chore(deps): update react to v19.2.3

[thomhurst]

This PR contains the following updates:

Package	Type	Update	Change
react (source)	dependencies	patch	19.2.0 → 19.2.3
react-dom (source)	dependencies	patch	19.2.0 → 19.2.3

---

Release Notes

facebook/react (react)

v19.2.3: 19.2.3 (December 11th, 2025)

Compare Source

React Server Components

• Add extra loop protection to React Server Functions (@​sebmarkbage #​35351)

v19.2.2: 19.2.2 (December 11th, 2025)

Compare Source

React Server Components

• Move react-server-dom-webpack/*.unbundled to private react-server-dom-unbundled (@​eps1lon #​35290)
• Patch Promise cycles and toString on Server Functions (@​sebmarkbage, @​unstubbable #​35289, #​35345)

v19.2.1

Compare Source

React Server Components

• Bring React Server Component fixes to Server Actions (@​sebmarkbage #​35277)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled because a matching PR was automerged previously.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[Copilot]

Copilot wasn't able to review any files in this pull request.

[claude]

Pull Request Review

Summary

This is an automated dependency update from Renovate Bot upgrading React and React-DOM from v19.2.0 to v19.2.3 in the documentation site.

Analysis

Changes:

• Updates react from 19.2.0 to 19.2.3
• Updates react-dom from 19.2.0 to 19.2.3
• Only affects docs/yarn.lock (lockfile changes)

Release Notes Summary:
The updates include:

• v19.2.3: Extra loop protection for React Server Functions
• v19.2.2: Promise cycle patches and toString fixes on Server Functions
• v19.2.1: React Server Component fixes for Server Actions

Code Quality Assessment

✅ Approved - This is a safe patch-level dependency update.

Positive aspects:

1. ✅ Patch version update (low risk)
2. ✅ Security/stability improvements for React Server Components
3. ✅ Only affects documentation site, not core TUnit functionality
4. ✅ Automated by Renovate with proper changelog references
5. ✅ Lockfile-only changes (no code modifications)

Considerations:

• The updates address security issues in React Server Functions (Promise cycles, loop protection)
• No breaking changes expected for a patch release
• No test changes needed as this is purely a dependency update

Recommendations

1. Merge when ready - This is a safe update addressing stability/security issues
2. No additional testing required - Patch updates are backward compatible
3. Consider enabling auto-merge for future patch-level React updates to reduce maintenance overhead

Security Notes

The updates patch potential issues with:

• Promise cycle handling in Server Functions
• Loop protection in React Server Functions
• toString method vulnerabilities

These are important security/stability fixes worth incorporating.

---

Verdict: ✅ LGTM - Safe to merge.

[claude]

PR Review: React v19.2.3 Dependency Update

Summary

This PR updates React and React-DOM from v19.2.0 to v19.2.3 in the documentation site. This is a patch-level dependency update managed by Renovate Bot.

Changes Reviewed

• Scope: Only affects docs/yarn.lock (lockfile)
• Packages Updated:
  • react: 19.2.0 → 19.2.3
  • react-dom: 19.2.0 → 19.2.3

Analysis

✅ Positive Aspects

1. Security Patches: Based on the release notes, versions 19.2.1-19.2.3 contain important fixes for React Server Components and Server Functions:

   • v19.2.3: Extra loop protection for React Server Functions
   • v19.2.2: Patches for Promise cycles and toString vulnerabilities in Server Functions
   • v19.2.1: Server Component fixes applied to Server Actions

2. Low Risk: This is a patch-level update with no breaking changes expected

3. Documentation Site Only: Changes are isolated to the docs site, not affecting the TUnit core library

4. Automated Testing: Renovate Bot typically includes automated checks

🔍 Considerations

1. TUnit Project Context:

   • This update doesn't affect TUnit's core testing framework
   • The docs site is a separate concern from the main TUnit library
   • No dual-mode implementation concerns (source-gen vs reflection)

2. No Source Code Changes: Only lockfile updates, which is expected for dependency updates

3. Testing Recommendation:

   • Verify the docs site builds successfully: cd docs && yarn install && yarn build
   • Check that all documentation pages render correctly
   • Test any interactive React components in the docs

📊 Risk Assessment

• Code Quality: ✅ N/A (lockfile only)
• Security: ✅ Positive (includes security patches)
• Performance: ✅ No concerns
• Breaking Changes: ✅ None expected (patch version)
• Test Coverage: ⚠️ Ensure docs site builds and runs

Recommendation

APPROVE ✅

This is a straightforward dependency update that includes important security fixes for React Server Functions. The changes are isolated to the documentation site and don't impact TUnit's core functionality.

Action Items Before Merge:

1. Verify docs site builds successfully
2. Optionally test docs site locally to ensure no regressions
3. Let CI/CD pipelines complete their checks

---

Generated by Claude Code - TUnit Documentation Review

[claude]

Pull Request Review

Summary

This PR updates React dependencies in the documentation site from 19.2.0 to 19.2.3. This is a standard Renovate bot PR applying patch-level security and bug fixes.

---

✅ Code Quality & Best Practices

• APPROVED: Automated dependency update by Renovate bot
• APPROVED: Only affects documentation site dependencies, not core TUnit functionality
• APPROVED: Patch-level update following semantic versioning (19.2.0 → 19.2.3)

---

🔒 Security Considerations

According to the release notes, 19.2.2 and 19.2.3 contain important security fixes:

• 19.2.2: Patch for Promise cycles and toString on Server Functions (potential security issue)
• 19.2.3: Additional loop protection for React Server Functions

Recommendation: This update should be merged as it contains security patches.

---

🐛 Bug Fixes

The updates include bug fixes for React Server Components:

• Server Function security improvements
• Better handling of react-server-dom-webpack unbundled modules

---

📊 Scope Analysis

Files Changed: 1 file

• docs/yarn.lock (191 additions, 298 deletions)

Impact:

• ✅ No source code changes
• ✅ No public API changes
• ✅ No snapshot updates required
• ✅ Changes isolated to documentation site
• ✅ Does not affect TUnit core, engine, assertions, or source generators

---

🧪 Testing Considerations

Recommended verification:

• cd docs && yarn install
• yarn build
• yarn typecheck

These commands will verify:

1. Dependencies resolve correctly
2. Documentation site builds successfully
3. TypeScript compilation passes

---

⚡ Performance Impact

None expected - These are patch-level React updates focused on security and bug fixes, not performance changes.

---

📝 TUnit-Specific Compliance

Checking against CLAUDE.md requirements:

Rule	Applicable?	Status
Dual-Mode Implementation	❌ No (docs only)	N/A
Snapshot Testing	❌ No (no generator/API changes)	N/A
AOT/Trimming	❌ No (docs only)	N/A
Performance	❌ No (docs only)	N/A

---

🎯 Recommendation

✅ APPROVE AND MERGE

Reasons:

1. Security patches included - Contains important server function security fixes
2. Low risk - Only affects documentation site, zero impact on TUnit core
3. Standard maintenance - Automated dependency updates are good practice
4. Backward compatible - Patch version bump maintains compatibility

Suggested action: Merge after CI passes and documentation build succeeds.

---

📚 References

• React v19.2.3 Release Notes: https://github.com/facebook/react/releases/tag/v19.2.3
• React v19.2.2 Release Notes: https://github.com/facebook/react/releases/tag/v19.2.2
• React v19.2.1 Release Notes: https://github.com/facebook/react/blob/HEAD/CHANGELOG.md#1921-Dec-3-2025

---

Review conducted by Claude Code following TUnit development guidelines.

[claude]

PR Review Summary

This is an automated dependency update from Renovate Bot updating React and React-DOM from v19.2.0 to v19.2.3 in the documentation project.

✅ Overall Assessment: APPROVED

This is a straightforward dependency update that only affects the documentation site (not the core TUnit library). The changes are safe to merge.

---

📋 Review Findings

✅ Code Quality: Excellent

• Lock file only changes: The PR only modifies docs/yarn.lock - no source code changes
• Scope: Changes are isolated to the documentation project, zero impact on TUnit core functionality
• Dependency cleanup: The update also removes unused transitive dependencies (like duplicate @algolia/client-* versions), which is a positive side effect

✅ Security: Good

The React updates include important fixes:

• v19.2.3: Extra loop protection for React Server Functions (security improvement)
• v19.2.2: Patches for Promise cycles and toString on Server Functions (security fixes)
• v19.2.1: Server Component fixes brought to Server Actions

These are patch-level security and stability improvements with no breaking changes.

✅ Testing: Adequate

• All CI checks are currently in progress
• Given this only affects the docs build (Docusaurus), the risk is minimal
• The "Test Deploy to GitHub Pages" workflow will verify the docs build correctly

✅ Performance: No concerns

• Patch updates typically include performance improvements
• Lock file size reduced (298 deletions vs 191 additions) due to dependency deduplication

---

🎯 TUnit-Specific Considerations

Per the CLAUDE.md guidelines, I've verified:

1. No impact on dual-mode implementation: ✅ Docs only
2. No source generator changes: ✅ No .verified.txt updates needed
3. No public API changes: ✅ TUnit.Core/Engine/Assertions unchanged
4. No performance impact: ✅ Runtime unaffected
5. No AOT/trimming concerns: ✅ Docs are not compiled with AOT

---

📝 Recommendations

1. ✅ Merge when CI passes - This is a safe, low-risk update
2. ✅ No manual testing required - If the docs deploy successfully, the update is working
3. ℹ️ Note: The PR description shows "December 11th, 2025" which appears to be a date error in the release notes (likely meant 2024)

---

🔍 Additional Notes

The lock file shows several transitive dependency cleanups:

• Consolidated @algolia/client-* versions (removes duplicates at 5.42.0)
• Deduplicated common dependencies (commander, mime-db, d3-* packages)
• Updated csstype to match React's peer dependency requirements

This is exactly the type of maintenance Renovate Bot excels at - keeping dependencies current with minimal risk.

---

Verdict: ✅ Approved - Safe to merge once CI passes.

[thomhurst]

Summary

This PR updates React and React-DOM dependencies from 19.2.0 to 19.2.3 in the documentation site.

Critical Issues

None found ✅

This is a standard Renovate bot dependency update for the documentation site that:

• Only modifies docs/yarn.lock (no source code changes)
• Updates React and React-DOM patch versions (19.2.0 → 19.2.3)
• Does not touch any TUnit core code, source generators, or test infrastructure
• Does not affect any of TUnit's critical rules (dual-mode, snapshot testing, VSTest prohibition, performance, or AOT compatibility)

Suggestions

None - this is a straightforward lockfile update for documentation dependencies.

Verdict

✅ APPROVE - No critical issues

[thomhurst]

Summary

Updates React and React-DOM dependencies in the documentation site from v19.2.0 to v19.2.3 (patch updates).

Critical Issues

None found ✅

Review Analysis

This is a Renovate bot PR that updates only the docs/yarn.lock file with React dependency patches. Based on TUnit's critical rules:

1. Dual-Mode: ✅ Not applicable - only affects documentation dependencies
2. Snapshot Testing: ✅ Not applicable - no source generator or public API changes
3. No VSTest: ✅ Not applicable - no test platform changes
4. Performance First: ✅ Not applicable - documentation dependencies only
5. AOT Compatible: ✅ Not applicable - no runtime code changes

The changes are:

• React 19.2.0 → 19.2.3 (patch release with Server Component security fixes)
• React-DOM 19.2.0 → 19.2.3 (same version alignment)
• Various transitive dependency updates in yarn.lock

These are standard lock file updates from a patch release. The React 19.2.x releases include important server component fixes according to the changelog.

Verdict

✅ APPROVE - Safe dependency update with no code changes, only lock file updates for the documentation site.

[thomhurst]

Summary

Updates React and React-DOM dependencies in the documentation site from 19.2.0 to 19.2.3.

Critical Issues

None found ✅

Previous Review Status

Unable to access previous comments due to API permissions.

Verdict

✅ APPROVE - This is a documentation-only dependency update with no impact on TUnit core functionality. The changes are confined to docs/yarn.lock and include React Server Components security fixes.

[thomhurst]

Summary

Updates React and React DOM from v19.2.0 to v19.2.3 in the documentation site dependencies.

Critical Issues

None found ✅

This PR only modifies the documentation site's yarn.lock file to update React dependencies. The changes:

• Update React and React DOM from 19.2.0 → 19.2.3 (patch version)
• Remove duplicate/unused package entries (standard lockfile maintenance)
• No TUnit source code, engine, or test files affected

TUnit Rules Applied:

• ❌ Dual-mode: N/A (no engine/source-gen changes)
• ❌ Snapshot testing: N/A (no source generator changes)
• ❌ VSTest check: N/A (no test platform code)
• ❌ Performance: N/A (documentation only)
• ❌ AOT compatibility: N/A (no runtime code changes)

Security Note: The React updates include security-related fixes for React Server Components (Promise cycle patches, loop protection), which is good for the documentation site.

Verdict

✅ APPROVE - No critical issues. This is a standard dependency update for the documentation site that doesn't affect TUnit's core functionality.

[thomhurst]

Summary

Automated dependency update by Renovate Bot upgrading React and React-DOM from v19.2.0 to v19.2.3 in the documentation site.

Critical Issues

None found ✅

Previous Review Status

This PR has received 12 previous reviews from Claude, all approving the changes. Key points consistently noted:

• Security improvements for React Server Functions (loop protection, Promise cycle fixes)
• Isolated to docs site (no impact on TUnit core)
• Low-risk patch version update
• Lock file changes only

Analysis

• Scope: Only affects docs/yarn.lock - no TUnit code changes
• Type: Patch version update (19.2.0 → 19.2.3)
• Security: Includes important fixes for React Server Components
• TUnit Rules: Not applicable - documentation dependency update only

This change does NOT affect:

• Dual-mode implementation (source-gen/reflection)
• Source generator output or snapshots
• Public APIs
• Performance hot paths
• AOT compatibility

Verdict

✅ APPROVE - Safe dependency update with no critical issues. Changes are isolated to the documentation site and include valuable security patches. Ready to merge once CI passes.

[thomhurst]

Summary

Updates React dependencies in the documentation site from v19.2.0 to v19.2.3 (Renovate bot PR).

Critical Issues

None found ✅

This PR:

• Only touches docs/yarn.lock (documentation dependencies)
• Does not affect TUnit core, engine, source generator, or test infrastructure
• Is a patch-level dependency update for the documentation website
• Contains standard yarn.lock changes (removing duplicate entries, updating versions)
• Does not violate any TUnit critical rules (dual-mode, snapshot testing, VSTest usage, AOT compatibility, performance)

Verdict

✅ APPROVE - No critical issues

This is a routine documentation dependency update that doesn't affect TUnit's core functionality.