[Snyk] Fix for 1 vulnerabilities

[nick-gudumac]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Prototype Pollution SNYK-JS-JSYAML-13961110	631

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

[sentry]

Bug: package.json and package-lock.json are out of sync, leading to incorrect dependency installations.
_{Severity: CRITICAL | Confidence: 0.99}

🔍 Detailed Analysis

The package.json specifies expo: ~52.0.0 and react-native: 0.81.0, but package-lock.json still contains expo: ~50.0.6 and older react-native versions. This mismatch will cause npm ci to install incorrect, older dependency versions, leading to runtime crashes due to API incompatibilities, especially with React Native 0.81.0 expecting Node.js 18+ and different APIs.

💡 Suggested Fix

Manually update package-lock.json by running npm install or yarn install after modifying package.json.

🤖 Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: package.json#L20

Potential issue: The `package.json` specifies `expo: ~52.0.0` and `react-native:
0.81.0`, but `package-lock.json` still contains `expo: ~50.0.6` and older `react-native`
versions. This mismatch will cause `npm ci` to install incorrect, older dependency
versions, leading to runtime crashes due to API incompatibilities, especially with
`React Native 0.81.0` expecting Node.js 18+ and different APIs.

_{Did we get this right? 👍 / 👎 to inform future reviews.}

_{Reference_id: 2680314}

[sentry]

Bug: react-native-keyboard-controller version ^1.11.5 is incompatible with React Native 0.81.0.
_{Severity: CRITICAL | Confidence: 0.98}

🔍 Detailed Analysis

The react-native-keyboard-controller dependency is pinned at ^1.11.5, which is incompatible with the updated React Native 0.81.0. react-native-keyboard-controller requires version 1.18.0+ for compatibility with React Native 0.81.0+. This will cause build failures or runtime errors when the lock file is properly regenerated and the incompatible version is installed.

💡 Suggested Fix

Update the react-native-keyboard-controller constraint in package.json from ^1.11.5 to ^1.18.0.

🤖 Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: package.json#L24

Potential issue: The `react-native-keyboard-controller` dependency is pinned at
`^1.11.5`, which is incompatible with the updated `React Native 0.81.0`.
`react-native-keyboard-controller` requires version `1.18.0+` for compatibility with
`React Native 0.81.0+`. This will cause build failures or runtime errors when the lock
file is properly regenerated and the incompatible version is installed.

_{Did we get this right? 👍 / 👎 to inform future reviews.}

_{Reference_id: 2680314}