chore(deps): bump react in /frontend

[dependabot]

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

Bumps react in /frontend from 19.2.4 to 19.2.5.

Updates react from 19.2.4 to 19.2.5

Release notes

Sourced from react's releases.

19.2.5 (April 8th, 2026)

React Server Components

• Add more cycle protections (#36236 by @​eps1lon and @​unstubbable)

Commits

• 23f4f9f 19.2.5
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[cubic-dev-ai]

1 issue found across 2 files

Confidence score: 2/5

• There is a high-confidence, high-severity compatibility risk in frontend/package.json: upgrading only react while leaving react-dom behind can cause runtime initialization failures.
• Because this issue is user-facing and can break app startup behavior, merge risk is elevated until versions are aligned.
• This should be straightforward to fix by keeping react and react-dom on matching versions, after which this PR would likely be much safer to merge.
• Pay close attention to frontend/package.json - react/react-dom version mismatch can introduce runtime errors.

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="frontend/package.json">

<violation number="1" location="frontend/package.json:59">
P1: Keep `react` and `react-dom` on the same version. Bumping only `react` can trigger runtime initialization errors due to version mismatch.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[cubic-dev-ai]

P1: Keep react and react-dom on the same version. Bumping only react can trigger runtime initialization errors due to version mismatch.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At frontend/package.json, line 59:

<comment>Keep `react` and `react-dom` on the same version. Bumping only `react` can trigger runtime initialization errors due to version mismatch.</comment>

<file context>
@@ -56,7 +56,7 @@
     "next-themes": "^0.4.6",
     "posthog-js": "^1.367.0",
-    "react": "^19.2.4",
+    "react": "^19.2.5",
     "react-apexcharts": "^2.1.0",
     "react-dom": "^19.2.4",
</file context>

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 98.92%. Comparing base (b57119b) to head (9fcdead).

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #4612   +/-   ##
=======================================
  Coverage   98.92%   98.92%           
=======================================
  Files         527      527           
  Lines       16956    16956           
  Branches     2412     2412           
=======================================
  Hits        16774    16774           
  Misses         97       97           
  Partials       85       85           

Flag	Coverage Δ
backend	99.50% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update b57119b...9fcdead. Read the comment docs.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.