Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Snyk] Upgrade realm from 10.19.1 to 10.24.0 (#2402)
<h3>Snyk has created this PR to upgrade realm from 10.19.1 to 10.24.0.</h3> :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/> - The recommended version is **19 versions** ahead of your current version. - The recommended version was released **a month ago**, on 2022-11-13. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> | Prototype Pollution<br/> [SNYK-JS-QS-3153490](https://snyk.io/vuln/SNYK-JS-QS-3153490) | **554/1000** <br/> **Why?** Proof of Concept exploit, Recently disclosed, CVSS 7.5 | Proof of Concept (*) Note that the real score may have changed since the PR was raised. <details> <summary><b>Release notes</b></summary> <br/> <details> <summary>Package name: <b>realm</b></summary> <ul> <li> <b>10.24.0</b> - <a href="https://snyk.io/redirect/github/realm/realm-js/releases/tag/v10.24.0">2022-11-13</a></br><h3>Enhancements</h3> <ul> <li>Flexible sync will now wait for the server to have sent all pending history after a bootstrap before marking a subscription as Complete. (<a href="https://snyk.io/redirect/github/realm/realm-core/pull/5795" data-hovercard-type="pull_request" data-hovercard-url="/realm/realm-core/pull/5795/hovercard">realm/realm-core#5795</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>Fix database corruption and encryption issues on apple platforms. (<a href="https://snyk.io/redirect/github/realm/realm-js/issues/5076" data-hovercard-type="issue" data-hovercard-url="/realm/realm-js/issues/5076/hovercard">#5076</a>, since v10.12.0)</li> <li>Sync bootstraps will not be applied in a single write transaction - they will be applied 1MB of changesets at a time. (<a href="https://snyk.io/redirect/github/realm/realm-core/pull/5999" data-hovercard-type="pull_request" data-hovercard-url="/realm/realm-core/pull/5999/hovercard">realm/realm-core#5999</a>, since v10.19.0).</li> <li>Fix a race condition which could result in <code>operation cancelled</code> errors being delivered to <code>Realm#open</code> rather than the actual sync error which caused things to fail. (<a href="https://snyk.io/redirect/github/realm/realm-core/pull/5968" data-hovercard-type="pull_request" data-hovercard-url="/realm/realm-core/pull/5968/hovercard">realm/realm-core#5968</a>, v1.0.0).</li> </ul> <h3>Compatibility</h3> <ul> <li>React Native >= v0.64.0</li> <li>Atlas App Services.</li> <li>Realm Studio v12.0.0.</li> <li>APIs are backwards compatible with all previous releases of Realm JavaScript in the 10.5.x series.</li> <li>File format: generates Realms with format v22 (reads and upgrades file format v5 or later for non-synced Realm, upgrades file format v10 or later for synced Realms).</li> </ul> <h3>Internal</h3> <ul> <li>Upgraded Realm Core from v12.11.0 to v12.12.0.</li> </ul> </li> <li> <b>10.23.0</b> - <a href="https://snyk.io/redirect/github/realm/realm-js/releases/tag/v10.23.0">2022-10-31</a></br><h3>Enhancements</h3> <ul> <li>Improve performance of client reset with automatic recovery and converting top-level tables into embedded tables. (<a href="https://snyk.io/redirect/github/realm/realm-core/pull/5897" data-hovercard-type="pull_request" data-hovercard-url="/realm/realm-core/pull/5897/hovercard">realm/realm-core#5897</a>)</li> <li>If a sync client sends a message larger than 16 MB, the sync server will request a client reset. (<a href="https://snyk.io/redirect/github/realm/realm-core/issues/5209" data-hovercard-type="issue" data-hovercard-url="/realm/realm-core/issues/5209/hovercard">realm/realm-core#5209</a>)</li> <li>Add two new modes to client reset: <code>RecoverUnsyncedChanges</code> and <code>RecoverOrDiscardUnsyncedChanges</code>. The two modes will recover local/unsynced changes with changes from the server if possible. If not possible, <code>RecoverOrDiscardUnsyncedChanges</code> will remove the local Realm file and download a fresh file from the server. The mode <code>DiscardLocal</code> is duplicated as <code>DiscardUnsyncedChanges</code>, and <code>DiscardLocal</code> is be removed in a future version. (<a href="https://snyk.io/redirect/github/realm/realm-js/issues/4135" data-hovercard-type="issue" data-hovercard-url="/realm/realm-js/issues/4135/hovercard">#4135</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>Fixed a use-after-free if the last external reference to an encrypted Realm was closed between when a client reset error was received and when the download of the new Realm began. (<a href="https://snyk.io/redirect/github/realm/realm-core/pull/5949" data-hovercard-type="pull_request" data-hovercard-url="/realm/realm-core/pull/5949/hovercard">realm/realm-core#5949</a>, since v10.20.0)</li> <li>Opening an unencrypted file with an encryption key would sometimes report a misleading error message that indicated that the problem was something other than a decryption failure. (<a href="https://snyk.io/redirect/github/realm/realm-core/pull/5915" data-hovercard-type="pull_request" data-hovercard-url="/realm/realm-core/pull/5915/hovercard">realm/realm-core#5915</a>, since v1.0.0)</li> <li>Fixed a rare deadlock which could occur when closing a synchronized Realm immediately after committing a write transaction when the sync worker thread has also just finished processing a changeset from the sync server. (<a href="https://snyk.io/redirect/github/realm/realm-core/pull/5948" data-hovercard-type="pull_request" data-hovercard-url="/realm/realm-core/pull/5948/hovercard">realm/realm-core#5948</a>)</li> </ul> <h3>Compatibility</h3> <ul> <li>React Native >= v0.64.0</li> <li>Atlas App Services.</li> <li>Realm Studio v12.0.0.</li> <li>APIs are backwards compatible with all previous releases of Realm JavaScript in the 10.5.x series.</li> <li>File format: generates Realms with format v22 (reads and upgrades file format v5 or later for non-synced Realm, upgrades file format v10 or later for synced Realms).</li> </ul> <h3>Internal</h3> <ul> <li>Upgraded Realm Core from v12.9.0 to v12.11.0.</li> </ul> </li> <li> <b>10.22.0</b> - <a href="https://snyk.io/redirect/github/realm/realm-js/releases/tag/v10.22.0">2022-10-17</a></br><h3>Enhancements</h3> <ul> <li>Prioritize integration of local changes over remote changes. This shortens the time users may have to wait when committing local changes. Stop storing downloaded changesets in history. (<a href="https://snyk.io/redirect/github/realm/realm-core/pull/5844" data-hovercard-type="pull_request" data-hovercard-url="/realm/realm-core/pull/5844/hovercard">realm/realm-core#5844</a>)</li> <li>Greatly improve the performance of sorting or distincting a Dictionary's keys or values. The most expensive operation is now performed O(log N) rather than O(N log N) times, and large Dictionaries can see upwards of 99% reduction in time to sort. (<a href="https://snyk.io/redirect/github/realm/realm-core/pulls/5166">realm/realm-core#5166</a>)</li> <li>Cut the runtime of aggregate operations on large dictionaries in half. (<a href="https://snyk.io/redirect/github/realm/realm-core/pull/5864" data-hovercard-type="pull_request" data-hovercard-url="/realm/realm-core/pull/5864/hovercard">realm/realm-core#5864</a>)</li> <li>Improve performance of aggregate operations on collections of objects by 2x to 10x. (<a href="https://snyk.io/redirect/github/realm/realm-core/pull/5864" data-hovercard-type="pull_request" data-hovercard-url="/realm/realm-core/pull/5864/hovercard">realm/realm-core#5864</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>If a case insensitive query searched for a string including an 4-byte UTF8 character, the program would crash. (<a href="https://snyk.io/redirect/github/realm/realm-core/issues/5825" data-hovercard-type="issue" data-hovercard-url="/realm/realm-core/issues/5825/hovercard">realm/realm-core#5825</a>, since v1.0.0)</li> <li><code>Realm#writeCopyTo()</code> doesn't support flexible sync, and an exception is thrown. (<a href="https://snyk.io/redirect/github/realm/realm-core/issues/5798" data-hovercard-type="issue" data-hovercard-url="/realm/realm-core/issues/5798/hovercard">realm/realm-core#5798</a>, since