Patch FlightReplyServer with fixes from ReactFlightClient #35277

sebmarkbage · 2025-12-03T15:38:25Z

FlightReplyServer are for client->server and ReactFlightClient is for server->client. They're not 100% symmetrical.

We did a number of refactors to ReactFlightClient in PRs like #29823 and #33664 to change the structure of the resolution. This PR brings those changes to synchronize the two approaches. Which addresses deep resolution of cycles and deferred error handling.

This also fixes a critical security vulnerability.

FlightReplyServer are for client->server and ReactFlightClient is for server->client. They're not 100% symmetrical. We did a number of refactors to ReactFlightClient in PRs like facebook#29823 and facebook#33664 to change the structure of the resolution. This PR brings those changes to synchronize the two approaches. Which addresses deep resolution of cycles and deferred error handling. This also fixes a critical security vulnerability.

react-sizebot · 2025-12-03T15:41:34Z

Comparing: 36df5e8...e2fd5dc

Critical size changes

Includes critical production bundles, as well as any change greater than 2%:

Name	+/-	Base	Current	+/- gzip	Base gzip	Current gzip
oss-stable/react-dom/cjs/react-dom.production.js	=	6.84 kB	6.84 kB	=	1.88 kB	1.88 kB
oss-stable/react-dom/cjs/react-dom-client.production.js	=	608.36 kB	608.36 kB	=	107.68 kB	107.68 kB
oss-experimental/react-dom/cjs/react-dom.production.js	=	6.84 kB	6.84 kB	=	1.88 kB	1.88 kB
oss-experimental/react-dom/cjs/react-dom-client.production.js	=	667.47 kB	667.47 kB	=	117.57 kB	117.57 kB
facebook-www/ReactDOM-prod.classic.js	=	693.67 kB	693.67 kB	=	122.06 kB	122.06 kB
facebook-www/ReactDOM-prod.modern.js	=	684.10 kB	684.10 kB	=	120.45 kB	120.45 kB
oss-stable-semver/react-server-dom-parcel/cjs/react-server-dom-parcel-server.browser.production.js	+8.76%	94.85 kB	103.16 kB	+7.05%	19.44 kB	20.81 kB
oss-stable/react-server-dom-parcel/cjs/react-server-dom-parcel-server.browser.production.js	+8.76%	94.85 kB	103.16 kB	+7.05%	19.44 kB	20.81 kB
oss-stable-semver/react-server-dom-esm/cjs/react-server-dom-esm-server.node.production.js	+8.72%	98.46 kB	107.04 kB	+6.91%	20.20 kB	21.59 kB
oss-stable/react-server-dom-esm/cjs/react-server-dom-esm-server.node.production.js	+8.72%	98.46 kB	107.04 kB	+6.91%	20.20 kB	21.59 kB
oss-stable-semver/react-server-dom-parcel/cjs/react-server-dom-parcel-server.edge.production.js	+8.68%	95.99 kB	104.32 kB	+6.96%	19.70 kB	21.07 kB
oss-stable/react-server-dom-parcel/cjs/react-server-dom-parcel-server.edge.production.js	+8.68%	95.99 kB	104.32 kB	+6.96%	19.70 kB	21.07 kB
oss-experimental/react-server-dom-parcel/cjs/react-server-dom-parcel-server.browser.production.js	+8.60%	96.70 kB	105.01 kB	+6.90%	19.81 kB	21.18 kB
oss-experimental/react-server-dom-esm/cjs/react-server-dom-esm-server.node.production.js	+8.56%	100.31 kB	108.90 kB	+6.80%	20.57 kB	21.97 kB
oss-experimental/react-server-dom-parcel/cjs/react-server-dom-parcel-server.edge.production.js	+8.52%	97.84 kB	106.17 kB	+6.80%	20.10 kB	21.46 kB
oss-stable-semver/react-server-dom-parcel/cjs/react-server-dom-parcel-server.node.production.js	+8.48%	102.29 kB	110.97 kB	+6.92%	20.73 kB	22.16 kB
oss-stable/react-server-dom-parcel/cjs/react-server-dom-parcel-server.node.production.js	+8.48%	102.29 kB	110.97 kB	+6.92%	20.73 kB	22.16 kB
oss-experimental/react-server-dom-parcel/cjs/react-server-dom-parcel-server.node.production.js	+8.33%	104.15 kB	112.82 kB	+6.78%	21.09 kB	22.52 kB
oss-stable-semver/react-server-dom-turbopack/cjs/react-server-dom-turbopack-server.browser.production.js	+8.11%	101.91 kB	110.18 kB	+6.52%	20.57 kB	21.91 kB
oss-stable/react-server-dom-turbopack/cjs/react-server-dom-turbopack-server.browser.production.js	+8.11%	101.91 kB	110.18 kB	+6.52%	20.57 kB	21.91 kB
oss-stable-semver/react-server-dom-webpack/cjs/react-server-dom-webpack-server.browser.production.js	+8.08%	102.26 kB	110.53 kB	+6.43%	20.67 kB	22.00 kB
