chore(deps): bump react and @types/react in /apps/frontend

[dependabot]

Bumps react and @types/react. These dependencies needed to be updated together.
Updates react from 19.2.3 to 19.2.4

Release notes

Sourced from react's releases.

19.2.4 (January 26th, 2026)

React Server Components

• Add more DoS mitigations to Server Actions, and harden Server Components (#35632 by @​gnoff, @​lubieowoce, @​sebmarkbage, @​unstubbable)

Commits

• 90ab3f8 Version 19.2.4
• See full diff in compare view

Updates @types/react from 19.2.8 to 19.2.10

Commits

• See full diff in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[fingertips18]

@coderabbitai Are there any breaking changes in this dependency update? Is it safe to merge?

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

• 🔍 Trigger a full review

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

🌐 Web query:

React 19.2.4 breaking changes

💡 Result:

React 19.2.4 (released January 26, 2026) is a patch release, and does not list any breaking changes in the official release notes. Its published change is focused on additional DoS mitigations / hardening for React Server Actions and Server Components. [1]

If you’re upgrading to React 19.x (from 18.x), the breaking changes to watch are the React 19 breaking changes (e.g., error handling behavior changes during render, UMD builds removed, etc.)—those are covered in the React 19 Upgrade Guide, not specific to 19.2.4. [2]

Sources: [1] [2]

---

🌐 Web query:

`@types/react` 19.2.10 changes

💡 Result:

@types/react doesn’t publish a per-version changelog/release notes; updates are just snapshots of changes merged into DefinitelyTyped, so the reliable way to see “what changed in 19.2.10” is to diff the package contents. (github.com)

Also note: jsDelivr currently shows @types/react at 19.2.10 (jsdelivr.com), while Yarn Classic’s package page still lists 19.2.9 as latest (published Jan 20, 2026) (classic.yarnpkg.com)—so registry mirrors/indexes may be slightly out of sync.

How to get the exact 19.2.10 changes

If you have npm v10+, run:

npm diff `@types/react`@19.2.9 `@types/react`@19.2.10

If you want to diff just the main declarations:

npm diff `@types/react`@19.2.9 `@types/react`@19.2.10 --diff=types/react/index.d.ts

(Or download both tarballs and compare locally if you’re not on a recent npm.)

Citations:

• 1: Where do I find a changelog for this @types/node? DefinitelyTyped/DefinitelyTyped#52998
• 2: https://www.jsdelivr.com/package/npm/%40types/react
• 3: https://classic.yarnpkg.com/en/package/%40types/react?utm_source=openai

---

@fingertips18: Based on my research, this update appears safe to merge with no breaking changes. Here's what I found:

React 19.2.4

This is a patch release with no breaking changes listed in the official release notes. The update focuses on additional DoS mitigations and hardening for React Server Actions and Server Components — primarily a security improvement.

@types/react 19.2.10

This is also a patch version bump (19.2.8 → 19.2.10). While DefinitelyTyped doesn't publish detailed changelogs for each version, patch-level type definition updates are typically non-breaking and include minor corrections or additions to type definitions.

Recommendation

✅ Safe to merge — Both updates follow semantic versioning conventions where patch versions should not introduce breaking changes. The React update is security-focused, which makes it a good candidate for prompt adoption.

As a best practice, I recommend:

1. Ensuring your CI tests pass
2. Testing any code that uses Server Actions or Server Components (if applicable to your project)

The security improvements in React 19.2.4 make this a valuable update to include.