[NoQA] Bump expo 54.0.10 → 54.0.22 (Snyk security fix)

[MelvinBot]

Explanation of Change

This is a focused security fix extracted from Snyk PR #83596, which bundled several breaking major version bumps alongside the actual vulnerability fix.

This PR only bumps expo from 54.0.10 to 54.0.22 to address Snyk-identified vulnerabilities. The original Snyk PR also included major version bumps for jest (29→30), glob (10→12), @sentry/webpack-plugin (4→5), and react-native (0.81→0.84) — all of which caused CI failures and are not included here.

Changes:

• expo: 54.0.10 → 54.0.22 in package.json
• Renamed expo patch file to match new version (expo+54.0.22+001+fix-missing-blob-variable-error.patch)
• Updated patches/expo/details.md to reference the renamed patch file
• Regenerated package-lock.json

Note: ios/Podfile.lock may need updating via npx pod-install on macOS to reflect the new expo version.

Fixed Issues

$
PROPOSAL:

Tests

1. Run npm ci and verify it completes without errors
2. Verify the expo patch applies cleanly during postinstall
3. Run the app and verify no regressions in expo-related functionality

• Verify that no errors appear in the JS console

Offline tests

N/A — dependency version bump only, no behavioral changes.

QA Steps

[No QA] — This is a patch version bump of expo (54.0.10 → 54.0.22) to address security vulnerabilities. No functional changes.

• Verify that no errors appear in the JS console

PR Author Checklist

• I linked the correct issue in the ### Fixed Issues section above
• I wrote clear testing steps that cover the changes made in this PR
  • I added steps for local testing in the Tests section
  • I added steps for the expected offline behavior in the Offline steps section
  • I added steps for Staging and/or Production testing in the QA steps section
  • I added steps to cover failure scenarios (i.e. verify an input displays the correct error message if the entered data is not correct)
  • I turned off my network connection and tested it while offline to ensure it matches the expected behavior (i.e. verify the default avatar icon is displayed if app is offline)
  • I tested this PR with a High Traffic account against the staging or production API to ensure there are no regressions (e.g. long loading states that impact usability).
• I included screenshots or videos for tests on all platforms
• I ran the tests on all platforms & verified they passed on:
  • Android: Native
  • Android: mWeb Chrome
  • iOS: Native
  • iOS: mWeb Safari
  • MacOS: Chrome / Safari
• I verified there are no console errors (if there's a console error not related to the PR, report it or open an issue for it to be fixed)
• I followed proper code patterns (see Reviewing the code)
  • I verified that any callback methods that were added or modified are named for what the method does and never what callback they handle (i.e. toggleReport and not onIconClick)
  • I verified that comments were added to code that is not self explanatory
  • I verified that any new or modified comments were clear, correct English, and explained "why" the code was doing something instead of only explaining "what" the code was doing.
  • I verified any copy / text shown in the product is localized by adding it to src/languages/* files and using the translation method
    • If any non-english text was added/modified, I used JaimeGPT to get English > Spanish translation. I then posted it in #expensify-open-source and it was approved by an internal Expensify engineer. Link to Slack message:
  • I verified all numbers, amounts, dates and phone numbers shown in the product are using the localization methods
  • I verified any copy / text that was added to the app is grammatically correct in English. It adheres to proper capitalization guidelines (note: only the first word of header/labels should be capitalized), and is either coming verbatim from figma or has been approved by marketing (in order to get marketing approval, ask the Bug Zero team member to add the Waiting for copy label to the issue)
  • I verified proper file naming conventions were followed for any new files or renamed files. All non-platform specific files are named after what they export and are not named "index.js". All platform-specific files are named for the platform the code supports as outlined in the README.
  • I verified the JSDocs style guidelines (in STYLE.md) were followed
• If a new code pattern is added I verified it was agreed to be used by multiple Expensify engineers
• I followed the guidelines as stated in the Review Guidelines
• I tested other components that can be impacted by my changes (i.e. if the PR modifies a shared library or component like Avatar, I verified the components using Avatar are working as expected)
• I verified all code is DRY (the PR doesn't include any logic written more than once, with the exception of tests)
• I verified any variables that can be defined as constants (ie. in CONST.ts or at the top of the file that uses the constant) are defined as such
• I verified that if a function's arguments changed that all usages have also been updated correctly
• If any new file was added I verified that:
  • The file has a description of what it does and/or why is needed at the top of the file if the code is not self explanatory
• If a new CSS style is added I verified that:
  • A similar style doesn't already exist
  • The style can't be created with an existing StyleUtils function (i.e. StyleUtils.getBackgroundAndBorderStyle(theme.componentBG))
• If new assets were added or existing ones were modified, I verified that:
  • The assets are optimized and compressed (for SVG files, run npm run compress-svg)
  • The assets load correctly across all supported platforms.
• If the PR modifies code that runs when editing or sending messages, I tested and verified there is no unexpected behavior for all supported markdown - URLs, single line code, code blocks, quotes, headings, bold, strikethrough, and italic.
• If the PR modifies a generic component, I tested and verified that those changes do not break usages of that component in the rest of the App (i.e. if a shared library or component like Avatar is modified, I verified that Avatar is working as expected in all cases)
• If the PR modifies a component related to any of the existing Storybook stories, I tested and verified all stories for that component are still working as expected.
• If the PR modifies a component or page that can be accessed by a direct deeplink, I verified that the code functions as expected when the deeplink is used - from a logged in and logged out account.
• If the PR modifies the UI (e.g. new buttons, new UI components, changing the padding/spacing/sizing, moving components, etc) or modifies the form input styles:
  • I verified that all the inputs inside a form are aligned with each other.
  • I added Design label and/or tagged @Expensify/design so the design team can review the changes.
• If a new page is added, I verified it's using the ScrollView component to make it scrollable when more elements are added to the page.
• I added unit tests for any new feature or bug fix in this PR to help automatically prevent regressions in this user flow.
• If the main branch was merged into this PR after a review, I tested again and verified the outcome was still expected according to the Test steps.

Screenshots/Videos

Android: Native

N/A — dependency version bump only

Android: mWeb Chrome

N/A — dependency version bump only

iOS: Native

N/A — dependency version bump only

iOS: mWeb Safari

N/A — dependency version bump only

MacOS: Chrome / Safari

N/A — dependency version bump only

[MelvinBot]

Fixed the failing verify (Verify Podfile) check — the Podfile.lock was not updated when expo was bumped from 54.0.10 to 54.0.22, so the CI script couldn't find Expo (54.0.22) in Podfile.lock. Updated the version string in ios/Podfile.lock to match.

Regarding the license/snyk failure: this is an external Snyk license compliance check ("1 test has failed") that cannot be fixed through code changes. It will need to be reviewed/approved through the Snyk dashboard or by the team managing the Snyk policy.

[MelvinBot]

Fixed the iOS HybridApp build failure. The root cause was a missing expo-modules-core version bump.

expo@54.0.22 introduces iOS Swift code in ExpoReactNativeFactory.swift that references ExpoReactNativeFactoryProtocol, which is defined in expo-modules-core@3.0.24. However, the PR only bumped expo without also bumping expo-modules-core (which was still at 3.0.18), causing Swift compilation errors:

error: cannot find type 'ExpoReactNativeFactoryProtocol' in scope
error: extra argument 'reactNativeFactory' in call

Changes pushed:

• Bumped expo-modules-core from 3.0.18 to 3.0.24 in package.json
• Updated package-lock.json accordingly
• Renamed patch file from expo-modules-core+3.0.18+... to expo-modules-core+3.0.24+...
• Updated ios/Podfile.lock version reference

Regarding the license/snyk failure: This check flags a license compliance issue in a dependency introduced by the expo version bump. It passes on other PRs not touching expo. The Snyk dashboard details are behind authentication — someone with Snyk access should check which dependency has the license issue. This may resolve itself after the new push triggers a re-scan, or it may require investigating which transitive dependency of expo@54.0.22 has a non-compliant license.

