[Snyk] Security upgrade @expo/webpack-config from 0.11.25 to 18.0.0

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-IMMER-1540542	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	Yes	Proof of Concept
	619/1000 Why? Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @expo/webpack-config

The new version differs by 250 commits.

• 4e7dbf3 Publish
• 84f6686 Update README.md
• 7adc6ae Update README.md
• 3052b9d [webpack] Upgrade to Webpack 5 (#3763)
• 625d91a Remove Node.js limitations on the legacy CLI (#4635)
• bee0413 [readme] Highlight the modern local CLI over everything else (#4632)
• 7edfa46 + create-expo-app@1.1.6
• 75af3f6 fix(create-expo-app): skip creating a git repo when inside existing repo (#4629)
• c56fb82 update docs to reflect next config bug (#4620)
• 48d14b4 Update CHANGELOG and commit schema cache
• a151151 Publish
• 3986274 [install-expo-modules] Add react-native 0.71 support (#4612)
• 8e5e5f7 fix(update): json5 to v2.2.2 where vulnerability has been patched (#4618)
• 62ce1fd Handle multiple query parameters in Android URIs (#4538)
• 757b300 [xdl] Add feature gates (#4587)
• 58cf75b Update @ xmldom/xmldom (#4592)
• 508f15b Update README.md
• 820cc0f deprecate expo-optimize and drop related checks (#4588)
• d6329a4 Update PULL_REQUEST_TEMPLATE
• e631bdb Update index-test.js.snap
• 72e6af2 drop traveling-fastlane source (#4589)
• 69965f2 feat(next)!: rewrite package (#4582)
• 8c3e745 Update CHANGELOG and commit schema cache
• e01f946 Publish

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 More lessons are available in Snyk Learn