Skip to content

Conversation

NOUIY
Copy link
Owner

@NOUIY NOUIY commented Mar 18, 2025

snyk-top-banner

Snyk has created this PR to upgrade react-native from 0.63.3 to 0.78.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 793 versions ahead of your current version.

  • The recommended version was released a month ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Excessive Platform Resource Consumption within a Loop
SNYK-JS-BRACES-6838727
696 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-CROSSSPAWN-8303230
696 Proof of Concept
high severity Inefficient Regular Expression Complexity
SNYK-JS-MICROMATCH-6838728
696 No Known Exploit
high severity Use After Free
SNYK-JS-HERMESENGINE-1309667
696 No Known Exploit
high severity Out-of-Bounds
SNYK-JS-HERMESENGINE-1727253
696 No Known Exploit
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-REACTNATIVE-1298632
696 No Known Exploit
high severity Remote Code Execution (RCE)
SNYK-JS-SHELLQUOTE-1766506
696 No Known Exploit
high severity Prototype Pollution
SNYK-JS-UNSETVALUE-2400660
696 No Known Exploit
medium severity Cross-site Scripting (XSS)
SNYK-JS-HERMESENGINE-1015406
696 No Known Exploit
medium severity Server-Side Request Forgery (SSRF)
SNYK-JS-IP-7148531
696 Proof of Concept
medium severity Information Exposure
SNYK-JS-NODEFETCH-2342118
696 No Known Exploit
medium severity Denial of Service (DoS)
SNYK-JS-HERMESENGINE-2342071
696 No Known Exploit
medium severity Prototype Pollution
SNYK-JS-HERMESENGINE-608850
696 No Known Exploit
medium severity Denial of Service (DoS)
SNYK-JS-HERMESENGINE-629268
696 No Known Exploit
medium severity Out-of-Bounds
SNYK-JS-HERMESENGINE-629748
696 No Known Exploit
medium severity Denial of Service
SNYK-JS-NODEFETCH-674311
696 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-WS-1296835
696 Proof of Concept
Release notes
Package name: react-native
  • 0.78.0 - 2025-02-19

    Breaking

    • Codegen: Separate component array types and command array types (825492b199 by @ elicwhite)
    • React Native devTools: The FuseboxClient.setClientMetadata CDP method is removed. Instead, use ReactNativeApplication.enable. (1a9780f0e3 by @ huntie)

    Android specific

    iOS specific

    Added

    • C++: Added RawValue(Runtime*, jsi::Value&) constructor to make a RawValue from a jsi::Value. (03d2186ace by @ hannojg)
    • Codegen: Include cxx modules in codegen schema (cf5ab03d43 by @ elicwhite)
    • Deps: Add jest-diff v29.7.0 to devDependencies (b27bd00a38 by @ andrewdacenko)
    • Logging: Add support for the second parameter of console.table to specify a list of columns to print in the table. (fd0894b1c7 by @ rubennorte)
    • Logging: Add "jsEngine: hermes" to JS runtime Error prototype (85bdd75828 by Maddie Lord)
    • Metro: Add opt in for legacy Metro log streaming via --client-logs flag (86db4fa90b by @ huntie)
    • Text: Added pointerEvents to TextProps type. (3efbe33ce0 by @ hyochan)

    Android specific

    • ActivityIndicator: setting resource-id from the testID prop (87b1bad45e by @ mateoguzmana)
    • Codegen: Fixing schema types for component command params of Arrays (25c673e357 by @ elicwhite)
    • Gradle: Make the addition of JitPack repository configurable (a98528e609 by @ cortinico)
    • Logging: SoftException categories (c832f94cf7 by Thomas Nardone)
    • Logging: Add logging in ReactInstanceManager.onHostPause when activity is incorrectly null (c2fd35a442 by Maddie Lord)
    • Runtime: Added getState method for StateWrapperImpl (ed36e896ac by @ hannojg)

    iOS specific

    • Codegen: Add the source parameter to generate-codegen-artifacts to avoid generating files not needed by libraries. (98b8f17811 by @ cipolleschi)
    • Initialization: Implement ReactNativeFactory (081be01a5d by @ okwasniewski)
    • Text: Support system font families (system-ui, ui-sans-serif, ui-serif, ui-monospace, and ui-rounded) on iOS (1763321c89 by @ cxa)
    • TextInput: Integrate a new property - disableKeyboardShortcuts. It can disable the keyboard shortcuts on iPads. (0154372b93 by @ rezkiy37)

    Changed

    Android specific

    iOS specific

    Removed

    Android specific

    Fixed

    Android specific

    iOS specific


    Hermes dSYMS:


    You can file issues or pick requests against this release here.


    To help you upgrade to this version, you can use the Upgrade Helper ⚛️.


    View the whole changelog in the CHANGELOG.md file.

  • 0.78.0-rc.5 - 2025-02-13

    🥇 GOLDEN RC 🥇

    Stable release coming up next week.


    Added

    • Add opt in for legacy Metro log streaming via --client-logs flag (86db4fa90b by @ huntie)

    Fixed

    iOS specific


    Hermes dSYMS:


    You can file issues or pick requests against this release here.


    To help you upgrade to this version, you can use the Upgrade Helper ⚛️.


    View the whole changelog in the CHANGELOG.md file.

  • 0.78.0-rc.4 - 2025-02-11

    Fixed

    Android specific

    iOS specific


    Hermes dSYMS:


    You can file issues or pick requests against this release here.


    To help you upgrade to this version, you can use the Upgrade Helper ⚛️.


    View the whole changelog in the CHANGELOG.md file.

  • 0.78.0-rc.3 - 2025-02-03
  • 0.78.0-rc.2 - 2025-01-28
  • 0.78.0-rc.1 - 2025-01-20
  • 0.78.0-rc.0 - 2025-01-15
  • 0.78.0-nightly-20250120-22e769147 - 2025-01-20
  • 0.78.0-nightly-20250119-22e769147 - 2025-01-19
  • 0.78.0-nightly-20250118-22e769147 - 2025-01-18
  • 0.78.0-nightly-20250117-7278ff01d - 2025-01-17
  • 0.78.0-nightly-20250115-3420eb87b - 2025-01-15
  • 0.78.0-nightly-20250113-d4407d6f7 - 2025-01-13
  • 0.78.0-nightly-20250113-83699228c - 2025-01-13
  • 0.78.0-nightly-20250112-83699228c - 2025-01-12
  • 0.78.0-nightly-20250111-83699228c - 2025-01-11
  • 0.78.0-nightly-20250110-9b646c8b7 - 2025-01-10
  • 0.78.0-nightly-20250109-cfec590f6 - 2025-01-09
  • 0.78.0-nightly-20250108-ec72af403 - 2025-01-08
  • 0.78.0-nightly-20250107-c8552519b - 2025-01-07
  • 0.78.0-nightly-20250106-e99b47ce4 - 2025-01-06
  • 0.78.0-nightly-20250105-b867c01fa - 2025-01-05
  • 0.78.0-nightly-20250104-a6e6f5e86 - 2025-01-04
  • 0.78.0-nightly-20250103-3a7aed6ed - 2025-01-03
  • 0.78.0-nightly-20250102-93117ea1b - 2025-01-02
  • 0.78.0-nightly-20250101-93117ea1b - 2025-01-01
  • 0.78.0-nightly-20241231-a3c8e2137 - 2024-12-31
  • 0.78.0-nightly-20241230-85bdd7582 - 2024-12-30
  • 0.78.0-nightly-20241229-85bdd7582 - 2024-12-29
