Upgrade to React Native 0.83.2 with new architecture

[j0ntz]

CHANGELOG

Does this branch warrant an entry to the CHANGELOG?

• Yes
• No

Dependencies

none

Requirements

If you have made any visual changes to the GUI. Make sure you have:

• Tested on iOS device
• Tested on Android device
• Tested on small-screen device (iPod Touch)
• Tested on large-screen device (tablet)

Description

Asana: https://app.asana.com/0/1215088146871429/1215939017452147

Upgrade edge-react-gui to React Native 0.83.2 and enable the new architecture (Fabric/TurboModules). This brings the prior WIP work (the william/rn83 branch) current with develop, which had since migrated from yarn to npm and advanced several native crypto deps.

Changes:

• react 19.2.0, react-native 0.83.2, react-native-reanimated 4.2.1 (pinned so it stays compatible with the worklets 0.7.x line), react-native-worklets 0.7.x, react-native-bootsplash 7.x, expo 55.
• Keep develop's newer native deps: react-native-piratechain 0.6.0, react-native-zcash 0.12.1, react-native-zano 0.3.0.
• Native iOS: Expo new-architecture AppDelegate (ExpoAppDelegate + ExpoReactNativeFactory), Swift 6 access-level imports, and removal of the now-deleted bindReactNativeFactory call.
• Native Android: newArchEnabled, gradle/wrapper updates, Kotlin 2.3.20, ext.kspVersion set to the independently-versioned KSP2 line (Kotlin 2.3 has no release in the old <kotlin>-<ksp> scheme the expo gradle plugin looks up), jsMainModulePath = "index" so the new ExpoReactHostFactory loads the JS entry, and a patch for @react-native-community/datetimepicker (Kotlin 2.3 dropped synthetic-property access for getCurrentActivity()).
• Drop the obsolete r3-hack Reanimated-3 Android workaround in favor of Reanimated 4 under the new architecture.
• Remove the no-longer-needed react-native 0.79 patch. Add a react-native-reanimated type patch so its animated components type-check as valid JSX under React 19 (@types/react 19.2).
• Fix the fontSize: 0 crash on outline text inputs: clamp animated icon/text font sizes to a positive value (gui ThemedIcons/FilledTextInput and a patch for edge-login-ui-rn). The new architecture's Android text layout throws IllegalArgumentException: FontSize should be a positive value when an animated size reaches 0; iOS tolerates it. This is the crash the prior attempt flagged ("hidden behind the animated vector icons").

Testing:

• iOS: builds with Xcode 26.5 and runs on the simulator under the new architecture. Drove onboarding, the PIN screen, and the password login screen; the outline text input focuses and accepts text with its animated label.
• Android: ./gradlew :app:assembleDebug succeeds; runs on an Android 16 emulator under the new architecture. Reproduced the fontSize: 0 crash on the login screen, applied the clamp fix, and confirmed the login outline inputs now render and accept text without crashing. Screenshots below.
• tsc --noEmit clean; npm run lint clean; jest 511 tests pass.

Follow-ups:

• The edge-login-ui-rn font-size fix is shipped here as a patch-package patch against 3.36.0; it should also land upstream in edge-login-ui-rn and then be picked up via a version bump.

---

Note

High Risk
This is a full-stack native and runtime migration (new architecture, Expo 55, Gradle 9, major pod graph) that can surface build or runtime regressions across iOS and Android until broadly exercised.

Overview
Upgrades the app to React Native 0.83.2 with Fabric/TurboModules turned on (newArchEnabled, RCTNewArchEnabled), alongside Expo 55-style tooling (babel-preset-expo, Expo metro config, and the newer Expo Gradle/CocoaPods autolinking).

Android moves to the RN 0.83 bootstrap (loadReactNative, ExpoReactHostFactory with jsMainModulePath = "index"), compile/target SDK 36, Gradle 9, Kotlin 2.3.20 with an explicit KSP2 version, and drops the old Reanimated-3 r3-hack resolution path. iOS adopts ExpoAppDelegate / ExpoReactNativeFactory, refreshes native deps in Podfile.lock, and wires Expo’s configure-project build phase inputs/outputs.

JS/build simplifies Babel to Expo + react-native-worklets, removes Android-specific Reanimated routing from Metro, and adds a worklets Jest mock. The r3-hack / Flipper-era Android Babel branching is removed in favor of Reanimated 4 under the new architecture.

^{Reviewed by Cursor Bugbot for commit 1f9665c. Bugbot is set up for automated code reviews on this repo. Configure here.}

[j0ntz]

📸 Test evidence: RN 0.83.2 + new architecture on iOS sim

agent proof 1215939017452147 01 app runs under new arch

agent proof 1215939017452147 02 login outline text inputs

agent proof 1215939017452147 03 text input focused no fontsize crash

Captured by the agent's in-app test run (build-and-test).

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​types/​react-test-renderer@​19.1.0
	@​react-native/​metro-config@​0.79.2 ⏵ 0.83.2	+1		+1	+1
	@​babel/​preset-typescript@​7.27.1 ⏵ 7.29.7				+1
	@​react-native/​typescript-config@​0.79.2 ⏵ 0.83.2			+10	+1
	@​react-native-community/​cli@​18.0.0 ⏵ 20.0.0	+1	+75	+1
	expo@​53.0.20 ⏵ 55.0.0-preview.9
	@​types/​react@​19.1.9 ⏵ 19.2.17
	react-native-gesture-handler@​2.28.0 ⏵ 2.32.0			+1
	react-test-renderer@​19.0.0 ⏵ 19.2.0	+1		+1
	@​react-native/​babel-preset@​0.79.5 ⏵ 0.83.2	+1		+1
	react-native-bootsplash@​6.3.8 ⏵ 7.3.2	-15			+1
	react@​19.0.0 ⏵ 19.2.0
	react-native-worklets@​0.6.1 ⏵ 0.10.0	+1		+3
	react-native@​0.79.2 ⏵ 0.83.2
	react-native-reanimated@​3.19.5 ⏵ 4.5.0	+1		+1	+1
	@​react-native-community/​cli-platform-android@​18.0.0 ⏵ 20.0.0				+1
	@​react-native-community/​cli-platform-ios@​18.0.0 ⏵ 20.0.0				+1

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm @emnapi/runtime is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package-lock.json → npm/react-native-bootsplash@7.3.2 → npm/jest@30.0.0 → npm/@emnapi/runtime@1.11.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@emnapi/runtime@1.11.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm @expo/cli is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package-lock.json → npm/expo@55.0.0-preview.9 → npm/@expo/cli@55.0.6 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@expo/cli@55.0.6. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm @expo/cli is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package-lock.json → npm/expo@55.0.0-preview.9 → npm/@expo/cli@55.0.6 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@expo/cli@55.0.6. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Publisher changed: npm @expo/log-box is now published by brentvatne Author: brentvatne From: package-lock.json → npm/expo@55.0.0-preview.9 → npm/@expo/log-box@55.0.5 ℹ Read more on: This package | This alert | What is unstable ownership? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Try to reduce the number of authors you depend on to reduce the risk to malicious actors gaining access to your supply chain. Packages should remove inactive collaborators with publishing rights from packages on npm. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@expo/log-box@55.0.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm fast-xml-parser is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package-lock.json → npm/@react-native-community/cli-platform-android@20.0.0 → npm/@react-native-community/cli-platform-ios@20.0.0 → npm/@react-native-community/cli@20.0.0 → npm/fast-xml-parser@4.5.6 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/fast-xml-parser@4.5.6. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm node-forge is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package-lock.json → npm/expo@55.0.0-preview.9 → npm/@walletconnect/web3wallet@1.10.1 → npm/node-forge@1.4.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/node-forge@1.4.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm react-native-bootsplash is 62.0% likely obfuscated Confidence: 0.62 Location: Package overview From: package-lock.json → npm/react-native-bootsplash@7.3.2 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/react-native-bootsplash@7.3.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm react-native-bootsplash is 60.0% likely obfuscated Confidence: 0.60 Location: Package overview From: package-lock.json → npm/react-native-bootsplash@7.3.2 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/react-native-bootsplash@7.3.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm react-native is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package-lock.json → npm/react-native@0.83.2 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/react-native@0.83.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Low adoption: npm @expo/log-box Location: Package overview From: package-lock.json → npm/expo@55.0.0-preview.9 → npm/@expo/log-box@55.0.5 ℹ Read more on: This package | This alert | What are unpopular packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Unpopular packages may have less maintenance and contain other problems. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@expo/log-box@55.0.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Low adoption: npm expo-modules-core Location: Package overview From: package-lock.json → npm/expo@55.0.0-preview.9 → npm/expo-modules-core@55.0.7 ℹ Read more on: This package | This alert | What are unpopular packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Unpopular packages may have less maintenance and contain other problems. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/expo-modules-core@55.0.7. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Low adoption: npm fetch-nodeshim Location: Package overview From: package-lock.json → npm/expo@55.0.0-preview.9 → npm/fetch-nodeshim@0.4.10 ℹ Read more on: This package | This alert | What are unpopular packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Unpopular packages may have less maintenance and contain other problems. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/fetch-nodeshim@0.4.10. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[j0ntz]

📸 Android test evidence: RN 0.83.2 + new architecture (Android emulator, iOS 26 toolchain)

agent proof 1215939017452147 04 android new arch

agent proof 1215939017452147 05 android login input

Captured by the agent's in-app test run (build-and-test).

[j0ntz]

📸 Test evidence: iOS new-arch build runs (RN 0.83.2)

agent proof 1215939017452147 01 walletlist newarch

agent proof 1215939017452147 02 buy 500 quote

Captured by the agent's in-app test run (build-and-test).

[cursor]

Cursor Bugbot has reviewed your changes and found 2 potential issues.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 1f9665c. Configure here.}

[cursor]

iOS URL handlers skip ExpoAppDelegate

Medium Severity

After switching AppDelegate to subclass ExpoAppDelegate, the application(_:open:options:) and application(_:continue:restorationHandler:) overrides still return only RCTLinkingManager results and never forward to super. The base ExpoAppDelegate may handle URLs for Expo modules; skipping super can drop those handlers while deep linking still works for React Native paths alone.

 

^{Reviewed by Cursor Bugbot for commit 1f9665c. Configure here.}

[cursor]

Cold-start shortcut may fire twice

Medium Severity

On cold launch, the app still assigns ExpoQuickActions.initialAction from launchOptions using logic written for a non-ExpoAppDelegate delegate, then calls super.application(_:didFinishLaunchingWithOptions:). With an ExpoAppDelegate, Expo’s lifecycle may also deliver the same home-screen shortcut, so useQuickActionCallback could run twice and open the shortcut URL twice.

 

^{Reviewed by Cursor Bugbot for commit 1f9665c. Configure here.}