[Snyk] Security upgrade react-native from 0.48.4 to 0.69.12

[MHxGH-ServiceAccount]

Snyk has created this PR to fix 1 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

• examples/SafariViewExample/package.json

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

⚠️ Warning

Failed to update the yarn.lock, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AJV-15274295	157

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

---

Note

Medium Risk
Large version jump in a core framework dependency (React Native) may break the example app/build tooling even though the change is confined to an example project.

Overview
Updates the examples/SafariViewExample app’s package.json to bump react-native from 0.48.4 to 0.69.12 to address a dependency security finding.

^{Written by Cursor Bugbot for commit 271bfb0. This will update automatically on new commits. Configure here.}

[MHxGH-ServiceAccount]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[MHxGH-ServiceAccount]

Upgrading from react-native version 0.48.4 to 0.69.12 is a massive undertaking that spans over 20 major versions and several years of development. This is not a simple dependency bump; it is a fundamental migration involving multiple architectural shifts. A direct in-place upgrade is highly discouraged and likely to fail.

Key Architectural Breaking Changes:

• AndroidX Migration (v0.60+): React Native migrated from the Android Support Library to AndroidX. All native dependencies and custom native code must also be migrated, as they cannot be used side-by-side. Tools like jetifier can help, but this is a major breaking change for the Android ecosystem.
• Autolinking (v0.60+): The react-native link command was replaced by automatic linking for native modules, which relies on CocoaPods for iOS and Gradle for Android. Projects must be migrated away from manual linking, and dependencies must support the new system.
• "Lean Core" Initiative (v0.60+): Many components and APIs (WebView, NetInfo, Geolocation, AsyncStorage) were removed from the core library and extracted into separate community-managed packages. Your code must be updated to import and depend on these new packages directly.
• The New Architecture (Opt-in v0.68+, Default in future): This is a complete redesign of React Native's internals, replacing the asynchronous "Bridge" with a synchronous JavaScript Interface (JSI). This enables major performance improvements but requires libraries to be updated to support the new "Fabric" rendering system and "TurboModules". While optional in 0.69, many libraries are now built with the new architecture in mind.
• React 18 Support (v0.69+): Version 0.69 is the first to support React 18, introducing concurrent features. This can cause breaking changes in how components render and manage state, and some older libraries may have compatibility issues.

Recommendation:

Due to the scale of these changes, the recommended approach is to create a new project using the target React Native version (0.69.12) and incrementally migrate your application source code, assets, and dependencies. This avoids the complexity of a multi-version in-place upgrade.

Use the React Native Upgrade Helper web tool to see a file-by-file comparison between your starting and target versions. This will provide a detailed checklist of configuration changes, but it will not handle the logic or dependency migrations automatically.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[cursor]

Cursor Bugbot has reviewed your changes and found 3 potential issues.

^{Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.}

[cursor]

React Native and React versions are incompatible

Medium Severity

react-native was upgraded to 0.69.12 but react remains 16.0.0-alpha.12. react-native@0.69 expects a React 18 peer, so this dependency set is inconsistent and can break install resolution or runtime behavior in examples/SafariViewExample/package.json.

Additional Locations (1)

• examples/SafariViewExample/package.json#L9-L10

 

[cursor]

Start script targets removed React Native CLI

Medium Severity

After upgrading to react-native@0.69.12, the start script still executes node_modules/react-native/local-cli/cli.js. That legacy CLI path is no longer used in newer React Native, so yarn start in examples/SafariViewExample/package.json can fail immediately.

Additional Locations (1)

• examples/SafariViewExample/package.json#L6-L7

 

[cursor]

Lockfile still pins old React Native

Medium Severity

package.json now requests react-native@0.69.12, but examples/SafariViewExample/yarn.lock still resolves react-native@0.48.4. In lockfile-driven installs, the vulnerable version can remain in use or installs can fail under frozen lock settings, so the security upgrade is not reliably applied.