[Snyk] Fix for 1 vulnerabilities

[1fabunicorn]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

✨ Snyk has automatically assigned this pull request, set who gets assigned.

As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	501/1000 Why? Recently disclosed, Has a fix available, CVSS 4.3	Information Exposure Through Sent Data SNYK-JS-PHIN-6598077	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: expo

The new version differs by 250 commits.

• 1f1398e Publish packages
• 21bdae9 Publish packages
• 2188102 [template][bare] update expo-updates to latest
• b21b611 [av][iOS] Allow video audio to continue to play in the background (#12950)
• 9b7b618 [bare-expo] Update Podfile.lock
• cc6dc18 [android][ios] Bump Expo Go version
• 03ce324 [home] Update dev and prod home
• 3ca3c39 [ios] Update location permission usage message
• d5be25e Publish expo-dev-client
• 0614038 Publish expo-dev-client
• 9858796 [dev-launcher][plugin] Ensure that `withErrorHandling` is triggered on every platform (#13438)
• b5fd37b [expo-dev-launcher] fix error message when loading a production app without expo-updates (#13458)
• f8f11fc [dev-menu][dev-launcher] Make items order consistently across platforms (#13449)
• a7a44a0 [home] Add release channel label back to project page (#13459)
• 678da87 [ios] Bump Expo Go version
• 60b514a [ios] Fix second instance of manifest JSON bug (#13443)
• b3fc001 Update AndroidManifest.xml (#13173)
• 8697b30 Remove READ_PHONE_STATE permission from default template (#13176)
• b02e45d [expo-splash-screen][ios] search for viewController with a RCTRootView (#13429)
• 2bb90ff [ios] Fix bug where we attempt to validate manifest instance rather than JSON as a JSON object (#13442)
• abb9e79 [skip-ci][ios][android] Update dev and prod home
• 3495c4a [home] check for camera permissions on QR scanner deep link (#13410)
• 2a35a64 [skip-ci][ios][android] Bump app versions
• 39db2c7 [home] Update prod home

See the full diff

Package name: expo-constants

The new version differs by 250 commits.

• c80d4c9 Publish packages
• 03d9022 Publish packages
• 29ed20a [bare-expo][android] Configure metro to download assets specified in the NCL (#13299)
• 74875c5 fix: crash of file system when try to read cache dir file on android (#13232)
• ae0b93a [tools] Bump postcss from 7.0.17 to 7.0.36 (#13296)
• b032029 [expo-updates][android] add runtimeVersion support to classic updates (#13283)
• 7623ef8 Added `android:usesCleartextTraffic=true` (#13294)
• fc29d91 [notifications] feat: respond to notifications while app is backgrounded (#13130)
• bd7d249 [SDK 42] Update iOS versioning scripts for react-native-svg (#13278)
• a404f43 [secure-store] add doc comments in source (#13225)
• 5df607a [haptics] add doc comments in source (#13288)
• 85233da [network] add doc comments in source (#13289)
• c849d0e [home] Use showInRecents on auth session to prevent premature closing browser (#13281)
• c91e801 [docs] Fix Tracking Transparency Warning (#13279)
• 1af7225 [docs] EAS Build - add Big Sur image (#13285)
• af20b77 [android] Add Hermes support for Expo Go (#13238)
• 674e6fc [segment][android] upgrade segment version v4.9.4 (#13263)
• df3ae3b [android][qa] minor fixes for test-suite and NCL (#13262)
• 35f9870 [test-suite] Fix Recording.createAsync test (#12944)
• 719f610 [firebase-core][screen-orientation][autolinking] Fix check-packages (#13265)
• 0762ff3 [docs] Clarify that expo-branch is not supported on EAS Build
• 4adce31 [docs] Update dev client documentation for the managed workflow Eng-961
• 7cc7213 [ENG-975][image-manipulator] convert Android code to Kotlin (#13231)
• 1930d45 [CI][Android] Fix `The following variables are used in this project, but they are set to NOTFOUND` (#13275)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

👩‍💻 Set who automatically gets assigned

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.