Conversation
Snyk has created this PR to upgrade react-dom from 19.0.0 to 19.2.0. See this package in pnpm: react-dom See this project in Snyk: https://app.snyk.io/org/smsdao/project/23300643-389a-4501-9b0f-67791b6a2022?utm_source=github&utm_medium=referral&page=upgrade-pr
There was a problem hiding this comment.
Pull request overview
This PR upgrades the react-dom dependency from version 19.0.0 to 19.2.0 as part of an automated Snyk security update. However, the changes contain several critical inconsistencies that need to be addressed before merging.
Key Changes:
- Updates
react-domdependency specification in package.json from^19.0.0to^19.2.0 - Updates pnpm lock file to reflect the new version (though inconsistently showing 19.2.3)
- Updates transitive dependency
schedulerfrom 0.25.0 to 0.27.0
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| examples/tg-bot-starter/basic-tg-bot/package.json | Updates react-dom dependency version specifier to ^19.2.0 |
| examples/tg-bot-starter/basic-tg-bot/pnpm-lock.yaml | Updates lock file entries for react-dom (showing 19.2.3), scheduler, and next.js peer dependencies to reflect the upgrade |
Files not reviewed (1)
- examples/tg-bot-starter/basic-tg-bot/pnpm-lock.yaml: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| react-dom: | ||
| specifier: ^19.0.0 | ||
| version: 19.0.0(react@19.0.0) | ||
| specifier: ^19.2.3 |
There was a problem hiding this comment.
The lock file shows specifier ^19.2.3 for react-dom, but the package.json specifies ^19.2.0. These should match. The specifier in the lock file should reflect what's in package.json.
| specifier: ^19.2.3 | |
| specifier: ^19.2.0 |
| react: ^19.0.0 | ||
| react: ^19.2.3 | ||
|
|
||
| react@19.0.0: |
There was a problem hiding this comment.
The peer dependency specifies react: ^19.2.3, but the actual react version being used in this project is 19.0.0 (as shown in the lock file and package.json). This creates a peer dependency mismatch. Either react-dom should be a version that accepts react@19.0.0 as a peer dependency, or react should also be upgraded to match the peer dependency requirement.
| react@19.0.0: | |
| react@19.2.3: |
Snyk has created this PR to upgrade react-dom from 19.0.0 to 19.2.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 225 versions ahead of your current version.
The recommended version was released 3 months ago.
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information: