React Native: Security Fixes and Developer Experience Polish

Transcript

Hey there, developers! Welcome back to another episode of the React Native podcast. I'm your host, and wow, do we have some great updates to dig into today - March 24th, 2026.

You know, sometimes the most important work happening in a codebase isn't the flashy new features, but the steady, thoughtful improvements that make our developer lives better and our apps more secure. And that's exactly what we're seeing today with 8 solid commits that show the React Native team really caring about the details.

Let's start with the security wins, because this is huge. Catherine Balajadia tackled not one, but two CVEs - that's CVE-2026-27903 and CVE-2026-27904. She upgraded the minimatch dependency from some older vulnerable versions to 3.1.4. Now, I know dependency upgrades don't sound sexy, but these were fixing some nasty inefficient algorithmic complexity issues. The kind of vulnerabilities that could really hurt performance in the wrong hands. This is the kind of behind-the-scenes work that keeps our apps safe, and I love seeing it prioritized.

Speaking of making things better for developers, Jakub Piasecki just gave us all a nice little gift. Remember waiting around for snapshot generation? Well, not anymore! The snapshot generator now runs in parallel instead of sequence. It's one of those changes where you're going to notice the difference immediately in your build times. Sometimes the best improvements are the ones that just make the boring stuff faster.

Now here's something that's going to make Android developers really happy. Radek Czemerys expanded our autofill game significantly. We're talking about bumping AndroidX autofill from 1.1.0 all the way to 1.3.0, but more importantly, we now have support for 11 additional autoComplete values. We're talking about modern stuff like 2FA app OTP, email OTP, WiFi passwords, UPI VPA for payments, flight numbers, gift card details, loyalty account numbers - the works! If you've been building forms on Android and felt limited by the autofill options, this is your moment to shine.

Tim Yung made a really thoughtful change to ExceptionsManager that's technically subtle but shows great attention to API design. The reportErrorsAsExceptions now defaults to true without setting global properties. It's cleaner, more obvious, and reduces the amount of non-idiomatic code we need to maintain. These kinds of refactors might seem small, but they add up to a much more maintainable codebase.

For those of you working with React Native Windows, Harini Malothu fixed something that was probably driving you crazy. Missing VIEW_EVENT_CASE entries for W3C pointer events meant that onClick, onPointerDown, onPointerUp, and capture events weren't being parsed properly when the C++ props iterator was enabled. Now they are, and your pointer events will work exactly as expected.

We also got some important flexbox fixes from Josh Hargreaves. There was an edge case where auto-sized parent containers weren't accounting for child min-width constraints in the canSkipFlex optimization path. If you've been scratching your head over some weird layout behaviors, this might be exactly what you needed.

And of course, we've got some housekeeping wins too. The gradle-plugin bundle is now cleaner thanks to Simek excluding test files from the distribution, and we got the changelog for v0.85.0-rc.6.

Today's Focus: If you're working on Android apps, definitely check out those new autofill options - your users are going to love the improved form experience. And if you've been dealing with any pointer event weirdness on Windows, make sure you're testing with these fixes. Security-wise, make sure your projects pick up that minimatch update.

The thing I love about today's commits is they show React Native isn't just about the big headline features. It's about caring for the ecosystem, fixing the details, and making sure every developer has the best possible experience. Keep building amazing things, and I'll catch you in the next episode!