[Snyk] Security upgrade react-native from 0.20.0 to 0.69.12

[MHxGH-ServiceAccount]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• examples/SampleRN20/package.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-15309438	170

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

---

Note

High Risk
Large major-version jump in react-native for the sample app, which is likely to introduce build/runtime incompatibilities even though the code change is small.

Overview
Upgrades the examples/SampleRN20 app’s react-native dependency from 0.20.0 to 0.69.12 (Snyk-driven security bump), leaving the rest of the sample app dependencies unchanged.

^{Written by Cursor Bugbot for commit 7a42515. This will update automatically on new commits. Configure here.}

[MHxGH-ServiceAccount]

This is a massive upgrade across approximately 49 major versions, representing a complete project migration rather than a simple dependency update. Manually upgrading by changing the version number in package.json will fail. The changes are extensive, touching every part of the project, including native build configurations, APIs, and project structure.

Recommendation: Do not attempt a manual upgrade. The only supported method is to use the official React Native Upgrade Helper. This tool generates a diff of all the file changes between your current version and the target version, which you must apply incrementally. For older or heavily customized projects, creating a new project with the target version and migrating your source code is often a safer approach.

Key Breaking Changes Include:

• Build System & Autolinking (v0.60+): The react-native link command has been removed. The ecosystem has shifted to autolinking native modules using Cocoapods on iOS and Gradle on Android. All previously linked dependencies must be unlinked and the project reconfigured to use this new system.

• AndroidX Migration (v0.60+): React Native has migrated from the Android Support Library to AndroidX. Your application and all its native dependencies must also use AndroidX, as the two systems cannot be used together.

• Core Component Extraction: Many modules have been removed from the React Native core and must be installed as separate community packages. This includes WebView, AsyncStorage, and Geolocation.

• API and PropType Removals: Numerous APIs and props have been removed or changed. For example, ViewPropTypes was removed, which will cause crashes if your dependencies have not been updated.

• React 18 Support (v0.69+): The target version introduces support for React 18 and bundles a compatible version of the Hermes JavaScript engine.

Source: React Native Upgrade Helper

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[MHxGH-ServiceAccount]

⛔ Snyk checks have failed. 2 issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (2)
⛔	Open Source Security	0	2	0	0	2 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[cursor]

Cursor Bugbot has reviewed your changes and found 2 potential issues.

^{Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.}

[cursor]

Missing required react peer dependency for RN 0.69

High Severity

Upgrading react-native to 0.69.12 requires react@18.0.0 as a peer dependency, but react is not listed in dependencies. In RN 0.20, React was bundled inside react-native, so a separate react dependency wasn't needed. Starting from RN 0.44+, react became a required peer dependency. Without it, npm install will fail or produce broken installs, and the app will not run.

 

[cursor]

Start script references removed local-cli/cli.js path

High Severity

The start script references node_modules/react-native/local-cli/cli.js, which was removed from react-native as part of the Lean Core effort. In RN 0.69.x the CLI lives in the separate @react-native-community/cli package. This script will fail with a "module not found" error. The path was valid for RN 0.20 but is broken after the version bump to 0.69.12.