[Snyk] Security upgrade react-native from 0.75.3 to 0.76.0

[revan-zhang]

Snyk has created this PR to fix 2 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• example/package.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	XML Entity Expansion SNYK-JS-FASTXMLPARSER-15677840	710
	Improper Validation of Specified Quantity in Input SNYK-JS-FASTXMLPARSER-15699647	685

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

---

---

Note

Medium Risk
Dependency upgrade may introduce React Native runtime/build changes that could break the example app until related tooling/config is aligned. No application logic changes were made.

Overview
Updates example/package.json to bump React Native from 0.75.3 to 0.76.0 (Snyk-driven security upgrade), with no other code changes in the PR.

^{Written by Cursor Bugbot for commit 8dca33e. This will update automatically on new commits. Configure here.}

[revan-zhang]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[devin-ai-integration]

Devin Review found 1 potential issue.

View 1 additional finding in Devin Review.

[devin-ai-integration]

🔴 react-native bumped to 0.76.0 but @react-native/ devDependencies left at 0.75.3*

The react-native dependency was updated from 0.75.3 to 0.76.0, but the @react-native/babel-preset, @react-native/metro-config, and @react-native/typescript-config devDependencies at example/package.json:21-23 are still pinned to 0.75.3. These packages are released in lockstep with react-native and must match the major.minor version. Running the example app with react-native 0.76.0 and @react-native/* 0.75.3 can cause build failures or incompatible Metro/Babel configurations.

Prompt for agents

In example/package.json, update the @react-native/* devDependencies on lines 21-23 to match the react-native 0.76.0 version:

- "@react-native/babel-preset": "0.75.3" -> "0.76.0"
- "@react-native/metro-config": "0.75.3" -> "0.76.0"
- "@react-native/typescript-config": "0.75.3" -> "0.76.0"

These packages are released in lockstep with react-native and their major.minor versions must match.

---

Was this helpful? React with 👍 or 👎 to provide feedback.

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

[cursor]

Mismatched @react-native/* devDependencies after react-native upgrade

High Severity

Upgrading react-native to 0.76.0 without updating the companion @react-native/babel-preset, @react-native/metro-config, and @react-native/typescript-config packages (still at 0.75.3) creates a version mismatch. These @react-native/* packages are designed to be version-aligned with react-native and have corresponding 0.76.x releases. This mismatch is likely to cause build failures or runtime incompatibilities, especially given that 0.76 enables the New Architecture by default.

Additional Locations (1)

• example/package.json#L20-L23