[Snyk] Security upgrade react-native from 0.50.1 to 0.69.12

[MHxGH-ServiceAccount]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• examples/BiometricAuthExample/package.json
• examples/BiometricAuthExample/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Symlink Attack SNYK-JS-TAR-15456201	157

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

---

Note

Medium Risk
Large React Native version jump in the example app, which can break builds or require native config changes; however scope is limited to examples/BiometricAuthExample dependency files.

Overview
Upgrades examples/BiometricAuthExample to use react-native@0.69.12 (from an older 0.50.x line) to remediate the Snyk-reported tar symlink attack vulnerability.

Updates package-lock.json accordingly, pulling in a large set of new transitive dependencies associated with the newer React Native toolchain.

^{Written by Cursor Bugbot for commit 3912276. This will update automatically on new commits. Configure here.}

[MHxGH-ServiceAccount]

Upgrading from React Native 0.50.1 to 0.69.12 is a massive undertaking that spans numerous major versions and introduces fundamental architectural changes. This is not a simple dependency bump and will require a significant migration effort.

Key Breaking Changes & Architectural Shifts:

• AndroidX Migration (from v0.60): React Native migrated to AndroidX, deprecating the old support library. All native code and third-party dependencies must also use AndroidX, which is a major breaking change for Android projects.
• Autolinking (from v0.60): The react-native link command has been replaced by a new "autolinking" mechanism for native modules. Projects must be updated to remove manual linking and adopt this new system. The CLI link and unlink commands were removed entirely in later versions.
• Core Component Extraction (from v0.60): Components like WebView, NetInfo, and Geolocation were removed from the core library and must be added as separate dependencies from the community.
• React 18 Support (from v0.69): This version introduces support for React 18 and its new concurrent features, which may affect how components render and behave.
• Bundled Hermes (from v0.69): To reduce version compatibility issues, React Native now ships with a compatible version of the Hermes JavaScript engine.
• Hooks (from v0.59): The introduction of React Hooks fundamentally changed how stateful logic is written in components.

Recommendation:

A manual, file-by-file upgrade across this many versions is extremely high-risk and impractical. The official and strongly recommended approach is to use the React Native Upgrade Helper tool. This tool provides a diff of all the changes between your starting and target versions, showing exactly what needs to be modified in your project's configuration, native build files, and JavaScript code.

An alternative, often safer, strategy for such a large jump is to create a new project with the target version (0.69.12) and incrementally port your application's source code and dependencies over, addressing breaking changes as they arise.

Source: React Native Upgrade Helper, React Native Release Notes

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[MHxGH-ServiceAccount]

⛔ Snyk checks have failed. 3 issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (3)
⛔	Open Source Security	0	3	0	0	3 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.