mirror of
https://github.com/facebook/react.git
synced 2025-11-01 09:12:30 +00:00
dbfbfb3312db019183ef92fd2ef110cc7d807e80
16536 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
|
|
dbfbfb3312 |
Update error messages (#28652)
## Overview The error messages that say: > ReactDOM.hydrate is no longer supported in React 18 Don't make sense in the React 19 release. Instead, they should say: > ReactDOM.hydrate was removed in React 19. For legacy mode, they should say: > ReactDOM.hydrate has not been supported since React 18. |
||
|
|
f24cf4a1af |
Remove zoom from special cases list (#26631)
Looks like [it's getting removed anyway](https://groups.google.com/a/chromium.org/g/blink-dev/c/V7q43bgutbo/m/-7jneTl8CQAJ?pli=1). Maybe should wait for a major though. |
||
|
|
1a6d36b1a3 | Remove unmountComponentAtNode outside of legacy mode (#28650) | ||
|
|
56efb2e227 |
Bump canary versions to v19-canary (#28646)
This bumps the canary versions to v19 to communicate that the next release will be a major. Once this lands, we can start merging breaking changes into `main`. |
||
|
|
738993da0b |
Turn on enableRenderableContext in experimental (#28645)
Let's get this into experimental to get more usage and allow other renderers to test against the changes easier. |
||
|
|
0a44435674 |
Add useActionState to CHANGELOG-canary.md (#28632)
Co-authored-by: Sébastien Lorber <slorber@users.noreply.github.com> |
||
|
|
6fd0cb9a9f |
Cleanup alwaysThrottleDisappearingFallbacks Flag (#28639)
## Summary After realizing that this feature flag is entangled with `alwaysThrottleRetries`, we're going to undo https://github.com/facebook/react/pull/28550 ## How did you test this change? ``` $ yarn test $ yarn flow dom-browser $ yarn flow dom-fb $ yarn flow fabric ``` |
||
|
|
95319ab5af |
Switch facebook-www build version to file content hash (#28633)
Unifies the React version string pattern with RN just to simplify the build script a tiny bit and not have 2 mechanisms for the Meta-internal build. |
||
|
|
c3048aab4c |
Fix tests on main (#28643)
Not sure how these broke when merging https://github.com/facebook/react/pull/28299 and https://github.com/facebook/react/pull/28361 |
||
|
|
75de4ff72a |
fix[devtools/ci]: split profiling cache test for different react versions and toEqual checker (#28628)
This should fix the failing backwards-compatibility tests on CI: - https://app.circleci.com/pipelines/github/facebook/react/51347/workflows/9d319db5-7a29-4e9a-a3a0-8d49a24ee9bd/jobs/809381 - https://app.circleci.com/pipelines/github/facebook/react/51347/workflows/9d319db5-7a29-4e9a-a3a0-8d49a24ee9bd/jobs/809386 Started failing after https://github.com/facebook/react/pull/27991. Brief summary: 1. Revert changes to `profilingCache-test` in https://github.com/facebook/react/pull/27991. 2. Scope previous test to react versions 16.9 - 18.2 3. Add a new test for react versions > 18.2 (includes testing react from souce), which is also gated with `!disableLegacyContext`. > [!IMPORTANT] > `@gate` pragma expects the test to throw. Jest doesn't throw any exceptions when snapshots are mismatched, this is why I've migrated test from `toMatchInlineSnapshot` checker to `toEqual`. > If the test doesn't throw, we will fail it manually: > https://github.com/facebook/react/blob/5a75f9e78544fa6d052aff7fe99607e48f35b979/scripts/jest/setupTests.js#L291-L295 |
||
|
|
07def0cc5a |
Add test for throttling suspended siblings (#28361)
# Overview Adds a test to show the combination of the new throttling behavior and not pre-rendering siblings results in pushing out content that could have rendered much faster. - Without the new throttling, the sibling content would render in 30ms. - Without removing pre-rendering, the sibling content would render in 0ms. - With both, the sibling content takes 600ms. ## Example https://github.com/facebook/react/assets/2440089/abd62dc4-93f9-4b7b-a5aa-b795827c1a3a |
||
|
|
67e6fa6d17 |
Test for suspending with modern strict mode (#28513)
## Overview Adds a test to show the cause of an infinite loop in Relay related to [these effects in Relay](https://github.com/facebook/relay/blob/448aa67d2a11e7d45cd7b4492b9f599b498cb39e/packages/react-relay/relay-hooks/useLazyLoadQueryNode.js#L77-L104) and `useModernStrictMode`. The bug is related to effect behavior when committing trees that re-suspend after initial mount. With `useModernStrictEffect`, when you: - initial mount - update - suspend (to fallbacks) - resolve - re-commit We fire strict effects during the second mount, like it's a new tree. This creates weird cases, where if there was an update while we suspended, we'll first fire only the effects that changed dependencies, and then fire strict effects. Creating a test to demonstrate the behavior to see if it's a bug. |
||
|
|
d3037405c4 |
Test showing mismatches after suspending force fallbacks to be shown (#28299)
While investigating https://github.com/facebook/react/issues/28285 I found a possible bug in handling Suspense and mismatches. As the tests show, if the first sibling in a boundary suspends, and the second has a mismatch, we will NOT show a fallback. If the first sibling is a mismatch, and the second sibling suspends, we WILL show a fallback. [Here's a stackbliz showing the behavior on Canary](https://stackblitz.com/edit/stackblitz-starters-bh3snf?file=src%2Fstyle.css,public%2Findex.html,src%2Findex.tsx). This breakage was introduced by: https://github.com/facebook/react/pull/26380. Before this PR, we would not show a fallback in either case. That PR makes it so that we don't pre-render siblings of suspended trees, so presumably, whatever detection we had to avoid fallbacks on mismatches, requires knowing there's a mismatch in the tree when we suspend. |
||
|
|
5a75f9e785 |
Make enableBigIntSupport a dynamic flag for Meta (#28617)
Make enableBigIntSupport a dynamic flag for Meta Should be an easy launch, but let's make this a dynamic flag to be safe. |
||
|
|
50cdf158d8 |
Bump webpack-dev-middleware from 5.3.3 to 5.3.4 in /fixtures/flight (#28618)
Bumps [webpack-dev-middleware](https://github.com/webpack/webpack-dev-middleware) from 5.3.3 to 5.3.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/webpack/webpack-dev-middleware/releases">webpack-dev-middleware's releases</a>.</em></p> <blockquote> <h2>v5.3.4</h2> <h3><a href="https://github.com/webpack/webpack-dev-middleware/compare/v5.3.3...v5.3.4">5.3.4</a> (2024-03-20)</h3> <h3>Bug Fixes</h3> <ul> <li><strong>security:</strong> do not allow to read files above (<a href="https://redirect.github.com/webpack/webpack-dev-middleware/issues/1779">#1779</a>) (<a href="https://github.com/webpack/webpack-dev-middleware/commit/189c4ac7d2344ec132a4689e74dc837ec5be0132">189c4ac</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/webpack/webpack-dev-middleware/blob/v5.3.4/CHANGELOG.md">webpack-dev-middleware's changelog</a>.</em></p> <blockquote> <h3><a href="https://github.com/webpack/webpack-dev-middleware/compare/v5.3.3...v5.3.4">5.3.4</a> (2024-03-20)</h3> <h3>Bug Fixes</h3> <ul> <li><strong>security:</strong> do not allow to read files above (<a href="https://redirect.github.com/webpack/webpack-dev-middleware/issues/1779">#1779</a>) (<a href="https://github.com/webpack/webpack-dev-middleware/commit/189c4ac7d2344ec132a4689e74dc837ec5be0132">189c4ac</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/webpack/webpack-dev-middleware/commit/86071ead69e946ada25497d3e281923e885229a4"><code>86071ea</code></a> chore(release): 5.3.4</li> <li><a href="https://github.com/webpack/webpack-dev-middleware/commit/189c4ac7d2344ec132a4689e74dc837ec5be0132"><code>189c4ac</code></a> fix(security): do not allow to read files above (<a href="https://redirect.github.com/webpack/webpack-dev-middleware/issues/1779">#1779</a>)</li> <li>See full diff in <a href="https://github.com/webpack/webpack-dev-middleware/compare/v5.3.3...v5.3.4">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/facebook/react/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
b35be36fb4 |
Bump webpack-dev-middleware from 5.3.3 to 5.3.4 (#28621)
Bumps [webpack-dev-middleware](https://github.com/webpack/webpack-dev-middleware) from 5.3.3 to 5.3.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/webpack/webpack-dev-middleware/releases">webpack-dev-middleware's releases</a>.</em></p> <blockquote> <h2>v5.3.4</h2> <h3><a href="https://github.com/webpack/webpack-dev-middleware/compare/v5.3.3...v5.3.4">5.3.4</a> (2024-03-20)</h3> <h3>Bug Fixes</h3> <ul> <li><strong>security:</strong> do not allow to read files above (<a href="https://redirect.github.com/webpack/webpack-dev-middleware/issues/1779">#1779</a>) (<a href="https://github.com/webpack/webpack-dev-middleware/commit/189c4ac7d2344ec132a4689e74dc837ec5be0132">189c4ac</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/webpack/webpack-dev-middleware/blob/v5.3.4/CHANGELOG.md">webpack-dev-middleware's changelog</a>.</em></p> <blockquote> <h3><a href="https://github.com/webpack/webpack-dev-middleware/compare/v5.3.3...v5.3.4">5.3.4</a> (2024-03-20)</h3> <h3>Bug Fixes</h3> <ul> <li><strong>security:</strong> do not allow to read files above (<a href="https://redirect.github.com/webpack/webpack-dev-middleware/issues/1779">#1779</a>) (<a href="https://github.com/webpack/webpack-dev-middleware/commit/189c4ac7d2344ec132a4689e74dc837ec5be0132">189c4ac</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/webpack/webpack-dev-middleware/commit/86071ead69e946ada25497d3e281923e885229a4"><code>86071ea</code></a> chore(release): 5.3.4</li> <li><a href="https://github.com/webpack/webpack-dev-middleware/commit/189c4ac7d2344ec132a4689e74dc837ec5be0132"><code>189c4ac</code></a> fix(security): do not allow to read files above (<a href="https://redirect.github.com/webpack/webpack-dev-middleware/issues/1779">#1779</a>)</li> <li>See full diff in <a href="https://github.com/webpack/webpack-dev-middleware/compare/v5.3.3...v5.3.4">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/facebook/react/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
527ed72bfd |
Cleanup enableFormActions flag (#28614)
Cleanup enableFormActions flag |
||
|
|
e373190faf | Guard against legacy context not being supported in DevTools fixture (#28596) | ||
|
|
0711ff1763 |
Add Type: Feature Request to stalebot ignore (#28625)
Prevent issues like https://github.com/facebook/react/issues/12525 from closing due to inactivity. |
||
|
|
f09e1599d6 |
Fix test after merge conflict (#28616)
Something went wrong when rebasing #28491 and renaming the hook. |
||
|
|
5c65b27587 |
Add React.useActionState (#28491)
## Overview _Depends on https://github.com/facebook/react/pull/28514_ This PR adds a new React hook called `useActionState` to replace and improve the ReactDOM `useFormState` hook. ## Motivation This hook intends to fix some of the confusion and limitations of the `useFormState` hook. The `useFormState` hook is only exported from the `ReactDOM` package and implies that it is used only for the state of `<form>` actions, similar to `useFormStatus` (which is only for `<form>` element status). This leads to understandable confusion about why `useFormState` does not provide a `pending` state value like `useFormStatus` does. The key insight is that the `useFormState` hook does not actually return the state of any particular form at all. Instead, it returns the state of the _action_ passed to the hook, wrapping it and returning a trackable action to add to a form, and returning the last returned value of the action given. In fact, `useFormState` doesn't need to be used in a `<form>` at all. Thus, adding a `pending` value to `useFormState` as-is would thus be confusing because it would only return the pending state of the _action_ given, not the `<form>` the action is passed to. Even if we wanted to tie them together, the returned `action` can be passed to multiple forms, creating confusing and conflicting pending states during multiple form submissions. Additionally, since the action is not related to any particular `<form>`, the hook can be used in any renderer - not only `react-dom`. For example, React Native could use the hook to wrap an action, pass it to a component that will unwrap it, and return the form result state and pending state. It's renderer agnostic. To fix these issues, this PR: - Renames `useFormState` to `useActionState` - Adds a `pending` state to the returned tuple - Moves the hook to the `'react'` package ## Reference The `useFormState` hook allows you to track the pending state and return value of a function (called an "action"). The function passed can be a plain JavaScript client function, or a bound server action to a reference on the server. It accepts an optional `initialState` value used for the initial render, and an optional `permalink` argument for renderer specific pre-hydration handling (such as a URL to support progressive hydration in `react-dom`). Type: ```ts function useActionState<State>( action: (state: Awaited<State>) => State | Promise<State>, initialState: Awaited<State>, permalink?: string, ): [state: Awaited<State>, dispatch: () => void, boolean]; ``` The hook returns a tuple with: - `state`: the last state the action returned - `dispatch`: the method to call to dispatch the wrapped action - `pending`: the pending state of the action and any state updates contained Notably, state updates inside of the action dispatched are wrapped in a transition to keep the page responsive while the action is completing and the UI is updated based on the result. ## Usage The `useActionState` hook can be used similar to `useFormState`: ```js import { useActionState } from "react"; // not react-dom function Form({ formAction }) { const [state, action, isPending] = useActionState(formAction); return ( <form action={action}> <input type="email" name="email" disabled={isPending} /> <button type="submit" disabled={isPending}> Submit </button> {state.errorMessage && <p>{state.errorMessage}</p>} </form> ); } ``` But it doesn't need to be used with a `<form/>` (neither did `useFormState`, hence the confusion): ```js import { useActionState, useRef } from "react"; function Form({ someAction }) { const ref = useRef(null); const [state, action, isPending] = useActionState(someAction); async function handleSubmit() { // See caveats below await action({ email: ref.current.value }); } return ( <div> <input ref={ref} type="email" name="email" disabled={isPending} /> <button onClick={handleSubmit} disabled={isPending}> Submit </button> {state.errorMessage && <p>{state.errorMessage}</p>} </div> ); } ``` ## Benefits One of the benefits of using this hook is the automatic tracking of the return value and pending states of the wrapped function. For example, the above example could be accomplished via: ```js import { useActionState, useRef } from "react"; function Form({ someAction }) { const ref = useRef(null); const [state, setState] = useState(null); const [isPending, setIsPending] = useTransition(); function handleSubmit() { startTransition(async () => { const response = await someAction({ email: ref.current.value }); setState(response); }); } return ( <div> <input ref={ref} type="email" name="email" disabled={isPending} /> <button onClick={handleSubmit} disabled={isPending}> Submit </button> {state.errorMessage && <p>{state.errorMessage}</p>} </div> ); } ``` However, this hook adds more benefits when used with render specific elements like react-dom `<form>` elements and Server Action. With `<form>` elements, React will automatically support replay actions on the form if it is submitted before hydration has completed, providing a form of partial progressive enhancement: enhancement for when javascript is enabled but not ready. Additionally, with the `permalink` argument and Server Actions, frameworks can provide full progressive enhancement support, submitting the form to the URL provided along with the FormData from the form. On submission, the Server Action will be called during the MPA navigation, similar to any raw HTML app, server rendered, and the result returned to the client without any JavaScript on the client. ## Caveats There are a few Caveats to this new hook: **Additional state update**: Since we cannot know whether you use the pending state value returned by the hook, the hook will always set the `isPending` state at the beginning of the first chained action, resulting in an additional state update similar to `useTransition`. In the future a type-aware compiler could optimize this for when the pending state is not accessed. **Pending state is for the action, not the handler**: The difference is subtle but important, the pending state begins when the return action is dispatched and will revert back after all actions and transitions have settled. The mechanism for this under the hook is the same as useOptimisitic. Concretely, what this means is that the pending state of `useActionState` will not represent any actions or sync work performed before dispatching the action returned by `useActionState`. Hopefully this is obvious based on the name and shape of the API, but there may be some temporary confusion. As an example, let's take the above example and await another action inside of it: ```js import { useActionState, useRef } from "react"; function Form({ someAction, someOtherAction }) { const ref = useRef(null); const [state, action, isPending] = useActionState(someAction); async function handleSubmit() { await someOtherAction(); // The pending state does not start until this call. await action({ email: ref.current.value }); } return ( <div> <input ref={ref} type="email" name="email" disabled={isPending} /> <button onClick={handleSubmit} disabled={isPending}> Submit </button> {state.errorMessage && <p>{state.errorMessage}</p>} </div> ); } ``` Since the pending state is related to the action, and not the handler or form it's attached to, the pending state only changes when the action is dispatched. To solve, there are two options. First (recommended): place the other function call inside of the action passed to `useActionState`: ```js import { useActionState, useRef } from "react"; function Form({ someAction, someOtherAction }) { const ref = useRef(null); const [state, action, isPending] = useActionState(async (data) => { // Pending state is true already. await someOtherAction(); return someAction(data); }); async function handleSubmit() { // The pending state starts at this call. await action({ email: ref.current.value }); } return ( <div> <input ref={ref} type="email" name="email" disabled={isPending} /> <button onClick={handleSubmit} disabled={isPending}> Submit </button> {state.errorMessage && <p>{state.errorMessage}</p>} </div> ); } ``` For greater control, you can also wrap both in a transition and use the `isPending` state of the transition: ```js import { useActionState, useTransition, useRef } from "react"; function Form({ someAction, someOtherAction }) { const ref = useRef(null); // isPending is used from the transition wrapping both action calls. const [isPending, startTransition] = useTransition(); // isPending not used from the individual action. const [state, action] = useActionState(someAction); async function handleSubmit() { startTransition(async () => { // The transition pending state has begun. await someOtherAction(); await action({ email: ref.current.value }); }); } return ( <div> <input ref={ref} type="email" name="email" disabled={isPending} /> <button onClick={handleSubmit} disabled={isPending}> Submit </button> {state.errorMessage && <p>{state.errorMessage}</p>} </div> ); } ``` A similar technique using `useOptimistic` is preferred over using `useTransition` directly, and is left as an exercise to the reader. ## Thanks Thanks to @ryanflorence @mjackson @wesbos (https://github.com/facebook/react/issues/27980#issuecomment-1960685940) and [Allan Lasser](https://allanlasser.com/posts/2024-01-26-avoid-using-reacts-useformstatus) for their feedback and suggestions on `useFormStatus` hook. |
||
|
|
fabd6d3a64 |
Better NEXT_MAJOR support for RN flags (#28583)
The `__NEXT_MAJOR__` value in the RN flags doesn't make sense because: a) The flags are for the next RN major, since it only impacts the renderers b) The flags are off, so they're not currently in the next major, they need enabled c) the flag script didn't support it This PR adds two aliases to the RN file: - `__TODO_NEXT_RN_MAJOR__`: flags that need enabled before the next RN major. - `__NEXT_RN_MAJOR__`: flags that have been enabled since the last RN major. These values will need to be manually kept up to date when we cut a RN version, but once RN switches to the canary build and aligns all the flags, this entire file can be deleted. ## Script screen Notably, I added a TODO value and a legend that prints at the end of the script: <img width="1078" alt="Screenshot 2024-03-18 at 8 11 27 PM" src="https://github.com/facebook/react/assets/2440089/14da9066-f77d-437f-8188-830a31a843c5"> |
||
|
|
fa0efa1ae3 |
Update RN dynamic flag types (#28427)
Updates the RN flag flow types to work like www does, so we can use the `.native-fb-dynamic.js` file as the type/shim for the dynamically imported file. |
||
|
|
208ceeb46c |
Cleanup enableFloat flag (#28613)
Cleanup enableFloat flag |
||
|
|
6708115937 |
Use declare const instead of declare var (#28599)
Use `declare const` instead of `declare var` |
||
|
|
fee786a057 |
[Fizz] Recover from errors thrown by progressive enhancement form generation (#28611)
This a follow up to #28564. It's alternative to #28609 which takes #28610 into account. It used to be possible to return JSX from an action with `useActionState`. ```js async function action(errors, payload) { "use server"; try { ... } catch (x) { return <div>Error message</div>; } } ``` ```js const [errors, formAction] = useActionState(action); return <div>{errors}</div>; ``` Returning JSX from an action is itself not anything problematic. It's that it also has to return the previous state to the action reducer again that's the problem. When this happens we accidentally could serialize an Element back to the server. I fixed this in #28564 so it's now blocked if you don't have a temporary reference set. However, you can't have that for the progressive enhancement case. The reply is eagerly encoded as part of the SSR render. Typically you wouldn't have these in the initial state so the common case is that they show up after the first POST back that yields an error and it's only in the no-JS case where this happens so it's hard to discover. As noted in #28609 there's a security implication with allowing elements to be sent across this kind of payload, so we can't just make it work. When an error happens during SSR our general policy is to try to recover on the client instead. After all, SSR is mainly a perf optimization in React terms and it's not primarily intended for a no JS solution. This PR takes the approach that if we fail to generate the progressive enhancement payload. I.e. if the serialization of previous state / closures throw. Then we fallback to the replaying semantics just client actions instead which will succeed. The effect of this is that this pattern mostly just works: - First render in the typical case doesn't have any JSX in it so it just renders a progressive enhanced form. - If JS fails to hydrate or you click early we do a form POST. If that hits an error and it tries to render it using JSX, then the new page will render successfully - however this time with a Replaying form instead. - If you try to submit the form again it'll have to be using JS. Meaning if you use JSX as the error return value of form state and you make a first attempt that fails, then no JS won't work because either the first or second attempt has to hydrate. We have ideas for potentially optimizing away serializing unused arguments like if you don't actually use previous state which would also solve it but it wouldn't cover all cases such as if it was deeply nested in complex state. Another approach that I considered was to poison the prev state if you passed an element back but let it through to the action but if you try to render the poisoned value, it wouldn't work. The downside of this is when to error. Because in the progressive enhancement case it wouldn't error early but when you actually try to invoke it at which point it would be too late to fallback to client replaying. It would probably have to always error even on the client which is unfortunate since this mostly just works as long as it hydrates. |
||
|
|
72e02a8350 |
[Flight Reply] Don't allow Symbols to be passed to a reply (#28610)
As mentioned in #28609 there's a potential security risk if you allow a passed value to the server to spoof Elements because it allows a hacker to POST cross origin. This is only an issue if your framework allows this which it shouldn't but it seems like we should provide an extra layer of security here. ```js function action(errors, payload) { try { ... } catch (x) { return [newError].concat(errors); } } ``` ```js const [errors, formAction] = useActionState(action); return <div>{errors}</div>; ``` This would allow you to construct a payload where the previous "errors" set includes something like `<script src="danger.js" />`. We could block only elements from being received but it could potentially be a risk with creating other React types like Context too. We use symbols as a way to securely brand these. Most JS don't use this kind of branding with symbols like we do. They're generally properties which we don't support anyway. However in theory someone else could be using them like we do. So in an abundance of carefulness I just ban all symbols from being passed (except by temporary reference) - not just ours. This means that the format isn't fully symmetric even beyond just React Nodes. #28611 allows code that includes symbols/elements to continue working but may have to bail out to replaying instead of no JS sometimes. However, you still can't access the symbols inside the server - they're by reference only. |
||
|
|
c47fee55d9 |
[Fizz][Legacy] use static markup mode for renderToStaticNodeStream (#28606)
Since it was first implemented renderToStaticNodeStream never correctly set the renderer state to mark the output as static markup which means it was functionally the same as renderToNodeStream. This change fixes this oversight. While we are removing renderToNodeStream in a future version we never did deprecate the static version of this API because it has no immediate analog in the modern APIs. |
