Expo SDK old dependencies

🐛 Bug Report

Logkitty vulnerability

Summary of Issue (just a few sentences)

Whenever I start a new project at the expo this error occurs on github.

I saw it yarn lock that the expo SDK uses an outdated version of @react-native-community/cli-platform-android (^3.0.0-alpha.1)

How can i upgrade that?

Environment – output of expo diagnostics & the platform(s) you’re targeting

“react-native@https://github.com/expo/react-native/archive/sdk-37.0.1.tar.gz“:
version “0.61.4”
resolved “https://github.com/expo/react-native/archive/sdk-37.0.1.tar.gz#69f3f63c36c9df52611847a67c9d94596c1754cc
dependencies:
“@babel/runtime” “^7.0.0”
“@react-native-community/cli” “^3.0.0-alpha.1”
“@react-native-community/cli-platform-android” “^3.0.0-alpha.1”
“@react-native-community/cli-platform-ios” “^3.0.0-alpha.1”
abort-controller “^3.0.0”
art “^0.10.0”
base64-js “^1.1.2”
connect “^3.6.5”
create-react-class “^15.6.3”
escape-string-regexp “^1.0.5”
event-target-shim “^5.0.1”
fbjs “^1.0.0”
fbjs-scripts “^1.1.0”
hermes-engine “^0.2.1”
invariant “^2.2.4”
jsc-android “^245459.0.0”
metro-babel-register “^0.56.0”
metro-react-native-babel-transformer “^0.56.0”
metro-source-map “^0.56.0”
nullthrows “^1.1.0”
pretty-format “^24.7.0”
promise “^7.1.1”
prop-types “^15.7.2”
react-devtools-core “^3.6.3”
react-refresh “^0.4.0”
regenerator-runtime “^0.13.2”
scheduler “0.15.0”
stacktrace-parser “^0.1.3”
whatwg-fetch “^3.0.0”

Reproducible Demo

image

  • This should include as little code as possible, please don’t simply link your entire project
  • Sharing a link to a Snack is a GREAT way to provide a reproducible demo 🙂
  • If a reproducible demo, or a complete list of steps from blank project to bug, are not provided, it is very likely your issue will be closed
  • If you need more guidance, please see https://stackoverflow.com/help/mcve

As an added benefit- creating a repro may help you identify the source of the bug, which means we are one step closer to fixing it! Thanks for helping us help you!

1 possible answer(s) on “Expo SDK old dependencies

  1. @gregdburns – i just published expo@38.0.9, which includes a version of expo-splash-screen that includes a version of @expo/configure-splash-screen that includes a version of @react-native-community/cli-platform-android that includes a version of logkitty that should resolve this issue 😆

    please install expo@38.0.9 to fix it 🙂