[Snyk] Upgrade react-native from 0.82.1 to 0.83.1#38
Conversation
Snyk has created this PR to upgrade react-native from 0.82.1 to 0.83.1. See this package in npm: react-native See this project in Snyk: https://app.snyk.io/org/chirag127/project/4c20a98f-d4af-4651-bd1c-01c83de1eee7?utm_source=github&utm_medium=referral&page=upgrade-pr
|
Important Review skippedIgnore keyword(s) in the title. Please check the settings in the CodeRabbit UI or the You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Summary of ChangesHello @chirag127, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request, automatically generated by Snyk, updates the Highlights
Changelog
Activity
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
CI Feedback 🧐A test triggered by this PR failed. Here is an AI-generated analysis of the failure:
|
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
There was a problem hiding this comment.
Code Review
This pull request, automatically generated by Snyk, upgrades react-native from version 0.82.1 to 0.83.1. While this is a welcome update, the review has identified two important issues. First, a transitive dependency, glob, is at an old and insecure version (7.2.3), which this PR fails to update despite updating its deprecation notice to highlight security risks. This is a critical issue. Second, the version specifier for react-native in package-lock.json has been inconsistently changed to use a caret (^0.83.1) instead of being pinned, which contradicts the package.json and the previous versioning strategy. This should be corrected to maintain dependency stability.
| "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz", | ||
| "integrity": "sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==", | ||
| "deprecated": "Glob versions prior to v9 are no longer supported", | ||
| "deprecated": "Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me", |
There was a problem hiding this comment.
The glob package, a transitive dependency, is at version 7.2.3, which is deprecated and contains known security vulnerabilities. The updated deprecation message in this very change highlights this risk. Since this PR is for security and dependency updates, it's critical to address this. Please upgrade glob to a secure version (e.g., ^10.0.0). You can achieve this by adding an overrides field in your package.json:
"overrides": {
"glob": "^10.3.10"
}| "react-dom": "18.3.1", | ||
| "react-native": "0.82.1", | ||
| "react-native-gesture-handler": "^2.30.0", | ||
| "react-native": "^0.83.1", |
There was a problem hiding this comment.
The version specifier for react-native is inconsistent between package.json (which has "0.83.1") and this file ("^0.83.1"). This changes the versioning strategy from pinned to caret (^), which could introduce unexpected updates in the future. To maintain consistency and the established pinning strategy, please change this to match package.json.
| "react-native": "^0.83.1", | |
| "react-native": "0.83.1", |
Snyk has created this PR to upgrade react-native from 0.82.1 to 0.83.1. See this package in npm: react-native See this project in Snyk: https://app.snyk.io/org/whyiswhen/project/aed39381-6e7d-41b9-b7ea-15e35a2ff0f9?utm_source=github&utm_medium=referral&page=upgrade-pr
|
Looks like there are a few issues preventing this PR from being merged!
If you'd like me to help, just leave a comment, like Feel free to include any additional details that might help me get this PR into a better state. You can manage your notification settings |
Snyk has created this PR to upgrade react-native from 0.82.1 to 0.83.1.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 63 versions ahead of your current version.
The recommended version was released 2 months ago.
Release notes
Package name: react-native
-
0.83.1 - 2025-12-18
- Fix Network error that could occur for
- Debug
- Release
- Debug
- Release
- Debug
- Release
- Debug
- Release
-
0.83.0 - 2025-12-10
-
0.83.0-rc.5 - 2025-12-08
-
0.83.0-rc.4 - 2025-12-03
-
0.83.0-rc.3 - 2025-11-24
-
0.83.0-rc.2 - 2025-11-17
-
0.83.0-rc.1 - 2025-11-11
-
0.83.0-rc.0 - 2025-11-04
-
0.83.0-nightly-20251104-502efe1cc - 2025-11-04
-
0.83.0-nightly-20251103-a034841fd - 2025-11-03
-
0.83.0-nightly-20251103-54047f891 - 2025-11-03
-
0.83.0-nightly-20251102-d8e6a985a - 2025-11-02
-
0.83.0-nightly-20251101-693e9628e - 2025-11-01
-
0.83.0-nightly-20251030-26ad9492b - 2025-10-30
-
0.83.0-nightly-20251029-3f971d931 - 2025-10-29
-
0.83.0-nightly-20251028-916e53f84 - 2025-10-28
-
0.83.0-nightly-20251024-c7fb31ce5 - 2025-10-24
-
0.83.0-nightly-20251022-93c17cd0c - 2025-10-22
-
0.83.0-nightly-20251021-328d07a30 - 2025-10-21
-
0.83.0-nightly-20251019-d9ea1b245 - 2025-10-19
-
0.83.0-nightly-20251018-535efc140 - 2025-10-18
-
0.83.0-nightly-20251017-ae5728bbb - 2025-10-17
-
0.83.0-nightly-20251016-e79920c66 - 2025-10-16
-
0.83.0-nightly-20251015-094794ac9 - 2025-10-15
-
0.83.0-nightly-20251014-69dc65500 - 2025-10-14
-
0.83.0-nightly-20251013-f4e93df55 - 2025-10-13
-
0.83.0-nightly-20251012-6f482708b - 2025-10-12
-
0.83.0-nightly-20251011-6f482708b - 2025-10-11
-
0.83.0-nightly-20251009-24d0d4414 - 2025-10-09
-
0.83.0-nightly-20251008-31bff4e09 - 2025-10-08
-
0.83.0-nightly-20251007-854268275 - 2025-10-07
-
0.83.0-nightly-20251006-07f40ec6b - 2025-10-06
-
0.83.0-nightly-20251005-07f40ec6b - 2025-10-05
-
0.83.0-nightly-20251003-aab0d3397 - 2025-10-03
-
0.83.0-nightly-20251002-07fcdfeba - 2025-10-02
-
0.83.0-nightly-20251001-990ca0d10 - 2025-10-01
-
0.83.0-nightly-20250930-a07308081 - 2025-09-30
-
0.83.0-nightly-20250929-2f40224fa - 2025-09-29
-
0.83.0-nightly-20250928-fb09b3764 - 2025-09-28
-
0.83.0-nightly-20250927-99b7cb77a - 2025-09-27
-
0.83.0-nightly-20250926-2b5938c90 - 2025-09-26
-
0.83.0-nightly-20250924-53f89bacd - 2025-09-24
-
0.83.0-nightly-20250923-2065c3180 - 2025-09-23
-
0.83.0-nightly-20250922-5ef054921 - 2025-09-22
-
0.83.0-nightly-20250921-a4d43290c - 2025-09-21
-
0.83.0-nightly-20250920-362ed179a - 2025-09-20
-
0.83.0-nightly-20250919-cb7453fb9 - 2025-09-19
-
0.83.0-nightly-20250918-4d2e38edd - 2025-09-18
-
0.83.0-nightly-20250917-18cb4edfa - 2025-09-17
-
0.83.0-nightly-20250916-15daa2787 - 2025-09-16
-
0.83.0-nightly-20250915-56e5dff73 - 2025-09-15
-
0.83.0-nightly-20250914-09a7e0a0f - 2025-09-14
-
0.83.0-nightly-20250913-4fb42c84d - 2025-09-13
-
0.83.0-nightly-20250912-a7dc5051d - 2025-09-12
-
0.83.0-nightly-20250911-dab8a4562 - 2025-09-11
-
0.83.0-nightly-20250910-019a553ea - 2025-09-10
-
0.83.0-nightly-20250909-e7ce4ff0b - 2025-09-09
-
0.83.0-nightly-20250908-02e3a999e - 2025-09-08
-
0.83.0-nightly-20250907-02e3a999e - 2025-09-07
-
0.83.0-nightly-20250906-44b2da0df - 2025-09-06
-
0.83.0-nightly-20250905-a50ddf3d8 - 2025-09-05
-
0.83.0-nightly-20250904-5d65794ee - 2025-09-04
-
0.83.0-nightly-20250903-f33a1cd26 - 2025-09-03
-
0.82.1 - 2025-10-20
from react-native GitHub release notesFixed
Android specific
FormDatauploads with binary data (471ef7212e by @ huntie)Hermes dSYMS:
Hermes V1 dSYMS:
ReactNativeDependencies dSYMs:
ReactNative Core dSYMs:
You can file issues or pick requests against this release here.
To help you upgrade to this version, you can use the Upgrade Helper ⚛️.
View the whole changelog in the CHANGELOG.md file.
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information: