Conversation
|
Important Review skippedReview was skipped due to path filters ⛔ Files ignored due to path filters (1)
CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including You can disable this status message by setting the WalkthroughPeer and dev dependency constraints for React and related typings were updated across multiple package.json files to require React and @types packages at >=19.0.0 and to bump devDependencies of Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Poem
Pre-merge checks and finishing touches✅ Passed checks (3 passed)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![recurseml[bot]](https://avatars.githubusercontent.com/in/1054195?s=60&v=4){kind=small}
There was a problem hiding this comment.
Review by RecurseML
🔍 Review performed on 27f6a91..a247eb0
✨ No bugs found, your code is sparkling clean
⏭️ Files skipped (4)
| Locations |
|---|
packages/react/package.json |
packages/stack/package.json |
packages/template/package-template.json |
packages/template/package.json |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
There was a problem hiding this comment.
Greptile Overview
Summary
This PR removes React 18 support across all Stack Auth packages by updating the peer dependencies to require React 19.0.0-rc.0 as the minimum version. The changes are made through the template system (`packages/template/package-template.json`) which auto-generates the `package.json` files for the `@stackframe/template`, `@stackframe/react`, and `@stackframe/stack` packages.The modification changes peer dependencies from supporting both React 18.2+ and 19.0+ (">=18.2 || >=19.0.0-rc.0") to only supporting React 19 RC versions (">=19.0.0-rc.0"). This affects four React-related dependencies: react, react-dom, @types/react, and @types/react-dom. The template system ensures consistency across all packages in the Stack Auth ecosystem.
This change integrates with Stack Auth's package generation workflow where the template file serves as the source of truth for dependency requirements, automatically propagating changes to all derived packages. The modification represents a strategic decision to modernize the codebase and potentially leverage React 19-specific features, though it comes at the cost of backward compatibility.
PR Description Notes:
- The PR description is minimal and doesn't explain the breaking change or rationale
- No mention of migration guide or impact assessment for existing users
Changed Files
| Filename | Score | Overview |
|---|---|---|
| packages/template/package-template.json | 2/5 | Updates peer dependencies to require React 19+ only, removing React 18 support with dev/peer dependency version mismatch |
| packages/template/package.json | 2/5 | Auto-generated from template, drops React 18 support while maintaining React 18 in devDependencies |
| packages/react/package.json | 2/5 | Auto-generated from template, enforces React 19+ requirement with inconsistent devDependencies |
| packages/stack/package.json | 2/5 | Auto-generated from template, requires React 19+ for peer deps but uses React 18 for development |
Confidence score: 2/5
- This PR introduces a breaking change that will prevent React 18 users from installing Stack Auth packages, requiring careful rollout
- Score reflects the version inconsistency between devDependencies (React 18) and peerDependencies (React 19+) which could cause development issues
- Pay close attention to packages/template/package-template.json as it's the source template that generates all other package.json files
Additional Comments (4)
-
packages/template/package.json, line 99 (link)logic: Inconsistency: peer deps require React 19 RC but dev deps use React 18.2. This mismatch could cause development environment issues.
-
packages/react/package.json, line 86 (link)logic: Dev dependencies use React 18.2.0 but peer deps require React 19+. This mismatch could cause development/production inconsistencies.
-
packages/stack/package.json, line 94 (link)logic: Dev dependencies still use React 18.2.0 while peer deps now require React 19+. This version mismatch could cause development issues.
-
packages/template/package-template.json, line 138 (link)logic: Inconsistency: devDependencies still use React 18 while peerDependencies now require React 19+. This could cause development environment issues and makes the change seem incomplete.
4 files reviewed, 4 comments
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 4
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (4)
packages/react/package.json(1 hunks)packages/stack/package.json(1 hunks)packages/template/package-template.json(1 hunks)packages/template/package.json(1 hunks)
🧰 Additional context used
📓 Path-based instructions (2)
packages/stack/**
📄 CodeRabbit inference engine (AGENTS.md)
Never modify packages/stack; make changes in packages/template instead as packages/stack is a copy
Files:
packages/stack/package.json
packages/template/**
📄 CodeRabbit inference engine (AGENTS.md)
When modifying the SDK copies, make changes in packages/template (source of truth)
Files:
packages/template/package-template.jsonpackages/template/package.json
🪛 Biome (2.1.2)
packages/template/package-template.json
[error] 102-102: The key // was already declared.
This where a duplicated key was declared again.
If a key is defined multiple times, only the last definition takes effect. Previous definitions are ignored.
(lint/suspicious/noDuplicateObjectKeys)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (10)
- GitHub Check: Vercel Agent Review
- GitHub Check: setup-tests
- GitHub Check: docker
- GitHub Check: restart-dev-and-test
- GitHub Check: docker
- GitHub Check: build (22.x)
- GitHub Check: all-good
- GitHub Check: build (22.x)
- GitHub Check: lint_and_build (latest)
- GitHub Check: Security Check
There was a problem hiding this comment.
Actionable comments posted: 1
♻️ Duplicate comments (1)
packages/template/package-template.json (1)
100-106: Biome duplicate key ‘//’ warning in JSON template.The template uses repeated “//” keys for directives; JSON linters flag duplicates. Either rename file to .jsonc and configure tooling to parse as JSONC, or add a linter ignore for this file/object section.
🧹 Nitpick comments (2)
packages/template/package-template.json (2)
101-108: Avoid a breaking peer range; keep React 18 compatibility or bump major.Tightening to ">=19.0.0-rc.0" drops React 18 consumers while package version remains 2.8.41. Either:
- keep a dual range (recommended), or
- if 19-only is required, coordinate a major version bump for all affected packages.
Suggested dual-range diff:
- "@types/react": ">=19.0.0-rc.0", + "@types/react": ">=18.3.1 || >=19.0.0", @@ - "@types/react-dom": ">=19.0.0-rc.0", - "react-dom": ">=19.0.0-rc.0", + "@types/react-dom": ">=18.3.1 || >=19.0.0", + "react-dom": ">=18.3.1 || >=19.0.0", @@ - "react": ">=19.0.0-rc.0" + "react": ">=18.3.1 || >=19.0.0"
138-140: Prefer stable React 19 in devDependencies over RC.Pinning devDeps to an RC can cause churn and mismatches with peer ranges. Use stable 19.x:
- "react": "^19.0.0-rc.0", + "react": "^19.0.0", @@ - "react-dom": "^19.0.0-rc.0", + "react-dom": "^19.0.0",
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (5)
packages/js/package.json(1 hunks)packages/react/package.json(2 hunks)packages/stack/package.json(2 hunks)packages/template/package-template.json(2 hunks)packages/template/package.json(2 hunks)
🚧 Files skipped from review as they are similar to previous changes (3)
- packages/react/package.json
- packages/template/package.json
- packages/stack/package.json
🧰 Additional context used
📓 Path-based instructions (2)
packages/template/**
📄 CodeRabbit inference engine (AGENTS.md)
When modifying the SDK copies, make changes in packages/template (source of truth)
Files:
packages/template/package-template.json
packages/js/**
📄 CodeRabbit inference engine (AGENTS.md)
Never modify packages/js; make changes in packages/template instead as packages/js is a copy
Files:
packages/js/package.json
🪛 Biome (2.1.2)
packages/template/package-template.json
[error] 102-102: The key // was already declared.
This where a duplicated key was declared again.
If a key is defined multiple times, only the last definition takes effect. Previous definitions are ignored.
(lint/suspicious/noDuplicateObjectKeys)
🪛 GitHub Actions: Runs E2E API Tests
packages/js/package.json
[error] 1-1: Lockfile specifiers do not match package.json. The lockfile contains dependencies that differ from what is specified in package.json.
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)
- GitHub Check: docker
- GitHub Check: all-good
- GitHub Check: Vercel Agent Review
- GitHub Check: Security Check
…-auth/stack-auth into fix-react-version-peer-dep
|
Some new issue(s) might be present. Please use the following link(s) to view them: https://zeropath.com/app/issues/c875c500-60e3-47a7-a4d6-e48bdfa746ef Reply to this PR with |
There was a problem hiding this comment.
Actionable comments posted: 5
♻️ Duplicate comments (1)
packages/js/package.json (1)
63-63: Do not edit generated package; update the template and re-sync.This file is auto-generated. Revert this direct change and apply it in packages/template/package-template.json, then run the template sync and regenerate the lockfile.
