From f73e91eed7d074533e60c49bf4fa08a77f3d6686 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 27 Sep 2022 08:23:16 +0000
Subject: [PATCH] fix: packages/mobile/package.json & packages/mobile/.snyk to
 reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
- https://snyk.io/vuln/SNYK-JS-DATEANDTIME-1054430
- https://snyk.io/vuln/SNYK-JS-ELLIPTIC-1064899
- https://snyk.io/vuln/SNYK-JS-ELLIPTIC-511941
- https://snyk.io/vuln/SNYK-JS-ELLIPTIC-571484
- https://snyk.io/vuln/SNYK-JS-GOT-2932019
- https://snyk.io/vuln/SNYK-JS-I18NEXT-1065979
- https://snyk.io/vuln/SNYK-JS-I18NEXT-575536
- https://snyk.io/vuln/SNYK-JS-I18NEXT-585930
- https://snyk.io/vuln/SNYK-JS-ISTANBULREPORTS-2328088
- https://snyk.io/vuln/SNYK-JS-JSONBIGINT-608659
- https://snyk.io/vuln/SNYK-JS-LODASH-1018905
- https://snyk.io/vuln/SNYK-JS-LODASH-1040724
- https://snyk.io/vuln/SNYK-JS-LODASH-450202
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
- https://snyk.io/vuln/SNYK-JS-LODASH-608086
- https://snyk.io/vuln/SNYK-JS-LODASH-73638
- https://snyk.io/vuln/SNYK-JS-LODASH-73639
- https://snyk.io/vuln/SNYK-JS-MERGE-1040469
- https://snyk.io/vuln/SNYK-JS-MERGE-1042987
- https://snyk.io/vuln/SNYK-JS-NODEFETCH-2342118
- https://snyk.io/vuln/SNYK-JS-NODEFETCH-674311
- https://snyk.io/vuln/SNYK-JS-NODEFORGE-2330875
- https://snyk.io/vuln/SNYK-JS-NODEFORGE-2331908
- https://snyk.io/vuln/SNYK-JS-NODEFORGE-2430337
- https://snyk.io/vuln/SNYK-JS-NODEFORGE-2430339
- https://snyk.io/vuln/SNYK-JS-NODEFORGE-2430341
- https://snyk.io/vuln/SNYK-JS-NTHCHECK-1586032
- https://snyk.io/vuln/SNYK-JS-PLIST-2405644
- https://snyk.io/vuln/SNYK-JS-REACTNATIVE-1298632
- https://snyk.io/vuln/SNYK-JS-REACTNATIVEWEBVIEW-1011954
- https://snyk.io/vuln/SNYK-JS-SHELLQUOTE-1766506
- https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984
- https://snyk.io/vuln/SNYK-JS-WS-1296835
- https://snyk.io/vuln/SNYK-JS-XMLDOM-1084960
- https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381
- https://snyk.io/vuln/npm:braces:20180219
- https://snyk.io/vuln/npm:lodash:20180130
- https://snyk.io/vuln/npm:mem:20180117
- https://snyk.io/vuln/npm:plist:20180219


The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
---
 packages/mobile/.snyk        |  8 ++++++++
 packages/mobile/package.json | 29 ++++++++++++++++-------------
 2 files changed, 24 insertions(+), 13 deletions(-)
 create mode 100644 packages/mobile/.snyk

diff --git a/packages/mobile/.snyk b/packages/mobile/.snyk
new file mode 100644
index 00000000000..3a281029fbd
--- /dev/null
+++ b/packages/mobile/.snyk
@@ -0,0 +1,8 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.25.0
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  SNYK-JS-LODASH-567746:
+    - '@celo/contractkit > @0x/subproviders > eth-lightwallet > bitcore-lib > lodash':
+        patched: '2022-09-27T08:23:09.347Z'
diff --git a/packages/mobile/package.json b/packages/mobile/package.json
index 37d2d5d8b91..c201deeb09d 100644
--- a/packages/mobile/package.json
+++ b/packages/mobile/package.json
@@ -32,10 +32,11 @@
     "test:detox": "CELO_TEST_CONFIG=e2e detox test -c android.emu.debug -a e2e/tmp/ --take-screenshots=failing --record-logs=failing --detectOpenHandles",
     "test:unlock": "./scripts/unlock.sh",
     "deploy:update-version": "./scripts/update-version.sh",
-    "prepare": "patch-package",
+    "prepare": "npm run snyk-protect && patch-package",
     "postinstall": "sh scripts/fix_rn_version.sh; patch-package",
     "update-disclaimer": "yarn licenses generate-disclaimer > LicenseDisclaimer.txt && mkdir -p android/app/src/main/assets/custom && cp LicenseDisclaimer.txt android/app/src/main/assets/custom/LicenseDisclaimer.txt",
-    "test-licenses": "yarn licenses list --prod | grep '\\(─ GPL\\|─ (GPL-[1-9]\\.[0-9]\\+ OR GPL-[1-9]\\.[0-9]\\+)\\)' && echo 'Found GPL license(s). Use 'yarn licenses list --prod' to look up the offending package' || echo 'No GPL licenses found'"
+    "test-licenses": "yarn licenses list --prod | grep '\\(─ GPL\\|─ (GPL-[1-9]\\.[0-9]\\+ OR GPL-[1-9]\\.[0-9]\\+)\\)' && echo 'Found GPL license(s). Use 'yarn licenses list --prod' to look up the offending package' || echo 'No GPL licenses found'",
+    "snyk-protect": "snyk-protect"
   },
   "rnpm": {
     "assets": [
@@ -45,9 +46,9 @@
   "dependencies": {
     "@celo/client": "4fd835d",
     "@celo/client-integration": "npm:@celo/client@55cf94c",
-    "@celo/contractkit": "0.0.1",
+    "@celo/contractkit": "1.2.2",
     "@celo/react-native-sms-retriever": "git+https://github.com/celo-org/react-native-sms-retriever#d3a2fdb",
-    "@celo/utils": "0.0.1",
+    "@celo/utils": "1.2.2",
     "@react-native-community/netinfo": "^2.0.4",
     "@segment/analytics-react-native": "^0.1.0-beta.0",
     "@segment/analytics-react-native-firebase": "^0.1.0-beta.0",
@@ -66,7 +67,7 @@
     "google-libphonenumber": "^3.2.1",
     "graphql": "^14.1.1",
     "hoist-non-react-statics": "^3.1.0",
-    "i18next": "^11.9.1",
+    "i18next": "^19.8.5",
     "instabug-reactnative": "^8.4.3",
     "js-sha3": "^0.7.0",
     "lodash": "^4.17.14",
@@ -76,8 +77,8 @@
     "numeral": "^2.0.6",
     "react": "16.8.3",
     "react-apollo": "^2.4.1",
-    "react-i18next": "^8.3.8",
-    "react-native": "0.59.10",
+    "react-i18next": "^9.0.0",
+    "react-native": "0.65.0",
     "react-native-android-broadcast-receiver-for-referrer": "^1.0.7",
     "react-native-android-open-settings": "^1.2.0",
     "react-native-autocomplete-input": "^3.6.0",
@@ -101,22 +102,22 @@
     "react-native-modal-dropdown": "^0.6.2",
     "react-native-permissions": "^1.1.1",
     "react-native-progress": "^3.4.0",
-    "react-native-qrcode-svg": "^5.1.2",
+    "react-native-qrcode-svg": "^6.0.6",
     "react-native-restart-android": "^0.0.7",
     "react-native-screens": "^1.0.0-alpha.22",
     "react-native-secure-randombytes": "^2.2.3",
     "react-native-send-intent": "git+https://github.com/celo-org/react-native-send-intent#8039938",
-    "react-native-sentry": "^0.38.3",
+    "react-native-sentry": "^0.43.0",
     "react-native-shadow": "^1.2.2",
     "react-native-share": "^1.1.3",
     "react-native-splash-screen": "^3.1.1",
-    "react-native-svg": "^9.3.6",
+    "react-native-svg": "^12.3.0",
     "react-native-swiper": "^1.5.13",
     "react-native-system-clock": "^1.0.0",
     "react-native-tcp": "git://github.com/cmcewen/react-native-tcp#08f03c2",
     "react-native-udp": "^2.3.1",
     "react-native-version-check": "^3.0.2",
-    "react-native-webview": "^5.12.1",
+    "react-native-webview": "^11.0.0",
     "react-navigation": "^3.9.0",
     "react-redux": "^5.1.1",
     "redux": "^4.0.0",
@@ -129,7 +130,8 @@
     "tslib": "^1.9.1",
     "utf8": "^3.0.0",
     "vm-browserify": "^1.0.1",
-    "web3": "1.0.0-beta.37"
+    "web3": "1.7.5",
+    "@snyk/protect": "latest"
   },
   "devDependencies": {
     "@babel/core": "^7.4.3",
@@ -199,5 +201,6 @@
         "name": "Nexus_5X_API_28"
       }
     }
-  }
+  },
+  "snyk": true
 }