[Snyk] Upgrade react-native from 0.51.1 to 0.66.1

[snyk-bot]

Snyk has created this PR to upgrade react-native from 0.51.1 to 0.66.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 135 versions ahead of your current version.
• The recommended version was released a month ago, on 2021-10-15.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Override Protection Bypass npm:qs:20170213	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:plist:20180219	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) npm:plist:20180219	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) npm:negotiator:20160616	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:fresh:20170908	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
	Uninitialized Memory Exposure npm:base64-url:20180512	589/1000 Why? Has a fix available, CVSS 7.5	Mature
	Denial of Service (DoS) npm:ws:20171108	589/1000 Why? Has a fix available, CVSS 7.5	Mature
	Prototype Pollution SNYK-JS-MERGE-1042987	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-MERGE-1040469	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
	Prototype Pollution SNYK-JS-LODASH-73638	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-608086	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-450202	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
	Command Injection SNYK-JS-LODASH-1040724	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
	Denial of Service (DoS) npm:mem:20180117	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
	Prototype Pollution SNYK-JS-YARGSPARSER-560381	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
	Improper Input Validation SNYK-JS-XMLDOM-1534562	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
	XML External Entity (XXE) Injection SNYK-JS-XMLDOM-1084960	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
	Arbitrary Code Injection SNYK-JS-MORGAN-72579	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-559764	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
	Prototype Pollution npm:lodash:20180130	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-567746	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-590103	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: react-native

• 0.66.1 - 2021-10-15
  

  0.66.1 is out with some fixes:

  Fixed

  • Fix for unable to find find-node.sh in react-native-xcode.sh (cc59a7c by @ garethknowles)
  • For Android, general fixes to Appearance API and also fixes AppCompatDelegate.setDefaultNightMode(). For iOS, now works correctly when setting window.overrideUserInterfaceStyle (25a2c60 by @ mrbrentkelly)
  • Fix Android border positioning regression (d1a33cd by @ oblador)

  ---

  You can participate in the conversation on the status of this release at this discussion.

  ---

  To help you upgrade to this version, you can use the upgrade helper ⚛️

  ---

  You can find the whole changelog history over at react-native-releases.

• 0.66.0 - 2021-10-01
• 0.66.0-rc.4 - 2021-09-24
• 0.66.0-rc.3 - 2021-09-17
• 0.66.0-rc.2 - 2021-09-10
• 0.66.0-rc.1 - 2021-09-01
• 0.66.0-rc.0 - 2021-08-27
• 0.65.2 - 2021-11-04
  

  [0.65.2] Bump version numbers

• 0.65.1 - 2021-08-19
• 0.65.0 - 2021-08-17
• 0.65.0-rc.4 - 2021-08-11
• 0.65.0-rc.3 - 2021-07-23
• 0.65.0-rc.2 - 2021-06-18
• 0.65.0-rc.1 - 2021-06-17
• 0.65.0-rc.0 - 2021-06-09
• 0.64.3 - 2021-11-04
  

  0.64.3 is out with a pick of Android Appearance API support (e94f9fa7 by @ mrbrentkelly)

  ---

  If you have concerns or follow-up, please start or contribute to a relevant 0.64.3 discussion here

  ---

  To help you upgrade to this version, you can use the upgrade helper ⚛️

  ---

  You can find the whole changelog history in the changelog.md file.

