App: [HOLD for payment 2022-10-12] [$250] Upgrade `react-native-svg` package to the latest version
If you haven’t already, check out our contributing guidelines for onboarding and email contributors@expensify.com to request to join our Slack channel!
Snyk ID: SNYK-JS-NTHCHECK-1586032
Package: nth-check
Version: 1.0.2
Language: js
Date Introduced: 2022-07-04
Flo/Expensidev/App [main] $ npm list nth-check [18:34:14]
new.expensify@1.1.82-5 /Users/flo/Expensidev/App
├─┬ @svgr/webpack@5.5.0
│ └─┬ @svgr/plugin-svgo@5.5.0
│ └─┬ svgo@1.3.2
│ └─┬ css-select@2.1.0
│ └── nth-check@1.0.2 deduped
├─┬ html-webpack-plugin@4.5.0
│ └─┬ pretty-error@2.1.2
│ └─┬ renderkid@2.0.4
│ └─┬ css-select@1.2.0
│ └── nth-check@1.0.2 deduped
└─┬ react-native-svg@12.1.0
└─┬ css-select@2.1.0
└── nth-check@1.0.2
(Internal reference) CC: @flodnv @joelbettner Upwork job URL: https://www.upwork.com/jobs/~014e2ad669b286cdd1
For the proposal it would be good to see:
- A summary of breaking changes between our current version and the latest version
- A summary of any peer dependencies that need to be upgraded
- A list of which breaking changes (if any), affect us, and how to address those changes.
About this issue
- Original URL
- State: closed
- Created 2 years ago
- Comments: 42 (31 by maintainers)
I need someone from the internal team to review the vulnerability status that we are trying to fix on that PR. I do not have access to Synk so I can’t do that.
PR is looking good but there is no use for my approval if the PR does not serve the purpose for what it is created.
Cool, I can see you asked Andrew a question. He’s OOO at the moment, tagged a couple of other people that might be able to help offer an opinion in the interim. 👍
Yes
The solution for this issue has been 🚀 deployed to production 🚀 in version 1.1.96-5 and is now subject to a 7-day regression period 📆. Here is the list of pull requests that resolve this issue:
If no regressions arise, payment will be issued on 2022-09-12. 🎊
We reverted this PR due to a regression