chore(deps): bump React to v19.2.1 to clear CVE-2025-55182

[dtoxvanilla1991]

Explain your changes

This PR updates React dependencies to the latest patch version to resolve the security advisory GHSA-9qr9-h5gf-34mp.

Changes:

• react & react-dom: Bumped from ^19.1.0 to ^19.2.1.
• aligned lock files too, resolved crit vulnerabilities.

Reason: Although this is a client-side Vite application and likely not vulnerable to the RCE (which targets Server Components), React 19.1.0 is flagged as vulnerable. Updating ensures npm audit is clean and users start with a secure foundation.

Checklist

• I have read the “Pull requests” section in the contributing guidelines.
• I agree to the terms within the code of conduct.

🛟 If you need help, consider asking for advice over in the Kinde community.

[coderabbitai]

Walkthrough

Updated React and React DOM dependencies from version 19.1.0 to 19.2.1 in package.json, including corresponding TypeScript type definitions. No logic, structure, or code changes were introduced.

Changes

Cohort / File(s)	Summary
Dependency Updates package.json	Updated react and react-dom from ^19.1.0 to ^19.2.1; updated @types/react and @types/react-dom devDependencies from ^19.1.x to ^19.2.1

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

• Verify React 19.2.1 is a stable release without breaking changes
• Confirm compatibility with existing codebase and other dependencies

Suggested reviewers

• DanielRivers

Poem

🐰✨ A minor hop, a gentle bound,
React's now fresher, newest round!
From 19.1, we leap to .2,
Dependencies dance, all shiny and new! 🚀

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately reflects the main change: bumping React dependencies to a specific version (v19.2.1) to address a known security vulnerability (CVE-2025-55182).
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/CVE-vulnerability

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 62becae and d436197.

⛔ Files ignored due to path filters (2)

• package-lock.json is excluded by !**/package-lock.json
• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (1)

• package.json (1 hunks)

🔇 Additional comments (1)

package.json (1)

14-15: ✓ Correct security patch for CVE-2025-55182; no migration concerns for client-side app.

The update addresses CVE-2025-55182, which is fixed in React 19.2.1. Since this Vite application doesn't use a server and doesn't use React Server Components, it is not affected by this vulnerability. However, updating to the patched version is prudent to keep npm audit clean and ensure users start from a secure baseline.

React 19.2 introduces no breaking changes, so the upgrade is low-risk. All React-related dependencies (react, react-dom, and corresponding TypeScript types) are updated consistently, which is correct.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}