Skip to content

[Snyk] Upgrade react-native from 0.74.5 to 0.79.2 #101

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade react-native from 0.74.5 to 0.79.2 #101

wants to merge 1 commit into from

Conversation

yingbull
Copy link
Collaborator

@yingbull yingbull commented May 25, 2025
edited by sourcery-ai bot
Loading

snyk-top-banner

Snyk has created this PR to upgrade react-native from 0.74.5 to 0.79.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 382 versions ahead of your current version.

  • The recommended version was released 24 days ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Infinite loop
SNYK-JS-IMAGESIZE-9634164		 542 Proof of Concept
Release notes
Package name: react-native
  • 0.79.2 - 2025-05-01

    Added

    • Runtime: Add useShadowNodeStateOnClone and updateRuntimeShadowNodeReferencesOnCommit (22a4e060d5 by @ lenaic)

    Fixed

    Hermes dSYMS:

    You can file issues or pick requests against this release here.

    To help you upgrade to this version, you can use the Upgrade Helper ⚛️.

    View the whole changelog in the CHANGELOG.md file.

  • 0.79.1 - 2025-04-15

    Changed

    Android specific

    • DevSupport: Change defaultJSExceptionHandler's type to JSExceptionHandler on the ReleaseDevSupportManager (9eb75d4bd5 by @ alanjhughes)

    iOS specific

    • TextInput: Typing into TextInput now will not cause the caret position to update to the beginning when a zero-length selection is set. (7771317e5c by @ ouchuan)

    Fixed

    Android specific

    iOS specific

    Hermes dSYMS:

    You can file issues or pick requests against this release here.

    To help you upgrade to this version, you can use the Upgrade Helper ⚛️.

    View the whole changelog in the CHANGELOG.md file.

  • 0.79.0 - 2025-04-08

    Added

    Android specific

    • Docs: Improve ToastAndroid jsdocs (299a7a959d by @ mateoguzmana)
    • Gradle: Add support for Gradle Configuration caching (e41887e62f by @ cortinico)
    • Initialization: On DefaultNewArchitectureEntryPoint class add property to specify the desired release level for an application (19c18eb995 by @ jorge-cab)
    • Initialization: Set ReactSurface and ReactRootView to ReactDelegate when created via ReactNavigationActivityDelegate (a302fbcaaf by Maddie Lord)

    iOS specific

    Breaking

    Android specific

    Changed

    • Animated: Introduced a feature flag to test an optimization in Animated to reduce memory usage. (fb8a6a5bb0 by @ yungsters)
    • Animated: The AnimatedNode graph will not occur during the insertion effect phase, which means animations can now be reliably started during layout effects. (e0c0476553 by @ yungsters)
    • Animated: When an Animated component is updated or unmounted, AnimatedNode instances will now detach in a microtask instead of synchronously in the commit phase of React. This will cause the completion callback of finished animations to execute after the commit phase instead of during it. (50b75a74d1 by @ yungsters)
    • Codegen: Replace jscodeshift with @ babel/core (8f19201 by @ kitten)
    • Deps: Bump Node 18 -> 20 to build React Native in OSS (1fd3806ee9 by @ cortinico)
    • Deps: Upgrade React DevTools to 6.1.0. (07860545f5 by @ hoxyq)
    • Deps: Upgrade React DevTools to 6.1.1. (5c88633035 by @ hoxyq)
    • DevX: Debugger.scriptParsed now includes the field sourceMapURL as a (rewritten) remote url as opposed to base64 data url (ff2e40371e by @ vzaidman)
    • DevX: Removed a long-running loop causing the app to lag while attempting a connection to Metro (9b977def6c by @ EdmondChuiHW)
    • FeatureFlags: Re-enable enableFixForViewCommandRace feature flag (ae59702f8e by @ okwasniewski)
    • Flow: Improved eventInitDict type in WebSocketEvent class (fa2fac1372 by @ coado)
    • Flow: Improved Props type in UnimplementedView (b200c7cb2f by @ coado)
    • Flow: Improved types for exported Types and Properties in LayoutAnimation (3c02738ec4 by @ coado)
    • Flow: Improved types in AnimatedWeb (647ca90a30 by @ coado)
    • Flow: Improved types in ScrollView (1be2ba4597 by @ coado)
    • Flow: Improved types in StatusBar by adding StackProps (48cafc0b69 by @ coado)
    • Flow: Improved types in TextAncestor (df9d43f02b by @ coado)
    • Flow: Improved types in WebSockertInterceptor callbacks (d2adb976ab by @ coado)
    • Flow: Refactored Libraries/Components/StaticRenderer syntax (0e6cb590ec by @ coado)
    • Flow: Replaced $FlowFixMe in CodegenTypes with Object type (812c3b33cd by @ coado)
    • Flow: Replaced $FlowFixMe in InteractionManager to Function type (cd7a30ce48 by @ coado)
    • Flow: Replaced $FlowFixMe in NativeModules with any type (286a360d9b by @ coado)
    • Flow: Replaced $FlowFixMe in RCTDeviceEventEmitter with any (8df6cfa56b by @ coado)
    • Flow: Replaced $FlowFixMe with PressEvent in ScrollViewNativeComponentType (8befab1760 by @ coado)
    • Metro: Update Metro to ^0.82.0 (8421b8a872 by @ robhogan)
    • TypeScript: Improve TypeScript types for global objects (094c5be42e by @ coado)
    • TypeScript: Increase minimum typescript version in index.d.ts (721f85adf7 by @ coado)
    • TypeScript: Move view flattening props to cross platform type interface (ecad90ad8b by @ okwasniewski)

    Android specific

    iOS specific

    Deprecated

    • DevX: Deprecated usage of HERMES_ENABLE_DEBUGGER build-time flag for enabling React Native debugger in favour of REACT_NATIVE_DEBUGGER_ENABLED and REACT_NATIVE_DEBUGGER_ENABLED_DEVONLY. (5fcb69e8b7 by @ hoxyq)

    iOS specific

    Android specific

    • Layout: ViewManagerPropertyUpdater.updateProps is deprecated, use the related ViewManager APIs instead (a18bc58645 by @ javache)
    • Layout: Deprecated ViewManagerDelegate#setProperty and ViewManagerDelegate#receiveCommand (5a290c4cab by @ javache)

    Fixed

    Android specific

    iOS specific

    • C++: Update deprecated enums in RCTTextPrimitivesConversions.h (4121d24454 by @ joannaquu)
    • CocoaPods: JSRuntimeFactoryCAPI.h build error for use_frameworks build (7786805337 by @ Kudo)
    • CocoaPods: Make sure 3p libraries depends on React-renderercss to work with use_frameworks (cc12caa0a9 by @ cipolleschi)
    • CocoaPods: Compatibility with Ruby 3.4.0 (b1735bc593 by @ okwasniewski)
    • CocoaPods: Fix wrong cocoapods script on new_architecture.rb (541e655832 by @ CHOIMINSEOK)
    • Codegen: Enable use of multiple RCTAppDependencyProvider instances (0cc1ac18cf by @ vonovak)
    • DeviceInfo: Data race related to read/write of RCTDeviceInfo._invalidated. (2a18d83521 by @ hakonk)
    • DevX: Issue where performance monitor would be hidden under newly presented views. (e7556e921c by @ chrsmys)
    • DevX: Remove private symbols for non-simulator and non-catalyst builds. (9350d6f2f5 by @ EvanBacon)
    • Infra: Workaround for a iOS build app running on Apple Silicon Mac(in Xcode Destination: "Mac(Designed for iPad)") TextInput crash due to serialization attempt of WeakEventEmitter (0511e2e49a by @ iwater)
    • Initialization Make React Native work without AppDelegate window property (ae7bbe06c9 by @ okwasniewski)
    • JSC: Return nullptr when USE_THIRD_PARTY_JSC is set to true (515ff1e626 by @ okwasniewski)
    • Layout: Fix cases where background color, filter, and background image were sized incorrectly if there was a scaling transform (acaf94dc21 by @ joevilches)
    • Layout: Fix cases where background color, filter, and background image were sized incorrectly if there was a scaling transform (f835b824f4 by @ joevilches)
    • Layout: Improve detached keyboard detection, support Stage Manager on iOS (c499ae1192 by @ mhoran)
    • Layout: Layout direction changes are now honored on bundle reload. (36f29beac4 by @ chrsmys)
    • Layout: Suppressed iOS 13 deprecation warnings in RCTStatusBarManager (fffd6d75b4 by Ingrid Wang)
    • Native Module: Add guard for custom module provider lookup in TMManager (d0a101fbea by @ shwanton)
    • PullToRefresh: Fix new arch recycled RefreshControl was missing its title (e3d607fc2e by @ High5Apps)
    • Runtime: Convert to JSException only NSException from sync methods (9805a4f by @ cipolleschi)
