[Snyk] Upgrade react-dom from 19.2.0 to 19.2.3#2
Conversation
Snyk has created this PR to upgrade react-dom from 19.2.0 to 19.2.3. See this package in pnpm: react-dom See this project in Snyk: https://app.snyk.io/org/danielbodnar/project/fb1fae36-5dba-4f23-a29b-04b364e68a4f?utm_source=github&utm_medium=referral&page=upgrade-pr
There was a problem hiding this comment.
Pull request overview
Updates the keyless-desktop app’s React DOM dependency as part of a Snyk-driven dependency upgrade to keep the production dependency set current.
Changes:
- Updates
react-domversion range inpackage.json. - Updates
pnpm-lock.yamlto a newer resolvedreact-domversion and adjusts related lock snapshots.
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| keyless-desktop/package.json | Updates the declared react-dom dependency version range. |
| keyless-desktop/pnpm-lock.yaml | Updates the lockfile’s resolved react-dom version and dependency graph snapshots. |
Files not reviewed (1)
- keyless-desktop/pnpm-lock.yaml: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| specifier: ^19.2.4 | ||
| version: 19.2.4(react@19.2.0) |
There was a problem hiding this comment.
pnpm-lock.yaml lists react-dom specifier/version as ^19.2.4 / 19.2.4, but package.json declares react-dom ^19.2.3. This makes the lockfile inconsistent with the manifest and will cause pnpm to consider the lock out-of-date. Align the versions (either bump package.json to ^19.2.4 or regenerate the lock for ^19.2.3) and re-run pnpm install to produce a consistent lockfile.
| specifier: ^19.2.4 | |
| version: 19.2.4(react@19.2.0) | |
| specifier: ^19.2.3 | |
| version: 19.2.3(react@19.2.0) |
| react-dom@19.2.4: | ||
| resolution: {integrity: sha512-AXJdLo8kgMbimY95O2aKQqsz2iWi9jMgKJhRBAxECE4IFxfcazB2LmzloIoibJI3C12IlY20+KFaLv+71bUJeQ==} | ||
| peerDependencies: | ||
| react: ^19.2.0 | ||
| react: ^19.2.4 | ||
|
|
There was a problem hiding this comment.
react-dom@19.2.4 declares a peer dependency on react ^19.2.4, but this lockfile resolves react to 19.2.0. This peer mismatch can lead to install warnings or subtle runtime issues; react and react-dom should be kept on the same patch/minor. Update react to >=19.2.4 (and update package.json/lock accordingly) or select a react-dom version whose peer range matches the resolved react version.
| "@tauri-apps/plugin-store": "^2", | ||
| "react": "^19.1.0", | ||
| "react-dom": "^19.1.0" | ||
| "react-dom": "^19.2.3" | ||
| }, |
There was a problem hiding this comment.
PR metadata/title indicate upgrading react-dom to 19.2.3, but the lockfile changes resolve react-dom to 19.2.4. Please either adjust the dependency bump to match the PR description/title, or update the PR metadata/title to reflect the actual version being introduced (and keep package.json and pnpm-lock.yaml consistent).
Snyk has created this PR to upgrade react-dom from 19.2.0 to 19.2.3.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 3 versions ahead of your current version.
The recommended version was released 2 months ago.
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information: