[Snyk] Security upgrade react-native from 0.71.0 to 0.74.0

[snyk-io]

Snyk has created this PR to fix 1 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

• example/package.json
• example/yarn.lock

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	XML Entity Expansion SNYK-JS-FASTXMLPARSER-15307668	710

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[snyk-io]

The upgrade from React Native 0.71.0 to 0.74.0 is a major update that spans three significant versions (0.72, 0.73, 0.74), each introducing substantial breaking changes. This upgrade requires code modifications, environment updates, and careful migration of native project configurations.

Key Breaking Changes:

• Environment & Tooling Requirements:

  • Node.js: The minimum required version is increased to 18.
  • Android: Java 17 is now required for builds. The minimum Android SDK has been raised to 23 (Android 6.0).
  • iOS: The minimum deployment target is now iOS 13.4.

• Mandatory Code & API Changes:

  • PropTypes Removed: All built-in PropTypes have been completely removed. Components relying on them must be migrated, preferably to TypeScript.
  • Core Components Removed: Slider, DatePickerIOS, and ProgressViewIOS are removed from the core. You must migrate to community packages like @react-native-community/slider and @react-native-community/datetimepicker.
  • onLayout Behavior Change: Under the New Architecture, state updates within onLayout callbacks are now batched, which may affect logic that depends on sequential re-renders.
  • PushNotificationIOS: This API has breaking changes as it is being prepared for removal from the core library.

• Configuration & Build Process:

  • Android Namespace: The Android Gradle Plugin was upgraded, now requiring a namespace to be defined in the build.gradle file of Android libraries.
  • Metro Config: The metro.config.js file requires an updated format.
  • CLI Commands: The --variant and --configuration flags for build commands have been replaced with --mode.

Recommendation:
This is a high-effort upgrade. It is strongly recommended to use the official React Native Upgrade Helper to see a line-by-line diff of project template files. Address the breaking changes incrementally, starting with environment and tooling updates, followed by dependency and code migrations. Pay close attention to the removal of PropTypes and core components, as these will cause build failures until they are addressed.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[snyk-io]

⛔ Snyk checks have failed. 1 issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (1)
⛔	Open Source Security	0	1	0	0	1 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.