chore(deps): bump react-dom and @types/react-dom

[dependabot]

Bumps react-dom and @types/react-dom. These dependencies needed to be updated together.
Updates react-dom from 18.3.1 to 19.2.5

Release notes

Sourced from react-dom's releases.

19.2.5 (April 8th, 2026)

React Server Components

• Add more cycle protections (#36236 by @​eps1lon and @​unstubbable)

19.2.4 (January 26th, 2026)

React Server Components

• Add more DoS mitigations to Server Actions, and harden Server Components (#35632 by @​gnoff, @​lubieowoce, @​sebmarkbage, @​unstubbable)

19.2.3 (December 11th, 2025)

React Server Components

• Add extra loop protection to React Server Functions (@​sebmarkbage #35351)

19.2.2 (December 11th, 2025)

React Server Components

• Move react-server-dom-webpack/*.unbundled to private react-server-dom-unbundled (@​eps1lon facebook/react#35290)
• Patch Promise cycles and toString on Server Functions (@​sebmarkbage, @​unstubbable #35289, #35345)

19.2.1 (December 3rd, 2025)

React Server Components

• Bring React Server Component fixes to Server Actions (@​sebmarkbage #35277)

19.2.0 (Oct 1, 2025)

Below is a list of all new features, APIs, and bug fixes.

Read the React 19.2 release post for more information.

New React Features

• <Activity>: A new API to hide and restore the UI and internal state of its children.
• useEffectEvent is a React Hook that lets you extract non-reactive logic into an Effect Event.
• cacheSignal (for RSCs) lets your know when the cache() lifetime is over.
• React Performance tracks appear on the Performance panel’s timeline in your browser developer tools

New React DOM Features

• Added resume APIs for partial pre-rendering with Web Streams:
  • resume: to resume a prerender to a stream.
  • resumeAndPrerender: to resume a prerender to HTML.
• Added resume APIs for partial pre-rendering with Node Streams:
  • resumeToPipeableStream: to resume a prerender to a stream.
  • resumeAndPrerenderToNodeStream: to resume a prerender to HTML.
• Updated prerender APIs to return a postponed state that can be passed to the resume APIs.

Notable changes

• React DOM now batches suspense boundary reveals, matching the behavior of client side rendering. This change is especially noticeable when animating the reveal of Suspense boundaries e.g. with the upcoming <ViewTransition> Component. React will batch as much reveals as possible before the first paint while trying to hit popular first-contentful paint metrics.

... (truncated)

Changelog

Sourced from react-dom's changelog.

19.2.1 (Dec 3, 2025)

React Server Components

• Bring React Server Component fixes to Server Actions (@​sebmarkbage #35277)

19.2.0 (October 1st, 2025)

Below is a list of all new features, APIs, and bug fixes.

Read the React 19.2 release post for more information.

New React Features

• <Activity>: A new API to hide and restore the UI and internal state of its children.
• useEffectEvent is a React Hook that lets you extract non-reactive logic into an Effect Event.
• cacheSignal (for RSCs) lets your know when the cache() lifetime is over.
• React Performance tracks appear on the Performance panel’s timeline in your browser developer tools

New React DOM Features

• Added resume APIs for partial pre-rendering with Web Streams:
  • resume: to resume a prerender to a stream.
  • resumeAndPrerender: to resume a prerender to HTML.
• Added resume APIs for partial pre-rendering with Node Streams:
  • resumeToPipeableStream: to resume a prerender to a stream.
  • resumeAndPrerenderToNodeStream: to resume a prerender to HTML.
• Updated prerender APIs to return a postponed state that can be passed to the resume APIs.

Notable changes

• React DOM now batches suspense boundary reveals, matching the behavior of client side rendering. This change is especially noticeable when animating the reveal of Suspense boundaries e.g. with the upcoming <ViewTransition> Component. React will batch as much reveals as possible before the first paint while trying to hit popular first-contentful paint metrics.
• Add Node Web Streams (prerender, renderToReadableStream) to server-side-rendering APIs for Node.js
• Use underscore instead of : IDs generated by useId

All Changes

React

• <Activity /> was developed over many years, starting before ClassComponent.setState (@​acdlite @​sebmarkbage and many others)
• Stringify context as "SomeContext" instead of "SomeContext.Provider" (@​kassens #33507)
• Include stack of cause of React instrumentation errors with %o placeholder (@​eps1lon #34198)
• Fix infinite useDeferredValue loop in popstate event (@​acdlite #32821)
• Fix a bug when an initial value was passed to useDeferredValue (@​acdlite #34376)
• Fix a crash when submitting forms with Client Actions (@​sebmarkbage #33055)
• Hide/unhide the content of dehydrated suspense boundaries if they resuspend (@​sebmarkbage #32900)
• Avoid stack overflow on wide trees during Hot Reload (@​sophiebits #34145)
• Improve Owner and Component stacks in various places (@​sebmarkbage, @​eps1lon: #33629, #33724, #32735, #33723)
• Add cacheSignal (@​sebmarkbage #33557)

... (truncated)

Commits

• 23f4f9f 19.2.5
• 90ab3f8 Version 19.2.4
• 612e371 Version 19.2.3
• b910fc1 Version 19.2.2
• 053df4e Version 19.2.1
• 8618113 Bump scheduler version (#34671)
• 1bd1f01 Ship partial-prerendering APIs to Canary (#34633)
• 2f0649a [Fizz] Remove nonce option from resume-and-prerender APIs (#34664)
• 5667a41 Bump next prerelease version numbers (#34639)
• e08f53b Match react-dom/static test entrypoints and published entrypoints (#34599)
• Additional commits viewable in compare view

Updates @types/react-dom from 18.3.7 to 19.2.3

Commits

• See full diff in compare view

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[dependabot]

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[github-actions]

Findings

• [Blocker] react-dom 19 and @types/react-dom 19 are bumped without the matching React 19 runtime/type packages. That leaves the PR head in an unsupported peer state: the lockfile now records react-dom requiring react: ^19.2.5 and @types/react-dom requiring @types/react: ^19.2.0, while the repo still declares react 18.3.1 and @types/react 18.3.12. Evidence package.json:89, package.json:108, package-lock.json:4851, package-lock.json:13967.
  Suggested fix:

  {
    "dependencies": {
      "react": "^19.2.5",
      "react-dom": "^19.2.5"
    },
    "devDependencies": {
      "@types/react": "^19.2.3",
      "@types/react-dom": "^19.2.3"
    }
  }

Summary

• Review mode: initial. Blocked on aligning the React runtime and type package majors; the current diff upgrades only the DOM half of the stack.

Testing

• Not run (automation)

Open Cowork Bot

[github-actions]

[BLOCKER] react-dom 19 now peers on react: ^19.2.5, and this PR also moves @types/react-dom to a package that peers on @types/react: ^19.2.0, but the repo is still pinned to react 18.3.1 and @types/react 18.3.12. Please upgrade the matching react/@types/react pair in the same PR, or keep the DOM packages on 18.x.

Suggested fix:

"react": "^19.2.5",
"react-dom": "^19.2.5",
"@types/react": "^19.2.3",
"@types/react-dom": "^19.2.3"

[github-actions]

Findings

• [Blocker] The previous review flagged that upgrading only react-dom and @types/react-dom to v19 without also upgrading react and @types/react creates an unsupported peer dependency state. The new commits in this follow-up (CI infrastructure and review scripts) do not address this issue. The package.json still declares "react": "^18.3.1" and "@types/react": "^18.3.12", while the lockfile records react-dom@19.2.5 requiring react: ^19.2.5 and @types/react-dom@19.2.3 requiring @types/react: ^19.2.0. This will cause peer dependency warnings or breakage at install time. Evidence package.json:89, package.json:108, package-lock.json:14416, package-lock.json:5028.
  Suggested fix:

  {
    "dependencies": {
      "react": "^19.2.5",
      "react-dom": "^19.2.5"
    },
    "devDependencies": {
      "@types/react": "^19.2.3",
      "@types/react-dom": "^19.2.3"
    }
  }

Summary

• Review mode: follow-up after new commits. The blocker from the initial review remains unresolved. The added CI scripts and prompt changes are unrelated to the dependency bump and do not mitigate the peer dependency mismatch. The PR must either upgrade react and @types/react to v19 as well, or downgrade react-dom and @types/react-dom back to 18.x.

Testing

• Not run (automation)

Open Cowork Bot