Skip to content

Commit dd00c90

Browse files
cipolleschifacebook-github-bot
cipolleschi
authored and
facebook-github-bot
committed
Fix react-native vulnerabilities in package.json (facebook#52876)
Summary: Pull Request resolved: facebook#52876 Our tooling detected a couple of vulnerabilities in our package.json. - undici - on-headers This change fixes these vulnerabilities. For the on-headers vulnerabilitiy specifically, it comes from the following dependency chain: - rn-tester > react-native-community/cli > compression > on-headers. To fix it, we have to force the resolution to both on-headers and compression. ## Changelog: [General][Fixed] - Fixed vulnerability on undici and on-headers Reviewed By: cortinico Differential Revision: D79086335 fbshipit-source-id: 44f14403196165f5f823030304102dbd0facd0ce
1 parent fb0e4ee commit dd00c90

File tree

3 files changed

+29
-32
lines changed

3 files changed

+29
-32
lines changed

package.json

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -116,6 +116,8 @@
116116
},
117117
"resolutions": {
118118
"eslint-plugin-react-hooks": "6.1.0-canary-12bc60f5-20250613",
119-
"react-is": "19.1.0"
119+
"react-is": "19.1.0",
120+
"on-headers": "1.1.0",
121+
"compression": "1.8.1"
120122
}
121123
}

packages/dev-middleware/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -39,7 +39,7 @@
3939
},
4040
"devDependencies": {
4141
"selfsigned": "^2.4.1",
42-
"undici": "^5.28.5",
42+
"undici": "^5.29.0",
4343
"wait-for-expect": "^3.0.2"
4444
}
4545
}

yarn.lock

Lines changed: 25 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -2731,7 +2731,7 @@ abort-controller@^3.0.0:
27312731
dependencies:
27322732
event-target-shim "^5.0.0"
27332733

2734-
accepts@^1.3.7, accepts@~1.3.5, accepts@~1.3.7:
2734+
accepts@^1.3.7, accepts@~1.3.7:
27352735
version "1.3.8"
27362736
resolved "https://registry.yarnpkg.com/accepts/-/accepts-1.3.8.tgz#0bf0be125b67014adcb0b0921e62db7bffe16b2e"
27372737
integrity sha512-PYAthTa2m2VKxuvSD3DPC/Gy+U+sOA1LAuT8mkmRuvw+NACSaeXEQ+NHcVF7rONl6qcaxV3Uuemwawk+7+SJLw==
@@ -3345,11 +3345,6 @@ buffer@^5.5.0:
33453345
base64-js "^1.3.1"
33463346
ieee754 "^1.1.13"
33473347

3348-
[email protected]:
3349-
version "3.0.0"
3350-
resolved "https://registry.yarnpkg.com/bytes/-/bytes-3.0.0.tgz#d32815404d689699f85a4ea4fa8755dd13a96048"
3351-
integrity sha512-pMhOfFDPiv9t5jjIXkHosWmkSyQbvsgEVNkz0ERHbuLh2T/7j4Mqqpz523Fe8MVY89KC6Sh/QfS2sM+SjgFDcw==
3352-
33533348
[email protected]:
33543349
version "3.1.2"
33553350
resolved "https://registry.yarnpkg.com/bytes/-/bytes-3.1.2.tgz#8b0beeb98605adf1b128fa4386403c009e0221a5"
@@ -3707,24 +3702,24 @@ compare-version@^0.1.2:
37073702
resolved "https://registry.yarnpkg.com/compare-version/-/compare-version-0.1.2.tgz#0162ec2d9351f5ddd59a9202cba935366a725080"
37083703
integrity sha512-pJDh5/4wrEnXX/VWRZvruAGHkzKdr46z11OlTPN+VrATlWWhSKewNCJ1futCO5C7eJB3nPMFZA1LeYtcFboZ2A==
37093704

3710-
compressible@~2.0.16:
3705+
compressible@~2.0.18:
37113706
version "2.0.18"
37123707
resolved "https://registry.yarnpkg.com/compressible/-/compressible-2.0.18.tgz#af53cca6b070d4c3c0750fbd77286a6d7cc46fba"
37133708
integrity sha512-AF3r7P5dWxL8MxyITRMlORQNaOA2IkAFaTr4k7BUumjPtRpGDTZpl0Pb1XCO6JeDCBdp126Cgs9sMxqSjgYyRg==
37143709
dependencies:
37153710
mime-db ">= 1.43.0 < 2"
37163711

3717-
compression@^1.7.1:
3718-
version "1.7.4"
3719-
resolved "https://registry.yarnpkg.com/compression/-/compression-1.7.4.tgz#95523eff170ca57c29a0ca41e6fe131f41e5bb8f"
3720-
integrity sha512-jaSIDzP9pZVS4ZfQ+TzvtiWhdpFhE2RDHz8QJkpX9SIpLq88VueF5jJw6t+6CUQcAoA6t+x89MLrWAqpfDE8iQ==
3712+
compression@1.8.1, compression@^1.7.1:
3713+
version "1.8.1"
3714+
resolved "https://registry.yarnpkg.com/compression/-/compression-1.8.1.tgz#4a45d909ac16509195a9a28bd91094889c180d79"
3715+
integrity sha512-9mAqGPHLakhCLeNyxPkK4xVo746zQ/czLH1Ky+vkitMnWfWZps8r0qXuwhwizagCRttsL4lfG4pIOvaWLpAP0w==
37213716
dependencies:
3722-
accepts "~1.3.5"
3723-
bytes "3.0.0"
3724-
compressible "~2.0.16"
3717+
bytes "3.1.2"
3718+
compressible "~2.0.18"
37253719
debug "2.6.9"
3726-
on-headers "~1.0.2"
3727-
safe-buffer "5.1.2"
3720+
negotiator "~0.6.4"
3721+
on-headers "~1.1.0"
3722+
safe-buffer "5.2.1"
37283723
vary "~1.1.2"
37293724

