
0.63.1 - 2020-07-14
0.63.0 - 2020-07-08
0.63.0-rc.1 - 2020-05-04
0.63.0-rc.0 - 2020-04-16
0.62.3 - 2021-05-05
0.62.2 - 2020-04-08
0.62.1 - 2020-04-03
0.62.0 - 2020-03-26
0.62.0-rc.5 - 2020-03-07
0.62.0-rc.4 - 2020-03-06
0.62.0-rc.3 - 2020-02-25
0.62.0-rc.2 - 2020-02-13
0.62.0-rc.1 - 2020-01-21
0.62.0-rc.0 - 2019-12-18
0.61.5 - 2019-11-23
0.61.4 - 2019-11-04
0.61.3 - 2019-10-29
0.61.2 - 2019-10-02
0.61.1 - 2019-09-25
0.61.0 - 2019-09-24
0.61.0-rc.3 - 2019-09-10
0.61.0-rc.2 - 2019-09-04
0.61.0-rc.0 - 2019-08-27
0.60.6 - 2019-09-24
0.60.5 - 2019-08-13

from react-native GitHub release notes

Commit messages

Package name: react-native

587eb4e [0.69.1] Bump version numbers
802d324 fix(build): fixes React-RCTText build with RN 0.69.0 (#34064)
050924a Fix RCT-Folly build error when use_frameworks! and hermes are both enabled (#34030)
9e591ac Fix broken use_frameworks from React-bridging (#34011)
9d3ce32 revert #33381 changes (#33973)
aa068e0 Make all headers public and add #ifdef __cplusplus ([Snyk] Upgrade @babel/preset-env from 7.5.0 to 7.21.4 #1150)
dc334a2 Use monotonic clock for performance.now() (#33983)
74a08a3 [0.69.0] Bump version numbers
e68aa6a [0.69.0-rc.6] Bump version numbers
e8af5b8 Make sure sdks/.hermesversion is included inside the NPM package.
7262acc Fix Hermes not being downloaded on RC5 (#33945)
6d200c3 [0.69.0-rc.5] Bump version numbers
f50936b Lazily query for git branch & remote (#33936)
88fa872 Fix downloading prebuilt hermes from the Github release (#33935)
2c6df02 [0.69.0-rc.4] Bump version numbers
0ca6e41 Check isOnAReleaseTag alongside isOnAReleaseBranch
9a4e716 Revert "[0.69.0-rc.4] Bump version numbers"
5f50b0b [0.69.0-rc.4] Bump version numbers
605c90e Circle CI: Build Hermes apple runtime artifacts on CI (#33876)
2a6832a Fix formatting for hermes-utils.js
659b693 Fix hermes-utils.js building from source when on the release branch
a72d196 Fix hermes-engine.podspec building from source when on the release branch
b33cc1f Remove duplicate pod dependency on local hermes-engine
6759dc3 Remove broken hermes-utils-test.js