SECURITY: FIX unintended Email protocol resolution

[Pranav-yadav]

Summary

Fixes #3758

Wherever we've specified the package versions explicitly and haven't enclosed them in the inline-code-block (`) or multiline-code-block (```) they are resolved as an email protocol (address), which is unintended and is a primary security concern.

This diff updates such occurrences to enclose them in inline code blocks and of course some code formatting touchups 😇

Changelog:

[SECURITY]: FIX unintended Email protocol resolution

Changes

Before	After

---

P.S.: Came across this when working on #3732

[netlify]

✅ Deploy Preview for react-native ready!

Name	Link
🔨 Latest commit	5db19b8
🔍 Latest deploy log	https://app.netlify.com/sites/react-native/deploys/6487fe2defa72800084c526a
😎 Deploy Preview	https://deploy-preview-3759--react-native.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site settings.

[Pranav-yadav]

@cortinico We must backport this change as it's a security concern 🚨.
Lmk, so I can proceed with backporting this (to almost all versions)? 👍

[Simek]

It's not a high security risk, but since the changes are quite simple, it would be nice if you can backport them. 🙂

[Pranav-yadav]

May not be a high-security issue but, a similar email protocol resolution and domain resolution for .zip files hosted on GitHub[dot]com have been (being) exploited recently.

Since it's only email resolution, and these instances don't make up valid email addresses they are of "low" security concerns. 👍

P.S.: If it was a "high" security concern (vulnerability) I would've reported it privately :)

--

Sure 🙂.

[cortinico]

Thanks for reporting this @Pranav-yadav
and yes let's backport it

[Pranav-yadav]

Welcome!
Sure, will open a PR(s) whenever I get some time. 👍