@W-20151632: MSDK Android Security Bug: CVE-2025-11953 - React Native Community CLI (RCE)

[JohnsonEricAtSalesforce]

🎸 Ready For Review 🥁

This updates to React Native 0.82.1 0.81.5 according to a best-possible interpretation of how the official React Native Upgrade Assistant applies to this package. There are some interesting differences, which may be due to out-of-date content remaining in this package after previous upgrades. The key, though, is that the package manager can resolve all dependencies and tsc will successfully build the package.

We're targeting 0.81.5 since we now know the RCTTest method of testing will no longer function in New Architecture as of 0.82. The tests will need to be completely re-written on another framework based on some light reading.

[JohnsonEricAtSalesforce]

@wmathurin - @types/react-native shouldn't be needed, however tsc --build will not succeed without it. Any ideas? I saw this on dev until I switched to the latest node via nvm. However, once I introduce the remaining updates you see here from the Upgrade Assistant the tsc failure comes back until I add this type.

There's something amiss. If you have a clue let me know 🙏🏻

[JohnsonEricAtSalesforce]

I was wondering about the dependencies block on dev since it doesn't have the react-native I've just added in this block:

"dependencies": {
    "react": "19.1.1",
    "react-native": "0.82.1", <-- This is new!

Was there any reason that wasn't there before? This brings us in line with what the Upgrade Assistant's content has.

[JohnsonEricAtSalesforce]

I believe this extends statement supersedes the compiler options block that used to be here, which causes a failure of tsc --build on the new version. @wmathurin, thoughts?

[wmathurin]

Did you check the compiler options there? Do they look similar?

[JohnsonEricAtSalesforce]

They look similar though not identical. What path do we have to verify that this is a match? Do we need a more comprehensive test to ensure everything still meets expectations?

[wmathurin]

Those settings came from some older versions of React Native. So it should be fine to go with the new settings. Do you know which ones were changed?

[JohnsonEricAtSalesforce]

I locally switched SalesforceReact and ReactNativeTemplate-Android to this branch and it seems to install and run as expected.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 74.95%. Comparing base (8ae0856) to head (ffe8cff).
⚠️ Report is 6 commits behind head on dev.

Additional details and impacted files

@@            Coverage Diff             @@
##              dev     #430      +/-   ##
==========================================
- Coverage   76.12%   74.95%   -1.18%     
==========================================
  Files          13       13              
  Lines         557      503      -54     
==========================================
- Hits          424      377      -47     
+ Misses        133      126       -7     

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[JohnsonEricAtSalesforce]

I'll be changing this back ⏳