From 988366a4179d87d667e5d9396efdfba4cbbe0b2e Mon Sep 17 00:00:00 2001
From: ewamal <maluseckae@gmail.com>
Date: Wed, 23 Jan 2019 22:00:55 -0800
Subject: [PATCH] update xcode version to 2.0.0 (#23051)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Summary:
Update `xcode` package from 1.0.0 to 2.0.0 due to vulnerability issues affecting `plist`. Please, find below excerpt of the Snyk report.

> LOW SEVERITY
> Regular Expression Denial of Service (ReDoS)
> **Vulnerable module**: plist
> **Introduced through**: react-native@0.57.5
> **Introduced through**: learner-tools-miniapp@0.0.1 › react-native@0.57.5 › xcode@1.0.0 › simple-plist@0.2.1 › plist@2.0.1
>
> **Overview**
> plist is a Mac OS X Plist parser/builder for Node.js and browsers
>
> Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks due to bundling a vulnerable version of the XMLBuilder package. This can cause an impact of about 10 seconds matching time for data 60 characters long.
Pull Request resolved: https://github.com/facebook/react-native/pull/23051

Differential Revision: D13716882

Pulled By: hramos

fbshipit-source-id: 8aa91c8ac85d31b72302b7d24e76bd61623bbbda
---
 package.json | 1 -
 1 file changed, 1 deletion(-)

diff --git a/package.json b/package.json
index 6b6e2e231..1c7fe1d78 100644
--- a/package.json
+++ b/package.json
@@ -207,7 +207,6 @@
     "shell-quote": "1.6.1",
     "stacktrace-parser": "^0.1.3",
     "ws": "^1.1.5",
-    "xcode": "^1.0.0",
     "xmldoc": "^0.4.0",
     "yargs": "^9.0.0"
   },