Bump react-dom from 19.2.4 to 19.2.5#971
Conversation
Bumps [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) from 19.2.4 to 19.2.5. - [Release notes](https://github.com/facebook/react/releases) - [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/react/commits/v19.2.5/packages/react-dom) --- updated-dependencies: - dependency-name: react-dom dependency-version: 19.2.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
Changed
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 7074c7a. Configure here.
| "prism-react-renderer": "^2.4.1", | ||
| "react": "^19.2.3", | ||
| "react-dom": "^19.2.4", | ||
| "react-dom": "^19.2.5", |
There was a problem hiding this comment.
react version range doesn't match react-dom peer dependency
Low Severity
The react dependency is declared as ^19.2.3 in package.json, but the newly bumped react-dom@19.2.5 declares a peerDependency of react: ^19.2.5. While the lockfile currently resolves react to 19.2.5, the declared range in package.json permits versions 19.2.3 and 19.2.4 which wouldn't satisfy the peer dependency. If the lockfile is regenerated, this mismatch could cause peer dependency warnings or installation errors. The react minimum version in package.json needs to be bumped to ^19.2.5 to stay consistent.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit 7074c7a. Configure here.
🤖 Cursor Dependency AnalysisSupply-Chain Malware ReviewVerifying Verdict: benign Evidence
Non–malware note (merge hygiene): Compatibility AnalysisSearching the repo for 1) Where
|
|
Looks like react-dom is up-to-date now, so this is no longer needed. |
Bumps react-dom from 19.2.4 to 19.2.5.
Release notes
Sourced from react-dom's releases.
Commits
23f4f9f19.2.5Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)Note
Low Risk
Low risk dependency bump; only updates
react-dom(and the lockfile-resolvedreact) patch versions with no app logic changes.Overview
Bumps the
react-domdependency from19.2.4to19.2.5.Updates
package-lock.jsonaccordingly, including resolvingreact/react-domto19.2.5and aligningreact-dom’s peer dependency onreactto^19.2.5.Reviewed by Cursor Bugbot for commit 7074c7a. Bugbot is set up for automated code reviews on this repo. Configure here.