fix: resolve CVE alerts for transitive dependencies by sapta100ms · Pull Request #1523 · 100mslive/100ms-react-native

sapta100ms · 2026-02-06T09:58:30Z

Upgrade @100mslive/react-native-video-plugin devDependency from 1.1.0 to 1.1.3 in
react-native-room-kit
Add npm overrides/resolutions to fix Dependabot security alerts for vulnerable transitive
dependencies:
- fast-xml-parser 4.x → ^5.3.4 (in react-native-hms, react-native-room-kit)
- vm2 3.10.0 → >=3.10.2 (in react-native-room-kit)
- node-forge 1.3.1 → >=1.3.2 (in react-native-room-kit, room-kit example, expo demo)
- tar <7.5.7 → >=7.5.7 (in rnhms-expo-demo)
All vulnerabilities are in dev-only transitive dependencies (RN CLI, release-it) — no version bump
or publish required

…son for both react-native-room-kit and rnhms-expo-demo

trunk-io · 2026-02-06T09:58:35Z

Merging to main in this repository is managed by Trunk.

To merge this pull request, check the box to the left or comment /trunk merge below.

…d install for consistency with node_modules changes

sapta100ms added 2 commits February 6, 2026 15:13

Upgrade dependencies : fast-xml-parser, vm2, tar for cve

6f8dd7f

Update node-forge to version 1.3.3 in package.json and package-lock.j…

3480776

…son for both react-native-room-kit and rnhms-expo-demo

sapta100ms requested a review from ygit as a code owner February 6, 2026 09:58

ygit approved these changes Feb 6, 2026

View reviewed changes

Update CocoaPods installation step in build workflow to always run po…

ef461a8

…d install for consistency with node_modules changes

sapta100ms merged commit ab0e6c3 into main Mar 13, 2026
2 checks passed

Provide feedback