[Snyk] Security upgrade react-native from 0.42.3 to 0.69.12

[MHxGH-ServiceAccount]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• examples/SampleRN42/package.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AJV-15274295	157

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

---

Note

Medium Risk
Large React Native major-version jump in an example app; likely to introduce build/runtime incompatibilities even though the change is dependency-only and limited in scope.

Overview
Updates the examples/SampleRN42 example app dependency on react-native from 0.42.3 to 0.69.12 to address a reported security vulnerability (via Snyk).

^{Written by Cursor Bugbot for commit 62b69a2. This will update automatically on new commits. Configure here.}

[MHxGH-ServiceAccount]

Upgrading react-native from 0.42.3 to 0.69.12 is a massive undertaking that spans years of development and multiple critical breaking changes. This is not a simple dependency bump; it is a major migration project that will require significant refactoring of native code, JavaScript, and dependencies.

Key Breaking Changes:

• AndroidX Migration (v0.60+): React Native migrated from the Android Support Library to AndroidX. All native code and third-party dependencies must also be migrated to AndroidX, as they cannot be used side-by-side. A tool called jetifier can help automate some of this for dependencies.
• Autolinking for Native Modules (v0.60+): The react-native link command has been replaced by automatic linking. Projects must be updated to remove old manual links and adopt the new autolinking mechanism for both iOS and Android.
• Core Component Extraction (v0.60+): Many components like WebView and NetInfo were removed from the core library and must now be installed from separate community packages.
• React 18 Support (v0.69+): This version introduces support for React 18 and its concurrent features, which may affect application behavior and performance.
• Bundled Hermes (v0.69+): Hermes is now the default JavaScript engine and is bundled with React Native, which can improve app startup time but may require configuration changes.
• CLI Breaking Changes (v0.69+): The react-native-cli was significantly changed, removing the link and unlink commands entirely.
• API Removals: Numerous deprecated APIs and components, such as ViewPropTypes and SegmentedComponentIOS, have been removed.

Recommendation: This upgrade cannot be performed with a simple version change. It requires a careful, step-by-step migration. Use the official React Native Upgrade Helper web tool to generate a diff between your current version and the target version. It is strongly advised to upgrade incrementally between major versions (e.g., 0.42 → 0.59, then 0.59 → 0.60, etc.) to isolate and address breaking changes systematically. This upgrade will touch almost every part of the application and requires extensive testing.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[MHxGH-ServiceAccount]

⛔ Snyk checks have failed. 4 issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (4)
⛔	Open Source Security	0	4	0	0	4 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.}

[cursor]

Legacy CLI script breaks app startup

Medium Severity

Upgrading react-native to 0.69.12 leaves scripts.start pointing to node_modules/react-native/local-cli/cli.js, but modern React Native no longer ships local-cli. Running npm start in examples/SampleRN42/package.json will fail before Metro starts, so the sample cannot be launched.

Additional Locations (1)

• examples/SampleRN42/package.json#L5-L6