[Snyk] Security upgrade react-native-gesture-handler from 2.9.0 to 2.17.0

[snyk-io]

Snyk has created this PR to fix 1 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

• example/package.json
• example/yarn.lock

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Prototype Pollution SNYK-JS-LODASH-15053838	495

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

[snyk-io]

This upgrade of react-native-gesture-handler is within the same major version (v2), but introduces new requirements for the underlying React Native version.

Key Changes:

• React Native Version Requirement: The primary risk is an environment change. Newer versions of react-native-gesture-handler require a more recent version of react-native. According to the official documentation, 2.16.0+ requires react-native version 0.68.0 or newer.
• No API Breaking Changes: There are no significant API breaking changes documented between versions 2.9.0 and 2.17.0. The major architectural changes for v2 were introduced before version 2.9.0.

Recommendation:
Verify that your project's React Native version is 0.68.0 or higher before merging this upgrade to ensure compatibility.

Source: GitHub Releases

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[snyk-io]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[hivel-marco]

PR Complexity Score: 1.3 - Trivial

View Breakdown

• Lines Changed: 16
• Files Changed: 2
• Complexity Added: 0
• Raw Score: 6.32

Overview

This PR updates the react-native-gesture-handler dependency in the example app from version 2.9.0 to 2.17.0.
It aligns the example project with a newer gesture-handler release and refreshes the associated lockfile entries.

Key Changes

• Upgrades react-native-gesture-handler in the example app from 2.9.0 to 2.17.0 to use the latest features and fixes.
• Updates the yarn.lock entry for react-native-gesture-handler to point to the new version and its registry URL.
• Removes the standalone lodash lock entry and drops lodash as a transitive dependency of react-native-gesture-handler, reflecting upstream changes.

Risks & Considerations

• Potential compatibility issues between react-native-gesture-handler@2.17.0 and react-native@0.71.0 or other gesture/navigation libraries should be verified.
• Behaviour changes or deprecations in react-native-gesture-handler between 2.9.0 and 2.17.0 might affect gesture handling in the example app.
• If any code relied indirectly on lodash via react-native-gesture-handler, it may now need an explicit lodash dependency.

File-level change summary

File	Change summary
example/package.json	Bumps react-native-gesture-handler dependency from 2.9.0 to 2.17.0 in the example app.
example/yarn.lock	Updates lockfile to resolve react-native-gesture-handler at 2.17.0 and removes the now-unused lodash entry.