Summary:
Pull Request resolved: https://github.com/facebook/react-native/pull/37098
Removes `reactions/component` as a dependency.
As far as I can see, it is unused by `react-native`.
Changelog:
[Internal]
Reviewed By: GijsWeterings
Differential Revision: D45304937
fbshipit-source-id: de90dce8049af2a7abe7c9cb0222fb4e3b0eb866
Summary:
Upgrades React Native to `deprecated-react-native-prop-types@4.1.0`, which includes many of the new prop types in React Native v0.72.
See: https://github.com/facebook/react-native-deprecated-modules/blob/main/deprecated-react-native-prop-types/CHANGELOG.md
Changelog:
[General][Changed] - Upgrade to deprecated-react-native-prop-types@4.1.0
Reviewed By: rickhanlonii
Differential Revision: D45155955
fbshipit-source-id: 36e715c2338b667755bd1e522b7d5a2611103779
Summary:
- Add a typescript project to test `CodegenSchema.d.ts`. More tests for other .d.ts files will be added in future pull requests.
- The build script scans all snapshots from `react-native/codegen`'s typescript frontend and generates .ts files for each snapshot, but they are .gitignore-ed.
- `npm run build` will build these .ts files against `CodegenSchema.d.ts` after generating them.
- A failed jest case is included to ensure CI catch it, it will be removed before merged.
bypass-github-export-checks
## Changelog:
[General] [Added] - Add react-native/codegen-typescript-test to verify .d.ts files in react-native/codegen (1)
Pull Request resolved: https://github.com/facebook/react-native/pull/36562
Test Plan:
`npm run build` in `packages/react-native-codegen-typescript-test` and see all test files appear in `__generated__`.
## Screenshot
Reviewed By: rshest
Differential Revision: D44292277
Pulled By: cipolleschi
fbshipit-source-id: 8d79fe913f9563d64c92aae7c4f4e97a24ae9a21
Summary:
Pull Request resolved: https://github.com/facebook/react-native/pull/36781
----
Add support to msggen for types like:
* Runtime.CustomPreview
* Runtime.EntryPreview
* Runtime.ObjectPreview
* Runtime.PropertyPreview
And their related use as properties.
There was quite a gap here. The work involves:
* Upgrade devtools-protocol to 0.0.1107588 even pick up the schema definitions in the first place.
* Next problem: all the preview stuff is experimental. Had to add support to --include-experimental flag for targeting types AND properties.
* Next problem: the protocol schema for previews is cyclical. ObjectPreview refers to PropertyPreview and EntryPreview, which both refer back to ObjectPreview. msggen only allowed for DAGs. Added support for allowing cycles.
* Next problem: Forward declarations are not enough to compensate for the cyclical references, because of the incomplete type definitions. This breaks optional, vector, and simple containment. To address this:
* In the graph traversal code, where before we would error if the graph had a cycle, we allow for the cycle, but record the cyclical reference from a property on Type B's to Type A.
* Whenever we emit the definition of Type B, its references to Type A are not naked, they are now wrapped in a unique_ptr.
* However, because the unique_ptr only has a forward declaration, and not a complete type, we need to specify a custom deleter.
* Next problem: There are lots of cases where these types that now contain unique_ptrs were being copied, which no longer works. So, make all these codegen'd types move-only, and change a few places where were copying root objects, to move them instead.
* Many tests required changes to avoid copy construction/assignment that were occuring. MessageTypes are not copyable construcrtible/assignable now.
Changelog: [Internal]
Reviewed By: jpporto
Differential Revision: D43553742
fbshipit-source-id: 1e4c495aa600feb6f1901e6bc013d517ba8d8a2d
Summary:
Yesterday, CLI published version 11.1.1 which has a strong dependency on `react-native/metro-config` 0.72.
On `main`, all the packages we publish to test the template have version 0.73.
So, when running tests on the template, the cli was looking for a `metro-config` version 0.72, but it could not find it as verdaccio
only has version 0.73.
Together with Callstack, we released a version 12.0.0-alpha.0 of the CLI which have the right dependency on metro-config v0.73, so that
our CI can be green again.
bypass-github-export-checks
## Changelog:
[General][Fixed] - Bumped CLI dependency on main to 12.0.0-alpha.0
Pull Request resolved: https://github.com/facebook/react-native/pull/36793
Test Plan: CircleCI must be green
Reviewed By: huntie
Differential Revision: D44663381
Pulled By: cipolleschi
fbshipit-source-id: 30d341d55243318ce278a6e67a9e77ccfb90cafd
Summary:
Pull Request resolved: https://github.com/facebook/react-native/pull/36623
Changelog:
[General][Changed] - The default `metro.config.js` in apps now extends `react-native/metro-config`, and should be updated in existing apps.
~~`react-native/rn-get-polyfills.js` is removed and should be updated to `react-native/js-polyfills` in existing apps (this is part of the new default config).~~
#publish-packages-to-npm
## Context
### React Native Metro config → React Native repo (https://github.com/facebook/react-native/pull/36502)
We (the React Native team) are aiming to relocate the default Metro config for React Native out of `react-native-community/cli-plugin-metro` and **into the React Native repo + app template** as a new `react-native/metro-config` package.
This is the first (and minimum viable) phase we can ship to separate the release process of Metro from RN CLI in order to reduce coupling and iterate faster for our users.
**See full motivation, design, and test plan (which previewed the CLI bump) here: https://github.com/facebook/react-native/pull/36502**
## Changes
NOTE: This PR is pending the inclusion of a bump to `react-native-community/cli`, and will be sequenced after https://github.com/react-native-community/cli/pull/1875 is merged.
- Upgrade `react-native-community/cli` to `11.0.0`, upgrade all `metro` packages to `0.76.0` (version distributed in this CLI release).
- Update the `metro.config.js` file in `packages/react-native/template/`.
- Now merges defaults from `react-native/metro-config`, and can be used with CLI >= 11.0.0.
- Update the `metro.config.js` files for `packages/react-native/` and `packages/rn-tester/` (these are integration test locations).
- Now merges defaults from `react-native/metro-config`, and can be used with CLI >= 11.0.0.
Changes to `react-native/metro-config` — `0.72.1` (prepared but not depended on yet):
- Export `mergeConfig` util (removing direct `metro-config` dependency in consuming projects).
- Explicitly depend on `metro-react-native-babel-transformer` and `metro-runtime` (transitively included today).
Reviewed By: cortinico, blakef
Differential Revision: D44099691
fbshipit-source-id: 405635dd69fd50a1e9548279eaeda3c932b5b167
Summary:
Currently we have a tool (rnx-kit/rn-changelog-generator) that extracts changelog messages from our commit history to generate the changelog for a React Native release.
In hopes of standardizing to one place where changelog validation occurs -- I've moved this logic to the package rnx-kit/rn-changelog-generator such that if the formatting ever changes, the changelog parsing is also updated.
Changelog: [Internal] - Updating danger to use logic in rnx-kit/rn-changelog-generator for changelog validation.
Pull Request resolved: https://github.com/facebook/react-native/pull/36507
Test Plan: Tried `require`-ing the package and on a changelog message. I'm not sure exactly how to test a dangerfile -- IIRC it has to run off `main`
Reviewed By: cortinico, cipolleschi
Differential Revision: D44183479
Pulled By: lunaleaps
fbshipit-source-id: f65440f7b66a048f961d4698d78210c74e276452
Summary:
Pull Request resolved: https://github.com/facebook/react-native/pull/36513
We don't use JS test coverage badge on GitHub. Collecting this information is performed by `coveralls` package that is unmaintained for at least 2 years. Also it depends on `request` package that has security vulnerabilities, and became deprecated in 2020.
Changelog: [Internal]
Reviewed By: cortinico, cipolleschi
Differential Revision: D44168060
fbshipit-source-id: f76ae28f42b65e320a71dc227b2d07274a96f24e
Summary:
Changelog: [Internal]
React Native requires React 18 which includes `useSyncExternalStore`, so we can remove the shim. It was only used in one place (`useColorScheme`).
