From ad3aee3444f8f7eaa6930fd411a2f2c74beebf6e Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Mon, 20 Nov 2023 15:58:24 +0000 Subject: [PATCH] fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-CRYPTOJS-6028119 --- package-lock.json | 35 ++++++++++++++++++++--------------- package.json | 2 +- 2 files changed, 21 insertions(+), 16 deletions(-) diff --git a/package-lock.json b/package-lock.json index 70c9e462d442..7dfe8adde806 100644 --- a/package-lock.json +++ b/package-lock.json @@ -69,7 +69,7 @@ "react-native-image-size": "git+https://github.com/Expensify/react-native-image-size#6b5ab5110dc3ed554f8eafbc38d7d87c17147972", "react-native-modal": "^13.0.0", "react-native-onyx": "1.0.29", - "react-native-pdf": "^6.6.2", + "react-native-pdf": "^6.7.2", "react-native-performance": "^2.0.0", "react-native-permissions": "^3.0.1", "react-native-picker-select": "git+https://github.com/Expensify/react-native-picker-select.git#7f09b2c15ffae320d769788f75bdf8948714bb10", @@ -20241,9 +20241,9 @@ } }, "node_modules/crypto-js": { - "version": "3.3.0", - "resolved": "https://registry.npmjs.org/crypto-js/-/crypto-js-3.3.0.tgz", - "integrity": "sha512-DIT51nX0dCfKltpRiXV+/TVZq+Qq2NgF4644+K7Ttnla7zEzqc+kjJyiB96BHNyUTBxyjzRcZYpUdZa+QAqi6Q==" + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/crypto-js/-/crypto-js-4.2.0.tgz", + "integrity": "sha512-KALDyEYgpY+Rlob/iriUtjV6d5Eq+Y191A5g4UqLAi8CyGP9N1+FdVbkc1SxKc2r4YAYqG8JzO2KGL+AizD70Q==" }, "node_modules/css-color-keywords": { "version": "1.0.0", @@ -35476,12 +35476,17 @@ } }, "node_modules/react-native-pdf": { - "version": "6.6.2", - "resolved": "https://registry.npmjs.org/react-native-pdf/-/react-native-pdf-6.6.2.tgz", - "integrity": "sha512-gqxNPSzL0lNN1dGYAz9ObSLb0shUTB8x1u69qKLMSmwuxFTpGui5PNNgpH8q/nlpL9zBzMVVc/AXEuDCwRyxEQ==", + "version": "6.7.2", + "resolved": "https://registry.npmjs.org/react-native-pdf/-/react-native-pdf-6.7.2.tgz", + "integrity": "sha512-Lt2kFmHuD/pteIoPhAazuxTbVsWj8HN30DSrTy6lKmI2sHCk60lArj0JeK9jq+5jU/T5BZpdNWJVw0UdqOlu6g==", "dependencies": { - "crypto-js": "^3.2.0", + "crypto-js": "4.2.0", "deprecated-react-native-prop-types": "^2.3.0" + }, + "peerDependencies": { + "react": "*", + "react-native": "*", + "react-native-blob-util": ">=0.13.7" } }, "node_modules/react-native-performance": { @@ -58057,9 +58062,9 @@ } }, "crypto-js": { - "version": "3.3.0", - "resolved": "https://registry.npmjs.org/crypto-js/-/crypto-js-3.3.0.tgz", - "integrity": "sha512-DIT51nX0dCfKltpRiXV+/TVZq+Qq2NgF4644+K7Ttnla7zEzqc+kjJyiB96BHNyUTBxyjzRcZYpUdZa+QAqi6Q==" + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/crypto-js/-/crypto-js-4.2.0.tgz", + "integrity": "sha512-KALDyEYgpY+Rlob/iriUtjV6d5Eq+Y191A5g4UqLAi8CyGP9N1+FdVbkc1SxKc2r4YAYqG8JzO2KGL+AizD70Q==" }, "css-color-keywords": { "version": "1.0.0", @@ -69811,11 +69816,11 @@ } }, "react-native-pdf": { - "version": "6.6.2", - "resolved": "https://registry.npmjs.org/react-native-pdf/-/react-native-pdf-6.6.2.tgz", - "integrity": "sha512-gqxNPSzL0lNN1dGYAz9ObSLb0shUTB8x1u69qKLMSmwuxFTpGui5PNNgpH8q/nlpL9zBzMVVc/AXEuDCwRyxEQ==", + "version": "6.7.2", + "resolved": "https://registry.npmjs.org/react-native-pdf/-/react-native-pdf-6.7.2.tgz", + "integrity": "sha512-Lt2kFmHuD/pteIoPhAazuxTbVsWj8HN30DSrTy6lKmI2sHCk60lArj0JeK9jq+5jU/T5BZpdNWJVw0UdqOlu6g==", "requires": { - "crypto-js": "^3.2.0", + "crypto-js": "4.2.0", "deprecated-react-native-prop-types": "^2.3.0" } }, diff --git a/package.json b/package.json index 849ee69d722d..d0206e6f1aa4 100644 --- a/package.json +++ b/package.json @@ -99,7 +99,7 @@ "react-native-image-size": "git+https://github.com/Expensify/react-native-image-size#6b5ab5110dc3ed554f8eafbc38d7d87c17147972", "react-native-modal": "^13.0.0", "react-native-onyx": "1.0.29", - "react-native-pdf": "^6.6.2", + "react-native-pdf": "^6.7.2", "react-native-performance": "^2.0.0", "react-native-permissions": "^3.0.1", "react-native-picker-select": "git+https://github.com/Expensify/react-native-picker-select.git#7f09b2c15ffae320d769788f75bdf8948714bb10",