create-mern-app icon indicating copy to clipboard operation
create-mern-app copied to clipboard

Published 20 hours ago verified publisher icon mernjs

[Snyk] Security upgrade expo from 47.0.14 to 51.0.0

Open mernjs opened this issue 1 month ago • 1 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • templates/app/react-native-boilerplate/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: expo The new version differs by 250 commits.
  • 2975b6d Publish packages
  • 7995f30 Publish packages
  • 2b6c5cb [docs] Fix Image blurhash syntax in placeholder prop
  • a5cd2f4 [template] Add privacy_file_aggregation_enabled to the correct place
  • 4d8aaab [template] Add missing comma
  • 14ff547 [packages] Commit build files
  • 9a1f53f [build-properties] Add field to enable/disable privacy manifest aggregation (#28646)
  • 19f4c9a chore(cli): bump canary to support React 19 beta (#28592)
  • 6d629fd feature(expo-build-properties): add `ios.ccacheEnabled` option to enable c++ compiler cache (#28638)
  • 87efd0c Add additional config flag to allow forcing RTL on LTR locales (#28129)
  • 9c8b6d4 [core][Android] Remove Kotlin warnings (#28629)
  • 9782fb3 [core][Android] Add the method name to unexpected exception (#28626)
  • 338477c [video][Android] Remove Kotlin warnings (#28628)
  • 2ec644a [device][Android] Replace deprecated method to get rotation (#28627)
  • 46dc5b3 [docs] Update new arch guide to account for fixed navigation issue
  • 6df141b [docs] Fix `zulu` installation command for SDK 49 and below (#28612)
  • 393ca27 [docs] Improve example in Use Bun guide (#28615)
  • b142541 [iOS] Make it easier to use the new architecture in bare-expo (#28616)
  • 1fcceda [core][Android] Make `defaultAppContextMock` private (#28620)
  • 0adb5e6 [docs] show "Unversioned" API version in PR previews (#28588)
  • 72fd8e2 [expo-go] Remove unused queries and overfetched fields (#28619)
  • f57dfd1 [templates] Update to latest [skip ci]
  • 2d80ee3 Publish packages
  • a8060e8 Publish packages

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

mernjs avatar May 07 '24 21:05 mernjs