[Snyk] Security upgrade expo from 39.0.5 to 48.0.0

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	Yes	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: expo

The new version differs by 250 commits.

• c8107d5 Publish packages
• b6a9460 [autolinking] Suppress node warnings about deprecated exports mapping (#21222)
• 3a2983e Backport react-native-screens v3.20.0 to SDK 48 code
• 2f40d87 [android] Remove scoped error recovery module
• c54c259 Backport expo-modules-core to SDK 48 and remove tests from versioned code
• ffceab2 Backport changes in expo-image and expo-gl to SDK 48
• f355232 [docs] improves the migration guide (#21159)
• 97fb1ba [expo-gl] Add support for GL_UNPACK_ALIGNMENT in pixelStorei (#21212)
• 97768e0 Publish expo-image
• 557a3ce Update lockfiles [skip ci]
• 32e281e [image][ios] Don't emit onProgress event when the asset size is unknown (#21215)
• ac324c0 [image][Android] Fix `You can't start or clear loads in RequestListener or Target callbacks` (#21192)
• e8386b3 [image][Android] Fix SVGs are not rendered in the release mode (#21214)
• b7a31ef [core] Fix AppDelegateSubscriber broken on ios framework mode (#21206)
• 3699632 [ENG-7389][docs] update images documentation (#21182)
• 610778d [github] Only add label if in allow list
• 10b679d [github] Fix typo in action
• c06f460 [github] Validate issues and improve bug report template (#21202)
• 5404abc Close config file watchers to ensure process can exit. (#21199)
• be2ffbe feat(cli, metro-config): implement new unstable_serverRoot feature (#21088)
• 87ffd74 remove deprecated expo-error-recovery (#21135)
• 456601f remove deprecated expo-app-loading (#21136)
• b2cf986 [expo-updates][android] Add rollback to embedded update directive (#21007)
• c189cfe [core][ios] Fix convertible implementation for URL to support unencoded strings (#21139)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service