Skip to content

[Snyk] Upgrade react-native from 0.82.1 to 0.83.1#38

Closed
chirag127 wants to merge 2 commits into
mainfrom
snyk-upgrade-ef54245c42e6ab639c665a7440f2dfab
Closed

[Snyk] Upgrade react-native from 0.82.1 to 0.83.1#38
chirag127 wants to merge 2 commits into
mainfrom
snyk-upgrade-ef54245c42e6ab639c665a7440f2dfab

Conversation

@chirag127

Copy link
Copy Markdown
Owner

snyk-top-banner

Snyk has created this PR to upgrade react-native from 0.82.1 to 0.83.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 63 versions ahead of your current version.

  • The recommended version was released 2 months ago.

Release notes
Package name: react-native
  • 0.83.1 - 2025-12-18

    Fixed

    Android specific

    • Fix Network error that could occur for FormData uploads with binary data (471ef7212e by @ huntie)

    Hermes dSYMS:

    Hermes V1 dSYMS:

    ReactNativeDependencies dSYMs:

    ReactNative Core dSYMs:


    You can file issues or pick requests against this release here.


    To help you upgrade to this version, you can use the Upgrade Helper ⚛️.


    View the whole changelog in the CHANGELOG.md file.

  • 0.83.0 - 2025-12-10
  • 0.83.0-rc.5 - 2025-12-08
  • 0.83.0-rc.4 - 2025-12-03
  • 0.83.0-rc.3 - 2025-11-24
  • 0.83.0-rc.2 - 2025-11-17
  • 0.83.0-rc.1 - 2025-11-11
  • 0.83.0-rc.0 - 2025-11-04
  • 0.83.0-nightly-20251104-502efe1cc - 2025-11-04
  • 0.83.0-nightly-20251103-a034841fd - 2025-11-03
  • 0.83.0-nightly-20251103-54047f891 - 2025-11-03
  • 0.83.0-nightly-20251102-d8e6a985a - 2025-11-02
  • 0.83.0-nightly-20251101-693e9628e - 2025-11-01
  • 0.83.0-nightly-20251030-26ad9492b - 2025-10-30
  • 0.83.0-nightly-20251029-3f971d931 - 2025-10-29
  • 0.83.0-nightly-20251028-916e53f84 - 2025-10-28
  • 0.83.0-nightly-20251024-c7fb31ce5 - 2025-10-24
  • 0.83.0-nightly-20251022-93c17cd0c - 2025-10-22
  • 0.83.0-nightly-20251021-328d07a30 - 2025-10-21
  • 0.83.0-nightly-20251019-d9ea1b245 - 2025-10-19
  • 0.83.0-nightly-20251018-535efc140 - 2025-10-18
  • 0.83.0-nightly-20251017-ae5728bbb - 2025-10-17
  • 0.83.0-nightly-20251016-e79920c66 - 2025-10-16
  • 0.83.0-nightly-20251015-094794ac9 - 2025-10-15
  • 0.83.0-nightly-20251014-69dc65500 - 2025-10-14
  • 0.83.0-nightly-20251013-f4e93df55 - 2025-10-13
  • 0.83.0-nightly-20251012-6f482708b - 2025-10-12
  • 0.83.0-nightly-20251011-6f482708b - 2025-10-11
  • 0.83.0-nightly-20251009-24d0d4414 - 2025-10-09
  • 0.83.0-nightly-20251008-31bff4e09 - 2025-10-08
  • 0.83.0-nightly-20251007-854268275 - 2025-10-07
  • 0.83.0-nightly-20251006-07f40ec6b - 2025-10-06
  • 0.83.0-nightly-20251005-07f40ec6b - 2025-10-05
  • 0.83.0-nightly-20251003-aab0d3397 - 2025-10-03
  • 0.83.0-nightly-20251002-07fcdfeba - 2025-10-02
  • 0.83.0-nightly-20251001-990ca0d10 - 2025-10-01
  • 0.83.0-nightly-20250930-a07308081 - 2025-09-30
  • 0.83.0-nightly-20250929-2f40224fa - 2025-09-29
  • 0.83.0-nightly-20250928-fb09b3764 - 2025-09-28
  • 0.83.0-nightly-20250927-99b7cb77a - 2025-09-27
  • 0.83.0-nightly-20250926-2b5938c90 - 2025-09-26
  • 0.83.0-nightly-20250924-53f89bacd - 2025-09-24
  • 0.83.0-nightly-20250923-2065c3180 - 2025-09-23
  • 0.83.0-nightly-20250922-5ef054921 - 2025-09-22
  • 0.83.0-nightly-20250921-a4d43290c - 2025-09-21
  • 0.83.0-nightly-20250920-362ed179a - 2025-09-20
  • 0.83.0-nightly-20250919-cb7453fb9 - 2025-09-19
  • 0.83.0-nightly-20250918-4d2e38edd - 2025-09-18
  • 0.83.0-nightly-20250917-18cb4edfa - 2025-09-17
  • 0.83.0-nightly-20250916-15daa2787 - 2025-09-16
  • 0.83.0-nightly-20250915-56e5dff73 - 2025-09-15
  • 0.83.0-nightly-20250914-09a7e0a0f - 2025-09-14
  • 0.83.0-nightly-20250913-4fb42c84d - 2025-09-13
  • 0.83.0-nightly-20250912-a7dc5051d - 2025-09-12
  • 0.83.0-nightly-20250911-dab8a4562 - 2025-09-11
  • 0.83.0-nightly-20250910-019a553ea - 2025-09-10
  • 0.83.0-nightly-20250909-e7ce4ff0b - 2025-09-09
  • 0.83.0-nightly-20250908-02e3a999e - 2025-09-08
  • 0.83.0-nightly-20250907-02e3a999e - 2025-09-07
  • 0.83.0-nightly-20250906-44b2da0df - 2025-09-06
  • 0.83.0-nightly-20250905-a50ddf3d8 - 2025-09-05
  • 0.83.0-nightly-20250904-5d65794ee - 2025-09-04
  • 0.83.0-nightly-20250903-f33a1cd26 - 2025-09-03
  • 0.82.1 - 2025-10-20
from react-native GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

Snyk has created this PR to upgrade react-native from 0.82.1 to 0.83.1.

See this package in npm:
react-native

See this project in Snyk:
https://app.snyk.io/org/chirag127/project/4c20a98f-d4af-4651-bd1c-01c83de1eee7?utm_source=github&utm_medium=referral&page=upgrade-pr
@coderabbitai

coderabbitai Bot commented Feb 10, 2026

Copy link
Copy Markdown

Important

Review skipped

Ignore keyword(s) in the title.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch snyk-upgrade-ef54245c42e6ab639c665a7440f2dfab

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@gemini-code-assist

Copy link
Copy Markdown

Summary of Changes

Hello @chirag127, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request, automatically generated by Snyk, updates the react-native framework from version 0.82.1 to 0.83.1. This upgrade includes a cascade of updates to numerous related @babel and @react-native ecosystem packages, ensuring the project benefits from the latest features, bug fixes, and security enhancements provided by the new react-native release. It also refines dependency resolution and updates other core tooling components.

Highlights

  • React Native Upgrade: Upgraded the core react-native dependency from version 0.82.1 to 0.83.1.
  • Dependency Updates: Updated numerous related @babel and @react-native ecosystem packages to their latest compatible versions, including @babel/code-frame, @babel/generator, @babel/parser, @babel/template, @babel/traverse, @babel/types, @react-native/assets-registry, @react-native/community-cli-plugin, @react-native/debugger-frontend, @react-native/dev-middleware, @react-native/debugger-shell, @react-native/gradle-plugin, @react-native/js-polyfills, @react-native/codegen, @react-native/normalize-colors, and @react-native/virtualized-lists.
  • Tooling and Core Library Bumps: Bumped hermes-compiler from 0.0.0 to 0.14.0, scheduler from 0.26.0 to 0.27.0, and ws to 7.5.10 across various nested dependencies. Also updated metro, metro-config, and metro-core to ^0.83.3.
  • Dependency Resolution Refinement: Standardized versioning for expo-constants, expo-system-ui, react-native-gesture-handler, and react-native-screens to use tilde (~) in package-lock.json. Additionally, refactored source-map dependency handling by removing nested versions and introducing a top-level entry.
Changelog
  • spechify-tts/package-lock.json
    • Updated react-native to ^0.83.1.
    • Updated expo-constants to ~17.1.8 and expo-system-ui to ~4.0.9.
    • Updated react-native-gesture-handler to ~2.30.0 and react-native-screens to ~4.19.0.
    • Upgraded @babel/code-frame from 7.27.1 to 7.29.0.
    • Upgraded @babel/generator from 7.28.5 to 7.29.1.
    • Upgraded @babel/parser from 7.28.5 to 7.29.0.
    • Upgraded @babel/template from 7.27.2 to 7.28.6.
    • Upgraded @babel/traverse from 7.28.5 to 7.29.0.
    • Upgraded @babel/types from 7.28.5 to 7.29.0.
    • Upgraded @react-native/assets-registry from 0.82.1 to 0.83.1.
    • Upgraded @react-native/community-cli-plugin from 0.82.1 to 0.83.1.
    • Upgraded @react-native/dev-middleware from 0.82.1 to 0.83.1.
    • Upgraded @react-native/debugger-frontend from 0.82.1 to 0.83.1.
    • Upgraded @react-native/debugger-shell from 0.82.1 to 0.83.1.
    • Upgraded @react-native/gradle-plugin from 0.82.1 to 0.83.1.
    • Upgraded @react-native/js-polyfills from 0.82.1 to 0.83.1.
    • Upgraded metro, metro-config, metro-core to ^0.83.3.
    • Upgraded ws from 6.2.3 to 7.5.10 in various nested node_modules paths.
    • Upgraded hermes-compiler from 0.0.0 to 0.14.0.
    • Upgraded scheduler from 0.26.0 to 0.27.0.
    • Updated react peer dependency to ^19.2.0.
    • Removed nested source-map dependencies from metro-source-map and metro-symbolicate.
    • Added a top-level source-map dependency at version 0.5.7.
    • Updated glob deprecated message.
    • Upgraded yaml from 2.8.1 to 2.8.2 and added a funding URL.
  • spechify-tts/package.json
    • Updated the react-native dependency from 0.82.1 to 0.83.1.
Activity
  • Snyk automatically created this pull request to upgrade the react-native dependency.
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

@qodo-code-review

Copy link
Copy Markdown

CI Feedback 🧐

A test triggered by this PR failed. Here is an AI-generated analysis of the failure:

Action: build_and_test

Failed stage: Setup Expo CLI and Install Expo Packages [❌]

Failed test name: ""

Failure summary:

The action failed during the step Run npm install -g expo-cli@51 because npm could not find the
requested package version.
- Error: npm error code ETARGET / No matching version found for
expo-cli@51 (lines 153-156)
- This indicates the workflow is trying to install a non-existent or
unpublished version of expo-cli (51) from npm, causing the command to exit with code 1 (line 158).

Relevant error logs:
1:  ##[group]Runner Image Provisioner
2:  Hosted Compute Agent
...

138:  shell: /usr/bin/bash -e {0}
139:  env:
140:  NODE_VERSION: 20
141:  EXPO_VERSION: 51
142:  ##[endgroup]
143:  added 1 package, and audited 2 packages in 632ms
144:  found 0 vulnerabilities
145:  ##[group]Run npm install -g expo-cli@51
146:  �[36;1mnpm install -g expo-cli@51�[0m
147:  �[36;1mnpx expo install�[0m
148:  shell: /usr/bin/bash -e {0}
149:  env:
150:  NODE_VERSION: 20
151:  EXPO_VERSION: 51
152:  ##[endgroup]
153:  npm error code ETARGET
154:  npm error notarget No matching version found for expo-cli@51.
155:  npm error notarget In most cases you or one of your dependencies are requesting
156:  npm error notarget a package version that doesn't exist.
157:  npm error A complete log of this run can be found in: /home/runner/.npm/_logs/2026-02-10T08_56_47_626Z-debug-0.log
158:  ##[error]Process completed with exit code 1.
159:  Post job cleanup.

@socket-security

socket-security Bot commented Feb 10, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatedreact-native@​0.82.1 ⏵ 0.83.194 +310099 +1100100

View full report

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request, automatically generated by Snyk, upgrades react-native from version 0.82.1 to 0.83.1. While this is a welcome update, the review has identified two important issues. First, a transitive dependency, glob, is at an old and insecure version (7.2.3), which this PR fails to update despite updating its deprecation notice to highlight security risks. This is a critical issue. Second, the version specifier for react-native in package-lock.json has been inconsistently changed to use a caret (^0.83.1) instead of being pinned, which contradicts the package.json and the previous versioning strategy. This should be corrected to maintain dependency stability.

"resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz",
"integrity": "sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==",
"deprecated": "Glob versions prior to v9 are no longer supported",
"deprecated": "Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security-critical critical

The glob package, a transitive dependency, is at version 7.2.3, which is deprecated and contains known security vulnerabilities. The updated deprecation message in this very change highlights this risk. Since this PR is for security and dependency updates, it's critical to address this. Please upgrade glob to a secure version (e.g., ^10.0.0). You can achieve this by adding an overrides field in your package.json:

"overrides": {
  "glob": "^10.3.10"
}

"react-dom": "18.3.1",
"react-native": "0.82.1",
"react-native-gesture-handler": "^2.30.0",
"react-native": "^0.83.1",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

The version specifier for react-native is inconsistent between package.json (which has "0.83.1") and this file ("^0.83.1"). This changes the versioning strategy from pinned to caret (^), which could introduce unexpected updates in the future. To maintain consistency and the established pinning strategy, please change this to match package.json.

Suggested change
"react-native": "^0.83.1",
"react-native": "0.83.1",

Snyk has created this PR to upgrade react-native from 0.82.1 to 0.83.1.

See this package in npm:
react-native

See this project in Snyk:
https://app.snyk.io/org/whyiswhen/project/aed39381-6e7d-41b9-b7ea-15e35a2ff0f9?utm_source=github&utm_medium=referral&page=upgrade-pr
@openhands-ai

openhands-ai Bot commented Feb 11, 2026

Copy link
Copy Markdown

Looks like there are a few issues preventing this PR from being merged!

  • GitHub Actions are failing:
    • CI Workflow

If you'd like me to help, just leave a comment, like

@OpenHands please fix the failing actions on PR #38 at branch `snyk-upgrade-ef54245c42e6ab639c665a7440f2dfab`

Feel free to include any additional details that might help me get this PR into a better state.

You can manage your notification settings

@chirag127 chirag127 closed this Jul 2, 2026
@chirag127 chirag127 deleted the snyk-upgrade-ef54245c42e6ab639c665a7440f2dfab branch July 2, 2026 05:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants