[Snyk] Security upgrade @react-native-community/cli from 1.1.0 to 9.0.0

[mikew-zegon]

Snyk has created this PR to fix 1 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

• package.json
• yarn.lock

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Prototype Pollution SNYK-JS-LODASH-15053838	144

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

[mikew-zegon]

This is a major upgrade across 8 major versions, from 1.1.0 to 9.0.0. This upgrade is exceptionally high-risk and will require a complete project migration, as it is tied to a significant upgrade of the React Native framework itself.

Core Breaking Change: Framework Incompatibility

The most critical issue is the incompatibility between CLI versions and React Native versions. According to the official compatibility chart, this upgrade implies moving from React Native ~0.59 to ~0.70. This is a massive jump that includes numerous breaking changes within React Native itself, most notably the shift to autolinking.

Key Breaking Changes in the CLI:

• Removal of react-native link: The link and unlink commands, which were standard in the v1.x era, have been completely removed in favor of autolinking, which was introduced in v2.0. All native dependencies must be migrated to the new system.
• Command Changes: Several commands and their options have been altered or removed. For example, in the run-android command, --appId and --appIdSuffix were removed and replaced with the --flavor option.
• Legacy init Removed: The legacy init command (initCompat) was removed in v8.0.0.
• Internal Packages Removed: Key internal packages like cli-debugger-ui were removed in later versions, which could affect custom development workflows.

Source: React Native Community CLI Releases, React Native Community CLI README

Recommendation: This is not a direct dependency upgrade. It must be treated as a full React Native framework upgrade. Developers must follow the official React Native upgrade guides to migrate the project from version 0.59 to 0.70, which will handle the CLI changes as part of that much larger process.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.