[Snyk] Security upgrade react-native from 0.74.1 to 0.76.0#17
[Snyk] Security upgrade react-native from 0.74.1 to 0.76.0#17revan-zhang wants to merge 1 commit into
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-FASTXMLPARSER-15699647
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
| "jpush-react-native": "^3.2.1", | ||
| "react": "18.2.0", | ||
| "react-native": "0.74.1" | ||
| "react-native": "0.76.0" |
There was a problem hiding this comment.
React Native devDependencies not updated to match 0.76.0
High Severity
Upgrading react-native to 0.76.0 without updating the corresponding @react-native/babel-preset, @react-native/eslint-config, @react-native/metro-config, and @react-native/typescript-config packages from 0.74.83 to their 0.76.x counterparts creates a version mismatch. These @react-native/* scoped packages are tightly coupled to the react-native version and are likely to cause build failures or runtime errors with incompatible configurations.
Additional Locations (1)
| "jpush-react-native": "^3.2.1", | ||
| "react": "18.2.0", | ||
| "react-native": "0.74.1" | ||
| "react-native": "0.76.0" |
There was a problem hiding this comment.
React version incompatible with react-native 0.76.0 peer dependency
High Severity
react-native 0.76.0 requires react 18.3.x as a peer dependency, but react remains pinned at 18.2.0. This version mismatch will cause npm peer dependency errors during installation and may lead to runtime incompatibilities, since React 18.3 includes preparatory deprecation warnings needed for the New Architecture features enabled by default in 0.76.
| "jpush-react-native": "^3.2.1", | ||
| "react": "18.2.0", | ||
| "react-native": "0.74.1" | ||
| "react-native": "0.76.0" |
There was a problem hiding this comment.
🔴 Incomplete react-native upgrade: @react-native/ devDependencies left at 0.74.x*
The react-native dependency was bumped from 0.74.1 to 0.76.0, but the @react-native/* devDependencies (@react-native/babel-preset, @react-native/eslint-config, @react-native/metro-config, @react-native/typescript-config) are all still pinned at 0.74.83 (example/package.json:22-25). These packages are versioned in lockstep with react-native and are expected to match the major.minor version. Using the 0.74.x tooling packages with react-native 0.76.0 will likely cause build failures or runtime errors in the example app (e.g., metro config incompatibilities, missing babel transforms for new architecture features introduced in 0.76).
Prompt for agents
In example/package.json, update the @react-native/* devDependencies on lines 22-25 to match the react-native 0.76.x version. Specifically, update:
- @react-native/babel-preset from 0.74.83 to the 0.76.x version
- @react-native/eslint-config from 0.74.83 to the 0.76.x version
- @react-native/metro-config from 0.74.83 to the 0.76.x version
- @react-native/typescript-config from 0.74.83 to the 0.76.x version
Also verify that react 18.2.0 (line 15) is compatible with react-native 0.76.0; react-native 0.76 may require a newer version of react (e.g., 18.3.1).
Was this helpful? React with 👍 or 👎 to provide feedback.


Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.
Snyk changed the following file(s):
example/package.jsonVulnerabilities that will be fixed with an upgrade:
SNYK-JS-FASTXMLPARSER-15699647
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.
Note
Medium Risk
Upgrading
react-nativeacross minor versions can introduce breaking runtime/build changes in the app and native dependencies, despite being a single-line change. Requires validating iOS/Android builds and core flows after the upgrade.Overview
Updates the
exampleapp’s dependency onreact-nativefrom0.74.1to0.76.0(Snyk-driven security upgrade) to address a reported vulnerability in the dependency tree.Written by Cursor Bugbot for commit 8ca0b92. This will update automatically on new commits. Configure here.