[Snyk] Security upgrade react-native from 0.40.0 to 0.69.12

[MHxGH-ServiceAccount]

Snyk has created this PR to fix 1 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

• examples/TouchIDExample/package.json

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

⚠️ Warning

Failed to update the yarn.lock, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Prototype Pollution SNYK-JS-IMMUTABLE-15423650	278

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

---

Note

Medium Risk
Large React Native version jump in the TouchIDExample app could introduce breaking build/runtime changes for the example project, though it doesn’t modify the library code itself.

Overview
Updates the TouchIDExample's dependency on react-native from ^0.40.0 to ^0.69.12 to address a security-driven dependency upgrade.

^{Written by Cursor Bugbot for commit 70aad51. This will update automatically on new commits. Configure here.}

[MHxGH-ServiceAccount]

Upgrading from react-native version 0.40.0 to 0.69.12 is a massive undertaking that spans approximately 29 major versions and several years of development. This is not a direct upgrade but a significant migration project that involves fundamental architectural changes, API removals, and tooling updates.

Key Breaking Changes & Architectural Shifts:

• Project Structure & Tooling: Native project files (iOS/Android) have undergone extensive changes. The upgrade requires a complete overhaul of project configurations. The React Native CLI introduced breaking changes in v8.0, removing link and unlink commands in favor of autolinking.
• Core Component Migration: Many core components and modules have been removed from the React Native package and extracted into community-maintained packages. This includes AsyncStorage, WebView, NetInfo, and SegmentedComponentIOS. Your code must be updated to import and use these from their new packages.
• React 18 Support: Version 0.69 is the first to support React 18, introducing new hooks and concurrent features. This requires understanding the new capabilities and may involve refactoring how state and effects are managed.
• Hermes as Default Engine: Hermes became the bundled, default JavaScript engine in v0.69, which can significantly impact performance and debugging workflows.
• New Architecture (Fabric/TurboModules): While not enabled by default in 0.69, this version includes support for the new architecture, which replaces the legacy bridge with a more performant JSI (JavaScript Interface). Migrating libraries and custom native modules is a complex process.
• AndroidX Requirement: Support for the Android Support Library was dropped in favor of AndroidX. This is a mandatory and often complex migration for the Android part of the project.

Recommendation:
A direct, in-place upgrade is not feasible and will likely fail. The officially recommended approach is to use the React Native Upgrade Helper tool. However, given the vast version gap, the most practical strategy is to:

1. Create a brand new project using npx react-native init with the target version (0.69.12).
2. Methodically migrate your JavaScript source code, assets, and dependencies to the new project.
3. Re-implement any custom native modules and update dependencies to versions compatible with React Native 0.69 and the new tooling.

This upgrade should be treated as a full project rewrite or a major migration effort, not a routine dependency update.

Source: React Native Upgrade Helper, React Native 0.69 Release Notes

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[MHxGH-ServiceAccount]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

[cursor]

Incompatible React version left unchanged during upgrade

High Severity

Upgrading react-native to ^0.69.12 requires react version 18.0.0 as a peer dependency, but the react dependency on line 9 remains at ^15.1.0. This version mismatch will cause installation failures (peer dependency conflicts) and runtime errors, as React Native 0.69 relies on React 18 internals that don't exist in React 15.