Fix vulnerabilities and update react-native to 0.69 #375
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Perform updates requiring for react-native 0.69. Also, as a workaround use prebuilt appcenter-sdk packages with the fix of microsoft/appcenter-sdk-react-native#979.
aleksandr-dorofeev
approved these changes
Jul 7, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The PR fixes the following vulnerabilities:
93070 [Component Governance Alert] - CVE-2021-23337 in lodash 4.17.15. Severity: High
93071 [Component Governance Alert] - CVE-2021-23406 in pac-resolver 3.0.0. Severity: High
93072 [Component Governance Alert] - CVE-2021-23406 in degenerator 1.0.4. Severity: High
93073 [Component Governance Alert] - CVE-2021-28918 in netmask 1.0.6. Severity: Critical
93074 [Component Governance Alert] - CVE-2022-0235 in node-fetch 1.7.3. Severity: High
93075 [Component Governance Alert] - CVE-2021-44906 in minimist 1.2.0. Severity: Critical
93076 [Component Governance Alert] - CVE-2021-44906 in minimist 0.0.8. Severity: Critical
93077 [Component Governance Alert] - CVE-2021-3777 in tmpl 1.0.4. Severity: High
93078 [Component Governance Alert] - CVE-2019-20149 in kind-of 6.0.2. Severity: High
93079 [Component Governance Alert] - CVE-2020-7788 in ini 1.3.5. Severity: High
93080 [Component Governance Alert] - CVE-2021-3807 in ansi-regex 3.0.0. Severity: High
93081 [Component Governance Alert] - CVE-2020-7774 in y18n 3.2.1. Severity: High
93082 [Component Governance Alert] - CVE-2022-26260 in simple-plist 1.1.0. Severity: Critical
93083 [Component Governance Alert] - CVE-2020-8149 in logkitty 0.6.1. Severity: High
93084 [Component Governance Alert] - CVE-2022-26260 in simple-plist 0.2.1. Severity: Critical
93085 [Component Governance Alert] - CVE-2021-37713 in tar 4.4.8. Severity: High
93086 [Component Governance Alert] - CVE-2021-37712 in tar 4.4.8. Severity: High
93087 [Component Governance Alert] - CVE-2021-37701 in tar 4.4.8. Severity: High
93088 [Component Governance Alert] - CVE-2021-32803 in tar 4.4.8. Severity: High
93089 [Component Governance Alert] - CVE-2021-32804 in tar 4.4.8. Severity: High
93090 [Component Governance Alert] - CVE-2021-3807 in ansi-regex 4.1.0. Severity: High
93091 [Component Governance Alert] - CVE-2022-0235 in node-fetch 2.6.0. Severity: High
93092 [Component Governance Alert] - CVE-2021-43138 in async 2.6.3. Severity: High
93410 [Component Governance Alert] - tar 4.4.8. Severity: High
93629 [Component Governance Alert] - CVE-2021-42740 in shell-quote 1.6.1. Severity: Critical