Skip to content

build(deps): bump the production-dependencies group across 1 directory with 6 updates#615

Open
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/production-dependencies-4e3decaaea
Open

build(deps): bump the production-dependencies group across 1 directory with 6 updates#615
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/production-dependencies-4e3decaaea

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps the production-dependencies group with 6 updates in the / directory:

Package From To
@react-navigation/bottom-tabs 7.18.3 7.18.5
@react-navigation/native 7.3.4 7.3.5
@react-navigation/native-stack 7.17.6 7.17.7
expo-modules-core 56.0.17 57.0.1
i18next 26.3.3 26.3.4
react-native-worklets 0.10.0 0.10.1

Updates @react-navigation/bottom-tabs from 7.18.3 to 7.18.5

Release notes

Sourced from @​react-navigation/bottom-tabs's releases.

@​react-navigation/bottom-tabs@​7.18.5

7.18.5 (2026-07-01)

Bug Fixes

  • bottom-tabs: pop nested stack to top on blur even when animation is interrupted (#13123) (6baf55b) - by @
Changelog

Sourced from @​react-navigation/bottom-tabs's changelog.

7.18.5 (2026-07-01)

Bug Fixes

  • bottom-tabs: pop nested stack to top on blur even when animation is interrupted (#13123) (6baf55b) - by @

7.18.4 (2026-06-30)

Note: Version bump only for package @​react-navigation/bottom-tabs

Commits
  • 7d664cb chore: publish
  • 6baf55b fix(bottom-tabs): pop nested stack to top on blur even when animation is inte...
  • ce68b20 chore: publish
  • See full diff in compare view

Updates @react-navigation/native from 7.3.4 to 7.3.5

Changelog

Sourced from @​react-navigation/native's changelog.

7.3.5 (2026-06-30)

Note: Version bump only for package @​react-navigation/native

Commits

Updates @react-navigation/native-stack from 7.17.6 to 7.17.7

Changelog

Sourced from @​react-navigation/native-stack's changelog.

7.17.7 (2026-06-30)

Note: Version bump only for package @​react-navigation/native-stack

Commits

Updates expo-modules-core from 56.0.17 to 57.0.1

Commits

Updates i18next from 26.3.3 to 26.3.4

Release notes

Sourced from i18next's releases.

v26.3.4

  • fix(security): deepExtend (used by addResourceBundle(..., deep, overwrite)) no longer recurses into inherited properties. It checked key existence with the in operator, which walks the prototype chain, so a source key matching an inherited built-in (e.g. hasOwnProperty, toString) caused recursion into the shared Object.prototype function and, with overwrite: true, could overwrite e.g. Object.prototype.hasOwnProperty.call with a non-callable value — corrupting a shared built-in process-wide (DoS). Existence is now checked with Object.prototype.hasOwnProperty.call, so such keys are copied as plain own data instead. This complements the existing __proto__/constructor guard and is also strictly more correct for an own-property merge. Only affects applications that pass attacker-controlled data with deep: true and overwrite: true; no standard backend/integration does this. Distinct from CVE-2026-48713 / CVE-2026-48714 (different packages, setPath mechanism). Thanks to zx (Jace) for the responsible disclosure.
Changelog

Sourced from i18next's changelog.

26.3.4

  • fix(security): deepExtend (used by addResourceBundle(..., deep, overwrite)) no longer recurses into inherited properties. It checked key existence with the in operator, which walks the prototype chain, so a source key matching an inherited built-in (e.g. hasOwnProperty, toString) caused recursion into the shared Object.prototype function and, with overwrite: true, could overwrite e.g. Object.prototype.hasOwnProperty.call with a non-callable value — corrupting a shared built-in process-wide (DoS). Existence is now checked with Object.prototype.hasOwnProperty.call, so such keys are copied as plain own data instead. This complements the existing __proto__/constructor guard and is also strictly more correct for an own-property merge. Only affects applications that pass attacker-controlled data with deep: true and overwrite: true; no standard backend/integration does this. Distinct from CVE-2026-48713 / CVE-2026-48714 (different packages, setPath mechanism). See advisory GHSA-6jcc-5g8w-32mx, CVSS 5.9 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H). Thanks to zx (Jace) @​manus-use for the responsible disclosure.
Commits

Updates react-native-worklets from 0.10.0 to 0.10.1

Release notes

Sourced from react-native-worklets's releases.

Worklets - 0.10.1

What's Changed

Full Changelog: software-mansion/react-native-reanimated@worklets-0.10.0...worklets-0.10.1

Commits
  • b4dfd65 release(Worklets): 0.10.1
  • ced2953 fix(Worklets): time-of-check and time-of-use destructor safety (#9790)
  • 7dc7ff6 fix(Worklets): tie RNR remote function lifetime to TurboModule invalidate sta...
  • 967bd2b fix(Worklets): Normalize Windows paths in bundle mode module IDs (#9721)
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…y with 6 updates

Bumps the production-dependencies group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@react-navigation/bottom-tabs](https://github.com/react-navigation/react-navigation/tree/HEAD/packages/bottom-tabs) | `7.18.3` | `7.18.5` |
| [@react-navigation/native](https://github.com/react-navigation/react-navigation/tree/HEAD/packages/native) | `7.3.4` | `7.3.5` |
| [@react-navigation/native-stack](https://github.com/react-navigation/react-navigation/tree/HEAD/packages/native-stack) | `7.17.6` | `7.17.7` |
| [expo-modules-core](https://github.com/expo/expo/tree/HEAD/packages/expo-modules-core) | `56.0.17` | `57.0.1` |
| [i18next](https://github.com/i18next/i18next) | `26.3.3` | `26.3.4` |
| [react-native-worklets](https://github.com/software-mansion/react-native-reanimated/tree/HEAD/packages/react-native-worklets) | `0.10.0` | `0.10.1` |



Updates `@react-navigation/bottom-tabs` from 7.18.3 to 7.18.5
- [Release notes](https://github.com/react-navigation/react-navigation/releases)
- [Changelog](https://github.com/react-navigation/react-navigation/blob/@react-navigation/bottom-tabs@7.18.5/packages/bottom-tabs/CHANGELOG.md)
- [Commits](https://github.com/react-navigation/react-navigation/commits/@react-navigation/bottom-tabs@7.18.5/packages/bottom-tabs)

Updates `@react-navigation/native` from 7.3.4 to 7.3.5
- [Release notes](https://github.com/react-navigation/react-navigation/releases)
- [Changelog](https://github.com/react-navigation/react-navigation/blob/@react-navigation/native@7.3.5/packages/native/CHANGELOG.md)
- [Commits](https://github.com/react-navigation/react-navigation/commits/@react-navigation/native@7.3.5/packages/native)

Updates `@react-navigation/native-stack` from 7.17.6 to 7.17.7
- [Release notes](https://github.com/react-navigation/react-navigation/releases)
- [Changelog](https://github.com/react-navigation/react-navigation/blob/@react-navigation/native-stack@7.17.7/packages/native-stack/CHANGELOG.md)
- [Commits](https://github.com/react-navigation/react-navigation/commits/@react-navigation/native-stack@7.17.7/packages/native-stack)

Updates `expo-modules-core` from 56.0.17 to 57.0.1
- [Changelog](https://github.com/expo/expo/blob/main/CHANGELOG.md)
- [Commits](https://github.com/expo/expo/commits/HEAD/packages/expo-modules-core)

Updates `i18next` from 26.3.3 to 26.3.4
- [Release notes](https://github.com/i18next/i18next/releases)
- [Changelog](https://github.com/i18next/i18next/blob/master/CHANGELOG.md)
- [Commits](i18next/i18next@v26.3.3...v26.3.4)

Updates `react-native-worklets` from 0.10.0 to 0.10.1
- [Release notes](https://github.com/software-mansion/react-native-reanimated/releases)
- [Commits](https://github.com/software-mansion/react-native-reanimated/commits/worklets-0.10.1/packages/react-native-worklets)

---
updated-dependencies:
- dependency-name: "@react-navigation/bottom-tabs"
  dependency-version: 7.18.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: "@react-navigation/native"
  dependency-version: 7.3.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: "@react-navigation/native-stack"
  dependency-version: 7.17.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: expo-modules-core
  dependency-version: 57.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-dependencies
- dependency-name: i18next
  dependency-version: 26.3.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: react-native-worklets
  dependency-version: 0.10.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jul 1, 2026
@github-actions github-actions Bot enabled auto-merge July 1, 2026 21:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

Status: Backlog

Development

Successfully merging this pull request may close these issues.

0 participants