Bump plist, react-native and react-native-code-push in /react-native

[dependabot]

Bumps plist to 3.0.6 and updates ancestor dependencies plist, react-native and react-native-code-push. These dependencies need to be updated together.

Updates plist from 1.2.0 to 3.0.6

Changelog

Sourced from plist's changelog.

3.0.5 / 2022-03-23

• [96e2303d05] Prototype Pollution using .parse() #114 (mario-canva)
• update browserify from 16 to 17

3.0.4 / 2021-08-27

• inline xmldom@0.6.0 to eliminate security warning false positive (Mike Reinstein)

3.0.3 / 2021-08-04

• update xmldom to 0.6.0 to patch critical vulnerability (Mike Reinstein)
• remove flaky saucelabs teseting badge (Mike Reinstein)

3.0.2 / 2021-03-25

• update xmldom to 0.5.0 to patch critical vulnerability (Mike Reinstein)
• update saucelab credentials to point at mreinstein's saucelabs account (Mike Reinstein)
• remove a bunch of test versions from the matrix because they weren't working in zuul + sauce (Mike Reinstein)

3.0.1 / 2018-03-21

• avoid using Buffer constructor nodejs/node#19079

3.0.0 / 2018-03-18

• [cb0d8f1bc6] update Makefile, rebuild dist/ (Mike Reinstein)
• [9dfeffe73f] remove unsupported browser versions from travis (Mike Reinstein)
• [c962bfe1ea] update module deps, remove support for node < 6 (Mike Reinstein)

2.1.0 / 2017-05-04

• [e4f06669bb] - update license (extend copyright term) (Mike Reinstein)
• [edc6e41035] - update module deps (Mike Reinstein)
• [85d11c48ef] - Harden test-cases and implementation to align with other implementations (Björn Brauer)
• [7619537eaa] review feedback: early returns and constants for nodeTypes (Björn Brauer)

2.0.1 / 2016-08-16

• [de136c8388] - bad npm release… (Nathan Rajlich)

... (truncated)

Commits

• See full diff in compare view

Updates react-native from 0.50.4 to 0.71.7

Release notes

Sourced from react-native's releases.

0.71.7

This release is primarily aimed at addressing issues with ANRs using multiline TextInput on Samsung devices (facebook/react-native#35936, facebook/react-native#35590).

Fixed

iOS specific

• Address Hermes performance regression (9be2959 by @​dmytrorykun)

Android specific

• Resolved bug with Text components in new arch losing text alignment state. (31a8e92cad by @​javache)
• Mimimize EditText Spans 9/9: Remove addSpansForMeasurement() (92b8981499 by @​NickGerleman)
• Minimize EditText Spans 8/N: CustomStyleSpan (b384bb613b by @​NickGerleman)
• Minimize EditText Spans 6/N: letterSpacing (5791cf1f7b by @​NickGerleman)
• Minimize Spans 5/N: Strikethrough and Underline (0869ea29db by @​NickGerleman)
• Minimize Spans 4/N: ReactForegroundColorSpan (8c9c8ba5ad by @​NickGerleman)
• Minimize Spans 3/N: ReactBackgroundColorSpan (cc0ba57ea4 by @​NickGerleman)
• Minimize Spans 1/N: Fix precedence (1743dd7ab4 by @​NickGerleman)
• Fix measurement of uncontrolled TextInput after edit (8a0fe30591 by @​NickGerleman)

---

You can participate in the conversation on the status of this release in this discussion.

---

To help you upgrade to this version, you can use the upgrade helper ⚛️

---

You can find the whole changelog history in the changelog.md file.

0.71.6

Fixed

iOS specific

• Fix React Codegen podspec to build on Xcode 14.3 (0010c3807d by @​cipolleschi)

---

You can participate in the conversation on the status of this release in this discussion.

---

To help you upgrade to this version, you can use the upgrade helper ⚛️

---

... (truncated)

Changelog

Sourced from react-native's changelog.

v0.71.7

Fixed

iOS specific

• Address Hermes performance regression (9be2959 by @​dmytrorykun)

Android specific

• Resolved bug with Text components in new arch losing text alignment state. (31a8e92cad by @​javache)
• Mimimize EditText Spans 9/9: Remove addSpansForMeasurement() (92b8981499 by @​NickGerleman)
• Minimize EditText Spans 8/N: CustomStyleSpan (b384bb613b by @​NickGerleman)
• Minimize EditText Spans 6/N: letterSpacing (5791cf1f7b by @​NickGerleman)
• Minimize Spans 5/N: Strikethrough and Underline (0869ea29db by @​NickGerleman)
• Minimize Spans 4/N: ReactForegroundColorSpan (8c9c8ba5ad by @​NickGerleman)
• Minimize Spans 3/N: ReactBackgroundColorSpan (cc0ba57ea4 by @​NickGerleman)
• Minimize Spans 1/N: Fix precedence (1743dd7ab4 by @​NickGerleman)
• Fix measurement of uncontrolled TextInput after edit (8a0fe30591 by @​NickGerleman)

v0.71.6

Fixed

iOS specific

• Fix React Codegen podspec to build on Xcode 14.3 (0010c3807d by @​kelset)

v0.71.5

Changed

• Bump CLI to 10.2.2 and Metro to 0.73.9 (4c3bc24893 by @​kelset), contains:
  • CLI fix: correctly list ios devices and simulators (relevant PR)
  • Metro fix: fix watching contents of new directories in NodeWatcher (ab86982 by @​robhogan)

Android specific

• Bump RNGP to 0.71.17 (bf490d379f by @​kelset), contains:
  • Fix patch for codegen for 0.71 (ec3681143e by @​kelset)

iOS specific

• Remove ruby-version from 0.71 (1d22e29146 by @​cipolleschi)

Fixed

Android specific

• Fix race condition in ReadableNativeMap (9aac13d by @​rshest)

... (truncated)

Commits

• 6115ce5 [0.71.7] Bump version numbers
• 843d57e Fix TextView alignment being reset on state updates
• 9be2959 Use RN Build Utils for Building Hermes Artifacts
• 256e25c Merge pull request #36874 from facebook/kelset/071-backport-textinput-fixes
• 181bd38 Mimimize EditText Spans 9/9: Remove addSpansForMeasurement() (#36575)
• 77bd902 Minimize EditText Spans 8/9: CustomStyleSpan (#36577)
• 2e2ce8a Minimize EditText Spans 7/9: Avoid temp list (#36576)
• e89d23c Minimize EditText Spans 6/9: letterSpacing (#36548)
• ba4c2f5 Minimize EditText Spans 5/9: Strikethrough and Underline (#36544)
• 644a3da Minimize EditText Spans 4/9: ReactForegroundColorSpan (#36545)
• Additional commits viewable in compare view

Updates react-native-code-push from 5.2.1 to 8.0.1

Release notes

Sourced from react-native-code-push's releases.

Version 8.0.1

• Fix vulnerabilities

Version 8.0.0

• Fix Newtonsoft.Json dependency
• Support RN 0.71.0
• Fix vulnerabilities

Version 7.1.0

• Fix React Native Warn "new NativeEventEmitter()` was called with a non-null argument without the required listener"
• [Android] Fix issue where CODE_PUSH_APK_BUILD_TIME resource was not generating w/ AGP 4.2+
• Fix usage of removed method AppState.removeEventListener
• Fix GA tests pipelines
• Fix vulnerabilities

v7.0.5

• Fix partial path traversal vulnerability in Android

v7.0.4

• Update dependencies
• Fix issue with missed images after the second update

v7.0.3

• Fix issue where foreign characters break the data integrity check
• Update dependencies
• Bump IPHONEOS_DEPLOYMENT_TARGET version

v7.0.2

• Fix MitM vulnerability

v7.0.1

• Update dependencies

v7.0.0

Add React Native Windows v0.63.5+ support

v6.4.1

• Fix issue with the timer on ON_NEXT_SUSPEND mode

v6.4.0

• Update dependencies
• Fix Xcode 12 compatibility
• Fixed problem with android versions <= 4.4
• Small bug-fixing

v6.3.0

• Move disallowRestart to the native side.
• Add tests for ON_NEXT_SUSPEND install mode.
• Update docs.

... (truncated)

Commits

• 19ae61f FixVM2 (#2502)
• b8b2287 Release 8.0.1 (#2499)
• 8ca0b4e Bump code-push version to 4.1.1 (#2498)
• 4a55114 Bump vm2 from 3.9.13 to 3.9.16 in /Examples/CodePushDemoApp (#2492)
• 412b43c Bump vm2 from 3.9.13 to 3.9.16 in /Examples/CodePushDemoAppCpp (#2491)
• 3fb5389 Bump vm2 from 3.9.13 to 3.9.16 (#2490)
• 4db90d2 Fix iOS tests after migration to react-native 0.71 (#2479)
• 95a471b Release 8.0.0 (#2466)
• e071a05 Fix CVE-2022-22912: Prototype pollution vulnerability via .parse() in Plist b...
• a07420c Fix CVE-2022-36943 (#2447)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by appcenter, a new releaser for react-native-code-push since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.