Skip to content

build(deps): bump react from 18.3.1 to 19.2.7 in /site#20

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/site/react-19.2.7
Open

build(deps): bump react from 18.3.1 to 19.2.7 in /site#20
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/site/react-19.2.7

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown

Bumps react from 18.3.1 to 19.2.7.

Release notes

Sourced from react's releases.

19.2.7 (June 1st, 2026)

React Server Components

19.2.6 (May 6th, 2026)

React Server Components

19.2.5 (April 8th, 2026)

React Server Components

19.2.4 (January 26th, 2026)

React Server Components

19.2.3 (December 11th, 2025)

React Server Components

19.2.2 (December 11th, 2025)

React Server Components

19.2.1 (December 3rd, 2025)

React Server Components

19.2.0 (Oct 1, 2025)

Below is a list of all new features, APIs, and bug fixes.

Read the React 19.2 release post for more information.

New React Features

  • <Activity>: A new API to hide and restore the UI and internal state of its children.
  • useEffectEvent is a React Hook that lets you extract non-reactive logic into an Effect Event.
  • cacheSignal (for RSCs) lets your know when the cache() lifetime is over.
  • React Performance tracks appear on the Performance panel’s timeline in your browser developer tools

New React DOM Features

... (truncated)

Changelog

Sourced from react's changelog.

19.2.7 (June 1, 2026)

React Server Components

19.2.6 (May 6, 2026)

React Server Components

19.2.5 (March 18, 2026)

React Server Components

19.2.4 (Jan 26, 2026)

React Server Components

19.2.3 (Dec 11, 2025)

React Server Components

19.2.2 (Dec 11, 2025)

React Server Components

19.2.1 (Dec 3, 2025)

React Server Components

19.2.0 (October 1st, 2025)

Below is a list of all new features, APIs, and bug fixes.

Read the React 19.2 release post for more information.

New React Features

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [react](https://github.com/facebook/react/tree/HEAD/packages/react) from 18.3.1 to 19.2.7.
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react)

---
updated-dependencies:
- dependency-name: react
  dependency-version: 19.2.7
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Author

Labels

The following labels could not be found: dependencies, site. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

Comment thread site/package.json
"astro-icon": "^1.1.5",
"lucide-react": "^1.17.0",
"react": "^18.3.1",
"react": "^19.2.7",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CRITICAL: react is being bumped to ^19.2.7 but react-dom is left at ^18.3.1 (line 20). React 19 and React DOM 18 are not a valid pair — they share a peer-dependency contract and must be upgraded together. Running bun install/npm install against this PR will produce an ERESOLVE peer-dependency conflict (react-dom@18 declares react@^18.0.0; react@19 declares react-dom@^19.0.0). Even if the install is forced through, mixed majors will fail at render time with hooks/context errors. Ask Dependabot to also bump react-dom to ^19.2.7 (and any matching @types/react / @types/react-dom if present).


Reply with @kilocode-bot fix it to have Kilo Code address this issue.

@kilo-code-bot

kilo-code-bot Bot commented Jul 1, 2026

Copy link
Copy Markdown

Code Review Summary

Status: 1 Issue Found | Recommendation: Address before merge

Overview

Severity Count
CRITICAL 1
WARNING 0
SUGGESTION 0
Issue Details (click to expand)

CRITICAL

File Line Issue
site/package.json 19 react bumped to ^19.2.7 while sibling react-dom stays at ^18.3.1 (line 20); mismatched majors break install (peer-dep ERESOLVE) and runtime.
Files Reviewed (1 file)
  • site/package.json - 1 issue

Fix these issues in Kilo Cloud


Reviewed by minimax-m3 · Input: 32.5K · Output: 2K · Cached: 140K

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: f4de2ca2e6

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Comment thread site/package.json
"astro-icon": "^1.1.5",
"lucide-react": "^1.17.0",
"react": "^18.3.1",
"react": "^19.2.7",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Commit the regenerated site lockfile

This manifest bump is not accompanied by site/bun.lock: the lockfile still lists the workspace dependency as react: ^18.3.1 and locks react@18.3.1. The Pages workflow builds the landing site with cd site && bun install --frozen-lockfile && bun run build (.github/workflows/pages.yml:198), and bun install --help documents --frozen-lockfile as disallowing lockfile changes, so CI cannot apply or test the requested React 19.2.7 upgrade. Please regenerate and commit site/bun.lock with this dependency change.

Useful? React with 👍 / 👎.

Comment thread site/package.json
"astro-icon": "^1.1.5",
"lucide-react": "^1.17.0",
"react": "^18.3.1",
"react": "^19.2.7",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Upgrade react-dom with React

This upgrades only react to 19.x while leaving react-dom at ^18.3.1; the currently locked react-dom@18.3.1 declares a peer on react: ^18.3.1, and Astro's React integration uses ReactDOM for rendering/hydration. After the lockfile is refreshed this will resolve an unsupported React 19 / ReactDOM 18 pair, risking peer-resolution failures or runtime hydration/rendering issues. Please bump react-dom to the matching React 19 version in the same change.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants