[Snyk] Security upgrade react-native from 0.40.0 to 0.69.12

[MHxGH-ServiceAccount]

Snyk has created this PR to fix 1 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

• examples/TouchIDExample/package.json

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

⚠️ Warning

Failed to update the yarn.lock, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Inefficient Algorithmic Complexity SNYK-JS-MINIMATCH-15353389	170

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

---

Note

Medium Risk
Large React Native version jump in the example app may break builds/Metro configuration, and the yarn.lock is not updated to reflect the new version.

Overview
Updates examples/TouchIDExample/package.json to upgrade react-native from 0.40.0 to 0.69.12 for the TouchID example app.

No corresponding lockfile update is included, so installs may still resolve the previous dependency set until yarn.lock is regenerated.

^{Written by Cursor Bugbot for commit e425783. This will update automatically on new commits. Configure here.}

[MHxGH-ServiceAccount]

Upgrading from react-native version 0.40.0 to 0.69.12 is a massive undertaking that spans approximately 29 major versions and several years of development. This is not a direct upgrade but a significant migration project that involves fundamental architectural changes, API removals, and tooling updates.

Key Breaking Changes & Architectural Shifts:

• Project Structure & Tooling: Native project files (iOS/Android) have undergone extensive changes. The upgrade requires a complete overhaul of project configurations. The React Native CLI introduced breaking changes in v8.0, removing link and unlink commands in favor of autolinking.
• Core Component Migration: Many core components and modules have been removed from the React Native package and extracted into community-maintained packages. This includes AsyncStorage, WebView, NetInfo, and SegmentedComponentIOS. Your code must be updated to import and use these from their new packages.
• React 18 Support: Version 0.69 is the first to support React 18, introducing new hooks and concurrent features. This requires understanding the new capabilities and may involve refactoring how state and effects are managed.
• Hermes as Default Engine: Hermes became the bundled, default JavaScript engine in v0.69, which can significantly impact performance and debugging workflows.
• New Architecture (Fabric/TurboModules): While not enabled by default in 0.69, this version includes support for the new architecture, which replaces the legacy bridge with a more performant JSI (JavaScript Interface). Migrating libraries and custom native modules is a complex process.
• AndroidX Requirement: Support for the Android Support Library was dropped in favor of AndroidX. This is a mandatory and often complex migration for the Android part of the project.

Recommendation:
A direct, in-place upgrade is not feasible and will likely fail. The officially recommended approach is to use the React Native Upgrade Helper tool. However, given the vast version gap, the most practical strategy is to:

1. Create a brand new project using npx react-native init with the target version (0.69.12).
2. Methodically migrate your JavaScript source code, assets, and dependencies to the new project.
3. Re-implement any custom native modules and update dependencies to versions compatible with React Native 0.69 and the new tooling.

This upgrade should be treated as a full project rewrite or a major migration effort, not a routine dependency update.

Source: React Native Upgrade Helper, React Native 0.69 Release Notes

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[MHxGH-ServiceAccount]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[cursor]

Cursor Bugbot has reviewed your changes and found 2 potential issues.

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

[cursor]

Incompatible React version after React Native upgrade

High Severity

Upgrading react-native to ^0.69.12 without updating react from ^15.1.0 creates an incompatible dependency combination. React Native 0.69.x requires react 18.x as a peer dependency. React 15 is entirely incompatible, causing installation peer dependency conflicts and runtime failures. The react version needs to be updated to 18.0.0 to match the new react-native version.

 

[cursor]

Start script references removed CLI path

Medium Severity

The start script still references node_modules/react-native/local-cli/cli.js, which was removed when the React Native CLI was extracted to @react-native-community/cli (around RN 0.59). With react-native now at ^0.69.12, this path no longer exists and npm start/yarn start will fail. The standard start script for RN 0.69+ uses npx react-native start.

Additional Locations (1)

• examples/TouchIDExample/package.json#L9-L10