oss-stable/react-server-dom-webpack/cjs/react-server-dom-webpack-server.browser.production.js	+8.08%	102.26 kB	110.53 kB	+6.43%	20.67 kB	22.00 kB
oss-stable-semver/react-server-dom-webpack/cjs/react-server-dom-webpack-server.edge.production.js	+8.04%	103.07 kB	111.35 kB	+6.42%	20.87 kB	22.21 kB
oss-stable/react-server-dom-webpack/cjs/react-server-dom-webpack-server.edge.production.js	+8.04%	103.07 kB	111.35 kB	+6.42%	20.87 kB	22.21 kB
oss-stable-semver/react-server-dom-turbopack/cjs/react-server-dom-turbopack-server.edge.production.js	+8.04%	103.07 kB	111.36 kB	+6.41%	20.87 kB	22.21 kB
oss-stable/react-server-dom-turbopack/cjs/react-server-dom-turbopack-server.edge.production.js	+8.04%	103.07 kB	111.36 kB	+6.41%	20.87 kB	22.21 kB
oss-stable-semver/react-server-dom-webpack/cjs/react-server-dom-webpack-server.node.unbundled.production.js	+7.98%	108.37 kB	117.01 kB	+6.47%	21.67 kB	23.07 kB
oss-stable/react-server-dom-webpack/cjs/react-server-dom-webpack-server.node.unbundled.production.js	+7.98%	108.37 kB	117.01 kB	+6.47%	21.67 kB	23.07 kB
oss-experimental/react-server-dom-turbopack/cjs/react-server-dom-turbopack-server.browser.production.js	+7.97%	103.76 kB	112.03 kB	+6.13%	21.01 kB	22.30 kB
oss-experimental/react-server-dom-webpack/cjs/react-server-dom-webpack-server.browser.production.js	+7.94%	104.12 kB	112.38 kB	+6.11%	21.11 kB	22.40 kB
oss-experimental/react-server-dom-webpack/cjs/react-server-dom-webpack-server.edge.production.js	+7.90%	104.92 kB	113.21 kB	+6.01%	21.31 kB	22.59 kB
oss-experimental/react-server-dom-turbopack/cjs/react-server-dom-turbopack-server.edge.production.js	+7.90%	104.92 kB	113.21 kB	+6.00%	21.31 kB	22.59 kB
oss-stable-semver/react-server-dom-webpack/cjs/react-server-dom-webpack-server.node.production.js	+7.89%	109.42 kB	118.05 kB	+6.29%	21.92 kB	23.30 kB
oss-stable/react-server-dom-webpack/cjs/react-server-dom-webpack-server.node.production.js	+7.89%	109.42 kB	118.05 kB	+6.29%	21.92 kB	23.30 kB
oss-stable-semver/react-server-dom-turbopack/cjs/react-server-dom-turbopack-server.node.production.js	+7.89%	109.44 kB	118.07 kB	+6.27%	21.92 kB	23.30 kB
oss-stable/react-server-dom-turbopack/cjs/react-server-dom-turbopack-server.node.production.js	+7.89%	109.44 kB	118.07 kB	+6.27%	21.92 kB	23.30 kB
oss-experimental/react-server-dom-webpack/cjs/react-server-dom-webpack-server.node.unbundled.production.js	+7.84%	110.22 kB	118.87 kB	+6.35%	22.05 kB	23.45 kB
oss-experimental/react-server-dom-webpack/cjs/react-server-dom-webpack-server.node.production.js	+7.76%	111.27 kB	119.91 kB	+5.97%	22.34 kB	23.68 kB
oss-experimental/react-server-dom-turbopack/cjs/react-server-dom-turbopack-server.node.production.js	+7.76%	111.29 kB	119.92 kB	+5.95%	22.35 kB	23.68 kB
oss-stable-semver/react-server-dom-parcel/cjs/react-server-dom-parcel-server.browser.development.js	+4.93%	187.27 kB	196.50 kB	+4.18%	34.00 kB	35.42 kB
oss-stable/react-server-dom-parcel/cjs/react-server-dom-parcel-server.browser.development.js	+4.93%	187.27 kB	196.50 kB	+4.18%	34.00 kB	35.42 kB
oss-experimental/react-server-dom-parcel/cjs/react-server-dom-parcel-server.browser.development.js	+4.87%	189.37 kB	198.60 kB	+4.05%	34.46 kB	35.85 kB
oss-stable-semver/react-server-dom-parcel/cjs/react-server-dom-parcel-server.edge.development.js	+4.85%	190.94 kB	200.19 kB	+4.10%	34.50 kB	35.92 kB
oss-stable/react-server-dom-parcel/cjs/react-server-dom-parcel-server.edge.development.js	+4.85%	190.94 kB	200.19 kB	+4.10%	34.50 kB	35.92 kB
oss-experimental/react-server-dom-parcel/cjs/react-server-dom-parcel-server.edge.development.js	+4.79%	193.03 kB	202.28 kB	+3.97%	34.96 kB	36.35 kB
oss-stable-semver/react-server-dom-turbopack/cjs/react-server-dom-turbopack-server.browser.development.js	+4.70%	195.12 kB	204.28 kB	+3.84%	35.38 kB	36.74 kB
oss-stable/react-server-dom-turbopack/cjs/react-server-dom-turbopack-server.browser.development.js	+4.70%	195.12 kB	204.28 kB	+3.84%	35.38 kB	36.74 kB
oss-stable-semver/react-server-dom-webpack/cjs/react-server-dom-webpack-server.browser.development.js	+4.69%	195.59 kB	204.76 kB	+3.86%	35.48 kB	36.85 kB
oss-stable/react-server-dom-webpack/cjs/react-server-dom-webpack-server.browser.development.js	+4.69%	195.59 kB	204.76 kB	+3.86%	35.48 kB	36.85 kB
oss-experimental/react-server-dom-turbopack/cjs/react-server-dom-turbopack-server.browser.development.js	+4.65%	197.22 kB	206.39 kB	+3.78%	35.81 kB	37.17 kB
oss-experimental/react-server-dom-webpack/cjs/react-server-dom-webpack-server.browser.development.js	+4.64%	197.69 kB	206.86 kB	+3.82%	35.91 kB	37.28 kB
oss-stable-semver/react-server-dom-webpack/cjs/react-server-dom-webpack-server.edge.development.js	+4.62%	198.82 kB	208.01 kB	+3.81%	35.87 kB	37.23 kB
oss-stable/react-server-dom-webpack/cjs/react-server-dom-webpack-server.edge.development.js	+4.62%	198.82 kB	208.01 kB	+3.81%	35.87 kB	37.23 kB
oss-stable-semver/react-server-dom-turbopack/cjs/react-server-dom-turbopack-server.edge.development.js	+4.62%	198.82 kB	208.01 kB	+3.79%	35.87 kB	37.23 kB
oss-stable/react-server-dom-turbopack/cjs/react-server-dom-turbopack-server.edge.development.js	+4.62%	198.82 kB	208.01 kB	+3.79%	35.87 kB	37.23 kB
oss-experimental/react-server-dom-webpack/cjs/react-server-dom-webpack-server.edge.development.js	+4.57%	200.91 kB	210.10 kB	+3.77%	36.30 kB	37.67 kB
oss-experimental/react-server-dom-turbopack/cjs/react-server-dom-turbopack-server.edge.development.js	+4.57%	200.91 kB	210.10 kB	+3.76%	36.30 kB	37.67 kB
oss-stable-semver/react-server-dom-esm/cjs/react-server-dom-esm-server.node.development.js	+4.45%	213.53 kB	223.03 kB	+3.57%	38.89 kB	40.28 kB
oss-stable/react-server-dom-esm/cjs/react-server-dom-esm-server.node.development.js	+4.45%	213.53 kB	223.03 kB	+3.57%	38.89 kB	40.28 kB
oss-experimental/react-server-dom-esm/cjs/react-server-dom-esm-server.node.development.js	+4.41%	215.62 kB	225.12 kB	+3.51%	39.35 kB	40.73 kB
oss-stable-semver/react-server-dom-parcel/cjs/react-server-dom-parcel-server.node.development.js	+4.37%	219.95 kB	229.55 kB	+3.30%	39.56 kB	40.87 kB
oss-stable/react-server-dom-parcel/cjs/react-server-dom-parcel-server.node.development.js	+4.37%	219.95 kB	229.55 kB	+3.30%	39.56 kB	40.87 kB
oss-experimental/react-server-dom-parcel/cjs/react-server-dom-parcel-server.node.development.js	+4.33%	222.04 kB	231.64 kB	+3.27%	40.02 kB	41.33 kB
oss-stable-semver/react-server-dom-webpack/cjs/react-server-dom-webpack-server.node.unbundled.development.js	+4.22%	226.66 kB	236.22 kB	+3.15%	40.64 kB	41.92 kB
oss-stable/react-server-dom-webpack/cjs/react-server-dom-webpack-server.node.unbundled.development.js	+4.22%	226.66 kB	236.22 kB	+3.15%	40.64 kB	41.92 kB
oss-stable-semver/react-server-dom-webpack/cjs/react-server-dom-webpack-server.node.development.js	+4.19%	227.87 kB	237.41 kB	+3.12%	40.94 kB	42.22 kB
oss-stable/react-server-dom-webpack/cjs/react-server-dom-webpack-server.node.development.js	+4.19%	227.87 kB	237.41 kB	+3.12%	40.94 kB	42.22 kB
oss-stable-semver/react-server-dom-turbopack/cjs/react-server-dom-turbopack-server.node.development.js	+4.19%	227.92 kB	237.46 kB	+3.10%	40.94 kB	42.20 kB
oss-stable/react-server-dom-turbopack/cjs/react-server-dom-turbopack-server.node.development.js	+4.19%	227.92 kB	237.46 kB	+3.10%	40.94 kB	42.20 kB
oss-experimental/react-server-dom-webpack/cjs/react-server-dom-webpack-server.node.unbundled.development.js	+4.18%	228.75 kB	238.31 kB	+3.11%	41.10 kB	42.38 kB
oss-experimental/react-server-dom-webpack/cjs/react-server-dom-webpack-server.node.development.js	+4.15%	229.96 kB	239.50 kB	+3.09%	41.40 kB	42.67 kB
oss-experimental/react-server-dom-turbopack/cjs/react-server-dom-turbopack-server.node.development.js	+4.15%	230.01 kB	239.55 kB	+3.07%	41.39 kB	42.66 kB

Significant size changes

Includes any change greater than 0.2%:

Expand to show

Name	+/-	Base	Current	+/- gzip	Base gzip	Current gzip
oss-stable-semver/react-server-dom-parcel/cjs/react-server-dom-parcel-server.browser.production.js	+8.76%	94.85 kB	103.16 kB	+7.05%	19.44 kB	20.81 kB
oss-stable/react-server-dom-parcel/cjs/react-server-dom-parcel-server.browser.production.js	+8.76%	94.85 kB	103.16 kB	+7.05%	19.44 kB	20.81 kB
oss-stable-semver/react-server-dom-esm/cjs/react-server-dom-esm-server.node.production.js	+8.72%	98.46 kB	107.04 kB	+6.91%	20.20 kB	21.59 kB
oss-stable/react-server-dom-esm/cjs/react-server-dom-esm-server.node.production.js	+8.72%	98.46 kB	107.04 kB	+6.91%	20.20 kB	21.59 kB
oss-stable-semver/react-server-dom-parcel/cjs/react-server-dom-parcel-server.edge.production.js	+8.68%	95.99 kB	104.32 kB	+6.96%	19.70 kB	21.07 kB
oss-stable/react-server-dom-parcel/cjs/react-server-dom-parcel-server.edge.production.js	+8.68%	95.99 kB	104.32 kB	+6.96%	19.70 kB	21.07 kB
oss-experimental/react-server-dom-parcel/cjs/react-server-dom-parcel-server.browser.production.js	+8.60%	96.70 kB	105.01 kB	+6.90%	19.81 kB	21.18 kB
oss-experimental/react-server-dom-esm/cjs/react-server-dom-esm-server.node.production.js	+8.56%	100.31 kB	108.90 kB	+6.80%	20.57 kB	21.97 kB
oss-experimental/react-server-dom-parcel/cjs/react-server-dom-parcel-server.edge.production.js	+8.52%	97.84 kB	106.17 kB	+6.80%	20.10 kB	21.46 kB
oss-stable-semver/react-server-dom-parcel/cjs/react-server-dom-parcel-server.node.production.js	+8.48%	102.29 kB	110.97 kB	+6.92%	20.73 kB	22.16 kB
oss-stable/react-server-dom-parcel/cjs/react-server-dom-parcel-server.node.production.js	+8.48%	102.29 kB	110.97 kB	+6.92%	20.73 kB	22.16 kB
oss-experimental/react-server-dom-parcel/cjs/react-server-dom-parcel-server.node.production.js	+8.33%	104.15 kB	112.82 kB	+6.78%	21.09 kB	22.52 kB
oss-stable-semver/react-server-dom-turbopack/cjs/react-server-dom-turbopack-server.browser.production.js	+8.11%	101.91 kB	110.18 kB	+6.52%	20.57 kB	21.91 kB
oss-stable/react-server-dom-turbopack/cjs/react-server-dom-turbopack-server.browser.production.js	+8.11%	101.91 kB	110.18 kB	+6.52%	20.57 kB	21.91 kB
oss-stable-semver/react-server-dom-webpack/cjs/react-server-dom-webpack-server.browser.production.js	+8.08%	102.26 kB	110.53 kB	+6.43%	20.67 kB	22.00 kB
oss-stable/react-server-dom-webpack/cjs/react-server-dom-webpack-server.browser.production.js	+8.08%	102.26 kB	110.53 kB	+6.43%	20.67 kB	22.00 kB
oss-stable-semver/react-server-dom-webpack/cjs/react-server-dom-webpack-server.edge.production.js	+8.04%	103.07 kB	111.35 kB	+6.42%	20.87 kB	22.21 kB
oss-stable/react-server-dom-webpack/cjs/react-server-dom-webpack-server.edge.production.js	+8.04%	103.07 kB	111.35 kB	+6.42%	20.87 kB	22.21 kB
oss-stable-semver/react-server-dom-turbopack/cjs/react-server-dom-turbopack-server.edge.production.js	+8.04%	103.07 kB	111.36 kB	+6.41%	20.87 kB	22.21 kB
oss-stable/react-server-dom-turbopack/cjs/react-server-dom-turbopack-server.edge.production.js	+8.04%	103.07 kB	111.36 kB	+6.41%	20.87 kB	22.21 kB
oss-stable-semver/react-server-dom-webpack/cjs/react-server-dom-webpack-server.node.unbundled.production.js	+7.98%	108.37 kB	117.01 kB	+6.47%	21.67 kB	23.07 kB
oss-stable/react-server-dom-webpack/cjs/react-server-dom-webpack-server.node.unbundled.production.js	+7.98%	108.37 kB	117.01 kB	+6.47%	21.67 kB	23.07 kB
oss-experimental/react-server-dom-turbopack/cjs/react-server-dom-turbopack-server.browser.production.js	+7.97%	103.76 kB	112.03 kB	+6.13%	21.01 kB	22.30 kB
oss-experimental/react-server-dom-webpack/cjs/react-server-dom-webpack-server.browser.production.js	+7.94%	104.12 kB	112.38 kB	+6.11%	21.11 kB	22.40 kB
oss-experimental/react-server-dom-webpack/cjs/react-server-dom-webpack-server.edge.production.js	+7.90%	104.92 kB	113.21 kB	+6.01%	21.31 kB	22.59 kB
oss-experimental/react-server-dom-turbopack/cjs/react-server-dom-turbopack-server.edge.production.js	+7.90%	104.92 kB	113.21 kB	+6.00%	21.31 kB	22.59 kB
oss-stable-semver/react-server-dom-webpack/cjs/react-server-dom-webpack-server.node.production.js	+7.89%	109.42 kB	118.05 kB	+6.29%	21.92 kB	23.30 kB
oss-stable/react-server-dom-webpack/cjs/react-server-dom-webpack-server.node.production.js	+7.89%	109.42 kB	118.05 kB	+6.29%	21.92 kB	23.30 kB
oss-stable-semver/react-server-dom-turbopack/cjs/react-server-dom-turbopack-server.node.production.js	+7.89%	109.44 kB	118.07 kB	+6.27%	21.92 kB	23.30 kB
oss-stable/react-server-dom-turbopack/cjs/react-server-dom-turbopack-server.node.production.js	+7.89%	109.44 kB	118.07 kB	+6.27%	21.92 kB	23.30 kB
oss-experimental/react-server-dom-webpack/cjs/react-server-dom-webpack-server.node.unbundled.production.js	+7.84%	110.22 kB	118.87 kB	+6.35%	22.05 kB	23.45 kB
oss-experimental/react-server-dom-webpack/cjs/react-server-dom-webpack-server.node.production.js	+7.76%	111.27 kB	119.91 kB	+5.97%	22.34 kB	23.68 kB
oss-experimental/react-server-dom-turbopack/cjs/react-server-dom-turbopack-server.node.production.js	+7.76%	111.29 kB	119.92 kB	+5.95%	22.35 kB	23.68 kB
oss-stable-semver/react-server-dom-parcel/cjs/react-server-dom-parcel-server.browser.development.js	+4.93%	187.27 kB	196.50 kB	+4.18%	34.00 kB	35.42 kB
oss-stable/react-server-dom-parcel/cjs/react-server-dom-parcel-server.browser.development.js	+4.93%	187.27 kB	196.50 kB	+4.18%	34.00 kB	35.42 kB
oss-experimental/react-server-dom-parcel/cjs/react-server-dom-parcel-server.browser.development.js	+4.87%	189.37 kB	198.60 kB	+4.05%	34.46 kB	35.85 kB
oss-stable-semver/react-server-dom-parcel/cjs/react-server-dom-parcel-server.edge.development.js	+4.85%	190.94 kB	200.19 kB	+4.10%	34.50 kB	35.92 kB
oss-stable/react-server-dom-parcel/cjs/react-server-dom-parcel-server.edge.development.js	+4.85%	190.94 kB	200.19 kB	+4.10%	34.50 kB	35.92 kB
oss-experimental/react-server-dom-parcel/cjs/react-server-dom-parcel-server.edge.development.js	+4.79%	193.03 kB	202.28 kB	+3.97%	34.96 kB	36.35 kB
oss-stable-semver/react-server-dom-turbopack/cjs/react-server-dom-turbopack-server.browser.development.js	+4.70%	195.12 kB	204.28 kB	+3.84%	35.38 kB	36.74 kB
oss-stable/react-server-dom-turbopack/cjs/react-server-dom-turbopack-server.browser.development.js	+4.70%	195.12 kB	204.28 kB	+3.84%	35.38 kB	36.74 kB
oss-stable-semver/react-server-dom-webpack/cjs/react-server-dom-webpack-server.browser.development.js	+4.69%	195.59 kB	204.76 kB	+3.86%	35.48 kB	36.85 kB
oss-stable/react-server-dom-webpack/cjs/react-server-dom-webpack-server.browser.development.js	+4.69%	195.59 kB	204.76 kB	+3.86%	35.48 kB	36.85 kB
oss-experimental/react-server-dom-turbopack/cjs/react-server-dom-turbopack-server.browser.development.js	+4.65%	197.22 kB	206.39 kB	+3.78%	35.81 kB	37.17 kB
oss-experimental/react-server-dom-webpack/cjs/react-server-dom-webpack-server.browser.development.js	+4.64%	197.69 kB	206.86 kB	+3.82%	35.91 kB	37.28 kB
oss-stable-semver/react-server-dom-webpack/cjs/react-server-dom-webpack-server.edge.development.js	+4.62%	198.82 kB	208.01 kB	+3.81%	35.87 kB	37.23 kB
oss-stable/react-server-dom-webpack/cjs/react-server-dom-webpack-server.edge.development.js	+4.62%	198.82 kB	208.01 kB	+3.81%	35.87 kB	37.23 kB
oss-stable-semver/react-server-dom-turbopack/cjs/react-server-dom-turbopack-server.edge.development.js	+4.62%	198.82 kB	208.01 kB	+3.79%	35.87 kB	37.23 kB
oss-stable/react-server-dom-turbopack/cjs/react-server-dom-turbopack-server.edge.development.js	+4.62%	198.82 kB	208.01 kB	+3.79%	35.87 kB	37.23 kB
oss-experimental/react-server-dom-webpack/cjs/react-server-dom-webpack-server.edge.development.js	+4.57%	200.91 kB	210.10 kB	+3.77%	36.30 kB	37.67 kB
oss-experimental/react-server-dom-turbopack/cjs/react-server-dom-turbopack-server.edge.development.js	+4.57%	200.91 kB	210.10 kB	+3.76%	36.30 kB	37.67 kB
oss-stable-semver/react-server-dom-esm/cjs/react-server-dom-esm-server.node.development.js	+4.45%	213.53 kB	223.03 kB	+3.57%	38.89 kB	40.28 kB
oss-stable/react-server-dom-esm/cjs/react-server-dom-esm-server.node.development.js	+4.45%	213.53 kB	223.03 kB	+3.57%	38.89 kB	40.28 kB
oss-experimental/react-server-dom-esm/cjs/react-server-dom-esm-server.node.development.js	+4.41%	215.62 kB	225.12 kB	+3.51%	39.35 kB	40.73 kB
oss-stable-semver/react-server-dom-parcel/cjs/react-server-dom-parcel-server.node.development.js	+4.37%	219.95 kB	229.55 kB	+3.30%	39.56 kB	40.87 kB
oss-stable/react-server-dom-parcel/cjs/react-server-dom-parcel-server.node.development.js	+4.37%	219.95 kB	229.55 kB	+3.30%	39.56 kB	40.87 kB
oss-experimental/react-server-dom-parcel/cjs/react-server-dom-parcel-server.node.development.js	+4.33%	222.04 kB	231.64 kB	+3.27%	40.02 kB	41.33 kB
oss-stable-semver/react-server-dom-webpack/cjs/react-server-dom-webpack-server.node.unbundled.development.js	+4.22%	226.66 kB	236.22 kB	+3.15%	40.64 kB	41.92 kB
oss-stable/react-server-dom-webpack/cjs/react-server-dom-webpack-server.node.unbundled.development.js	+4.22%	226.66 kB	236.22 kB	+3.15%	40.64 kB	41.92 kB
oss-stable-semver/react-server-dom-webpack/cjs/react-server-dom-webpack-server.node.development.js	+4.19%	227.87 kB	237.41 kB	+3.12%	40.94 kB	42.22 kB
oss-stable/react-server-dom-webpack/cjs/react-server-dom-webpack-server.node.development.js	+4.19%	227.87 kB	237.41 kB	+3.12%	40.94 kB	42.22 kB
oss-stable-semver/react-server-dom-turbopack/cjs/react-server-dom-turbopack-server.node.development.js	+4.19%	227.92 kB	237.46 kB	+3.10%	40.94 kB	42.20 kB
oss-stable/react-server-dom-turbopack/cjs/react-server-dom-turbopack-server.node.development.js	+4.19%	227.92 kB	237.46 kB	+3.10%	40.94 kB	42.20 kB
oss-experimental/react-server-dom-webpack/cjs/react-server-dom-webpack-server.node.unbundled.development.js	+4.18%	228.75 kB	238.31 kB	+3.11%	41.10 kB	42.38 kB
oss-experimental/react-server-dom-webpack/cjs/react-server-dom-webpack-server.node.development.js	+4.15%	229.96 kB	239.50 kB	+3.09%	41.40 kB	42.67 kB
oss-experimental/react-server-dom-turbopack/cjs/react-server-dom-turbopack-server.node.development.js	+4.15%	230.01 kB	239.55 kB	+3.07%	41.39 kB	42.66 kB
oss-experimental/react-server-dom-parcel/cjs/react-server-dom-parcel-client.browser.production.js	+0.29%	58.58 kB	58.75 kB	+0.47%	11.50 kB	11.55 kB
oss-stable-semver/react-server-dom-parcel/cjs/react-server-dom-parcel-client.browser.production.js	+0.29%	58.58 kB	58.75 kB	+0.47%	11.50 kB	11.55 kB
oss-stable/react-server-dom-parcel/cjs/react-server-dom-parcel-client.browser.production.js	+0.29%	58.58 kB	58.75 kB	+0.47%	11.50 kB	11.55 kB
oss-experimental/react-server-dom-parcel/cjs/react-server-dom-parcel-client.edge.production.js	+0.26%	64.11 kB	64.28 kB	+0.42%	12.71 kB	12.76 kB
oss-stable-semver/react-server-dom-parcel/cjs/react-server-dom-parcel-client.edge.production.js	+0.26%	64.11 kB	64.28 kB	+0.42%	12.71 kB	12.76 kB
oss-stable/react-server-dom-parcel/cjs/react-server-dom-parcel-client.edge.production.js	+0.26%	64.11 kB	64.28 kB	+0.42%	12.71 kB	12.76 kB
oss-experimental/react-server-dom-parcel/cjs/react-server-dom-parcel-client.node.production.js	+0.25%	68.44 kB	68.61 kB	+0.37%	13.34 kB	13.39 kB
oss-stable-semver/react-server-dom-parcel/cjs/react-server-dom-parcel-client.node.production.js	+0.25%	68.44 kB	68.61 kB	+0.37%	13.34 kB	13.39 kB
oss-stable/react-server-dom-parcel/cjs/react-server-dom-parcel-client.node.production.js	+0.25%	68.44 kB	68.61 kB	+0.37%	13.34 kB	13.39 kB

Generated by 🚫 dangerJS against e2fd5dc

sebmarkbage · 2025-12-03T15:55:17Z

TL;DR: If you are using React Server Components you really must upgrade.

More information in Critical Security Vulnerability in React Server Components.

This vulnerability was disclosed as CVE-2025-55182 and is rated CVSS 10.0.

jschauma · 2025-12-03T16:08:54Z

We did a number of refactors ...
This also fixes a critical security vulnerability.

With this combined commit, people now have to go through a >1500 line patch to try to understand the security relevant changes.

Going forward, it would be preferable if code changes for a critical security vulnerability could be committed separately from other changes. :-)

sebmarkbage · 2025-12-03T16:26:01Z

Further details of the vulnerability will be provided after the rollout of the fix is complete.

This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [react](https://react.dev/) ([source](https://github.com/facebook/react/tree/HEAD/packages/react)) | [`19.2.0` -> `19.2.1`](https://renovatebot.com/diffs/npm/react/19.2.0/19.2.1) | ![age](https://developer.mend.io/api/mc/badges/age/npm/react/19.2.1?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/react/19.2.0/19.2.1?slim=true) | | [react-dom](https://react.dev/) ([source](https://github.com/facebook/react/tree/HEAD/packages/react-dom)) | [`19.2.0` -> `19.2.1`](https://renovatebot.com/diffs/npm/react-dom/19.2.0/19.2.1) | ![age](https://developer.mend.io/api/mc/badges/age/npm/react-dom/19.2.1?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/react-dom/19.2.0/19.2.1?slim=true) | --- ### Release Notes <details> <summary>facebook/react (react)</summary> ### [`v19.2.1`](https://github.com/facebook/react/blob/HEAD/CHANGELOG.md#1921-Dec-3-2025) [Compare Source](facebook/react@v19.2.0...v19.2.1) ##### React Server Components - Bring React Server Component fixes to Server Actions ([@sebmarkbage](https://github.com/sebmarkbage) [#35277](facebook/react#35277)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).  Reviewed-on: https://git.foxden.network/foxCaves/foxCaves/pulls/16 Co-authored-by: Renovate <renovate@foxden.network> Co-committed-by: Renovate <renovate@foxden.network>

justinrest · 2025-12-03T21:17:18Z

the meta

rickhanlonii · 2025-12-03T22:11:35Z

@szybnev that PoC is not valid, the server in that PoC is faked to respond.

sebmarkbage requested review from gnoff and unstubbable December 3, 2025 15:38

meta-cla bot added the CLA Signed label Dec 3, 2025

gnoff approved these changes Dec 3, 2025

View reviewed changes

github-actions bot added the React Core Team Opened by a member of the React Core Team label Dec 3, 2025

unstubbable approved these changes Dec 3, 2025

View reviewed changes

sebmarkbage merged commit 7dc903c into facebook:main Dec 3, 2025
238 of 243 checks passed

nextjs-bot mentioned this pull request Dec 3, 2025

Upgrade React from fd524fe0-20251121 to 7dc903cd-20251203 vercel/next.js#86771

Merged

chrisbbreuer mentioned this pull request Dec 3, 2025

chore(deps): update all non-major dependencies stacksjs/bun-plugin-markdown#12

Open

1 task

hi-ogawa mentioned this pull request Dec 3, 2025

Deserializing client reference in server environment broken since React 19.2.1 vitejs/vite-plugin-react#999

Closed

Copilot AI mentioned this pull request Dec 3, 2025

fix(rsc): fix deserializing client reference in server environment with React 19.2.1+ vitejs/vite-plugin-react#1000

Merged

This comment was marked as outdated.

Sign in to view

AryanVBW mentioned this pull request Dec 3, 2025

[Security] CVE-2025-66478 Backport Contribution Guide & Tools vercel/next.js#86790

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Patch FlightReplyServer with fixes from ReactFlightClient #35277

Patch FlightReplyServer with fixes from ReactFlightClient #35277

sebmarkbage commented Dec 3, 2025

Uh oh!

Uh oh!

react-sizebot commented Dec 3, 2025

Uh oh!

sebmarkbage commented Dec 3, 2025

Uh oh!

jschauma commented Dec 3, 2025

Uh oh!

sebmarkbage commented Dec 3, 2025

Uh oh!

justinrest commented Dec 3, 2025

Uh oh!

This comment was marked as outdated.

rickhanlonii commented Dec 3, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

8 participants

Patch FlightReplyServer with fixes from ReactFlightClient #35277

Patch FlightReplyServer with fixes from ReactFlightClient #35277

Conversation

sebmarkbage commented Dec 3, 2025

Uh oh!

Uh oh!

react-sizebot commented Dec 3, 2025

Critical size changes

Significant size changes

Uh oh!

sebmarkbage commented Dec 3, 2025

Uh oh!

jschauma commented Dec 3, 2025

Uh oh!

sebmarkbage commented Dec 3, 2025

Uh oh!

justinrest commented Dec 3, 2025

Uh oh!

This comment was marked as outdated.

rickhanlonii commented Dec 3, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

8 participants