[Snyk] Upgrade react-dom from 19.2.0 to 19.2.1 #16
Conversation
Snyk has created this PR to upgrade react-dom from 19.2.0 to 19.2.1. See this package in npm: react-dom See this project in Snyk: https://app.snyk.io/org/512andrew/project/b45551dc-87ea-432a-a201-d552543e3b1a?utm_source=github&utm_medium=referral&page=upgrade-pr
❌ Deploy Preview for melodious-squirrel-f66679 failed. Why did it fail? →
|
There was a problem hiding this comment.
Pull request overview
This PR upgrades react-dom from 19.2.0 to 19.2.1 as part of a Snyk dependency update. However, the upgrade creates a version mismatch issue with the core React library.
Key Changes:
- Updates react-dom from 19.2.0 to 19.2.1 in package.json
- Updates package-lock.json with new version, integrity hash, and peer dependency requirements
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| package.json | Updates react-dom version to 19.2.1, but creates a version mismatch with react 19.2.0 |
| package-lock.json | Updates react-dom metadata and changes peer dependency requirement to ^19.2.1 |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "@react-three/drei": "^10.7.7", | ||
| "@react-three/fiber": "^9.4.0", | ||
| "next": "^16.0.10", | ||
| "react": "19.2.0", |
There was a problem hiding this comment.
Upgrading react-dom to 19.2.1 while keeping react at 19.2.0 creates a version mismatch. According to the package-lock.json changes, react-dom 19.2.1 has a peer dependency of "^19.2.1" for react, but the current react version is pinned at 19.2.0. This mismatch will likely cause a peer dependency warning or error during installation. Both react and react-dom should be upgraded together to 19.2.1 to maintain compatibility.
| "react": "19.2.0", | |
| "react": "19.2.1", |
| "next": "^16.0.10", | ||
| "react": "19.2.0", | ||
| "react-dom": "19.2.0", | ||
| "react-dom": "19.2.1", |
There was a problem hiding this comment.
The version format is inconsistent with the package-lock.json. In package.json line 18, react-dom should use the caret prefix (^19.2.1) to match the format used in package-lock.json line 15. Without the caret, the package will be pinned to exactly 19.2.1, while package-lock.json indicates a range starting from ^19.2.1. This inconsistency can cause confusion and unexpected behavior during dependency resolution.
| "react-dom": "19.2.1", | |
| "react-dom": "^19.2.1", |
Snyk has created this PR to upgrade react-dom from 19.2.0 to 19.2.1.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 1 version ahead of your current version.
The recommended version was released 22 days ago.
Release notes
Package name: react-dom
-
19.2.1 - 2025-12-03
-
19.2.0 - 2025-10-01
- React Performance tracks appear on the Performance panel’s timeline in your browser developer tools
- Added resume APIs for partial pre-rendering with Web Streams:
- Added resume APIs for partial pre-rendering with Node Streams:
- Updated
- React DOM now batches suspense boundary reveals, matching the behavior of client side rendering. This change is especially noticeable when animating the reveal of Suspense boundaries e.g. with the upcoming
- Add Node Web Streams (
- Use underscore instead of
- Stringify context as "SomeContext" instead of "SomeContext.Provider" (@ kassens #33507)
- Include stack of cause of React instrumentation errors with
- Fix infinite
- Fix a bug when an initial value was passed to
- Fix a crash when submitting forms with Client Actions (@ sebmarkbage #33055)
- Hide/unhide the content of dehydrated suspense boundaries if they resuspend (@ sebmarkbage #32900)
- Avoid stack overflow on wide trees during Hot Reload (@ sophiebits #34145)
- Improve Owner and Component stacks in various places (@ sebmarkbage, @ eps1lon: #33629, #33724, #32735, #33723)
- Add
- Block on Suspensey Fonts during reveal of server-side-rendered content (@ sebmarkbage #33342)
- Use underscore instead of
- Stop warning when ARIA 1.3 attributes are used (@ Abdul-Omira #34264)
- Allow
- Warn for using a React owned node as a Container if it also has text content (@ sebmarkbage #32774)
- s/HTML/text for for error messages if text hydration mismatches (@ rickhanlonii #32763)
- Fix a bug with
- Enable the
- Fix a bug with deeply nested Suspense inside Suspense fallback when server-side-rendering (@ gnoff #33467)
- Avoid hanging when suspending after aborting while rendering (@ gnoff #34192)
- Add Node Web Streams to server-side-rendering APIs for Node.js (@ sebmarkbage #33475)
- Preload
- Log error if production elements are rendered during development (@ eps1lon #34189)
- Fix a bug when returning a Temporary reference (e.g. a Client Reference) from Server Functions (@ sebmarkbage #34084, @ denk0403 #33761)
- Pass line/column to
- Support Async Modules in Turbopack Server References (@ lubieowoce #34531)
- Add support for .mjs file extension in Webpack (@ jennyscript #33028)
- Fix a wrong missing key warning (@ unstubbable #34350)
- Make console log resolve in predictable order (@ sebmarkbage #33665)
- createContainer and createHydrationContainer had their parameter order adjusted after
- Breaking: Require Node.js 18 or newer. (@ michaelfaith in #32458)
- Breaking: Flat config is now the default
- New Violations: Disallow calling
- New Violations: Disallow calling
- Handle
- Added
from react-dom GitHub release notesBelow is a list of all new features, APIs, and bug fixes.
Read the React 19.2 release post for more information.
New React Features
<Activity>: A new API to hide and restore the UI and internal state of its children.useEffectEventis a React Hook that lets you extract non-reactive logic into an Effect Event.cacheSignal(for RSCs) lets your know when thecache()lifetime is over.New React DOM Features
resume: to resume a prerender to a stream.resumeAndPrerender: to resume a prerender to HTML.resumeToPipeableStream: to resume a prerender to a stream.resumeAndPrerenderToNodeStream: to resume a prerender to HTML.prerenderAPIs to return apostponedstate that can be passed to theresumeAPIs.Notable changes
<ViewTransition>Component. React will batch as much reveals as possible before the first paint while trying to hit popular first-contentful paint metrics.prerender,renderToReadableStream) to server-side-rendering APIs for Node.js:IDs generated by useIdAll Changes
React
<Activity />was developed over many years, starting beforeClassComponent.setState(@ acdlite @ sebmarkbage and many others)%oplaceholder (@ eps1lon #34198)useDeferredValueloop in popstate event (@ acdlite #32821)useDeferredValue(@ acdlite #34376)cacheSignal(@ sebmarkbage #33557)React DOM
:for IDs generated byuseId(@ sebmarkbage, @ eps1lon: #32001, #33342#33099, #33422)nonceto be used on hoistable styles (@ Andarist #32461)React.useinsideReact.lazy-ed Component (@ hi-ogawa #33941)progressiveChunkSizeoption for server-side-rendering APIs (@ sebmarkbage #33027)React Server Components
<img>and<link>using hints before they're rendered (@ sebmarkbage #34604)filterStackFrame(@ eps1lon #33707)React Reconciler
on*handlers to account for upcoming experimental APIseslint-plugin-react-hooks@6.1.0
Note: Version 6.0.0 was mistakenly released and immediately deprecated and untagged on npm. This is the first official 6.x major release and includes breaking changes.
recommendedpreset. Legacy config moved torecommended-legacy. (@ michaelfaith in #32457)usewithin try/catch blocks. (@ poteto in #34040)useEffectEventfunctions in arbitrary closures. (@ jbrown215 in #33544)React.useEffectin addition touseEffectin rules-of-hooks. (@ Ayc0 in #34076)react-hookssettings config option that to acceptadditionalEffectHooksthat are used across exhaustive-deps and rules-of-hooks rules. (@ jbrown215) in #34497Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information: