đź”’ [Security](deps): Bump react and @types/react#17
đź”’ [Security](deps): Bump react and @types/react#17dependabot[bot] wants to merge 1 commit intomainfrom
Conversation
Bumps [react](https://github.com/facebook/react/tree/HEAD/packages/react) and [@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react). These dependencies needed to be updated together. Updates `react` from 19.2.3 to 19.2.4 - [Release notes](https://github.com/facebook/react/releases) - [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/react/commits/v19.2.4/packages/react) Updates `@types/react` from 19.2.7 to 19.2.10 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react) --- updated-dependencies: - dependency-name: react dependency-version: 19.2.4 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: "@types/react" dependency-version: 19.2.10 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
blackboxprogramming
requested review from
Copilot
and removed request for
blackboxprogramming
There was a problem hiding this comment.
Pull request overview
Updates React runtime and TypeScript React typings to incorporate the latest patch release, refreshing the pnpm lockfile to reflect the resolved dependency graph.
Changes:
- Bump
reactfrom19.2.3to19.2.4. - Bump
@types/reactfrom19.2.7to19.2.10. - Regenerate
pnpm-lock.yamlto reflect updated React-related resolutions (and additional lockfile refreshes).
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| package.json | Updates the pinned react dependency version. |
| pnpm-lock.yaml | Updates resolved versions and dependency snapshots for React, typings, and related packages. |
Files not reviewed (1)
- pnpm-lock.yaml: Language not supported
đź’ˇ Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "nextra-theme-docs": "^4.6.1", | ||
| "react": "19.2.3", | ||
| "react": "19.2.4", | ||
| "react-dom": "19.2.3" |
There was a problem hiding this comment.
react was bumped to 19.2.4 but react-dom remains pinned to 19.2.3. React/ReactDOM are typically expected to stay on the same version; please bump react-dom to 19.2.4 as well (and regenerate the lockfile) to avoid subtle runtime/compat issues.
| "react-dom": "19.2.3" | |
| "react-dom": "19.2.4" |
| prettier: | ||
| specifier: ^3.7.4 | ||
| version: 3.8.1 |
There was a problem hiding this comment.
This lockfile update also resolves prettier to 3.8.1 (under the root importer), which is outside the PR description/title (“Bump react and @types/react”). If this prettier bump is unintended, regenerate the lockfile in a way that only updates the targeted deps; otherwise, please include the prettier update in the PR description so reviewers/CI expectations match the actual dependency changes.
Bumps react and @types/react. These dependencies needed to be updated together.
Updates
reactfrom 19.2.3 to 19.2.4Release notes
Sourced from react's releases.
Commits
90ab3f8Version 19.2.4Updates
@types/reactfrom 19.2.7 to 19.2.10Commits
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)