fix(SEC-7530): update react-server-dom-webpack to 19.0.1 #310
+13
−11
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add yarn resolution to override the vulnerable transitive dependency react-server-dom-webpack from version 19.0.0-rc-6230622a1a-20240610 to the safe version 19.0.1. The vulnerable version was pulled in by jest-expo@~52.0.2. Co-Authored-By: Patrick Kaeding <[email protected]>
Contributor
🤖 Devin AI EngineerI'll be helping with this pull request! Here's what you should know: ✅ I will automatically:
Note: I can only respond to comments from users who have write access to this repository. ⚙️ Control Options:
|
Run yarn dedupe to consolidate webpack-sources versions as required by CI's dedupe check. Co-Authored-By: Patrick Kaeding <[email protected]>
pkaeding
deleted the
devin/1764797890-sec-7530-update-react-server-dom-webpack
branch
abelonogov-ld
added a commit
that referenced
this pull request
Dec 4, 2025
* main: doc: Add using ldMask in readme. (#311) chore: release main (#312) feat: take transformed coordinates, which are more precise in animation (#309) chore: release main (#307) fix(SEC-7530): update react-server-dom-webpack to 19.0.1 (#310) # Conflicts: # sdk/@launchdarkly/observability-android/lib/src/main/kotlin/com/launchdarkly/observability/replay/capture/CaptureSource.kt # sdk/@launchdarkly/observability-android/lib/src/main/kotlin/com/launchdarkly/observability/replay/masking/ComposeMaskTarget.kt # sdk/@launchdarkly/observability-android/lib/src/main/kotlin/com/launchdarkly/observability/replay/masking/Mask.kt # sdk/@launchdarkly/observability-android/lib/src/main/kotlin/com/launchdarkly/observability/replay/masking/NativeMaskTarget.kt
abelonogov-ld
added a commit
that referenced
this pull request
Dec 4, 2025
* main: (85 commits) doc: Add using ldMask in readme. (#311) chore: release main (#312) feat: take transformed coordinates, which are more precise in animation (#309) chore: release main (#307) fix(SEC-7530): update react-server-dom-webpack to 19.0.1 (#310) feat: recursive mask collection (#308) feat: support non-standard windows added by WindowManager (#306) feat: Android SR Do not send duplicate screens (#304) test: Add UI and logic to evaluate boolean flags (#305) chore: release main (#303) feat: Android Dialog Capture (#302) chore: Update Android Test main screen (#301) chore: release main (#300) feat: XML Views Automasking options (#299) fix: missed imports (#298) chore: release main (#297) feat: Support ldMask() for Native and Compose views. (#295) chore: release main (#296) fix: tweaks Android InteractionDetector to delegate additional defaul… (#294) chore: release main (#293) ... # Conflicts: # e2e/react-router/src/ldclientLazy.tsx # e2e/react-router/src/routes/root.tsx
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Fixes SEC-7530 by adding a yarn resolution to override the vulnerable transitive dependency
react-server-dom-webpackfrom version19.0.0-rc-6230622a1a-20240610to the safe version19.0.1.The vulnerable version was pulled in by
jest-expo@~52.0.2. Using a yarn resolution is the standard approach to override transitive dependencies.Link to Devin run: https://app.devin.ai/sessions/b4c805fbfef942e1adbe1b06a11d5f3c
Requested by: Patrick Kaeding (@pkaeding)
How did you test this change?
yarn installto verify the resolution is applied correctlyyarn format:allto ensure code formatting passesAre there any deployment considerations?
No deployment considerations. This is a dev/test dependency update only.
Note
Pins
react-server-dom-webpackto 19.0.1 with a Yarn resolution and updates lockfile (peer ranges andwebpack-sources).resolutionsentry to force[email protected]inpackage.json.yarn.lockto resolvereact-server-dom-webpackto19.0.1with updated peer deps (react,react-dom->^19.0.1).webpack-sources@^3.2.0dependency (resolved to3.3.3) required by the updated package.Written by Cursor Bugbot for commit dbecbbb. This will update automatically on new commits. Configure here.
Related Jira issue: SEC-7530: Update react-server-dom-webpack in observability-sdk