Tracks the status of the CDP implementation in Hermes and React Native projects
by reactTypeScript
Last 12 weeks · 2 commits
4 of 6 standards met
Upgrade Next.js from 14.2.x to 15.5.x along with its ecosystem: next: 14.2.35 → 15.5.19 react: 18.x → 19.2.7 react-dom: 18.x → 19.2.7 react-timeago: 7.2.0 → 8.3.0 (React 19 support) @testing-library/react: 14.1.2 → 16.3.2 (React 19 support) @types/react: 18.x → 19.x @types/react-dom: 18.x → 19.x eslint-config-next: 13.5.4 → 15.5.19 postcss: 8.4.31 → 8.5.10+ (via override + direct dep bump) Code changes: Make prop async in 3 files (Next.js 15 breaking change) Wrap TimeAgo in span for className (react-timeago v8 API change) This resolves all next and postcss security vulnerabilities: 16 Next.js CVEs (DoS, SSRF, XSS, cache poisoning) PostCSS XSS via unescaped (GHSA-qx2v-qp2m-jg93) I've verified that the app runs on main: [!NOTE] I believe there are some UI quirks going on but those are the same also from the branch. This would have to be fixed separately
Run to resolve the following vulnerabilities: 2.0.0 → 2.0.1 (low severity) 2.3.1 → 2.3.2 (CVE-2026-33671, ReDoS; CVE-2026-33672, method injection) 3.2.9 → 3.4.2 (unbounded recursion DoS, prototype pollution) 4.3.4 → 4.3.8 (prototype pollution) 3.1.2 → 3.1.5 (CVE-2026-26996, CVE-2026-27903, CVE-2026-27904, ReDoS) 4.1.0 → 4.2.0 (prototype pollution via merge) All are patch or minor version bumps within semver range. Only package-lock.json is affected — no source code changes.
Repository: react/react-native-cdp-status. Description: Tracks the status of the CDP implementation in Hermes and React Native projects Stars: 17, Forks: 7. Primary language: TypeScript. Languages: TypeScript (94.1%), JavaScript (5.5%), CSS (0.3%), SCSS (0.1%). License: MIT. Homepage: https://cdpstatus.reactnative.dev/devtools-protocol/tot Topics: cdp, devtools, react-native. Open PRs: 0, open issues: 0. Last activity: 3w ago. Community health: 62%. Top contributors: motiz88, blakef, huntie, jorge-cab, cortinico, vzaidman, sbuggay.