[Snyk] Security upgrade react-native from 0.42.3 to 0.69.12

[MHxGH-ServiceAccount]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• example/package.json
• example/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AJV-15274295	157

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

---

Note

High Risk
Major framework jump with a regenerated lockfile can introduce breaking runtime/build changes despite being dependency-only. Risk is primarily compatibility and build/toolchain drift in the example app’s RN ecosystem.

Overview
Upgrades the example app’s react-native dependency from 0.42.3 to 0.69.12 as a Snyk-driven security remediation.

Regenerates example/package-lock.json, pulling in a large set of updated transitive dependencies consistent with the new React Native version.

^{Written by Cursor Bugbot for commit c6c209a. This will update automatically on new commits. Configure here.}

[MHxGH-ServiceAccount]

Upgrading react-native from 0.42.3 to 0.69.12 is a massive undertaking that spans years of development and multiple critical breaking changes. This is not a simple dependency bump; it is a major migration project that will require significant refactoring of native code, JavaScript, and dependencies.

Key Breaking Changes:

• AndroidX Migration (v0.60+): React Native migrated from the Android Support Library to AndroidX. All native code and third-party dependencies must also be migrated to AndroidX, as they cannot be used side-by-side. A tool called jetifier can help automate some of this for dependencies.
• Autolinking for Native Modules (v0.60+): The react-native link command has been replaced by automatic linking. Projects must be updated to remove old manual links and adopt the new autolinking mechanism for both iOS and Android.
• Core Component Extraction (v0.60+): Many components like WebView and NetInfo were removed from the core library and must now be installed from separate community packages.
• React 18 Support (v0.69+): This version introduces support for React 18 and its concurrent features, which may affect application behavior and performance.
• Bundled Hermes (v0.69+): Hermes is now the default JavaScript engine and is bundled with React Native, which can improve app startup time but may require configuration changes.
• CLI Breaking Changes (v0.69+): The react-native-cli was significantly changed, removing the link and unlink commands entirely.
• API Removals: Numerous deprecated APIs and components, such as ViewPropTypes and SegmentedComponentIOS, have been removed.

Recommendation: This upgrade cannot be performed with a simple version change. It requires a careful, step-by-step migration. Use the official React Native Upgrade Helper web tool to generate a diff between your current version and the target version. It is strongly advised to upgrade incrementally between major versions (e.g., 0.42 → 0.59, then 0.59 → 0.60, etc.) to isolate and address breaking changes systematically. This upgrade will touch almost every part of the application and requires extensive testing.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[MHxGH-ServiceAccount]

⛔ Snyk checks have failed. 4 issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (4)
⛔	Open Source Security	0	4	0	0	4 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[cursor]

Cursor Bugbot has reviewed your changes and found 2 potential issues.

^{Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.}

[cursor]

React Native upgrade breaks React compatibility

High Severity

react-native was upgraded to 0.69.12 while react remains 15.4.2, creating an incompatible dependency set in example/package.json. react-native@0.69.x expects modern React (React 18 era), so installs and runtime resolution can fail in the example app.

 

[cursor]

Start script points to removed CLI path

Medium Severity

The start script still calls node_modules/react-native/local-cli/cli.js, but that entrypoint is not used in react-native@0.69.12. After this upgrade, npm start in example/package.json can fail before Metro starts.