[Snyk] Fix for 4 vulnerabilities

[mikew-zegon]

Snyk has created this PR to fix 4 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

• package.json
• yarn.lock

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	XML Injection SNYK-JS-XMLDOM-15869637	189
	Arbitrary Code Injection SNYK-JS-LODASH-15869625	183
	Prototype Pollution SNYK-JS-LODASH-15053838	144
	Prototype Pollution SNYK-JS-LODASH-15869619	88

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Arbitrary Code Injection
🦉 XML Injection

[mikew-zegon]

This upgrade includes major version jumps for critical React Native build tools that are tightly coupled with the React Native version. A direct update of these packages without a corresponding React Native upgrade will likely break the development environment and build process.

@react-native-community/cli 1.1.0 → 6.1.0

• Risk: HIGH
• Breaking Change: This is a major upgrade across five major versions. The React Native CLI is not backward compatible and its version must correspond to the react-native version in the project. An unsupported combination will lead to build failures and command errors.
• Compatibility Breakdown:
  • @react-native-community/cli@1.x → react-native@0.59.x
  • @react-native-community/cli@2.x → react-native@0.60.x
  • @react-native-community/cli@4.x → react-native@0.62.x / 0.63.x
  • @react-native-community/cli@6.x → react-native@0.65.x - 0.67.x
• Recommendation: Do not merge this change in isolation. This upgrade must be part of a larger, planned upgrade of the react-native package itself. Developers should follow the official React Native upgrade guide.

metro-react-native-babel-transformer 0.51.0 → 0.77.0

• Risk: MEDIUM
• Breaking Change: While technically a minor version upgrade, this package is a core component of the Metro bundler. Its version is tightly coupled to the metro and react-native versions. Upgrading it across such a large range (0.51 to 0.77) without updating the rest of the React Native toolchain is very likely to cause bundling and transformation errors.
• Recommendation: This package should only be upgraded as a dependency of a react-native version upgrade to ensure the entire build toolchain is compatible.

lodash 4.17.11 → 4.18.1

• Risk: LOW
• Change: This is a minor update that includes bug fixes and internal build process adjustments. There are no documented breaking API changes in this version range.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.