Skip to content

chore: patching solution and updating react-native-community v17 to v17.0.1 #22300

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

chore: patching solution and updating react-native-community v17 to v17.0.1 #22300

wants to merge 2 commits into from
+80 −52

Conversation

@tommasini
Copy link
Contributor

@tommasini tommasini commented Nov 7, 2025
edited by cursor bot
Loading

Description

Changelog

CHANGELOG entry:

Related issues

Fixes:

Manual testing steps

Feature: my feature name

  Scenario: user [verb for user action]
    Given [describe expected initial app state]

    When user [verb for user action]
    Then [describe expected outcome]

Screenshots/Recordings

Before

After

Pre-merge author checklist

Pre-merge reviewer checklist

  • I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
  • I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

Note

Pins and patches @react-native-community/cli-server-api to 15.0.1 with URL validation in openURLMiddleware, updating configs and lockfile accordingly.

  • Tooling:
    • Patched RN CLI Server API: Adds Yarn patch @react-native-community/[email protected] modifying build/openURLMiddleware.js to:
      • Parse url and validate protocol (http/https) and format; return 400 on invalid inputs.
      • Minor string/formatting tweaks and multi-line middleware chaining.
  • Dependencies:
    • Pin @react-native-community/cli-server-api from ^17.0.0 to patched 15.0.1 in dependencies and resolutions; adjust transitive dependencies in yarn.lock.
  • Config:
    • Update .yarnrc.yml advisory note and normalize npmPreapprovedPackages entries.

Written by Cursor Bugbot for commit 707506d. This will update automatically on new commits. Configure here.

@tommasini tommasini requested a review from a team as a code owner November 7, 2025 09:44
@github-actions
Copy link
Contributor

github-actions bot commented Nov 7, 2025

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

@metamaskbot metamaskbot added the team-mobile-platform Mobile Platform team label Nov 7, 2025
@github-actions github-actions bot added the size-S label Nov 7, 2025
cursor[bot]
cursor bot reviewed Nov 7, 2025
View reviewed changes
.yarn/patches/@react-native-community-cli-server-api-npm-15.0.1-63e235b171.patch
+ res.writeHead(400);
+ res.end("Invalid URL format");
+ return;
}
Copy link

@cursor cursor bot Nov 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: JSON Parse Outside Try-Catch Causes Crash

The JSON.parse(req.rawBody) call on line 32 is outside the try-catch block that starts on line 37. If req.rawBody contains invalid JSON, it will throw an unhandled exception that crashes the middleware instead of returning a proper 400 error response. The try-catch only catches errors from new URL(url), not from JSON parsing.

Fix in Cursor Fix in Web

@sonarqubecloud
Copy link

sonarqubecloud bot commented Nov 7, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@tommasini tommasini closed this Nov 8, 2025
@github-actions github-actions bot locked and limited conversation to collaborators Nov 8, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

Assignees

No one assigned

Labels

size-S team-mobile-platform Mobile Platform team

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@tommasini @metamaskbot