Reviewed By: motiz88
Differential Revision: D44163914
fbshipit-source-id: 3a94466b3d5ae8aa43e9236acb8c92fbefd04180
Summary:
Pull Request resolved: https://github.com/facebook/react-native/pull/36345
`exactOptionalPropertyTypes` is a TypeScript 4.4+ option set by users which changes behavior of optional properties, to disable accepting explicit `undefined`.
This is not enabled when using `--strict`, and is stricter than Flow, leading to most of the typings having an `| undefined` unique to TypeScript (added with https://github.com/DefinitelyTyped/DefinitelyTyped/commit/694c663a9486dbe7794d5eb894a691ee9ded318a).
We have not always followed this (I have myself previously assumed the two are equivalent). We can enforce that the convention is followed with a plugin `eslint-plugin-redundant-undefined`. This forces us to declare that every optional property accepts an explicit undefined (which Flow would allow). Alternatively, if we do not want to support this, we can enable the existing dtslint rule `no-redundant-undefined`.
Changelog:
[General][Fixed] - Enforce compatibility with `exactOptionalPropertyTypes`
Reviewed By: lunaleaps
Differential Revision: D43700862
fbshipit-source-id: 996094762b28918177521a9471d868ba87f0f263
Summary:
Ahead of cut of RN 0.72, I'm upgrading CLI and Metro according to https://github.com/react-native-community/cli/releases/tag/v11.0.0-alpha.2
~While working on it, I noticed that run-ios has some changes that make the e2e test script not work super well, so I'll be checking in with the CLI team to figure out what's wrong. Let's not merge it until that's address it. (also, there's already a bump for Metro that we need https://github.com/react-native-community/cli/commit/8d18baef554423904c036cbeaa5a1ea92603ff5d so I'll probably change the version to latest CLI and Metro once more)~ (all addressed)
## Changelog
<!-- Help reviewers and the release process by writing your own changelog entry.
Pick one each for the category and type tags:
[ANDROID|GENERAL|IOS|INTERNAL] [BREAKING|ADDED|CHANGED|DEPRECATED|REMOVED|FIXED|SECURITY] - Message
For more details, see:
https://reactnative.dev/contributing/changelogs-in-pull-requests
-->
[GENERAL] [CHANGED] - bump CLI to 11 alphav2 and metro to 0.75.1
Pull Request resolved: https://github.com/facebook/react-native/pull/36271
Test Plan: Test CI, and locally I've used the e2e test script to ensure everything still works.
Reviewed By: NickGerleman
Differential Revision: D43625952
Pulled By: cipolleschi
fbshipit-source-id: dad940b65c56a586ae82acc2e7c16a918b872ee5
Summary:
This diff upgrade dependencies to `react-devtools-core` to 4.27.2, which includes changes I need to unblock trace update highlights.
- Update package.json file for dependencies in all existing deps with latest version (4.26.1): https://fburl.com/code/litgze0m
- Run `yarn` under `xplat/js` and `xplat/js/public`
Changelog:
[General][Internal] - Upgrade react-devtools-core to 4.27.2
Reviewed By: javache
Differential Revision: D43176345
fbshipit-source-id: 8bd5a9eca286bbfbb1630cb92c15f9653fa3534a
Summary:
the current jsc-android is still built based on ndk r21, and react-native is now built based on ndk r23. the unwinder between r21 and r23 is incompatible (libgcc vs libunwind). if there's exceptions throwing from jsc, other react native libraries cannot catch these exceptions and cause runtime crash.
this pr updates jsc-android to 235231.0.0 which is the same webkitgtk version as 235230.2.1 but only built by ndk r23. the jsc-android pr is from https://github.com/react-native-community/jsc-android-buildscripts/pull/179. note that the jsc is based on ndk r23c and react-native is based on ndk r23b. the reason is that i cannot get jsc building successfully on r23b. hopefully r23b and r23c are abi safe.
there is another crash from libjscexecutor when testing the new jsc-android. to fix the issue, i have to explicitly link libunwind.a from libjscexecutor.so. supposedly ndk r23 should help to link libunwind under the hood, i still not figure out why it doesn't. but after linking libunwind.a, i can get new jsc-android work successfully.
```
E/art ( 2669): dlopen("/data/app/com.test-1/lib/x86_64/libjscexecutor.so", RTLD_LAZY) failed: dlopen failed: cannot locate symbol "_Unwind_Resume" referenced by "/data/app/com.test-1/lib/x86_64/libjscexecutor.so"...
W/System.err( 2669): java.lang.UnsatisfiedLinkError: dlopen failed: cannot locate symbol "_Unwind_Resume" referenced by "/data/app/com.test-1/lib/x86_64/libjscexecutor.so"...
W/System.err( 2669): at java.lang.Runtime.load(Runtime.java:331)
W/System.err( 2669): at java.lang.System.load(System.java:982)
W/System.err( 2669): at com.facebook.soloader.SoLoader$1.load(SoLoader.java:558)
W/System.err( 2669): at com.facebook.soloader.DirectorySoSource.loadLibraryFrom(DirectorySoSource.java:110)
W/System.err( 2669): at com.facebook.soloader.DirectorySoSource.loadLibrary(DirectorySoSource.java:63)
W/System.err( 2669): at com.facebook.soloader.ApplicationSoSource.loadLibrary(ApplicationSoSource.java:91)
W/System.err( 2669): at com.facebook.soloader.SoLoader.doLoadLibraryBySoName(SoLoader.java:1067)
W/System.err( 2669): at com.facebook.soloader.SoLoader.loadLibraryBySoNameImpl(SoLoader.java:943)
W/System.err( 2669): at com.facebook.soloader.SoLoader.loadLibraryBySoName(SoLoader.java:855)
W/System.err( 2669): at com.facebook.soloader.SoLoader.loadLibrary(SoLoader.java:802)
W/System.err( 2669): at com.facebook.soloader.SoLoader.loadLibrary(SoLoader.java:772)
W/System.err( 2669): at com.facebook.react.jscexecutor.JSCExecutor.loadLibrary(JSCExecutor.java:24)
W/System.err( 2669): at com.facebook.react.jscexecutor.JSCExecutor.<clinit>(JSCExecutor.java:20)
W/System.err( 2669): at com.facebook.react.ReactInstanceManagerBuilder.getDefaultJSExecutorFactory(ReactInstanceManagerBuilder.java:363)
W/System.err( 2669): at com.facebook.react.ReactInstanceManagerBuilder.build(ReactInstanceManagerBuilder.java:316)
W/System.err( 2669): at com.facebook.react.ReactNativeHost.createReactInstanceManager(ReactNativeHost.java:94)
W/System.err( 2669): at com.facebook.react.ReactNativeHost.getReactInstanceManager(ReactNativeHost.java:41)
W/System.err( 2669): at com.test.MainApplication.onCreate(MainApplication.java:60)
W/System.err( 2669): at android.app.Instrumentation.callApplicationOnCreate(Instrumentation.java:1011)
W/System.err( 2669): at androidx.test.runner.MonitoringInstrumentation.callApplicationOnCreate(MonitoringInstrumentation.java:483)
W/System.err( 2669): at android.app.ActivityThread.handleBindApplication(ActivityThread.java:4518)
W/System.err( 2669): at android.app.ActivityThread.access$1500(ActivityThread.java:144)
W/System.err( 2669): at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1339)
W/System.err( 2669): at android.os.Handler.dispatchMessage(Handler.java:102)
W/System.err( 2669): at android.os.Looper.loop(Looper.java:135)
W/System.err( 2669): at android.app.ActivityThread.main(ActivityThread.java:5221)
W/System.err( 2669): at java.lang.reflect.Method.invoke(Native Method)
W/System.err( 2669): at java.lang.reflect.Method.invoke(Method.java:372)
W/System.err( 2669): at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:899)
W/System.err( 2669): at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:694)
```
fixes https://github.com/facebook/react-native/issues/36052
## Changelog
[ANDROID][FIXED] - Fixed jscexecutor crash on Android which is caused from NDK incompatibility
Pull Request resolved: https://github.com/facebook/react-native/pull/36062
Test Plan: tested on [jsc-android instrumented test](https://github.com/react-native-community/jsc-android-buildscripts/tree/2.26.1/test) (based on react-native 0.71.2)
Reviewed By: cipolleschi
Differential Revision: D43040295
Pulled By: cortinico
fbshipit-source-id: e0e5b8fb7faa8ee5654d4cde5f274bef4b517376
Summary:
Upgrades Danger to the latest available version to mitigate the jsonwebtoken security vulnerability.
