[Snyk] Upgrade react-native from 0.63.2 to 0.65.1 #51

snyk-bot · 2021-09-30T22:21:45Z

Snyk has created this PR to upgrade react-native from 0.63.2 to 0.65.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 17 versions ahead of your current version.
The recommended version was released a month ago, on 2021-08-19.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-610226	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-1023599	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-REACTNATIVE-1298632	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Use After Free SNYK-JS-HERMESENGINE-1309667	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Improper Input Validation SNYK-JS-XMLDOM-1534562	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
XML External Entity (XXE) Injection SNYK-JS-XMLDOM-1084960	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-1072471	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Denial of Service SNYK-JS-NODEFETCH-674311	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Denial of Service SNYK-JS-NODEFETCH-674311	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Out-of-Bounds SNYK-JS-HERMESENGINE-629748	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Denial of Service (DoS) SNYK-JS-HERMESENGINE-629268	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Prototype Pollution SNYK-JS-HERMESENGINE-608850	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Cross-site Scripting (XSS) SNYK-JS-HERMESENGINE-1015406	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: react-native

0.65.1 - 2021-08-19
Hello everyone 👋 0.65.1 is out and addresses a couple of compatibility issues (with M1, with latest Android Studio), bumps react-test-renderer to the correct version in the template and fixes a colorProps issue for Android.

Changed
- Set react-test-renderer to 17.0.2 in the template (d272880 by @@ rickhanlonii)
Fixed
- Resolve NODE_BINARY after finding the right path to node (d75683 by @ santiagofm)
Android specific
- ColorProps with value null should be defaultColor instead of transparent (842bcb902e by @ hank121314)
- Android Gradle Plugin 7 compatibility (06e31c748f by @ dulmandakh)
You can participate in the conversation on the status of this release at this issue.

To help you upgrade to this version, you can use the upgrade helper ⚛️

You can find the whole changelog history over at react-native-releases.
0.65.0 - 2021-08-17
0.65 stable is here 🎉

Thanks to everyone who contributed (over 1100 commits from 61 contributors!) and helped to get this together, we worked really hard and we hope you are as excited as we are 🤗

Some of the most important highlights of this version:
- Hermes 0.8.1. Please see the highlighted changes from its 0.8.0 and 0.8.1 release notes.
- react-native-codegen version 0.0.7 is now needed as a devDependency in the package.json.
- JCenter has been sunsetted and read-only now. We have removed JCenter as a maven repository and updated dependencies to use MavenCentral and Jitpack.
- Upgraded OkHttp from v3 to v4.9.1. See Upgrading to OkHttp 4 for more details on changes.
- Upgraded to Flipper 0.93 to support Xcode 12.5. See Flipper changelog here.
- Android Gradle Plugin 7 support.
Among many others - please refer to the blog post for more details.

You can participate in the conversation on the status of this release at this issue.

You can upgrade to this version using the upgrade helper webtool ⚛️

You can find the whole changelog history over at react-native-releases.
0.65.0-rc.4 - 2021-08-11
⚠️ THIS IS A RELEASE CANDIDATE: this means it's not stable yet, so proceed with care.

Please only upgrade or create new apps with 0.65.0-rc.4 if you'd like to help us test this before the stable release - which would be super useful 🤗

To test it, run:
```
npx react-native init RN065RC4 --version 0.65.0-rc.4
```
We're working on the changelog and you can read the draft here.

You can participate in the conversation on the RC status this issue for updates, where you can post your bug reports and cherry-pick suggestions.

You can find the whole changelog history over at react-native-releases.
0.65.0-rc.3 - 2021-07-23
⚠️ THIS IS A RELEASE CANDIDATE: this means it's not stable yet, so proceed with care.

Please only upgrade or create new apps with 0.65.0-rc.3 if you'd like to help us test this before the stable release - which would be super useful 🤗

To test it, run:
```
npx react-native init RN065RC3 --version 0.65.0-rc.3
```
We're working on the changelog and you can read the draft here.

You can participate in the conversation on the RC status this issue for updates, where you can post your bug reports and cherry-pick suggestions.

You can find the whole changelog history over at react-native-releases.
0.65.0-rc.2 - 2021-06-18
0.65.0-rc.1 - 2021-06-17
0.65.0-rc.0 - 2021-06-09
0.64.2 - 2021-06-03
0.64.1 - 2021-05-05
0.64.0 - 2021-03-12
0.64.0-rc.4 - 2021-03-01
0.64.0-rc.3 - 2021-02-05
0.64.0-rc.2 - 2020-12-18
0.64.0-rc.1 - 2020-11-25
0.64.0-rc.0 - 2020-11-23
0.63.4 - 2020-11-30
0.63.3 - 2020-09-29
0.63.2 - 2020-07-22

from react-native GitHub release notes

Commit messages

Package name: react-native

e4d576f [0.65.1] Bump version numbers
fde90a8 fix: Resolve NODE_BINARY *after* finding the path to node (#32029)
8b430e0 fix AGP 7 compatibility (#32030)
2209bb7 `Android/ColorProps`: ColorProps with value null should be defaultColor instead of transparent (#29830)
5a1dc1b Handle OSS renderers in sync script
65dc99b [LOCAL] podlock file updates
7473ce1 [0.65.0] Bump version numbers
5f0b805 [0.65.0-rc.4] Bump version numbers
83d9b9b [LOCAL] yarn lock update
e775957 Revert "fix: Move react-native-codegen to be a direct dependency of react-native (fix for 0.65-stable)"
5f7deb5 [LOCAL] reintroduce generated codegen files
c0df3e0 [LOCAL] autogenerated files
54fbe0d - Bump CLI to ^6.0.0 (#31971)
5efad92 Codegen: Always prepare filesystem
dfd324e Extend codegen script to take library name, output dir arguments
1b7f95b Reorganize codegen script for clarity
041365e fix: codegen - project paths with spaces (#31141)
98e1734 fix: Move react-native-codegen to be a direct dependency of react-native (fix for 0.65-stable)
e8d725a [0.65.0-rc.3] Bump version numbers
e40f582 fix(deps): bump metro to 0.66.2 + dedup (#31886)
e53745e Bump Flipper + Bump hermes (#31872)
4476fbc Allow PlatformColor to work with RCTView border colors (#29728)
49253dc Fix support for blobs larger than 64 KB on Android (#31789)
626d25c Android: upgrading to OkHttp from 4.9.0 to 4.9.1 to fix java.lang.NullPointerException: bio == null crash (#31822)