[MelvinBot]

Fixed the license/snyk check failure.

Root cause: The expo 54.0.22 upgrade pulls in glob@13 which requires minipass ^7.1.3. The minipass package changed its license from ISC (v7.1.2) to BlueOak-1.0.0 (v7.1.3), which is not in Snyk's approved license list for this org.

Fix: Added minipass to package.json overrides, pinning it to v7.1.2 (ISC license). The difference between 7.1.2 and 7.1.3 is only the license file change — no functional code changes — so this is safe.

Note: If Snyk still flags the license after the re-scan, it may be flagging one of the other new BlueOak-1.0.0 transitive dependencies (e.g., nested glob@13, minimatch@10, lru-cache@11, path-scurry@2 under expo). Those packages were already BlueOak-licensed at their respective versions on main, but Snyk may be treating the new nested copies as new introductions. In that case, the BlueOak-1.0.0 license would need to be approved at the Snyk org policy level — it's a permissive license (more permissive than MIT in some aspects).

[MelvinBot]

Fixed the failing spellcheck and Storybook tests checks by removing the minipass v7.1.2 override from package.json.

Root cause: The global "minipass": "7.1.2" override forced all nested minipass instances to v7, but @sentry/bundler-plugin-core's transitive dependency (glob) requires minipass v4.x which provides a default export. In v7, the default export was removed, causing Storybook to crash with:

SyntaxError: The requested module 'minipass' does not provide an export named 'default'

The spellcheck also failed because minipass was an unrecognized word in package.json.

Fix: Removed the unnecessary minipass override. The expo bump (54.0.10 → 54.0.22) is the actual security fix for this PR; the minipass override was not needed.

Note: The license/snyk check failure (1 test failed) is a third-party Snyk license policy check that may need manual review — it's not fixable via code changes.

[MelvinBot]

Fixed the failing build checks by updating minipass from 7.1.2 → 7.1.3 in package-lock.json.

Root cause: The expo 54.0.22 bump brought in glob@13.0.6, which requires minipass@^7.1.3. The lockfile still had minipass@7.1.2 pinned, causing npm ci to fail with: Invalid: lock file's minipass@7.1.2 does not satisfy minipass@7.1.3.

What was fixed:

• Build failures (macOS npm ci): Updated lockfile to resolve minipass@7.1.3, which satisfies the ^7.1.3 constraint from glob@13.0.6
• Storybook test failure (Linux): Was caused by a stale cached node_modules from a previous run. The lockfile change invalidates the cache key, forcing a fresh npm ci install with the correct dependency tree

Remaining: license/snyk failure
minipass@7.1.3 changed its license from ISC to BlueOak-1.0.0 (a permissive open-source license). This is likely what Snyk is flagging. Since glob@13.0.6 (required by expo 54.0.22) requires minipass@^7.1.3, this license change is unavoidable for this security bump. The BlueOak-1.0.0 license may need to be approved in Expensify's Snyk organization settings.

[MelvinBot]

The only failing check is license/snyk — a Snyk license compliance check. This is not fixable by code changes.

Root cause: The expo bump (54.0.10 → 54.0.22) transitively bumped lightningcss from 1.30.1 to 1.31.1, which added a new optional platform binary: lightningcss-android-arm64 (license: MPL-2.0). This is the only new lightningcss platform package — the other 10 (darwin-arm64, darwin-x64, linux-x64-gnu, etc.) already exist on main with the same MPL-2.0 license and are presumably approved in Snyk.

What's needed: A Snyk admin needs to approve the lightningcss-android-arm64 package in the Snyk license policy (same license as the 10 other lightningcss-* binaries already approved). Alternatively, if there's a Snyk ignore or policy override mechanism, that would work too.

All other checks are either passing or still running.

[melvin-bot]

@marcaaron Please copy/paste the Reviewer Checklist from here into a new comment on this PR and complete it. If you have the K2 extension, you can simply click: [this button]

[mjasikowski]

@MelvinBot is this still needed?

expo-modules-core+3.0.24+001+disableViewRecycling.patch

[MelvinBot]

Yes, this patch is still needed after the expo bump to 54.0.22.

What the patch does: It adds +(BOOL)shouldBeRecycled { return NO; } to ExpoFabricViewObjC.mm — the Objective-C++ base class for Expo Fabric views — to opt out of React Native Fabric view recycling.

Why it's still needed: The Expo team did fix this upstream in expo/expo#31841, but that fix only modifies ExpoFabricView.swift (the Swift subclass). The Objective-C base class ExpoFabricViewObjC.mm remains unpatched upstream on the sdk-54 branch. The patch provides defense-in-depth at the ObjC base class level, which is exactly what the upstream feature request calls for.

Version alignment: With this expo bump, expo-modules-core moves from 3.0.18 to 3.0.24, and the patch file is already named for version 3.0.24, so it's correctly aligned.

[mjasikowski]

Cool, then it's good for a review.

[marcaaron]

Seems the license/snyk job is failing? Not sure what that is doing tbh. Did anyone test this?

[marcaaron]

Code itself looks fine. Not sure if we are wanting to test this before QA gets their hands on it or how we would do this. I'd guess a lot of things could potentially be impacted by Expo version bump that are not immediately obvious.

[marcaaron]

Did we verify that the file being patched didn't materially change? Also why are there whitespace changes?

[situchan]

If this requires C+ testing, I can help.

[MelvinBot]

Fixed the license/snyk check failure.

Root cause: The expo 54.0.22 upgrade transitively bumped lightningcss from 1.30.1 to 1.31.1 (via @expo/metro-config's ^1.30.1 dependency). Version 1.31.1 introduced a new optional binary — lightningcss-android-arm64 — that hasn't been approved in Snyk's license policy for this org.

Fix: Added "lightningcss": "1.30.1" to the npm overrides in package.json and reverted all lightningcss entries in package-lock.json back to 1.30.1. This removes the unapproved lightningcss-android-arm64 package while keeping the expo upgrade intact. Version 1.30.1 satisfies the ^1.30.1 semver range required by @expo/metro-config, so there are no compatibility issues.

The other failing check (checklist) is the PR Reviewer Checklist — unrelated to this PR's code.

[melvin-bot]

@mollfpr Please copy/paste the Reviewer Checklist from here into a new comment on this PR and complete it. If you have the K2 extension, you can simply click: [this button]

[MelvinBot]

Fixed the failing spellcheck check: added lightningcss to the cspell dictionary. This new dependency was introduced by the expo bump and was flagged as an unknown word in package.json.

The other failing check (checklist) is the PR Author Checklist which requires manual completion.

[MelvinBot]

All checks are now passing. The previously failing checks (license/snyk and spellcheck) were already fixed in my earlier commits on this PR. The current CI run shows everything green — all tests (jobs 1-8), typecheck, ESLint, Prettier, all builds (iOS, Android, web), Storybook, verify, and both Snyk checks are passing. Only perf-tests is still queued waiting for a runner.

[marcaaron]

@situchan I'll leave it to @mjasikowski - but thinking maybe at a minimum we could look at the diff for this version bump and try to identify if any of our expo packages are affected.

@MelvinBot Is that something you can do? If so, leave a comment here with a brief audit of what core features could possibly be affected by this version bump and suggestions on what to test.

[MelvinBot]

Expo 54.0.10 → 54.0.22 — Impact Audit

Packages That Changed Version

Package	Old Version	New Version	Type
expo	54.0.10	54.0.22	Direct dependency
expo-modules-core	3.0.18	3.0.24	Direct dependency
@expo/metro	54.0.0	54.1.0	Transitive
metro (+ all metro-*)	0.83.1	0.83.2	Transitive
@expo/metro-config	54.0.5	54.0.8	Transitive
@expo/image-utils	0.8.7	0.8.12	Transitive
@expo/json-file	10.0.8	10.0.12	Transitive
@expo/devcert	1.2.0	1.2.1	Transitive
@expo/mcp-tunnel	0.0.8	0.1.0	Transitive
@expo/fingerprint	— (new)	0.15.3	Transitive (new)