    • Runtime: Handle null params in the Interop TM layer (6314925 by @ cipolleschi)
    • Runtime: Call RCTInitializeUIKitProxies before bridge create (a51fa6c002 by @ zhongwuzw)
    • Runtime: Fixed: extraModulesForBridge callback not called when New Architecture enabled (c0a5c2c3cb by Bruno Aybar)
    • Runtime: Enable back the opt-out from the New Architecture (9abdd619da by @ cipolleschi)
    • Runtime: Add missing loadFromSource method in the DefaultRNFactoryDelegate (7739615e0d by @ cipolleschi)
    • Runtime: App crash caused by the [RCTFileRequestHanlder invalidate] method (789ed7d5ad by @ zhouzh1)
    • Runtime: Bridge: Fixes HostTarget use after free when deallocated bridge (3e2e8ec757 by @ zhongwuzw)
    • TextInput: Fixes TextInput crashes when any text is entered while running as iOS app on apple silicon mac (8d7aca30e7 by @ zhongwuzw)
    • Text: Fixed onPress for Text with nested View. (6b2c40c64f by @ coado)
    • TextInput: Fix selection makes TextInput clear its content when using children (e3b176a598 by Olivier Bouillet)
    • TextInput: Fixed TextInput's onContentSizeChange event being dispatched multiple times with the same size (2bb65717b7 by @ j-piasecki)
    • TextInput: Implement dataDetectorTypes in the same way as the old architecture (2ae45ec3ce by @ VidocqH)

    Removed

    iOS specific

    Hermes dSYMS:

    You can file issues or pick requests against this release here.

    To help you upgrade to this version, you can use the Upgrade Helper ⚛️.

    View the whole changelog in the CHANGELOG.md file.

  • 0.79.0-rc.4 - 2025-03-31

    🥇 GOLDEN RC 🥇

    Stable release coming up next week.

    Fixed

    iOS specific

    • Network: Back out "fix: avoid race condition crash in [RCTDataRequestHandler invalidate]" (53eaf3e by @ cipolleschi)
    • CocoaPods: JSRuntimeFactoryCAPI.h build error for use_frameworks build (7786805337 by @ Kudo)

    Hermes dSYMS:

    You can file issues or pick requests against this release here.

    To help you upgrade to this version, you can use the Upgrade Helper ⚛️.

    View the whole changelog in the CHANGELOG.md file.

  • 0.79.0-rc.3 - 2025-03-24
  • 0.79.0-rc.2 - 2025-03-17
  • 0.79.0-rc.1 - 2025-03-11
  • 0.79.0-rc.0 - 2025-03-04
  • 0.79.0-nightly-20250303-cee63397b - 2025-03-03
  • 0.79.0-nightly-20250303-7ccb1e1fb - 2025-03-03
  • 0.79.0-nightly-20250220-41b597c73 - 2025-02-20
  • 0.79.0-nightly-20250219-b53e86b4b - 2025-02-19
  • 0.79.0-nightly-20250218-cda2d11c1 - 2025-02-18
  • 0.79.0-nightly-20250217-acdddef48 - 2025-02-17
  • 0.79.0-nightly-20250216-1498566c2 - 2025-02-16
  • 0.79.0-nightly-20250215-103f8b388 - 2025-02-15
  • 0.79.0-nightly-20250214-b3c41cef9 - 2025-02-14
  • 0.79.0-nightly-20250213-9a401c810 - 2025-02-13
  • 0.79.0-nightly-20250212-a73393001 - 2025-02-12
  • 0.79.0-nightly-20250211-fffd6d75b - 2025-02-11
  • 0.79.0-nightly-20250210-b45a3e5cd - 2025-02-10
  • 0.79.0-nightly-20250209...

    Summary by Sourcery

    Upgrade React Native dependency to version 0.79.2 to address security vulnerabilities and keep dependencies current.

    Bug Fixes:

    • Resolve high-severity infinite loop vulnerability in imagesize via upgraded React Native version.

    Chores:

    • Bump react-native from 0.74.5 to 0.79.2 and update package-lock.json

@snyk-bot
fix: upgrade react-native from 0.74.5 to 0.79.2
b24f25b 
Snyk has created this PR to upgrade react-native from 0.74.5 to 0.79.2.

See this package in npm:
react-native

See this project in Snyk:
https://app.snyk.io/org/yingbull/project/14824475-a3b2-4423-a009-40d33458bc6b?utm_source=github&utm_medium=referral&page=upgrade-pr
@sourcery-ai Sourcery AI
Copy link

sourcery-ai bot commented May 25, 2025
edited
Loading

Reviewer's Guide

Upgrade React Native from 0.74.5 to 0.79.2 by updating the dependency version and regenerating the lockfile to reflect the new version.

Sequence Diagram: Snyk Automated Dependency Upgrade PR Creation

sequenceDiagram
    actor Developer
    participant SnykPlatform as "Snyk Platform"
    participant VCS as "Version Control System"
    participant ProjectRepo as "Project Repository"

    SnykPlatform->>ProjectRepo: Scan dependencies (react-native 0.74.5)
    activate SnykPlatform
    ProjectRepo-->>SnykPlatform: Dependency information
    SnykPlatform->>SnykPlatform: Identify outdated/vulnerable react-native, recommend 0.79.2
    SnykPlatform->>VCS: Request Pull Request creation
    activate VCS
    VCS->>ProjectRepo: Create branch, commit updated package.json (react-native 0.79.2) & package-lock.json
    activate ProjectRepo
    ProjectRepo-->>VCS: Changes committed
    deactivate ProjectRepo
    VCS-->>SnykPlatform: Branch and commit details
    SnykPlatform->>VCS: Create Pull Request with upgrade details
    VCS-->>Developer: Notify of new Pull Request
    deactivate SnykPlatform
    deactivate VCS
    Developer->>VCS: Review Pull Request
    Developer->>VCS: Merge Pull Request
Loading

Class Diagram: Key API Changes in React Native 0.79.x

classDiagram
  class YellowBox {
    <<Removed>>
    # (API for displaying yellow box warnings)
  }
  class console {
    <<Property Removed>>
    -ignoredYellowBox : string[]
  }
  class LogBox {
    <<Recommended Replacement for YellowBox>>
    # (API for managing logs, errors, and warnings)
  }
  class ExceptionsManager {
    <<API Signature Modified>>
    # (Handles JavaScript exceptions, now default export)
    +SyntheticError <<New Secondary Export>>
  }
  class RCTAppDelegate {
    <<Deprecated in iOS>>
    # (iOS specific application delegate functionality)
  }
  class AnimatedWeb {
    <<Module Removed>>
    # (File: Libraries/Animated/AnimatedWeb.js)
  }
  class Runtime {
    <<Methods Added in v0.79.2>>
    +useShadowNodeStateOnClone()
    +updateRuntimeShadowNodeReferencesOnCommit()
  }
  class DefaultNewArchitectureEntryPoint {
    <<New Property Android in v0.79.0>>
    +desiredReleaseLevel : String
  }
  class TextInputNativeCommands {
    <<Type Added in v0.79.0>>
    # (Explicit type for supported commands)
  }
  class `Deep Imports` {
    <<Breaking Change v0.79.0>>
    # require("some-module/deep/path") now needs .default
  }
Loading

File-Level Changes

Change Details Files
Bump React Native dependency version
  • Change react-native version in dependencies from 0.74.5 to 0.79.2
 package.json
Regenerate lockfile
  • Update package-lock.json entries to reflect the upgraded react-native version
 package-lock.json
Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

@socket-security Socket Security
Copy link

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addedjest-expo@​51.0.49910010099100

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@yingbull @snyk-bot