[security](deps): bump react-dom from 19.2.3 to 19.2.4#128
[security](deps): bump react-dom from 19.2.3 to 19.2.4#128dependabot[bot] wants to merge 1 commit intomainfrom
Conversation
Bumps [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) from 19.2.3 to 19.2.4. - [Release notes](https://github.com/facebook/react/releases) - [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/react/commits/v19.2.4/packages/react-dom) --- updated-dependencies: - dependency-name: react-dom dependency-version: 19.2.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
|
Required keyword not found in PR title or description. |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 9505b314ce
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| '@openai/apps-sdk-ui': | ||
| specifier: 0.2.1 | ||
| version: 0.2.1(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(tailwindcss@4.1.18) | ||
| version: 0.2.1(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.4(react@19.2.3))(react@19.2.3)(tailwindcss@4.1.18) |
There was a problem hiding this comment.
pnpm's overrides setting applies one forced version across the dependency graph, but both package.json:130-135 and the committed lockfile header at pnpm-lock.yaml:7-12 still pin react-dom to 19.2.3. This hunk only adds a separate 19.2.4 peer subtree for the root @openai/apps-sdk-ui; the actual workspace importers that build and render the packages still resolve react-dom to 19.2.3 (pnpm-lock.yaml:154-156, 246-248, 537-539, 619-621). So the security bump is ineffective for the shipped workspaces, and the next non---frozen-lockfile install will re-resolve the lockfile back to 19.2.3.
Useful? React with 👍 / 👎.
|
Closing: failing CI checks. Dependabot will regenerate if needed. |
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
1 participant
Bumps react-dom from 19.2.3 to 19.2.4.
Release notes
Sourced from react-dom's releases.
Commits
90ab3f8Version 19.2.4Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)