[Snyk] Security upgrade react-native from 0.50.1 to 0.69.12

[MHxGH-ServiceAccount]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• examples/BiometricAuthExample/package.json
• examples/BiometricAuthExample/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Symlink Attack SNYK-JS-TAR-15416075	151

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Symlink Attack

---

Note

Medium Risk
Major react-native version jump with a large package-lock.json refresh, which can break the example app’s build/runtime even though changes are dependency-only and scoped to examples/BiometricAuthExample.

Overview
Upgrades the examples/BiometricAuthExample app to react-native@0.69.12 and updates package-lock.json accordingly, pulling in a large set of newer transitive dependencies.

This is a security-motivated dependency refresh intended to address the reported tar symlink vulnerability via updated dependency resolution.

^{Written by Cursor Bugbot for commit cf86ba1. This will update automatically on new commits. Configure here.}

[MHxGH-ServiceAccount]

Upgrading from React Native 0.50.1 to 0.69.12 is a massive undertaking that spans numerous major versions and introduces fundamental architectural changes. This is not a simple dependency bump and will require a significant migration effort.

Key Breaking Changes & Architectural Shifts:

• AndroidX Migration (from v0.60): React Native migrated to AndroidX, deprecating the old support library. All native code and third-party dependencies must also use AndroidX, which is a major breaking change for Android projects.
• Autolinking (from v0.60): The react-native link command has been replaced by a new "autolinking" mechanism for native modules. Projects must be updated to remove manual linking and adopt this new system. The CLI link and unlink commands were removed entirely in later versions.
• Core Component Extraction (from v0.60): Components like WebView, NetInfo, and Geolocation were removed from the core library and must be added as separate dependencies from the community.
• React 18 Support (from v0.69): This version introduces support for React 18 and its new concurrent features, which may affect how components render and behave.
• Bundled Hermes (from v0.69): To reduce version compatibility issues, React Native now ships with a compatible version of the Hermes JavaScript engine.
• Hooks (from v0.59): The introduction of React Hooks fundamentally changed how stateful logic is written in components.

Recommendation:

A manual, file-by-file upgrade across this many versions is extremely high-risk and impractical. The official and strongly recommended approach is to use the React Native Upgrade Helper tool. This tool provides a diff of all the changes between your starting and target versions, showing exactly what needs to be modified in your project's configuration, native build files, and JavaScript code.

An alternative, often safer, strategy for such a large jump is to create a new project with the target version (0.69.12) and incrementally port your application's source code and dependencies over, addressing breaking changes as they arise.

Source: React Native Upgrade Helper, React Native Release Notes

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[MHxGH-ServiceAccount]

⛔ Snyk checks have failed. 3 issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (3)
⛔	Open Source Security	0	3	0	0	3 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.