[Snyk] Security upgrade @expo/config-plugins from 4.1.5 to 9.1.0

[snyk-io]

Snyk has created this PR to fix 1 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

• ExpoImplementationEAS/config-plugins/cs-expo-react-native-bridge/package.json
• ExpoImplementationEAS/config-plugins/cs-expo-react-native-bridge/yarn.lock

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	XML Injection SNYK-JS-XMLDOMXMLDOM-15869636	189

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 XML Injection

[snyk-io]

This is a major upgrade spanning multiple Expo SDK versions (from ~SDK 45 to ~SDK 51/52). This is not a simple package update and requires a full project migration.

Breaking Changes:

• Expo SDK Upgrades: The primary risk is that @expo/config-plugins versions are tightly coupled with Expo SDK versions. You must follow the official Expo upgrade guide for each SDK version sequentially (46 → 47 → 48 → 49 → 50 → 51). Simply updating this package alone will break the project.
• Environment Requirements: Major environmental changes are required across these SDK versions:
  • Node.js: SDK 50 and later require Node.js 18+.
  • Android SDK: The targetSdkVersion was bumped to 33 in SDK 48.
  • iOS Target: The minimum deployment target was raised to 13.4 in SDK 50.
• Configuration Changes: The hooks field in app.json/app.config.js, used for post-prebuild scripts, was removed in SDK 51 and must be migrated.

Recommendation: Do not merge this change as a standalone update. The entire project must be migrated through each intervening Expo SDK version by following the official upgrade instructions provided in the Expo documentation. This is a significant undertaking that requires careful planning.

Source: Expo SDK Changelogs

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.