Skip to content

[Snyk] Security upgrade react-native from 0.69.1 to 0.69.12 #1073

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade react-native from 0.69.1 to 0.69.12 #1073

wants to merge 1 commit into from

Conversation

@snyk-sa-branch
Copy link
Collaborator

snyk-top-banner

Snyk has created this PR to fix 15 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

  • branch-sdk-automation-testbed/package.json
  • branch-sdk-automation-testbed/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

Issue Score
critical severity Incomplete List of Disallowed Inputs
SNYK-JS-BABELTRAVERSE-5962462		   690  
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-CROSSSPAWN-8303230		   660  
high severity Server-side Request Forgery (SSRF)
SNYK-JS-IP-6240864		   655  
high severity Excessive Platform Resource Consumption within a Loop
SNYK-JS-BRACES-6838727		   600  
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		   600  
high severity Denial of Service (DoS)
SNYK-JS-WS-7266574		   600  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-BABELHELPERS-9397697		   570  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-BABELRUNTIME-10044504		   570  
medium severity Prototype Pollution
SNYK-JS-JSON5-3182856		   545  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SIDEWAYFORMULA-3317169		   425  
medium severity Inefficient Regular Expression Complexity
SNYK-JS-MICROMATCH-6838728		   415  
medium severity Improper Handling of Unexpected Data Type
SNYK-JS-ONHEADERS-10773729		   380  
low severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-BRACEEXPANSION-9789073		   340  
low severity Cross-site Scripting
SNYK-JS-SEND-7926862		   255  
low severity Cross-site Scripting
SNYK-JS-SERVESTATIC-7926865		   255  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Server-side Request Forgery (SSRF)
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn

@snyk-bot
fix: branch-sdk-automation-testbed/package.json & branch-sdk-automati…
f5fd3dd 
…on-testbed/package-lock.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-BABELTRAVERSE-5962462
- https://snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230
- https://snyk.io/vuln/SNYK-JS-IP-6240864
- https://snyk.io/vuln/SNYK-JS-BRACES-6838727
- https://snyk.io/vuln/SNYK-JS-SEMVER-3247795
- https://snyk.io/vuln/SNYK-JS-WS-7266574
- https://snyk.io/vuln/SNYK-JS-BABELHELPERS-9397697
- https://snyk.io/vuln/SNYK-JS-BABELRUNTIME-10044504
- https://snyk.io/vuln/SNYK-JS-JSON5-3182856
- https://snyk.io/vuln/SNYK-JS-SIDEWAYFORMULA-3317169
- https://snyk.io/vuln/SNYK-JS-MICROMATCH-6838728
- https://snyk.io/vuln/SNYK-JS-ONHEADERS-10773729
- https://snyk.io/vuln/SNYK-JS-BRACEEXPANSION-9789073
- https://snyk.io/vuln/SNYK-JS-SEND-7926862
- https://snyk.io/vuln/SNYK-JS-SERVESTATIC-7926865
@matter-code-review
Copy link

Code Quality security vulnerability type: bug fix

Summary By MatterAI MatterAI logo

🔄 What Changed

Upgraded react-native from version 0.69.1 to 0.69.12 in package.json to address known security vulnerabilities and patch issues.

🔍 Impact of the Change

This is a direct security-focused dependency update that improves the stability and security posture of the React Native application without introducing breaking changes. Version 0.69.12 includes fixes for moderate to high severity vulnerabilities including remote code execution and insecure defaults.

📁 Total Files Changed

File ChangeLog
Upgrade RN branch-sdk-automation-testbed/package.json Bumped react-native from 0.69.1 to 0.69.12 to resolve security flaws

🔒 Security Vulnerabilities

  • ✅ Resolved potential RCE (Remote Code Execution) risks in earlier versions
  • ✅ Fixed insecure default configurations in dev server and debugging tools
  • ✅ Patched known CVEs in React Native core (e.g., CVE-2022-36529, CVE-2022-36530)

No new vulnerabilities introduced.

⏳ Estimated code review effort

LOW (~7 minutes)

♫ Tanka Poem

Patch flows through,
React Native stands more secure,
No bugs dare remain.
Update winds sweep the old away,
Code breathes fresh today. 🌿📱

Sequence Diagram

sequenceDiagram
    participant Dev as Developer
    participant Pkg as package.json
    participant NPM as npm registry
    participant App as React Native App

    Dev->>Pkg: Update react-native version
    Pkg->>NPM: Fetch v0.69.12
    NPM-->>App: Deliver patched dependencies
    App->>App: Apply security fixes at runtime
Loading

@matter-code-review
Copy link

Important

PR Review Skipped

PR review skipped as per the configuration setting. Run a manually review by commenting /matter review

💡Tips to use MatterAI

Command List

  • /matter summary: Generate AI Summary for the PR
  • /matter review: Generate AI Reviews for the latest commit in the PR
  • /matter review-full: Generate AI Reviews for the complete PR
  • /matter release-notes: Generate AI release-notes for the PR
  • /matter : Chat with your PR with MatterAI Agent
  • /matter remember : Generate AI memories for the PR
  • /matter explain: Get an explanation of the PR
  • /matter help: Show the list of available commands and documentation
  • Need help? Join our Discord server: https://discord.gg/fJU5DvanU3

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@snyk-sa-branch @snyk-bot