Run to confirm only the template source is edited and outputs are in sync:
#!/bin/bash set -euo pipefail echo "Any direct edits to generated packages?" rg -n 'THIS FILE IS AUTO-GENERATED FROM TEMPLATE' -C1 packages | sed -n 's/^\(\S\+package\.json\).*/\1/p' | sort -u | while read -r f; do echo "- $f" done echo echo "React devDeps still on 18.x anywhere?" rg -nP '"devDependencies"\s*:\s*\{(?s).*?"react"\s*:\s*"\^18' -C0 packages echo echo "Leftover RC ranges?" rg -nP '>=19\.0\.0-rc\.0' -C2
🧹 Nitpick comments (1)
packages/template/package-template.json (1)
138-141: LGTM on devDeps to ^19; ensure Next devDep is bumped in tandem.After adjusting the Next peer to 15+, bump dev next from ^14.1.0 to ^15.x here too.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (1)
pnpm-lock.yamlis excluded by!**/pnpm-lock.yaml
📒 Files selected for processing (8)
packages/js/package.json(1 hunks)packages/react/package.json(2 hunks)packages/stack-sc/package.json(2 hunks)packages/stack-shared/package.json(1 hunks)packages/stack-ui/package.json(1 hunks)packages/stack/package.json(2 hunks)packages/template/package-template.json(2 hunks)packages/template/package.json(2 hunks)
🚧 Files skipped from review as they are similar to previous changes (1)
- packages/react/package.json
🧰 Additional context used
📓 Path-based instructions (3)
packages/js/**
📄 CodeRabbit inference engine (AGENTS.md)
Never modify packages/js; make changes in packages/template instead as packages/js is a copy
Files:
packages/js/package.json
packages/template/**
📄 CodeRabbit inference engine (AGENTS.md)
When modifying the SDK copies, make changes in packages/template (source of truth)
Files:
packages/template/package.jsonpackages/template/package-template.json
packages/stack/**
📄 CodeRabbit inference engine (AGENTS.md)
Never modify packages/stack; make changes in packages/template instead as packages/stack is a copy
Files:
packages/stack/package.json
🪛 Biome (2.1.2)
packages/template/package-template.json
[error] 102-102: The key // was already declared.
This where a duplicated key was declared again.
If a key is defined multiple times, only the last definition takes effect. Previous definitions are ignored.
(lint/suspicious/noDuplicateObjectKeys)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (10)
- GitHub Check: docker
- GitHub Check: all-good
- GitHub Check: Vercel Agent Review
- GitHub Check: restart-dev-and-test
- GitHub Check: lint_and_build (latest)
- GitHub Check: docker
- GitHub Check: build (22.x)
- GitHub Check: setup-tests
- GitHub Check: build (22.x)
- GitHub Check: Security Check
🔇 Additional comments (4)
packages/template/package.json (1)
99-100: LGTM on devDeps bump to React 19.Matches the peer floor.
packages/stack/package.json (1)
94-95: DevDeps bump to React 19 looks good.packages/stack-sc/package.json (1)
49-50: LGTM on React/DOM devDeps to ^19.packages/template/package-template.json (1)
101-108: Next constraints now require v15+ across template and downstream packages. Verified no remaining mismatches between React ≥19 and Next versions.
2 participants
High-level PR Summary
This PR updates the peer dependency requirements across multiple package.json files to remove support for React 18.2 and only specify React 19.0.0-rc.0 or newer as the minimum required version. The change affects React, React DOM, and their corresponding TypeScript type packages.
⏱️ Estimated Review Time: 5-15 minutes
💡 Review Order Suggestion
packages/react/package.jsonpackages/stack/package.jsonpackages/template/package-template.jsonpackages/template/package.jsonImportant
Update peer dependencies to require React 19.0.0 or newer across multiple packages.
react,react-dom,@types/react, and@types/react-dominpackages/react/package.json,packages/stack/package.json, andpackages/template/package.json.package.jsonfiles.packages/react/package.json,packages/stack/package.json, andpackages/template/package.json.This description was created by
for fa6ee35. You can customize this summary. It will automatically update as commits are pushed.
Summary by CodeRabbit