[Snyk] Upgrade react-dom from 19.1.0 to 19.2.3

[LCSOGthb]

Snyk has created this PR to upgrade react-dom from 19.1.0 to 19.2.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 147 versions ahead of your current version.

• The recommended version was released a month ago.

Release notes

Package name: react-dom

• 19.2.3 - 2025-12-11
  

  React Server Components

  • Add extra loop protection to React Server Functions (@ sebmarkbage #35351)
• 19.2.2 - 2025-12-11
  

  React Server Components

  • Move react-server-dom-webpack/*.unbundled to private react-server-dom-unbundled (@ eps1lon #35290)
  • Patch Promise cycles and toString on Server Functions (@ sebmarkbage, @ unstubbable #35289, #35345)
• 19.2.1 - 2025-12-03
  

  React Server Components

  • Bring React Server Component fixes to Server Actions (@ sebmarkbage #35277)
• 19.2.0 - 2025-10-01
  

  Below is a list of all new features, APIs, and bug fixes.

  Read the React 19.2 release post for more information.

  New React Features

  • <Activity>: A new API to hide and restore the UI and internal state of its children.
  • useEffectEvent is a React Hook that lets you extract non-reactive logic into an Effect Event.
  • cacheSignal (for RSCs) lets your know when the cache() lifetime is over.
  • React Performance tracks appear on the Performance panel’s timeline in your browser developer tools

  New React DOM Features

  • Added resume APIs for partial pre-rendering with Web Streams:
    • resume: to resume a prerender to a stream.
    • resumeAndPrerender: to resume a prerender to HTML.
  • Added resume APIs for partial pre-rendering with Node Streams:
    • resumeToPipeableStream: to resume a prerender to a stream.
    • resumeAndPrerenderToNodeStream: to resume a prerender to HTML.
  • Updated prerender APIs to return a postponed state that can be passed to the resume APIs.

  Notable changes

  • React DOM now batches suspense boundary reveals, matching the behavior of client side rendering. This change is especially noticeable when animating the reveal of Suspense boundaries e.g. with the upcoming <ViewTransition> Component. React will batch as much reveals as possible before the first paint while trying to hit popular first-contentful paint metrics.
  • Add Node Web Streams (prerender, renderToReadableStream) to server-side-rendering APIs for Node.js
  • Use underscore instead of : IDs generated by useId

  All Changes

  React

  • <Activity /> was developed over many years, starting before ClassComponent.setState (@ acdlite @ sebmarkbage and many others)
  • Stringify context as "SomeContext" instead of "SomeContext.Provider" (@ kassens #33507)
  • Include stack of cause of React instrumentation errors with %o placeholder (@ eps1lon #34198)
  • Fix infinite useDeferredValue loop in popstate event (@ acdlite #32821)
  • Fix a bug when an initial value was passed to useDeferredValue (@ acdlite #34376)
  • Fix a crash when submitting forms with Client Actions (@ sebmarkbage #33055)
  • Hide/unhide the content of dehydrated suspense boundaries if they resuspend (@ sebmarkbage #32900)
  • Avoid stack overflow on wide trees during Hot Reload (@ sophiebits #34145)
  • Improve Owner and Component stacks in various places (@ sebmarkbage, @ eps1lon: #33629, #33724, #32735, #33723)
  • Add cacheSignal (@ sebmarkbage #33557)

  React DOM

  • Block on Suspensey Fonts during reveal of server-side-rendered content (@ sebmarkbage #33342)
  • Use underscore instead of : for IDs generated by useId (@ sebmarkbage, @ eps1lon: #32001, #33342#33099, #33422)
  • Stop warning when ARIA 1.3 attributes are used (@ Abdul-Omira #34264)
  • Allow nonce to be used on hoistable styles (@ Andarist #32461)
  • Warn for using a React owned node as a Container if it also has text content (@ sebmarkbage #32774)
  • s/HTML/text for for error messages if text hydration mismatches (@ rickhanlonii #32763)
  • Fix a bug with React.use inside React.lazy-ed Component (@ hi-ogawa #33941)
  • Enable the progressiveChunkSize option for server-side-rendering APIs (@ sebmarkbage #33027)
  • Fix a bug with deeply nested Suspense inside Suspense fallback when server-side-rendering (@ gnoff #33467)
  • Avoid hanging when suspending after aborting while rendering (@ gnoff #34192)
  • Add Node Web Streams to server-side-rendering APIs for Node.js (@ sebmarkbage #33475)

  React Server Components

  • Preload <img> and <link> using hints before they're rendered (@ sebmarkbage #34604)
  • Log error if production elements are rendered during development (@ eps1lon #34189)
  • Fix a bug when returning a Temporary reference (e.g. a Client Reference) from Server Functions (@ sebmarkbage #34084, @ denk0403 #33761)
  • Pass line/column to filterStackFrame (@ eps1lon #33707)
  • Support Async Modules in Turbopack Server References (@ lubieowoce #34531)
  • Add support for .mjs file extension in Webpack (@ jennyscript #33028)
  • Fix a wrong missing key warning (@ unstubbable #34350)
  • Make console log resolve in predictable order (@ sebmarkbage #33665)

  React Reconciler

  • createContainer and createHydrationContainer had their parameter order adjusted after on* handlers to account for upcoming experimental APIs

  eslint-plugin-react-hooks@6.1.0

  Note: Version 6.0.0 was mistakenly released and immediately deprecated and untagged on npm. This is the first official 6.x major release and includes breaking changes.

  • Breaking: Require Node.js 18 or newer. (@ michaelfaith in #32458)
  • Breaking: Flat config is now the default recommended preset. Legacy config moved to recommended-legacy. (@ michaelfaith in #32457)
  • New Violations: Disallow calling use within try/catch blocks. (@ poteto in #34040)
  • New Violations: Disallow calling useEffectEvent functions in arbitrary closures. (@ jbrown215 in #33544)
  • Handle React.useEffect in addition to useEffect in rules-of-hooks. (@ Ayc0 in #34076)
  • Added react-hooks settings config option that to accept additionalEffectHooks that are used across exhaustive-deps and rules-of-hooks rules. (@ jbrown215) in #34497
• 19.2.0-canary-fa3feba6-20250623 - 2025-06-23
• 19.2.0-canary-f9ae0a4c-20250527 - 2025-05-27
• 19.2.0-canary-f7396427-20250501 - 2025-05-02
• 19.2.0-canary-f508edc8-20250818 - 2025-08-18
• 19.2.0-canary-f3a80361-20250911 - 2025-09-11
• 19.2.0-canary-f1e70b5e-20250811 - 2025-08-11
• 19.2.0-canary-f1222f76-20250812 - 2025-08-13
• 19.2.0-canary-ef8b6fa2-20250702 - 2025-07-03
• 19.2.0-canary-ef889445-20250930 - 2025-09-30
• 19.2.0-canary-edac0dde-20250723 - 2025-07-23
• 19.2.0-canary-eaee5308-20250728 - 2025-07-28
• 19.2.0-canary-ea05b750-20250408 - 2025-04-09
• 19.2.0-canary-e9db3cc2-20250501 - 2025-05-01
• 19.2.0-canary-e9638c33-20250721 - 2025-07-21
• 19.2.0-canary-e6dc25da-20250709 - 2025-07-09
• 19.2.0-canary-e5dd82a7-20250401 - 2025-04-01
• 19.2.0-canary-e2332183-20250924 - 2025-09-24
• 19.2.0-canary-dffacc7b-20250717 - 2025-07-17
• 19.2.0-canary-df38ac9a-20250926 - 2025-09-26
• 19.2.0-canary-de5a1b20-20250905 - 2025-09-05
• 19.2.0-canary-d92056ef-20250627 - 2025-06-27
• 19.2.0-canary-d85f86cf-20250514 - 2025-05-14
• 19.2.0-canary-d85ec5f5-20250716 - 2025-07-16
• 19.2.0-canary-d415fd3e-20250919 - 2025-09-19
• 19.2.0-canary-d15d7fd7-20250929 - 2025-09-29
• 19.2.0-canary-cee7939b-20250625 - 2025-06-25
• 19.2.0-canary-c498bfce-20250426 - 2025-04-28
• 19.2.0-canary-c4676e72-20250520 - 2025-05-20
• 19.2.0-canary-c44e4a25-20250409 - 2025-04-10
• 19.2.0-canary-c260b38d-20250731 - 2025-07-31
• 19.2.0-canary-c129c242-20250505 - 2025-05-05
• 19.2.0-canary-c0464aed-20250523 - 2025-05-26
• 19.2.0-canary-befc1246-20250708 - 2025-07-08
• 19.2.0-canary-be11cb5c-20250804 - 2025-08-04
• 19.2.0-canary-bdb4a96f-20250801 - 2025-08-01
• 19.2.0-canary-bc6184dd-20250417 - 2025-04-18
• 19.2.0-canary-bbc13fa1-20250624 - 2025-06-24
• 19.2.0-canary-bb6f0c8d-20250901 - 2025-09-01
• 19.2.0-canary-b9cfa0d3-20250505 - 2025-05-05
• 19.2.0-canary-b9a04536-20250904 - 2025-09-04
• 19.2.0-canary-b94603b9-20250513 - 2025-05-13
• 19.2.0-canary-b7e2de63-20250611 - 2025-06-11
• 19.2.0-canary-b6c0aa88-20250609 - 2025-06-09
• 19.2.0-canary-b4477d38-20250605 - 2025-06-05
• 19.2.0-canary-b1b0955f-20250901 - 2025-09-01
• 19.2.0-canary-b10cb4c0-20250403 - 2025-04-03
• 19.2.0-canary-b0c1dc01-20250925 - 2025-09-25
• 19.2.0-canary-b07717d8-20250528 - 2025-05-28
• 19.2.0-canary-b04254fd-20250415 - 2025-04-16
• 19.2.0-canary-ac7820a9-20250811 - 2025-08-11
• 19.2.0-canary-ab859e31-20250606 - 2025-06-06
• 19.2.0-canary-aad7c664-20250829 - 2025-08-29
• 19.2.0-canary-a96a0f39-20250815 - 2025-08-15
• 19.2.0-canary-a7a11657-20250708 - 2025-07-08
• 19.2.0-canary-a00ca6f6-20250611 - 2025-06-11
• 19.2.0-canary-9be531cd-20250729 - 2025-07-29
• 19.2.0-canary-99efc627-20250523 - 2025-05-23
• 19.2.0-canary-97cdd5d3-20250710 - 2025-07-11
• 19.2.0-canary-9784cb37-20250730 - 2025-07-30
• 19.2.0-canary-96c61b7f-20250709 - 2025-07-10
• 19.2.0-canary-93d7aa69-20250912 - 2025-09-12
• 19.2.0-canary-914319ae-20250423 - 2025-04-23
• 19.2.0-canary-8e60cb7e-20250902 - 2025-09-02
• 19.2.0-canary-8d7b5e49-20250827 - 2025-08-28
• 19.2.0-canary-8ce15b0f-20250522 - 2025-05-22
• 19.2.0-canary-8bb7241f-20250926 - 2025-09-26
• 19.2.0-canary-8a8e9a7e-20250912 - 2025-09-12
• 19.2.0-canary-89a803fc-20250828 - 2025-08-28
• 19.2.0-canary-886b3d36-20250910 - 2025-09-10
• 19.2.0-canary-873f7112-20250821 - 2025-08-21
• 19.2.0-canary-86181134-20251001 - 2025-10-01
• 19.2.0-canary-84af9085-20250917 - 2025-09-18
• 19.2.0-canary-83c88ad4-20250923 - 2025-09-23
• 19.2.0-canary-7deda941-20250804 - 2025-08-05
• 19.2.0-canary-7a2c7045-20250506 - 2025-05-06
• 19.2.0-canary-79d9aed7-20250620 - 2025-06-20
• 19.2.0-canary-7513996f-20250722 - 2025-07-22
• 19.2.0-canary-73aa744b-20250702 - 2025-07-02
• 19.2.0-canary-7216c0f0-20250630 - 2025-07-01
• 19.2.0-canary-72135096-20250421 - 2025-04-22
• 19.2.0-canary-6eda5347-20250918 - 2025-09-19
• 19.2.0-canary-6de32a5a-20250822 - 2025-08-22
• 19.2.0-canary-6b70072c-20250909 - 2025-09-09
• 19.2.0-canary-6a7650c7-20250405 - 2025-04-05
• 19.2.0-canary-67a44bcd-20250915 - 2025-09-15
• 19.2.0-canary-66f09bd0-20250806 - 2025-08-06
• 19.2.0-canary-65c4decb-20250630 - 2025-06-30
• 19.2.0-canary-63779030-20250328 - 2025-03-31
• 19.2.0-canary-60b5271a-20250709 - 2025-07-09
• 19.2.0-canary-5e0c951b-20250916 - 2025-09-16
• 19.2.0-canary-5dc00d6b-20250428 - 2025-04-28
• 19.2.0-canary-5d87cd22-20250704 - 2025-07-04
• 19.2.0-canary-56408a5b-20250610 - 2025-06-10
• 19.2.0-canary-548235db-20251001 - 2025-10-01
• 19.2.0-canary-540cd652-20250403 - 2025-04-04
• 19.2.0-canary-534bed5f-20250813 - 2025-08-13
• 19.2.0-canary-526dd340-20250602 - 2025-06-02
• 19.2.0-canary-4db4b21c-20250626 - 2025-06-26
• 19.2.0-canary-4a45ba92-20250515 - 2025-05-15
• 19.2.0-canary-4a36d3ea-20250416 - 2025-04-17
• 19.2.0-canary-462d08f9-20250517 - 2025-05-19
• 19.2.0-canary-4448b187-20250515 - 2025-05-16
• 19.2.0-canary-4123f6b7-20250826 - 2025-08-26
• 19.2.0-canary-408d055a-20250430 - 2025-04-30
• 19.2.0-canary-3fbfb9ba-20250409 - 2025-04-09
• 19.2.0-canary-3fb190f7-20250908 - 2025-09-08
• 19.2.0-canary-3d14fcf0-20250724 - 2025-07-24
• 19.2.0-canary-39cad7af-20250411 - 2025-04-14
• 19.2.0-canary-3958d5d8-20250807 - 2025-08-07
• 19.2.0-canary-38ef6550-20250508 - 2025-05-08
• 19.2.0-canary-3820740a-20250509 - 2025-05-12
• 19.2.0-canary-379a083b-20250813 - 2025-08-14
• 19.2.0-canary-37054867-20250604 - 2025-06-04
• 19.2.0-canary-33a1095d-20250827 - 2025-08-27
• 19.2.0-canary-33661467-20250407 - 2025-04-07
• 19.2.0-canary-3302d1f7-20250903 - 2025-09-03
• 19.2.0-canary-2f0e7e57-20250715 - 2025-07-15
• 19.2.0-canary-280ff6fe-20250606 - 2025-06-06
• 19.2.0-canary-2805f0ed-20250903 - 2025-09-03
• 19.2.0-canary-23884812-20250520 - 2025-05-21
• 19.2.0-canary-223f81d8-20250707 - 2025-07-07
• 19.2.0-canary-21fdf308-20250508 - 2025-05-09
• 19.2.0-canary-1eca9a27-20250922 - 2025-09-22
• 19.2.0-canary-1dc3bdea-20250812 - 2025-08-12
• 19.2.0-canary-1d6c8168-20250411 - 2025-04-11
• 19.2.0-canary-1bd1f01f-20251001 - 2025-10-01
• 19.2.0-canary-1ae0a845-20250603 - 2025-06-03
• 19.2.0-canary-19baee81-20250725 - 2025-07-25
• 19.2.0-canary-197d6a04-20250424 - 2025-04-24
• 19.2.0-canary-143d3e1b-20250425 - 2025-04-25
• 19.2.0-canary-14094f80-20250529 - 2025-05-29
• 19.2.0-canary-12bc60f5-20250613 - 2025-06-13
• 19.2.0-canary-128abcfa-20250917 - 2025-09-17
• 19.2.0-canary-0ff1d13b-20250507 - 2025-05-07
• 19.2.0-canary-0bdb9206-20250818 - 2025-08-19
• 19.2.0-canary-06e89951-20250620 - 2025-06-20
• 19.2.0-canary-040f8286-20250402 - 2025-04-02
• 19.2.0-canary-03fda05d-20250820 - 2025-08-20
• 19.2.0-canary-0038c501-20250429 - 2025-04-29
• 19.1.4 - 2025-12-11
• 19.1.3 - 2025-12-11
  

  React Server Components

  • Move react-server-dom-webpack/*.unbundled to private react-server-dom-unbundled (@ eps1lon #35290)
  • Patch Promise cycles and toString on Server Functions (@ sebmarkbage, @ unstubbable #35289, #35345)
• 19.1.2 - 2025-12-03
  

  React Server Components

  • Bring React Server Component fixes to Server Actions (@ sebmarkbage #35277)
• 19.1.1 - 2025-07-28
  

  React

  • Fixed Owner Stacks to work with ES2015 function.name semantics (#33680 by @ hoxyq)
• 19.1.0 - 2025-03-28

from react-dom GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
airmerge	Error		Apr 5, 2026 1:11am

[coderabbitai]

Important

Review skipped

Ignore keyword(s) in the title.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 7cd9ac37-c2d9-4ad2-85f4-d8d346fb3324

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch snyk-upgrade-3ed01bf6b2d388642e2065ea5c632dba

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[deepsource-io]

DeepSource Code Review

We reviewed changes in fa2799b...5b697a7 on this pull request. Below is the summary for the review, and you can see the individual issues we found as inline review comments.

See full review on DeepSource ↗

PR Report Card

Overall Grade

Security   Reliability   Complexity   Hygiene

Code Review Summary

Analyzer	Status	Updated (UTC)	Details
Ruby		Apr 5, 2026 1:13a.m.	Review ↗
Rust		Apr 5, 2026 1:13a.m.	Review ↗
JavaScript		Apr 5, 2026 1:13a.m.	Review ↗
Scala		Apr 5, 2026 1:13a.m.	Review ↗
Shell		Apr 5, 2026 1:13a.m.	Review ↗
Secrets		Apr 5, 2026 1:13a.m.	Review ↗
Terraform		Apr 5, 2026 1:13a.m.	Review ↗
Swift		Apr 5, 2026 1:13a.m.	Review ↗
SQL		Apr 5, 2026 1:13a.m.	Review ↗
Test coverage		Apr 5, 2026 1:13a.m.	Review ↗
C & C++		Apr 5, 2026 1:13a.m.	Review ↗
C#		Apr 5, 2026 1:13a.m.	Review ↗
Ansible		Apr 5, 2026 1:13a.m.	Review ↗

[codacy-production]

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

🟢 Metrics 0 complexity · 0 duplication

Metric	Results
Complexity	0
Duplication	0

View in Codacy

AI Reviewer: first review requested successfully. AI can make mistakes. Always validate suggestions.

_{TIP This summary will be updated as you push new changes. Give us feedback}

[codacy-production]

Pull Request Overview

This PR upgrades react-dom from 19.1.0 to 19.2.3. The upgrade introduces the <Activity> component, the useEffectEvent hook, and fixes for React Server Components and hydration.

Codacy analysis indicates that the changes are up to standards, with no new issues, clones, or complexity added to the codebase. Although the dependency changes in package.json and package-lock.json align with the stated intent, the PR currently lacks automated test scenarios to verify that the application's core rendering and hydration logic remains intact following this version bump.

Test suggestions

• Verify that the application's core rendering and hydration logic remains functional with the updated React DOM version.

Prompt proposal for missing tests

Consider implementing these tests if applicable:
1. Verify that the application's core rendering and hydration logic remains functional with the updated React DOM version.

---

🗒️ Improve review quality by adding custom instructions