  • 0.78.0-nightly-20241228-85bdd7582 - 2024-12-28
  • 0.78.0-nightly-20241227-fcf3c8cab - 2024-12-27
  • 0.78.0-nightly-20241226-fcf3c8cab - 2024-12-26
  • 0.78.0-nightly-20241225-fcf3c8cab - 2024-12-25
  • 0.78.0-nightly-20241224-974fdf9a3 - 2024-12-24
  • 0.78.0-nightly-20241223-5b6e35afd - 2024-12-23
  • 0.78.0-nightly-20241222-5b6e35afd - 2024-12-22
  • 0.78.0-nightly-20241221-66342d3cc - 2024-12-21
  • 0.78.0-nightly-20241220-23eb06f66 - 2024-12-20
  • 0.78.0-nightly-20241219-b8f3f919c - 2024-12-19
  • 0.78.0-nightly-20241218-f8119fc52 - 2024-12-18
  • 0.78.0-nightly-20241217-03a1246c3 - 2024-12-17
  • 0.78.0-nightly-20241216-2fee13094 - 2024-12-16
  • 0.78.0-nightly-20241215-00c7174c2 - 2024-12-15
  • 0.78.0-nightly-20241214-00c7174c2 - 2024-12-14
  • 0.78.0-nightly-20241213-06751aa0d - 2024-12-13
  • 0.78.0-nightly-20241212-7000b9b76 - 2024-12-12
  • 0.78.0-nightly-20241211-7d771de8a - 2024-12-11
  • 0.78.0-nightly-20241210-6d235853f - 2024-12-10
  • 0.78.0-nightly-20241209-4165884b7 - 2024-12-09
  • 0.78.0-nightly-20241208-4165884b7 - 2024-12-08
  • 0.78.0-nightly-20241207-6200a4d33 - 2024-12-07
  • 0.78.0-nightly-20241206-7a81fd7a8 - 2024-12-06
  • 0.78.0-nightly-20241205-f402ed17f - 2024-12-05
  • 0.78.0-nightly-20241204-949d229b5 - 2024-12-04
  • 0.78.0-nightly-20241203-bfc8b3391 - 2024-12-03
  • 0.78.0-nightly-20241202-91e217ff5 - 2024-12-02
  • 0.78.0-nightly-20241201-91e217ff5 - 2024-12-01
  • 0.78.0-nightly-20241130-91e217ff5 - 2024-11-30
  • 0.78.0-nightly-20241129-5ff59b448 - 2024-11-29
  • 0.78.0-nightly-20241128-5da7089e3 - 2024-11-28
  • 0.78.0-nightly-20241127-40c194cf4 - 2024-11-27
  • 0.77.1 - 2025-02-13

    Fixed

    Android specific

    iOS specific

    • Image: Load images even when the extension is implicit (bc35afefd5 by @ cipolleschi)
    • Interop Layer: Avoid crashing the app when the InteropLayer can't find some methods in the native implementation. (83b986d370 by @ cipolleschi)
    • Interop Layer: Properly handle null values coming from NativeModules. (475f797a51 by sammy-SC)

    Added

    • DevX: Add opt in for legacy Metro log streaming via --client-logs flag (969eb3f007 by huntie)

    Hermes dSYMS:


    You can file issues or pick requests against this release here.


    To help you upgrade to this version, you can use the Upgrade Helper ⚛️.


    View the whole changelog in the CHANGELOG.md file.

