[Snyk] Security upgrade expo from 50.0.4 to 51.0.0

[melvin-bot]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	631/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.2	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: expo

The new version differs by 250 commits.

• 2975b6d Publish packages
• 7995f30 Publish packages
• 2b6c5cb [docs] Fix Image blurhash syntax in placeholder prop
• a5cd2f4 [template] Add privacy_file_aggregation_enabled to the correct place
• 4d8aaab [template] Add missing comma
• 14ff547 [packages] Commit build files
• 9a1f53f [build-properties] Add field to enable/disable privacy manifest aggregation (fix: room name field does not automatically focus when returning from the chat option #28646)
• 19f4c9a chore(cli): bump canary to support React 19 beta ([$500] Login - App displays half or no animation on login with suspended email on mWeb #28592)
• 6d629fd feature(expo-build-properties): add `ios.ccacheEnabled` option to enable c++ compiler cache ([PAID] [$500] LHN - Incorrect backup avatar while waiting for avatar to load #28638)
• 87efd0c Add additional config flag to allow forcing RTL on LTR locales ([$500] Request Money - Request money screen opens again on click of Next button #28129)
• 9c8b6d4 [core][Android] Remove Kotlin warnings ([HOLD for payment 2023-11-06] [$500] Chat - Email pattern is not recognized when sending a comment #28629)
• 9782fb3 [core][Android] Add the method name to unexpected exception ([HOLD for payment 2023-10-23] [HOLD for payment 2023-10-23] [HOLD for payment 2023-10-20] [HOLD for payment 2023-10-20] [$500] Assign task - Assign task tooltip is not displaying email and avatar #28626)
• 338477c [video][Android] Remove Kotlin warnings (Allow Viewing a category to a Split Bill  #28628)
• 2ec644a [device][Android] Replace deprecated method to get rotation ([NoQA] From docs refactor #28627)
• 46dc5b3 [docs] Update new arch guide to account for fixed navigation issue
• 6df141b [docs] Fix `zulu` installation command for SDK 49 and below (Revert "Reattempt using OSBotify installation token in actions" #28612)
• 393ca27 [docs] Improve example in Use Bun guide (Improve memoization of LHN by handling the isFocused prop better #28615)
• b142541 [iOS] Make it easier to use the new architecture in bare-expo (Strikethrough link is not parsed correctly on link with URL that contains tilde #28616)
• 1fcceda [core][Android] Make `defaultAppContextMock` private (Remove the close button from security page #28620)
• 0adb5e6 [docs] show "Unversioned" API version in PR previews ([HOLD] Add expo-modules to application. #28588)
• 72fd8e2 [expo-go] Remove unused queries and overfetched fields (Fix Android camera permission prompt #28619)
• f57dfd1 [templates] Update to latest [skip ci]
• 2d80ee3 Publish packages
• a8060e8 Publish packages

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

Upwork Automation - Do Not Edit

• Upwork Job URL: https://www.upwork.com/jobs/~019b949af182e85040
• Upwork Job ID: 1787925979384631296
• Last Price Increase: 2024-05-07

[melvin-bot]

This is a Snyk issue. Snyk is a tool that automatically tracks our repositories' dependencies and reports associated security vulnerabilities. It also automatically create PRs to fix these vulnerabilities.

    C+: Please follow these steps to test the linked PR before running through the reviewer checklist:
    - [ ] The first step is to understand the PR: what dependency is it upgrading, for which vulnerability, how it impacts our product & end users.
    - [ ] If the issue is not worth fixing, please add your reasoning in the issue and have the internal engineer review it.
    - [ ] Check the change log (which should be included in the PR description) to see all changes. We want to identify any breaking changes. If it is a minor version bump, it's unlikely that there are any breaking changes.
    - [ ] Test our feature(s) that make use of this package. If it does not work, we should understand what broke it. It is also a good idea to check our main flows to make sure they are not broken that you can add in the checklist screenshots/videos.

[melvin-bot]

Job added to Upwork: https://www.upwork.com/jobs/~019b949af182e85040

[melvin-bot]

Triggered auto assignment to Contributor Plus for review of internal employee PR - @jayeshmangwani (Internal)

[melvin-bot]

This issue has not been updated in over 15 days. @jayeshmangwani eroding to Monthly issue.

P.S. Is everyone reading this sure this is really a near-term priority? Be brave: if you disagree, go ahead and close it out. If someone disagrees, they'll reopen it, and if they don't: one less thing to do!

[jayeshmangwani]

expo version will be going to be updated to 51.x.x in this RN version upgrade PR #40548, we can close/HOLD this issue in favour of other PR

Not sure whom to tag but ccing @mountiny 😃

[mountiny]

thanks