Skip to content

chore: prep for 2.0.3 release#552

Merged
ignaciosantise merged 24 commits intomainfrom
develop
Apr 10, 2026
Merged

chore: prep for 2.0.3 release#552
ignaciosantise merged 24 commits intomainfrom
develop

Conversation

@ignaciosantise
Copy link
Copy Markdown
Collaborator

@ignaciosantise ignaciosantise commented Apr 10, 2026

This pull request primarily addresses a workaround for Expo Router modal layering issues in React Native by introducing a new modalContentWrapper prop, and updates dependencies to improve compatibility and security.

Expo Router Modal Layering Workaround:

  • Added a modalContentWrapper prop to relevant AppKit React Native packages to address modal layering issues with Expo Router, as documented in the changeset and usage comments. [1] [2]

ignaciosantise and others added 24 commits February 23, 2026 12:07
@ignaciosantise @claude
Fix dependabot security vulnerabilities by upgrading dependencies
7c4c1b4 
Updated package versions and added resolutions/overrides for:
- tar: 7.5.6 → 7.5.8 (hardlink/symlink path traversal fixes)
- qs: 6.14.1 → 6.14.2 (arrayLimit DoS bypass)
- hono: 4.11.4 → 4.11.10 (XSS, cache deception, IP spoofing fixes)
- @playwright/test: 1.49.1 → 1.55.1 (SSL certificate verification)
- Added ajv 8.18.0, lodash 4.17.23, webpack 5.104.1, bn.js 5.2.3, minimatch 10.2.1

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
@ignaciosantise @claude
Fix qs version inconsistency in expo-multichain overrides
cb7a87b 
Align qs from 6.14.1 to 6.14.2 in expo-multichain overrides to match
root package.json and apply the DoS bypass security fix consistently.

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
@ignaciosantise @claude
Fix ajv resolution breaking lint, remove qs from expo-multichain
2f507bc 
- Use scoped resolution schema-utils/ajv instead of blanket ajv
  to avoid breaking @eslint/eslintrc which needs ajv v6
- Remove ajv override from expo-multichain (not applicable there)
- Remove qs override from expo-multichain (not a transitive dep)

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
@ignaciosantise @claude
Update expo-multichain lockfile after removing qs override
54ff4b9 
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
@ignaciosantise
Merge pull request #536 from reown-com/fix-dependabot-alerts
a348447 
Fix dependabot security vulnerabilities
@devin-ai-integration @bkrem
chore: remove explicit model override, rely on action default claude-…
e9f7e80 
…sonnet-4-6

Co-Authored-By: Ben Kremer <ben@reown.com>
@devin-ai-integration @bkrem
chore: update claude model to claude-sonnet-4-6 in auto-review workflow
cb507a8 
Co-Authored-By: Ben Kremer <ben@reown.com>
@ignaciosantise
Merge pull request #537 from reown-com/devin/1772024978-update-claude…
04d0538 
…-model-sonnet-4-6

chore: update claude model from sonnet-4-5 to sonnet-4-6 in auto-review workflow
@ignaciosantise @claude
chore: fix high dependabot alerts for node-forge and picomatch
7dc0a60 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@ignaciosantise @claude
chore: add picomatch override to expo-multichain example
817e09e 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@ignaciosantise @claude
fix: scope picomatch overrides in expo-multichain to avoid v3 downgrade
ef1f084 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@ignaciosantise
Merge pull request #545 from reown-com/fix-high-dependabot-alerts
1de64e9 
chore: fix high dependabot alerts for node-forge and picomatch
@ignaciosantise @claude
chore: fix 41 dependabot alerts with non-breaking version bumps
fb4b0e5 
Update resolutions/overrides for: h3, tar, undici, flatted,
socket.io-parser, hono, minimatch, yaml, storybook, brace-expansion,
and serialize-javascript across root and expo-multichain example.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@ignaciosantise
Merge pull request #546 from reown-com/fix-dep-alerts-batch2
a120dc3 
chore: fix 41 dependabot alerts with non-breaking bumps
@ignaciosantise
fix: support expo router modal wrappers
4af3f58
@ignaciosantise
chore: align release bumps for appkit adapters
4d9e9a5
@ignaciosantise
chore: bump all packages in changeset
e4a938d
@ignaciosantise
chore: bump claude auto review version
e90c597
@ignaciosantise
chore: removed model from params
24cb419
@ignaciosantise
Merge pull request #550 from reown-com/update-claude-review
bfd5507 
chore: bump claude auto review version
@ignaciosantise
fix: wrap modal content inside RN modal
f98c49f
@ignaciosantise
chore: code improvements
dbe5a80
@ignaciosantise
chore: minor changes
f6b43cc
@ignaciosantise
Merge pull request #549 from reown-com/fix/expo-router-modal-wrapper
17460e1 
fix: add content modal wrapper for expo router issues
@changeset-bot
Copy link
Copy Markdown

changeset-bot bot commented Apr 10, 2026

🦋 Changeset detected

Latest commit: 17460e1

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 9 packages
Name Type
@reown/appkit-bitcoin-react-native Patch
@reown/appkit-coinbase-react-native Patch
@reown/appkit-common-react-native Patch
@reown/appkit-core-react-native Patch
@reown/appkit-ethers-react-native Patch
@reown/appkit-react-native Patch
@reown/appkit-solana-react-native Patch
@reown/appkit-ui-react-native Patch
@reown/appkit-wagmi-react-native Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@claude
Copy link
Copy Markdown

claude bot commented Apr 10, 2026
edited
Loading

Claude finished @ignaciosantise's task in 52s —— View job

PR Review: chore: prep for 2.0.3 release

  • Gather context and read changed files
  • License compliance check — no issues
  • Breaking changes check — no breaking changes
  • Data classification check — no issues
  • Code quality analysis
Found 2 issue(s)

Issue 1: onDismiss declared in ModalProps but never forwarded to RNModal

ID: wui-modal-ondismiss-unforwarded-a3c1
File: packages/ui/src/components/wui-modal/index.tsx:13-20
Severity: MEDIUM
Category: code_quality

Context:

  • Pattern: ModalProps uses Pick<RNModalProps, 'visible' | 'onDismiss' | 'testID' | 'onRequestClose'>, exposing onDismiss as a supported prop, but the component destructures only visible, onBackdropPress, onRequestClose, testID, children, and contentWrapper. onDismiss is never destructured or passed to <RNModal>.
  • Risk: Callers who pass onDismiss to Modal (or to AppKitModal) will have it silently ignored at runtime, with no TypeScript error.
  • Impact: Missed modal dismiss callbacks, subtle lifecycle bugs in consuming apps.
  • Trigger: Any consumer that passes onDismiss expecting an iOS-style dismiss callback.

Recommendation: Either forward it or remove it from the Pick:

// Option A – forward it
export function Modal({
  visible,
  onDismiss,
  onBackdropPress,
  onRequestClose,
  testID,
  children,
  contentWrapper: ContentWrapper
}: ModalProps) {
  // ...
  return (
    <RNModal
      visible={modalVisible}
      transparent
      animationType="none"
      statusBarTranslucent
      onDismiss={onDismiss}   // ← add this
      onRequestClose={onRequestClose}
      testID={testID}
    >
// Option B – remove it from the type if it is intentionally unsupported
export type ModalProps = Pick<
  RNModalProps,
  'visible' | 'testID' | 'onRequestClose'   // remove 'onDismiss'
> & { ... };

Issue 2: Absolute wrapper View missing pointerEvents="box-none" in example

ID: layout-view-pointerevent-missing-7f2e
File: examples/expo-multichain/app/_layout.tsx:102-104
Severity: LOW
Category: code_quality

Context:

  • Pattern: A full-screen absolute View is placed over the app content as a host for <AppKit />. No pointerEvents prop is set (defaults to auto).
  • Risk: While RN's Modal itself is out-of-tree and won't block touches when hidden, this wrapper View with default pointerEvents="auto" technically intercepts hit-test traversal. Developers copying this pattern may observe subtle input issues depending on platform or RN version.
  • Impact: Potentially blocked touches on underlying content in certain scenarios; also sets a copy-paste template that could propagate to non-example code.
  • Trigger: Any interaction with content behind the absolute wrapper when the modal is closed.

Recommendation:

<View pointerEvents="box-none" style={{ position: 'absolute', height: '100%', width: '100%' }}>
  <AppKit />
</View>

Subagent checks:

  • ✅ License compliance — all new/updated deps use permissive licenses (MIT/ISC)
  • ✅ Breaking changes — all additions are optional/additive; existing consumers unaffected
  • ✅ Data classification — no hardcoded secrets or PII introduced

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud bot commented Apr 10, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@ignaciosantise ignaciosantise merged commit fd2ba7c into main Apr 10, 2026
21 checks passed
@github-actions github-actions bot locked and limited conversation to collaborators Apr 10, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ignaciosantise