chore(deps): bump react from 19.2.4 to 19.2.5 in /docs#330
chore(deps): bump react from 19.2.4 to 19.2.5 in /docs#330dependabot[bot] wants to merge 1 commit intomainfrom
Conversation
Bumps [react](https://github.com/facebook/react/tree/HEAD/packages/react) from 19.2.4 to 19.2.5. - [Release notes](https://github.com/facebook/react/releases) - [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/react/commits/v19.2.5/packages/react) --- updated-dependencies: - dependency-name: react dependency-version: 19.2.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
|
Codex usage limits have been reached for code reviews. Please check with the admins of this repo to increase the limits by adding credits. |
Greptile SummaryThis Dependabot PR bumps
Confidence Score: 4/5Safe to merge for a docs-only site but A P1 version mismatch exists between docs/package.json — Important Files Changed
Flowchart%%{init: {'theme': 'neutral'}}%%
flowchart TD
A[docs/package.json] --> B[react 19.2.5 ✅]
A --> C[react-dom 19.2.4 ⚠️]
B -- "peer dep" --> D[react-dom should match]
C -. "mismatch" .-> D
D --> E[react-dom 19.2.5 needed]
Prompt To Fix All With AIThis is a comment left during a code review.
Path: docs/package.json
Line: 32
Comment:
**`react-dom` not bumped alongside `react`**
`react` and `react-dom` are tightly coupled and must always be at the same version — the React team publishes them together. This PR bumps `react` to 19.2.5 but leaves `react-dom` pinned at 19.2.4, creating a version mismatch. While the lockfile resolves `react-dom@19.2.4(react@19.2.5)` and may work at the patch level, this is contrary to React's own guidance and could cause subtle runtime issues (e.g. mismatched internal shared state, concurrent mode behavior, event delegation differences).
```suggestion
"react-dom": "19.2.5"
```
How can I resolve this? If you propose a fix, please make it concise.Reviews (1): Last reviewed commit: "chore(deps): bump react from 19.2.4 to 1..." | Re-trigger Greptile |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
| "prism-react-renderer": "^2.3.0", | ||
| "react": "19.2.4", | ||
| "react": "19.2.5", | ||
| "react-dom": "19.2.4" |
There was a problem hiding this comment.
react-dom not bumped alongside react
react and react-dom are tightly coupled and must always be at the same version — the React team publishes them together. This PR bumps react to 19.2.5 but leaves react-dom pinned at 19.2.4, creating a version mismatch. While the lockfile resolves react-dom@19.2.4(react@19.2.5) and may work at the patch level, this is contrary to React's own guidance and could cause subtle runtime issues (e.g. mismatched internal shared state, concurrent mode behavior, event delegation differences).
| "react-dom": "19.2.4" | |
| "react-dom": "19.2.5" |
Prompt To Fix With AI
This is a comment left during a code review.
Path: docs/package.json
Line: 32
Comment:
**`react-dom` not bumped alongside `react`**
`react` and `react-dom` are tightly coupled and must always be at the same version — the React team publishes them together. This PR bumps `react` to 19.2.5 but leaves `react-dom` pinned at 19.2.4, creating a version mismatch. While the lockfile resolves `react-dom@19.2.4(react@19.2.5)` and may work at the patch level, this is contrary to React's own guidance and could cause subtle runtime issues (e.g. mismatched internal shared state, concurrent mode behavior, event delegation differences).
```suggestion
"react-dom": "19.2.5"
```
How can I resolve this? If you propose a fix, please make it concise.![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
| "react": "19.2.5", | ||
| "react-dom": "19.2.4" |
There was a problem hiding this comment.
🟡 This PR bumps react to 19.2.5 but leaves react-dom at 19.2.4, creating a version mismatch that is explicitly unsupported by the React team. The fix is to also bump react-dom to 19.2.5 in docs/package.json.
Extended reasoning...
What the bug is and how it manifests
docs/package.json specifies react at 19.2.5 while react-dom remains pinned at 19.2.4. The React team explicitly requires react and react-dom to be on the same version — this is a documented requirement enforced through peer dependencies. Mixing versions can cause hydration failures, warnings like "react-dom is not compatible with this version of React", or other subtle runtime errors.
The specific code path that triggers it
In docs/package.json (lines 31–32):
"react": "19.2.5",
"react-dom": "19.2.4"The lock file confirms the mismatch is real and was resolved: react-dom@19.2.4(react@19.2.5) — meaning react-dom 19.2.4 is installed against react 19.2.5.
Why existing code doesn't prevent it
Dependabot only bumped the react dependency and did not update react-dom in the same PR. pnpm resolved the combination without emitting a hard error because react-dom declares react as a peer dependency with a permissive range (e.g., >=15), not an exact version match. This means the mismatch silently passes the install step even though it violates the React team's release contract.
What the impact would be
While this is a docs-only Docusaurus site and the react 19.2.5 change (RSC cycle protections) is unlikely to directly affect react-dom behavior, the version mismatch is a policy violation. In practice it may cause no visible issues on this patch bump, but it sets a precedent for version drift and could trigger warnings or subtle differences in future patch releases.
How to fix it
Update react-dom to 19.2.5 in docs/package.json and regenerate the lock file:
"react": "19.2.5",
"react-dom": "19.2.5"Then run pnpm install to update the lock file.
Step-by-step proof
- Open
docs/package.json—reactis19.2.5(changed by this PR),react-domis19.2.4(not changed). - Open
docs/pnpm-lock.yaml— thereact-domspecifier entry still readsspecifier: 19.2.4and the snapshot key isreact-dom@19.2.4(react@19.2.5), confirming react-dom 19.2.4 is installed alongside react 19.2.5. - The React team's own documentation states react and react-dom must be on the same version.
- Conclusion: this PR is incomplete — it should have also bumped
react-domto19.2.5.
Bumps react from 19.2.4 to 19.2.5.
Release notes
Sourced from react's releases.
Commits
23f4f9f19.2.5Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)