[Snyk] Security upgrade react-native from 0.40.0 to 0.69.12

[MHxGH-ServiceAccount]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• example/package.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AJV-15274295	157

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

---

Note

High Risk
Large React Native major-version jump that can introduce breaking changes in native build tooling and runtime behavior, even though the diff only changes package.json.

Overview
Upgrades react-native in example/package.json from 0.40.0 to 0.69.12 (Snyk-driven dependency bump) to address a reported vulnerability in the dependency tree.

^{Written by Cursor Bugbot for commit f741a46. This will update automatically on new commits. Configure here.}

[MHxGH-ServiceAccount]

⛔ Snyk checks have failed. 4 issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (4)
⛔	Open Source Security	0	4	0	0	4 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[MHxGH-ServiceAccount]

Upgrading from react-native version 0.40.0 to 0.69.12 is a massive undertaking that spans approximately 29 major versions and several years of development. This is not a direct upgrade but a significant migration project that involves fundamental architectural changes, API removals, and tooling updates.

Key Breaking Changes & Architectural Shifts:

• Project Structure & Tooling: Native project files (iOS/Android) have undergone extensive changes. The upgrade requires a complete overhaul of project configurations. The React Native CLI introduced breaking changes in v8.0, removing link and unlink commands in favor of autolinking.
• Core Component Migration: Many core components and modules have been removed from the React Native package and extracted into community-maintained packages. This includes AsyncStorage, WebView, NetInfo, and SegmentedComponentIOS. Your code must be updated to import and use these from their new packages.
• React 18 Support: Version 0.69 is the first to support React 18, introducing new hooks and concurrent features. This requires understanding the new capabilities and may involve refactoring how state and effects are managed.
• Hermes as Default Engine: Hermes became the bundled, default JavaScript engine in v0.69, which can significantly impact performance and debugging workflows.
• New Architecture (Fabric/TurboModules): While not enabled by default in 0.69, this version includes support for the new architecture, which replaces the legacy bridge with a more performant JSI (JavaScript Interface). Migrating libraries and custom native modules is a complex process.
• AndroidX Requirement: Support for the Android Support Library was dropped in favor of AndroidX. This is a mandatory and often complex migration for the Android part of the project.

Recommendation:
A direct, in-place upgrade is not feasible and will likely fail. The officially recommended approach is to use the React Native Upgrade Helper tool. However, given the vast version gap, the most practical strategy is to:

1. Create a brand new project using npx react-native init with the target version (0.69.12).
2. Methodically migrate your JavaScript source code, assets, and dependencies to the new project.
3. Re-implement any custom native modules and update dependencies to versions compatible with React Native 0.69 and the new tooling.

This upgrade should be treated as a full project rewrite or a major migration effort, not a routine dependency update.

Source: React Native Upgrade Helper, React Native 0.69 Release Notes

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[cursor]

Cursor Bugbot has reviewed your changes and found 2 potential issues.

^{Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.}

[cursor]

Start script targets removed React Native CLI

Medium Severity

Upgrading react-native to ^0.69.12 leaves the start script pointing to node_modules/react-native/local-cli/cli.js, but local-cli is no longer used in modern React Native. This makes npm start fail because the referenced CLI path is absent.

Additional Locations (1)

• example/package.json#L5-L6

 

[cursor]

React version now incompatible with upgraded RN

High Severity

react-native was upgraded to ^0.69.12 while react stayed at ^15.4.2, creating an incompatible dependency pair. React Native 0.69 expects modern React, so installs or app startup can fail due to peer/version mismatch in example/package.json.

Additional Locations (1)

• example/package.json#L8-L9