v10.10.0)</li> <li>Asymmetric object types/classes cannot be used with partition-based sync, and an exception is thrown. (<a href="https://snyk.io/redirect/github/realm/realm-core/issues/5691" data-hovercard-type="issue" data-hovercard-url="/realm/realm-core/issues/5691/hovercard">realm/realm-core#5691</a>, since v10.19.0)</li> <li>If you set a subscription on a link in flexible sync, the server would not know how to handle it. (<a href="https://snyk.io/redirect/github/realm/realm-core/issues/5409" data-hovercard-type="issue" data-hovercard-url="/realm/realm-core/issues/5409/hovercard">realm/realm-core#5409</a>, since v10.10.1)</li> <li>Fixed type declarations for aggregation methods (min, max, sum, avg) to reflect implementation. (<a href="https://snyk.io/redirect/github/realm/realm-js/issues/4994" data-hovercard-type="issue" data-hovercard-url="/realm/realm-js/issues/4994/hovercard">4994</a>, since v2.0.0)</li> </ul> <h3>Compatibility</h3> <ul> <li>React Native >= v0.64.0</li> <li>Atlas App Services.</li> <li>Realm Studio v12.0.0.</li> <li>APIs are backwards compatible with all previous releases of Realm JavaScript in the 10.5.x series.</li> <li>File format: generates Realms with format v22 (reads and upgrades file format v5 or later for non-synced Realm, upgrades file format v10 or later for synced Realms).</li> </ul> <h3>Internal</h3> <ul> <li>Upgraded Realm Core from v12.6.0 to v12.9.0. (<a href="https://snyk.io/redirect/github/realm/realm-js/issues/4932" data-hovercard-type="issue" data-hovercard-url="/realm/realm-js/issues/4932/hovercard">#4932</a> and <a href="https://snyk.io/redirect/github/realm/realm-js/issues/4983" data-hovercard-type="issue" data-hovercard-url="/realm/realm-js/issues/4983/hovercard">#4983</a></li> <li>Added ARM/Linux build guide.</li> </ul> </li> <li> <b>10.21.1</b> - 2022-09-15 </li> <li> <b>10.21.0</b> - 2022-09-12 </li> <li> <b>10.20.0</b> - 2022-08-23 </li> <li> <b>10.20.0-beta.5</b> - 2022-04-13 </li> <li> <b>10.20.0-beta.4</b> - 2022-04-11 </li> <li> <b>10.20.0-beta.3</b> - 2022-03-24 </li> <li> <b>10.20.0-beta.2</b> - 2022-02-14 </li> <li> <b>10.20.0-beta.1</b> - 2022-01-27 </li> <li> <b>10.20.0-beta.0</b> - 2022-01-06 </li> <li> <b>10.20.0-alpha.2</b> - 2021-11-25 </li> <li> <b>10.20.0-alpha.1</b> - 2021-09-22 </li> <li> <b>10.20.0-alpha.0</b> - 2021-09-02 </li> <li> <b>10.19.5</b> - 2022-07-06 </li> <li> <b>10.19.4</b> - 2022-07-05 </li> <li> <b>10.19.3</b> - 2022-06-27 </li> <li> <b>10.19.2</b> - 2022-06-20 </li> <li> <b>10.19.1</b> - 2022-06-07 </li> </ul> from <a href="https://snyk.io/redirect/github/realm/realm-js/releases">realm GitHub release notes</a> </details> </details> <details> <summary><b>Commit messages</b></summary> </br> <details> <summary>Package name: <b>realm</b></summary> <ul> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/28019f68f9991c1120ef98ad836ac37a7362449f">28019f6</a> [10.24.0] Bump version</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/8a716b1bd65dbe8e02b039e6ed16651351a52b0c">8a716b1</a> Upgrade to Realm Core v12.2.0 (#5108)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/f20fdb5b7f51d952e6641f25c44eb88d1af6f8fa">f20fdb5</a> [10.23.0] Bump version (#5044)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/fe4986fa0e3e93ea9edad3fc964ba1c408e0e365">fe4986f</a> Revert "[10.23.0] Bump version (#5042)" (#5043)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/79e958c79776adb3a94a2b71207b7c171956a905">79e958c</a> [10.23.0] Bump version (#5042)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/a54c953a786149e8cf56a5b829da846b7ed30c6a">a54c953</a> Client reset w/recovery (#4711)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/81c02868dd4ce7b3b6ee00cfceac14151e612a30">81c0286</a> Upgrade to Realm Core v12.11.0 (#5034)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/0b253fffe8a7bfb74dcc85507340615b7e9484e8">0b253ff</a> Upgrade to Realm Core v12.10.0 (#5031)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/5b4d9bd9e0473b6b07213747c50de552739608b5">5b4d9bd</a> Fixing prebuilds env (#4925)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/5d066041c6eb2967fdee7ab9e8180b5c8e7c5a22">5d06604</a> Update CHANGELOG.md</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/a56c9d84d3aad0a3a93dc6d8add30adbe783d536">a56c9d8</a> Mention the missing support of RHEL 7 (#5010)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/af024e096cc8e51480a57129120b596bc146f14c">af024e0</a> workflows: instructions for release process (#4868)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/55f0a0ba076d239d952b049d74e4e1993ddfe693">55f0a0b</a> Prepare for vNext (#5016)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/b4cefea6dfedcad65010a19cd62dee0bfeb3f451">b4cefea</a> [10.22.0] Bump version (#5014)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/73ff72e55fc4aa6598a742270d2d0d0f03ab6b1b">73ff72e</a> Reviewed changelog</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/c051c753b6c93442a1c21b2386013623fcabbbbc">c051c75</a> Update types for min, max, avg & sum (#4999)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/bf883945c5374c9744f94b3cfd97a95f9fa7964e">bf88394</a> Support importing values with the app importer (#5004)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/8e029d691dbed99a1169dc41bdb7e616b9dd61fd">8e029d6</a> Update index.d.ts (#4993)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/b3632f0289b174b8786503c4c082ef8da98db708">b3632f0</a> Upgrade to Realm Core v12.9.0 (#4985)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/dd501a19715dd7e83497d0417a9957993652dc2b">dd501a1</a> Expand App Importer (#4988)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/17683a31364cc9772496c767c031abeec5a29b92">17683a3</a> Realm react contribution guide (#4963)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/b9c03f4bb2190262d1a5ad0b8002424d6182b51d">b9c03f4</a> Upgrade Realm React dependencies (#4960)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/74f22dbc1c3824b0b0ce183e95b23cd9f70e18ca">74f22db</a> Merge pull request #4956 from realm/geragray-patch-1</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/44cbcd4391c1245ce617e2dbbd86157ac1d1dc5c">44cbcd4</a> Update README.md</li> </ul> <a href="https://snyk.io/redirect/github/realm/realm-js/compare/ee9175be715ce2fb6606ae928a729af2601096f1...28019f68f9991c1120ef98ad836ac37a7362449f">Compare</a> </details> </details> <hr/> **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJlZmQwYzNjYS1lMjQ0LTQyYTItYTMxOC04NzM2MDk4YjVmNmIiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImVmZDBjM2NhLWUyNDQtNDJhMi1hMzE4LTg3MzYwOThiNWY2YiJ9fQ==" width="0" height="0"/> 🧐 [View latest project report](https://app.snyk.io/org/sandbox-2ba/project/50a1c3b6-8d4c-4587-a7ba-f8b958614441?utm_source=github&utm_medium=referral&page=upgrade-pr) 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/sandbox-2ba/project/50a1c3b6-8d4c-4587-a7ba-f8b958614441/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/sandbox-2ba/project/50a1c3b6-8d4c-4587-a7ba-f8b958614441/settings/integration?pkg=realm&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades) <!--- (snyk:metadata:{"prId":"efd0c3ca-e244-42a2-a318-8736098b5f6b","prPublicId":"efd0c3ca-e244-42a2-a318-8736098b5f6b","dependencies":[{"name":"realm","from":"10.19.1","to":"10.24.0"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/sandbox-2ba/project/50a1c3b6-8d4c-4587-a7ba-f8b958614441?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"50a1c3b6-8d4c-4587-a7ba-f8b958614441","env":"prod","prType":"upgrade","vulns":["SNYK-JS-QS-3153490"],"issuesToFix":[{"issueId":"SNYK-JS-QS-3153490","severity":"high","title":"Prototype Pollution","exploitMaturity":"proof-of-concept","priorityScore":554,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"cvssScore","label":"7.5","score":375}]}],"upgrade":["SNYK-JS-QS-3153490"],"upgradeInfo":{"versionsDiff":19,"publishedDate":"2022-11-13T10:28:26.249Z"},"templateVariants":["priorityScore"],"hasFixes":true,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[554]}) ---> Co-authored-by: snyk-bot <snyk-bot@snyk.io>
- Loading branch information
1 parent
90e23ac
commit 4ae5fbb