JavaScript Frameworks Release Notes
Release notes for JavaScript and web frameworks, bundlers and static site generators
Products (9)
Latest JavaScript Frameworks Updates
- Apr 20, 2026
- Date parsed from source:Apr 20, 2026
- First seen by Releasebot:Apr 20, 2026
8.0.9 (2026-04-20)
Vite ships a maintenance release with Rolldown 1.0.0-rc.16, stronger dev and build handling, stricter HMR patch request protection, improved CSS and optimizer behavior, Deno workspace root detection, and refreshed documentation and dependency updates.
Features
- update rolldown to 1.0.0-rc.16 (#22248) (2947edd)
Bug Fixes
- allow binding when strictPort is set but wildcard port is in use (#22150) (dfc8aa5)
- build: emptyOutDir should happen for watch rebuilds (#22207) (ee52267)
- bundled-dev: reject requests to HMR patch files in non potentially trustworthy origins (#22269) (868f141)
- css: use unique key for cssEntriesMap to prevent same-basename collision (#22039) (374bb5d)
- deps: update all non-major dependencies (#22219) (4cd0d67)
- deps: update all non-major dependencies (#22268) (c28e9c1)
- detect Deno workspace root (fix #22237) (#22238) (1b793c0)
- dev: handle errors in watchChange hook (#22188) (fc08bda)
- optimizer: handle more chars that will be sanitized (#22208) (3f24533)
- skip fallback sourcemap generation for ?raw imports (#22148) (3ec9cda)
Documentation
- align the descriptions in READMEs (#22231) (44c42b9)
- fix reuses wording in dev environment comment (#22173) (9163412)
- fix wording in sass error comment (#22214) (bc5c6a7)
- update build CLI defaults (#22261) (605bb97)
Miscellaneous Chores
- deps: update dependency dotenv-expand to v13 (#22271) (0a3887d)
- Apr 17, 2026
- Date parsed from source:Apr 17, 2026
- First seen by Releasebot:Apr 18, 2026
[email protected] (April 17, 2026)
React fixes the removed component-hook-factories rule and restores a deprecated no-op for ESLint compatibility.
Note: 7.1.0 accidentally removed the component-hook-factories rule, causing errors for users who referenced it in their ESLint config. This is now fixed.
Add deprecated no-op component-hook-factories rule for backwards compatibility. (@mofeiZ in #36307)
Original source All of your release notes in one feed
Join Releasebot and get updates from Vite and hundreds of other software products.
- Apr 17, 2026
- Date parsed from source:Apr 17, 2026
- First seen by Releasebot:Apr 18, 2026
[email protected] (April 16, 2026)
React adds ESLint v10 support, speeds up compilation by skipping non-React files, and improves compiler linting with better set-state-in-effect detection, stronger ref validation, and clearer error reporting.
This release adds ESLint v10 support, improves performance by skipping compilation for non-React files, and includes compiler lint improvements including better set-state-in-effect detection, improved ref validation, and more helpful error reporting.
Add ESLint v10 support. (@nicolo-ribaudo in #35720)
- Skip compilation for non-React files to improve performance. (@josephsavona in #35589)
- Fix exhaustive deps bug with Flow type casting. (@jorge-cab in #35691)
- Fix useEffectEvent checks in component syntax. (@jbrown215 in #35041)
- Improved set-state-in-effect validation with fewer false negatives. (@jorge-cab in #35134, @josephsavona in #35147, @jackpope in #35214, @chesnokov-tony in #35419, @jsleitor in #36107)
- Improved ref validation for non-mutating functions and event handler props. (@josephsavona in #35893, @kolvian in #35062)
- Compiler now reports all errors instead of stopping at the first. (@josephsavona in #35873โ#35884)
- Improved source locations and error display in compiler diagnostics. (@nathanmarks in #35348, @josephsavona in #34963)
- Apr 16, 2026
- Date parsed from source:Apr 16, 2026
- First seen by Releasebot:Apr 17, 2026
[1.0.0-rc.16] - 2026-04-16
Rolldown adds const enum cross-module inlining and a new module tagging system for code splitting, while improving chunk handling, top-level await errors, side-effect checks, diagnostics, and performance across bundling and plugins.
