[Snyk] Fix for 14 vulnerabilities

[abdullahceylan]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • mobile_files/package.json
  • mobile_files/package-lock.json
  • mobile_files/.snyk

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	No	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	No	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	No	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	No	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	Yes	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Cross-site Scripting (XSS) npm:react-dom:20180802	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: prop-types

The new version differs by 23 commits.

• fa6fbb7 15.6.2
• 5115f5c Merge pull request inject status api into webview status-im/status-mobile#180 from jaller94/master
• 2ac742c Merge pull request Floating Action button on iOS status-im/status-mobile#171 from barrymichaeldoyle/master
• a7a5a64 Merge pull request Use EIP55 checksum for address encoding status-im/status-mobile#194 from facebook/no-fbjs
• d6c9c5c Preserve "Invariant Violation" name
• 07d1b47 Remove fbjs dependency
• 3c99d57 Remove trailing spaces
• a36cda8 Move explanation of `isRequired` and show it in `PropTypes.shape`
• ba3da12 Show that shapes can have required properties
• 2bde8eb Add example for `PropTypes.exact`
• d65f80e Updated vars to consts and lets in PropTypesProductionStandalone-test.js
• c10c93f Updated vars to consts and lets in PropTypesDevelopmentStandalone-test.js
• 8e2b34e Updated vars to consts and lets in PropTypesDevelopmentReact15.js
• c5527c8 Updated vars with consts and lets in PropTypesProductionReact15-test.js
• 7cc8c81 Add 15.6.1 to CHANGELOG
• 5df7296 15.6.1
• b7d03ce Point readme to correct docs for production builds (Send transaction status-im/status-mobile#153)
• a94243f Update the repository location (QR Code Reader Crash status-im/status-mobile#148)
• 77c62a7 Fix failing tests ([Snyk] Security upgrade metro from 0.30.2 to 0.80.10 #129)
• 644844c Merge pull request Chat animation status-im/status-mobile#140 from flarnie/master
• 0b5db12 Add `CODE_OF_CONDUCT`
• a6900f0 Add CONTRIBUTING.md
• 492e230 Update README.md with improved importing for CDNs ([Snyk] Security upgrade selenium from 3.8.1 to 4.15.1 #104)

See the full diff

Package name: realm

The new version differs by 250 commits.

• 5565a81 [10.1.1] Bump version
• d19ae03 Security audit (Have option to review results of end-end tests status-im/status-mobile#3469)
• 484ac95 Upgrade to Realm Core v10.1.4 and Realm Sync v10.1.5. ([ISSUE #3316] Do not avoid keyboard in wallet/fee screen status-im/status-mobile#3468)
• fab8a71 Making change log entry more accurate.
• 4ae1790 Adding changelog template
• 56d9961 [v10.1.0] Bump version
• c6617bb Update to Realm Sync v10.1.4 (WIP [ISSUE #3417] Fix incorrect handling of camera permission rejection status-im/status-mobile#3449)
• 474295d Restoring CHANGELOG template
• 8abd7c5 Renamed google-login test to avoid running it in node
• 5a83b6b Releasing Realm Web v1.1.0
• c2bc4f6 Updated the instructions to publish
• d1f1f28 Google OAuth OpenId Connect (No response for /debug command in Console status-im/status-mobile#3440)
• 33fc9f0 Fixing _expandEmbeddedObjectSchemas must be of type 'function' (Pass WhisperConfig.LightClient: true in node config. Closes #3442 status-im/status-mobile#3446)
• 58c4eb0 Adding changelog template
• 13370b5 [10.0.2] Bump version
• e191e3f Prepare release (Prevent DApps and bots to be added to existing group chat status-im/status-mobile#3439)
• 38211c7 Fix a bug where shouldCompactOnLaunch would lead to a crash (STT asset changes to ETH after scanning QR code in Send Transaction status-im/status-mobile#3416)
• 2177723 Fixing chrome debugging on v10 (Wrong password hint that shows while signing transaction is slightly misplaced status-im/status-mobile#3411)
• 7466b47 Merge pull request Pull-to-refresh gesture is not working on Android status-im/status-mobile#3438 from realm/docs-site-typo
• e4b6a96 Fix typo on the SDK reference homepage
• 9272820 Rolling back PR 3356, toJSON should not make assumptions as to how ArrayBuffers are serialized ([Feature #3230] Implement theme support for components status-im/status-mobile#3436)
• ec1b8ce update OS to latest master (Repair prod-build from component is null issues status-im/status-mobile#3425)
• 2b12587 Realm.Sync -> Realm.App.Sync a few places (Do not allow to tap on the send button until recipient of the token is specified in group chat status-im/status-mobile#3431)
• 1f13774 Fixing some formatting typos

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) npm:semver:20150403	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Cross-site Scripting (XSS)
🦉 Denial of Service
🦉 More lessons are available in Snyk Learn