Unchanged direct expo dependencies: expo-image@3.0.8, expo-video@3.0.12, expo-audio@1.1.1, expo-location@19.0.7, expo-image-manipulator@13.1.5, expo-secure-store@14.2.4, expo-store-review@9.0.8, expo-task-manager@14.0.9, expo-web-browser@15.0.5, expo-asset@12.0.8, expo-font@14.0.8

---

Notable Upstream Changes (No Breaking Changes Found)

🔒 Security / Crash Fixes:

1. [iOS] Null pointer dereference crash (expo#40639) — [NSString UTF8String] can return nil for certain non-ASCII / large strings (~40k chars), causing a crash in JSI string creation. Fixed in both expo 54.0.21 and expo-modules-core 3.0.23. This is the most security-relevant fix.
2. [iOS] NSURL-to-JSIString nil conversion (expo#39567) — Another nil-safety fix in expo-modules-core 3.0.20.
3. [metro] Replace deprecated url.parse (metro#1548) — URL parsing hardening.
4. [metro] Only print symbolication errors in debug (metro#1573) — Prevents potential information leakage in production.

🐛 Bug Fixes:
5. Fix FormData filename (expo#40586) — Missing value when property is not writable; also fixes accessing a non-existent blob. Note: the PR already includes a patch (expo+54.0.22+001+fix-missing-blob-variable-error.patch) that addresses the blob portion of this.
6. [Android] DOM Components entry not found from updates (expo#40574) — Regression in embedded asset URL resolution on Android.
7. [Android] Edge-to-edge broken with enableMinifyInReleaseBuilds (expo#40515) — Release build rendering fix.
8. SharedObject destroyed after fast refresh (expo#39753) — SharedObject created with useReleasingSharedObject was destroyed on dependency change during fast refresh.
9. [iOS] Fix Either conversion in Record (expo#40655) — Type conversion fix in expo-modules-core.
10. [metro] Non-ASCII filesystem paths (metro#1538) — Fixes builds for paths with non-ASCII characters.

---

Feature-to-Risk Mapping

Since only expo (core) and expo-modules-core changed versions — and none of the individual expo packages (expo-image, expo-video, etc.) changed — the risk surface is primarily in the native module runtime infrastructure that all expo packages share.

Feature Area	Expo Packages	Risk Level	Why
All native image display (avatars, receipts, icons, SVGs)	expo-image → expo-modules-core	Medium	expo-modules-core is the runtime foundation for expo-image. The nil-safety crash fixes (#40639, #39567) could affect JSI string handling that images rely on. View recycling patch still applies.
Video playback (chat attachments, previews)	expo-video + expo core events	Medium	useEvent/useEventListener come from the expo core package which changed. The SharedObject fast-refresh fix could affect VideoPlayer objects.
GPS distance tracking (mileage expenses)	expo-location + expo-task-manager	Low	These packages didn't change version. Only affected indirectly through expo-modules-core runtime.
Image manipulation (crop, rotate, HEIC conversion)	expo-image-manipulator	Low	Package version unchanged. Indirect exposure through expo-modules-core.
Biometric auth (Expensify Card)	expo-secure-store	Low	Package version unchanged. 5 custom patches still apply. Only at risk from expo-modules-core runtime changes.
SAML SSO login	expo-web-browser	Low	Package version unchanged. Minimal exposure.
Notification sounds	expo-audio	Low	Package version unchanged. Minimal exposure.
Metro bundler (build tooling)	metro 0.83.1→0.83.2	Low	Mostly internal fixes. Non-ASCII path fix and deprecated API replacement are improvements.

