fix: update React to 19.1.2 to address CVE-2025-55182

[devin-ai-integration]

Description

Updates React and React DOM from 19.1.1 to 19.1.2 in the demo and laboratory apps to address the critical security vulnerability CVE-2025-55182 affecting React Server Components.

Reference: https://x.com/reactjs/status/1996244264192274535

Type of change

• Chore (non-breaking change that addresses non-functional tasks, maintenance, or code quality improvements)
• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)

Associated Issues

N/A - Security patch for CVE-2025-55182

Checklist

• Code in this PR is covered by automated tests (Unit tests, E2E tests)
• My changes generate no new warnings
• I have reviewed my own code
• I have filled out all required sections
• I have tested my changes on the preview link
• Approver of this PR confirms that the changes are tested on the preview link

Human Review Checklist

• Verify React 19.1.2 is the correct patched version for CVE-2025-55182
• Confirm CI/E2E tests pass for both laboratory and demo apps
• Verify no regressions in app functionality

---

Link to Devin run: https://app.devin.ai/sessions/bf93d58388204da89f14c6ff80e27515
Requested by: tomas@reown.com (@tomiir)

[changeset-bot]

⚠️ No Changeset found

Latest commit: 2b9ddc8

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
appkit-basic-html	Ready	Preview	Comment	Dec 3, 2025 9:23pm
appkit-demo	Ready	Preview	Comment	Dec 3, 2025 9:23pm
appkit-gallery	Ready	Preview	Comment	Dec 3, 2025 9:23pm
appkit-headless-sample-app	Ready	Preview	Comment	Dec 3, 2025 9:23pm
appkit-laboratory	Ready	Preview	Comment	Dec 3, 2025 9:23pm

10 Skipped Deployments

Project	Deployment	Preview	Comments	Updated (UTC)
appkit-basic-example	Ignored			Dec 3, 2025 9:23pm
appkit-basic-sign-client-example	Ignored			Dec 3, 2025 9:23pm
appkit-basic-up-example	Ignored			Dec 3, 2025 9:23pm
appkit-ethers5-bera	Ignored			Dec 3, 2025 9:23pm
appkit-nansen-demo	Ignored			Dec 3, 2025 9:23pm
appkit-vue-solana	Ignored			Dec 3, 2025 9:23pm
appkit-wagmi-cdn-example	Ignored			Dec 3, 2025 9:23pm
ethereum-provider-wagmi-example	Ignored			Dec 3, 2025 9:23pm
next-wagmi-solana-bitcoin-example	Ignored			Dec 3, 2025 9:23pm
vue-wagmi-example	Ignored			Dec 3, 2025 9:23pm

[github-actions]

Visual Regression Test Results ✅ Passed

✨ No visual changes detected

Chromatic Build: https://www.chromatic.com/build?appId=6493191bf4b10fed8ca7353f&number=479
Storybook Preview: https://6493191bf4b10fed8ca7353f-pfxykbqspf.chromatic.com/

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	class-variance-authority@​0.7.1
	@​walletconnect/​sign-client@​2.23.0
	clsx@​2.1.1
	postcss@​8.5.3
	chalk@​4.1.2
	tailwindcss@​4.1.17
	tw-animate-css@​1.4.0
	semver@​7.7.2
	@​tailwindcss/​postcss@​4.1.17

View full report

[github-actions]

📦 Bundle Size Check

✅ All bundles are within size limits

📊 View detailed bundle sizes

> @reown/appkit-monorepo@1.7.1 size /home/runner/work/appkit/appkit

> size-limit

@reown/appkit - Main Entry
Size limit:   80 kB
Size:         71.36 kB with all dependencies, minified and gzipped
Loading time: 1.4 s    on slow 3G
Running time: 456 ms   on Snapdragon 410
Total time:   1.9 s
@reown/appkit/react
Size limit:   230 kB
Size:         228.31 kB with all dependencies, minified and gzipped
Loading time: 4.5 s     on slow 3G
Running time: 986 ms    on Snapdragon 410
Total time:   5.5 s
@reown/appkit/vue
Size limit:   80 kB
Size:         71.36 kB with all dependencies, minified and gzipped
Loading time: 1.4 s    on slow 3G
Running time: 382 ms   on Snapdragon 410
Total time:   1.8 s
@reown/appkit-scaffold-ui
Size limit:   220 kB
Size:         209.4 kB with all dependencies, minified and gzipped
Loading time: 4.1 s    on slow 3G
Running time: 773 ms   on Snapdragon 410
Total time:   4.9 s
@reown/appkit-ui
Size limit:   500 kB
Size:         13.15 kB with all dependencies, minified and gzipped
Loading time: 257 ms   on slow 3G
Running time: 72 ms    on Snapdragon 410
Total time:   329 ms

[github-actions]

Coverage Report

Status	Category	Percentage	Covered / Total
🔵	Lines	79.71%	38341 / 48097
🔵	Statements	79.71%	38341 / 48097
🔵	Functions	77.3%	4107 / 5313
🔵	Branches	86.62%	9300 / 10736

File Coverage

No changed files found.

Generated in workflow #16451 for commit 2b9ddc8 by the Vitest Coverage Report Action