📨 #261: RSC vulnerability, Activity, ViewTransition, React Router, Sonner, Cedar, Storybook, Conform | RNRepo, Nitro Modules, Keyboard Controller, SET, Sheets, deep links | tsgo, Bun, WebGPU, Vite, oxfmt, Valibot

3 décembre 2025 · 7 minutes de lecture

Newsletter creator - Docusaurus maintainer

🇫🇷 Non traduit :/

Malheureusement, cette page n'a pas encore été traduite en français. Reviens un peu plus tard!

Hi everyone!

A major React 19 Server Functions vulnerability has just been disclosed. Make sure to upgrade your React 19 or meta-framework ASAP!

On the mobile side, we have more positive news: RNRepo should speed up our React Native builds even more, and Shared Elements Transitions are coming soon! (unlike React Native 1.0 😅)

Don’t forget to answer the State of React 2025 survey while it’s still open!

As always, thanks for supporting us on your favorite platform:

🦋 Bluesky
✖️ X / Twitter
👔 LinkedIn
👽 Reddit

Ne manque pas le prochain email !

If you are not signed-up, you are missing out

William CandillonReact-Native animations expert - Youtuber

💸 Sponsor

AG Charts: The Best React Charts in the World.

AG Charts is a high-performance, canvas-based charting library from AG Grid.

Originally built to power AG Grid’s Integrated Charts, it now serves over 1M npm downloads each month.

🆓 Free: A wide range of chart types (bar, line, scatter, area, and more) — free, forever.
🚀 Fast: Optimised canvas rendering for large datasets (1M+ points).
🦾 Accessible: Built-in support for screen readers and keyboard navigation.
🔄 AG Grid Integration: Shared API with AG Grid for seamless integration.

👉 Get Started for Free: www.ag-grid.com/charts

⚛️ React

React 19 Critical Security Vulnerability in React Server Components

A critical (10.0) security vulnerability affects React 19. It allows unauthenticated remote code execution vulnerability in React Server Components by crafting a malicious HTTP request sent to a Server Function endpoint.

The React team recommends upgrading immediately. The vulnerability has been responsibly disclosed, and patches are already available for React 19 and the most popular frameworks that leverage RSCs: Next.js, Expo, React Router, Waku, Redwood, and more. Hosting providers can mitigate the issue thanks to their Web Application Firewalls.

💸 React Certification– Last Chance to get 50% off. Trusted by devs at Ford, PwC, Dell & 680+ companies. Exams by Microsoft MVP Aurora Scharff.
🐦 The Shopify Live Globe running on the Las Vegas Exosphere using React-Three-Fiber: If you are into creative web dev, you might also want to see their React-Three-Fiber pinball machine that also displays that globe.
👀 React-Redux issue - Mark connect as deprecated
📜 Without the blue bar: Re-implements GitHub using Next.js 16, RSC, ’use cache’ directives, and browser virtualization to show how much faster it could be.
📜 Building a toast component: The author of the popular React library Sonner shares various design engineering lessons.
📜 React Router's take on React Server Components
📜 Use React <Activity /> to preload a video
📜 Use React <ViewTransition /> to Smoothly Transition Images and Titles
📜 React 19.2: The async shift is finally here
📜 React has changed, your Hooks should too
📜 The next era of React has arrived: Here's what you need to know
📜 Migrating 6000 React tests using AI Agents and ASTs
📜 Vitest Browser Mode - The Future of Frontend Testing
📜 Why use React?
📦 React Router 7.10 - Stabilized various APIs: This also introduces a new unstable_useTransitions to opt-in/out of React transitions.
📦 Storybook 10.1 - Installation and accessibility improvements
📦 oRPC 1.12 - Configure default options for TanStack query/mutation
📦 Conform 1.14 - Improve useForm type inference, form reset, strip empty values by default
📦 CedarJS 1.0 - Actively maintained fork of RedwoodJS (winded down and renamed as Redwood GraphQL)
📦 Preact 10.28 - Types and perf improvements
📦 TanStack Form 1.17 - Fix React Compiler issues, React 17 compat
📦 StyleX 0.17.1 - Unplugin (universal bundler plugin), Custom Markers, default config options updated
📦 Base UI beta.7 - Various bug fixes before v1 that should come soon
📦 Zustand 5.0.9 - New unstable_ssrSafe middleware for usage with Next.js
🎥 Web Dev Simplified - Stop Writing React conditional code like this (use Activity)
🎥 Ankita Kulkarni - Cache directives - This Next.js Pattern Critical For Every Developer
🎙️ This Month in React 2025-11: Cloudflare outage, ongoing npm hacks, React Router is getting RSCs

Ne manque pas le prochain email !

I'm constantly finding interesting things to learn in there.

Dominik DorfmeisterWeb Developer - React-Query maintainer

💸 Sponsor

Let AI fix your mistakes. It already generated the diff

Seer, Sentry’s AI debugger, finds what broke, tells you why, and figures out the fix. Now it can hand that root cause (with full issue context) to your Cursor agent to draft the PR automatically.

Here’s how it works and how to set it up.

📱 React-Native

RNRepo - Faster React Native Builds Through Prebuilt Artifacts

Software Mansion just unveiled RNRepo, a new infrastructure project aiming to speed up our React Native builds.

The idea is to prebuild popular native libraries against multiple React Native versions ahead of time, and host the artifacts on a Maven repository. Then, you can configure your build to download the prebuilt artifacts instead of building them locally, saving time and disk space. This should complete nicely the speed improvements we get with React Native core prebuilds and the Expo Build Cache providers.

For now, RNRepo is in beta. It only supports Android and 40 popular libraries, but iOS support is coming, and the community can request support for additional libraries.