[Snyk] Fix for 2 vulnerabilities

[AliceSof]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • templates/expo-template-tabs/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	631/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.2	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: expo

The new version differs by 250 commits.

• 2975b6d Publish packages
• 7995f30 Publish packages
• 2b6c5cb [docs] Fix Image blurhash syntax in placeholder prop
• a5cd2f4 [template] Add privacy_file_aggregation_enabled to the correct place
• 4d8aaab [template] Add missing comma
• 14ff547 [packages] Commit build files
• 9a1f53f [build-properties] Add field to enable/disable privacy manifest aggregation ([build-properties] Add field to enable/disable privacy manifest aggregation expo/expo#28646)
• 19f4c9a chore(cli): bump canary to support React 19 beta (chore(cli): bump canary to support React 19 beta expo/expo#28592)
• 6d629fd feature(expo-build-properties): add `ios.ccacheEnabled` option to enable c++ compiler cache (feature(expo-build-properties): add ios.ccacheEnabled option to enable c++ compiler cache expo/expo#28638)
• 87efd0c Add additional config flag to allow forcing RTL on LTR locales (Add additional config flag to allow forcing RTL on LTR locales expo/expo#28129)
• 9c8b6d4 [core][Android] Remove Kotlin warnings ([core][Android] Remove Kotlin warnings expo/expo#28629)
• 9782fb3 [core][Android] Add the method name to unexpected exception ([core][Android] Add the method name to unexpected exception expo/expo#28626)
• 338477c [video][Android] Remove Kotlin warnings ([video][Android] Remove Kotlin warnings expo/expo#28628)
• 2ec644a [device][Android] Replace deprecated method to get rotation ([device][Android] Replace deprecated method to get rotation expo/expo#28627)
• 46dc5b3 [docs] Update new arch guide to account for fixed navigation issue
• 6df141b [docs] Fix `zulu` installation command for SDK 49 and below ([docs] Fix zulu installation command for SDK 49 and below expo/expo#28612)
• 393ca27 [docs] Improve example in Use Bun guide ([docs] Improve example in Use Bun guide expo/expo#28615)
• b142541 [iOS] Make it easier to use the new architecture in bare-expo ([iOS] Make it easier to use the new architecture in bare-expo expo/expo#28616)
• 1fcceda [core][Android] Make `defaultAppContextMock` private ([core][Android] Make defaultAppContextMock private expo/expo#28620)
• 0adb5e6 [docs] show "Unversioned" API version in PR previews ([docs] show "Unversioned" API version in PR previews expo/expo#28588)
• 72fd8e2 [expo-go] Remove unused queries and overfetched fields ([expo-go] Remove unused queries and overfetched fields expo/expo#28619)
• f57dfd1 [templates] Update to latest [skip ci]
• 2d80ee3 Publish packages
• a8060e8 Publish packages

See the full diff

Package name: expo-router

The new version differs by 250 commits.

• 0897aea Publish packages
• 216e960 Publish packages
• df6af6d [eslint-config-expo] Resolve TypeScript "paths" ([eslint-config-expo] Resolve TypeScript "paths" expo/expo#28378)
• 9b2c0f2 [cli] Run eslint directly rather than lint script ([cli] Run eslint directly rather than lint script expo/expo#28332)
• d698984 [expo-go] Publish prod home [skip ci]
• 4cb0783 Update Podfile locks after changes in expo-image-manipulator [skip ci]
• 841796d [image][iOS] Fix maintaining animated images duration after resizing ([image][iOS] Fix maintaining animated images duration after resizing expo/expo#28371)
• 041b687 [docs] Add doc for fingerprint runtime version and CI/CD (beta) ([docs] Add doc for fingerprint runtime version and CI/CD (beta) expo/expo#28310)
• d80bdbb [sqlite] bump sqlite to 3.45.3 and enable bytecodevtab ([sqlite] bump sqlite to 3.45.3 and enable bytecodevtab expo/expo#28358)
• eb59156 [core] fix build.gradle backward compatibility for previous expo modules ([core] fix build.gradle backward compatibility for previous expo modules expo/expo#28359)
• de7294e [config-plugins] Remove warning when using fingerprint ([config-plugins] Remove warning when using fingerprint expo/expo#28329)
• 74a0778 [expo-updates][cli] Add --debug option to fingerprint:generate command ([expo-updates][cli] Add --debug option to fingerprint:generate command expo/expo#28311)
• 18fc422 [sdk-51] upgrade react native 0.74.0 ([sdk-51] upgrade react native 0.74.0 expo/expo#28368)
• 1927a49 fix(server): serve hoisted index routes (fix(server): serve hoisted index routes expo/expo#28348)
• b4ff318 [dev-client] fix deep linking launch error ([dev-client] fix deep linking launch error expo/expo#28339)
• 5585320 [image-manipulator] add webp support for Android and iOS ([image-manipulator] add webp support for Android and iOS expo/expo#26379)
• c158ef2 [docs] Fix multiple minor issue ([docs] Fix multiple minor issue expo/expo#28365)
• 6ae1b17 [android][image-picker] fix getting filename and filesize from cropped images ([android][image-picker] fix getting filename and filesize from cropped images expo/expo#28352)
• f709c82 [docs] Fix vale warning in Stripe SDK 51 reference ([docs] Fix vale warning in Stripe SDK 51 reference expo/expo#28357)
• 22e8580 [docs] Update Expo Go landing page links ([docs] Update Expo Go landing page links expo/expo#28356)
• 78c1de6 [core] fix AppContext null currentActivity ([core] fix AppContext null currentActivity expo/expo#28338)
• c9b0dc7 [image][ios] fix resizing animated images failing to preserve animation ([image][ios] fix resizing animated images failing to preserve animation expo/expo#28335)
• 691b672 [docs] Add Expo Symbols reference to SDK 51 ([docs] Add Expo Symbols reference to SDK 51 expo/expo#28350)
• 38b9631 [docs] Add Links rule to avoid vague text in Vale and update other rules ([docs] Add Links rule to avoid vague text in Vale and update other rules expo/expo#28354)

See the full diff

Package name: expo-splash-screen

The new version differs by 250 commits.

• 0897aea Publish packages
• 216e960 Publish packages
• df6af6d [eslint-config-expo] Resolve TypeScript "paths" ([eslint-config-expo] Resolve TypeScript "paths" expo/expo#28378)
• 9b2c0f2 [cli] Run eslint directly rather than lint script ([cli] Run eslint directly rather than lint script expo/expo#28332)
• d698984 [expo-go] Publish prod home [skip ci]
• 4cb0783 Update Podfile locks after changes in expo-image-manipulator [skip ci]
• 841796d [image][iOS] Fix maintaining animated images duration after resizing ([image][iOS] Fix maintaining animated images duration after resizing expo/expo#28371)
• 041b687 [docs] Add doc for fingerprint runtime version and CI/CD (beta) ([docs] Add doc for fingerprint runtime version and CI/CD (beta) expo/expo#28310)
• d80bdbb [sqlite] bump sqlite to 3.45.3 and enable bytecodevtab ([sqlite] bump sqlite to 3.45.3 and enable bytecodevtab expo/expo#28358)
• eb59156 [core] fix build.gradle backward compatibility for previous expo modules ([core] fix build.gradle backward compatibility for previous expo modules expo/expo#28359)
• de7294e [config-plugins] Remove warning when using fingerprint ([config-plugins] Remove warning when using fingerprint expo/expo#28329)
• 74a0778 [expo-updates][cli] Add --debug option to fingerprint:generate command ([expo-updates][cli] Add --debug option to fingerprint:generate command expo/expo#28311)
• 18fc422 [sdk-51] upgrade react native 0.74.0 ([sdk-51] upgrade react native 0.74.0 expo/expo#28368)
• 1927a49 fix(server): serve hoisted index routes (fix(server): serve hoisted index routes expo/expo#28348)
• b4ff318 [dev-client] fix deep linking launch error ([dev-client] fix deep linking launch error expo/expo#28339)
• 5585320 [image-manipulator] add webp support for Android and iOS ([image-manipulator] add webp support for Android and iOS expo/expo#26379)
• c158ef2 [docs] Fix multiple minor issue ([docs] Fix multiple minor issue expo/expo#28365)
• 6ae1b17 [android][image-picker] fix getting filename and filesize from cropped images ([android][image-picker] fix getting filename and filesize from cropped images expo/expo#28352)
• f709c82 [docs] Fix vale warning in Stripe SDK 51 reference ([docs] Fix vale warning in Stripe SDK 51 reference expo/expo#28357)
• 22e8580 [docs] Update Expo Go landing page links ([docs] Update Expo Go landing page links expo/expo#28356)
• 78c1de6 [core] fix AppContext null currentActivity ([core] fix AppContext null currentActivity expo/expo#28338)
• c9b0dc7 [image][ios] fix resizing animated images failing to preserve animation ([image][ios] fix resizing animated images failing to preserve animation expo/expo#28335)
• 691b672 [docs] Add Expo Symbols reference to SDK 51 ([docs] Add Expo Symbols reference to SDK 51 expo/expo#28350)
• 38b9631 [docs] Add Links rule to avoid vague text in Vale and update other rules ([docs] Add Links rule to avoid vague text in Vale and update other rules expo/expo#28354)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/got@11.8.6	filesystem, network	0	269 kB	sindresorhus
npm/graceful-fs@4.2.9	environment, filesystem	0	31.6 kB	isaacs
npm/gradle-upgrade-interactive@0.7.4	filesystem, shell	0	485 kB	kevcodez
npm/has-bigints@1.0.2	None	0	12.8 kB	ljharb
npm/has-unicode@2.0.1	environment	0	3.44 kB	iarna
npm/http-errors@1.6.3	None	+1	18.1 kB	dougwilson
npm/http-parser-js@0.4.10	None	0	19 kB	jimbly
npm/http-proxy@1.18.1	network	+1	240 kB	jcrugzz
npm/iconv-lite@0.4.23	None	0	336 kB	ashtuchkin
npm/ieee754@1.1.13	None	0	6.25 kB	feross
npm/infer-owner@1.0.4	filesystem	0	4.29 kB	isaacs
npm/inherits@2.0.4	None	0	3.96 kB	isaacs
npm/inquirer@8.2.2	None	+1	93.1 kB	sboudrias
npm/internal-ip@4.3.0	None	0	5.73 kB	sindresorhus
npm/ip@1.1.5	None	0	35.7 kB	indutny
npm/is-buffer@1.1.6	None	0	5.58 kB	feross
npm/is-date-object@1.0.2	None	0	20.4 kB	ljharb
npm/is-extendable@0.1.1	None	0	5.09 kB	jonschlinkert
npm/is-extglob@2.1.1	None	0	6.22 kB	jonschlinkert
npm/is-wsl@2.2.0	environment, filesystem	0	3.76 kB	sindresorhus