๐ Features
- const enum cross-module inlining support (#8796) by @Dunqing
- implement module tagging system for code splitting (#9045) by @hyf0
๐ Bug Fixes
- rolldown_plugin_vite_manifest: handle duplicate chunk names for CSS entries (#9059) by @sapphi-red
- improve error message for invalid return values in function options (#9125) by @shulaoda
- await async export-star init wrappers (#9101) by @thezzisu
- never panic during diagnostic emission (#9091) by @IWANABETHATGUY
- include array rest pattern in binding_identifiers (#9112) by @IWANABETHATGUY
- rolldown: set worker thread count with ROLDOWN_WORKER_THREADS (#9086) by @fpotter
- rolldown_plugin_lazy_compilation: escape request ID in proxy modules (#9102) by @h-a-n-a
- treat namespace member access as side-effect-free (#9099) by @IWANABETHATGUY
- relax overly conservative side-effect leak check in chunk optimizer (#9085) by @IWANABETHATGUY
- runtime: release
cbreference after__commonJSfactory initialization (#9067) by @hyf0-agent @__NO_SIDE_EFFECTS__wrapper should not remove dynamic imports (#9075) by @IWANABETHATGUY- rolldown_plugin_vite_import_glob: use POSIX path join/normalize for glob resolution (#9077) by @shulaoda
- emit REQUIRE_TLA error when require() loads a module with top-level await (#9071) by @jaehafe
- emit namespace declaration for empty modules in manual chunks (#8993) by @privatenumber
- rolldown_plugin_vite_import_glob: keep common base on path segment boundary (#9070) by @shulaoda
- prevent circular runtime helper imports during facade elimination (#8989) (#9057) by @IWANABETHATGUY
- correct circular dependency check in facade elimination (#9047) by @h-a-n-a
- docs: correct dead link in CodeSplittingGroup.tags JSDoc (#9051) by @hyf0
- emit DUPLICATE_SHEBANG warning when banner contains shebang (#9026) by @IWANABETHATGUY
๐ Refactor
- use semantic reference flags for member write detection (#9060) by @Dunqing
- extract UsedSymbolRefs newtype wrapper (#9130) by @IWANABETHATGUY
- dedupe await wrapping in export-star init emit (#9119) by @IWANABETHATGUY
- calculate side-effect-free function symbols on demand (#9120) by @IWANABETHATGUY
- extract duplicated top-level await handling into shared helper (#9087) by @IWANABETHATGUY
- rolldown_plugin_vite_import_glob: use split_first for get_common_base (#9069) by @shulaoda
- simplify ESM init deduplication with idiomatic insert check (#9044) by @IWANABETHATGUY
๐ Documentation
- document runtime module placement strategy in code-splitting design (#9062) by @IWANABETHATGUY
- clarify
optionshook behavior difference with Rollup in watch mode (#9053) by @sapphi-red - meta/design: introduce module tags (#9017) by @hyf0
โก Performance
- convert
generate_transitive_esm_initto iterative (#9046) by @IWANABETHATGUY
๐งช Testing
- merge strict/non_strict test variants using configVariants (#9089) by @IWANABETHATGUY
โ๏ธ Miscellaneous Tasks
- disable Renovate auto-updates for oxc packages (#9129) by @IWANABETHATGUY
- upgrade [email protected] (#9127) by @Dunqing
- deps: update napi to v3.8.5 (#9126) by @renovate[bot]
- deps: update dependency @napi-rs/cli to v3.6.2 (#9123) by @renovate[bot]
- move lazy-compilation design doc (#9117) by @h-a-n-a
- deps: update dependency vite-plus to v0.1.18 (#9118) by @renovate[bot]
- deps: update dependency vite-plus to v0.1.17 (#9113) by @renovate[bot]
- deps: update oxc to v0.125.0 (#9094) by @renovate[bot]
- deps: update dependency follow-redirects to v1.16.0 [security] (#9103) by @renovate[bot]
- deps: update test262 submodule for tests (#9097) by @sapphi-red
- deps: update crate-ci/typos action to v1.45.1 (#9096) by @renovate[bot]
- deps: update rust crates (#9081) by @renovate[bot]
- deps: update npm packages (#9080) by @renovate[bot]
- remove outdated TODO in determine_module_exports_kind (#9072) by @jaehafe
- rust/test: support
extendedTests: falseshorthand in test config (#9050) by @hyf0 - ci: extract shared infra-changes anchor in path filters (#9054) by @hyf0
- add docs build check to catch dead links in PRs (#9052) by @hyf0
โค๏ธ New Contributors
- @thezzisu made their first contribution in #9101
- @fpotter made their first contribution in #9086
- @jaehafe made their first contribution in #9071
- @privatenumber made their first contribution in #8993
- Apr 16, 2026
- Date parsed from source:Apr 16, 2026
- First seen by Releasebot:Apr 16, 2026
v16.2.4
Next.js ships a backport release focused on bug fixes and stability, including Turbopack and compiler improvements, Safari cache-buster scoping, Windows ARM64 Google Fonts support, and better tracing and error messages.
Note
This release is backporting bug fixes. It does not include all pending features/changes on canary.
Core Changes
- chore: Bump reqwest to 0.13.2 (Fixes Google Fonts with Turbopack for Windows on ARM64) (#92713)
- Turbopack: fix filesystem watcher config not applying follow_symlinks(false) (#92631)
- Scope Safari ?ts= cache-buster to CSS/font assets only (Pages Router) (#92580)
- Compiler: Support boolean and number primtives in next.config defines (#92731)
- turbo-tasks: Fix recomputation loop by allowing cell cleanup on error during recomputation (#92725)
- Turbopack: shorter error for ChunkGroupInfo::get_index_of (#92814)
- Turbopack: shorter error message for ModuleBatchesGraph::get_entry_index (#92828)
- Adding more system info to the 'initialize project' trace (#92427)
Credits
Huge thanks to @Badbird5907, @lukesandberg, @andrewimm, @sokra, and @mischnic for helping!
Original source - Apr 14, 2026
- Date parsed from source:Apr 14, 2026
- First seen by Releasebot:Apr 15, 2026
v5.8.5
Fastify ships a security release that fixes CVE-2026-33806 and GHSA-247c-9743-5963, restores trustProxy handling for number and string types, and improves port parsing and socket address checks.
โ ๏ธ Security Release
This fixes CVE CVE-2026-33806 GHSA-247c-9743-5963.
What's Changed
- chore: Fix port parsing by @jsumners in #6603
- chore: upgrade to typescript v6.0.2 by @Tony133 in #6605
- fix: restore trustProxy function for number and string types, add null check for socketAddr by @mcollina in #6613
- ci: reduce cron scheduled workflows from daily/weekly to monthly by @Fdawgs in #6623
- chore: Bump pnpm/action-setup from 4.2.0 to 5.0.0 by @dependabot[bot] in #6629
- chore: Bump markdownlint-cli2 from 0.21.0 to 0.22.0 by @dependabot[bot] in #6632
- chore: Bump borp from 0.21.0 to 1.0.0 by @dependabot[bot] in #6633
- chore: Bump actions/dependency-review-action from 4.8.3 to 4.9.0 by @dependabot[bot] in #6630
- docs(ecosystem): add @pompelmi/fastify-plugin by @SonoTommy in #6610
New Contributors
- @SonoTommy made their first contribution in #6610
Full Changelog: v5.8.4...v5.8.5
Original source - Apr 13, 2026
- Date parsed from source:Apr 13, 2026
- First seen by Releasebot:Apr 20, 2026
v7.14.1
React Router fixes hydration race conditions, normalizes redirect paths, and adds TypeScript 6 support.
Patch Changes
- react-router - Fix a potential race condition that can occur when rendering a HydrateFallback and initial loaders land before the router.subscribe call happens in the RouterProvider layout effect (#14497)
- react-router - Normalize double-slashes in redirect paths (#14962)
- @react-router/dev - Add TypeScript 6 support to peer dependency ranges (#14935)
Full Changelog: v7.14.0...v7.14.1
Original source - Apr 9, 2026
- Date parsed from source:Apr 9, 2026
- First seen by Releasebot:Apr 9, 2026
[1.0.0-rc.15] - 2026-04-09
Rolldown fixes a stack overflow in generate_transitive_esm_init for circular dependencies and renames Spec-Driven Development to Context Engineering.
๐ Bug Fixes
- prevent stack overflow in
generate_transitive_esm_initon circular dependencies (#9041) by @shulaoda
๐ Refactor
- agents: rename Spec-Driven Development to Context Engineering (#9036) by @hyf0
- Apr 9, 2026
- Date parsed from source:Apr 9, 2026
- First seen by Releasebot:Apr 9, 2026
8.0.8 (2026-04-09)
Vite updates Rolldown to 1.0.0-rc.15 and fixes SSR hoisting and DNS order issues.
Features
- update rolldown to 1.0.0-rc.15 (#22201) (6baf587)
Bug Fixes
- avoid dns.getDefaultResultOrder temporary (#22202) (15f1c15)
- ssr: class property keys hoisting matching imports (#22199) (e137601)
- Apr 8, 2026
- Date parsed from source:Apr 8, 2026
- First seen by Releasebot:Apr 9, 2026
v16.2.3
Next.js ships backported security and bug fixes, including stale ISR revalidation error reporting, a manifest.ts HMR fix, output asset deduplication, styled-jsx race condition fixes, and turbo-tasks-backend stability improvements.
Note
This release is backporting security and bug fixes. For more information about the fixed security vulnerability, please see https://vercel.com/changelog/summary-of-cve-2026-23869. The release does not include all pending features/changes on canary.
Core Changes
- Ensure app-page reports stale ISR revalidation errors via onRequestError (#92282)
- Fix [Bug]: manifest.ts breaks HMR in Next.js 16.2 (#91981 through #92273)
- Deduplicate output assets and detect content conflicts on emit (#92292)
- Fix styled-jsx race condition: styles lost due to concurrent rendering (#92459)
- turbo-tasks-backend: stability fixes for task cancellation and error handling (#92254)
Credits
Huge thanks to @icyJoseph, @sokra, @wbinnssmith, @eps1lon, and @ztanner for helping!
Original source