Endor Labs Version Upgrade: Bump react-native from 0.51.0 to 1000.0.0#77
Open
endor-labs-pro-staging[bot] wants to merge 1 commit into
Open
Endor Labs Pro - staging / Endor Labs Automated Scan
succeeded
Jul 3, 2026 in 3m 27s
Found 40 warning issue(s)
Details
Warning Findings
| Severity | Dependency | Description |
|---|---|---|
| ⛔ Critical | @react-native-community/cli-server-api | GHSA-399j-vxmf-hjvr: @react-native-community/cli has arbitrary OS command injection |
| ⛔ Critical | @react-native-community/cli-server-api | GHSA-399j-vxmf-hjvr: @react-native-community/cli has arbitrary OS command injection |
| 🔴 High | accepts | [MALWARE] Test Malware : Malicious code in accepts@1.3.8 (npm) |
| 🔴 High | ip | GHSA-2p57-rm9w-gvfp: ip SSRF improper categorization in isPublic |
| 🟠 Medium | glob | License Compliance Violation for Dependency glob@7.2.3 |
| 🟠 Medium | fast-xml-parser | GHSA-gh4j-gqv2-49f6: fast-xml-parser XMLBuilder: XML Comment and CDATA Injection via Unescaped Delimiters |
| 🟠 Medium | node-forge | License Compliance Violation for Dependency node-forge@1.4.0 |
| 🔵 Low | log-symbols | Dependency log-symbols@4.1.0 With Low Activity Score |
| 🔵 Low | locate-path | Dependency locate-path@5.0.0 With Low Activity Score |
| 🔵 Low | import-fresh | Dependency import-fresh@2.0.0 With Low Activity Score |
| 🔵 Low | ansi-fragments | Dependency ansi-fragments@0.2.1 With Very Low Popularity Score |
| 🔵 Low | jsc-safe-url | Dependency jsc-safe-url@0.2.4 With Very Low Popularity Score |
| 🔵 Low | unicode-property-aliases-ecmascript | Dependency unicode-property-aliases-ecmascript@2.2.0 With Very Low Popularity Score |
| 🔵 Low | shebang-regex | Dependency shebang-regex@3.0.0 With Low Activity Score |
| 🔵 Low | make-dir | Dependency make-dir@2.1.0 With Low Activity Score |
| 🔵 Low | p-locate | Dependency p-locate@5.0.0 With Low Activity Score |
| 🔵 Low | unicode-match-property-ecmascript | Dependency unicode-match-property-ecmascript@2.0.0 With Very Low Popularity Score |
| 🔵 Low | npm-run-path | Dependency npm-run-path@4.0.1 With Low Activity Score |
| 🔵 Low | escape-string-regexp | Dependency escape-string-regexp@2.0.0 With Low Activity Score |
| 🔵 Low | kleur | Dependency kleur@3.0.3 With Low Activity Score |
| 🔵 Low | is-wsl | Dependency is-wsl@1.1.0 With Low Activity Score |
| 🔵 Low | resolve-from | Dependency resolve-from@3.0.0 With Low Activity Score |
| 🔵 Low | sudo-prompt | Dependency sudo-prompt@9.2.1 With Very Low Activity Score |
| 🔵 Low | unicode-match-property-value-ecmascript | Dependency unicode-match-property-value-ecmascript@2.2.1 With Very Low Popularity Score |
| 🔵 Low | cli-cursor | Dependency cli-cursor@3.1.0 With Low Activity Score |
| 🔵 Low | p-locate | Dependency p-locate@3.0.0 With Low Activity Score |
| 🔵 Low | path-key | Dependency path-key@3.1.1 With Low Activity Score |
| 🔵 Low | supports-preserve-symlinks-flag | Dependency supports-preserve-symlinks-flag@1.0.0 With Very Low Popularity Score |
| 🔵 Low | is-wsl | Dependency is-wsl@2.2.0 With Low Activity Score |
| 🔵 Low | escape-string-regexp | Dependency escape-string-regexp@4.0.0 With Low Activity Score |
| 🔵 Low | has-flag | Dependency has-flag@4.0.0 With Low Activity Score |
| 🔵 Low | restore-cursor | Dependency restore-cursor@3.1.0 With Low Activity Score |
| 🔵 Low | caller-path | Dependency caller-path@2.0.0 With Low Activity Score |
| 🔵 Low | babel-plugin-react-transform | Dependency babel-plugin-react-transform@2.0.2 With Very Low Activity Score |
| 🔵 Low | buffer-from | Dependency buffer-from@1.1.2 With Low Activity Score |
| 🔵 Low | locate-path | Dependency locate-path@3.0.0 With Low Activity Score |
| 🔵 Low | onetime | Dependency onetime@5.1.2 With Low Activity Score |
| 🔵 Low | p-locate | Dependency p-locate@4.1.0 With Low Activity Score |
| 🔵 Low | locate-path | Dependency locate-path@6.0.0 With Low Activity Score |
| 🔵 Low | @sinclair/typebox | Dependency @sinclair/typebox@0.27.10 With Very Low Popularity Score |
Loading