[Snyk] Fix for 2 vulnerabilities

[AliceSof]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • templates/expo-template-tabs/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	631/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.2	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: expo

The new version differs by 250 commits.

• 2975b6d Publish packages
• 7995f30 Publish packages
• 2b6c5cb [docs] Fix Image blurhash syntax in placeholder prop
• a5cd2f4 [template] Add privacy_file_aggregation_enabled to the correct place
• 4d8aaab [template] Add missing comma
• 14ff547 [packages] Commit build files
• 9a1f53f [build-properties] Add field to enable/disable privacy manifest aggregation ([build-properties] Add field to enable/disable privacy manifest aggregation expo/expo#28646)
• 19f4c9a chore(cli): bump canary to support React 19 beta (chore(cli): bump canary to support React 19 beta expo/expo#28592)
• 6d629fd feature(expo-build-properties): add `ios.ccacheEnabled` option to enable c++ compiler cache (feature(expo-build-properties): add ios.ccacheEnabled option to enable c++ compiler cache expo/expo#28638)
• 87efd0c Add additional config flag to allow forcing RTL on LTR locales (Add additional config flag to allow forcing RTL on LTR locales expo/expo#28129)
• 9c8b6d4 [core][Android] Remove Kotlin warnings ([core][Android] Remove Kotlin warnings expo/expo#28629)
• 9782fb3 [core][Android] Add the method name to unexpected exception ([core][Android] Add the method name to unexpected exception expo/expo#28626)
• 338477c [video][Android] Remove Kotlin warnings ([video][Android] Remove Kotlin warnings expo/expo#28628)
• 2ec644a [device][Android] Replace deprecated method to get rotation ([device][Android] Replace deprecated method to get rotation expo/expo#28627)
• 46dc5b3 [docs] Update new arch guide to account for fixed navigation issue
• 6df141b [docs] Fix `zulu` installation command for SDK 49 and below ([docs] Fix zulu installation command for SDK 49 and below expo/expo#28612)
• 393ca27 [docs] Improve example in Use Bun guide ([docs] Improve example in Use Bun guide expo/expo#28615)
• b142541 [iOS] Make it easier to use the new architecture in bare-expo ([iOS] Make it easier to use the new architecture in bare-expo expo/expo#28616)
• 1fcceda [core][Android] Make `defaultAppContextMock` private ([core][Android] Make defaultAppContextMock private expo/expo#28620)
• 0adb5e6 [docs] show "Unversioned" API version in PR previews ([docs] show "Unversioned" API version in PR previews expo/expo#28588)
• 72fd8e2 [expo-go] Remove unused queries and overfetched fields ([expo-go] Remove unused queries and overfetched fields expo/expo#28619)
• f57dfd1 [templates] Update to latest [skip ci]
• 2d80ee3 Publish packages
• a8060e8 Publish packages

See the full diff

Package name: expo-router

The new version differs by 250 commits.

• 0897aea Publish packages
• 216e960 Publish packages
• df6af6d [eslint-config-expo] Resolve TypeScript "paths" ([eslint-config-expo] Resolve TypeScript "paths" expo/expo#28378)
• 9b2c0f2 [cli] Run eslint directly rather than lint script ([cli] Run eslint directly rather than lint script expo/expo#28332)
• d698984 [expo-go] Publish prod home [skip ci]
• 4cb0783 Update Podfile locks after changes in expo-image-manipulator [skip ci]
• 841796d [image][iOS] Fix maintaining animated images duration after resizing ([image][iOS] Fix maintaining animated images duration after resizing expo/expo#28371)
• 041b687 [docs] Add doc for fingerprint runtime version and CI/CD (beta) ([docs] Add doc for fingerprint runtime version and CI/CD (beta) expo/expo#28310)
• d80bdbb [sqlite] bump sqlite to 3.45.3 and enable bytecodevtab ([sqlite] bump sqlite to 3.45.3 and enable bytecodevtab expo/expo#28358)
• eb59156 [core] fix build.gradle backward compatibility for previous expo modules ([core] fix build.gradle backward compatibility for previous expo modules expo/expo#28359)
• de7294e [config-plugins] Remove warning when using fingerprint ([config-plugins] Remove warning when using fingerprint expo/expo#28329)
• 74a0778 [expo-updates][cli] Add --debug option to fingerprint:generate command ([expo-updates][cli] Add --debug option to fingerprint:generate command expo/expo#28311)
• 18fc422 [sdk-51] upgrade react native 0.74.0 ([sdk-51] upgrade react native 0.74.0 expo/expo#28368)
• 1927a49 fix(server): serve hoisted index routes (fix(server): serve hoisted index routes expo/expo#28348)
• b4ff318 [dev-client] fix deep linking launch error ([dev-client] fix deep linking launch error expo/expo#28339)
• 5585320 [image-manipulator] add webp support for Android and iOS ([image-manipulator] add webp support for Android and iOS expo/expo#26379)
• c158ef2 [docs] Fix multiple minor issue ([docs] Fix multiple minor issue expo/expo#28365)
• 6ae1b17 [android][image-picker] fix getting filename and filesize from cropped images ([android][image-picker] fix getting filename and filesize from cropped images expo/expo#28352)
• f709c82 [docs] Fix vale warning in Stripe SDK 51 reference ([docs] Fix vale warning in Stripe SDK 51 reference expo/expo#28357)
• 22e8580 [docs] Update Expo Go landing page links ([docs] Update Expo Go landing page links expo/expo#28356)
• 78c1de6 [core] fix AppContext null currentActivity ([core] fix AppContext null currentActivity expo/expo#28338)
• c9b0dc7 [image][ios] fix resizing animated images failing to preserve animation ([image][ios] fix resizing animated images failing to preserve animation expo/expo#28335)
• 691b672 [docs] Add Expo Symbols reference to SDK 51 ([docs] Add Expo Symbols reference to SDK 51 expo/expo#28350)
• 38b9631 [docs] Add Links rule to avoid vague text in Vale and update other rules ([docs] Add Links rule to avoid vague text in Vale and update other rules expo/expo#28354)

See the full diff

Package name: expo-splash-screen

The new version differs by 250 commits.

• 0897aea Publish packages
• 216e960 Publish packages
• df6af6d [eslint-config-expo] Resolve TypeScript "paths" ([eslint-config-expo] Resolve TypeScript "paths" expo/expo#28378)
• 9b2c0f2 [cli] Run eslint directly rather than lint script ([cli] Run eslint directly rather than lint script expo/expo#28332)
• d698984 [expo-go] Publish prod home [skip ci]
• 4cb0783 Update Podfile locks after changes in expo-image-manipulator [skip ci]
• 841796d [image][iOS] Fix maintaining animated images duration after resizing ([image][iOS] Fix maintaining animated images duration after resizing expo/expo#28371)
• 041b687 [docs] Add doc for fingerprint runtime version and CI/CD (beta) ([docs] Add doc for fingerprint runtime version and CI/CD (beta) expo/expo#28310)
• d80bdbb [sqlite] bump sqlite to 3.45.3 and enable bytecodevtab ([sqlite] bump sqlite to 3.45.3 and enable bytecodevtab expo/expo#28358)
• eb59156 [core] fix build.gradle backward compatibility for previous expo modules ([core] fix build.gradle backward compatibility for previous expo modules expo/expo#28359)
• de7294e [config-plugins] Remove warning when using fingerprint ([config-plugins] Remove warning when using fingerprint expo/expo#28329)
• 74a0778 [expo-updates][cli] Add --debug option to fingerprint:generate command ([expo-updates][cli] Add --debug option to fingerprint:generate command expo/expo#28311)
• 18fc422 [sdk-51] upgrade react native 0.74.0 ([sdk-51] upgrade react native 0.74.0 expo/expo#28368)
• 1927a49 fix(server): serve hoisted index routes (fix(server): serve hoisted index routes expo/expo#28348)
• b4ff318 [dev-client] fix deep linking launch error ([dev-client] fix deep linking launch error expo/expo#28339)
• 5585320 [image-manipulator] add webp support for Android and iOS ([image-manipulator] add webp support for Android and iOS expo/expo#26379)
• c158ef2 [docs] Fix multiple minor issue ([docs] Fix multiple minor issue expo/expo#28365)
• 6ae1b17 [android][image-picker] fix getting filename and filesize from cropped images ([android][image-picker] fix getting filename and filesize from cropped images expo/expo#28352)
• f709c82 [docs] Fix vale warning in Stripe SDK 51 reference ([docs] Fix vale warning in Stripe SDK 51 reference expo/expo#28357)
• 22e8580 [docs] Update Expo Go landing page links ([docs] Update Expo Go landing page links expo/expo#28356)
• 78c1de6 [core] fix AppContext null currentActivity ([core] fix AppContext null currentActivity expo/expo#28338)
• c9b0dc7 [image][ios] fix resizing animated images failing to preserve animation ([image][ios] fix resizing animated images failing to preserve animation expo/expo#28335)
• 691b672 [docs] Add Expo Symbols reference to SDK 51 ([docs] Add Expo Symbols reference to SDK 51 expo/expo#28350)
• 38b9631 [docs] Add Links rule to avoid vague text in Vale and update other rules ([docs] Add Links rule to avoid vague text in Vale and update other rules expo/expo#28354)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/[email protected]	filesystem, network	0	269 kB	sindresorhus
npm/[email protected]	environment, filesystem	0	31.6 kB	isaacs
npm/[email protected]	filesystem, shell	0	485 kB	kevcodez
npm/[email protected]	None	0	12.8 kB	ljharb
npm/[email protected]	environment	0	3.44 kB	iarna
npm/[email protected]	None	+1	18.1 kB	dougwilson
npm/[email protected]	None	0	19 kB	jimbly
npm/[email protected]	network	+1	240 kB	jcrugzz
npm/[email protected]	None	0	336 kB	ashtuchkin
npm/[email protected]	None	0	6.25 kB	feross
npm/[email protected]	filesystem	0	4.29 kB	isaacs
npm/[email protected]	None	0	3.96 kB	isaacs
npm/[email protected]	None	+1	93.1 kB	sboudrias
npm/[email protected]	None	0	5.73 kB	sindresorhus
npm/[email protected]	None	0	35.7 kB	indutny
npm/[email protected]	None	0	5.58 kB	feross
npm/[email protected]	None	0	20.4 kB	ljharb
npm/[email protected]	None	0	5.09 kB	jonschlinkert
npm/[email protected]	None	0	6.22 kB	jonschlinkert
npm/[email protected]	environment, filesystem	0	3.76 kB	sindresorhus
npm/[email protected]	None	0	3.89 kB	juliangruber
npm/[email protected]	None	0	15.1 kB	lydell
npm/[email protected]	None	0	6.7 kB	zkat
npm/[email protected]	None	0	16.8 kB	esp
npm/[email protected]	None	0	229 kB	jordanbtucker
npm/[email protected]	Transitive: environment	+2	3.24 MB	beneidel
npm/[email protected]	filesystem	+1	331 kB	david.parsson
npm/[email protected]	None	0	10.4 kB	manidlou
npm/[email protected]	None	0	1.41 MB	bnjmnt4n
npm/[email protected]	None	0	267 kB	tonybrix
npm/[email protected]	None	0	57.6 kB	broofa
npm/[email protected]	None	0	1.55 kB	cwmma
npm/[email protected]	None	+3	57.5 kB	isaacs
npm/[email protected]	None	0	50.7 kB	ljharb
npm/[email protected]	filesystem	0	7.53 kB	isaacs
npm/[email protected]	None	0	6.27 kB	leo
npm/[email protected]	filesystem	0	10.3 kB	superjoe
npm/[email protected]	filesystem	0	18 kB	mmalecki
npm/[email protected]	None	0	297 kB	suguru03
npm/[email protected]	network	0	152 kB	endless
npm/[email protected]	filesystem	0	26.5 kB	lukekarrys
npm/[email protected]	None	0	2.84 kB	zertosh
npm/[email protected]	None	0	5.49 kB	sindresorhus
npm/[email protected]	None	0	26.5 kB	ljharb
npm/[email protected]	None	0	19.1 kB	indutny
npm/[email protected]	None	+1	7.01 kB	isaacs
npm/[email protected]	environment, filesystem, shell	0	46.4 kB	sindresorhus
npm/[email protected]	environment, network	0	1.7 MB	dschnurr-openai
npm/[email protected]	None	0	23.2 kB	sindresorhus
npm/[email protected]	None	0	3.06 kB	sindresorhus
npm/[email protected]	network	0	14.3 kB	sindresorhus
npm/[email protected]	environment, filesystem, network	+1	83.5 kB	gar
npm/[email protected]	None	0	31.7 kB	sergeyt
npm/[email protected]	None	0	10.3 kB	dougwilson
npm/[email protected]	None	0	3.02 kB	sindresorhus
npm/[email protected]	None	+1	1 MB	mreinstein
npm/[email protected]	environment, filesystem, unsafe	0	11.6 MB	prettier-bot
npm/[email protected]	None	0	11.5 kB	sindresorhus
npm/[email protected]	None	0	15.5 kB	turbopope
npm/[email protected]	None	0	185 kB	terkelg
npm/[email protected]	None	0	15.4 kB	dougwilson
npm/[email protected]	None	0	32.4 kB	mathias
npm/[email protected]	None	0	96.5 kB	mwbrooks
npm/[email protected]	None	0	33.3 kB	gozala
npm/[email protected]	None	0	8.46 kB	dougwilson
npm/[email protected]	None	0	5.19 kB	alexgorbatchev
npm/[email protected]	None	0	26.8 kB	benjamn
npm/[email protected]	None	0	9.09 kB	jonschlinkert
npm/[email protected]	environment, filesystem	0	144 kB	ljharb
npm/[email protected]	filesystem	0	15.2 kB	isaacs
npm/[email protected]	None	0	31.7 kB	feross
npm/[email protected]	None	0	42.3 kB	chalker
npm/[email protected]	None	0	66.8 kB	isaacs
npm/[email protected]	None	+1	109 kB	npm-cli-ops
npm/[email protected]	Transitive: filesystem, network	+7	122 kB	dougwilson
npm/[email protected]	None	0	4.22 kB	bcoe
npm/[email protected]	environment, filesystem, shell	0	493 kB	lovell
npm/[email protected]	filesystem	0	20.1 kB	wollardj
npm/[email protected]	None	0	12.3 kB	simov
npm/[email protected]	None	0	766 kB	tromey
npm/[email protected]	None	0	12.3 kB	dominictarr
npm/[email protected]	None	0	10.9 kB	dougwilson
npm/[email protected]	None	0	4.03 kB	sindresorhus
npm/[email protected]	None	0	40.6 kB	sokra
npm/[email protected]	environment, filesystem	+1	148 kB	isaacs
npm/[email protected]	environment, filesystem	0	47.1 kB	lukeed
npm/[email protected]	None	0	6.52 kB	sindresorhus
npm/[email protected]	None	0	11 kB	substack
npm/[email protected]	None	0	12.5 kB	dominictarr
npm/[email protected]	None	0	31.9 kB	typescript-bot
npm/[email protected]	None	+1	29.6 kB	dougwilson
npm/[email protected]	environment, filesystem, shell, unsafe	+1	67.9 MB	typedoc-bot
npm/[email protected]	None	0	40.1 MB	typescript-bot
npm/[email protected]	None	0	4.31 kB	dougwilson
npm/[email protected]	None	0	5.48 kB	tootallnate
npm/[email protected]	None	0	123 kB	ctavan
npm/[email protected]	environment Transitive: filesystem	+1	20.4 kB	isaacs
npm/[email protected]	filesystem, shell	0	161 kB	erisu
npm/[email protected]	None	+1	212 kB	leonidas
npm/[email protected]	None	0	5.96 kB	raynos
npm/[email protected]	None	0	14.8 kB	isaacs

🚮 Removed packages: npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@nodelib/[email protected], npm/@nodelib/[email protected], npm/@nodelib/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected]

View full report↗︎