[Snyk] Security upgrade expo from 39.0.3 to 51.0.0

[emeliepetersson]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: expo

The new version differs by 250 commits.

• 2975b6d Publish packages
• 7995f30 Publish packages
• 2b6c5cb [docs] Fix Image blurhash syntax in placeholder prop
• a5cd2f4 [template] Add privacy_file_aggregation_enabled to the correct place
• 4d8aaab [template] Add missing comma
• 14ff547 [packages] Commit build files
• 9a1f53f [build-properties] Add field to enable/disable privacy manifest aggregation (#28646)
• 19f4c9a chore(cli): bump canary to support React 19 beta (#28592)
• 6d629fd feature(expo-build-properties): add `ios.ccacheEnabled` option to enable c++ compiler cache (#28638)
• 87efd0c Add additional config flag to allow forcing RTL on LTR locales (#28129)
• 9c8b6d4 [core][Android] Remove Kotlin warnings (#28629)
• 9782fb3 [core][Android] Add the method name to unexpected exception (#28626)
• 338477c [video][Android] Remove Kotlin warnings (#28628)
• 2ec644a [device][Android] Replace deprecated method to get rotation (#28627)
• 46dc5b3 [docs] Update new arch guide to account for fixed navigation issue
• 6df141b [docs] Fix `zulu` installation command for SDK 49 and below (#28612)
• 393ca27 [docs] Improve example in Use Bun guide (#28615)
• b142541 [iOS] Make it easier to use the new architecture in bare-expo (#28616)
• 1fcceda [core][Android] Make `defaultAppContextMock` private (#28620)
• 0adb5e6 [docs] show "Unversioned" API version in PR previews (#28588)
• 72fd8e2 [expo-go] Remove unused queries and overfetched fields (#28619)
• f57dfd1 [templates] Update to latest [skip ci]
• 2d80ee3 Publish packages
• a8060e8 Publish packages

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Command Injection