Skip to content

Upgrade to React Native 0.85.3 / Expo SDK 56 (new architecture)#6064

Draft
peachbits wants to merge 3 commits into
developfrom
phase2-rn-upgrade
Draft

Upgrade to React Native 0.85.3 / Expo SDK 56 (new architecture)#6064
peachbits wants to merge 3 commits into
developfrom
phase2-rn-upgrade

Conversation

@peachbits

Copy link
Copy Markdown
Contributor

Summary

Upgrades edge-react-gui from React Native 0.79.2 → 0.85.3 (Expo SDK 53 → 56), moving both platforms to the new architecture and removing the reanimated v3/v4 platform split.

Android was previously pinned to reanimated 3 on the old architecture via a local scripts/r3-hack crutch (iOS already ran reanimated 4 on the new arch). This drops the crutch so the whole app runs reanimated v4 on the new architecture, and brings RN, Expo, and the RN-ecosystem dependencies up to current.

Commits (structured for review)

  1. Upgrade to React Native 0.85.3 and Expo SDK 56 — JS/deps/tests: dependency bumps, reanimated-split removal, jest preset + worklets resolver, snapshot updates.
  2. Android: build under React Native 0.85 with the new architecturenewArchEnabled, compile/target SDK 35→36, Expo SDK 56 autolinking, MainApplication unwrap.
  3. iOS: build and run under React Native 0.85 / Expo SDK 56 / Xcode 26 — Expo autolinking + new-arch Podfile (iOS 16.4), ExpoReactNativeFactory AppDelegate, RCTNewArchEnabled.

Split by area (JS / Android / iOS) so each commit independently passes precommit (the native changes don't affect tsc/tests).

Performance — Android, Flashlight, physical device

Crutch removal + new arch + the RN bump measurably improved Android scroll performance:

During scroll Baseline (rea3 / old arch / 0.79) After (rea4 / new arch / 0.85)
Jank (frames <30 fps) 7.3% 2.5%
Worst-case FPS (p10) 33.3 48.1
Peak scroll CPU 326% 201%
RAM mean / peak 456 / 704 MB 662 / 827 MB

Net: jank floor 33 → 48 fps (+44%), jank −66%, peak CPU −38%, total CPU −42% — at a RAM cost (the new-arch tradeoff).

Testing

  • tsc --noEmit: clean (0 errors)
  • Unit tests: 517 / 517 pass (88 suites)
  • iOS: builds under Xcode 26 and verified running on the iOS 26 simulator (boots, new-arch runtime, app navigable)
  • Android: release build benchmarked on a physical device (table above)

Notes

  • RN-upgrade only — the react-native-zcash SPM migration is a separate PR.
  • RCTNewArchEnabled (Info.plist) is what enables the new-arch runtime on iOS.

🤖 Generated with Claude Code

peachbits and others added 3 commits June 29, 2026 15:18
Move the app to React Native 0.85.3 / Expo SDK 56 on the new architecture. Remove the reanimated v3/v4 platform split (Android was pinned to reanimated 3 on the old architecture via scripts/r3-hack) so both platforms run reanimated v4. Bumps the RN-ecosystem dependencies together and updates the jest preset, worklets resolver, and test snapshots.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Enable newArchEnabled, bump compile/target SDK 35->36, and rewrite settings.gradle for Expo SDK 56 autolinking. Unwrap MainApplication from the ReactNativeHostWrapper removed in SDK 56.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Expo autolinking + new-architecture Podfile (deployment target 16.4), the ExpoReactNativeFactory AppDelegate, and RCTNewArchEnabled in Info.plist. Includes the build fixes needed under Xcode 26.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@socket-security

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatedjest@​30.0.0 ⏵ 29.7.01001006892100
Updated@​react-native/​metro-config@​0.79.2 ⏵ 0.85.3100 +110073 +197 +1100
Updated@​react-native/​typescript-config@​0.79.2 ⏵ 0.85.310010073 +1097 +1100
Updated@​react-native-community/​cli@​18.0.0 ⏵ 20.1.098 +1100 +7575 +194100
Added@​react-native/​jest-preset@​0.85.3761008297100
Updatedexpo@​53.0.20 ⏵ 56.0.1277100100 +23100100
Updatedreact-native-safe-area-context@​5.6.1 ⏵ 5.7.0991007887100
Updated@​types/​react@​19.1.9 ⏵ 19.2.171001007995100
Updated@​babel/​core@​7.28.0 ⏵ 7.29.797100 +180 +196100
Updatedreact-native-gesture-handler@​2.28.0 ⏵ 2.31.28010094 +198100
Updatedreact-test-renderer@​19.0.0 ⏵ 19.2.380 +110086 +198100
Updated@​react-native-firebase/​app@​20.5.0 ⏵ 25.1.010010089 +19880
Updated@​react-native-firebase/​messaging@​20.5.0 ⏵ 25.1.010010091 +19880
Updated@​react-native/​babel-preset@​0.79.5 ⏵ 0.85.398 +110082 +197100
Updated@​react-native-picker/​picker@​2.11.2 ⏵ 2.11.410010010082100
Updatedreact@​19.0.0 ⏵ 19.2.31001008497100
Updatedreact-native-worklets@​0.6.1 ⏵ 0.8.399 +110085 +298100
Updated@​react-native-community/​netinfo@​11.4.1 ⏵ 12.0.19910010086100
Updatedreact-native-keyboard-controller@​1.19.0 ⏵ 1.21.69910087 +196 +2100
Updated@​react-native-async-storage/​async-storage@​1.19.4 ⏵ 2.2.010010088 +1690 -1100
Updatedreact-native-svg@​15.14.0 ⏵ 15.15.499 +110010088100
Updatedreact-native-bootsplash@​6.3.8 ⏵ 6.3.1288 -1010010090100
Updatedreact-native-reanimated@​3.19.5 ⏵ 4.3.199 +110090 +198100
Updatedtypescript@​5.0.4 ⏵ 5.8.3100 +110090 +19690
Updated@​react-native-community/​datetimepicker@​8.4.2 ⏵ 9.1.09910010090 -4100
Updatedreact-native-vision-camera@​4.7.2 ⏵ 4.7.310010010093 +2100
Updatedreact-native-webview@​13.15.0 ⏵ 13.16.110010096 +195 +1100
Updated@​react-native-community/​cli-platform-android@​18.0.0 ⏵ 20.1.09910010096100
Updated@​react-native-community/​cli-platform-ios@​18.0.0 ⏵ 20.1.010010010096100
Updated@​sentry/​react-native@​7.12.0 ⏵ 7.11.099 +110010096 +1100
Updatedreact-native@​0.79.2 ⏵ 0.85.398 +1210099100100
Updatedreact-native-screens@​4.16.0 ⏵ 4.25.299 +110010098100

View full report

@socket-security

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm @expo/cli is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: package-lock.jsonnpm/expo@56.0.12npm/@expo/cli@56.1.16

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@expo/cli@56.1.16. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @react-native/debugger-frontend is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: package-lock.jsonnpm/react-native@0.85.3npm/expo@56.0.12npm/@react-native/debugger-frontend@0.85.3

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@react-native/debugger-frontend@0.85.3. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @react-native/debugger-frontend is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: package-lock.jsonnpm/react-native@0.85.3npm/expo@56.0.12npm/@react-native/debugger-frontend@0.85.3

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@react-native/debugger-frontend@0.85.3. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @sentry-internal/feedback is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: package-lock.jsonnpm/@sentry/react-native@7.11.0npm/@sentry-internal/feedback@10.37.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@sentry-internal/feedback@10.37.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @sentry/browser is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: package-lock.jsonnpm/@sentry/react-native@7.11.0npm/@sentry/browser@10.37.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@sentry/browser@10.37.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @sentry/core is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: package-lock.jsonnpm/@sentry/react-native@7.11.0npm/@sentry/core@10.37.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@sentry/core@10.37.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm node-forge is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: package-lock.jsonnpm/expo@56.0.12npm/@walletconnect/web3wallet@1.10.1npm/node-forge@1.4.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/node-forge@1.4.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm react-native-bootsplash is 75.0% likely obfuscated

Confidence: 0.75

Location: Package overview

From: package-lock.jsonnpm/react-native-bootsplash@6.3.12

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/react-native-bootsplash@6.3.12. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn Medium
Low adoption: npm fetch-nodeshim

Location: Package overview

From: package-lock.jsonnpm/expo@56.0.12npm/fetch-nodeshim@0.4.10

ℹ Read more on: This package | This alert | What are unpopular packages?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Unpopular packages may have less maintenance and contain other problems.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/fetch-nodeshim@0.4.10. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant