fix(deps): update dependency expo to v48 [security] by renovate[bot] · Pull Request #104 · pineapple-699/pineapple-reactNative

renovate · 2025-10-15T21:11:09Z

This PR contains the following updates:

Package	Change	Age	Confidence
expo (source)	`36.0.2` → `48.0.0`

Expo SDK has an OAuth vulnerability

CVE-2023-28131 / GHSA-wr5g-q49g-548w

More information

Details

A vulnerability in the expo.io framework allows an attacker to take over accounts and steal credentials on an application/website that configured the "Expo AuthSession Redirect Proxy" for social sign-in. This can be achieved once a victim clicks a malicious link. The link itself may be sent to the victim in various ways (including email, text message, an attacker-controlled website, etc).

Severity

CVSS Score: 9.6 / 10 (Critical)
Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

Release Notes

expo/expo (expo)

`v48.0.0`

Compare Source

This version does not introduce any user-facing changes.

This version does not introduce any user-facing changes.

`v47.0.0`

Compare Source

🐛 Bug fixes

Showing warnings for missing native modules rather than throwing errors. (#19845 by @kudo)
Fixed crashes when running on react-native-v8 runtime. (#19843 by @kudo)
Fixed build errors when testing on React Native nightly builds. (#19805 by @kudo)

`v46.0.21`

Compare Source

`v46.0.20`

Compare Source

`v46.0.19`

Compare Source

`v46.0.18`

Compare Source

`v46.0.17`

Compare Source

`v46.0.16`

Compare Source

`v46.0.15`

Compare Source

`v46.0.14`

Compare Source

`v46.0.13`

Compare Source

`v46.0.12`

Compare Source

`v46.0.11`

Compare Source

`v46.0.10`

Compare Source

`v46.0.9`

Compare Source

`v46.0.8`

Compare Source

`v46.0.7`

Compare Source

`v46.0.6`

Compare Source

`v46.0.5`

Compare Source

`v46.0.4`

Compare Source

`v46.0.3`

Compare Source

`v46.0.2`

Compare Source

`v46.0.1`

Compare Source

This version does not introduce any user-facing changes.

`v46.0.0`

Compare Source

This version does not introduce any user-facing changes.

`v45.0.8`

Compare Source

`v45.0.7`

Compare Source

`v45.0.4`

Compare Source

`v45.0.3`

Compare Source

`v45.0.2`

Compare Source

`v45.0.1`

Compare Source

`v45.0.0`

Compare Source

This version does not introduce any user-facing changes.

`v44.0.6`

Compare Source

`v44.0.5`

Compare Source

`v44.0.4`

Compare Source

`v44.0.3`

Compare Source

`v44.0.2`

Compare Source

`v44.0.1`

Compare Source

`v44.0.0`

Compare Source

`v43.0.5`

Compare Source

`v43.0.4`

Compare Source

`v43.0.3`

Compare Source

`v43.0.2`

Compare Source

`v43.0.1`

Compare Source

`v43.0.0`

Compare Source

`v42.0.5`

Compare Source

`v42.0.4`

Compare Source

`v42.0.3`

Compare Source

`v42.0.2`

Compare Source

`v42.0.1`

Compare Source

`v42.0.0`

Compare Source

`v41.0.1`

Compare Source

`v41.0.0`

Compare Source

`v40.0.1`

Compare Source

`v40.0.0`

Compare Source

`v39.0.5`

Compare Source

`v39.0.4`

Compare Source

`v39.0.3`

Compare Source

`v39.0.2`

Compare Source

`v39.0.1`

Compare Source

`v39.0.0`

Compare Source

`v38.0.11`

Compare Source

`v38.0.10`

Compare Source

`v38.0.9`

Compare Source

`v38.0.8`

Compare Source

`v38.0.7`

Compare Source

`v38.0.6`

Compare Source

`v38.0.5`

Compare Source

`v38.0.4`

Compare Source

`v38.0.3`

Compare Source

`v38.0.2`

Compare Source

`v38.0.1`

Compare Source

`v38.0.0`

Compare Source

`v37.0.12`

Compare Source

`v37.0.11`

Compare Source

`v37.0.10`

Compare Source

`v37.0.9`

Compare Source

`v37.0.8`

Compare Source

`v37.0.7`

Compare Source

`v37.0.6`

Compare Source

`v37.0.5`

Compare Source

`v37.0.4`

Compare Source

`v37.0.3`

Compare Source

`v37.0.2`

Compare Source

`v37.0.1`

Compare Source

`v37.0.0`

Compare Source

Configuration

📅 Schedule: (UTC)

Branch creation
- ""
Automerge
- At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate Bot force-pushed the renovate/npm-expo-vulnerability branch from 4cee980 to 99ab4df Compare October 21, 2025 15:05

renovate Bot force-pushed the renovate/npm-expo-vulnerability branch from 99ab4df to a2bb909 Compare November 11, 2025 01:55

renovate Bot force-pushed the renovate/npm-expo-vulnerability branch from a2bb909 to 2b1d186 Compare November 18, 2025 14:08

renovate Bot force-pushed the renovate/npm-expo-vulnerability branch from 2b1d186 to 19bf51a Compare December 3, 2025 17:27

renovate Bot force-pushed the renovate/npm-expo-vulnerability branch from 19bf51a to f842e9f Compare December 31, 2025 14:10

renovate Bot force-pushed the renovate/npm-expo-vulnerability branch from f842e9f to 5c6de53 Compare January 8, 2026 19:59

renovate Bot force-pushed the renovate/npm-expo-vulnerability branch from 5c6de53 to fdf6efb Compare January 19, 2026 19:50

renovate Bot force-pushed the renovate/npm-expo-vulnerability branch from fdf6efb to f06f765 Compare February 2, 2026 18:58

renovate Bot force-pushed the renovate/npm-expo-vulnerability branch 2 times, most recently from d2aea12 to 82565f8 Compare February 17, 2026 17:10

renovate Bot force-pushed the renovate/npm-expo-vulnerability branch from 82565f8 to 0a15a6f Compare March 5, 2026 20:48

renovate Bot force-pushed the renovate/npm-expo-vulnerability branch from 0a15a6f to e0a9ab8 Compare March 13, 2026 13:52

renovate Bot changed the title ~~fix(deps): update dependency expo to v48 [security]~~ fix(deps): update dependency expo to v48 [security] - autoclosed Mar 27, 2026

renovate Bot closed this Mar 27, 2026

renovate Bot deleted the renovate/npm-expo-vulnerability branch March 27, 2026 00:43

renovate Bot changed the title ~~fix(deps): update dependency expo to v48 [security] - autoclosed~~ fix(deps): update dependency expo to v48 [security] Mar 30, 2026

renovate Bot reopened this Mar 30, 2026

renovate Bot force-pushed the renovate/npm-expo-vulnerability branch 3 times, most recently from dbb3c3c to e861ea8 Compare April 1, 2026 19:33

renovate Bot force-pushed the renovate/npm-expo-vulnerability branch from e861ea8 to 7d182b2 Compare April 8, 2026 21:13

renovate Bot changed the title ~~fix(deps): update dependency expo to v48 [security]~~ fix(deps): update dependency expo to v48 [security] - autoclosed Apr 27, 2026

renovate Bot closed this Apr 27, 2026

renovate Bot changed the title ~~fix(deps): update dependency expo to v48 [security] - autoclosed~~ fix(deps): update dependency expo to v48 [security] Apr 27, 2026

renovate Bot reopened this Apr 27, 2026

renovate Bot force-pushed the renovate/npm-expo-vulnerability branch 3 times, most recently from 820451a to c6bdb22 Compare April 29, 2026 19:43

fix(deps): update dependency expo to v48 [security]

d19b050

renovate Bot force-pushed the renovate/npm-expo-vulnerability branch from c6bdb22 to d19b050 Compare May 12, 2026 11:04

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(deps): update dependency expo to v48 [security]#104

fix(deps): update dependency expo to v48 [security]#104
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/npm-expo-vulnerability

renovate Bot commented Oct 15, 2025 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

renovate Bot commented Oct 15, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Expo SDK has an OAuth vulnerability

Details

Severity

References

Release Notes

🐛 Bug fixes

Configuration

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

renovate Bot commented Oct 15, 2025 •

edited

Loading