[Snyk] Fix for 8 vulnerabilities

[EthanJoyce]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASHTEMPLATE-1088054	Yes	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	Yes	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Prototype Pollution SNYK-JS-XML2JS-5414874	Yes	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Improper Input Validation SNYK-JS-XMLDOM-1534562	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Prototype Pollution SNYK-JS-XMLDOM-3042242	Yes	No Known Exploit
	811/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.8	Improper Input Validation SNYK-JS-XMLDOM-3092935	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: expo

The new version differs by 250 commits.

• b9d655c Publish packages
• 562ea45 Update Podfile.lock [skip ci]
• 33ff38a [ios] Update usage string for location [skip ci]
• a2cc87a [build-properties] add missing enableProguardInReleaseBuilds property (#17361)
• 01d7660 fix(cli): add missing `--platform` flag to `export` command (#17338)
• 3797e29 feat(cli): add `run:ios` command (#16662)
• 06ade67 [cli] Add CI info to telemtry (#17284)
• 22652ed chore(cli): deduplicate asMock helper function (#17294)
• d0c5f7f fix(cli): clean up emulator process (#17273)
• 93b56ef fix(cli): prevent autocomplete from crashing (#17271)
• 8eaf8c4 [ios] Fix compilation issues in iOS shell apps (#17357)
• 7a2e413 [android] Fix more FLAG_MUTABLE exception in PendingIntent (#17333)
• 43674b0 [notifications] handle SCHEDULE_EXACT_ALARM for android 12 (#17334)
• 68940da [android][apple-authentication] Resolve RN 65 warning from NativeEventEmitter (#17343)
• fff31e1 [android] backport #17280 expo-av changes to sdk 45 versioned code (#17349)
• 2a8f9e6 [av][android] Fix crashes caused by accessing `ExoPlayer` from the wrong thread (#17280)
• 9a9835c [expo][keep-awake] Fix `Unable to deactivate keep awake` warnings (#17319)
• 4cb9822 [build-properties] Fix android build failure (#17321)
• 6a62fea [build-properties] Introduce build-properties config-plugin (#17106)
• ac245d3 [ios] Migrate react-native-safe-area-context to separate vendored pod (#17354)
• 62821c4 Publish packages
• eca3009 [dev-client] Rebuild js
• 37d9088 [menu][ios] Try to fix crashes connected with reloads (#17336)
• 0a31878 [menu][Android] Fix crashes when the app was launched from a deep link and the react-native-reanimated were installed (#17282)

See the full diff

Package name: react-native-vector-icons

The new version differs by 35 commits.

• 5e93365 Release 9.1.0
• 7dbcd72 Build entypo from npm package (#1415)
• 1caf4a7 Bump icon directory to use react-scripts 5.0.0 (#1414)
• 92bd1ce Upgrade example to RN 0.67 (#1413)
• 217d26d Make text non-selectable on web too (#1252)
• bb5bd45 Update README.md (#1246)
• 3ee64d7 React Native Auto Linking Details (#1393)
• 015e8d4 Simplify Android font bundling (#1401)
• 8948d57 Update FontAwesome 5 to 5.15.3 (#1234)
• dc7b515 Update icon sets (#1412)
• 16e35fc Build fonts with docker (#1411)
• 74a2d83 Remove lodash dependencies (#1410)
• 84d446b Release 9.0.0
• 0cd3492 Fix Flow type for IconProps to work with exact_by_default=true (#1363)
• fd1c86f Import from react-native directly (#1388)
• 27f177f Bump directory to React 17 (#1387)
• bf943c3 Bump React Native to 0.66 in Example project (#1386)
• 37a5acc Adding mavenCentral() as jcenter() is shutting (#1337)
• 2e44f27 Add notice about react-native-vector-image
• 13e8b5d Update README.md (#1326)
• 204e49d Use actions/setup-node@v2 in workflows
• 4068166 Release 8.1.0
• 2ea43ae Replace travis with github actions (#1310)
• a1a019c Refactor gradle font script to support android gradle plugin 4.1+ (#1307)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service
🦉 Prototype Pollution
🦉 Improper Input Validation