||
|
|
7263b4f80a |
Update RTR usage in ReactLazy-test (#28598)
- Make all test cases in ReactLazy use RTR with concurrent root - Except, two cases with "legacy mode" specified in description. These are moved to a separate description block where the disableLegacyMode flag is turned off to allow RTR to use legacy root after https://github.com/facebook/react/pull/28498 |
||
|
|
a4939017ff |
Concurrent RTR in ReactHooksInspectionIntegration-test (#28549)
More test updates to use concurrent root in RTR `yarn test packages/react-debug-tools/src/__tests__/ReactHooksInspectionIntegration-test.js` |
||
|
|
8ef14cf242 |
Ensure dispatch from useFormState works in StrictMode (#28557)
Co-authored-by: Andrew Clark <git@andrewclark.io> |
||
|
|
5cec48e145 | DevTools: Read context values from context dependencies (#28467) | ||
|
|
29a6ca33a5 |
Update gate pragma to detect global error events (#28591)
If a global error event is dispatched during a test, Jest reports that test as a failure. Our `@gate` pragma feature should account for this — if the gate condition is false, and the global error event is dispatched, then the test should be reported as a success. The solution is to install an error event handler right before invoking the test function. Because we install our own handler, Jest will not report the test as a failure if a global error event is dispatched; it's conceptually as if we wrapped the whole test event in a try-catch. |
||
|
|
82c6595e75 |
Bump es5-ext from 0.10.53 to 0.10.63 in /fixtures/dom (#28459)
Bumps [es5-ext](https://github.com/medikoo/es5-ext) from 0.10.53 to 0.10.63. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/medikoo/es5-ext/releases">es5-ext's releases</a>.</em></p> <blockquote> <h2>0.10.63 (2024-02-23)</h2> <h3>Bug Fixes</h3> <ul> <li>Do not rely on problematic regex (<a href="https://github.com/medikoo/es5-ext/commit/3551cdd7b2db08b1632841f819d008757d28e8e2">3551cdd</a>), addresses <a href="https://redirect.github.com/medikoo/es5-ext/issues/201">#201</a></li> <li>Support ES2015+ function definitions in <code>function#toStringTokens()</code> (<a href="https://github.com/medikoo/es5-ext/commit/a52e95736690ad1d465ebcd9791d54570e294602">a52e957</a>), addresses <a href="https://redirect.github.com/medikoo/es5-ext/issues/021">#021</a></li> <li>Ensure postinstall script does not crash on Windows, fixes <a href="https://redirect.github.com/medikoo/es5-ext/issues/181">#181</a> (<a href="https://github.com/medikoo/es5-ext/commit/bf8ed799d57df53096da9d908ff577f305e1366f">bf8ed79</a>)</li> </ul> <h3>Maintenance Improvements</h3> <ul> <li>Simplify the manifest message (<a href="https://github.com/medikoo/es5-ext/commit/7855319f41b9736639cf4555bd2c419f17addf55">7855319</a>)</li> </ul> <hr /> <p><a href="https://github.com/medikoo/es5-ext/compare/v0.10.62...v0.10.63">Comparison since last release</a></p> <h2>0.10.62 (2022-08-02)</h2> <h3>Maintenance Improvements</h3> <ul> <li><strong>Manifest improvements:</strong> <ul> <li>(<a href="https://redirect.github.com/medikoo/es5-ext/issues/190">#190</a>) (<a href="https://github.com/medikoo/es5-ext/commit/b8dc53fa439b98541644c64c1275f25d9f2e2235">b8dc53f</a>)</li> <li>(<a href="https://github.com/medikoo/es5-ext/commit/c51d552c03967858b8f14a4afa305338ba648cce">c51d552</a>)</li> </ul> </li> </ul> <hr /> <p><a href="https://github.com/medikoo/es5-ext/compare/v0.10.61...v0.10.62">Comparison since last release</a></p> <h2>0.10.61 (2022-04-20)</h2> <h3>Bug Fixes</h3> <ul> <li>Ensure postinstall script does not error (<a href="https://github.com/medikoo/es5-ext/commit/a0be4fdacdbc3aefd6f2952b7b9215827d362bbb">a0be4fd</a>)</li> </ul> <h3>Maintenance Improvements</h3> <ul> <li>Bump dependencies (<a href="https://github.com/medikoo/es5-ext/commit/d7e0a612b7d895c1c7238c779feae1e39d4634c4">d7e0a61</a>)</li> </ul> <hr /> <p><a href="https://github.com/medikoo/es5-ext/compare/v0.10.60...v0.10.61">Comparison since last release</a></p> <h2>0.10.60 (2022-04-07)</h2> <h3>Maintenance Improvements</h3> <ul> <li>Improve <code>postinstall</code> script configuration (<a href="https://github.com/medikoo/es5-ext/commit/ab6b121f0ca4f033bba9b6f400b24d07869bd716">ab6b121</a>)</li> </ul> <hr /> <p><a href="https://github.com/medikoo/es5-ext/compare/v0.10.59...v0.10.60">Comparison since last release</a></p> <h2>0.10.59 (2022-03-17)</h2> <h3>Maintenance Improvements</h3> <ul> <li>Improve manifest wording (<a href="https://redirect.github.com/medikoo/es5-ext/issues/122">#122</a>) (<a href="https://github.com/medikoo/es5-ext/commit/eb7ae59966774a8c26f1717415c627d90bb3d954">eb7ae59</a>)</li> <li>Update data in manifest (<a href="https://github.com/medikoo/es5-ext/commit/3d2935ac6f1a0969c7569840d5b3bdeed6940e56">3d2935a</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/medikoo/es5-ext/blob/main/CHANGELOG.md">es5-ext's changelog</a>.</em></p> <blockquote> <h3><a href="https://github.com/medikoo/es5-ext/compare/v0.10.62...v0.10.63">0.10.63</a> (2024-02-23)</h3> <h3>Bug Fixes</h3> <ul> <li>Do not rely on problematic regex (<a href="https://github.com/medikoo/es5-ext/commit/3551cdd7b2db08b1632841f819d008757d28e8e2">3551cdd</a>), addresses <a href="https://redirect.github.com/medikoo/es5-ext/issues/201">#201</a></li> <li>Support ES2015+ function definitions in <code>function#toStringTokens()</code> (<a href="https://github.com/medikoo/es5-ext/commit/a52e95736690ad1d465ebcd9791d54570e294602">a52e957</a>), addresses <a href="https://redirect.github.com/medikoo/es5-ext/issues/021">#021</a></li> <li>Ensure postinstall script does not crash on Windows, fixes <a href="https://redirect.github.com/medikoo/es5-ext/issues/181">#181</a> (<a href="https://github.com/medikoo/es5-ext/commit/bf8ed799d57df53096da9d908ff577f305e1366f">bf8ed79</a>)</li> </ul> <h3>Maintenance Improvements</h3> <ul> <li>Simplify the manifest message (<a href="https://github.com/medikoo/es5-ext/commit/7855319f41b9736639cf4555bd2c419f17addf55">7855319</a>)</li> </ul> <h3><a href="https://github.com/medikoo/es5-ext/compare/v0.10.61...v0.10.62">0.10.62</a> (2022-08-02)</h3> <h3>Maintenance Improvements</h3> <ul> <li><strong>Manifest improvements:</strong> <ul> <li>(<a href="https://redirect.github.com/medikoo/es5-ext/issues/190">#190</a>) (<a href="https://github.com/medikoo/es5-ext/commit/b8dc53fa439b98541644c64c1275f25d9f2e2235">b8dc53f</a>)</li> <li>(<a href="https://github.com/medikoo/es5-ext/commit/c51d552c03967858b8f14a4afa305338ba648cce">c51d552</a>)</li> </ul> </li> </ul> <h3><a href="https://github.com/medikoo/es5-ext/compare/v0.10.60...v0.10.61">0.10.61</a> (2022-04-20)</h3> <h3>Bug Fixes</h3> <ul> <li>Ensure postinstall script does not error (<a href="https://github.com/medikoo/es5-ext/commit/a0be4fdacdbc3aefd6f2952b7b9215827d362bbb">a0be4fd</a>)</li> </ul> <h3>Maintenance Improvements</h3> <ul> <li>Bump dependencies (<a href="https://github.com/medikoo/es5-ext/commit/d7e0a612b7d895c1c7238c779feae1e39d4634c4">d7e0a61</a>)</li> </ul> <h3><a href="https://github.com/medikoo/es5-ext/compare/v0.10.59...v0.10.60">0.10.60</a> (2022-04-07)</h3> <h3>Maintenance Improvements</h3> <ul> <li>Improve <code>postinstall</code> script configuration (<a href="https://github.com/medikoo/es5-ext/commit/ab6b121f0ca4f033bba9b6f400b24d07869bd716">ab6b121</a>)</li> </ul> <h3><a href="https://github.com/medikoo/es5-ext/compare/v0.10.58...v0.10.59">0.10.59</a> (2022-03-17)</h3> <h3>Maintenance Improvements</h3> <ul> <li>Improve manifest wording (<a href="https://redirect.github.com/medikoo/es5-ext/issues/122">#122</a>) (<a href="https://github.com/medikoo/es5-ext/commit/eb7ae59966774a8c26f1717415c627d90bb3d954">eb7ae59</a>)</li> <li>Update data in manifest (<a href="https://github.com/medikoo/es5-ext/commit/3d2935ac6f1a0969c7569840d5b3bdeed6940e56">3d2935a</a>)</li> </ul> <h3><a href="https://github.com/medikoo/es5-ext/compare/v0.10.57...v0.10.58">0.10.58</a> (2022-03-11)</h3> <h3>Maintenance Improvements</h3> <ul> <li>Improve "call for peace" manifest (<a href="https://github.com/medikoo/es5-ext/commit/3beace4b3d00f02da61b72dd328f90cf069d46de">3beace4</a>)</li> </ul> <h3><a href="https://github.com/medikoo/es5-ext/compare/v0.10.56...v0.10.57">0.10.57</a> (2022-03-08)</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/medikoo/es5-ext/commit/de4e03c4776a303284142f73f3f181a070615817"><code>de4e03c</code></a> chore: Release v0.10.63</li> <li><a href="https://github.com/medikoo/es5-ext/commit/3fd53b755ec883be8f119c747f0b04130741e456"><code>3fd53b7</code></a> chore: Upgrade<code> lint-staged</code> to v13</li> <li><a href="https://github.com/medikoo/es5-ext/commit/bf8ed799d57df53096da9d908ff577f305e1366f"><code>bf8ed79</code></a> chore: Ensure postinstall script does not crash on Windows</li> <li><a href="https://github.com/medikoo/es5-ext/commit/2cbbb0717bd8de6e38fcba1f0d45bc876e7a1951"><code>2cbbb07</code></a> chore: Bump dependencies</li> <li><a href="https://github.com/medikoo/es5-ext/commit/22d0416ea170000a115609f22a560dfa9193ebb0"><code>22d0416</code></a> chore: Bump LICENSE year</li> <li><a href="https://github.com/medikoo/es5-ext/commit/a52e95736690ad1d465ebcd9791d54570e294602"><code>a52e957</code></a> fix: Support ES2015+ function definitions in <code>function#toStringTokens()</code></li> <li><a href="https://github.com/medikoo/es5-ext/commit/3551cdd7b2db08b1632841f819d008757d28e8e2"><code>3551cdd</code></a> fix: Do not rely on problematic regex</li> <li><a href="https://github.com/medikoo/es5-ext/commit/7855319f41b9736639cf4555bd2c419f17addf55"><code>7855319</code></a> chore: Simplify the manifest message</li> <li><a href="https://github.com/medikoo/es5-ext/commit/78e041fe780ab39e73b7e580407e3ce1e52f4e38"><code>78e041f</code></a> chore: Release v0.10.62</li> <li><a href="https://github.com/medikoo/es5-ext/commit/c51d552c03967858b8f14a4afa305338ba648cce"><code>c51d552</code></a> chore: Improve manifest</li> <li>Additional commits viewable in <a href="https://github.com/medikoo/es5-ext/compare/v0.10.53...v0.10.63">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/facebook/react/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
37676aba76 |
Also apply content hash for experimental files (#28590)
Also apply content hash for experimental files In #28582 I missed that experimental files have a copy of this build function setting the version strings. |
||
|
|
83409a1fdd |
[Flight] Encode React Elements in Replies as Temporary References (#28564)
Currently you can accidentally pass React Element to a Server Action. It
warns but in prod it actually works because we can encode the symbol and
otherwise it's mostly a plain object. It only works if you only pass
host components and no function props etc. which makes it potentially
error later. The first thing this does it just early hard error for
elements.
I made Lazy work by unwrapping though since that will be replaced by
Promises later which works.
Our protocol is not fully symmetric in that elements flow from Server ->
Client. Only the Server can resolve Components and only the client
should really be able to receive host components. It's not intended that
a Server can actually do something with them other than passing them to
the client.
In the case of a Reply, we expect the client to be stateful. It's
waiting for a response. So anything we can't serialize we can still pass
by reference to an in memory object. So I introduce the concept of a
TemporaryReferenceSet which is an opaque object that you create before
encoding the reply. This then stashes any unserializable values in this
set and encode the slot by id. When a new response from the Action then
returns we pass the same temporary set into the parser which can then
restore the objects. This lets you pass a value by reference to the
server and back into another slot.
For example it can be used to render children inside a parent tree from
a server action:
```
export async function Component({ children }) {
"use server";
return <div>{children}</div>;
}
```
(You wouldn't normally do this due to the waterfalls but for advanced
cases.)
A common scenario where this comes up accidentally today is in
`useActionState`.
```
export function action(state, formData) {
"use server";
if (errored) {
return <div>This action <strong>errored</strong></div>;
}
return null;
}
```
```
const [errors, formAction] = useActionState(action);
return <div>{errors}<div>;
```
It feels like I'm just passing the JSX from server to client. However,
because `useActionState` also sends the previous state *back* to the
server this should not actually be valid. Before this PR this actually
worked accidentally. You get a DEV warning but it used to work in prod.
Once you do something like pass a client reference it won't work tho. We
could perhaps make client references work by stashing where we got them
from but it wouldn't work with all possible JSX.
By adding temporary references to the action implementation this will
work again - on the client. It'll also be more efficient since we don't
send back the JSX content that you shouldn't introspect on the server
anyway.
