Skip to content

Fix dependabot alerts #189

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Werror merged 8 commits into from
Jun 12, 2025
Merged

Fix dependabot alerts #189

Werror merged 8 commits into from
Jun 12, 2025

Conversation

@Werror
Copy link
Contributor

@Werror Werror commented May 10, 2025
edited
Loading

High severity vulnerabilities:

Updated TypeScript config and ESLint config and fix ESLint errors

@Werror Werror added the dependencies Pull requests that update a dependency file label May 13, 2025
muhfarsh
muhfarsh reviewed May 16, 2025
View reviewed changes
Werror added 8 commits June 12, 2025 11:53
@Werror
updated react-native version to 0.76 and its dependencies
667d53e
@Werror
fix: update TypeScript config and fix ESLint errors
18e214e 
- Update TypeScript configuration for React Native 0.76 compatibility
- Fix require-await errors by removing unnecessary async keywords
- Fix no-floating-promises errors by adding void operator to async calls
- Fix React hooks exhaustive dependencies warnings
- Add missing assertions to tests
- Fix various syntax errors in the codebase
- Update dependencies in package.json
- Ensure all ESLint and TypeScript checks pass successfully
@Werror
fix: address security vulnerabilities and update dependencies
8518753 
- Fix high severity vulnerabilities:
  - ReDoS in cross-spawn (CVE-2024-21538)
  - DoS in REXML gem (CVE-2024-43398)
  - DoS in ws package (CVE-2024-37890)
  - Memory exhaustion in braces (CVE-2024-4068)
  - SSRF in ip package (CVE-2024-29415)
  - CORS in esbuild (GHSA-67mh-4wv8-2f99)
  - Predictable results in nanoid (CVE-2024-55565)

- Update dependencies:
  - Migrate husky from v4 to v9 with new configuration
  - Update commitlint to v19.8.1
  - Update ESLint to v9.26.0 with new config format
  - Update react-native-builder-bob to v0.40.10
  - Pin glob to v8.1.0 for compatibility

- Improve project configuration:
  - Add resolutions to force secure versions
  - Update Ruby gems with bundle update
  - Configure TypeScript linting rules
  - Fix build system compatibility issues
@Werror
fix: update iOS Podfile for React Native 0.76 compatibility
36a323e 
- Update iOS deployment target to 15.1 to meet dependency requirements
- Remove references to non-existent reference to react_native_helpers
- Remove Flipper configuration causing build errors
- Remove Unused post-install functions
- Fix glog dependency compatibility issues
- Maintain environment-based configuration for Hermes and Fabric

Resolves pod installation errors and ensures successful run of yarn pods command
@Werror
fix: update node version to 23.11.0
b4d54ea
@Werror
fix: jest test error
f8433ca
@Werror
fix: resolved comment for async function handling
86dcb39
@Werror
fix: dependabot alert for rexml
fb2d610
@muhfarsh muhfarsh self-requested a review June 12, 2025 16:01
@Werror Werror merged commit 4e407ec into aws:main Jun 12, 2025
3 of 5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@muhfarsh muhfarsh muhfarsh approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Werror @muhfarsh