[Snyk] Security upgrade expo from 36.0.2 to 49.0.0

[sleepwell95]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Prototype Pollution SNYK-JS-JSON5-3182856	Yes	Proof of Concept
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: expo

The new version differs by 250 commits.

• 2fbf7de Publish packages
• 4e550a9 Publish packages
• 77033b1 refactor(cli): drop extraneous source fetch workaround for `metro@<0.75.1` (#23259)
• 0923d89 fix(cli, dev-server): add `SYSTEMROOT` for `open` when opening browsers on Windows (#23287)
• a1f781a [templates] Update for latest
• cf90d5c Publish packages
• 52c2c73 refactor(cli): disable inspector proxy inline source maps for vscode only (#23258)
• d8aa838 [android] Bump version
• 733e09a [fastlane] Add sync_screenshots lane
• 71811ec update yarn.lock
• 1713bcc [iOS] Specify Obj-C names for React delegate handlers for versioning (#23229)
• 72bdf13 [ios][secure-store] Backport to sdk49 (#23278)
• ddfec4c [ios][secure-store] Check for plist key if auth is required (#23275)
• e559009 [image-picker] Bump image cropper version to fix EAS build (#23191)
• 5016837 [camera] Fix crash when onBarCodeScanned or onFacesDetected callback is removed (#23223)
• 3c25888 [android][image-picker] Fix backported photo picker crashing with null intent (#23224)
• 9662dc7 feat: add generated types for Expo Router useSegment (#22629)
• f678f6a [ios] Bump version
• 4c558b9 [core][Android] Fix the `View cannot be cast to ViewGroup` exception (#23264)
• afa9ad0 Fix tsconfig paths and other SDK 49 Metro features. (#23276)
• 9b283f0 [workspace] Bump TypeScript version to 5.1.3 (#23143)
• cdcdfc3 [iOS] Refactor expo-screen-orientation for versioning (#23228)
• 7faea6c [go] Fix hermes inspector crash from vscode-expo (#23271)
• c068d13 chore: update react-native to 0.72.1 (#23262)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)