Skip to content

chore(deps): bump react-dom and @types/react-dom #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mchestr merged 2 commits into from
Nov 28, 2025
Merged

chore(deps): bump react-dom and @types/react-dom #5

mchestr merged 2 commits into from
Nov 28, 2025

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 17, 2025
edited
Loading

Bumps react-dom and @types/react-dom. These dependencies needed to be updated together.
Updates react-dom from 18.3.1 to 19.2.0

Release notes

Sourced from react-dom's releases.

19.2.0 (Oct 1, 2025)

Below is a list of all new features, APIs, and bug fixes.

Read the React 19.2 release post for more information.

New React Features

  • <Activity>: A new API to hide and restore the UI and internal state of its children.
  • useEffectEvent is a React Hook that lets you extract non-reactive logic into an Effect Event.
  • cacheSignal (for RSCs) lets your know when the cache() lifetime is over.
  • React Performance tracks appear on the Performance panel’s timeline in your browser developer tools

New React DOM Features

  • Added resume APIs for partial pre-rendering with Web Streams:
  • Added resume APIs for partial pre-rendering with Node Streams:
  • Updated prerender APIs to return a postponed state that can be passed to the resume APIs.

Notable changes

  • React DOM now batches suspense boundary reveals, matching the behavior of client side rendering. This change is especially noticeable when animating the reveal of Suspense boundaries e.g. with the upcoming <ViewTransition> Component. React will batch as much reveals as possible before the first paint while trying to hit popular first-contentful paint metrics.
  • Add Node Web Streams (prerender, renderToReadableStream) to server-side-rendering APIs for Node.js
  • Use underscore instead of : IDs generated by useId

All Changes

React

React DOM

... (truncated)

Changelog

Sourced from react-dom's changelog.

19.2.0 (October 1st, 2025)

Below is a list of all new features, APIs, and bug fixes.

Read the React 19.2 release post for more information.

New React Features

  • <Activity>: A new API to hide and restore the UI and internal state of its children.
  • useEffectEvent is a React Hook that lets you extract non-reactive logic into an Effect Event.
  • cacheSignal (for RSCs) lets your know when the cache() lifetime is over.
  • React Performance tracks appear on the Performance panel’s timeline in your browser developer tools

New React DOM Features

  • Added resume APIs for partial pre-rendering with Web Streams:
  • Added resume APIs for partial pre-rendering with Node Streams:
  • Updated prerender APIs to return a postponed state that can be passed to the resume APIs.

Notable changes

  • React DOM now batches suspense boundary reveals, matching the behavior of client side rendering. This change is especially noticeable when animating the reveal of Suspense boundaries e.g. with the upcoming <ViewTransition> Component. React will batch as much reveals as possible before the first paint while trying to hit popular first-contentful paint metrics.
  • Add Node Web Streams (prerender, renderToReadableStream) to server-side-rendering APIs for Node.js
  • Use underscore instead of : IDs generated by useId

All Changes

React

React DOM

... (truncated)

Commits

Updates @types/react-dom from 18.3.7 to 19.2.3

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Nov 17, 2025

Labels

The following labels could not be found: dependencies, npm. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/multi-494c2497bb branch from 81c5a4c to d210407 Compare November 17, 2025 04:45
@mchestr
Copy link
Owner

mchestr commented Nov 17, 2025

@dependabot rebase

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Nov 17, 2025

Looks like this PR is already up-to-date with main! If you'd still like to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/multi-494c2497bb branch from d210407 to 1bbc4da Compare November 17, 2025 04:48
@mchestr
Copy link
Owner

mchestr commented Nov 17, 2025

@dependabot recreate

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/multi-494c2497bb branch 2 times, most recently from d62ece8 to 808c1eb Compare November 18, 2025 03:37
@mchestr
Copy link
Owner

mchestr commented Nov 23, 2025

@dependabot rebase

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/multi-494c2497bb branch 4 times, most recently from a257808 to 962dd38 Compare November 26, 2025 06:31
@mchestr
Copy link
Owner

mchestr commented Nov 26, 2025

@dependabot rebase

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/multi-494c2497bb branch 2 times, most recently from 756b49b to 1003524 Compare November 27, 2025 03:12
@mchestr
Copy link
Owner

mchestr commented Nov 28, 2025

https://github.com/dependabot rebase

@mchestr
Copy link
Owner

mchestr commented Nov 28, 2025

@dependabot rebase

@dependabot
chore(deps): bump react-dom and @types/react-dom
46f2c58 
Bumps [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) and [@types/react-dom](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react-dom). These dependencies needed to be updated together.

Updates `react-dom` from 18.3.1 to 19.2.0
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.0/packages/react-dom)

Updates `@types/react-dom` from 18.3.7 to 19.2.3
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react-dom)

---
updated-dependencies:
- dependency-name: react-dom
  dependency-version: 19.2.0
  dependency-type: direct:production
  update-type: version-update:semver-major
- dependency-name: "@types/react-dom"
  dependency-version: 19.2.3
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/multi-494c2497bb branch from 1003524 to 46f2c58 Compare November 28, 2025 02:55
@mchestr @claude
fix: upgrade @types/react to v19 to match @types/react-dom
3f82f50 
This commit fixes the peer dependency conflict introduced by the
Dependabot update. The update upgraded react-dom to v19.2.0 and
@types/react-dom to v19.2.3, but left react and @types/react at v18.

The @types/react-dom@19.2.3 package requires @types/react@^19.2.0
as a peer dependency, which was causing npm install to fail.

Changes:
- Upgraded react from ^18.3.0 to ^19.2.0
- Upgraded @types/react from ^18.3.0 to ^19.2.0
- Regenerated package-lock.json

Fixes failing status checks for PR #5

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
@claude
Copy link

claude bot commented Nov 28, 2025

PR Review: React 19.2.0 Upgrade

Summary

This PR upgrades React and React DOM from 18.3.x to 19.2.0, along with the corresponding TypeScript type definitions. This is a major version upgrade that introduces significant changes and new features.

✅ Positive Observations

  1. Dependency Consistency: Both react and react-dom are upgraded together (to 19.2.0), and type definitions match (@types/react 19.2.7 and @types/react-dom 19.2.3).

  2. Clean Dependency Tree: The upgrade removes @types/prop-types dependency and simplifies the dependency tree by removing loose-envify as a direct dependency (now only dev).

  3. Package Lock Updated: The package-lock.json is properly updated with all transitive dependencies.

⚠️ Concerns & Recommendations

1. Next.js Compatibility (CRITICAL)

  • Issue: Next.js 16.0.3 may not be fully compatible with React 19.2.0
  • Current: next: ^16.0.3, which is likely a canary/beta version
  • Recommendation: Verify Next.js 16 officially supports React 19. Check Next.js release notes and test thoroughly.
  • Action Required: Run the full build and test suite to ensure compatibility

2. Breaking Changes in React 19

React 19 includes several breaking changes that may affect this codebase:

  • useId format change: Now uses underscores (_) instead of colons (:). This could affect CSS selectors or test assertions that rely on ID format.
  • New hooks: useEffectEvent is now available - consider if any effect-related code could benefit from refactoring.
  • Suspense behavior changes: Boundary reveals are now batched differently, which may affect loading states.
  • Server Components: Enhanced partial pre-rendering APIs - ensure server/client component boundaries are correct.

3. Test Coverage (CRITICAL)

  • Missing: No evidence of test execution in this PR
  • Required Actions:
    • Run unit tests: npm test
    • Run E2E tests: npm run test:e2e
    • Run build: npm run build
    • Check for TypeScript errors
    • Verify all client components still work correctly

4. Framer Motion Compatibility

  • Current: framer-motion: ^12.23.24
  • Concern: This version may have been designed for React 18. Check if Framer Motion 12.x supports React 19.
  • Project Impact: The codebase heavily uses Framer Motion for animations (wrapped sections, transitions, etc.)
  • Recommendation: Review Framer Motion's React 19 compatibility or test animations thoroughly.

5. Third-Party Library Compatibility

Libraries that may need verification:

  • @tanstack/react-query (5.56.0): Verify React 19 support
  • react-chartjs-2 (5.3.1): Check compatibility
  • react-markdown (10.1.0): Verify rendering still works
  • react-countup (6.5.3): Check for issues
  • @testing-library/react (16.3.0): Should support React 19, but verify

6. Security & Performance

  • Positive: No known security vulnerabilities introduced
  • Performance: React 19 includes performance improvements, but batching changes may affect perceived performance
  • Recommendation: Monitor performance metrics after deployment

🔧 Required Testing Checklist

Before merging, please verify:

  • npm run build completes successfully
  • npm test passes all unit tests
  • npm run test:e2e passes all E2E tests
  • No new TypeScript errors introduced
  • Client components with hooks still work ('use client' components)
  • Framer Motion animations render correctly
  • TanStack Query data fetching works as expected
  • NextAuth authentication flow works
  • Server Actions continue to function
  • Form submissions work correctly
  • Charts render properly (react-chartjs-2)
  • Wrapped generation and display works
  • Admin dashboard functions correctly
  • Onboarding flow completes successfully

📋 Migration Considerations

If you proceed with this upgrade, consider:

  1. Code Review: Search for patterns that might be affected:

    • useId() usage - verify IDs are not used in CSS selectors
    • Custom hooks that could benefit from useEffectEvent
    • Suspense boundaries - test loading states

  2. Documentation: Update any developer documentation mentioning React version requirements

  3. Rollback Plan: Ensure you can quickly revert if issues are found in production

🎯 Verdict

HOLD - Do Not Merge Yet

While the dependency upgrade itself is clean, this is a major version change with significant implications:

  1. Must verify Next.js 16.0.3 officially supports React 19
  2. Must run full test suite and build before merging
  3. Must test Framer Motion compatibility (heavily used in this project)
  4. Should verify third-party library compatibility
  5. Consider staging deployment first before production

Recommended Action: Run the test suite and build, verify no breaking changes, and test critical user flows manually before merging.

📚 Additional Resources

Review conducted following project CLAUDE.md guidelines. Focused on TypeScript strict mode, Next.js App Router patterns, and project architecture.

@mchestr mchestr merged commit c3dd916 into main Nov 28, 2025
5 checks passed
@mchestr mchestr deleted the dependabot/npm_and_yarn/multi-494c2497bb branch November 28, 2025 05:28
This was referenced Nov 28, 2025
Merged
Merged
Merged
Merged
Closed
@claude claude bot mentioned this pull request Dec 8, 2025
Merged
5 tasks
This was referenced Dec 28, 2025
Merged
Merged
mchestr added a commit that referenced this pull request Dec 28, 2025
@mchestr
Address PR review comments - security and code quality fixes
317f846 
- Add Zod validation for Jellyfin credentials (Critical #2)
- Sanitize and validate email inputs for account linking (Critical #3)
- Replace console.log with centralized logger (Important #5)
- Replace type assertions with Zod runtime validation (Minor #9)
- Enhance error handling in Jellyfin sign-in (Important #4)

All critical and important issues from code review have been addressed.
Tests passing, linting clean.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mchestr