[Snyk] Security upgrade react-native from 0.42.3 to 0.69.12

[MHxGH-ServiceAccount]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• examples/SampleRN42/package.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Prototype Pollution SNYK-JS-IMMUTABLE-15423650	278

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

---

Note

High Risk
Large React Native major-version jump in an example app; likely to introduce breaking changes and require follow-on updates to tooling, native projects, or JS APIs.

Overview
Updates the examples/SampleRN42 example app to upgrade react-native from 0.42.3 to 0.69.12 to address a reported dependency vulnerability.

^{Written by Cursor Bugbot for commit 81c9685. This will update automatically on new commits. Configure here.}

[MHxGH-ServiceAccount]

Upgrading react-native from 0.42.3 to 0.69.12 is a massive undertaking that spans years of development and multiple critical breaking changes. This is not a simple dependency bump; it is a major migration project that will require significant refactoring of native code, JavaScript, and dependencies.

Key Breaking Changes:

• AndroidX Migration (v0.60+): React Native migrated from the Android Support Library to AndroidX. All native code and third-party dependencies must also be migrated to AndroidX, as they cannot be used side-by-side. A tool called jetifier can help automate some of this for dependencies.
• Autolinking for Native Modules (v0.60+): The react-native link command has been replaced by automatic linking. Projects must be updated to remove old manual links and adopt the new autolinking mechanism for both iOS and Android.
• Core Component Extraction (v0.60+): Many components like WebView and NetInfo were removed from the core library and must now be installed from separate community packages.
• React 18 Support (v0.69+): This version introduces support for React 18 and its concurrent features, which may affect application behavior and performance.
• Bundled Hermes (v0.69+): Hermes is now the default JavaScript engine and is bundled with React Native, which can improve app startup time but may require configuration changes.
• CLI Breaking Changes (v0.69+): The react-native-cli was significantly changed, removing the link and unlink commands entirely.
• API Removals: Numerous deprecated APIs and components, such as ViewPropTypes and SegmentedComponentIOS, have been removed.

Recommendation: This upgrade cannot be performed with a simple version change. It requires a careful, step-by-step migration. Use the official React Native Upgrade Helper web tool to generate a diff between your current version and the target version. It is strongly advised to upgrade incrementally between major versions (e.g., 0.42 → 0.59, then 0.59 → 0.60, etc.) to isolate and address breaking changes systematically. This upgrade will touch almost every part of the application and requires extensive testing.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[MHxGH-ServiceAccount]

⛔ Snyk checks have failed. 4 issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (4)
⛔	Open Source Security	0	4	0	0	4 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[cursor]

Cursor Bugbot has reviewed your changes and found 2 potential issues.

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

[cursor]

Incompatible React version with upgraded React Native

High Severity

react-native 0.69.12 requires react 18.0.0 as a peer dependency, but react remains pinned at 15.4.2. This version mismatch will cause installation failures (peer dependency errors) or runtime crashes. The react-test-renderer at 15.4.2 is similarly incompatible and needs to match the react version.

 

[cursor]

Start script references removed CLI path

High Severity

The start script references node_modules/react-native/local-cli/cli.js, which was removed in React Native 0.60+ when CLI functionality moved to @react-native-community/cli. With react-native now at 0.69.12, running npm start will fail with a "module not found" error since that file no longer exists.