[Snyk] Security upgrade @expo/config-plugins from 4.1.5 to 54.0.3

[snyk-io]

Snyk has created this PR to fix 1 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

• ExpoImplementationEAS/config-plugins/cs-expo-react-native-bridge/package.json
• ExpoImplementationEAS/config-plugins/cs-expo-react-native-bridge/yarn.lock

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-15309438	170

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

[snyk-io]

This is a major version upgrade from v4 to v54, which corresponds to a very significant Expo SDK migration (e.g., from ~SDK 44 to SDK 54). This update includes numerous fundamental and breaking changes that will require significant developer action.

Key Breaking Changes:

• Mandatory Import Path Change: Starting with Expo SDK 47, package imports have been changed. All imports from @expo/config-plugins must be updated to expo/config-plugins. This is a required code modification. [6, 5]

• React Native's New Architecture: Expo SDK 54 is the last version to support the Legacy React Native Architecture. [11] Upgrading to subsequent versions (like the one associated with 54.0.3) requires migrating your project and any custom plugins to the New Architecture (Fabric/TurboModules), which is a major undertaking. [10]

• Native Project Changes: The underlying native project templates have evolved significantly. For example, with SDK 53, the iOS AppDelegate was migrated to Swift, which may require config plugins that modify it to be updated for Swift-compatible syntax. [7]

• Configuration Migration: Many properties formerly configured in app.json have been deprecated and removed in favor of dedicated config plugins. For instance, the top-level notification key was removed in SDK 55 and replaced by the expo-notifications config plugin. [10]

Recommendation: This upgrade cannot be treated as a simple package update. It must be handled as a comprehensive Expo SDK migration. Developers should follow the official Expo upgrade guides for each SDK version between their current version and SDK 54. Due to the scale of the changes, extensive testing and refactoring of any custom config plugins will be necessary.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.