Update monorepo internal React deps

[brophdawg11]

Updates all of our internal deps (integration tests, playgrounds, tutorial, dev deps, etc.) to the latest versions of packages impacted by GHSA-fv66-9v8q-g76r. Our packages are not directly impacted as all impacted packages are peerDeps managed by the user application - but it's still best to update our internals deps and this will help avoid confusion as folks search through our various monorepo package.json files and see vulnerable versions.

• react -> 19.2.1
• react-dom -> 19.2.1
• react-server-dom-parcel -> 19.2.1
• @vitejs/plugin-rsc -> 0.5.6
  • This was causing some issues in CI we're still digging into so will be done in a follow up PR

This also now moves these deps to the pnpm catalog for easier updating now and in the future

[timdorr]

Updated the title to be clear that this is just for our internal React dependencies.

Users of the library can already upgrade to the fixed versions of React and the associated packages from the vulnerability. The version selectors on the current react-router packages all allow the fixed versions to be installed.

[brophdawg11]

I think the latest E2E failure is related to #14633. Still have to dig in further.

[brophdawg11]

Trigger a new wireit build if we update any catalog versions

[brophdawg11]

ok rebased all these commits and repointed to dev (and began leveraging the pnpm catalog there) since the changes ended up touching e2e tests and stuff so it felt a bit more risky to just yolo to main :)

[brophdawg11]

needed a close/reopen to trigger CI for some reason...

[changeset-bot]

⚠️ No Changeset found

Latest commit: a46ef11

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[brophdawg11]

@jacob-ebey tracked down the RSC issue we were seeing in #14643 and the fix was pinning to react canary.

This PR adds an additional named PNPM catalog for react@canary used by the RSC integration templates/playgrounds and sets the rest of the repo react deps back to stable 19.2.1. It also lifts react types up to the catalogs and adds pnpm-workspace.yaml to the wireit configs to force rebuilds on catalog updates.

[github-actions]

🤖 Hello there,

We just published version 7.11.0-pre.0 which includes this pull request. If you'd like to take it for a test run please try it out and let us know what you think!

Thanks!

[github-actions]

🤖 Hello there,

We just published version 7.11.0 which includes this pull request. If you'd like to take it for a test run please try it out and let us know what you think!

Thanks!