Update dependency expo to v48 [SECURITY]#733

Open

renovate[bot] wants to merge 1 commit intodevelopfrom

develop-renovate-npm-expo-vulnerability

Contributor

renovate bot commented Feb 4, 2026 •

edited

Loading

This PR contains the following updates:

Package	Change	Age	Confidence
expo (source)	`40.0.1` → `48.0.0`

GitHub Vulnerability Alerts

CVE-2023-28131

A vulnerability in the expo.io framework allows an attacker to take over accounts and steal credentials on an application/website that configured the "Expo AuthSession Redirect Proxy" for social sign-in. This can be achieved once a victim clicks a malicious link. The link itself may be sent to the victim in various ways (including email, text message, an attacker-controlled website, etc).

Release Notes

expo/expo (expo)

`v48.0.0`

This version does not introduce any user-facing changes.

`v47.0.14`

`v47.0.13`

`v47.0.12`

`v47.0.11`

`v47.0.10`

`v47.0.9`

`v47.0.8`

`v47.0.7`

`v47.0.6`

`v47.0.5`

`v47.0.4`

`v47.0.3`

`v47.0.2`

`v47.0.1`

This version does not introduce any user-facing changes.

`v47.0.0`

🐛 Bug fixes

Showing warnings for missing native modules rather than throwing errors. (#19845 by @kudo)
Fixed crashes when running on react-native-v8 runtime. (#19843 by @kudo)
Fixed build errors when testing on React Native nightly builds. (#19805 by @kudo)

`v46.0.21`

`v46.0.20`

`v46.0.19`

`v46.0.18`

`v46.0.17`

`v46.0.16`

`v46.0.15`

`v46.0.14`

`v46.0.13`

`v46.0.12`

`v46.0.11`

`v46.0.10`

`v46.0.9`

`v46.0.8`

`v46.0.7`

`v46.0.6`

`v46.0.5`

`v46.0.4`

`v46.0.3`

`v46.0.2`

`v46.0.1`

This version does not introduce any user-facing changes.

`v46.0.0`

This version does not introduce any user-facing changes.

`v45.0.8`

`v45.0.7`

`v45.0.4`

`v45.0.3`

`v45.0.2`

`v45.0.1`

`v45.0.0`

This version does not introduce any user-facing changes.

`v44.0.6`

`v44.0.5`

`v44.0.4`

`v44.0.3`

`v44.0.2`

`v44.0.1`

`v44.0.0`

`v43.0.5`

`v43.0.4`

`v43.0.3`

`v43.0.2`

`v43.0.1`

`v43.0.0`

`v42.0.5`

`v42.0.4`

`v42.0.3`

`v42.0.2`

`v42.0.1`

`v42.0.0`

`v41.0.1`

`v41.0.0`

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate bot added the maintenance label

renovate bot force-pushed the develop-renovate-npm-expo-vulnerability branch 2 times, most recently from 3274080 to 7aa0fa2 Compare

February 17, 2026 20:29

renovate bot force-pushed the develop-renovate-npm-expo-vulnerability branch from 7aa0fa2 to 023b38c Compare

March 5, 2026 20:53

renovate bot force-pushed the develop-renovate-npm-expo-vulnerability branch from 023b38c to 6ab8a50 Compare

March 13, 2026 19:02

renovate bot changed the title ~~Update dependency expo to v48 [SECURITY]~~ Update dependency expo to v48 [SECURITY] - autoclosed

renovate bot closed this

renovate bot deleted the develop-renovate-npm-expo-vulnerability branch

March 27, 2026 00:42

renovate bot changed the title ~~Update dependency expo to v48 [SECURITY] - autoclosed~~ Update dependency expo to v48 [SECURITY]

renovate bot reopened this

renovate bot force-pushed the develop-renovate-npm-expo-vulnerability branch 2 times, most recently from 6ab8a50 to 940447e Compare

March 30, 2026 18:15


          Update dependency expo to v48 [SECURITY]

883a4a3

renovate bot force-pushed the develop-renovate-npm-expo-vulnerability branch from 940447e to 883a4a3 Compare

April 1, 2026 20:59

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels