[Snyk] Upgrade react from 19.2.0 to 19.2.3#1
Conversation
Snyk has created this PR to upgrade react from 19.2.0 to 19.2.3. See this package in pnpm: react See this project in Snyk: https://app.snyk.io/org/danielbodnar/project/fb1fae36-5dba-4f23-a29b-04b364e68a4f?utm_source=github&utm_medium=referral&page=upgrade-pr
There was a problem hiding this comment.
Pull request overview
Upgrades the keyless-desktop frontend’s React dependency version as part of an automated Snyk dependency update.
Changes:
- Bump
reactversion range inkeyless-desktop/package.json. - Update
keyless-desktop/pnpm-lock.yamlto resolve React to a newer patch version and adjust dependent snapshot entries.
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| keyless-desktop/package.json | Updates the declared React dependency range. |
| keyless-desktop/pnpm-lock.yaml | Updates the lockfile resolution and snapshots for the React upgrade. |
Files not reviewed (1)
- keyless-desktop/pnpm-lock.yaml: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| react: | ||
| specifier: ^19.1.0 | ||
| version: 19.2.0 | ||
| specifier: ^19.2.4 | ||
| version: 19.2.4 |
There was a problem hiding this comment.
pnpm-lock.yaml lists the react dependency specifier as ^19.2.4, but package.json specifies react: ^19.2.3. With pnpm install --frozen-lockfile (used in CI), this mismatch can cause installs to fail because the lockfile no longer matches the manifest. Regenerate the lockfile from the current package.json or update package.json to match the specifier used in the lockfile.
| "@tauri-apps/plugin-positioner": "^2.3.1", | ||
| "@tauri-apps/plugin-store": "^2", | ||
| "react": "^19.1.0", | ||
| "react": "^19.2.3", |
There was a problem hiding this comment.
The PR title/description indicates an upgrade to React 19.2.3, but the lockfile resolves React to 19.2.4 and even records the specifier as ^19.2.4. Please reconcile the intended target version (update the PR metadata/title and/or package.json, and regenerate the lockfile accordingly) so the PR reflects the actual upgrade being applied.
Snyk has created this PR to upgrade react from 19.2.0 to 19.2.3.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 3 versions ahead of your current version.
The recommended version was released 2 months ago.
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information: