Conversation
…lnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-BRACEEXPANSION-15789759
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
| "compressorjs": "^1.1.1", | ||
| "elliptic": "^6.5.5", | ||
| "expo": "^50.0.20", | ||
| "expo": "^51.0.0", |
There was a problem hiding this comment.
Major Expo SDK bump breaks React Native compatibility
High Severity
Upgrading expo from ^50.0.20 to ^51.0.0 is a major SDK bump that requires react-native 0.74, but the project still pins react-native to 0.73.7. Additionally, several other Expo packages remain at SDK 50-compatible versions (expo-clipboard@~5.0.0, expo-document-picker@~11.10.1, expo-image-manipulator@~11.8.0, expo-image-picker@~14.7.1, expo-localization@~14.8.4, expo-status-bar@~1.11.1) and need corresponding upgrades for SDK 51 compatibility. This will likely cause build failures or runtime errors.
Additional Locations (1)
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
| "compressorjs": "^1.1.1", | ||
| "elliptic": "^6.5.5", | ||
| "expo": "^50.0.20", | ||
| "expo": "^51.0.0", |
There was a problem hiding this comment.
🔴 Incomplete Expo SDK 50→51 upgrade leaves companion packages and React Native at incompatible SDK 50 versions
The expo core package was bumped from ^50.0.20 to ^51.0.0 (a major Expo SDK version change), but only expo-linking and expo-splash-screen were updated among the companion packages. Expo SDK major versions require all companion packages to be updated in lockstep. The following packages remain at their SDK 50-compatible versions and are incompatible with SDK 51:
react-native: 0.73.7(SDK 51 requires RN 0.74)expo-clipboard: ~5.0.0(SDK 51 requires ~6.0.x)expo-document-picker: ~11.10.1(SDK 51 requires ~12.0.x)expo-image-manipulator: ~11.8.0(SDK 51 requires ~12.0.x)expo-image-picker: ~14.7.1(SDK 51 requires ~15.0.x)expo-localization: ~14.8.4(SDK 51 requires ~15.0.x)expo-status-bar: ~1.11.1(SDK 51 requires ~1.12.x)
This will cause native module version mismatches and build or runtime failures for the expo-example app.
Prompt for agents
In packages/connect-examples/expo-example/package.json, the expo core was bumped to SDK 51 (^51.0.0) but the companion packages and react-native were not updated. Either:
1. Revert expo back to ^50.0.20 (and revert expo-linking and expo-splash-screen) if the goal is only to fix vulnerabilities without a full SDK upgrade, OR
2. Complete the SDK 51 upgrade by also bumping these packages to their SDK 51-compatible versions:
- react-native: 0.73.7 → 0.74.x
- expo-clipboard: ~5.0.0 → ~6.0.3
- expo-document-picker: ~11.10.1 → ~12.0.1
- expo-image-manipulator: ~11.8.0 → ~12.0.5
- expo-image-picker: ~14.7.1 → ~15.0.7
- expo-localization: ~14.8.4 → ~15.0.0
- expo-status-bar: ~1.11.1 → ~1.12.1
- react-native-reanimated: ~3.6.2 → ~3.10.0
- react-native-safe-area-context: 4.8.2 → 4.10.1
- react-native-screens: ~3.29.0 → ~3.31.1
Use 'npx expo install --fix' after updating expo to automatically resolve the correct companion package versions for the target SDK.
Was this helpful? React with 👍 or 👎 to provide feedback.
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
|
Warning Review the following alerts detected in dependencies. According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.
|
2 participants
Snyk has created this PR to fix 1 vulnerabilities in the yarn dependencies of this project.
Snyk changed the following file(s):
packages/connect-examples/expo-example/package.jsonNote for zero-installs users
If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the
.yarn/cache/directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to runyarnto update the contents of the./yarn/cachedirectory.If you are not using zero-install you can ignore this as your flow should likely be unchanged.
Vulnerabilities that will be fixed with an upgrade:
SNYK-JS-BRACEEXPANSION-15789759
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.
Note
Medium Risk
Bumps
expoto a new major version, which can introduce breaking runtime/build changes in the example app despite being dependency-only updates.Overview
Updates the
expo-exampleapp dependencies to address a reported vulnerability by upgradingexpoto^51.0.0and aligning related packages (expo-linking,expo-splash-screen) to compatible newer versions.Written by Cursor Bugbot for commit ef891dc. This will update automatically on new commits. Configure here.