Vulnerabilities

DepShield reports that this application's usage of lodash.clone:4.5.0 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

---

Occurrences

lodash.clone:4.5.0 is a transitive dependency introduced by the following direct dependency(s):

• snyk:1.110.2
        └─ snyk-resolve-deps:4.0.2
              └─ lodash.clone:4.5.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Here's the Weekly Digest for 9renpoto/app:

---

ISSUES

Last week 2 issues were created.
Of these, 2 issues have been closed and 0 issues are still open.

CLOSED ISSUES

❤️ #546 chore(deps): update dependency typescript to v3.5.1, by renovate[bot]
❤️ #545 chore(deps): update dependency @types/react to v16.8.19, by renovate[bot]

---

PULL REQUESTS

Last week, 2 pull requests were created, updated or merged.

MERGED PULL REQUEST

Last week, 2 pull requests were merged.
💜 #546 chore(deps): update dependency typescript to v3.5.1, by renovate[bot]
💜 #545 chore(deps): update dependency @types/react to v16.8.19, by renovate[bot]

---

COMMITS

Last week there were 2 commits.
🛠️ chore(deps): update dependency typescript to v3.5.1 by renovate-bot
🛠️ chore(deps): update dependency @types/react to v16.8.19 by renovate-bot

---

CONTRIBUTORS

Last week there was 1 contributor.
👤 renovate-bot

---

STARGAZERS

Last week there were no stargazers.

---

RELEASES

Last week there were no releases.

---

That's all for last week, please 👀 Watch and ⭐ Star the repository 9renpoto/app to receive next weekly updates. 😃

You can also view all Weekly Digests by clicking here.

Your Weekly Digest bot. 📆

Vulnerabilities

DepShield reports that this application's usage of lodash.assignin:4.2.0 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

---

Occurrences

lodash.assignin:4.2.0 is a transitive dependency introduced by the following direct dependency(s):

• snyk:1.110.2
        └─ snyk-resolve-deps:4.0.2
              └─ lodash.assignin:4.2.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash.uniq:4.5.0 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)
• (CVSS 6.5) [CVE-2018-3721] lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutabl...

---

Occurrences

lodash.uniq:4.5.0 is a transitive dependency introduced by the following direct dependency(s):

• eslint-plugin-jest:22.2.0
        └─ @semantic-release/npm:5.1.4
              └─ npm:6.5.0
                    └─ lodash.uniq:4.5.0
        └─ semantic-release:15.13.3
              └─ @semantic-release/github:5.2.10
                    └─ @octokit/rest:16.13.4
                          └─ lodash.uniq:4.5.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash._getnative:3.9.1 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

---

Occurrences

lodash._getnative:3.9.1 is a transitive dependency introduced by the following direct dependency(s):

• eslint-plugin-jest:22.2.0
        └─ @semantic-release/npm:5.1.4
              └─ npm:6.5.0
                    └─ lodash._createcache:3.1.2
                          └─ lodash._getnative:3.9.1
                    └─ lodash._getnative:3.9.1

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash.union:4.6.0 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

---

Occurrences

lodash.union:4.6.0 is a transitive dependency introduced by the following direct dependency(s):

• eslint-plugin-jest:22.2.0
        └─ @semantic-release/npm:5.1.4
              └─ npm:6.5.0
                    └─ lodash.union:4.6.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

WS-2019-0019 - Medium Severity Vulnerability

Vulnerable Library - braces-1.8.5.tgz

Fastest brace expansion for node.js, with the most complete support for the Bash 4.3 braces specification.

path: /tmp/git/app/node_modules/braces/package.json

Library home page: https://registry.npmjs.org/braces/-/braces-1.8.5.tgz

Dependency Hierarchy:

• jest-23.6.0.tgz (Root Library)
  • jest-cli-23.6.0.tgz
    • micromatch-2.3.11.tgz
      • ❌ braces-1.8.5.tgz (Vulnerable Library)

Vulnerability Details

Version of braces prior to 2.3.1 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service.

Publish Date: 2019-02-21

URL: WS-2019-0019

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/786

Release Date: 2019-02-21

Fix Resolution: 2.3.1

---

Step up your Open Source Security Game with WhiteSource here

Here's the Weekly Digest for 9renpoto/app:

---

ISSUES

Last week 3 issues were created.
Of these, 3 issues have been closed and 0 issues are still open.

