Conversation
There was a problem hiding this comment.
Pull request overview
This PR upgrades the React Native dependency from version 0.73.x to 0.76.9 to address CVE-2026-25128 (note: the CVE year appears to be a typo as 2026 is in the future). The upgrade includes updating all related React Native packages, Android build tools, Gradle, and necessary configuration changes to align with React Native 0.76's requirements, including the removal of Flipper support and adoption of the new autolinking system.
Changes:
- Updated React Native and related packages to version 0.76.9 with exact version pinning
- Upgraded Android build infrastructure (Gradle 8.10.2, build tools 35.0.0, Kotlin 1.9.25, SDK 35)
- Removed Flipper integration from Android and migrated to new autolinking system
- Enabled React Native's new architecture by default
Reviewed changes
Copilot reviewed 8 out of 10 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| js/react_native/package.json | Updated React Native devDependencies to 0.76.9 with exact versions |
| js/react_native/e2e/package.json | Updated React Native dependencies and all @react-native packages to 0.76.9 |
| js/react_native/e2e/android/settings.gradle | Migrated to new React Native 0.76 autolinking configuration with pluginManagement |
| js/react_native/e2e/android/gradle/wrapper/gradle-wrapper.properties | Updated Gradle wrapper to version 8.10.2 |
| js/react_native/e2e/android/gradle.properties | Enabled new architecture, removed Jetifier (no longer needed) |
| js/react_native/e2e/android/build.gradle | Updated Android build tools to 35.0.0, SDK to 35, and Kotlin to 1.9.25 |
| js/react_native/e2e/android/app/src/main/java/com/reactnativeonnxruntimemodule/MainApplication.kt | Removed Flipper integration, updated SoLoader initialization for React Native 0.76 |
| js/react_native/e2e/android/app/build.gradle | Added autolinkLibrariesWithApp() call, removed Flipper dependency |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| apply from: file("../node_modules/@react-native-community/cli-platform-android/native_modules.gradle"); applyNativeModulesSettingsGradle(settings) | ||
| include ':app' | ||
| includeBuild('../node_modules/@react-native/gradle-plugin') No newline at end of file | ||
| includeBuild('../node_modules/@react-native/gradle-plugin') |
There was a problem hiding this comment.
The gradle plugin path is included twice in this file: once in the pluginManagement block (line 1) and again with a standalone includeBuild statement (line 6). While this might be intentional for React Native 0.76's configuration, this pattern is unusual and could potentially cause issues. Please verify that both inclusions are necessary. If the second one (line 6) is redundant, it should be removed to avoid potential build conflicts.
| includeBuild('../node_modules/@react-native/gradle-plugin') |
fs-eire
force-pushed
the
fs-eire/upgrade-rn-ver
branch
from
f490428 to
36774d7
Compare
fs-eire
force-pushed
the
fs-eire/upgrade-rn-ver
branch
from
36774d7 to
42806d4
Compare
1 participant
Description
This is the following-up of #27264, to fully fix CVE-2026-25128 by upgrading the version of react native to 0.76.x.