chore(deps): update dependency react-native-reanimated to v2.10.0 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
react-native-reanimated (source)	2.0.1 → 2.10.0

---

react-native-reanimated vulnerable to ReDoS

CVE-2022-24373 / GHSA-2j79-8pqc-r7x6

More information

Details

The package react-native-reanimated before 2.10.0 is vulnerable to Regular Expression Denial of Service (ReDoS) due to improper usage of regular expression in the parser of Colors.js.

Severity

• CVSS Score: 7.5 / 10 (High)
• Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

• https://nvd.nist.gov/vuln/detail/CVE-2022-24373
• https://github.com/software-mansion/react-native-reanimated/pull/3382
• https://github.com/software-mansion/react-native-reanimated/pull/3382/commits/7adf06d0c59382d884a04be86a96eede3d0432fa
• https://github.com/software-mansion/react-native-reanimated/releases/tag/3.0.0-rc.1
• https://security.snyk.io/vuln/SNYK-JS-REACTNATIVEREANIMATED-2949507
• https://github.com/software-mansion/react-native-reanimated/commit/8a927904366fa2d02df7a11553f8b0aa93471279
• https://github.com/software-mansion/react-native-reanimated/compare/2.9.1...2.10.0
• https://github.com/advisories/GHSA-2j79-8pqc-r7x6

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Release Notes

software-mansion/react-native-reanimated (react-native-reanimated)

v2.10.0

Compare Source

🚀 Main changes

• Added useAnimatedKeyboard() hook
• Added useFrameCallback() hook
• Added support for React Native 0.70
• Added support for react-native-v8 (building from source only)
• Detect multiple versions of Reanimated.
• And many different fixes.

Build: https://github.com/software-mansion/react-native-reanimated/actions/runs/2889631689

Full Changelog: software-mansion/react-native-reanimated@2.9.1...2.10.0

v2.9.1

Compare Source

What's Changed

• Fix issue with duplicated libfolly_runtime.so - #​3342

Build: https://github.com/software-mansion/react-native-reanimated/actions/runs/2595830511

🙌 Thank you for your contributions!

v2.9.0

Compare Source

What's Changed

• Support for react-native@0.69
• Treeshaking - #​3278
• Some fixes and improvements

Package contains binaries for react-native in version from 0.65 to 0.69

Build: https://github.com/software-mansion/react-native-reanimated/actions/runs/2590392729

🙌 Thank you for your contributions!

v2.8.0

Compare Source

What's Changed

• Load RNGestureHandlerModule lazily on iOS by @​j-piasecki in #​3166
• fix: Fix useAnimatedSensor return type by @​mrousavy in #​3094
• Add opts for relative source location by @​jiulongw in #​3141
• Fix JSCRuntime destroyed with a dangling API object by @​lukmccall in #​3185

New Contributors

@​dylmye @​jiulongw @​lukmccall

Full Changelog: software-mansion/react-native-reanimated@2.7.0...2.8.0

🙌 Thank you for your contributions!

v2.7.0

Compare Source

What's Changed

• Remove opacity from native props list by @​tomekzaw in #​3139
• Remove react-native-screens from dependencies by @​tomekzaw in #​3149
• Use angle bracket imports by @​tomekzaw in #​3150
• Remove gesture-handler by @​piaskowyk in #​3152
• Fix Expo dev menu by @​piaskowyk in #​3154
• Remove __reanimatedWorkletInit function and __worklet property by @​tomekzaw in #​3143
• Fix CI config for Java linter by @​tomekzaw in #​3160
• Make @​babel/preset-typescript a full dependency as it's used at runtime by @​levibuzolic in #​3165
• Add @​babel/core as peer dependency which is required by @​babel/plugin-transform-object-assign by @​AlexanderEggers in #​3167
• Add worklet to easing back return function by @​gozdecoban in #​3168
• fix: android layout reanimation null pointer exception (2959) by @​jacobarvidsson in #​3162

New Contributors

@​AlexanderEggers @​gozdecoban @​jacobarvidsson

Full Changelog: software-mansion/react-native-reanimated@2.6.0...2.7.0

🙌 Thank you for your contributions!

v2.6.0

Compare Source

What's Changed

• Fix TypeScript definitions
• Fix building for TvOS
• Update to react-native@0.68
• Support for Gradle plugin 7

v2.5.0

Compare Source

🚀 New features

• useAnimatedSensor() - API for animation based on sensor data #​2868
• Building from the source - now you can build Reanimated from source directly in your Android project #​2933
• Handle the "Slow animations" option in simulators #​2931
• Initial value modifier for predefined layout animations #​2799
• Support for react-native@0.68 #​2987

🐛 Important Bug fixes

• Fix order of updaters execution #​2580 #​2851
• Unresolved view tag #​2982
• Implemented ConfigureProps as JSI function #​3059

What's Changed

• Fix 2971: TS error with Easing.bezier by @​kkafar in #​2979
• Check for NaN by @​piaskowyk in #​2980
• Catch & ignore IllegalViewOperationException in AnimationsManager#removeLeftovers by @​kkafar in #​2982
• Add macro for JSI spec exported functions by @​jakub-gonet in #​2978
• Handle "Slow animations" option in simulators by @​jakub-gonet in #​2931
• Fix crash when handling event containing NaN or INF values by @​michaelknoch in #​2992
• Add getter for reactInstanceManager by @​WFolini in #​2863
• feat: added withInitialValues modifier by @​gorhom in #​2799
• react-native 0.68 by @​piaskowyk in #​2987
• Update dependencies versions (0) by @​kkafar in #​2986
• Update dev dependencies && update jest snapshots (1) by @​kkafar in #​2988
• Fix Java lint on JDK 16+ by @​jakub-gonet in #​3004
• fix: Add performance.now() to Babel plugin by @​mrousavy in #​3006
• corrected grammatical errors by @​Rquaicoo in #​3013
• Added simple cleanup command by @​piaskowyk in #​3007
• Update jest version (2) by @​kkafar in #​2990
• Autoinstall Android by @​jakub-gonet in #​3005
• Use P extends object in AnimateProps generic type by @​jakub-gonet in #​3022
• Update path in d.ts after relocation by @​piaskowyk in #​2977
• Operations order by @​piaskowyk in #​2580
• Fix bezier & bezierFn mock in ReanimatedV2 by @​notjosh in #​3034
• fix: accept case insensitive flavor by @​0akl3y in #​3041
• Source build: don't hardcode build dir by @​janicduplessis in #​3053
• Source build: support reactNativeArchitectures by @​janicduplessis in #​3055
• Source build: resolve react-native and other packages relative to reanimated package by @​janicduplessis in #​3054
• ConfigureProps by JSI by @​piaskowyk in #​3059
• Update initial style every render by @​piaskowyk in #​2851
• Add @​babel/preset-typescript to peerDependencies as it's used at runtime for the worklet plugin by @​levibuzolic in #​3077
• Added useAnimatedSensor() by @​piaskowyk in #​2868

New Contributors

• @​hasanfd made their first contribution in #​2958
• @​WFolini made their first contribution in #​2863
• @​Rquaicoo made their first contribution in #​3013
• @​notjosh made their first contribution in #​3034
• @​0akl3y made their first contribution in #​3041
• @​levibuzolic made their first contribution in #​3077

Full Changelog: software-mansion/react-native-reanimated@2.4.1...2.5.0

🙌 Thank you for your contributions!

v2.4.1

Compare Source

What's Changed

• Fix path for Web (CI build) in #​2962

Full Changelog: software-mansion/react-native-reanimated@2.4.0...2.4.1

v2.4.0

Compare Source

What's Changed

• do not mock global.performance when connected to chrome debugger by @​michaelknoch in #​2761
• fix: Only inject global.performance.now if not already defined by @​mrousavy in #​2771
• Add reanimated to proguard rules. by @​ahmetbicer in #​2725
• Fix animating colors direclty from useAnimatedStyle by @​kmagiera in #​2782
• Changed default ViewState by @​piaskowyk in #​2802
• Fix chrome debugger for android by @​piaskowyk in #​2795
• Old implementation of bezier function by @​piaskowyk in #​2792
• chore(android): replaced jCenter with maven by @​matteodanelli in #​2784
• feat: add swmansion-bot by @​kacperkapusciak in #​2807
• Add onChange to set of Gesture Handler builder methods in the Babel plugin by @​j-piasecki in #​2809
• Fix import of gesture handler headers on iOS by @​piaskowyk in #​2815
• Add info about proguard to docs by @​piaskowyk in #​2803
• Compute style changes before update by @​piaskowyk in #​2776
• Bump follow-redirects from 1.14.3 to 1.14.7 in /docs by @​dependabot in #​2837
• Bump lodash from 4.17.15 to 4.17.21 by @​dependabot in #​2839
• Bump postcss from 8.2.8 to 8.4.5 in /docs by @​dependabot in #​2838
• Bump shelljs from 0.8.4 to 0.8.5 in /docs by @​dependabot in #​2846
• Fix CI by @​piaskowyk in #​2840
• feat: add close-when-stale action by @​kacperkapusciak in #​2864
• Bump node-fetch from 2.6.1 to 2.6.7 by @​dependabot in #​2873
• Bump nanoid from 3.1.16 to 3.2.0 in /Example by @​dependabot in #​2867
• Accept generic type in Animated.FlatList by @​justblender in #​2862
• fix: fixed NullPointerException on Android 5.1 by @​giautm in #​2847
• Fixed mispelled extrapolation variable by @​Noitidart in #​2856
• Debug native code in Cmake by @​piaskowyk in #​2882
• Use hook's web implementation in Jest tests by @​jakub-gonet in #​2885
• Reactions counter example by @​tomekzaw in #​2855
• Fix typos in docs by @​piaskowyk in #​2889
• Removed @​next by @​piaskowyk in #​2818
• Display only warn if measure is called on RN side by @​piaskowyk in #​2790
• Fix immutable color cache by @​piaskowyk in #​2796
• fix(mock): add interpolate to mock by @​Krisztiaan in #​2895
• Add maintainer-issue label by @​kacperkapusciak in #​2898
• Fix crash when handling event containing NaN or INF values for iOS by @​tomekzaw in #​2896
• Fix crash when handling event containing NaN or INF values for android by @​michaelknoch in #​2901
• Fix bad string concatenation in build.gradle by @​jpaas in #​2915
• Adding legacy hint for useFakeTimers by @​Andarius in #​2876
• Quick fix for yarn type:generate command failing by @​kkafar in #​2908
• Check platform better by @​piaskowyk in #​2919
• Disable sample profiler for UI Hermes JS runtime by @​janicduplessis in #​2842
• Fix "Illegal type provided" crash by @​janicduplessis in #​2853
• Update building script by @​piaskowyk in #​2920
• Add RN components' methods to Animated counterparts in TS by @​jakub-gonet in #​2932
• Release 2.4.0 by @​piaskowyk in #​2897
• Fix package size on CI by @​piaskowyk in #​2941
• Resolved another circular dependency by @​piaskowyk in #​2942

Package build

Full Changelog: software-mansion/react-native-reanimated@2.3.1...2.4.0

v2.3.3

Compare Source

What's Changed

• Fix path for Web (CI build)

Full Changelog: software-mansion/react-native-reanimated@2.3.2...2.3.3

v2.3.2

Compare Source

What's Changed

• Fix chrome debugger for iOS

v2.3.1

Compare Source

💡 Main changes

Two fixes for Expo

• Fix duplicated BuildConfig error in release build #​2713
• Import react classes from formal react module #​2720

🙌 Thank you for your contributions!

v2.3.0

Compare Source

💡 Main changes

• Layout Reanimation (#​2058) by @​Szymon20000 and @​piaskowyk
• Introducing Keyframe-like animation definition schema (#​2195) by @​jmysliv

🐛 Bug fixes

• Fix problems with polyfills (#​2161) by @​piaskowyk
• Fixed transparent colors in interpolateColors (#​2354) by @​jmysliv
• Fixed removing native views without ViewManager (#​2486) by @​piaskowyk
• Fix/fix duplicate c++ symbols jsi (#​2530) by @​piaskowyk
• fix: ios native stack and RN modals (#​2581) by @​WoLewicki
• Detach old animated styles and props (#​2600) by @​tomekzaw
• Fix measure in iOS Modal (#​2654) by @​piaskowyk

👍 Improvements

• Shared style (#​1470) by @​piaskowyk
• Performance optimization (#​1879) by @​piaskowyk
• Add cpplint to check C++ code (#​1979) by @​mrousavy
• Handling JSError on iOS (#​2153) by @​piaskowyk
• Basic chrome debugger support (#​2197) by @​piaskowyk
• Attach pointer to worklet runtime in main runtime (#​2253) by @​wkozyra95
• Support for nested objects in animations (#​2257) by @​jmysliv
• Auto-workletize React Native Gesture Handler callback functions (#​2433) by @​tomekzaw
• Add support for animating transform matrices (#​2511) by @​kmagiera
• Add global method that allows manipulation of states in Gesture Handler (#​2519) by @​j-piasecki
• Reanimated 120 fps (#​2636) by @​tomekzaw
• Add performance.now() to Worklets (#​2679) by @​mrousavy

Full Changelog: software-mansion/react-native-reanimated@2.2.4...2.3.0

⚠️ Please note that we no longer support React Native 0.62. Please upgrade to 0.63+.

🙌 Thank you for your contributions!

v2.2.4

Compare Source

🔑 Key changes

• Added support for react-native@0.67 - #​2579
• Fix problem with flavor names in Gradle - #​2564
• Fix setNativeProps for web - #​2280
• Add fallback for not yet supported RN versions - #​2553

All changes: compare 2.2.3 - 2.2.4

🙌 Thank you for your contributions!

v2.2.3

Compare Source

🔑 Key changes

• Added support for react-native@0.66
• Fix problem with flavor names in Gradle
• Removed binary for react-native@0.62 from package

⚠️ JS part of 2.2.3 is fully compatible with 2.2.0

🙌 Thank you for your contributions!

v2.2.2

Compare Source

🔑 Key changes

• Patch release to fix build issues people using Expo EAS

⚠️ JS part of 2.2.2 is fully compatible with 2.2.0

🙌 Thank you for your contributions!

v2.2.1

Compare Source

🔑 Key changes

• Added support for react-native@0.65
• Simplified internal installation for jsExecutorFactoryForBridge on iOS #​2223
• Fix problem with libfbjni.so #​2209
• Adjustment for the new Hermes version
• Fix for crash in UserStore

⚠️ JS part of 2.2.1 is fully compatible with 2.2.0

🙌 Thank you for your contributions!

v2.2.0

Compare Source

🔑 Key changes

• Fix problems with debugging with flipper Improve building, Fix Runtime creation
• Improved Decay animation bc20a4b
• Reanimated 2 has been removed from default exports 2a049a0
• Support for @quilted/react-testing 129cc1c
• Possibility to customize JS prop updates dcd6113

🐛 Bug fixes

• Fix Server-site rendering 5a499ec
• Fix problem with codepush 824e5df
• Fix measure not throwing on iOS a568d7b, 9f9f4e2

👍 Improvements

• Speeded up building on Android (Example App) 7aebe68
• Named exported animation functions 462e21e
• Possibility to set custom globals in our babel plugin 11250a0
• Made shared values more aware of multithreading c511a5d

📓 Docs improvements

• Broken links fixes 85e5705, ee5e557
• Docs appearance update 5b0e39f
• Add information about JSC support to the docs 22bbc3a
• Clarify iOS installation steps b8b7da8
• Update testing related doc ab6afd1
• Added info about Webpack configuration to docs ee11c63

🙌 Thank you for your contributions!

📢 Keep watching! We will back with new features soon! 🤗

v2.1.0

Compare Source

🔑 Key changes

• Added support for JSC on Android. #​1842
• Extracted worklet API - Thanks to hard work @​mrousavy, you can use worklets also in native code.
  Like react-native-vision-camera and react-native-multithreading
• Update react-native version to 0.64.0 #​1882

🐛 Bug fixes

• Fixed problem with full reload on Android. #​1839
• Fixed wrapped worklet. #​1844
• Fixed bug in react-native-web affected on the web version of reanimated. RNW Issue
• Added missing viewRef for animatedProps #​1819
• Fixed problem with hidden headers for Swift applications. #​1810

👍 Improvements

• Added possibility to use Reanimated 2 without configuration if you use only API v1. #​1845
• Add more descriptive error messages. #​1845 #​1832
• Reorganized structure of files in the project: #​1789
• Migration codebase to TypeScript. #​1807 #​1872

📓 Docs improvements

• Updated information about debugging. #​1876

🙌 Thank you for your contributions!

📢 Keep watching! We will back with new features soon! 🤗

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • ""
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json

npm ERR! code ERESOLVE
npm ERR! ERESOLVE unable to resolve dependency tree
npm ERR! 
npm ERR! While resolving: @nartc/react-native-barcode-mask@0.0.0-development
npm ERR! Found: react@16.13.1
npm ERR! node_modules/react
npm ERR!   dev react@"16.13.1" from the root project
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! peer react@"17.0.1" from react-native@0.64.1
npm ERR! node_modules/react-native
npm ERR!   dev react-native@"0.64.1" from the root project
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR! 
npm ERR! See /runner/cache/others/npm/eresolve-report.txt for a full report.

npm ERR! A complete log of this run can be found in:
npm ERR!     /runner/cache/others/npm/_logs/2026-05-18T11_02_20_329Z-debug-0.log