Skip to content

Endor Labs Version Upgrade: Bump react-navigation from 1.6.1 to 4.0.3#78

Open
endor-labs-pro-staging[bot] wants to merge 1 commit into
masterfrom
endorlabs-fe3e/npm_and_yarn/dot-/react-navigation-4.0.3
Open

Endor Labs Version Upgrade: Bump react-navigation from 1.6.1 to 4.0.3#78
endor-labs-pro-staging[bot] wants to merge 1 commit into
masterfrom
endorlabs-fe3e/npm_and_yarn/dot-/react-navigation-4.0.3

Conversation

@endor-labs-pro-staging

Copy link
Copy Markdown

Endor Labs Automated Dependency Update

Summary

This PR updates dependencies to improve security:

📦 Dependencies Updated

Project Dependency Name Update Version (From ➡️ To) Update Risk
saumeya/HPDF-ReactNative-TwitterClone react-navigation 1.6.1 ➡️ 4.0.3 MEDIUM View Details

Security Impact

Summary of Fixed Issues

Severity Count
⛔ Critical 3
🔴 High 7
🟠 Medium 6
🔵 Low 1
🔍 Findings fixed in this pull request (Click to expand)
Advisory Dependency Reachability Function Reachability Severity
GHSA-crh6-fp67-6883 Reachable Potentially Reachable ⛔ Critical
GHSA-gwg9-rgvj-4h5j Reachable Potentially Reachable ⛔ Critical
GHSA-gff7-g5r8-mg8m Reachable Potentially Reachable ⛔ Critical
GHSA-wrvr-8mpx-r7pp Potentially Reachable Potentially Reachable 🔴 High
GHSA-7mc5-chhp-fmc3 Reachable Potentially Reachable 🔴 High
GHSA-7p89-p6hx-q4fw Reachable Potentially Reachable 🔴 High
GHSA-9qj9-36jm-prpv Reachable Potentially Reachable 🔴 High
GHSA-j4mr-9xw3-c9jx Reachable Potentially Reachable 🔴 High
GHSA-qwcr-r2fm-qrc7 Reachable Potentially Reachable 🔴 High
GHSA-wh4c-j3r5-mjhp Reachable Potentially Reachable 🔴 High
GHSA-5fg8-2547-mr8q Reachable Potentially Reachable 🟠 Medium
GHSA-m6fv-jmcg-4jfg Reachable Potentially Reachable 🟠 Medium
GHSA-rx8g-88g5-qh64 Potentially Reachable Potentially Reachable 🟠 Medium
GHSA-w9mr-4mfr-499f Potentially Reachable Potentially Reachable 🟠 Medium
GHSA-h6q6-9hqw-rwfv Reachable Potentially Reachable 🟠 Medium
GHSA-cm22-4g7w-348p Reachable Potentially Reachable 🟠 Medium
GHSA-76c9-3jph-rj3q Reachable Potentially Reachable 🔵 Low

Remediation Risk

Remediation Risk: MEDIUM

Remediation Risk Factors:

  • Potential Conflicts: 20

    • Major Version Conflicts ℹ️ : 10
    • Minor Version Conflicts ℹ️ : 10
  • Breaking Changes: 0


Reminders

  • Ignore: If you don't wish to receive this update again, simply close this PR.
  • Test: Remember to ensure your tests pass and ensure this change doesn't impact your application before you merge.

Generated by Endor Labs

@endor-labs-pro-staging

Copy link
Copy Markdown
Author

Warning

Endor Labs detected 1 policy violations associated with this pull request.

Please review the findings that caused the policy violations.

📋 Policy: Custom (Advanced) (41 findings)

📥 Package npm://TaskTwitter@0.0.1

⤵️ Dependency: npm://@react-native-community/cli-server-api@12.0.0-alpha.15
🚩 GHSA-399j-vxmf-hjvr: @react-native-community/cli has arbitrary OS command injection

Details

  • Severity: Critical
  • Tags: Transitive Normal Potentially Reachable Dependency Potentially Reachable Function Fix Available Exploited Warning
  • Categories: SCA Vulnerability Security
  • Remediation: No newer versions of react-native (current: 1000.0.0, latest: 1000.0.0) require @react-native-community/cli-server-api 17.0.1 or higher. Consider other options to upgrade @react-native-community/cli-server-api to 17.0.1 (current: 12.0.0-alpha.15, latest: 20.1.3).
⤵️ Dependency: npm://@react-native-community/cli-server-api@13.5.1
🚩 GHSA-399j-vxmf-hjvr: @react-native-community/cli has arbitrary OS command injection

Details

  • Severity: Critical
  • Tags: Transitive Normal Potentially Reachable Dependency Potentially Reachable Function Fix Available Exploited Warning
  • Categories: SCA Vulnerability Security
  • Remediation: No newer versions of react-native (current: 1000.0.0, latest: 1000.0.0) require @react-native-community/cli-server-api 17.0.1 or higher. Consider other options to upgrade @react-native-community/cli-server-api to 17.0.1 (current: 13.5.1, latest: 20.1.3).
⤵️ Dependency: npm://@sinclair/typebox@0.27.10
🚩 Dependency @sinclair/typebox@0.27.10 With Very Low Popularity Score

Details

  • Severity: Low
  • Tags: Transitive Normal Potentially Reachable Dependency Warning
  • Categories: SCA Recommendation
  • Remediation: No direct dependency upgrade(s) exist to fix this issue.
⤵️ Dependency: npm://accepts@1.3.8
🚩 [MALWARE] Test Malware : Malicious code in accepts@1.3.8 (npm)

Details

  • Severity: High
  • Tags: Transitive Normal Potentially Reachable Dependency Warning
  • Categories: SCA Security Supply Chain Malware
  • Remediation: No patch upgrades available to fix the issue. Check the security advisory for alternative controls or actions. Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.
⤵️ Dependency: npm://ansi-fragments@0.2.1
🚩 Dependency ansi-fragments@0.2.1 With Very Low Popularity Score

Details

  • Severity: Low
  • Tags: Transitive Normal Potentially Reachable Dependency Warning
  • Categories: SCA Recommendation
  • Remediation: No direct dependency upgrade(s) exist to fix this issue.
⤵️ Dependency: npm://babel-plugin-react-transform@2.0.2
🚩 Dependency babel-plugin-react-transform@2.0.2 With Very Low Activity Score

Details

  • Severity: Low
  • Tags: Transitive Test Warning
  • Categories: SCA Recommendation
  • Remediation: Check if the package is unmaintained by reviewing the score factors and decide whether to switch packages.
⤵️ Dependency: npm://buffer-from@1.1.2
🚩 Dependency buffer-from@1.1.2 With Low Activity Score

Details

  • Severity: Low
  • Tags: Transitive Normal Potentially Reachable Dependency Warning
  • Categories: SCA Recommendation
  • Remediation: Check if the package is unmaintained by reviewing the score factors and decide whether to switch packages.
⤵️ Dependency: npm://caller-path@2.0.0
🚩 Dependency caller-path@2.0.0 With Low Activity Score

Details

  • Severity: Low
  • Tags: Transitive Normal Potentially Reachable Dependency Warning
  • Categories: SCA Recommendation
  • Remediation: Check if the package is unmaintained by reviewing the score factors and decide whether to switch packages.
⤵️ Dependency: npm://cli-cursor@3.1.0
🚩 Dependency cli-cursor@3.1.0 With Low Activity Score

Details

  • Severity: Low
  • Tags: Transitive Normal Potentially Reachable Dependency Warning
  • Categories: SCA Recommendation
  • Remediation: Check if the package is unmaintained by reviewing the score factors and decide whether to switch packages.
⤵️ Dependency: npm://escape-string-regexp@2.0.0
🚩 Dependency escape-string-regexp@2.0.0 With Low Activity Score

Details

  • Severity: Low
  • Tags: Transitive Normal Potentially Reachable Dependency Warning
  • Categories: SCA Recommendation
  • Remediation: Check if the package is unmaintained by reviewing the score factors and decide whether to switch packages.
⤵️ Dependency: npm://escape-string-regexp@4.0.0
🚩 Dependency escape-string-regexp@4.0.0 With Low Activity Score

Details

  • Severity: Low
  • Tags: Transitive Normal Potentially Reachable Dependency Warning
  • Categories: SCA Recommendation
  • Remediation: Check if the package is unmaintained by reviewing the score factors and decide whether to switch packages.
⤵️ Dependency: npm://fast-xml-parser@4.5.7
🚩 GHSA-gh4j-gqv2-49f6: fast-xml-parser XMLBuilder: XML Comment and CDATA Injection via Unescaped Delimiters

Details

  • Severity: Medium
  • Tags: Transitive Normal Potentially Reachable Dependency Potentially Reachable Function Fix Available Warning
  • Categories: SCA Vulnerability Security
  • Remediation: Upgrade fast-xml-parser to version 5.7.0 (current: 4.5.7, latest: 5.9.3).
⤵️ Dependency: npm://glob@7.2.3
🚩 License Compliance Violation for Dependency glob@7.2.3

Details

  • Severity: Medium
  • Tags: Transitive Normal Potentially Reachable Dependency Warning
  • Categories: SCA Operational
  • Remediation: Please consult with legal for further instructions or to request an exception.
⤵️ Dependency: npm://has-flag@4.0.0
🚩 Dependency has-flag@4.0.0 With Low Activity Score

Details

  • Severity: Low
  • Tags: Transitive Normal Potentially Reachable Dependency Warning
  • Categories: SCA Recommendation
  • Remediation: Check if the package is unmaintained by reviewing the score factors and decide whether to switch packages.
⤵️ Dependency: npm://import-fresh@2.0.0
🚩 Dependency import-fresh@2.0.0 With Low Activity Score

Details

  • Severity: Low
  • Tags: Transitive Normal Potentially Reachable Dependency Warning
  • Categories: SCA Recommendation
  • Remediation: Check if the package is unmaintained by reviewing the score factors and decide whether to switch packages.
⤵️ Dependency: npm://ip@1.1.9
🚩 GHSA-2p57-rm9w-gvfp: ip SSRF improper categorization in isPublic

Details

  • Severity: High
  • Tags: Transitive Normal Potentially Reachable Dependency Potentially Reachable Function Unfixable Warning
  • Categories: SCA Vulnerability Security
  • Remediation: No patch upgrades available to fix the issue. Check the security advisory for alternative controls or actions.
⤵️ Dependency: npm://is-wsl@1.1.0
🚩 Dependency is-wsl@1.1.0 With Low Activity Score

Details

  • Severity: Low
  • Tags: Transitive Normal Potentially Reachable Dependency Warning
  • Categories: SCA Recommendation
  • Remediation: Check if the package is unmaintained by reviewing the score factors and decide whether to switch packages.
⤵️ Dependency: npm://is-wsl@2.2.0
🚩 Dependency is-wsl@2.2.0 With Low Activity Score

Details

  • Severity: Low
  • Tags: Transitive Normal Potentially Reachable Dependency Warning
  • Categories: SCA Recommendation
  • Remediation: Check if the package is unmaintained by reviewing the score factors and decide whether to switch packages.
⤵️ Dependency: npm://jsc-safe-url@0.2.4
🚩 Dependency jsc-safe-url@0.2.4 With Very Low Popularity Score

Details

  • Severity: Low
  • Tags: Transitive Normal Potentially Reachable Dependency Warning
  • Categories: SCA Recommendation
  • Remediation: No direct dependency upgrade(s) exist to fix this issue.
⤵️ Dependency: npm://kleur@3.0.3
🚩 Dependency kleur@3.0.3 With Low Activity Score

Details

  • Severity: Low
  • Tags: Transitive Normal Potentially Reachable Dependency Warning
  • Categories: SCA Recommendation
  • Remediation: Check if the package is unmaintained by reviewing the score factors and decide whether to switch packages.
⤵️ Dependency: npm://locate-path@3.0.0
🚩 Dependency locate-path@3.0.0 With Low Activity Score

Details

  • Severity: Low
  • Tags: Transitive Normal Potentially Reachable Dependency Warning
  • Categories: SCA Recommendation
  • Remediation: Check if the package is unmaintained by reviewing the score factors and decide whether to switch packages.
⤵️ Dependency: npm://locate-path@5.0.0
🚩 Dependency locate-path@5.0.0 With Low Activity Score

Details

  • Severity: Low
  • Tags: Transitive Normal Potentially Reachable Dependency Warning
  • Categories: SCA Recommendation
  • Remediation: Check if the package is unmaintained by reviewing the score factors and decide whether to switch packages.
⤵️ Dependency: npm://locate-path@6.0.0
🚩 Dependency locate-path@6.0.0 With Low Activity Score

Details

  • Severity: Low
  • Tags: Transitive Normal Potentially Reachable Dependency Warning
  • Categories: SCA Recommendation
  • Remediation: Check if the package is unmaintained by reviewing the score factors and decide whether to switch packages.
⤵️ Dependency: npm://log-symbols@4.1.0
🚩 Dependency log-symbols@4.1.0 With Low Activity Score

Details

  • Severity: Low
  • Tags: Transitive Normal Potentially Reachable Dependency Warning
  • Categories: SCA Recommendation
  • Remediation: Check if the package is unmaintained by reviewing the score factors and decide whether to switch packages.
⤵️ Dependency: npm://make-dir@2.1.0
🚩 Dependency make-dir@2.1.0 With Low Activity Score

Details

  • Severity: Low
  • Tags: Transitive Normal Potentially Reachable Dependency Warning
  • Categories: SCA Recommendation
  • Remediation: Check if the package is unmaintained by reviewing the score factors and decide whether to switch packages.
⤵️ Dependency: npm://node-forge@1.4.0
🚩 License Compliance Violation for Dependency node-forge@1.4.0

Details

  • Severity: Medium
  • Tags: Transitive Normal Potentially Reachable Dependency Warning
  • Categories: SCA Operational
  • Remediation: Please consult with legal for further instructions or to request an exception.
⤵️ Dependency: npm://npm-run-path@4.0.1
🚩 Dependency npm-run-path@4.0.1 With Low Activity Score

Details

  • Severity: Low
  • Tags: Transitive Normal Potentially Reachable Dependency Warning
  • Categories: SCA Recommendation
  • Remediation: Check if the package is unmaintained by reviewing the score factors and decide whether to switch packages.
⤵️ Dependency: npm://onetime@5.1.2
🚩 Dependency onetime@5.1.2 With Low Activity Score

Details

  • Severity: Low
  • Tags: Transitive Normal Potentially Reachable Dependency Warning
  • Categories: SCA Recommendation
  • Remediation: Check if the package is unmaintained by reviewing the score factors and decide whether to switch packages.
⤵️ Dependency: npm://p-locate@3.0.0
🚩 Dependency p-locate@3.0.0 With Low Activity Score

Details

  • Severity: Low
  • Tags: Transitive Normal Potentially Reachable Dependency Warning
  • Categories: SCA Recommendation
  • Remediation: Check if the package is unmaintained by reviewing the score factors and decide whether to switch packages.
⤵️ Dependency: npm://p-locate@4.1.0
🚩 Dependency p-locate@4.1.0 With Low Activity Score

Details

  • Severity: Low
  • Tags: Transitive Normal Potentially Reachable Dependency Warning
  • Categories: SCA Recommendation
  • Remediation: Check if the package is unmaintained by reviewing the score factors and decide whether to switch packages.
⤵️ Dependency: npm://p-locate@5.0.0
🚩 Dependency p-locate@5.0.0 With Low Activity Score

Details

  • Severity: Low
  • Tags: Transitive Normal Potentially Reachable Dependency Warning
  • Categories: SCA Recommendation
  • Remediation: Check if the package is unmaintained by reviewing the score factors and decide whether to switch packages.
⤵️ Dependency: npm://path-key@3.1.1
🚩 Dependency path-key@3.1.1 With Low Activity Score