37303725
[email protected]:
@@ -7480,6 +7475,11 @@ [email protected]:
74807475
resolved "https://registry.yarnpkg.com/negotiator/-/negotiator-0.6.3.tgz#58e323a72fedc0d6f9cd4d31fe49f51479590ccd"
74817476
integrity sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg==
74827477

7478+
negotiator@~0.6.4:
7479+
version "0.6.4"
7480+
resolved "https://registry.yarnpkg.com/negotiator/-/negotiator-0.6.4.tgz#777948e2452651c570b712dd01c23e262713fff7"
7481+
integrity sha512-myRT3DiWPHqho5PrJaIRyaMv2kgYf0mUVgBNOYMuCH5Ki1yEiQaf/ZJuQ62nvpc44wL5WDbTX7yGJi1Neevw8w==
7482+
74837483
nocache@^3.0.1:
74847484
version "3.0.4"
74857485
resolved "https://registry.yarnpkg.com/nocache/-/nocache-3.0.4.tgz#5b37a56ec6e09fc7d401dceaed2eab40c8bfdf79"
@@ -7646,10 +7646,10 @@ on-finished@~2.3.0:
76467646
dependencies:
76477647
ee-first "1.1.1"
76487648

7649-
on-headers@~1.0.2:
7650-
version "1.0.2"
7651-
resolved "https://registry.yarnpkg.com/on-headers/-/on-headers-1.0.2.tgz#772b0ae6aaa525c399e489adfad90c403eb3c28f"
7652-
integrity sha512-pZAE+FJLoyITytdqK0U5s+FIpjN0JP3OzFi/u8Rx+EV5/W+JTWGXG8xFzevE7AjBfDqHv/8vL8qQsIhHnqRkrA==
7649+
on-headers@1.1.0, on-headers@~1.1.0:
7650+
version "1.1.0"
7651+
resolved "https://registry.yarnpkg.com/on-headers/-/on-headers-1.1.0.tgz#59da4f91c45f5f989c6e4bcedc5a3b0aed70ff65"
7652+
integrity sha512-737ZY3yNnXy37FHkQxPzt4UZ2UWPWiCZWLvFZ4fu5cueciegX0zGPnrlY6bwRg4FdQOe9YU8MkmJwGhoMybl8A==
76537653

76547654
once@^1.3.0, once@^1.3.1, once@^1.4.0:
76557655
version "1.4.0"
@@ -8497,12 +8497,7 @@ safe-array-concat@^1.1.2:
84978497
has-symbols "^1.0.3"
84988498
isarray "^2.0.5"
84998499

8500-
[email protected]:
8501-
version "5.1.2"
8502-
resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.1.2.tgz#991ec69d296e0313747d59bdfd2b745c35f8828d"
8503-
integrity sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==
8504-
8505-
safe-buffer@^5.0.1, safe-buffer@~5.2.0:
8500+
[email protected], safe-buffer@^5.0.1, safe-buffer@~5.2.0:
85068501
version "5.2.1"
85078502
resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.2.1.tgz#1eaf9fa9bdb1fdd4ec75f58f9cdb4e6b7827eec6"
85088503
integrity sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==
@@ -9360,10 +9355,10 @@ undici-types@~6.21.0:
93609355
resolved "https://registry.yarnpkg.com/undici-types/-/undici-types-6.21.0.tgz#691d00af3909be93a7faa13be61b3a5b50ef12cb"
93619356
integrity sha512-iwDZqg0QAGrg9Rav5H4n0M64c3mkR59cJ6wQp+7C4nI0gsmExaedaYLNO44eT4AtBBwjbTiGPMlt2Md0T9H9JQ==
93629357

9363-
undici@^5.28.5:
9364-
version "5.28.5"
9365-
resolved "https://registry.yarnpkg.com/undici/-/undici-5.28.5.tgz#b2b94b6bf8f1d919bc5a6f31f2c01deb02e54d4b"
9366-
integrity sha512-zICwjrDrcrUE0pyyJc1I2QzBkLM8FINsgOrt6WjA+BgajVq9Nxu2PbFFXUrAggLfDXlZGZBVZYw7WNV5KiBiBA==
9358+
undici@^5.29.0:
9359+
version "5.29.0"
9360+
resolved "https://registry.yarnpkg.com/undici/-/undici-5.29.0.tgz#419595449ae3f2cdcba3580a2e8903399bd1f5a3"
9361+
integrity sha512-raqeBD6NQK4SkWhQzeYKd1KmIG6dllBOTt55Rmkt4HtI9mwdWtJljnrXjAFUBLTSN67HWrOIZ3EPF4kjUw80Bg==
93679362
dependencies:
93689363
"@fastify/busboy" "^2.0.0"
93699364

0 commit comments

Comments
 (0)