  • 0.77.0 - 2025-01-21
  • 0.77.0-rc.7 - 2025-01-16
  • 0.77.0-rc.6 - 2025-01-06
  • 0.77.0-rc.5 - 2024-12-30
  • 0.77.0-rc.4 - 2024-12-23
  • 0.77.0-rc.3 - 2024-12-17
  • 0.77.0-rc.2 - 2024-12-10
  • 0.77.0-rc.1 - 2024-12-04
  • 0.77.0-rc.0 - 2024-11-26
  • 0.77.0-nightly-20241126-f70c3cae5 - 2024-11-26
  • 0.77.0-nightly-20241125-4cffff35e - 2024-11-25
  • 0.77.0-nightly-20241125-2781888d2 - 2024-11-25
  • 0.77.0-nightly-20241125-24b0ded3c - 2024-11-25
  • 0.77.0-nightly-20241124-d4d1eb9bb - 2024-11-24
  • 0.77.0-nightly-20241123-1fed2cfde - 2024-11-23
  • 0.77.0-nightly-20241122-e4d8c9678 - 2024-11-22
  • 0.77.0-nightly-20241121-550b0c0ed - 2024-11-21
  • 0.77.0-nightly-20241120-a865975ce - 2024-11-20
  • 0.77.0-nightly-20241119-fbe4c0ed3 - 2024-11-19
  • 0.77.0-nightly-20241118-89a7238ac - 2024-11-18
  • 0.77.0-nightly-20241118-3986eefed - 2024-11-18
  • 0.77.0-nightly-20241117-6f1c2a512 - 2024-11-17
  • 0.77.0-nightly-20241116-38fb83ca8 - 2024-11-16
  • 0.77.0-nightly-20241115-74ed831a3 - 2024-11-15
  • 0.77.0-nightly-20241114-316170ce8 - 2024-11-14
  • 0.77.0-nightly-20241113-d3c5446a6 - 2024-11-13
  • 0.77.0-nightly-20241112-16eb53bef - 2024-11-12
  • 0.77.0-nightly-20241111-a9a1c86a9 - 2024-11-11
  • 0.77.0-nightly-20241110-44d619414 - 2024-11-10
  • 0.77.0-nightly-20241109-7794d7af4 - 2024-11-09
  • 0.77.0-nightly-20241108-cbab004eb - 2024-11-08
  • 0.77.0-nightly-20241107-0ca2ba082 - 2024-11-07
  • 0.77.0-nightly-20241106-b7ec7523c - 2024-11-06
  • 0.77.0-nightly-20241105-fe656be26 - 2024-11-05
  • 0.77.0-nightly-20241104-7211119d2 - 2024-11-04
  • 0.77.0-nightly-20241103-7211119d2 - 2024-11-03
  • 0.77.0-nightly-20241102-7211119d2 - 2024-11-02
  • 0.77.0-nightly-20241101-65cdd5b82 - 2024-11-01
  • 0.77.0-nightly-20241031-3a01a0c9c - 2024-10-31
  • 0.77.0-nightly-20241030-e79713524 - 2024-10-30
  • 0.77.0-nightly-20241029-4076dbfc8 - 2024-10-29
  • 0.77.0-nightly-20241028-dc2000c87 - 2024-10-28
  • 0.77.0-nightly-20241027-dc2000c87 - 2024-10-27
  • 0.77.0-nightly-20241026-33e1ae13f - 2024-10-26
  • 0.77.0-nightly-20241025-e851e73c1 - 2024-10-25
  • 0.77.0-nightly-20241024-538bff710 - 2024-10-24
  • 0.77.0-nightly-20241023-aadb1d9eb - 2024-10-23
  • 0.77.0-nightly-20241022-363818ea2 - 2024-10-22
  • 0.77.0-nightly-20241021-5697d923a - 2024-10-21
  • 0.77.0-nightly-20241020-e7a3f479f - 2024-10-20
  • 0.77.0-nightly-20241019-f3e37e29e - 2024-10-19
  • 0.77.0-nightly-20241018-398512a4e - 2024-10-18
  • 0.77.0-nightly-20241016-557e3447f - 2024-10-16
  • 0.77.0-nightly-20241015-3485e9ed8 - 2024-10-15
  • 0.77.0-nightly-20241014-60bc3c5ae - 2024-10-14
  • 0.77.0-nightly-20241013-9ba6237bf - 2024-10-13
  • 0.77.0-nightly-20241011-b69a92e2c - 2024-10-11
  • 0.77.0-nightly-20241010-0d6908f4e - 2024-10-10
  • 0.77.0-nightly-20241009-e4814b0d6 - 2024-10-09
  • 0.77.0-nightly-20241008-40a4feb68 - 2024-10-08
  • 0.77.0-nightly-20241007-d0912ed06 - 2024-10-07
  • 0.77.0-nightly-20241006-352c06358 - 2024-10-06
  • 0.77.0-nightly-20241005-0b0ac81fb - 2024-10-05
  • 0.77.0-nightly-20241004-309cdea33 - 2024-10-04
  • 0.77.0-nightly-20241002-d19a2178b - 2024-10-02
  • 0.77.0-nightly-20241001-223e98cc4 - 2024-10-01
  • 0.77.0-nightly-20240930-513e9669e - 2024-09-30
  • 0.77.0-nightly-20240929-513e9669e - 2024-09-29
  • 0.77.0-nightly-20240928-513e9669e - 2024-09-28
  • 0.77.0-nightly-20240925-0cb32d5ac - 2024-09-25
  • 0.77.0-nightly-20240924-fc8224036 - 2024-09-24
  • 0.77.0-nightly-20240923-bd323929d - 2024-09-23
  • 0.77.0-nightly-20240922-bd323929d - 2024-09-22
  • 0.77.0-nightly-20240921-1747f57c6 - 2024-09-21
  • 0.77.0-nightly-20240920-1288e3842 - 2024-09-20
  • 0.77.0-nightly-20240919-0fe234cb6 - 2024-09-19
  • 0.77.0-nightly-20240918-bebd6531b - 2024-09-18
  • 0.77.0-nightly-20240917-51673e41a - 2024-09-17
  • 0.77.0-nightly-20240916-7bd4a5496 - 2024-09-16
  • 0.77.0-nightly-20240915-afb40e9f2 - 2024-09-15
  • 0.77.0-nightly-20240914-6bcaa0974 - 2024-09-14
  • 0.77.0-nightly-20240913-5e288d0cd - 2024-09-13
  • 0.77.0-nightly-20240912-c94246970 - 2024-09-12
  • 0.77.0-nightly-20240911-a05f9c677 - 2024-09-11
  • 0.76.7 - 2025-02-05

    Changed

    iOS specific

    Fixed

    Android specific

    iOS specific

    • runtime: RCTSurfaceHostingProxyRootView no longer has different behavior (whether it calls start on the provided surface) depending on which initializer is used. Call start yourself on the surface instead. (13b93cfdda by Nolan O'Brien)
    • Be less strict with method parsing of TurboModule Interop Layer
    • Avoid crashing the app when the InteropLayer can't find some methods in the native implementation. (3bd3f101b9 by @ cipolleschi)
    • Fix applicationDidEnterBackground not being called (adaceba546 by @ alextoudic)

    Hermes dSYMS:


    You can file issues or pick requests against this release here.


    To help you upgrade to this version, you can use the Upgrade Helper ⚛️.


    View the whole changelog in the CHANGELOG.md file.

  • 0.76.6 - 2025-01-09
  • 0.76.5 - 2024-12-09
  • 0.76.4 - 2024-12-06
  • 0.76.3 - 2024-11-21
  • 0.76.2 - 2024-11-14
  • 0.76.1 - 2024-10-29
  • 0.76.0 - 2024-10-23
  • 0.76.0-rc.6 - 2024-10-17
  • 0.76.0-rc.5 - 2024-10-15
  • 0.76.0-rc.4 - 2024-10-08
  • 0.76.0-rc.3 - 2024-10-01
  • 0.76.0-rc.2 - 2024-09-24
  • 0.76.0-rc.1 - 2024-09-16
  • 0.76.0-rc.0 - 2024-09-10
  • 0.76.0-nightly-20240910-84f2d2512 - 2024-09-10
  • 0.76.0-nightly-20240909-d424c2443 - 2024-09-09
  • 0.76.0-nightly-20240909-143f1ad29 - 2024-09-09
  • 0.76.0-nightly-20240908-d687d3898 - 2024-09-08
  • 0.76.0-nightly-20240907-79e4ed2b0 - 2024-09-07
  • 0.76.0-nightly-20240906-5fe766043 - 2024-09-06
  • 0.76.0-nightly-20240905-62ee5c9b8 - 2024-09-05
  • 0.76.0-nightly-20240904-0a1ba0227 - 2024-09-04
  • 0.76.0-nightly-20240903-4ddb12c5e - 2024-09-03
  • 0.76.0-nightly-20240902-305b4357e - 2024-09-02
  • 0.76.0-nightly-20240901-305b4357e - 2024-09-01
  • 0.76.0-nightly-20240831-f00e8baff - 2024-08-31
  • 0.76.0-nightly-20240830-435124765 - 2024-08-30
  • 0.76.0-nightly-20240829-20e3f4518 - 2024-08-29
  • 0.76.0-nightly-20240828-cf356bd19 - 2024-08-28
  • 0.76.0-nightly-20240827-851037d14 - 2024-08-27
  • 0.76.0-nightly-20240826-6cfe51ded - 2024-08-26
  • 0.76.0-nightly-20240825-6cfe51ded - 2024-08-25
  • 0.76.0-nightly-20240824-09e88448c - 2024-08-24
  • 0.76.0-nightly-20240823-858ad5e9c - 2024-08-23
  • 0.76.0-nightly-20240822-81a41ec97 - 2024-08-22
  • 0.76.0-nightly-20240821-387560a9a - 2024-08-21
  • 0.76.0-nightly-20240820-1a49892d5 - 2024-08-20
  • 0.76.0-nightly-20240819-d4d5ab0bb - 2024-08-19
  • 0.76.0-nightly-20240818-25d6a152c - 2024-08-18
  • 0.76.0-nightly-20240817-3e6b4fa23 - 2024-08-17
  • 0.76.0-nightly-20240816-17017d2b8 - 2024-08-16
  • 0.76.0-nightly-20240815-9bc32a010 - 2024-08-15
  • 0.76.0-nightly-20240801-TEMP - 2024-08-01
  • 0.76.0-nightly-20240731-TEMP - 2024-07-31
  • 0.76.0-nightly-20240730-TEMP - 2024-07-30
  • 0.76.0-nightly-20240729-TEMP - 2024-07-29
  • 0.76.0-nightly-20240728-TEMP - 2024-07-28
  • 0.76.0-nightly-20240727-TEMP - 2024-07-27
  • 0.76.0-nightly-20240726-TEMP - 2024-07-26
  • 0.76.0-nightly-20240723-700b403e0 - 2024-07-23
  • 0.76.0-nightly-20240722-9af63956d - 2024-07-22
  • 0.76.0-nightly-20240721-9af63956d - 2024-07-21
  • 0.76.0-nightly-20240720-3a5eb1973 - 2024-07-20
  • 0.76.0-nightly-20240719-6d56cea28 - 2024-07-19
  • 0.76.0-nightly-20240715-2eb7bcb8d - 2024-07-15
  • 0.76.0-nightly-20240710-9a1ae97c2 - 2024-07-10
  • 0.76.0-nightly-20240709-12b64b782 - 2024-07-09
  • 0.76.0-nightly-20240706-8c8c77b97 - 2024-07-06
  • 0.76.0-nightly-20240705-62cca7acc - 2024-07-05
  • 0.76.0-nightly-20240704-af506372b - 2024-07-04
  • 0.76.0-nightly-20240702-ad3df8466 - 2024-07-02
  • 0.76.0-nightly-20240701-9f6cb21ed - 2024-07-01
  • 0.76.0-nightly-20240630-TEMP - 2024-06-30
  • 0.76.0-nightly-20240629-TEMP - 2024-06-29
  • 0.76.0-nightly-20240628-TEMP - 2024-06-28
  • 0.76.0-nightly-20240627-TEMP - 2024-06-27
  • 0.75.5 - 2025-02-06

    Added

    Changed

    Android specific

    iOS specific

Snyk has created this PR to upgrade react-native from 0.63.3 to 0.78.0.

See this package in npm:
react-native

See this project in Snyk:
https://app.snyk.io/org/nexuscompute/project/0222b3fd-d039-47e2-9aa3-18449fae0cf0?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants