Skip to content

[Snyk] Security upgrade expo from 51.0.28 to 53.0.0#102

Open
snyk-io[bot] wants to merge 1 commit intomainfrom
snyk-fix-757394e3d6c98651505050f0f7404869
Open

[Snyk] Security upgrade expo from 51.0.28 to 53.0.0#102
snyk-io[bot] wants to merge 1 commit intomainfrom
snyk-fix-757394e3d6c98651505050f0f7404869

Conversation

@snyk-io
Copy link

@snyk-io snyk-io bot commented Jan 27, 2026

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

  • ExpoImplementationEAS/package.json

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

⚠️ Warning 
Failed to update the yarn.lock, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

Issue Score
medium severity Directory Traversal
SNYK-JS-TAR-15032660		   149  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Directory Traversal

@snyk-io snyk-io bot requested a review from a team as a code owner January 27, 2026 01:09
@snyk-io snyk-io bot requested review from AldinaSculac and LiuPierre January 27, 2026 01:09
@snyk-io
Copy link
Author

snyk-io bot commented Jan 27, 2026

Merge Risk: High

This major upgrade from Expo SDK 51 to 53 introduces significant architectural changes, new environment requirements, and multiple breaking API updates. React Native's New Architecture is now enabled by default, which may affect third-party library compatibility. The upgrade also requires updates to your development environment.

Highlights:

  • New Architecture: React Native's New Architecture is now default. Check all dependencies for compatibility or temporarily opt-out in your app config.
  • Environment Updates: Node.js 20+ and Xcode 16.2+ are now required for development and building.
  • Package Replacements: The expo-av package is being replaced by expo-video and expo-audio, and expo-background-fetch is replaced by expo-background-task.

Source: Expo documentation
Recommendation: Follow the official Expo upgrade guide to upgrade one SDK version at a time (51 → 52 → 53). Run npx expo install --fix at each step and test thoroughly, paying close attention to native modules and build configurations.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AldinaSculac AldinaSculac Awaiting requested review from AldinaSculac AldinaSculac is a code owner automatically assigned from ContentSquare/mobile-react-native

@LiuPierre LiuPierre Awaiting requested review from LiuPierre LiuPierre is a code owner automatically assigned from ContentSquare/mobile-react-native

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants