Skip to content

chore: bump react-native-ble-plx 3.2.1 β†’ 3.4.0#7323

Merged
janicduplessis merged 3 commits intodevelopfrom
@janic/bump-ble-plx
Apr 15, 2026
Merged

chore: bump react-native-ble-plx 3.2.1 β†’ 3.4.0#7323
janicduplessis merged 3 commits intodevelopfrom
@janic/bump-ble-plx

Conversation

@janicduplessis
Copy link
Copy Markdown
Contributor

@janicduplessis janicduplessis commented Apr 9, 2026
edited
Loading

Fixes APP-3610

What changed (plus any additional context for devs)

Bumps react-native-ble-plx from 3.2.1 to 3.4.0 and @ledgerhq/react-native-hw-transport-ble from 6.33.4 to 6.34.1.

Key changes in ble-plx 3.3–3.4:

  • BleManager is now a singleton (safe to declare in React tree)
  • Dropped expo / @expo/config-plugins direct dependencies, cleaning up ~120 transitive babel packages from the lockfile

We bump to 3.4.0 instead of 3.5.x because 3.5.0 added a subscriptionType parameter to monitorCharacteristic* native bridge methods on Android (4 β†’ 5 args). The Ledger transport's JS still calls with 4 args, causing a NativeArgumentsParseException crash. By using 3.4.0 β€” which Ledger transport 6.34.1 also depends on β€” both JS and native stay aligned with no resolution needed.

Extracted from the RN 0.81 upgrade PR #6924.

Screen recordings / screenshots

N/A

What to test

  • Tested on physical device by pairing with a Ledger Nano X via BLE on iOS and Android

@socket-security
Copy link
Copy Markdown

socket-security Bot commented Apr 9, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatednpm/​react-native-ble-plx@​3.2.1 ⏡ 3.4.09910010085 +2100
Updatednpm/​@​ledgerhq/​react-native-hw-transport-ble@​6.33.4 ⏡ 6.34.193 -110010099 +2100

View full report

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 9, 2026
edited
Loading

πŸ§ͺ Flashlight Performance Report (AWS Device Farm)

πŸ”€ Commit: c4e37ef

πŸ“Ž View Artifacts

Metric Current Ξ” vs Baseline
Time to Interactive (TTI) 5550 ms βšͺ -16.8 ms (-0.3%)
Average FPS 56.82 βšͺ +0.0 (+0.0%)
Average RAM 398.0 MB βšͺ +3.4 MB (+0.9%)

@linear
Copy link
Copy Markdown

linear Bot commented Apr 10, 2026

APP-3610 Bump react-native-ble-plx 3.2.1 β†’ 3.5.1

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 10, 2026

Launch in simulator or device for 08a7ea8

@olerass
Copy link
Copy Markdown
Contributor

olerass commented Apr 10, 2026

@janicduplessis robot Ole is not happy. Can we check if this is true?

The upstream react-native-ble-plx 3.5.0 added a subscriptionType parameter to all monitorCharacteristic* native methods on Android only, changing bridge signatures from 4 to 5 arguments. The Ledger transport library resolves to a nested JS copy at 3.1.2 that calls these methods without the new parameter. React Native's Old Architecture bridge (JavaMethodWrapper.java:347) performs strict argument count validation and throws NativeArgumentsParseException on mismatch.

Impact: Every TransportBLE.open() call on Android will crash during characteristic monitoring setup. Ledger hardware wallet connectivity is completely broken on Android -- pairing, address derivation, and transaction signing all fail.

iOS is unaffected -- the upstream intentionally excluded subscriptionType from iOS native method signatures.

Fix options:

  • (A) Add a resolutions entry in package.json to force react-native-ble-plx to 3.5.1 everywhere, aligning JS and native versions
  • (B) Bump @ledgerhq/react-native-hw-transport-ble to a version that depends on react-native-ble-plx@^3.5.0

@janicduplessis janicduplessis force-pushed the @janic/bump-ble-plx branch 2 times, most recently from 20b21bc to 70264c8 Compare April 10, 2026 17:22
@janicduplessis janicduplessis changed the title chore: bump react-native-ble-plx 3.2.1 β†’ 3.5.1 chore: bump react-native-ble-plx 3.2.1 β†’ 3.4.0 Apr 10, 2026
@janicduplessis janicduplessis force-pushed the @janic/bump-ble-plx branch 5 times, most recently from e99723e to 0fd40ed Compare April 10, 2026 17:48
@janicduplessis janicduplessis changed the title chore: bump react-native-ble-plx 3.2.1 β†’ 3.4.0 chore: bump react-native-ble-plx 3.2.1 β†’ 3.5.1 Apr 10, 2026
@janicduplessis
chore: bump react-native-ble-plx 3.2.1 β†’ 3.4.0
148e584 
Also bumps @ledgerhq/react-native-hw-transport-ble 6.33.4 β†’ 6.34.1
so both depend on the same ble-plx version (3.4.0), avoiding a
native/JS argument mismatch crash on Android introduced in ble-plx 3.5.0.

ble-plx 3.4.0 dropped its expo/config-plugins dependency, cleaning
up ~120 transitive babel packages from the lockfile.
@janicduplessis janicduplessis changed the title chore: bump react-native-ble-plx 3.2.1 β†’ 3.5.1 chore: bump react-native-ble-plx 3.2.1 β†’ 3.4.0 Apr 10, 2026
@janicduplessis janicduplessis requested a review from olerass April 10, 2026 18:03
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 10, 2026

Launch in simulator or device for c4e37ef

olerass
olerass approved these changes Apr 15, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@olerass olerass left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM with the companion bump πŸ‘

@janicduplessis janicduplessis merged commit 7dd2b67 into develop Apr 15, 2026
25 of 26 checks passed
@janicduplessis janicduplessis deleted the @janic/bump-ble-plx branch April 15, 2026 13:16
janicduplessis added a commit that referenced this pull request Apr 15, 2026
@janicduplessis
chore: pin @ledgerhq/logs to a single version
210e076 
Adds an explicit yarn resolution for @ledgerhq/logs. Without this,
yarn can end up with multiple versions of @ledgerhq/logs hoisted
into node_modules when dependencies are updated (different ledgerhq
packages specify different semver ranges), which produces two
separate LocalTracer class definitions with incompatible private
fields and breaks src/utils/ledger.ts under tsc.

This should have been added alongside the ble-plx / hw-transport-ble
bump in #7323 β€” the next dep bump that touches anything ledgerhq-adjacent
will re-introduce the duplicate otherwise.
@janicduplessis janicduplessis mentioned this pull request Apr 15, 2026
Merged
janicduplessis added a commit that referenced this pull request Apr 15, 2026
@janicduplessis
chore: pin @ledgerhq/logs to a single version
e7e3218 
Adds an explicit yarn resolution for @ledgerhq/logs. Without this,
yarn can end up with multiple versions of @ledgerhq/logs hoisted
into node_modules when dependencies are updated (different ledgerhq
packages specify different semver ranges), which produces two
separate LocalTracer class definitions with incompatible private
fields and breaks src/utils/ledger.ts under tsc.

This should have been added alongside the ble-plx / hw-transport-ble
bump in #7323 β€” the next dep bump that touches anything ledgerhq-adjacent
will re-introduce the duplicate otherwise.
janicduplessis added a commit that referenced this pull request Apr 17, 2026
@janicduplessis
chore: pin @ledgerhq/logs to a single version
75bbf34 
Adds an explicit yarn resolution for @ledgerhq/logs. Without this,
yarn can end up with multiple versions of @ledgerhq/logs hoisted
into node_modules when dependencies are updated (different ledgerhq
packages specify different semver ranges), which produces two
separate LocalTracer class definitions with incompatible private
fields and breaks src/utils/ledger.ts under tsc.

This should have been added alongside the ble-plx / hw-transport-ble
bump in #7323 β€” the next dep bump that touches anything ledgerhq-adjacent
will re-introduce the duplicate otherwise.
janicduplessis added a commit that referenced this pull request Apr 17, 2026
@janicduplessis
chore: pin @ledgerhq/logs to a single version (#7355)
41f030d 
Adds an explicit yarn resolution for @ledgerhq/logs. Without this,
yarn can end up with multiple versions of @ledgerhq/logs hoisted
into node_modules when dependencies are updated (different ledgerhq
packages specify different semver ranges), which produces two
separate LocalTracer class definitions with incompatible private
fields and breaks src/utils/ledger.ts under tsc.

This should have been added alongside the ble-plx / hw-transport-ble
bump in #7323 β€” the next dep bump that touches anything ledgerhq-adjacent
will re-introduce the duplicate otherwise.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@olerass olerass olerass approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@janicduplessis @olerass