chore: pin react types to 18.x project-wide#3313
Conversation
|
|
This PR has been rebased onto latest main. Could you please review? 🙏 |
WalkthroughThis PR adds two entries to the Estimated code review effort🎯 1 (Trivial) | ⏱️ ~2 minutes 🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@package.json`:
- Around line 93-94: The package.json pins for TypeScript React types are out of
date: update the versions for `@types/react` and `@types/react-dom` to the latest
18.x patch releases; specifically change `@types/react` from 18.2.69 to 18.3.30
and `@types/react-dom` from 18.2.7 to 18.3.7, then run your package manager
install (npm/yarn/pnpm) and rebuild to ensure type compatibility; confirm no
breaking type changes affect functions/components that rely on react/react-dom
type declarations.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository UI
Review profile: CHILL
Plan: Pro
Run ID: f9521b5e-c88a-44d5-950d-3f36a5314076
📒 Files selected for processing (1)
package.json
📜 Review details
🧰 Additional context used
📓 Path-based instructions (2)
**/*.{js,jsx,ts,tsx,json,md,yml,yaml}
📄 CodeRabbit inference engine (AGENTS.md)
Code formatting must be enforced using Prettier before committing
Files:
package.json
package.json
📄 CodeRabbit inference engine (CLAUDE.md)
package.json: Editpackage.jsondirectly instead of usingpnpm addwhen adding dependencies, then runpnpm ifrom the repo root. See.claude/rules/package-installation.mdfor the full process.
Pin Zod to the exact same version across the entire monorepo (currently3.25.76). Never use a different version or range in any package. Mismatched Zod versions cause runtime type incompatibilities.
Files:
package.json
| "@types/react": "18.2.69", | ||
| "@types/react-dom": "18.2.7", |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Description: Check latest 18.x versions of React type packages
echo "=== `@types/react` latest 18.x version ==="
npm view `@types/react` versions --json | jq -r '.[]' | grep '^18\.' | tail -1
echo -e "\n=== `@types/react-dom` latest 18.x version ==="
npm view `@types/react-dom` versions --json | jq -r '.[]' | grep '^18\.' | tail -1
echo -e "\n=== Checking for security advisories ==="
gh api graphql -f query='
{
securityVulnerabilities(first: 5, ecosystem: NPM, package: "`@types/react`") {
nodes {
advisory {
summary
severity
publishedAt
}
vulnerableVersionRange
firstPatchedVersion {
identifier
}
}
}
}'Repository: triggerdotdev/trigger.dev
Length of output: 262
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "=== Checking security advisories for `@types/react-dom` ==="
gh api graphql -f query='
{
securityVulnerabilities(first: 5, ecosystem: NPM, package: "`@types/react-dom`") {
nodes {
advisory { summary severity publishedAt }
vulnerableVersionRange
firstPatchedVersion { identifier }
}
}
}'Repository: triggerdotdev/trigger.dev
Length of output: 176
Bump pinned React type packages to the latest 18.x patch versions
@types/reactis pinned to18.2.69, but the latest 18.x patch is18.3.30.@types/react-domis pinned to18.2.7, but the latest 18.x patch is18.3.7.- No GitHub-reported security advisories were found for either package in the vulnerability lookup.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@package.json` around lines 93 - 94, The package.json pins for TypeScript
React types are out of date: update the versions for `@types/react` and
`@types/react-dom` to the latest 18.x patch releases; specifically change
`@types/react` from 18.2.69 to 18.3.30 and `@types/react-dom` from 18.2.7 to 18.3.7,
then run your package manager install (npm/yarn/pnpm) and rebuild to ensure type
compatibility; confirm no breaking type changes affect functions/components that
rely on react/react-dom type declarations.
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
| "@types/react": "18.2.69", | ||
| "@types/react-dom": "18.2.7", |
There was a problem hiding this comment.
🚩 Override silently downgrades trigger-sdk from @types/react 19 to 18
packages/trigger-sdk/package.json declares @types/react: ^19.2.14 as a devDependency, but this override forces it to 18.2.69. This is a significant version downgrade (React 19 → 18 types). I verified that the only React usage in the SDK (packages/trigger-sdk/src/v3/chat-react.ts) uses basic hooks (useCallback, useEffect, useRef, useState) that are fully compatible with React 18 types. However, the explicit ^19.2.14 pin was presumably added intentionally — future code additions to chat-react.ts using React 19 features (e.g., useActionState, use(), or the new ref prop pattern) would silently fail to typecheck correctly since the override masks the package-level declaration. Consider updating the trigger-sdk's package.json devDependency to 18.2.69 to make the intent explicit rather than relying on a global override to silently downgrade it.
Was this helpful? React with 👍 or 👎 to provide feedback.
2 participants
Pins @types/react\ and @types/react-dom\ to \18.x\ project-wide using pnpm overrides.
Changes
Testing
Related
Fixes TypeScript compilation errors across the monorepo where some packages resolve to React 19 types.