Upgrade Expo example app from SDK 53 to SDK 54

[imSzukala]

Why?

Intercom Android SDK 18.0.0 requires compileSdk 36 and targetSdk 36. The Expo example was on SDK 53 / RN 0.79.6 (compileSdk 35), which cannot build with SDK 18.0.0. This complements #408 which upgraded the bare example app.

How?

Upgrades the Expo example from SDK 53 to SDK 54, which bundles React Native 0.81.5 with compileSdk 36 / targetSdk 36. All Expo-managed dependencies were updated to their SDK 54 compatible versions via npx expo install --fix.

Implementation Plan

Upgrade Expo Example App from Expo SDK 53 to 54

Context

Intercom Android SDK 18.0.0 requires compileSdk 36 and targetSdk 36. PR #408 upgraded the bare example app to RN 0.81.1 (which ships with these SDK levels). The Expo example is still on Expo SDK 53 / RN 0.79.6 (compileSdk 35), so it cannot build with Intercom SDK 18.0.0. Expo SDK 54 bundles RN 0.81.5 with compileSdk 36 / targetSdk 36, making it the right upgrade target.

Plan

1. Create new branch from main

git checkout main && git pull && git checkout -b irena/expo-example-upgrade

2. Update examples/expo-example/package.json

Upgrade dependencies to Expo SDK 54 compatible versions. Key changes based on the official SDK 54 template:

Package	Current (SDK 53)	Target (SDK 54)
expo	~53.0.22	~54.0.33
react-native	0.79.6	0.81.5
react	19.0.0	19.1.0
react-dom	19.0.0	19.1.0
expo-router	~5.1.5	~6.0.23
expo-constants	~17.1.7	~18.0.13
expo-font	~13.3.2	~14.0.11
expo-haptics	~14.1.4	~15.0.8
expo-image	~2.4.0	~3.0.11
expo-linking	~7.1.7	~8.0.11
expo-splash-screen	~0.30.10	~31.0.13
expo-status-bar	~2.2.3	~3.0.9
expo-symbols	~0.4.5	~1.0.8
expo-system-ui	~5.0.11	~6.0.9
expo-web-browser	~14.2.0	~15.0.10
@expo/vector-icons	^14.1.0	^15.0.3
react-native-safe-area-context	5.4.0	~5.6.0
react-native-screens	~4.11.1	~4.16.0
react-native-web	~0.20.0	~0.21.0
react-native-reanimated	~4.1.0	~4.1.1

Packages NOT in SDK 54 template (need version check via npx expo install --fix):

• expo-blur: ~14.1.5 → TBD
• expo-device: ~7.1.4 → TBD
• expo-notifications: ~0.31.4 → TBD
• nativewind: ^4.0.1 → likely stays (not Expo-managed)
• react-native-mmkv-storage: ^12.0.0 → likely stays
• react-native-webview: 13.13.5 → likely stays

3. Run npx expo install --fix to validate versions

This ensures all expo-* packages are pinned to SDK 54 compatible versions, including the packages not in the template (expo-blur, expo-device, expo-notifications).

4. Regenerate lockfile

Delete and regenerate pnpm-lock.yaml or the relevant lockfile.

5. Update examples/expo-example/app.json if needed

Check if any Expo 54 config changes are needed (e.g. new plugin API).

Files to modify

• examples/expo-example/package.json — dependency versions
• examples/expo-example/app.json — if config changes needed
• Root lockfile — regenerated

Verification

1. cd examples/expo-example && npx expo install --check — verify all deps are SDK 54 compatible
2. cd examples/expo-example && npx expo run:android — build and run on Android
3. cd examples/expo-example && npx expo run:ios — build and run on iOS
4. Verify Intercom SDK initializes correctly

_{Generated with Claude Code}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​expo-router@​5.1.5 ⏵ 6.0.23	-2		+1	+1
	npm/​expo-status-bar@​2.2.3 ⏵ 3.0.9
	npm/​expo-splash-screen@​0.30.10 ⏵ 31.0.13			+1	+1
	npm/​expo-haptics@​14.1.4 ⏵ 15.0.8			+1	+1
	npm/​expo-system-ui@​5.0.11 ⏵ 6.0.9				+2
	npm/​expo-constants@​17.1.7 ⏵ 18.0.13	+1		+1	+1
	npm/​expo-linking@​7.1.7 ⏵ 8.0.11				+2
	npm/​expo-font@​13.3.2 ⏵ 14.0.11	+1		+1
	npm/​expo@​53.0.22 ⏵ 54.0.33			+1	+1
	npm/​expo-web-browser@​14.2.0 ⏵ 15.0.10			+1	+1
	npm/​expo-image@​2.4.0 ⏵ 3.0.11	+1		+1	+2
	npm/​react-native-safe-area-context@​5.4.0 ⏵ 5.6.2			+1
	npm/​@​types/​react@​19.0.14 ⏵ 19.1.17	+1
	npm/​expo-symbols@​0.4.5 ⏵ 1.0.8	+1		+1	+2
	npm/​expo-device@​7.1.4 ⏵ 8.0.10
	npm/​react-native-web@​0.20.0 ⏵ 0.21.2			+1
	npm/​expo-blur@​14.1.5 ⏵ 15.0.8
	npm/​expo-notifications@​0.31.4 ⏵ 0.32.16	+22		+1
	npm/​eslint-config-expo@​9.2.0 ⏵ 10.0.0	+1		+1	+2
	npm/​react-native-webview@​13.13.5 ⏵ 13.15.0	+1		+1	+2
	npm/​typescript@​5.8.3 ⏵ 5.9.3	+1		+1	+2
	npm/​@​expo/​vector-icons@​14.1.0 ⏵ 15.1.1	+1
	npm/​react-native@​0.79.6 ⏵ 0.81.5	+1
	npm/​react-native-reanimated@​4.1.0 ⏵ 4.1.7	+1		+1
	npm/​react-dom@​19.0.0 ⏵ 19.1.0			+1

View full report

[socket-security]

Caution

Review the following alerts detected in dependencies.

According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. It is recommended to resolve "Warn" alerts too. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Block		Recently published: npm @expo/json-file published 6 days ago Location: Package overview From: examples/expo-example/pnpm-lock.yaml → npm/expo-splash-screen@31.0.13 → npm/expo-constants@18.0.13 → npm/expo@54.0.33 → npm/@expo/json-file@10.0.13 ℹ Read more on: This package | This alert | What are recently published artifacts? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should either be allowlisted to allow recently-published versions, or an older version should be used instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@expo/json-file@10.0.13. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Recently published: npm @expo/package-manager published yesterday Location: Package overview From: examples/expo-example/pnpm-lock.yaml → npm/expo@54.0.33 → npm/@expo/package-manager@1.10.4 ℹ Read more on: This package | This alert | What are recently published artifacts? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should either be allowlisted to allow recently-published versions, or an older version should be used instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@expo/package-manager@1.10.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Recently published: npm lru-cache published 2 days ago Location: Package overview From: examples/expo-example/pnpm-lock.yaml → npm/expo-splash-screen@31.0.13 → npm/expo-constants@18.0.13 → npm/expo@54.0.33 → npm/lru-cache@11.3.2 ℹ Read more on: This package | This alert | What are recently published artifacts? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should either be allowlisted to allow recently-published versions, or an older version should be used instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/lru-cache@11.3.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: npm typescript under CC-BY-4.0 License: CC-BY-4.0 - the applicable license policy does not allow this license (4) (package/ThirdPartyNoticeText.txt) License: MIT-Khronos-old - the applicable license policy does not allow this license (4) (package/ThirdPartyNoticeText.txt) License: LicenseRef-W3C-Community-Final-Specification-Agreement - the applicable license policy does not allow this license (4) (package/ThirdPartyNoticeText.txt) From: examples/expo-example/package.json → npm/typescript@5.9.3 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/typescript@5.9.3. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report