• 0.64.2 - 2021-06-03
• 0.64.1 - 2021-05-05
• 0.64.0 - 2021-03-12
• 0.64.0-rc.4 - 2021-03-01
• 0.64.0-rc.3 - 2021-02-05
• 0.64.0-rc.2 - 2020-12-18
• 0.64.0-rc.1 - 2020-11-25
• 0.64.0-rc.0 - 2020-11-23
• 0.63.4 - 2020-11-30
• 0.63.3 - 2020-09-29
• 0.63.2 - 2020-07-22
• 0.63.1 - 2020-07-14
• 0.63.0 - 2020-07-08
• 0.63.0-rc.1 - 2020-05-04
• 0.63.0-rc.0 - 2020-04-16
• 0.62.3 - 2021-05-05
• 0.62.2 - 2020-04-08
• 0.62.1 - 2020-04-03
• 0.62.0 - 2020-03-26
• 0.62.0-rc.5 - 2020-03-07
• 0.62.0-rc.4 - 2020-03-06
• 0.62.0-rc.3 - 2020-02-25
• 0.62.0-rc.2 - 2020-02-13
• 0.62.0-rc.1 - 2020-01-21
• 0.62.0-rc.0 - 2019-12-18
• 0.61.5 - 2019-11-23
• 0.61.4 - 2019-11-04
• 0.61.3 - 2019-10-29
• 0.61.2 - 2019-10-02
• 0.61.1 - 2019-09-25
• 0.61.0 - 2019-09-24
• 0.61.0-rc.3 - 2019-09-10
• 0.61.0-rc.2 - 2019-09-04
• 0.61.0-rc.0 - 2019-08-27
• 0.60.6 - 2019-09-24
• 0.60.5 - 2019-08-13
• 0.60.4 - 2019-07-18
• 0.60.3 - 2019-07-11
• 0.60.2 - 2019-07-11
• 0.60.1 - 2019-07-11
• 0.60.0 - 2019-07-03
• 0.60.0-rc.3 - 2019-06-28
• 0.60.0-rc.2 - 2019-06-20
• 0.60.0-rc.1 - 2019-06-10
• 0.60.0-rc.0 - 2019-05-30
• 0.59.10 - 2019-07-02
• 0.59.9 - 2019-06-05
• 0.59.8 - 2019-05-08
• 0.59.7 - 2019-05-08
• 0.59.6 - 2019-04-18
• 0.59.5 - 2019-04-17
• 0.59.4 - 2019-04-08
• 0.59.3 - 2019-04-01
• 0.59.2 - 2019-03-25
• 0.59.1 - 2019-03-14
• 0.59.0 - 2019-03-12
• 0.59.0-rc.3 - 2019-02-27
• 0.59.0-rc.2 - 2019-02-18
• 0.59.0-rc.1 - 2019-02-15
• 0.59.0-rc.0 - 2019-02-13
• 0.58.6 - 2019-02-28
• 0.58.5 - 2019-02-19
• 0.58.4 - 2019-02-06
• 0.58.3 - 2019-01-28
• 0.58.2 - 2019-01-28
• 0.58.1 - 2019-01-25
• 0.58.0 - 2019-01-24
• 0.58.0-rc.3 - 2019-01-17
• 0.58.0-rc.2 - 2018-12-18
• 0.58.0-rc.1 - 2018-12-06
• 0.58.0-rc.0 - 2018-11-22
• 0.57.8 - 2018-12-13
• 0.57.7 - 2018-11-27
• 0.57.6 - 2018-11-26
• 0.57.5 - 2018-11-13
• 0.57.4 - 2018-10-25
• 0.57.3 - 2018-10-12
• 0.57.2 - 2018-10-04
• 0.57.1 - 2018-09-21
• 0.57.0 - 2018-09-12
• 0.57.0-rc.4 - 2018-09-06
• 0.57.0-rc.3 - 2018-08-24
• 0.57.0-rc.2 - 2018-08-22
• 0.57.0-rc.1 - 2018-08-22
• 0.57.0-rc.0 - 2018-08-16
• 0.56.1 - 2018-09-10
• 0.56.0 - 2018-07-04
• 0.56.0-rc.5 - 2018-07-04
• 0.56.0-rc.4 - 2018-06-27
• 0.56.0-rc.3 - 2018-06-22
• 0.56.0-rc.2 - 2018-06-15
• 0.56.0-rc.1 - 2018-06-13
• 0.56.0-rc - 2018-06-11
• 0.55.4 - 2018-05-08
• 0.55.3 - 2018-04-17
• 0.55.2 - 2018-04-09
• 0.55.1 - 2018-04-05
• 0.55.0 - 2018-04-03
• 0.55.0-rc.2 - 2018-03-29
• 0.55.0-rc.1 - 2018-03-21
• 0.55.0-rc.0 - 2018-03-13
• 0.54.4 - 2018-03-29
• 0.54.3 - 2018-03-26
• 0.54.2 - 2018-03-12
• 0.54.1 - 2018-03-10
• 0.54.0 - 2018-03-01
• 0.54.0-rc.4 - 2018-02-27
• 0.54.0-rc.3 - 2018-02-13
• 0.54.0-rc.2 - 2018-02-12
• 0.54.0-rc.0 - 2018-02-12
• 0.53.3 - 2018-02-20
• 0.53.2 - 2018-02-19
• 0.53.0 - 2018-02-05
• 0.53.0-rc.0 - 2018-01-10
• 0.52.3 - 2018-02-19
• 0.52.2 - 2018-01-26
• 0.52.1 - 2018-01-22
• 0.52.0 - 2018-01-08
• 0.52.0-rc.0 - 2017-12-18
• 0.51.1 - 2018-02-19

from react-native GitHub release notes

Commit messages

Package name: react-native

• d48ed4a [0.66.1] Bump version numbers
• 80e5abd Fix Android border positioning regression (#32398)
• e94f9fa Addressing various issues with the Appearance API (#28823) (#29106)
• bd01f16 Fix: find-node.sh location in react-native-xcode.sh script (#32227)
• 09a21f0 [0.66.0] Bump version numbers
• d47fd4a [0.66.0-rc.4] Bump version numbers
• a6a983d OSS: bump-oss-version -- update Podfile.lock later in the flow
• ef280d6 [LOCAL] Port react-native-codegen new .gitignore from main
• 9967318 OSS: update Podfile.lock automatically when bumping release version
• 6b014e8 Don’t hard-code CocoaPods’s sandbox path (#32243)
• ab50c6e [0.66.0-rc.3] Bump version numbers
• dc453da Update rn-tester Podfile.lock to prepare for 0.66.0-rc.3
• 8b6d7fd Link RCT-Folly against libc++abi
• 614a370 [0.66.0-rc.2] Bump version numbers
• c97015d Update Podfile.lock
• c282c2d Bump Hermes pod to 0.9.0
• 2133172 Bump Hermes npm to 0.9.0
• 013e623 Revert the Android specific max heap size GCConfig
• b4a1d2b Make JSI a dynamic library
• 0d7586c [LOCAL] postfix timestamp to bust yarn cache
• d552362 [0.66.0-rc.1] Bump version numbers
• 1594af1 Copy repo-config dependencies for bumping release version
• 038cdda Switch order of search libraries to fix M1 build error
• ea5109f OSS: add Xcode 12.5 + M1 machines CocoaPods post_install workaround

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs