status-im/react-native
2
0
Fork 0
mirror of https://github.com/status-im/react-native.git synced 2025-02-23 06:38:13 +00:00
Code Issues Projects Releases Wiki Activity

update xcode version to 2.0.0 (#23051)

Browse Source 
Summary:
Update `xcode` package from 1.0.0 to 2.0.0 due to vulnerability issues affecting `plist`. Please, find below excerpt of the Snyk report.

> LOW SEVERITY
> Regular Expression Denial of Service (ReDoS)
> **Vulnerable module**: plist
> **Introduced through**: react-native@0.57.5
> **Introduced through**: learner-tools-miniapp@0.0.1 › react-native@0.57.5 › xcode@1.0.0 › simple-plist@0.2.1 › plist@2.0.1
>
> **Overview**
> plist is a Mac OS X Plist parser/builder for Node.js and browsers
>
> Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks due to bundling a vulnerable version of the XMLBuilder package. This can cause an impact of about 10 seconds matching time for data 60 characters long.
Pull Request resolved: https://github.com/facebook/react-native/pull/23051

Differential Revision: D13716882

Pulled By: hramos

fbshipit-source-id: 8aa91c8ac85d31b72302b7d24e76bd61623bbbda
This commit is contained in:
ewamal 2019-01-23 22:00:55 -08:00 committed by Facebook Github Bot
parent 4936d284df
commit 988366a417
1 changed files with 0 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
package.json
View File

@ -207,7 +207,6 @@
"shell-quote": "1.6.1",
"stacktrace-parser": "^0.1.3",
"ws": "^1.1.5",
"xcode": "^1.0.0",
"xmldoc": "^0.4.0",
"yargs": "^9.0.0"
},