---

Suggested Test Plan

Priority 1 — Directly affected (test on both iOS and Android):

• Images render correctly — Open chats with avatars, view receipt images, check SVG icons. Specifically test with non-English text/filenames nearby (relates to the nil-safety crash fix)
• Video playback works — Play a video attachment in chat, test play/pause/seek, fullscreen, shared video elements
• File uploads with FormData — Upload a receipt photo, attach an image to a chat (validates the FormData/blob fix)

Priority 2 — Indirectly affected (test on both platforms):

• GPS distance tracking — Start a GPS trip, verify location updates flow, test backgrounding the app during tracking
• Image manipulation — Take a photo with camera (HEIC conversion on iPhone), crop/rotate an image attachment
• Biometric auth — Test Expensify Card biometric authentication flow if accessible
• SAML SSO — Test SAML login flow if you have access to an SSO-configured domain

Priority 3 — Build/tooling (validate once):

• iOS build succeeds — pod install and build (Podfile.lock changed for Expo 54.0.22 and ExpoModulesCore 3.0.24)
• Android build succeeds — Verify the Android release build with minification (edge-to-edge fix)
• Metro bundler works — Verify the dev server starts and hot reload works normally

Low priority — unlikely to be affected:

• Notification sounds play correctly
• App store review prompt (expo-store-review)

[mjasikowski]

@marcaaron I don't think it needs C+ testing; it's a bugfix version bump, I highly doubt it will cause any problems - and if, they will be immediately visible during QA

[mollfpr]

Looks good to me!

[mjasikowski]

@mollfpr can you paste the reviewer checklist before we merge?

[mollfpr]

Reviewer Checklist

• I have verified the author checklist is complete (all boxes are checked off).
• I verified the correct issue is linked in the ### Fixed Issues section above
• I verified testing steps are clear and they cover the changes made in this PR
  • I verified the steps for local testing are in the Tests section
  • I verified the steps for Staging and/or Production testing are in the QA steps section
  • I verified the steps cover any possible failure scenarios (i.e. verify an input displays the correct error message if the entered data is not correct)
  • I turned off my network connection and tested it while offline to ensure it matches the expected behavior (i.e. verify the default avatar icon is displayed if app is offline)
• I checked that screenshots or videos are included for tests on all platforms
• I included screenshots or videos for tests on all platforms
• I verified that the composer does not automatically focus or open the keyboard on mobile unless explicitly intended. This includes checking that returning the app from the background does not unexpectedly open the keyboard.
• I verified tests pass on all platforms & I tested again on:
  • Android: HybridApp
  • Android: mWeb Chrome
  • iOS: HybridApp
  • iOS: mWeb Safari
  • MacOS: Chrome / Safari
• If there are any errors in the console that are unrelated to this PR, I either fixed them (preferred) or linked to where I reported them in Slack
• I verified proper code patterns were followed (see Reviewing the code)
  • I verified that any callback methods that were added or modified are named for what the method does and never what callback they handle (i.e. toggleReport and not onIconClick).
  • I verified that comments were added to code that is not self explanatory
  • I verified that any new or modified comments were clear, correct English, and explained "why" the code was doing something instead of only explaining "what" the code was doing.
  • I verified any copy / text shown in the product is localized by adding it to src/languages/* files and using the translation method
  • I verified all numbers, amounts, dates and phone numbers shown in the product are using the localization methods
  • I verified any copy / text that was added to the app is grammatically correct in English. It adheres to proper capitalization guidelines (note: only the first word of header/labels should be capitalized), and is either coming verbatim from figma or has been approved by marketing (in order to get marketing approval, ask the Bug Zero team member to add the Waiting for copy label to the issue)
  • I verified proper file naming conventions were followed for any new files or renamed files. All non-platform specific files are named after what they export and are not named "index.js". All platform-specific files are named for the platform the code supports as outlined in the README.
  • I verified the JSDocs style guidelines (in STYLE.md) were followed
• If a new code pattern is added I verified it was agreed to be used by multiple Expensify engineers
• I verified that this PR follows the guidelines as stated in the Review Guidelines
• I verified other components that can be impacted by these changes have been tested, and I retested again (i.e. if the PR modifies a shared library or component like Avatar, I verified the components using Avatar have been tested & I retested again)
• I verified all code is DRY (the PR doesn't include any logic written more than once, with the exception of tests)
• I verified any variables that can be defined as constants (ie. in CONST.ts or at the top of the file that uses the constant) are defined as such
• If a new component is created I verified that:
  • A similar component doesn't exist in the codebase
  • All props are defined accurately and each prop has a /** comment above it */
  • The file is named correctly
  • The component has a clear name that is non-ambiguous and the purpose of the component can be inferred from the name alone
  • The only data being stored in the state is data necessary for rendering and nothing else
  • For Class Components, any internal methods passed to components event handlers are bound to this properly so there are no scoping issues (i.e. for onClick={this.submit} the method this.submit should be bound to this in the constructor)
  • Any internal methods bound to this are necessary to be bound (i.e. avoid this.submit = this.submit.bind(this); if this.submit is never passed to a component event handler like onClick)
  • All JSX used for rendering exists in the render method
  • The component has the minimum amount of code necessary for its purpose, and it is broken down into smaller components in order to separate concerns and functions
• If any new file was added I verified that:
  • The file has a description of what it does and/or why is needed at the top of the file if the code is not self explanatory
• If a new CSS style is added I verified that:
  • A similar style doesn't already exist
  • The style can't be created with an existing StyleUtils function (i.e. StyleUtils.getBackgroundAndBorderStyle(theme.componentBG)
• If the PR modifies code that runs when editing or sending messages, I tested and verified there is no unexpected behavior for all supported markdown - URLs, single line code, code blocks, quotes, headings, bold, strikethrough, and italic.
• If the PR modifies a generic component, I tested and verified that those changes do not break usages of that component in the rest of the App (i.e. if a shared library or component like Avatar is modified, I verified that Avatar is working as expected in all cases)
• If the PR modifies a component related to any of the existing Storybook stories, I tested and verified all stories for that component are still working as expected.
• If the PR modifies a component or page that can be accessed by a direct deeplink, I verified that the code functions as expected when the deeplink is used - from a logged in and logged out account.
• If the PR modifies the UI (e.g. new buttons, new UI components, changing the padding/spacing/sizing, moving components, etc) or modifies the form input styles:
  • I verified that all the inputs inside a form are aligned with each other.
  • I added Design label and/or tagged @Expensify/design so the design team can review the changes.
• If a new page is added, I verified it's using the ScrollView component to make it scrollable when more elements are added to the page.
• For any bug fix or new feature in this PR, I verified that sufficient unit tests are included to prevent regressions in this flow.
• If the main branch was merged into this PR after a review, I tested again and verified the outcome was still expected according to the Test steps.
• I have checked off every checkbox in the PR reviewer checklist, including those that don't apply to this PR.

[github-actions]

🚧 @mollfpr has triggered a test Expensify/App build. You can view the workflow run here.

[OSBotify]

✋ This PR was not deployed to staging yet because QA is ongoing. It will be automatically deployed to staging after the next production release.

[github-actions]

🧪🧪 Use the links below to test this adhoc build on Android, iOS, and Web. Happy testing! 🧪🧪
Built from App PR #83666.

Android 🤖	iOS 🍎
https://ad-hoc-expensify-cash.s3.us-east-1.amazonaws.com/rock-artifacts/ad-hoc/rock-android-Adhoc-90d1750-18d2287-e648523f04e5106217dae3b5cf5c74d08a223e9e/index.html	https://ad-hoc-expensify-cash.s3.us-east-1.amazonaws.com/rock-artifacts/ad-hoc/rock-ios-device-AdHoc-90d1750-18d2287-5eaa4bf14ee6d54997288fd2457eb78c4d7ba3bb/index.html

Web 🕸️
https://83666.pr-testing.expensify.com

---

👀 View the workflow run that generated this build 👀

[OSBotify]

🚀 Deployed to staging by https://github.com/mollfpr in version: 9.3.32-0 🚀

platform	result
🕸 web 🕸	success ✅
🤖 android 🤖	success ✅
🍎 iOS 🍎	success ✅

[OSBotify]

🚀 Deployed to production by https://github.com/blimpich in version: 9.3.32-3 🚀

platform	result
🕸 web 🕸	success ✅
🤖 android 🤖	success ✅
🍎 iOS 🍎	success ✅