[Snyk] Upgrade: metro-react-native-babel-preset, react-native, react-native-elements, react-native-get-random-values, react-native-linear-gradient, react-native-reanimated, react-native-vector-icons, react-redux, redux

[vladovello]

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

metro-react-native-babel-preset
from 0.67.0 to 0.77.0 | 43 versions ahead of your current version | a year ago
on 2023-07-06
react-native
from 0.68.1 to 0.75.2 | 521 versions ahead of your current version | 22 days ago
on 2024-08-20
react-native-elements
from 3.4.2 to 3.4.3 | 1 version ahead of your current version | 2 years ago
on 2022-12-23
react-native-get-random-values
from 1.8.0 to 1.11.0 | 3 versions ahead of your current version | 6 months ago
on 2024-03-06
react-native-linear-gradient
from 2.5.6 to 2.8.3 | 11 versions ahead of your current version | a year ago
on 2023-09-06
react-native-reanimated
from 2.8.0 to 2.17.0 | 14 versions ahead of your current version | a year ago
on 2023-04-24
react-native-vector-icons
from 9.1.0 to 9.2.0 | 1 version ahead of your current version | 2 years ago
on 2022-06-24
react-redux
from 8.0.1 to 8.1.3 | 10 versions ahead of your current version | a year ago
on 2023-10-01
redux
from 4.2.0 to 4.2.1 | 1 version ahead of your current version | 2 years ago
on 2023-01-28

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	786	Proof of Concept
	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	786	No Known Exploit
	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	786	No Known Exploit
	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	786	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	786	Proof of Concept
	Improper Authorization SNYK-JS-REACTDEVTOOLSCORE-6023999	786	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-REACTNATIVEREANIMATED-2949507	786	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SIDEWAYFORMULA-3317169	786	No Known Exploit
	Server-Side Request Forgery (SSRF) SNYK-JS-IP-7148531	786	Proof of Concept
	Prototype Pollution SNYK-JS-JSON5-3182856	786	Proof of Concept

Release notes

Package name: metro-react-native-babel-preset

• 0.77.0 - 2023-07-06
  
  • [Breaking]: Increase minimum Node version from 16 to 18. (ebaf27a by @ arushikesarwani94)
  • [Breaking]: Use Terser's default for comments. (#972 by @ tido64)
  • [Breaking]: Remove metro-minify-uglify from metro dependencies. (7a8fcd5 by @ robhogan)
  • [Fix]: Fixed a bug in the handling of path separators in blockList on Windows. (2eecfc7 by @ motiz88)
  • [Fix]: Protect against unsafe merging of blockList patterns with inconsistent regex flags. (c80904b by @ motiz88)
  • [Fix]: Incorrect worker resolution when multiple metro versions are installed. (6d46078 by @ robhogan)
  • [Performance]: Improve resolution performance for files outside the project root. (dc3cddf by @ robhogan)
  • [Performance]: Improved startup speed via a new file map cache format. (166477e by @ robhogan)

  NOTE: Experimental features are not covered by semver and can change at any time.

  • [Experimental]: metro-file-map: Normalize root-relative paths for cross-platform cache compatibility. (d282a08 by @ motiz88)
  • [Experimental]: Fix crash when require.context is used on a directory with infinite path expansions. (14d652f by @ robhogan)

  Full Changelog: v0.76.7...v0.77.0

• 0.76.9 - 2024-01-30
• 0.76.8 - 2023-08-07
• 0.76.7 - 2023-06-21
  
  • [Feature]: metro-babel-transformer and metro-react-native-babel-transformer will return metadata from Babel transform results. (42fdbc2 by @ robhogan)
  • [Feature]: Expose TerminalReporter for Reporter implementations. (417e6f2 by @ colinta)
  • [Feature]: Allow client-side device identifiers in inspector proxy. (c6a94bc by @ byCedric)
  • [Fix]: EPERM file watching errors on Windows. (4b22efb by @ robhogan)

  Full Changelog: v0.76.6...v0.76.7

• 0.76.6 - 2023-06-07
  
  • [Types] Update config and Server types to use broader types from connect package (d20d7c8 by @ huntie)
  • [Types] Fix TypeScript name for createConnectMiddleware export (06682f8 by @ huntie)
  • [Deprecation] Deprecate server.enhanceMiddleware option (22e85fd by @ huntie)

  NOTE: Experimental features are not covered by semver and can change at any time.

  • [Experimental] Add unstable_extraMiddleware option to runServer API (d0d5543 by @ huntie)

  Full Changelog: v0.76.5...v0.76.6

• 0.76.5 - 2023-05-25
  
  • [Feature] Support URLs for both bundling and symbolication requests using //& instead of ? as a query string delimiter (bd357c8 by @ robhogan)
  • [Fix] Fix crash on a module added+modified+removed between updates (5d7305e by @ robhogan)
  • [Fix] Fix missed modification on module removed+modified+added between updates (5d7305e by @ robhogan)
  • [Fix] Emit source URLs in a format that will not be stripped by JavaScriptCore (bce6b27 by @ robhogan)
  • [Performance] Prune unmodified modules from delta updates before sending them to the client (e24c6ae by @ robhogan)

  NOTE: Experimental features are not covered by semver and can change at any time.

  • [Experimental] Fix babel/runtime issue when using Package Exports (905d773 by @ huntie)

  Full Changelog: v0.76.4...v0.76.5

• 0.76.4 - 2023-05-10
  
  • [Feature]: Support the x_google_ignoreList source map extension. (#973, 82bd64a by @ motiz88)
  • [Feature]: Support bundling KTX files as image assets. (#975 by @ rshest)
  • [Fix]: Fix crash on a module added+modified+removed between updates. (5d7305e by @ robhogan)
  • [Fix]: Fix missed modification on module removed+modified+added between updates. (5d7305e by @ robhogan)

  Full Changelog: v0.76.3...v0.76.4

• 0.76.3 - 2023-04-24
  
  • [Feature]: Support custom __loadBundleAsync implementations in the default asyncRequire function. See the lazy bundling RFC for more details. (ac3adce, f07ce5c by @ motiz88)
  • [Feature]: Support lazy parameter in bundle requests. See the lazy bundling RFC for more details. (4ef14f9 by @ motiz88)
  • [Feature]: Preserve comments in unminified builds, while continuing to strip all comments from minified builds. (#967 by @ tido64)
  • [Deprecated]: The transformer.asyncRequireModulePath config option is deprecated. Use __loadBundleAsync instead.(c7b684f by @ motiz88)

  NOTE: Experimental features are not covered by semver and can change at any time.

  • [Experimental] Package Exports unstable_conditionNames now defaults to ['require', 'import'] (e70ceef by @ huntie)
  • [Experimental] Removed server.experimentalImportBundleSupport config option. (4ef14f9 by @ motiz88)

  Full Changelog: v0.76.2...v0.76.3

• 0.76.2 - 2023-04-14
  
  • [Feature]: Added customizeStack hook to Metro's /symbolicate endpoint to allow custom frame skipping logic on a stack level. (ce266dd by @ GijsWeterings)
  • [Feature]: Re-export metro-core's Terminal from metro. (86e3f93 by @ robhogan)
  • [Feature]: Re-export metro-config's resolveConfig from metro. (cc16664 by @ robhogan)
  • [Types]: Remove dependency on @ types/babel__code-frame. (41cdc03 by @ robhogan)
  • [Types]: Remove dependency on @ types/ws. (7deb525 by @ robhogan)
  • [Types]: Fix TypeScript types entry point for metro-source-map. (3238bbc by @ huntie)
  • [Deprecated]: Deprecate ResolutionContext.getPackageForModule. (2d0a01c by @ huntie)

  NOTE: Experimental features are not covered by semver and can change at any time.

  • [Experimental]: Pass full path and query params to asyncRequire for lazy bundles. (61a30b7 by @ motiz88)
  • [Experimental]: Fix bug where Package Exports warnings may have been logged for nested node_modules path candidates. (29c77bf by @ huntie)
  • [Experimental]: Fix package.json discovery against root package specifiers for Package Exports. (b995303 by @ huntie, fixes #965 reported by @ shamilovtim)

  Full Changelog: v0.76.1...v0.76.2

• 0.76.1 - 2023-04-03
• 0.76.0 - 2023-03-06
• 0.75.1 - 2023-02-22
• 0.75.0 - 2023-02-01
• 0.74.1 - 2023-01-20
• 0.74.0 - 2023-01-09
• 0.73.10 - 2023-06-07
  

  This is a hotfix on the 0.73.x branch.

  • [Feature] Support URLs for both bundling and symbolication requests using //& instead of ? as a query string delimiter (#994 by @ robhogan)
  • [Fix] Emit source URLs in a format that will not be stripped by JavaScriptCore (#994 by @ robhogan)

  Full Changelog: v0.73.9...v0.73.10

• 0.73.9 - 2023-03-21
• 0.73.8 - 2023-02-20
• 0.73.7 - 2023-01-05
• 0.73.6 - 2022-12-15
• 0.73.5 - 2022-12-01
• 0.73.4 - 2022-12-01
• 0.73.3 - 2022-10-26
• 0.73.2 - 2022-10-13
• 0.73.1 - 2022-10-06
• 0.73.0 - 2022-10-04
• 0.72.4 - 2023-06-07
  

  This is a hotfix on the 0.72.x branch.

  • [Feature] Support URLs for both bundling and symbolication requests using //& instead of ? as a query string delimiter (#993 by @ robhogan)
  • [Fix] Emit source URLs in a format that will not be stripped by JavaScriptCore (#993 by @ robhogan)

  Full Changelog: v0.72.3...v0.72.4

• 0.72.3 - 2022-09-14
• 0.72.2 - 2022-09-05
• 0.72.1 - 2022-08-18
• 0.72.0 - 2022-07-28
• 0.71.3 - 2022-07-06
• 0.71.2 - 2022-06-27
• 0.71.1 - 2022-06-10
• 0.71.0 - 2022-05-23
• 0.70.4 - 2023-06-07
  

  This is a hotfix on the 0.70.x branch.

  • [Feature] Support URLs for both bundling and symbolication requests using //& instead of ? as a query string delimiter. (#996 by @ robhogan)
  • [Fix] Emit source URLs in a format that will not be stripped by JavaScriptCore. (#996 by @ robhogan)

  Full Changelog: v0.70.3...v0.70.4

• 0.70.3 - 2022-05-05
• 0.70.2 - 2022-04-22
• 0.70.1 - 2022-04-07
• 0.70.0 - 2022-03-28
• 0.69.1 - 2022-03-15
• 0.69.0 - 2022-02-26
• 0.68.0 - 2022-02-09
• 0.67.0 - 2022-01-26

from metro-react-native-babel-preset GitHub release notes

Package name: react-native

• 0.75.2 - 2024-08-20
  

  Added

  Android specific

  • codegen: Add support for handling com.facebook.react.bridge.Dynamic as parameter for TurboModules (45cd81706d by @ cortinico)

  Changed

  Android specific

  • ReactRootView: Replaced mLastHeight with mVisibleViewArea.height() since mLastHeight value is not getting updated. For width we are already using mVisibleViewArea.width() (603eb94dd9 by @ shubhamguptadream11)

  Removed

  iOS specific

  • RCTBaseTextInputView: UIReturnKeyDefault (26aff664c0 by @ elencho)

  Fixed

  • codegen: scripts require yargs (0979921850 by @ tido64)

  Android specific

  • ImageSource: open for inheritance (02d9979c32 by @ cortinico)

  ---

  Hermes dSYMS:

  • Debug
  • Release

  ---

  You can file issues or pick requests against this release here.

  ---

  To help you upgrade to this version, you can use the Upgrade Helper ⚛️.

  ---

  View the whole changelog in the CHANGELOG.md file.

• 0.75.1 - 2024-08-15
  

  v0.75.1

  Changed

  • Bump Hermes version (f202e80177 by @ cortinico)

  ---

  Hermes dSYMS:

  • Debug
  • Release

  ---

  You can file issues or pick requests against this release here.

  ---

  To help you upgrade to this version, you can use the Upgrade Helper ⚛️.

  ---

  View the whole changelog in the CHANGELOG.md file.

• 0.75.0 - 2024-08-14
  

  0.75 stable is out!

  This release includes over 1491 commits from 165 contributors! Thank you to all our contributors new and old! See the highlights of the release in our release blog post.

  ---

  Hermes dSYMS:

  • Debug
  • Release

  ---

  You can file issues or pick requests against this release here.

  ---

  To help you upgrade to this version, you can use the Upgrade Helper ⚛️.

  ---

  View the whole changelog in the CHANGELOG.md file

• 0.75.0-rc.7 - 2024-08-06
  

  Changed

  • feat: update CLI to 14.0.0 (b62bfcd561 by @ szymonrybczak)

  ---

  Hermes dSYMS:

  • Debug
  • Release

  ---

  You can file issues or pick requests against this release here

  ---

  To help you upgrade to this version, you can use the upgrade helper ⚛️

  ---

  You can find the whole changelog history in the changelog.md file.

• 0.75.0-rc.6 - 2024-07-29
• 0.75.0-rc.5 - 2024-07-15
• 0.75.0-rc.4 - 2024-07-08
• 0.75.0-rc.3 - 2024-07-01
• 0.75.0-rc.2 - 2024-06-26
• 0.75.0-rc.1 - 2024-06-25
• 0.75.0-rc.0 - 2024-06-19
• 0.75.0-nightly-20240618-5df5ed1a8 - 2024-06-18
• 0.75.0-nightly-20240617-9435097b1 - 2024-06-17
• 0.75.0-nightly-20240616-2f8d4f0c2 - 2024-06-16
• 0.75.0-nightly-20240614-8b53d41a8 - 2024-06-14
• 0.75.0-nightly-20240613-f7aea0c8e - 2024-06-13
• 0.75.0-nightly-20240612-fd618819c - 2024-06-12
• 0.75.0-nightly-20240611-5b3a32142 - 2024-06-11
• 0.75.0-nightly-20240610-ced076210 - 2024-06-10
• 0.75.0-nightly-20240610-6937c7044 - 2024-06-10
• 0.75.0-nightly-20240609-2483c6301 - 2024-06-09
• 0.75.0-nightly-20240608-61de7da03 - 2024-06-08
• 0.75.0-nightly-20240606-cf8b25ead - 2024-06-06
• 0.75.0-nightly-20240606-4324f0874 - 2024-06-06
• 0.75.0-nightly-20240605-a569c82eb - 2024-06-05
• 0.75.0-nightly-20240605-TEMP - 2024-06-05
• 0.75.0-nightly-20240604-744024be7 - 2024-06-04
• 0.75.0-nightly-20240603-a6a7cdf0b - 2024-06-03
• 0.75.0-nightly-20240602-033a55f7f - 2024-06-02
• 0.75.0-nightly-20240601-033a55f7f - 2024-06-01
• 0.75.0-nightly-20240531-c046198cc - 2024-05-31
• 0.75.0-nightly-20240530-0bea4cd0c - 2024-05-30
• 0.75.0-nightly-20240529-5fbebb485 - 2024-05-29
• 0.75.0-nightly-20240528-a93a15aca - 2024-05-28
• 0.75.0-nightly-20240527-c207708c4 - 2024-05-27
• 0.75.0-nightly-20240525-840c31c3a - 2024-05-25
• 0.75.0-nightly-20240524-91d12d9b9 - 2024-05-24
• 0.75.0-nightly-20240523-1343313dc - 2024-05-23
• 0.75.0-nightly-20240522-95de14dc5 - 2024-05-22
• 0.75.0-nightly-20240521-644facd19 - 2024-05-21
• 0.75.0-nightly-20240520-2a96dba07 - 2024-05-20
• 0.75.0-nightly-20240519-93c079b92 - 2024-05-19
• 0.75.0-nightly-20240518-93c079b92 - 2024-05-18
• 0.75.0-nightly-20240517-044aadbaf - 2024-05-17
• 0.75.0-nightly-20240516-1aabefc5b - 2024-05-16
• 0.75.0-nightly-20240515-ad4c39ec9 - 2024-05-15
• 0.75.0-nightly-20240514-734ac42d6 - 2024-05-14
• 0.75.0-nightly-20240512-a37111a4d - 2024-05-12
• 0.75.0-nightly-20240511-3f17c8b5f - 2024-05-11
• 0.75.0-nightly-20240510-1db50a37d - 2024-05-10
• 0.75.0-nightly-20240509-f4996e0b6 - 2024-05-09
• 0.75.0-nightly-20240508-88ab1ceea - 2024-05-08
• 0.75.0-nightly-20240507-be09d1266 - 2024-05-07
• 0.75.0-nightly-20240506-362abb9ff - 2024-05-06
• 0.75.0-nightly-20240503-1d2221ab4 - 2024-05-03
• 0.75.0-nightly-20240502-88de74b2d - 2024-05-02
• 0.75.0-nightly-20240501-90663081d - 2024-05-01
• 0.75.0-nightly-20240430-c96c89337 - 2024-04-30
• 0.75.0-nightly-20240429-b7de91666 - 2024-04-29
• 0.75.0-nightly-20240428-bb2c13af5 - 2024-04-28
• 0.75.0-nightly-20240427-e2ad6696d - 2024-04-27
• 0.75.0-nightly-20240426-9c4ee6df0 - 2024-04-26
• 0.75.0-nightly-20240425-2876fae8d - 2024-04-25
• 0.75.0-nightly-20240424-132563d81 - 2024-04-24
• 0.75.0-nightly-20240423-41f525cca - 2024-04-23
• 0.75.0-nightly-20240422-876914be5 - 2024-04-22
• 0.75.0-nightly-20240420-03a51da72 - 2024-04-20
• 0.75.0-nightly-20240419-73b4d67a7 - 2024-04-19
• 0.75.0-nightly-20240418-4fbc1f2ef - 2024-04-18
• 0.75.0-nightly-20240417-fe9942a19 - 2024-04-17
• 0.75.0-nightly-20240416-8c53ac607 - 2024-04-16
• 0.75.0-nightly-20240415-e7154bdd9 - 2024-04-15
• 0.75.0-nightly-20240414-a5eeea814 - 2024-04-14
• 0.75.0-nightly-20240413-1b152f6ec - 2024-04-13
• 0.75.0-nightly-20240412-b72f5e998 - 2024-04-12
• 0.75.0-nightly-20240411-46b6453eb - 2024-04-11
• 0.75.0-nightly-20240410-f7eaf6388 - 2024-04-10
• 0.75.0-nightly-20240409-881c0bc89 - 2024-04-09
• 0.75.0-nightly-20240408-eae5d9711 - 2024-04-08
• 0.75.0-nightly-20240407-592716582 - 2024-04-07
• 0.75.0-nightly-20240406-a05466c5b - 2024-04-06
• 0.75.0-nightly-20240405-3f05ad6e8 - 2024-04-05
• 0.75.0-nightly-20240404-70c3158b6 - 2024-04-04
• 0.75.0-nightly-20240403-3559a6c58 - 2024-04-03
• 0.75.0-nightly-20240329-3f8882116 - 2024-03-29
• 0.75.0-nightly-20240328-af309127a - 2024-03-28
• 0.75.0-nightly-20240327-2af1da42f - 2024-03-27
• 0.75.0-nightly-20240325-ac714b1c3 - 2024-03-25
• 0.75.0-nightly-20240324-4c8e253d8 - 2024-03-24
• 0.75.0-nightly-20240323-37e362699 - 2024-03-23
• 0.75.0-nightly-20240322-b13e9f8f7 - 2024-03-22
• 0.75.0-nightly-20240321-7d180d712 - 2024-03-21
• 0.75.0-nightly-20240320-0267ca0a4 - 2024-03-20
• 0.75.0-nightly-20240319-d97741af6 - 2024-03-19
• 0.75.0-nightly-20240318-a87fb56ef - 2024-03-18
• 0.75.0-nightly-20240317-06dc448d8 - 2024-03-17
• 0.75.0-nightly-20240316-06dc448d8 - 2024-03-16
• 0.75.0-nightly-20240315-f2f62cdf5 - 2024-03-15
• 0.75.0-nightly-20240315-e180f805e - 2024-03-15
• 0.75.0-nightly-20240312-41b637194 - 2024-03-12
• 0.75.0-nightly-20240311-3706bf077 - 2024-03-11
• 0.75.0-nightly-20240310-e2157f063 - 2024-03-10
• 0.75.0-nightly-20240309-e2157f063 - 2024-03-09
• 0.75.0-nightly-20240308-6c28c87c4 - 2024-03-08
• 0.75.0-nightly-20240308-208be5000 - 2024-03-08
• 0.75.0-nightly-20240307-ff03b149e - 2024-03-07
• 0.75.0-nightly-20240306-c645646a2 - 2024-03-06
• 0.75.0-nightly-20240305-9aeb9f2f9 - 2024-03-05
• 0.75.0-nightly-20240304-ec928d7a6 - 2024-03-04
• 0.75.0-nightly-20240303-7d4778104 - 2024-03-03
• 0.75.0-nightly-20240302-7d4778104 - 2024-03-02
• 0.75.0-nightly-20240229-21171222e - 2024-02-29
• 0.75.0-nightly-20240228-252ef19c8 - 2024-02-28
• 0.75.0-nightly-20240227-8317325fb - 2024-02-27
• 0.75.0-nightly-20240223-c7bacf610 - 2024-02-23
• 0.75.0-nightly-20240222-2dc39c26e - 2024-02-22
• 0.75.0-nightly-20240221-a1171f79f - 2024-02-21
• 0.74.5 - 2024-08-05
  

