[Snyk] Security upgrade react-native from 0.72.9 to 0.74.0

[snyk-sa-branch]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• branchreactnativetestbed/package.json
• branchreactnativetestbed/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Uncaught Exception SNYK-JS-FASTXMLPARSER-15155603	710

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Uncaught Exception

[matterai-app]

Summary By MatterAI

🔄 What Changed

Upgraded react-native from version 0.72.9 to 0.74.0 within the package.json file to address security vulnerabilities.

🔍 Impact of the Change

Improves the security posture of the application by patching known vulnerabilities. This minor version jump also introduces React Native 0.74 features and potential breaking changes in native build configurations that require validation.

📁 Total Files Changed

Click to Expand

File	ChangeLog
Dependency Update branchreactnativetestbed/package.json	Bumped react-native version from 0.72.9 to 0.74.0.

🧪 Test Recommended

Recommended

• Native Build Verification: Execute npx pod-install (iOS) and gradlew clean (Android) to ensure native dependencies link correctly.
• Regression Testing: Perform a full smoke test of the application UI and core functionalities on both platforms.
• Branch Integration: Verify that react-native-branch remains compatible with the new React Native version.

🔒 Security Vulnerabilities

This PR specifically targets security upgrades identified by Snyk to mitigate risks associated with outdated framework versions. 🛡️

⏳ Estimated code review effort

LOW (~5 minutes)

Tip

Quality Recommendations

1. Verify that the lockfile (yarn.lock or package-lock.json) is updated alongside package.json

2. Check for any breaking changes in React Native 0.74 that might affect custom native modules

3. Ensure CocoaPods are updated for iOS builds

♫ Tanka Poem

Old versions depart, 🧪
Security gaps are now sealed, 🛡️
Zero seventy-four.
Logic flows with modern strength, ⚙️
Safe paths for the data stream. ✨

Sequence Diagram

sequenceDiagram
    participant Dev as Developer
    participant PM as Package Manager
    participant Reg as NPM Registry
    participant App as Mobile App

    Dev->>PM: Update package.json (react-native 0.74.0)
    PM->>Reg: Fetch react-native@0.74.0
    Reg-->>PM: Return package assets
    PM->>App: Update node_modules
    Note over App: Requires native rebuild

Loading

[matterai-app]

🧪 PR Review is completed: Critical warning regarding React Native upgrade: This PR requires accompanying native file changes which are missing.

Skipped files

• branchreactnativetestbed/package-lock.json: File hunk diff too large

[matterai-app]

🟠 Incomplete Upgrade & Stability

Issue: Upgrading to React Native 0.74 requires significant updates to native files (android/build.gradle, ios/Podfile, etc.) which are missing in this PR. Also, 0.74.0 is the initial release; patch versions are more stable.

Fix: Use a stable patch version (e.g., 0.74.1) and mandatory: use the React Native Upgrade Helper to update native projects. Verify react-native-branch compatibility with RN 0.74.

Impact: Prevents build failures and runtime crashes.

Suggested change

	"react-native": "0.74.0",
	"react-native": "0.74.1",