Details

  • Severity: Low
  • Tags: Transitive Normal Potentially Reachable Dependency Warning
  • Categories: SCA Recommendation
  • Remediation: Check if the package is unmaintained by reviewing the score factors and decide whether to switch packages.
⤵️ Dependency: npm://resolve-from@3.0.0
🚩 Dependency resolve-from@3.0.0 With Low Activity Score

Details

  • Severity: Low
  • Tags: Transitive Normal Potentially Reachable Dependency Warning
  • Categories: SCA Recommendation
  • Remediation: Check if the package is unmaintained by reviewing the score factors and decide whether to switch packages.
⤵️ Dependency: npm://restore-cursor@3.1.0
🚩 Dependency restore-cursor@3.1.0 With Low Activity Score

Details

  • Severity: Low
  • Tags: Transitive Normal Potentially Reachable Dependency Warning
  • Categories: SCA Recommendation
  • Remediation: Check if the package is unmaintained by reviewing the score factors and decide whether to switch packages.
⤵️ Dependency: npm://shebang-regex@3.0.0
🚩 Dependency shebang-regex@3.0.0 With Low Activity Score

Details

  • Severity: Low
  • Tags: Transitive Normal Potentially Reachable Dependency Warning
  • Categories: SCA Recommendation
  • Remediation: Check if the package is unmaintained by reviewing the score factors and decide whether to switch packages.
⤵️ Dependency: npm://strict-uri-encode@2.0.0
🚩 Dependency strict-uri-encode@2.0.0 With Low Activity Score

Details

  • Severity: Low
  • Tags: Transitive Normal Potentially Reachable Dependency Warning
  • Categories: SCA Recommendation
  • Remediation: Check if the package is unmaintained by reviewing the score factors and decide whether to switch packages.
⤵️ Dependency: npm://sudo-prompt@9.2.1
🚩 Dependency sudo-prompt@9.2.1 With Very Low Activity Score

Details

  • Severity: Low
  • Tags: Transitive Normal Potentially Reachable Dependency Warning
  • Categories: SCA Recommendation
  • Remediation: Check if the package is unmaintained by reviewing the score factors and decide whether to switch packages.
⤵️ Dependency: npm://supports-preserve-symlinks-flag@1.0.0
🚩 Dependency supports-preserve-symlinks-flag@1.0.0 With Very Low Popularity Score

Details

  • Severity: Low
  • Tags: Transitive Normal Potentially Reachable Dependency Warning
  • Categories: SCA Recommendation
  • Remediation: No direct dependency upgrade(s) exist to fix this issue.
⤵️ Dependency: npm://unicode-match-property-ecmascript@2.0.0
🚩 Dependency unicode-match-property-ecmascript@2.0.0 With Very Low Popularity Score

Details

  • Severity: Low
  • Tags: Transitive Normal Potentially Reachable Dependency Warning
  • Categories: SCA Recommendation
  • Remediation: No direct dependency upgrade(s) exist to fix this issue.
⤵️ Dependency: npm://unicode-match-property-value-ecmascript@2.2.1
🚩 Dependency unicode-match-property-value-ecmascript@2.2.1 With Very Low Popularity Score

Details

  • Severity: Low
  • Tags: Transitive Normal Potentially Reachable Dependency Warning
  • Categories: SCA Recommendation
  • Remediation: No direct dependency upgrade(s) exist to fix this issue.
⤵️ Dependency: npm://unicode-property-aliases-ecmascript@2.2.0
🚩 Dependency unicode-property-aliases-ecmascript@2.2.0 With Very Low Popularity Score

Details

  • Severity: Low
  • Tags: Transitive Normal Potentially Reachable Dependency Warning
  • Categories: SCA Recommendation
  • Remediation: No direct dependency upgrade(s) exist to fix this issue.

This comment was automatically generated by Endor Labs.
Scanned @ 07-03-2026 03:28:26 UTC

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants