melvin-bot[bot]
commented
4 months ago This is a Snyk issue. Snyk is a tool that automatically tracks our repositories' dependencies and reports associated security vulnerabilities. It also automatically create PRs to fix these vulnerabilities.
C+: Please follow these steps to test the linked PR before running through the reviewer checklist:
- [ ] The first step is to understand the PR: what dependency is it upgrading, for which vulnerability, how it impacts our product & end users.
- [ ] If the issue is not worth fixing, please add your reasoning in the issue and have the internal engineer review it.
- [ ] Check the change log (which should be included in the PR description) to see all changes. We want to identify any breaking changes. If it is a minor version bump, it's unlikely that there are any breaking changes.
- [ ] Test our feature(s) that make use of this package. If it does not work, we should understand what broke it. It is also a good idea to check our main flows to make sure they are not broken that you can add in the checklist screenshots/videos.
jayeshmangwani
mountiny
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json⚠️ Warning
``` Failed to update the package-lock.json, please update manually before merging. ```**Why?** Proof of Concept exploit, Has a fix available, CVSS 6.2 | Missing Release of Resource after Effective Lifetime
[SNYK-JS-INFLIGHT-6095116](https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116) | Yes | Proof of Concept  | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-SEMVER-3247795](https://snyk.io/vuln/SNYK-JS-SEMVER-3247795) | Yes | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: expo
The new version differs by 250 commits.- 2975b6d Publish packages
- 7995f30 Publish packages
- 2b6c5cb [docs] Fix Image blurhash syntax in placeholder prop
- a5cd2f4 [template] Add privacy_file_aggregation_enabled to the correct place
- 4d8aaab [template] Add missing comma
- 14ff547 [packages] Commit build files
- 9a1f53f [build-properties] Add field to enable/disable privacy manifest aggregation (#28646)
- 19f4c9a chore(cli): bump canary to support React 19 beta (#28592)
- 6d629fd feature(expo-build-properties): add `ios.ccacheEnabled` option to enable c++ compiler cache (#28638)
- 87efd0c Add additional config flag to allow forcing RTL on LTR locales (#28129)
- 9c8b6d4 [core][Android] Remove Kotlin warnings (#28629)
- 9782fb3 [core][Android] Add the method name to unexpected exception (#28626)
- 338477c [video][Android] Remove Kotlin warnings (#28628)
- 2ec644a [device][Android] Replace deprecated method to get rotation (#28627)
- 46dc5b3 [docs] Update new arch guide to account for fixed navigation issue
- 6df141b [docs] Fix `zulu` installation command for SDK 49 and below (#28612)
- 393ca27 [docs] Improve example in Use Bun guide (#28615)
- b142541 [iOS] Make it easier to use the new architecture in bare-expo (#28616)
- 1fcceda [core][Android] Make `defaultAppContextMock` private (#28620)
- 0adb5e6 [docs] show "Unversioned" API version in PR previews (#28588)
- 72fd8e2 [expo-go] Remove unused queries and overfetched fields (#28619)
- f57dfd1 [templates] Update to latest [skip ci]
- 2d80ee3 Publish packages
- a8060e8 Publish packages
See the full diffUpwork Automation - Do Not Edit