CLOSED ISSUES

❤️ #560 chore(deps): update dependency @types/react to v16.8.22, by renovate[bot]
❤️ #559 chore(deps): update dependency @types/react to v16.8.21, by renovate[bot]
❤️ #558 chore(deps): update dependency @types/jest to v24.0.15, by renovate[bot]

---

PULL REQUESTS

Last week, 3 pull requests were created, updated or merged.

MERGED PULL REQUEST

Last week, 3 pull requests were merged.
💜 #560 chore(deps): update dependency @types/react to v16.8.22, by renovate[bot]
💜 #559 chore(deps): update dependency @types/react to v16.8.21, by renovate[bot]
💜 #558 chore(deps): update dependency @types/jest to v24.0.15, by renovate[bot]

---

COMMITS

Last week there were 3 commits.
🛠️ chore(deps): update dependency @types/react to v16.8.22 by renovate-bot
🛠️ chore(deps): update dependency @types/react to v16.8.21 by renovate-bot
🛠️ chore(deps): update dependency @types/jest to v24.0.15 by renovate-bot

---

CONTRIBUTORS

Last week there was 1 contributor.
👤 renovate-bot

---

STARGAZERS

Last week there were no stargazers.

---

RELEASES

Last week there were no releases.

---

That's all for last week, please 👀 Watch and ⭐ Star the repository 9renpoto/app to receive next weekly updates. 😃

You can also view all Weekly Digests by clicking here.

Your Weekly Digest bot. 📆

Vulnerabilities

DepShield reports that this application's usage of lodash.restparam:3.6.1 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

---

Occurrences

lodash.restparam:3.6.1 is a transitive dependency introduced by the following direct dependency(s):

• eslint-plugin-jest:22.2.0
        └─ @semantic-release/npm:5.1.4
              └─ npm:6.5.0
                    └─ lodash.restparam:3.6.1

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

WS-2017-0421 - High Severity Vulnerability

Vulnerable Library - ws-1.1.5.tgz

Simple to use, blazing fast and thoroughly tested websocket client and server for Node.js

path: /tmp/git/app/node_modules/ws/package.json

Library home page: https://registry.npmjs.org/ws/-/ws-1.1.5.tgz

Dependency Hierarchy:

• react-native-0.57.8.tgz (Root Library)
  • ❌ ws-1.1.5.tgz (Vulnerable Library)

Vulnerability Details

Affected version of ws (0.2.6--3.3.0) are vulnerable to A specially crafted value of the Sec-WebSocket-Extensions header that used Object.prototype property names as extension or parameter names could be used to make a ws server crash.

Publish Date: 2017-11-08

URL: WS-2017-0421

CVSS 2 Score Details (7.5)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/550/versions

Release Date: 2019-01-24

Fix Resolution: 3.3.1

---

Step up your Open Source Security Game with WhiteSource here

Vulnerabilities

DepShield reports that this application's usage of lodash.escaperegexp:4.1.2 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

---

Occurrences

lodash.escaperegexp:4.1.2 is a transitive dependency introduced by the following direct dependency(s):

• eslint-plugin-jest:22.2.0
        └─ semantic-release:15.13.3
              └─ @semantic-release/github:5.2.10
                    └─ issue-parser:3.0.1
                          └─ lodash.escaperegexp:4.1.2

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

The project could not be analyzed because of maven build errors. Please review the error messages here. Another build will be scheduled within 24 hours. If the build is successful this issue will be closed, otherwise the error message will be updated.

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Vulnerabilities

DepShield reports that this application's usage of lodash.uniqby:4.7.0 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)
• (CVSS 6.5) [CVE-2018-3721] lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutabl...

---

Occurrences

lodash.uniqby:4.7.0 is a transitive dependency introduced by the following direct dependency(s):

• eslint-plugin-jest:22.2.0
        └─ semantic-release:15.13.3
              └─ @semantic-release/github:5.2.10
                    └─ issue-parser:3.0.1
                          └─ lodash.uniqby:4.7.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Dependabot couldn't find a build.gradle for this project.

Dependabot requires a build.gradle to evaluate your project's current Java dependencies. It had expected to find one at the path: /android/build.gradle.

If this isn't a Java project, or if it is a library, you may wish to disable updates for it from within Dependabot.

Vulnerabilities

DepShield reports that this application's usage of lodash.memoize:4.1.2 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

---

Occurrences

lodash.memoize:4.1.2 is a transitive dependency introduced by the following direct dependency(s):

• prettier-eslint-cli:4.7.1
        └─ lodash.memoize:4.1.2

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Rate-Limited

These updates are currently rate-limited. Click on a checkbox below to force their creation now.

• chore(deps): update dependency enzyme-adapter-react-16 to v1.15.7
• chore(deps): update dependency babel-plugin-react-native-web to v0.18.10
• fix(deps): update dependency react-native-web to ^0.18.0
• chore(deps): update actions/checkout action to v3
• chore(deps): update actions/setup-node action to v3
• chore(deps): update dependency babel-loader to v9
• chore(deps): update dependency husky to v8
• chore(deps): update dependency lint-staged to v13
• chore(deps): update dependency prettier-eslint-cli to v7
• chore(deps): update dependency stylelint-config-recommended to v9
• fix(deps): update react monorepo to v18 (major) (react, react-art, react-dom)
• 🔐 Create all rate-limited PRs at once 🔐

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

• fix(deps): update dependency next to v12 [security]
• chore(deps): update babel monorepo (@babel/core, @babel/plugin-proposal-class-properties, @babel/preset-typescript, babel-loader)
• chore(deps): update dependency @react-native-community/eslint-config to v3.2.0
• chore(deps): update dependency @storybook/react to v6.5.13
• chore(deps): update dependency @types/jest to v27.5.2
• fix(deps): update dependency @types/react-native to ^0.70.0
• chore(deps): update dependency faker to v6 (faker, @types/faker)
• chore(deps): update dependency lerna to v6
• chore(deps): update dependency stylelint to v14
• chore(deps): update jest monorepo to v29 (major) (@types/jest, babel-jest, jest)
• Click on this checkbox to rebase all open PRs at once

Ignored or Blocked

These are blocked by an existing closed PR and will not be recreated unless you click a checkbox below.

• fix(deps): update dependency react-native to ^0.64.0 [security]
• chore(deps): update dependency lint-staged to v11.2.6
• fix(deps): update dependency react-native-vector-icons to v9

Detected dependencies

github-actions

.github/workflows/nodejs.yml

• actions/checkout v2
• actions/setup-node v2

npm

apps/web/package.json

• next ^10.0.0

package.json

• @types/react-native ^0.64.0
• @types/yup ^0.29.0
• babel-plugin-cssta ^0.10.0
• cssta ^0.10.0
• formik ^2.0.6
• react ^17.0.0
• react-art ^17.0.0
• react-dom ^17.0.0
• react-native ^0.63.0
• react-native-elements ^3.0.0
• react-native-vector-icons ^8.0.0
• react-native-web ^0.17.0
• typescript-styled-plugin ^0.18.0
• yup ^0.32.0
• @9renpoto/eslint-config-react 7.5.0
• @9renpoto/eslint-config-typescript 7.5.0
• @9renpoto/stylelint-config 7.5.0
• @babel/core 7.15.8
• @babel/plugin-proposal-class-properties 7.14.5
• @babel/preset-typescript 7.15.0
• @react-native-community/eslint-config 3.0.1
• @storybook/react 6.3.12
• @types/enzyme 3.10.12
• @types/faker 5.5.9
• @types/jest 27.0.3
• babel-jest 26.6.3
• babel-loader 8.2.3
• babel-plugin-lodash 3.3.4
• babel-plugin-react-native-web 0.17.7
• enzyme 3.11.0
• enzyme-adapter-react-16 1.15.6
• faker 5.5.3
• husky 6.0.0
• jest 26.6.3
• jest-enzyme 7.1.2
• lerna 4.0.0
• lint-staged 11.1.2
• npm-run-all 4.1.5
• prettier-eslint-cli 5.0.1
• stylelint 13.13.1
• stylelint-config-recommended 5.0.0
• stylelint-config-styled-components 0.1.1
• stylelint-processor-styled-components 1.10.0

packages/templates/package.json

• babel-plugin-cssta 0.10.0
• babel-plugin-macros 3.1.0
• cssta 0.10.1

---

• Check this box to trigger a request for Renovate to run again on this repository

Vulnerabilities

DepShield reports that this application's usage of lodash.toarray:4.4.0 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

---

Occurrences

lodash.toarray:4.4.0 is a transitive dependency introduced by the following direct dependency(s):

• eslint-plugin-jest:22.2.0
        └─ semantic-release:15.13.3
              └─ marked-terminal:3.2.0
                    └─ node-emoji:1.8.1
                          └─ lodash.toarray:4.4.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash.flatten:4.4.0 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

---

Occurrences

lodash.flatten:4.4.0 is a transitive dependency introduced by the following direct dependency(s):

• snyk:1.110.2
        └─ snyk-resolve-deps:4.0.2
              └─ lodash.flatten:4.4.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of debug:2.6.9 results in the following vulnerability(s):

• (CVSS 7.5) CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')

---

Occurrences

debug:2.6.9 is a transitive dependency introduced by the following direct dependency(s):

• babel-jest:24.8.0
        └─ @jest/transform:24.8.0
              └─ jest-haste-map:24.8.0
                    └─ anymatch:2.0.0
                          └─ micromatch:3.1.10
                                └─ extglob:2.0.4
                                      └─ expand-brackets:2.1.4
                                            └─ debug:2.6.9
              └─ micromatch:3.1.10
                    └─ extglob:2.0.4
                          └─ expand-brackets:2.1.4
                                └─ debug:2.6.9
                    └─ snapdragon:0.8.2
                          └─ debug:2.6.9

• jest:24.8.0
        └─ jest-cli:24.8.0
              └─ @jest/core:24.8.0
                    └─ micromatch:3.1.10
                          └─ extglob:2.0.4
                                └─ expand-brackets:2.1.4
                                      └─ debug:2.6.9
                    └─ @jest/reporters:24.8.0
                          └─ jest-haste-map:24.8.0
                                └─ micromatch:3.1.10
                                      └─ extglob:2.0.4
                                            └─ expand-brackets:2.1.4
                                                  └─ debug:2.6.9
                    └─ jest-message-util:24.8.0
                          └─ micromatch:3.1.10
                                └─ extglob:2.0.4
                                      └─ expand-brackets:2.1.4
                                            └─ debug:2.6.9
                    └─ jest-runner:24.8.0
                          └─ jest-haste-map:24.8.0
                                └─ micromatch:3.1.10
                                      └─ extglob:2.0.4
                                            └─ expand-brackets:2.1.4
                                                  └─ debug:2.6.9
                    └─ jest-runtime:24.8.0
                          └─ jest-haste-map:24.8.0
                                └─ micromatch:3.1.10
                                      └─ extglob:2.0.4
                                            └─ expand-brackets:2.1.4
                                                  └─ debug:2.6.9
              └─ jest-config:24.8.0
                    └─ @jest/test-sequencer:24.8.0
                          └─ jest-haste-map:24.8.0
                                └─ micromatch:3.1.10
                                      └─ extglob:2.0.4
                                            └─ expand-brackets:2.1.4
                                                  └─ debug:2.6.9
                    └─ micromatch:3.1.10
                          └─ extglob:2.0.4
                                └─ expand-brackets:2.1.4
                                      └─ debug:2.6.9

• react-native:0.59.8
        └─ @react-native-community/cli:1.9.4
              └─ metro:0.51.1
                    └─ debug:2.6.9
                    └─ jest-haste-map:24.0.0-alpha.6
                          └─ sane:3.1.0
                                └─ micromatch:3.1.10
                                      └─ extglob:2.0.4
                                            └─ expand-brackets:2.1.4
                                                  └─ debug:2.6.9
        └─ compression:1.7.4
              └─ debug:2.6.9
        └─ connect:3.7.0
              └─ debug:2.6.9
              └─ finalhandler:1.1.2
                    └─ debug:2.6.9
        └─ debug:2.6.9
        └─ morgan:1.9.1
              └─ debug:2.6.9
        └─ serve-static:1.14.1
              └─ send:0.17.1
                    └─ debug:2.6.9

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of handlebars:4.1.2 results in the following vulnerability(s):

• (CVSS 8.2) CWE-20: Improper Input Validation

---

Occurrences

handlebars:4.1.2 is a transitive dependency introduced by the following direct dependency(s):

• jest:24.9.0
        └─ jest-cli:24.9.0
              └─ @jest/core:24.9.0
                    └─ @jest/reporters:24.9.0
                          └─ istanbul-reports:2.2.6
                                └─ handlebars:4.1.2

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Here's the Weekly Digest for 9renpoto/app:

---

ISSUES

Last week 7 issues were created.
Of these, 7 issues have been closed and 0 issues are still open.

CLOSED ISSUES

❤️ #556 chore(deps): update dependency @types/react-native to v0.57.63, by renovate[bot]
❤️ #555 chore(deps): update dependency @types/react to v16.8.20, by renovate[bot]
❤️ #554 chore(deps): update dependency typescript to v3.5.2, by renovate[bot]
❤️ #553 chore(deps): update dependency @types/jest to v24.0.14, by renovate[bot]
❤️ #552 chore(deps): update dependency @types/react-test-renderer to v16.8.2, by renovate[bot]
❤️ #551 chore(deps): update dependency @types/react-native to v0.57.62, by renovate[bot]
❤️ #550 chore(deps): update dependency @types/react-native to v0.57.61, by renovate[bot]

---

PULL REQUESTS

Last week, 7 pull requests were created, updated or merged.

MERGED PULL REQUEST

Last week, 7 pull requests were merged.
💜 #556 chore(deps): update dependency @types/react-native to v0.57.63, by renovate[bot]
💜 #555 chore(deps): update dependency @types/react to v16.8.20, by renovate[bot]
💜 #554 chore(deps): update dependency typescript to v3.5.2, by renovate[bot]
💜 #553 chore(deps): update dependency @types/jest to v24.0.14, by renovate[bot]
💜 #552 chore(deps): update dependency @types/react-test-renderer to v16.8.2, by renovate[bot]
💜 #551 chore(deps): update dependency @types/react-native to v0.57.62, by renovate[bot]
💜 #550 chore(deps): update dependency @types/react-native to v0.57.61, by renovate[bot]

---

COMMITS

Last week there were 7 commits.
🛠️ chore(deps): update dependency @types/react-native to v0.57.63 by renovate-bot
🛠️ chore(deps): update dependency @types/react to v16.8.20 by renovate-bot
🛠️ chore(deps): update dependency typescript to v3.5.2 by renovate-bot
🛠️ chore(deps): update dependency @types/react-native to v0.57.62 by renovate-bot
🛠️ chore(deps): update dependency @types/jest to v24.0.14 by renovate-bot
🛠️ chore(deps): update dependency @types/react-test-renderer to v16.8.2 by renovate-bot
🛠️ chore(deps): update dependency @types/react-native to v0.57.61 by renovate-bot

---

CONTRIBUTORS

Last week there was 1 contributor.
👤 renovate-bot

---

STARGAZERS

Last week there were no stargazers.

---

RELEASES

Last week there were no releases.

---

That's all for last week, please 👀 Watch and ⭐ Star the repository 9renpoto/app to receive next weekly updates. 😃

You can also view all Weekly Digests by clicking here.

Your Weekly Digest bot. 📆

Here's the Weekly Digest for 9renpoto/app:

---

ISSUES

Last week 1 issue was created.
It is closed now.

CLOSED ISSUES

❤️ #548 fix(deps): update dependency react-native to v0.59.9, by renovate[bot]

---

PULL REQUESTS

Last week, 1 pull request was created, updated or merged.

MERGED PULL REQUEST

Last week, 1 pull request was merged.
💜 #548 fix(deps): update dependency react-native to v0.59.9, by renovate[bot]

---

COMMITS

Last week there was 1 commit.
🛠️ fix(deps): update dependency react-native to v0.59.9 by renovate-bot

---

CONTRIBUTORS

Last week there was 1 contributor.
👤 renovate-bot

---

STARGAZERS

Last week there were no stargazers.

---

RELEASES

Last week there were no releases.

---

That's all for last week, please 👀 Watch and ⭐ Star the repository 9renpoto/app to receive next weekly updates. 😃

You can also view all Weekly Digests by clicking here.

Your Weekly Digest bot. 📆

Vulnerabilities

DepShield reports that this application's usage of lodash.clonedeep:4.5.0 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

---

Occurrences

lodash.clonedeep:4.5.0 is a transitive dependency introduced by the following direct dependency(s):

• snyk:1.110.2
        └─ snyk-policy:1.13.1
              └─ lodash.clonedeep:4.5.0
        └─ snyk-try-require:1.3.1
              └─ lodash.clonedeep:4.5.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash.merge:4.6.1 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

---

Occurrences

lodash.merge:4.6.1 is a transitive dependency introduced by the following direct dependency(s):

• prettier-eslint-cli:4.7.1
        └─ prettier-eslint:8.8.2
              └─ lodash.merge:4.6.1

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash.isstring:4.0.1 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)
• (CVSS 6.5) [CVE-2018-3721] lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutabl...

---

Occurrences

lodash.isstring:4.0.1 is a transitive dependency introduced by the following direct dependency(s):

• eslint-plugin-jest:22.2.0
        └─ semantic-release:15.13.3
              └─ @semantic-release/github:5.2.10
                    └─ issue-parser:3.0.1
                          └─ lodash.isstring:4.0.1

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash.padstart:4.6.1 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)
• (CVSS 6.5) [CVE-2018-3721] lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutabl...

---

Occurrences

lodash.padstart:4.6.1 is a transitive dependency introduced by the following direct dependency(s):

• react-native:0.57.8
        └─ npmlog:2.0.4
              └─ gauge:1.2.7
                    └─ lodash.padstart:4.6.1

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash.throttle:4.1.1 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

---

Occurrences

lodash.throttle:4.1.1 is a transitive dependency introduced by the following direct dependency(s):

• react-native:0.57.7
        └─ metro:0.48.3
              └─ lodash.throttle:4.1.1
        └─ metro-core:0.48.3
              └─ lodash.throttle:4.1.1

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash._root:3.0.1 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

---

Occurrences

lodash._root:3.0.1 is a transitive dependency introduced by the following direct dependency(s):

• eslint-plugin-jest:22.2.0
        └─ @semantic-release/npm:5.1.4
              └─ npm:6.5.0
                    └─ lodash._baseuniq:4.6.0
                          └─ lodash._root:3.0.1

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash.sortby:4.7.0 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

---

Occurrences

lodash.sortby:4.7.0 is a transitive dependency introduced by the following direct dependency(s):

• jest:23.6.0
        └─ jest-cli:23.6.0
              └─ jest-environment-jsdom:23.4.0
                    └─ jsdom:11.12.0
                          └─ data-urls:1.1.0
                                └─ whatwg-url:7.0.0
                                      └─ lodash.sortby:4.7.0
                          └─ whatwg-url:6.5.0
                                └─ lodash.sortby:4.7.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash.get:4.4.2 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

---

Occurrences

lodash.get:4.4.2 is a transitive dependency introduced by the following direct dependency(s):

• snyk:1.110.2
        └─ snyk-resolve-deps:4.0.2
              └─ lodash.get:4.4.2

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of q:1.5.1 results in the following vulnerability(s):

• (CVSS 7.5) CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

---

Occurrences

q:1.5.1 is a transitive dependency introduced by the following direct dependency(s):

• lerna:3.18.3
        └─ @lerna/version:3.18.3
              └─ @lerna/conventional-commits:3.16.4
                    └─ conventional-changelog-angular:5.0.5
                          └─ q:1.5.1
                    └─ conventional-changelog-core:3.2.3
                          └─ q:1.5.1
                    └─ conventional-recommended-bump:5.0.1
                          └─ q:1.5.1

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash.assign:4.2.0 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

---

Occurrences

lodash.assign:4.2.0 is a transitive dependency introduced by the following direct dependency(s):

• flow-typed:2.5.1
        └─ yargs:4.8.1
              └─ yargs-parser:2.4.1
                    └─ lodash.assign:4.2.0
              └─ lodash.assign:4.2.0

• snyk:1.110.2
        └─ snyk-resolve-deps:4.0.2
              └─ lodash.assign:4.2.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash.isplainobject:4.0.6 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)
• (CVSS 6.5) [CVE-2018-3721] lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutabl...

---

Occurrences

lodash.isplainobject:4.0.6 is a transitive dependency introduced by the following direct dependency(s):

• eslint-plugin-jest:22.2.0
        └─ semantic-release:15.13.3
              └─ @semantic-release/github:5.2.10
                    └─ issue-parser:3.0.1
                          └─ lodash.isplainobject:4.0.6

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash.set:4.3.2 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

---

Occurrences

lodash.set:4.3.2 is a transitive dependency introduced by the following direct dependency(s):

• snyk:1.110.2
        └─ snyk-resolve-deps:4.0.2
              └─ lodash.set:4.3.2

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash._reinterpolate:3.0.0 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

---

Occurrences

lodash._reinterpolate:3.0.0 is a transitive dependency introduced by the following direct dependency(s):

• lerna:3.18.3
        └─ @lerna/version:3.18.3
              └─ @lerna/conventional-commits:3.16.4
                    └─ lodash.template:4.5.0
                          └─ lodash._reinterpolate:3.0.0
                          └─ lodash.templatesettings:4.2.0
                                └─ lodash._reinterpolate:3.0.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash._bindcallback:3.0.1 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

---

Occurrences

lodash._bindcallback:3.0.1 is a transitive dependency introduced by the following direct dependency(s):

• eslint-plugin-jest:22.2.0
        └─ @semantic-release/npm:5.1.4
              └─ npm:6.5.0
                    └─ lodash._bindcallback:3.0.1

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

There is an error with this repository's Renovate configuration that needs to be fixed. As a precaution, Renovate will stop PRs until it is resolved.

Error type: undefined. Note: this is a nested preset so please contact the preset author if you are unable to fix it yourself.

Here's the Weekly Digest for 9renpoto/app:

---

ISSUES

Last week 7 issues were created.
Of these, 7 issues have been closed and 0 issues are still open.

CLOSED ISSUES

❤️ #494 chore(deps): update dependency snyk to v1.147.4, by renovate[bot]
❤️ #493 chore(deps): update dependency snyk to v1.147.2, by renovate[bot]
❤️ #492 chore(deps): update dependency codecov to v3.3.0, by renovate[bot]
❤️ #491 chore(deps): update dependency snyk to v1.147.1, by renovate[bot]
❤️ #490 chore(deps): update dependency flow-bin to v0.96.0, by renovate[bot]
❤️ #489 chore(deps): update dependency snyk to v1.147.0, by renovate[bot]
❤️ #488 chore(deps): update dependency snyk to v1.144.0, by renovate[bot]

NOISY ISSUE

🔈 #489 chore(deps): update dependency snyk to v1.147.0, by renovate[bot]
It received 2 comments.

---

PULL REQUESTS

Last week, 9 pull requests were created, updated or merged.

UPDATED PULL REQUEST

Last week, 2 pull requests were updated.
💛 #416 chore(deps): update jest monorepo to v24 (major), by renovate[bot]
💛 #415 fix(deps): update dependency react-native to v0.59.3, by renovate[bot]

MERGED PULL REQUEST

Last week, 7 pull requests were merged.
💜 #494 chore(deps): update dependency snyk to v1.147.4, by renovate[bot]
💜 #493 chore(deps): update dependency snyk to v1.147.2, by renovate[bot]
💜 #492 chore(deps): update dependency codecov to v3.3.0, by renovate[bot]
💜 #491 chore(deps): update dependency snyk to v1.147.1, by renovate[bot]
💜 #490 chore(deps): update dependency flow-bin to v0.96.0, by renovate[bot]
💜 #489 chore(deps): update dependency snyk to v1.147.0, by renovate[bot]
💜 #488 chore(deps): update dependency snyk to v1.144.0, by renovate[bot]

---

COMMITS

Last week there were 8 commits.
🛠️ chore(deps): update dependency snyk to v1.147.4 by renovate-bot
🛠️ Merge pull request #493 from 9renpoto/renovate/snyk-1.x chore(deps): update dependency snyk to v1.147.2 by 9renpoto
🛠️ chore(deps): update dependency snyk to v1.147.2 by renovate-bot
🛠️ chore(deps): update dependency codecov to v3.3.0 by renovate-bot
🛠️ chore(deps): update dependency snyk to v1.147.1 by renovate-bot
🛠️ chore(deps): update dependency snyk to v1.147.0 by renovate-bot
🛠️ chore(deps): update dependency flow-bin to v0.96.0 by renovate-bot
🛠️ chore(deps): update dependency snyk to v1.144.0 by renovate-bot

---

CONTRIBUTORS

Last week there were 2 contributors.
👤 renovate-bot
👤 9renpoto

---

STARGAZERS

Last week there were no stargazers.

---

RELEASES

Last week there were no releases.

---

That's all for last week, please 👀 Watch and ⭐ Star the repository 9renpoto/app to receive next weekly updates. 😃

You can also view all Weekly Digests by clicking here.

Your Weekly Digest bot. 📆