However, a flaw here is that the progressive enhancement of this case
won't work because we can't use temporary references for progressive
enhancement since there's no in memory stash. What is worse is that it
won't error if you hydrate. ~It also will error late in the example
above because the first state is "undefined" so invoking the form once
works - it errors on the second attempt when it tries to send the error
state back again.~ It actually errors on the first invocation because we
need to eagerly serialize "previous state" into the form. So at least
that's better.
I think maybe the solution to this particular pattern would be to allow
JSX to serialize if you have no temporary reference set, and remember
client references so that client references can be returned back to the
server as client references. That way anything you could send from the
server could also be returned to the server. But it would only deopt to
serializing it for progressive enhancement. The consequence of that
would be that there's a lot of JSX that might accidentally seem like it
should work but it's only if you've gotten it from the server before
that it works. This would have to have pair them somehow though since
you can't take a client reference from one implementation of Flight and
use it with another.
|
||
|
|
cb076b593c |
Change to content hash for RN canary VERSION strings (#28582)
With this change, the different files in RN will have *different* hashes. This replaces the git hash and means that the file content (including version) is only updated when the rest of the file content actually changes. This should remove "noop" changes that need to be synced that only update the version string. A difference to the www implementation here is (and I'd be looking at updating www as well if this lands well) that each file has an individual hash instead of a combined content hash. This further reduces the number of updated files and I couldn't find a reason we need to have these in sync. The best I can gather is that this hash is used so folks don't directly compare version string and make future updates harder. |
||
|
|
9c75cd5e84 | Set disableModulePatternComponents flag to __NEXT_MAJOR__ (#28579) | ||
|
|
e02f87f139 |
Use RTR with concurrent root in ReactHooks-test.internal (#28578)
Continued cleanup of legacy root usage from RTR |
||
|
|
bc13750bdf |
Concurrent rendering for ReactART-test (#28521)
## Summary We need to unblock flipping the default for RTR to be concurrent rendering. Update ReactART-test to use `unstable_isConcurrent` in place. ## How did you test this change? `yarn test packages/react-art/src/__tests__/ReactART-test.js` |
||
|
|
0aab065eb3 |
Add alwaysThrottleDisappearingFallbacks Flag (#28550)
## Summary Creates a new `alwaysThrottleDisappearingFallbacks` feature flag that gates the changes from https://github.com/facebook/react/pull/26802 (instead of being controlled by `alwaysThrottleRetries`). The values of this new flag mirror the current values of `alwaysThrottleRetries` such that there is no behavior difference. This additional feature flag allows us to incrementally validate the change (arguably bug fix) from https://github.com/facebook/react/pull/26802 independently from `alwaysThrottleRetries`. ## How did you test this change? ``` $ yarn test $ yarn flow dom-browser $ yarn flow dom-fb $ yarn flow fabric ``` |
||
|
|
7959a1dd28 |
Upgrade flow to 0.231.0 (#28576)
Upgrade flow to 0.231.0 |
||
|
|
6a01aca75b |
Fix ReactHooksInspectionIntegration-test (#28577)
Resolve conflict between #28508 and #28546 |
||
|
|
74cb1bdfec |
Bump follow-redirects from 1.15.4 to 1.15.6 in /fixtures/ssr (#28571)
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.15.4 to 1.15.6. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/follow-redirects/follow-redirects/commit/35a517c5861d79dc8bff7db8626013d20b711b06"><code>35a517c</code></a> Release version 1.15.6 of the npm package.</li> <li><a href="https://github.com/follow-redirects/follow-redirects/commit/c4f847f85176991f95ab9c88af63b1294de8649b"><code>c4f847f</code></a> Drop Proxy-Authorization across hosts.</li> <li><a href="https://github.com/follow-redirects/follow-redirects/commit/8526b4a1b2ab3a2e4044299377df623a661caa76"><code>8526b4a</code></a> Use GitHub for disclosure.</li> <li><a href="https://github.com/follow-redirects/follow-redirects/commit/b1677ce00110ee50dc5da576751d39b281fc4944"><code>b1677ce</code></a> Release version 1.15.5 of the npm package.</li> <li><a href="https://github.com/follow-redirects/follow-redirects/commit/d8914f7982403ea096b39bd594a00ee9d3b7e224"><code>d8914f7</code></a> Preserve fragment in responseUrl.</li> <li>See full diff in <a href="https://github.com/follow-redirects/follow-redirects/compare/v1.15.4...v1.15.6">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/facebook/react/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
c94110c5f3 |
Bump follow-redirects from 1.15.4 to 1.15.6 in /fixtures/concurrent/time-slicing (#28572)
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.15.4 to 1.15.6. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/follow-redirects/follow-redirects/commit/35a517c5861d79dc8bff7db8626013d20b711b06"><code>35a517c</code></a> Release version 1.15.6 of the npm package.</li> <li><a href="https://github.com/follow-redirects/follow-redirects/commit/c4f847f85176991f95ab9c88af63b1294de8649b"><code>c4f847f</code></a> Drop Proxy-Authorization across hosts.</li> <li><a href="https://github.com/follow-redirects/follow-redirects/commit/8526b4a1b2ab3a2e4044299377df623a661caa76"><code>8526b4a</code></a> Use GitHub for disclosure.</li> <li><a href="https://github.com/follow-redirects/follow-redirects/commit/b1677ce00110ee50dc5da576751d39b281fc4944"><code>b1677ce</code></a> Release version 1.15.5 of the npm package.</li> <li><a href="https://github.com/follow-redirects/follow-redirects/commit/d8914f7982403ea096b39bd594a00ee9d3b7e224"><code>d8914f7</code></a> Preserve fragment in responseUrl.</li> <li>See full diff in <a href="https://github.com/follow-redirects/follow-redirects/compare/v1.15.4...v1.15.6">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/facebook/react/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
d79807537b |
Bump follow-redirects from 1.13.0 to 1.15.6 in /fixtures/dom (#28560)
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.13.0 to 1.15.6. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/follow-redirects/follow-redirects/commit/35a517c5861d79dc8bff7db8626013d20b711b06"><code>35a517c</code></a> Release version 1.15.6 of the npm package.</li> <li><a href="https://github.com/follow-redirects/follow-redirects/commit/c4f847f85176991f95ab9c88af63b1294de8649b"><code>c4f847f</code></a> Drop Proxy-Authorization across hosts.</li> <li><a href="https://github.com/follow-redirects/follow-redirects/commit/8526b4a1b2ab3a2e4044299377df623a661caa76"><code>8526b4a</code></a> Use GitHub for disclosure.</li> <li><a href="https://github.com/follow-redirects/follow-redirects/commit/b1677ce00110ee50dc5da576751d39b281fc4944"><code>b1677ce</code></a> Release version 1.15.5 of the npm package.</li> <li><a href="https://github.com/follow-redirects/follow-redirects/commit/d8914f7982403ea096b39bd594a00ee9d3b7e224"><code>d8914f7</code></a> Preserve fragment in responseUrl.</li> <li><a href="https://github.com/follow-redirects/follow-redirects/commit/65858205e59f1e23c9bf173348a7a7cbb8ac47f5"><code>6585820</code></a> Release version 1.15.4 of the npm package.</li> <li><a href="https://github.com/follow-redirects/follow-redirects/commit/7a6567e16dfa9ad18a70bfe91784c28653fbf19d"><code>7a6567e</code></a> Disallow bracketed hostnames.</li> <li><a href="https://github.com/follow-redirects/follow-redirects/commit/05629af696588b90d64e738bc2e809a97a5f92fc"><code>05629af</code></a> Prefer native URL instead of deprecated url.parse.</li> <li><a href="https://github.com/follow-redirects/follow-redirects/commit/1cba8e85fa73f563a439fe460cf028688e4358df"><code>1cba8e8</code></a> Prefer native URL instead of legacy url.resolve.</li> <li><a href="https://github.com/follow-redirects/follow-redirects/commit/72bc2a4229bc18dc9fbd57c60579713e6264cb92"><code>72bc2a4</code></a> Simplify _processResponse error handling.</li> <li>Additional commits viewable in <a href="https://github.com/follow-redirects/follow-redirects/compare/v1.13.0...v1.15.6">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/facebook/react/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
4d686a2da1 |
Performance: avoid triggering map deopt in V8 (#28569)
The shape of the objects changed by this PR are both created in 2 locations with 2 different shapes, which most JS engines won't like. I've noticed this in particular in V8 while benchmarking production code. https://github.com/facebook/react/blob/1293047d6063f3508af15e68cca916660ded791e/packages/react-reconciler/src/ReactFiberCacheComponent.js#L66-L77 https://github.com/facebook/react/blob/1293047d6063f3508af15e68cca916660ded791e/packages/react-reconciler/src/ReactFiberHostContext.js#L47-L54 https://github.com/facebook/react/blob/1293047d6063f3508af15e68cca916660ded791e/packages/react-reconciler/src/ReactFiberHooks.js#L3530-L3531 https://github.com/facebook/react/blob/1293047d6063f3508af15e68cca916660ded791e/packages/react-reconciler/src/ReactFiberHooks.js#L3492-L3493 |
||
|
|
45d56071b8 |
Bump follow-redirects from 1.15.4 to 1.15.6 (#28573)
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.15.4 to 1.15.6. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/follow-redirects/follow-redirects/commit/35a517c5861d79dc8bff7db8626013d20b711b06"><code>35a517c</code></a> Release version 1.15.6 of the npm package.</li> <li><a href="https://github.com/follow-redirects/follow-redirects/commit/c4f847f85176991f95ab9c88af63b1294de8649b"><code>c4f847f</code></a> Drop Proxy-Authorization across hosts.</li> <li><a href="https://github.com/follow-redirects/follow-redirects/commit/8526b4a1b2ab3a2e4044299377df623a661caa76"><code>8526b4a</code></a> Use GitHub for disclosure.</li> <li><a href="https://github.com/follow-redirects/follow-redirects/commit/b1677ce00110ee50dc5da576751d39b281fc4944"><code>b1677ce</code></a> Release version 1.15.5 of the npm package.</li> <li><a href="https://github.com/follow-redirects/follow-redirects/commit/d8914f7982403ea096b39bd594a00ee9d3b7e224"><code>d8914f7</code></a> Preserve fragment in responseUrl.</li> <li>See full diff in <a href="https://github.com/follow-redirects/follow-redirects/compare/v1.15.4...v1.15.6">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/facebook/react/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
38327309a4 |
Update isConcurrent RTR option usage (#28546)
Reverting some of https://github.com/facebook/react/pull/27804 which renamed this option to stable. This PR just replaces internal usage to make upcoming PRs cleaner. Keeping isConcurrent unstable for the next major release in order to enable a broader deprecation of RTR and be consistent with concurrent rendering everywhere for next major. (https://github.com/facebook/react/pull/28498) - Next major will use concurrent root - The old behavior (legacy root by default, concurrent root with unstable option) will be preserved for React Native until new architecture is fully shipped. - Flag and legacy root usage can be removed after RN dependency is unblocked without an additional breaking change |
||
|
|
b09e102ff1 |
[Fizz] Prevent uncloned large precomputed chunks without relying on render-time assertions (#28568)
A while back we implemented a heuristic that if a chunk was large it was assumed to be produced by the render and thus was safe to stream which results in transferring the underlying object memory. Later we ran into an issue where a precomputed chunk grew large enough to trigger this hueristic and it started causing renders to fail because once a second render had occurred the precomputed chunk would not have an underlying buffer of bytes to send and these bytes would be omitted from the stream. We implemented a technique to detect large precomputed chunks and we enforced that these always be cloned before writing. Unfortunately our test coverage was not perfect and there has been for a very long time now a usage pattern where if you complete a boundary in one flush and then complete a boundary that has stylehsheet dependencies in another flush you can get a large precomputed chunk that was not being cloned to be sent twice causing streaming errors. I've thought about why we even went with this solution in the first place and I think it was a mistake. It relies on a dev only check to catch paired with potentially version specific order of operations on the streaming side. This is too unreliable. Additionally the low limit of view size for Edge is not used in Node.js but there is not real justification for this. In this change I updated the view size for edge streaming to match Node at 2048 bytes which is still relatively small and we have no data one way or another to preference 512 over this. Then I updated the assertion logic to error anytime a precomputed chunk exceeds the size. This eliminates the need to clone these chunks by just making sure our view size is always larger than the largest precomputed chunk we can possibly write. I'm generally in favor of this for a few reasons. First, we'll always know during testing whether we've violated the limit as long as we exercise each stream config because the precomputed chunks are created in module scope. Second, we can always split up large chunks so making sure the precomptued chunk is smaller than whatever view size we actually desire is relatively trivial. |