npm/isarray@1.0.0	None	0	3.89 kB	juliangruber
npm/js-tokens@4.0.0	None	0	15.1 kB	lydell
npm/json-parse-better-errors@1.0.2	None	0	6.7 kB	zkat
npm/json-schema-traverse@0.3.1	None	0	16.8 kB	esp
npm/json5@2.2.1	None	0	229 kB	jordanbtucker
npm/jsondiffpatch@0.4.1	Transitive: environment	+2	3.24 MB	beneidel
npm/junit-report-builder@1.3.2	filesystem	+1	331 kB	david.parsson
npm/klaw-sync@6.0.0	None	0	10.4 kB	manidlou
npm/lodash@4.17.21	None	0	1.41 MB	bnjmnt4n
npm/marked@1.2.9	None	0	267 kB	tonybrix
npm/mime@2.4.6	None	0	57.6 kB	broofa
npm/minimalistic-assert@1.0.1	None	0	1.55 kB	cwmma
npm/minimatch@3.1.2	None	+3	57.5 kB	isaacs
npm/minimist@1.2.7	None	0	50.7 kB	ljharb
npm/mkdirp@0.5.5	filesystem	0	7.53 kB	isaacs
npm/ms@2.0.0	None	0	6.27 kB	leo
npm/mv@2.1.1	filesystem	0	10.3 kB	superjoe
npm/ncp@2.0.0	filesystem	0	18 kB	mmalecki
npm/neo-async@2.6.1	None	0	297 kB	suguru03
npm/node-fetch@2.6.7	network	0	152 kB	endless
npm/npm-packlist@5.1.3	filesystem	0	26.5 kB	lukekarrys
npm/nullthrows@1.1.1	None	0	2.84 kB	zertosh
npm/object-assign@4.1.1	None	0	5.49 kB	sindresorhus
npm/object-keys@1.1.1	None	0	26.5 kB	ljharb
npm/obuf@1.1.2	None	0	19.1 kB	indutny
npm/once@1.4.0	None	+1	7.01 kB	isaacs
npm/open@8.4.0	environment, filesystem, shell	0	46.4 kB	sindresorhus
npm/openai@4.21.0	environment, network	0	1.7 MB	dschnurr-openai
npm/ora@5.4.1	None	0	23.2 kB	sindresorhus
npm/os-tmpdir@1.0.2	None	0	3.06 kB	sindresorhus
npm/package-json@6.4.0	network	0	14.3 kB	sindresorhus
npm/pacote@13.1.1	environment, filesystem, network	+1	83.5 kB	gar
npm/parse-diff@0.9.0	None	0	31.7 kB	sergeyt
npm/parseurl@1.3.3	None	0	10.3 kB	dougwilson
npm/path-key@2.0.1	None	0	3.02 kB	sindresorhus
npm/plist@3.0.6	None	+1	1 MB	mreinstein
npm/prettier@2.8.1	environment, filesystem, unsafe	0	11.6 MB	prettier-bot
npm/pretty-bytes@5.6.0	None	0	11.5 kB	sindresorhus
npm/progress@2.0.3	None	0	15.5 kB	turbopope
npm/prompts@2.4.0	None	0	185 kB	terkelg
npm/proxy-addr@2.0.7	None	0	15.4 kB	dougwilson
npm/punycode@2.1.1	None	0	32.4 kB	mathias
npm/qrcode-terminal@0.12.0	None	0	96.5 kB	mwbrooks
npm/querystring@0.2.0	None	0	33.3 kB	gozala
npm/range-parser@1.2.1	None	0	8.46 kB	dougwilson
npm/recursive-omit-by@2.0.0	None	0	5.19 kB	alexgorbatchev
npm/regenerator-runtime@0.13.5	None	0	26.8 kB	benjamn
npm/repeat-string@1.6.1	None	0	9.09 kB	jonschlinkert
npm/resolve@1.22.0	environment, filesystem	0	144 kB	ljharb
npm/rimraf@2.6.3	filesystem	0	15.2 kB	isaacs
npm/safe-buffer@5.1.2	None	0	31.7 kB	feross
npm/safer-buffer@2.1.2	None	0	42.3 kB	chalker
npm/sax@1.2.1	None	0	66.8 kB	isaacs
npm/semver@7.5.3	None	+1	109 kB	npm-cli-ops
npm/serve-static@1.13.2	Transitive: filesystem, network	+7	122 kB	dougwilson
npm/set-blocking@2.0.0	None	0	4.22 kB	bcoe
npm/sharp@0.30.5	environment, filesystem, shell	0	493 kB	lovell
npm/simple-plist@1.3.1	filesystem	0	20.1 kB	wollardj
npm/slugify@1.4.0	None	0	12.3 kB	simov
npm/source-map@0.5.7	None	0	766 kB	tromey
npm/split@1.0.1	None	0	12.3 kB	dominictarr
npm/statuses@1.4.0	None	0	10.9 kB	dougwilson
npm/strip-ansi@6.0.1	None	0	4.03 kB	sindresorhus
npm/tapable@1.1.3	None	0	40.6 kB	sokra
npm/tar@4.4.6	environment, filesystem	+1	148 kB	isaacs
npm/taskr@1.1.0	environment, filesystem	0	47.1 kB	lukeed
npm/terminal-link@2.1.1	None	0	6.52 kB	sindresorhus
npm/text-table@0.2.0	None	0	11 kB	substack
npm/through@2.3.8	None	0	12.5 kB	dominictarr
npm/tslib@1.13.0	None	0	31.9 kB	typescript-bot
npm/type-is@1.6.18	None	+1	29.6 kB	dougwilson
npm/typedoc@0.23.24	environment, filesystem, shell, unsafe	+1	67.9 MB	typedoc-bot
npm/typescript@5.1.3	None	0	40.1 MB	typescript-bot
npm/unpipe@1.0.0	None	0	4.31 kB	dougwilson
npm/util-deprecate@1.0.2	None	0	5.48 kB	tootallnate
npm/uuid@9.0.0	None	0	123 kB	ctavan
npm/which@1.3.1	environment Transitive: filesystem	+1	20.4 kB	isaacs
npm/xcode@3.0.1	filesystem, shell	0	161 kB	erisu
npm/xml2js@0.4.23	None	+1	212 kB	leonidas
npm/xtend@4.0.1	None	0	5.96 kB	raynos
npm/yallist@4.0.0	None	0	14.8 kB	isaacs

🚮 Removed packages: npm/@babel/plugin-syntax-export-default-from@7.7.4, npm/@babel/plugin-syntax-flow@7.10.1, npm/@babel/plugin-syntax-jsx@7.16.7, npm/@nodelib/fs.scandir@2.1.5, npm/@nodelib/fs.stat@2.0.5, npm/@nodelib/fs.walk@1.2.8, npm/@types/glob@7.2.0, npm/@types/istanbul-lib-coverage@2.0.4, npm/@types/json-schema@7.0.11, npm/@types/tapable@1.0.6, npm/@types/webpack@4.41.21, npm/address@1.1.2, npm/agent-base@6.0.2, npm/ajv-keywords@3.4.1, npm/array-includes@3.1.4, npm/bl@4.1.0, npm/bn.js@4.12.0, npm/boolbase@1.0.0, npm/braces@3.0.2, npm/browserify-aes@1.2.0, npm/buffer@4.9.2, npm/cacache@15.0.5, npm/call-bind@1.0.2, npm/caniuse-lite@1.0.30001393, npm/charenc@0.0.2, npm/chownr@2.0.0, npm/cipher-base@1.0.4, npm/combined-stream@1.0.8, npm/compression@1.7.4, npm/create-hash@1.2.0, npm/create-hmac@1.1.7, npm/crypt@0.0.2, npm/css-color-names@0.0.4, npm/css-tree@1.0.0-alpha.28, npm/css-what@2.1.3, npm/define-properties@1.1.3, npm/deprecation@2.3.1, npm/detect-libc@2.0.1, npm/domelementtype@2.0.1, npm/duplexify@3.7.1, npm/electron-to-chromium@1.4.247, npm/end-of-stream@1.4.4, npm/errno@0.1.7, npm/es-abstract@1.19.1, npm/escalade@3.1.1, npm/esrecurse@4.3.0, npm/estraverse@4.2.0, npm/evp_bytestokey@1.0.3, npm/extend-shallow@3.0.2, npm/fast-glob@3.2.11, npm/follow-redirects@1.14.8, npm/fs-minipass@2.1.0, npm/fsevents@1.2.13, npm/get-intrinsic@1.1.1

View full report↗︎