Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: Update Expo Config Plugins #2695

Merged
merged 1 commit into from
Mar 1, 2024
Merged

chore: Update Expo Config Plugins #2695

merged 1 commit into from
Mar 1, 2024

Conversation

jimhunty
Copy link
Contributor

Why?

@expo/config-plugins at version 6.0.1 contains the deep dependency xml2js at version 0.4.23.

This package contains a vulnerability as described here: https://security.snyk.io/vuln/SNYK-JS-XML2JS-5414874.

This PR updates @expo/config-plugins to version 7.8.4 which is the latest version and contains the xml2js at version 0.6.0. As defined in the link above, as this version is greater than 0.5.0, it has the vulnerability fixed.

Changes made

  • Updated the package.json and yarn.
  • Smoke tested the app in iOS
  • Ran the tests and linting, all seems to be passing

@hyochan hyochan added dependencies Pull requests that update a dependency file 🗒️ chore labels Mar 1, 2024
hyochan
hyochan approved these changes Mar 1, 2024
View reviewed changes
Copy link
Owner

@hyochan hyochan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great! Let's ship it 🚀

@hyochan hyochan merged commit 3908d4c into hyochan:main Mar 1, 2024
2 checks passed
@jimhunty jimhunty deleted the chore/expo-config-update branch March 1, 2024 13:46
arthurgeron pushed a commit to arthurgeron/react-native-iap that referenced this pull request Apr 2, 2024
@jimhunty @arthurgeron
chore: Update Expo Config Plugins (hyochan#2695)
bc8dad6 
# Why?

`@expo/config-plugins` at version 6.0.1 contains the deep dependency
`xml2js` at version 0.4.23.

This package contains a vulnerability as described here:
https://security.snyk.io/vuln/SNYK-JS-XML2JS-5414874.

This PR updates `@expo/config-plugins` to version 7.8.4 which is the
latest version and contains the `xml2js` at version 0.6.0. As defined in
the link above, as this version is greater than 0.5.0, it has the
vulnerability fixed.

# Changes made

- Updated the `package.json` and `yarn`.
- Smoke tested the app in iOS
- Ran the tests and linting, all seems to be passing
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hyochan hyochan hyochan approved these changes

Assignees
No one assigned
Labels
🗒️ chore dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jimhunty @hyochan