  Fixed

  iOS specific

  • Pass the right Apple system versions to Hermes (10e9669ad1 by @ cipolleschi)

  Android specific

  • Remove deprecated onTextInput callback (5da40cbb1c by @ javache)

  ---

  Hermes dSYMS:

  • Debug
  • Release

  ---

  You can file issues or pick requests against this release here.

  ---

  To help you upgrade to this version, you can use the Upgrade Helper ⚛️.

  ---

  View the whole changelog in the CHANGELOG.md file.

• 0.74.4 - 2024-07-30
  

  Added

  Android specific

  • Stub com.facebook.react.settings on 0.74 (13ea273850 by @ cortinico)

  iOS specific

  • Prebuilt version of Hermes for visionOS (924fb3de9b by @ okwasniewski)

  Fixed

  • Don't break script phase and codegen when coreutils installed on macOS (e0799536ef by @ blakef)
  • Remove setting of process.exitCode that breaks Jest tests (e42932cfc6 by @@ douglowder)

  iOS specific

  • Make sure to pass the RCTBridgeProxy to ViewManagers (d6c90cf7ed by @ cipolleschi)
  • Implement shared atomic counters and replace static integers in RCTImageLoader and RCTNetworkTask that were accessed concurrently, which in some cases lead to data races. (ffc16fc18b by @ hakonk)
  • Do not use temporary node when creating the .xcode.env.local (8408b8bc96 by @ cipolleschi)
  • Building of iOS project when RCTAppDelegate is used in the project (be93092c1b by @ nikhiltekwani09)
  • Fix error on handling privacy manifest (e39e9c4a60 by @ cxa)

  ---

  Hermes dSYMS: