[Snyk] Fix for 3 vulnerabilities

[Armss9936]

Snyk has created this PR to fix 3 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json
• package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AJV-15274295	803
	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	631
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BRACEEXPANSION-9789073	436

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	expo-dev-client@​4.0.27 ⏵ 6.0.0			+1	+1

View full report

[greptile-apps]

Greptile Overview

Greptile Summary

This PR upgrades two key dependencies (expo-dev-client and react-native) to patch 3 security vulnerabilities: a high-severity ReDoS vulnerability in ajv, a medium-severity resource leak in inflight, and a low-severity ReDoS in brace-expansion.

Major Changes:

• react-native upgraded from 0.81.0 to 0.84.0 (3 minor versions jump)
• expo-dev-client upgraded from 4.0.27 to 6.0.0 (major version bump)
• Cascading updates to @babel packages (7.28.x → 7.29.x) and @react-native ecosystem packages
• ws library upgraded from 6.2.3 to 7.5.10 in dev dependencies

Security fixes:

• SNYK-JS-AJV-15274295 (score 803): ReDoS vulnerability in ajv
• SNYK-JS-INFLIGHT-6095116 (score 631): Resource leak in inflight
• SNYK-JS-BRACEEXPANSION-9789073 (score 436): ReDoS in brace-expansion

Breaking change risk:

• The expo-dev-client major version jump (4.x → 6.x) and react-native multi-minor version upgrade (0.81 → 0.84) may introduce breaking changes
• Test the app thoroughly on both development and production builds
• Verify that all React Native and Expo features work as expected, particularly navigation, status bar, and dev client functionality

Confidence Score: 4/5

• This PR is relatively safe to merge with moderate testing required
• Score reflects that this is an automated security patch from Snyk that fixes legitimate vulnerabilities. The changes are limited to dependency upgrades in package.json and package-lock.json with no custom code modifications. However, the major version bump for expo-dev-client (4.x → 6.x) and the 3-minor-version jump for react-native (0.81 → 0.84) warrant thorough testing before merging to catch any potential breaking changes or compatibility issues with the existing codebase.
• No files require special attention - these are automated dependency updates

Important Files Changed

Filename	Overview
package.json	Upgraded expo-dev-client from 4.0.27 to 6.0.0 and react-native from 0.81.0 to 0.84.0 to fix security vulnerabilities
package-lock.json	Cascading dependency updates including @babel packages, @react-native packages, and transitive security patches for ReDoS and resource leak vulnerabilities

_{Last reviewed commit: c0215c9}

[greptile-apps]

_{2 files reviewed, 2 comments}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

test navigation, StatusBar, and other React Native APIs thoroughly after 3 minor version jump (0.81 → 0.84)