[Snyk] Security upgrade react-native from 0.77.0 to 0.85.0#8
[Snyk] Security upgrade react-native from 0.77.0 to 0.85.0#8revan-zhang wants to merge 1 commit into
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
|
Warning Review the following alerts detected in dependencies. According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.
|
| "dependencies": { | ||
| "react": "18.3.1", | ||
| "react-native": "0.77.0" | ||
| "react-native": "0.85.0" |
There was a problem hiding this comment.
🔴 Incomplete react-native upgrade: @react-native/ companion packages left at 0.77.0*
The PR bumps react-native from 0.77.0 to 0.85.0, but the @react-native/babel-preset, @react-native/metro-config, and @react-native/typescript-config devDependencies at example/package.json:23-25 are all still pinned to 0.77.0. These packages are versioned in lockstep with react-native (they were all previously aligned at 0.77.0), so this version mismatch will likely cause build failures or runtime errors. Additionally, the @react-native-community/cli packages at example/package.json:20-22 were also matched to the 0.77.0 release and may need updating as well.
Prompt for agents
The react-native dependency was bumped from 0.77.0 to 0.85.0, but the companion @react-native/* packages in devDependencies (lines 23-25: @react-native/babel-preset, @react-native/metro-config, @react-native/typescript-config) are still at 0.77.0. These must be updated to match the react-native version (0.85.0 or whatever version aligns with RN 0.85). The @react-native-community/cli packages (lines 20-22) may also need updating. The react version (line 13, currently 18.3.1) should also be checked for compatibility with RN 0.85. Additionally, the root package.json still lists react-native 0.77.0 as a devDependency (line 82), which may also need updating for consistency.
Was this helpful? React with 👍 or 👎 to provide feedback.
Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.
Snyk changed the following file(s):
example/package.jsonVulnerabilities that will be fixed with an upgrade:
SNYK-JS-INFLIGHT-6095116
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.