Skip to content

Comments

[Snyk] Upgrade @react-three/fiber from 9.4.2 to 9.5.0#164

Open
SMSDAO wants to merge 1 commit intomainfrom
snyk-upgrade-ae90c11ceff19898a9c9c8f8a64c5dc7
Open

[Snyk] Upgrade @react-three/fiber from 9.4.2 to 9.5.0#164
SMSDAO wants to merge 1 commit intomainfrom
snyk-upgrade-ae90c11ceff19898a9c9c8f8a64c5dc7

Conversation

@SMSDAO
Copy link
Owner

@SMSDAO SMSDAO commented Feb 4, 2026

snyk-top-banner

Snyk has created this PR to upgrade @react-three/fiber from 9.4.2 to 9.5.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 1 version ahead of your current version.

  • The recommended version was released a month ago.

Release notes
Package name: @react-three/fiber
  • 9.5.0 - 2025-12-30

    After a bit of research and development, R3F is now compatible with React 19.2, including the Activity feature!

    Why did this take some effort, you might wonder? When React bumped to version 19.2.x, they also bumped the internal reconciler up a version which was not backwards compatible with 19.1.x. This put us in an awkward position of either making a breaking change in the middle of R3F v9, bump to another major just because of an internal detail from React or get creative. We chose to get creative and R3F is compatible with all versions of React between 19.0 and 19.2. The downside is we had to bundle the reconciler with R3F, but react-dom already does this so for now it is the best solution available.

    Forcing breaking changes on libraries is likely not what the React teams intended so we will be working with them to try to avoid this in the future.

    Happy coding.

    What's Changed

    Full Changelog: v9.4.2...v9.5.0

  • 9.4.2 - 2025-11-29

    What's Changed

    • docs: update installation guide with iOS simulator note by @ rudin in #3572
    • fix: Expo SDK 54 compatibility through workaround by @ alextoudic in #3599

    New Contributors

    Full Changelog: v9.4.1...v9.4.2

from @react-three/fiber GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

Snyk has created this PR to upgrade @react-three/fiber from 9.4.2 to 9.5.0.

See this package in npm:
@react-three/fiber

See this project in Snyk:
https://app.snyk.io/org/smsdao/project/b4d3b8c1-1daa-4aa9-b0ab-59f40580355e?utm_source=github&utm_medium=referral&page=upgrade-pr
@railway-app
Copy link

railway-app bot commented Feb 4, 2026

🚅 Deployed to the TradeOS-pr-164 environment in gxq

Service Status Web Updated (UTC)
reimagined-jupiter ❌ Build Failed (View Logs) Feb 4, 2026 at 4:48 am

@socket-security
Copy link

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm @react-native/debugger-frontend is 96.0% likely obfuscated

Confidence: 0.96

Location: Package overview

From: webapp/package-lock.jsonnpm/@react-native/debugger-frontend@0.83.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@react-native/debugger-frontend@0.83.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants