Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

All notable changes to this package will be documented in this file.

## [Unreleased]
## [19.2.1-rc.0] - 2026-07-05

### Added
- Added RSC server resource hint helpers for preloading assets, styles, scripts, fonts, and images, plus preconnect and DNS-prefetch support for already-resolved production asset URLs. The default `react-on-rails-rsc/server` fallback keeps failing fast at import time without the `react-server` condition while still publishing the expanded type surface. ([#143])
Expand Down Expand Up @@ -65,7 +65,7 @@ All notable changes to this package will be documented in this file.
### Security
- Updated the vendored `react-server-dom-webpack` runtime from React 19.0.3 to the React 19.0.7 security level, applying the React 19.0.4 fixes for CVE-2025-55183, CVE-2025-55184, and CVE-2025-67779 plus the React 19.0.7 reply-decoding denial-of-service fixes for CVE-2026-23869 (GHSA-479c-33wc-g2pg) and CVE-2026-23870 (GHSA-rv78-f8rc-xrxh). Note: the upstream CVE-2026-23869 fix changes the reply wire format for nested `FormData`, so client and server must both run the patched runtime shipped by this package. ([#48]) ([#86])

[Unreleased]: https://github.com/shakacode/react_on_rails_rsc/compare/19.2.0...HEAD
[19.2.1-rc.0]: https://github.com/shakacode/react_on_rails_rsc/compare/19.2.0...19.2.1-rc.0
[19.2.0]: https://github.com/shakacode/react_on_rails_rsc/compare/19.0.5...19.2.0
[19.0.5]: https://github.com/shakacode/react_on_rails_rsc/compare/19.0.4...19.0.5

Expand Down
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "react-on-rails-rsc",
"version": "19.2.0",
"version": "19.2.1-rc.0",
"description": "React Server Components support for react_on_rails Ruby gem",
"exports": {
"./client": {
Expand Down
8 changes: 4 additions & 4 deletions tests/package-runtime-policy.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -30,15 +30,15 @@ const collectExportTargets = (value: unknown): string[] => {
};

describe('19.2 runtime release policy', () => {
Comment thread
justin808 marked this conversation as resolved.
it('stamps the package and changelog for the 19.2.0 release line', () => {
it('stamps the package and changelog for the 19.2.1 release line', () => {
const pkg = readJson<PackageJson>('package.json');
const changelog = fs.readFileSync(path.join(repoRoot, 'CHANGELOG.md'), 'utf8');

// Derive the expected version from package.json so a version bump doesn't
// require editing this test (a hard-coded version here previously blocked
// the rc.3 release). Still pins the 19.2.0 release line and requires the
// require editing this test between RC and final stamps. Still pins the
// current package release line and requires the
// CHANGELOG's top entry to match the package version exactly.
expect(pkg.version).toMatch(/^19\.2\.0(?:-rc\.\d+)?$/);
expect(pkg.version).toMatch(/^19\.2\.1(?:-rc\.\d+)?$/);
const topChangelogVersion = changelog.match(/^## \[([^\]]+)\] - \d{4}-\d{2}-\d{2}$/m)?.[1];
expect(topChangelogVersion).toBe(pkg.version);
});
Expand Down