fix: update React 19 peer dependencies to mitigate CVE-2025-55182

[dtoxvanilla1991]

Explain your changes

This PR updates the peerDependencies for react and react-dom to reflect the critical security advisory GHSA-9qr9-h5gf-34mp (CVE-2025-55182).

Changes:

• React 17 & 18: Unchanged (Safe/Unaffected).
• React 19: Minimum version bumped to 19.2.1.

Why: A critical RCE vulnerability affects React versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0. By strictly enforcing >=19.2.1 for React 19 users, we ensure new installations do not resolve to vulnerable versions while maintaining support for legacy users on v17/v18.

Checklist

• I have read the “Pull requests” section in the contributing guidelines.
• I agree to the terms within the code of conduct.

🛟 If you need help, consider asking for advice over in the Kinde community.

[coderabbitai]

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (2)

• package.json is excluded by !**/*.json
• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml, !**/*.yaml

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/security-patch-versions

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}