Skip to content

fix: Bump expo from 45 to 48 #2706

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
robbie-c wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix: Bump expo from 45 to 48 #2706

robbie-c wants to merge 1 commit into from

Conversation

@robbie-c
Copy link
Member

@robbie-c robbie-c commented Dec 7, 2025
edited
Loading

Problem

Expo 45 has an (irrelevant) npm audit warning against it, I wanted to bump our Expo version to make that warning go away

Changes

Bump the expo version used from 45 -> 48 (the lowest version that fixes the issue).

@PostHog/team-mobile Please check the changes I made to the vendored code. I only tried to support 0.73.x and nothing else, but I don't have context on why we supported metro 0.83 which is a different version that what comes with expo 45.

Also, please double-check you're happy with how I had to change our asserts.

(also feel free to ignore this PR and make your own, I just want the warning to go away)

Release info Sub-libraries affected

Libraries affected

  • All of them
  • posthog-js (web)
  • posthog-js-lite (web lite)
  • posthog-node
  • posthog-react-native
  • @posthog/react
  • @posthog/ai
  • @posthog/nextjs-config
  • @posthog/nuxt
  • @posthog/rollup-plugin
  • @posthog/webpack-plugin

Checklist

  • Tests for new code
  • Accounted for the impact of any changes across different platforms
  • Accounted for backwards compatibility of any changes (no breaking changes!)
  • Took care not to unnecessarily increase the bundle size

If releasing new changes

  • Ran pnpm changeset to generate a changeset file
  • Added the "release" label to the PR to indicate we're publishing new versions for the affected packages

@robbie-c robbie-c requested a review from a team as a code owner December 7, 2025 17:54
@vercel
Copy link

vercel bot commented Dec 7, 2025

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Updated (UTC)
posthog-js Ready Ready Preview Dec 7, 2025 5:54pm
posthog-nextjs-config Ready Ready Preview Dec 7, 2025 5:54pm

@github-actions
Copy link
Contributor

github-actions bot commented Dec 7, 2025

📝 No Changeset Found

This PR doesn't include a changeset. A changeset (and the release label) is required to release a new version.

How to add a changeset

Run this command and follow the prompts:

pnpm changeset

Remember: Never use major version bumps for posthog-js as it's autoloaded by clients.

greptile-apps[bot]
greptile-apps bot reviewed Dec 7, 2025
View reviewed changes
Copy link
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

9 files reviewed, no comments

Edit Code Review Agent Settings | Greptile

@github-actions
Copy link
Contributor

github-actions bot commented Dec 7, 2025

Download bundle size visualization

@github-actions
Copy link
Contributor

github-actions bot commented Dec 7, 2025

Size Change: -1.74 kB (-0.03%)

Total Size: 5.11 MB

Filename Size Change
packages/react-native/dist/autocapture.js 4.58 kB -102 B (-2.18%)
packages/react-native/dist/PostHogProvider.js 4.65 kB -118 B (-2.47%)
packages/react-native/dist/surveys/components/BottomSection.js 1.22 kB -122 B (-9.08%)
packages/react-native/dist/surveys/components/Cancel.js 794 B -115 B (-12.65%) 👏
packages/react-native/dist/surveys/components/ConfirmationMessage.js 1.45 kB -128 B (-8.09%)
packages/react-native/dist/surveys/components/QuestionHeader.js 989 B -123 B (-11.06%) 👏
packages/react-native/dist/surveys/components/QuestionTypes.js 9.94 kB -153 B (-1.52%)
packages/react-native/dist/surveys/components/SurveyModal.js 3.74 kB -120 B (-3.11%)
packages/react-native/dist/surveys/components/Surveys.js 7.05 kB -129 B (-1.8%)
packages/react-native/dist/surveys/icons.js 7.64 kB -116 B (-1.5%)
packages/react-native/dist/surveys/PostHogSurveyProvider.js 5.54 kB -119 B (-2.1%)
packages/react-native/dist/tooling/vendor/metro/utils.js 2.95 kB -396 B (-11.83%) 👏
ℹ️ View Unchanged
Filename Size Change
packages/ai/dist/anthropic/index.cjs 17.8 kB 0 B
packages/ai/dist/anthropic/index.mjs 17.6 kB 0 B
packages/ai/dist/gemini/index.cjs 23.4 kB 0 B
packages/ai/dist/gemini/index.mjs 23.2 kB 0 B
packages/ai/dist/index.cjs 140 kB 0 B
packages/ai/dist/index.mjs 140 kB 0 B
packages/ai/dist/langchain/index.cjs 41.2 kB 0 B
packages/ai/dist/langchain/index.mjs 40.7 kB 0 B
packages/ai/dist/openai/index.cjs 42.3 kB 0 B
packages/ai/dist/openai/index.mjs 42 kB 0 B
packages/ai/dist/vercel/index.cjs 30 kB 0 B
packages/ai/dist/vercel/index.mjs 30 kB 0 B
packages/browser/dist/all-external-dependencies.js 228 kB 0 B
packages/browser/dist/array.full.es5.js 303 kB 0 B
packages/browser/dist/array.full.js 369 kB 0 B
packages/browser/dist/array.full.no-external.js 384 kB 0 B
packages/browser/dist/array.js 163 kB 0 B
packages/browser/dist/array.no-external.js 176 kB 0 B
packages/browser/dist/crisp-chat-integration.js 2.11 kB 0 B
packages/browser/dist/customizations.full.js 19.2 kB 0 B
packages/browser/dist/dead-clicks-autocapture.js 13.1 kB 0 B
packages/browser/dist/exception-autocapture.js 11.7 kB 0 B
packages/browser/dist/external-scripts-loader.js 2.95 kB 0 B
packages/browser/dist/intercom-integration.js 2.16 kB 0 B
packages/browser/dist/lazy-recorder.js 150 kB 0 B
packages/browser/dist/main.js 165 kB 0 B
packages/browser/dist/module.full.js 369 kB 0 B
packages/browser/dist/module.full.no-external.js 384 kB 0 B
packages/browser/dist/module.js 164 kB 0 B
packages/browser/dist/module.no-external.js 177 kB 0 B
packages/browser/dist/posthog-recorder.js 247 kB 0 B
packages/browser/dist/recorder-v2.js 113 kB 0 B
packages/browser/dist/recorder.js 113 kB 0 B
packages/browser/dist/surveys-preview.js 72.5 kB 0 B
packages/browser/dist/surveys.js 84.3 kB 0 B
packages/browser/dist/tracing-headers.js 1.93 kB 0 B
packages/browser/dist/web-vitals.js 10.5 kB 0 B
packages/browser/react/dist/esm/index.js 19.2 kB 0 B
packages/browser/react/dist/umd/index.js 22.4 kB 0 B
packages/core/dist/error-tracking/chunk-ids.js 2.54 kB 0 B
packages/core/dist/error-tracking/chunk-ids.mjs 1.31 kB 0 B
packages/core/dist/error-tracking/coercers/dom-exception-coercer.js 2.3 kB 0 B
packages/core/dist/error-tracking/coercers/dom-exception-coercer.mjs 993 B 0 B
packages/core/dist/error-tracking/coercers/error-coercer.js 2.02 kB 0 B
packages/core/dist/error-tracking/coercers/error-coercer.mjs 794 B 0 B
packages/core/dist/error-tracking/coercers/error-event-coercer.js 1.76 kB 0 B
packages/core/dist/error-tracking/coercers/error-event-coercer.mjs 513 B 0 B
packages/core/dist/error-tracking/coercers/event-coercer.js 1.82 kB 0 B
packages/core/dist/error-tracking/coercers/event-coercer.mjs 548 B 0 B
packages/core/dist/error-tracking/coercers/index.js 6.79 kB 0 B
packages/core/dist/error-tracking/coercers/index.mjs 326 B 0 B
packages/core/dist/error-tracking/coercers/object-coercer.js 3.46 kB 0 B
packages/core/dist/error-tracking/coercers/object-coercer.mjs 2.07 kB 0 B
packages/core/dist/error-tracking/coercers/primitive-coercer.js 1.67 kB 0 B
packages/core/dist/error-tracking/coercers/primitive-coercer.mjs 419 B 0 B
packages/core/dist/error-tracking/coercers/promise-rejection-event.js 2.25 kB 0 B
packages/core/dist/error-tracking/coercers/promise-rejection-event.mjs 904 B 0 B
packages/core/dist/error-tracking/coercers/string-coercer.js 2.01 kB 0 B
packages/core/dist/error-tracking/coercers/string-coercer.mjs 820 B 0 B
packages/core/dist/error-tracking/coercers/utils.js 2.06 kB 0 B
packages/core/dist/error-tracking/coercers/utils.mjs 716 B 0 B
packages/core/dist/error-tracking/error-properties-builder.js 5.49 kB 0 B
packages/core/dist/error-tracking/error-properties-builder.mjs 4.15 kB 0 B
packages/core/dist/error-tracking/index.js 4.11 kB 0 B
packages/core/dist/error-tracking/index.mjs 152 B 0 B
packages/core/dist/error-tracking/parsers/base.js 1.83 kB 0 B
packages/core/dist/error-tracking/parsers/base.mjs 464 B 0 B
packages/core/dist/error-tracking/parsers/chrome.js 2.73 kB 0 B
packages/core/dist/error-tracking/parsers/chrome.mjs 1.32 kB 0 B
packages/core/dist/error-tracking/parsers/gecko.js 2.47 kB 0 B
packages/core/dist/error-tracking/parsers/gecko.mjs 1.13 kB 0 B
packages/core/dist/error-tracking/parsers/index.js 4.38 kB 0 B
packages/core/dist/error-tracking/parsers/index.mjs 1.94 kB 0 B
packages/core/dist/error-tracking/parsers/node.js 3.94 kB 0 B
packages/core/dist/error-tracking/parsers/node.mjs 2.68 kB 0 B
packages/core/dist/error-tracking/parsers/opera.js 2.26 kB 0 B
packages/core/dist/error-tracking/parsers/opera.mjs 746 B 0 B
packages/core/dist/error-tracking/parsers/safari.js 1.88 kB 0 B
packages/core/dist/error-tracking/parsers/safari.mjs 574 B 0 B
packages/core/dist/error-tracking/parsers/winjs.js 1.72 kB 0 B
packages/core/dist/error-tracking/parsers/winjs.mjs 426 B 0 B
packages/core/dist/error-tracking/types.js 1.33 kB 0 B
packages/core/dist/error-tracking/types.mjs 131 B 0 B
packages/core/dist/error-tracking/utils.js 1.8 kB 0 B
packages/core/dist/error-tracking/utils.mjs 604 B 0 B
packages/core/dist/eventemitter.js 1.78 kB 0 B
packages/core/dist/eventemitter.mjs 571 B 0 B
packages/core/dist/featureFlagUtils.js 6.5 kB 0 B
packages/core/dist/featureFlagUtils.mjs 4.28 kB 0 B
packages/core/dist/gzip.js 1.88 kB 0 B
packages/core/dist/gzip.mjs 577 B 0 B
packages/core/dist/index.js 5.7 kB 0 B
packages/core/dist/index.mjs 485 B 0 B
packages/core/dist/posthog-core-stateless.js 29.6 kB 0 B
packages/core/dist/posthog-core-stateless.mjs 27.1 kB 0 B
packages/core/dist/posthog-core.js 28.2 kB 0 B
packages/core/dist/posthog-core.mjs 24 kB 0 B
packages/core/dist/process/index.js 2.77 kB 0 B
packages/core/dist/process/index.mjs 114 B 0 B
packages/core/dist/process/spawn-local.js 1.82 kB 0 B
packages/core/dist/process/spawn-local.mjs 568 B 0 B
packages/core/dist/process/utils.js 3.12 kB 0 B
packages/core/dist/process/utils.mjs 1.15 kB 0 B
packages/core/dist/testing/index.js 2.93 kB 0 B
packages/core/dist/testing/index.mjs 79 B 0 B
packages/core/dist/testing/PostHogCoreTestClient.js 3.15 kB 0 B
packages/core/dist/testing/PostHogCoreTestClient.mjs 1.74 kB 0 B
packages/core/dist/testing/test-utils.js 2.77 kB 0 B
packages/core/dist/testing/test-utils.mjs 1.09 kB 0 B
packages/core/dist/types.js 8.2 kB 0 B
packages/core/dist/types.mjs 5.93 kB 0 B
packages/core/dist/utils/bot-detection.js 3.28 kB 0 B
packages/core/dist/utils/bot-detection.mjs 1.95 kB 0 B
packages/core/dist/utils/bucketed-rate-limiter.js 3 kB 0 B
packages/core/dist/utils/bucketed-rate-limiter.mjs 1.62 kB 0 B
packages/core/dist/utils/index.js 11 kB 0 B
packages/core/dist/utils/index.mjs 1.94 kB 0 B
packages/core/dist/utils/logger.js 2.5 kB 0 B
packages/core/dist/utils/logger.mjs 1.22 kB 0 B
packages/core/dist/utils/number-utils.js 2 kB 0 B
packages/core/dist/utils/number-utils.mjs 735 B 0 B
packages/core/dist/utils/promise-queue.js 2 kB 0 B
packages/core/dist/utils/promise-queue.mjs 768 B 0 B
packages/core/dist/utils/string-utils.js 1.91 kB 0 B
packages/core/dist/utils/string-utils.mjs 414 B 0 B
packages/core/dist/utils/type-utils.js 6.93 kB 0 B
packages/core/dist/utils/type-utils.mjs 3.03 kB 0 B
packages/core/dist/vendor/uuidv7.js 8.29 kB 0 B
packages/core/dist/vendor/uuidv7.mjs 6.72 kB 0 B
packages/nextjs-config/dist/config.js 5.03 kB 0 B
packages/nextjs-config/dist/config.mjs 3.55 kB 0 B
packages/nextjs-config/dist/index.js 2.24 kB 0 B
packages/nextjs-config/dist/index.mjs 30 B 0 B
packages/nextjs-config/dist/utils.js 3.83 kB 0 B
packages/nextjs-config/dist/utils.mjs 1.72 kB 0 B
packages/node/dist/client.js 24.2 kB 0 B
packages/node/dist/client.mjs 22.3 kB 0 B
packages/node/dist/entrypoints/index.edge.js 4.25 kB 0 B
packages/node/dist/entrypoints/index.edge.mjs 723 B 0 B
packages/node/dist/entrypoints/index.node.js 5.55 kB 0 B
packages/node/dist/entrypoints/index.node.mjs 1.08 kB 0 B
packages/node/dist/experimental.js 603 B 0 B
packages/node/dist/experimental.mjs 0 B 0 B 🆕
packages/node/dist/exports.js 3.6 kB 0 B
packages/node/dist/exports.mjs 124 B 0 B
packages/node/dist/extensions/context/context.js 2.12 kB 0 B
packages/node/dist/extensions/context/context.mjs 862 B 0 B
packages/node/dist/extensions/context/types.js 603 B 0 B
packages/node/dist/extensions/context/types.mjs 0 B 0 B 🆕
packages/node/dist/extensions/error-tracking/autocapture.js 2.66 kB 0 B
packages/node/dist/extensions/error-tracking/autocapture.mjs 1.24 kB 0 B
packages/node/dist/extensions/error-tracking/index.js 3.88 kB 0 B
packages/node/dist/extensions/error-tracking/index.mjs 2.61 kB 0 B
packages/node/dist/extensions/error-tracking/modifiers/context-lines.node.js 8.81 kB 0 B
packages/node/dist/extensions/error-tracking/modifiers/context-lines.node.mjs 7.15 kB 0 B
packages/node/dist/extensions/error-tracking/modifiers/module.node.js 2.78 kB 0 B
packages/node/dist/extensions/error-tracking/modifiers/module.node.mjs 1.45 kB 0 B
packages/node/dist/extensions/express.js 2.75 kB 0 B
packages/node/dist/extensions/express.mjs 1.16 kB 0 B
packages/node/dist/extensions/feature-flags/cache.js 603 B 0 B
packages/node/dist/extensions/feature-flags/cache.mjs 0 B 0 B 🆕
packages/node/dist/extensions/feature-flags/crypto.js 1.57 kB 0 B
packages/node/dist/extensions/feature-flags/crypto.mjs 395 B 0 B
packages/node/dist/extensions/feature-flags/feature-flags.js 30.9 kB 0 B
packages/node/dist/extensions/feature-flags/feature-flags.mjs 28.9 kB 0 B
packages/node/dist/extensions/sentry-integration.js 4.66 kB 0 B
packages/node/dist/extensions/sentry-integration.mjs 3.17 kB 0 B
packages/node/dist/storage-memory.js 1.52 kB 0 B
packages/node/dist/storage-memory.mjs 297 B 0 B
packages/node/dist/types.js 603 B 0 B
packages/node/dist/types.mjs 0 B 0 B 🆕
packages/node/dist/version.js 1.21 kB 0 B
packages/node/dist/version.mjs 46 B 0 B
packages/nuxt/dist/module.mjs 4.19 kB 0 B
packages/nuxt/dist/runtime/nitro-plugin.js 1.08 kB 0 B
packages/nuxt/dist/runtime/vue-plugin.js 1.14 kB 0 B
packages/react-native/dist/error-tracking/index.js 6.77 kB 0 B
packages/react-native/dist/error-tracking/utils.js 2.58 kB 0 B
packages/react-native/dist/frameworks/wix-navigation.js 1.3 kB 0 B
packages/react-native/dist/hooks/useFeatureFlag.js 1.49 kB 0 B
packages/react-native/dist/hooks/useFeatureFlags.js 821 B 0 B
packages/react-native/dist/hooks/useNavigationTracker.js 2.46 kB 0 B
packages/react-native/dist/hooks/usePostHog.js 467 B 0 B
packages/react-native/dist/index.js 3.12 kB 0 B
packages/react-native/dist/native-deps.js 7.96 kB 0 B
packages/react-native/dist/optional/OptionalAsyncStorage.js 299 B 0 B
packages/react-native/dist/optional/OptionalExpoApplication.js 377 B 0 B
packages/react-native/dist/optional/OptionalExpoDevice.js 347 B 0 B
packages/react-native/dist/optional/OptionalExpoFileSystem.js 386 B 0 B
packages/react-native/dist/optional/OptionalExpoFileSystemLegacy.js 423 B 0 B
packages/react-native/dist/optional/OptionalExpoLocalization.js 383 B 0 B
packages/react-native/dist/optional/OptionalReactNativeDeviceInfo.js 415 B 0 B
packages/react-native/dist/optional/OptionalReactNativeLocalize.js 303 B 0 B
packages/react-native/dist/optional/OptionalReactNativeNavigation.js 415 B 0 B
packages/react-native/dist/optional/OptionalReactNativeNavigationWix.js 443 B 0 B
packages/react-native/dist/optional/OptionalReactNativeSafeArea.js 644 B 0 B
packages/react-native/dist/optional/OptionalSessionReplay.js 455 B 0 B
packages/react-native/dist/posthog-rn.js 30.7 kB 0 B
packages/react-native/dist/PostHogContext.js 329 B 0 B
packages/react-native/dist/storage.js 3.39 kB 0 B
packages/react-native/dist/surveys/getActiveMatchingSurveys.js 3.69 kB 0 B
packages/react-native/dist/surveys/index.js 600 B 0 B
packages/react-native/dist/surveys/surveys-utils.js 9.31 kB 0 B
packages/react-native/dist/surveys/useActivatedSurveys.js 3.38 kB 0 B
packages/react-native/dist/surveys/useSurveyStorage.js 2.16 kB 0 B
packages/react-native/dist/tooling/expoconfig.js 2.63 kB 0 B
packages/react-native/dist/tooling/metroconfig.js 2.2 kB 0 B
packages/react-native/dist/tooling/posthogMetroSerializer.js 4.8 kB 0 B
packages/react-native/dist/tooling/utils.js 4.05 kB 0 B
packages/react-native/dist/tooling/vendor/expo/expoconfig.js 70 B 0 B
packages/react-native/dist/tooling/vendor/metro/countLines.js 237 B 0 B
packages/react-native/dist/types.js 70 B 0 B
packages/react-native/dist/utils.js 539 B 0 B
packages/react-native/dist/version.js 130 B 0 B
packages/react/dist/esm/index.js 19.2 kB 0 B
packages/react/dist/umd/index.js 22.4 kB 0 B
packages/rollup-plugin/dist/index.js 3.61 kB 0 B
packages/web/dist/index.cjs 13.8 kB 0 B
packages/web/dist/index.mjs 13.7 kB 0 B
packages/webpack-plugin/dist/config.js 2.65 kB 0 B
packages/webpack-plugin/dist/config.mjs 1.64 kB 0 B
packages/webpack-plugin/dist/index.js 7.18 kB 0 B
packages/webpack-plugin/dist/index.mjs 3.51 kB 0 B
tooling/changelog/dist/index.js 3.31 kB 0 B
tooling/rollup-utils/dist/index.js 1.17 kB 0 B

compressed-size-action

marandaneto
marandaneto reviewed Dec 9, 2025
View reviewed changes
packages/react-native/app.config.js
@@ -0,0 +1,3 @@
export default {
Copy link
Member

@marandaneto marandaneto Dec 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

expo-localization is an optional dep so i think we should not have this here

marandaneto
marandaneto reviewed Dec 9, 2025
View reviewed changes
packages/react-native/babel.config.js
],
presets: [
'module:metro-react-native-babel-preset',
'babel-preset-expo',
Copy link
Member

@marandaneto marandaneto Dec 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

does that make expo mandatory? we should support bare bones react native as well

marandaneto
marandaneto reviewed Dec 9, 2025
View reviewed changes
packages/react-native/package.json
"jest-expo": "catalog:",
"metro": "0.83.1",
"@expo/metro-config": "~0.20.0",
"metro": "0.73.10",
Copy link
Member

@marandaneto marandaneto Dec 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://posthog.com/docs/error-tracking/upload-source-maps/react-native#inject

we need because of the 'Expo 50 or later' note.

Copy link
Member Author

@robbie-c robbie-c Dec 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh interesting! It seems like the easiest approach might be to kill this PR and go all the way to 50 (or 53, latest) then?

Copy link
Member

@marandaneto marandaneto Dec 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah, i am not sure what would be the correct min. version of metro here
expo 50 uses rn 0.73, so thats our min. support, we would use the metro version that is compatible with them

marandaneto
marandaneto reviewed Dec 9, 2025
View reviewed changes
packages/react-native/package.json
"posthog-react-native-session-replay": "^1.2.0",
"react": "18.2.0",
"react-native": "^0.69.1",
"react-native": "^0.71.14",
Copy link
Member

@marandaneto marandaneto Dec 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we should support >= 0.73 beause of this
https://expo.dev/changelog/2024-01-18-sdk-50

expo 50 uses rn 0.73

marandaneto
marandaneto reviewed Dec 9, 2025
View reviewed changes
packages/react-native/src/tooling/vendor/metro/metro.d.ts
@@ -1,34 +1,77 @@
// Vendored / modified from @facebook/metro
// Type declarations for metro 0.73.x (used by Expo 48 / React Native 0.71.x)
Copy link
Member

@marandaneto marandaneto Dec 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

see comments here https://github.com/PostHog/posthog-js/pull/2706/files#r2601914572

@marandaneto
Copy link
Member

marandaneto commented Dec 9, 2025

@robbie-c

Expo 45 has an (irrelevant) npm audit warning against it, I wanted to bump our Expo version to make that warning go away

whats the warning? wanna check if theres a simpler fix since this pr introduces changes that will break things (left comments)

@robbie-c
Copy link
Member Author

robbie-c commented Dec 9, 2025

@marandaneto

whats the warning? wanna check if theres a simpler fix since this pr introduces changes that will break things (left comments)

It's not relevant for us, but worth fixing regardless

┌─────────────────────┬────────────────────────────────────────────────────────┐
│ critical            │ Expo SDK has an OAuth vulnerability                    │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Package             │ expo                                                   │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Vulnerable versions │ <48.0.0                                                │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Patched versions    │ >=48.0.0                                               │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Paths               │ packages__react-native>expo                            │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ More info           │ https://github.com/advisories/GHSA-wr5g-q49g-548w      │
└─────────────────────┴────────────────────────────────────────────────────────┘

@marandaneto
Copy link
Member

marandaneto commented Dec 9, 2025

@robbie-c not a prob then since we only support expo >= 50

@robbie-c
Copy link
Member Author

robbie-c commented Dec 9, 2025
edited
Loading

We have expo 45 in our dev deps though, so this is going to keep showing up in pnpm audit / wiz / other tools until we change that

@marandaneto
Copy link
Member

marandaneto commented Dec 9, 2025

We have expo 45 in our dev deps though, so this is going to keep showing up in pnpm audit / wiz / other tools until we change that

ahh saw it now, lemme check this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@marandaneto marandaneto marandaneto left review comments

+1 more reviewer

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

react-native

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@robbie-c @marandaneto