Changelog:
[Internal] [Changed] - Upgrade Danger to 11.2.1 to mitigate jsonwebtoken security vulnerability
Reviewed By: cortinico
Differential Revision: D42505940
fbshipit-source-id: 740edc7316791e5afe894ecdd1e05e13d2ef1f2c
Summary:
Changelog: [General][Security]
The parse method of the `JSON5` library before and including `2.2.1` does not restrict parsing of keys named `__proto__`, allowing specially crafted strings to pollute the prototype of the resulting object. This vulnerability pollutes the prototype of the object returned by JSON5.parse and not the global Object prototype, which is the commonly understood definition of Prototype Pollution. However, polluting the prototype of a single object can have significant security impact for an application if the object is later used in trusted operations.
This vulnerability could allow an attacker to set arbitrary and unexpected keys on the object returned from `JSON5.parse`. The actual impact will depend on how applications utilize the returned object and how they filter unwanted keys, but could include denial of service, cross-site scripting, elevation of privilege, and in extreme cases, remote code execution.
Suppose a developer wants to allow users and admins to perform some risky operation, but they want to restrict what non-admins can do. To accomplish this, they accept a JSON blob from the user, parse it using `JSON5.parse`, confirm that the provided data does not set some sensitive keys, and then performs the risky operation using the validated data:
```json
const JSON5 = require('json5');
const doSomethingDangerous = (props) => {
if (props.isAdmin) {
console.log('Doing dangerous thing as admin.');
} else {
console.log('Doing dangerous thing as user.');
}
};
const secCheckKeysSet = (obj, searchKeys) => {
let searchKeyFound = false;
Object.keys(obj).forEach((key) => {
if (searchKeys.indexOf(key) > -1) {
searchKeyFound = true;
}
});
return searchKeyFound;
};
const props = JSON5.parse('{"foo": "bar"}');
if (!secCheckKeysSet(props, ['isAdmin', 'isMod'])) {
doSomethingDangerous(props); // "Doing dangerous thing as user."
} else {
throw new Error('Forbidden...');
}
```
If an attacker attempts to set the `isAdmin` key, their request will be rejected:
```js
const props = JSON5.parse('{"foo": "bar", "isAdmin": true}');
if (!secCheckKeysSet(props, ['isAdmin', 'isMod'])) {
doSomethingDangerous(props);
} else {
throw new Error('Forbidden...'); // Error: Forbidden...
}
```
However, attackers can instead set the __proto__ key to {"isAdmin": true}. JSON5 will parse this key and will set the isAdmin key on the prototype of the returned object, allowing the attacker to bypass the security check and run their request as an admin:
```js
const props = JSON5.parse('{"foo": "bar", "__proto__": {"isAdmin": true}}');
if (!secCheckKeysSet(props, ['isAdmin', 'isMod'])) {
doSomethingDangerous(props); // "Doing dangerous thing as admin."
} else {
throw new Error('Forbidden...');
}
```
CVE-2022-46175
[CWE-1321](https://cwe.mitre.org/data/definitions/1321.html)
Pull Request resolved: https://github.com/facebook/react-native/pull/35759
Reviewed By: christophpurrer
Differential Revision: D42304806
Pulled By: rshest
fbshipit-source-id: 4ad338c878e8a235ea6b22d9f4d203c8f7779a63
Summary:
Upgrades `react-native` to `deprecated-react-native-prop-types@4.0.0`, which depends on `react-native/normalize-colors` instead of `react-native/normalize-color` and improves compatibility with React Native 0.72.
Changelog:
[General][Changed] Upgraded to `deprecated-react-native-prop-types@4.0.0` - https://github.com/facebook/react-native-deprecated-modules/blob/main/deprecated-react-native-prop-types/CHANGELOG.md
Reviewed By: cortinico
Differential Revision: D42088315
fbshipit-source-id: d1197e9a7d70654f601b421231b66bd760098ddf
Summary:
I just noticed while working on 0.71 that the PR https://github.com/facebook/react-native/pull/35580 was incomplete. This PR takes care of re-aligning the leftovers. (in 0.71 I've taken care of the changes locally)
## Changelog
<!-- Help reviewers and the release process by writing your own changelog entry.
Pick one each for the category and type tags:
For more details, see:
https://reactnative.dev/contributing/changelogs-in-pull-requests
-->
[INTERNAL] [FIXED] - realign "leftover" metro packages from 0.73.3 to 0.73.5
Pull Request resolved: https://github.com/facebook/react-native/pull/35625
Test Plan: N/A
Reviewed By: cortinico, cipolleschi
Differential Revision: D41996338
Pulled By: dmytrorykun
fbshipit-source-id: bc1c95b0159f639e33835b922555d2f5b8c22c66
Summary:
Small PR with bump to the new versions of CLI and Metro in preparation of the stable release for 0.71.
## Changelog
[General] [Changed] - Bump CLI to 10.0.0 and Metro to 0.73.5
Pull Request resolved: https://github.com/facebook/react-native/pull/35580
Test Plan: CI green
Reviewed By: cortinico
Differential Revision: D41800580
Pulled By: jacdebug
fbshipit-source-id: 7bf81308eb41490b004e685b1763574bfd3b27fb
Summary:
Update `babel/*` dependencies specifying `^7.x.y` where `x > 0` to the latest available semver minor, and corresponding superficial snapshot updates reflecting a small decrease in JS bundle size.
- `babel/core` to `^7.20.0`
- `babel/parser` to `^7.20.0`
- `babel/preset-env` to `^7.20.0`
- `babel/traverse` to `^7.20.0`
- `babel/cli` to `^7.19.0`
- `babel/eslint-parser` to `^7.19.0`
- `babel/preset-flow` to `^7.18.0`
- `babel/preset-syntax-flow` to `^7.18.0`
- Deduplicate / refresh others to take in patch updates
Changelog: [Internal] Bump Babel dependencies to latest 7.x
Reviewed By: JoeyMou
Differential Revision: D41449678
fbshipit-source-id: f04fe837a7961c4e2dde45fed59fcd138c2f8723
Summary:
Update `babel/generator` to the latest, which is a semver-minor update within the pre-existing range.
I'm separating this out for ease of review because it brings some noisy snapshot changes, including more granular source maps and fewer empty lines in generated output. The majority of this is a result of https://github.com/babel/babel/pull/14980 (`>=7.19.4`).
This and the previous diff clear the way for a general Babel update, which is currently blocking a perf-boosting Metro PR https://github.com/facebook/metro/pull/854.
Changelog: [Internal] Bump `babel/generator dependency` to `^7.20.0`
Reviewed By: motiz88
Differential Revision: D41438635
fbshipit-source-id: d56853169be22a2197ad53d6320ec6c1faf6b2a7
Summary:
Jscodeshift has become maintained again in the past year, and has gotten rid of quite a good chunk of old dependencies that are no longer needed!
## Changelog
<!-- Help reviewers and the release process by writing your own changelog entry. For an example, see:
https://reactnative.dev/contributing/changelogs-in-pull-requests
-->
[Internal] [Changed] - update jscodeshift
Pull Request resolved: https://github.com/facebook/react-native/pull/35356
Reviewed By: cipolleschi
Differential Revision: D41325527
Pulled By: rshest
fbshipit-source-id: 666b25c9bb3b1720479e9e098968b3b983adc2b4
Tim Yung
Sam Goldman
Deepak Jacob
Marshall Roch
Zihan Chen (MSFT)
Brian Long
Riccardo Cipolleschi
Pieter Vanderwerff
Alex Hunt
Luna Wei
Dmitry Rykun
Jiamin Zhu
Evan Yeung
Ruslan Lesiutin
Rob Hogan
Nick Gerleman
christopher.hines@hybridheroes.de
Yuan Du
Lorenzo Sciandra
Xin Chen
Christoph Purrer
Kudo Chien
Oleksandr Melnykov
ANDRI
Sam Zhou
Michał Pierzchała
Thibault Malbranche
Stian Jensen
