Skip to content

refactor: Upgrade expo-server-sdk from 3.15.0 to 4.0.0 #439

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

refactor: Upgrade expo-server-sdk from 3.15.0 to 4.0.0 #439

wants to merge 1 commit into from

Conversation

parseplatformorg
Copy link
Contributor

@parseplatformorg parseplatformorg commented Sep 11, 2025
edited by coderabbitai bot
Loading

snyk-top-banner

Snyk has created this PR to upgrade expo-server-sdk from 3.15.0 to 4.0.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

  • The recommended version is 1 version ahead of your current version.

  • The recommended version was released 24 days ago.

Release notes
Package name: expo-server-sdk from expo-server-sdk GitHub release notes

Important

  • Warning: This PR contains a major version upgrade, and may be a breaking change.
  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

Summary by CodeRabbit

  • Chores
    • Upgraded the underlying notification delivery SDK to the latest major version to maintain compatibility with current platform services, improve stability, and prepare for future enhancements. No user-facing changes or settings are required. The update is backward-compatible with existing functionality and does not alter app behavior, while laying groundwork for more reliable push notifications and support for upcoming platform updates.

@snyk-bot
feat: upgrade expo-server-sdk from 3.15.0 to 4.0.0
d588f45 
Snyk has created this PR to upgrade expo-server-sdk from 3.15.0 to 4.0.0.

See this package in npm:
expo-server-sdk

See this project in Snyk:
https://app.snyk.io/org/acinader/project/b0adf7a4-b021-4a61-8d76-16d0d77d4062?utm_source=github&utm_medium=referral&page=upgrade-pr
@parse-github-assistant Parse GitHub Assistant
Copy link

I will reformat the title to use the proper commit message syntax.

@parse-github-assistant parse-github-assistant bot changed the title [Snyk] Upgrade expo-server-sdk from 3.15.0 to 4.0.0 refactor: Upgrade expo-server-sdk from 3.15.0 to 4.0.0 Sep 11, 2025
@parse-github-assistant Parse GitHub Assistant
Copy link

🚀 Thanks for opening this pull request!

@coderabbitai coderabbitai
Copy link

coderabbitai bot commented Sep 11, 2025
edited
Loading

📝 Walkthrough

Walkthrough

Updated dependency version in package.json: expo-server-sdk bumped from 3.15.0 to 4.0.0. No other files or configurations changed.

Changes

Cohort / File(s) Summary
Dependency Version Bump
package.json		 Updated expo-server-sdk from 3.15.0 to 4.0.0; no other dependency or structural changes.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Pre-merge checks (2 passed, 1 warning)

❌ Failed checks (1 warning)
Check name Status Explanation Resolution
Description Check ⚠️ Warning The PR body contains useful Snyk-generated release notes and a breaking-change warning but does not follow the repository's required PR template. The New Pull Request Checklist, an 'Issue Description' with a linked issue or explicit statement, an 'Approach' section, and the TODOs (tests, changelog, docs) are missing or unpopulated. Because these required template sections are absent, the description is incomplete for this repository's standards. Update the PR description to match the repository template: add the New Pull Request Checklist and mark or explain each item, provide an 'Issue Description' with a linked issue number or state none, and fill the 'Approach' describing the change and its impact (note the breaking change that drops Node v18 support). Complete or justify every item in "TODOs before merging" (add tests, changelog entry, documentation changes) and ensure CI passes on supported Node versions before merging.
✅ Passed checks (2 passed)
Check name Status Explanation
Title Check ✅ Passed The title clearly and accurately summarizes the primary change: upgrading the expo-server-sdk dependency and includes both the old and new versions. It is concise, on-topic, and immediately understandable to reviewers. This matches the repository's expectation for a short, specific PR title.
Docstring Coverage ✅ Passed No functions found in the changes. Docstring coverage check skipped.

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

  • Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
  • Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Please see the documentation for more information.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Undocumented Breaking Changes"
        mode: "warning"
        instructions: |
          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on this Discord post.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@parseplatformorg
Copy link
Contributor Author

🎉 Snyk checks have passed. No issues have been found so far.

security/snyk check is complete. No issues have been found. (View Details)

@codecov Codecov
Copy link

codecov bot commented Sep 11, 2025

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (025e83b) to head (d588f45).

Additional details and impacted files 
@@            Coverage Diff            @@
##            master      #439   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            9         9           
  Lines         1351      1351           
=========================================
  Hits          1351      1351

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

coderabbitai[bot]
coderabbitai bot requested changes Sep 11, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 025e83b and d588f45.

⛔ Files ignored due to path filters (1)
  • package-lock.json is excluded by !**/package-lock.json
📒 Files selected for processing (1)
  • package.json (1 hunks)
🔇 Additional comments (1)
package.json (1)

29-29: Confirm expo-server-sdk import style and CI Node target

  • Imports: found named ESM imports — import { Expo } from 'expo-server-sdk' — in src/EXPO.js and spec/EXPO.spec.js; matches expo-server-sdk v4 ESM usage, so no API rename expected.
  • CI/toolchain: workflow search failed in the prior run; verify CI matrices and toolchain files (.github/workflows, .nvmrc, .tool-versions, package.json) to ensure the targeted Node version is compatible (e.g., Node 18 if required).

package.json
@@ -26,7 +26,7 @@
"dependencies": {
"@parse/node-apn": "6.5.0",
"@parse/node-gcm": "1.0.2",
"expo-server-sdk": "3.15.0",
"expo-server-sdk": "4.0.0",
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

⚠️ Potential issue

Breaking: expo-server-sdk v4 drops Node 18; engines still allow 18 — align or postpone upgrade.

Upgrading to expo-server-sdk 4.0.0 drops support for Node v18.x. Your package.json still advertises Node "18 || 20 || 22", which can yield CI/runtime failures for users on Node 18. Either:

  • Drop Node 18 in engines and CI (preferred if you’re ready to deprecate 18), or
  • Postpone to the latest 3.x and keep Node 18 support.

Release note: “4.0.0 (2025-08-18) — Drop support for Node v18.x.” (newreleases.io)

Proposed diff (Option A: drop Node 18 to match dependency):

   "dependencies": {
     "@parse/node-apn": "6.5.0",
     "@parse/node-gcm": "1.0.2",
     "expo-server-sdk": "4.0.0",
     "firebase-admin": "13.5.0",
     "npmlog": "7.0.1",
     "parse": "6.1.1",
     "web-push": "3.6.7"
   },
   "devDependencies": {
@@
   },
   "engines": {
-    "node": "18 || 20 || 22"
+    "node": "20 || 22"
   }

Alternative (Option B: keep Node 18; defer upgrade):

-    "expo-server-sdk": "4.0.0",
+    "expo-server-sdk": "3.15.0",
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
"expo-server-sdk": "4.0.0",
"dependencies": {
"@parse/node-apn": "6.5.0",
"@parse/node-gcm": "1.0.2",
"expo-server-sdk": "4.0.0",
"firebase-admin": "13.5.0",
"npmlog": "7.0.1",
"parse": "6.1.1",
"web-push": "3.6.7"
},
"engines": {
"node": "20 || 22"
}
Suggested change
"expo-server-sdk": "4.0.0",
"dependencies": {
"@parse/node-apn": "6.5.0",
"@parse/node-gcm": "1.0.2",
"expo-server-sdk": "3.15.0",
"firebase-admin": "13.5.0",
"npmlog": "7.0.1",
"parse": "6.1.1",
"web-push": "3.6.7"
}
🤖 Prompt for AI Agents 
In package.json around line 29, the dependency bump to "expo-server-sdk":
"4.0.0" conflicts with your engines declaration allowing Node 18 (v4 drops Node
18 support); either align engines to remove Node 18 or revert the dependency to
a 3.x release. To fix: choose Option A — update the "engines" field and any CI
matrix to remove Node 18 (keep "20 || 22" or similar) and run CI locally to
confirm; or Option B — change the dependency back to the latest 3.x version in
package.json and update lockfile (npm/yarn install) so Node 18 remains
supported. Ensure the chosen option is applied consistently in package.json and
CI configs and commit the lockfile update.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@parseplatformorg @snyk-bot