Update React to 19.2.1 to address CVE-2025-55182

[Copilot]

Firebase flagged CVE-2025-55182, a critical RCE vulnerability (CVSS 10.0) in React Server Components. While this project uses Vite (not Next.js) and React 18.3.1 wasn't directly affected, upgrading to the patched React 19.2.1 addresses the security recommendation.

Changes

• Dependencies: Updated react, react-dom to 19.2.1 and corresponding @types/* to 19.x
• Type declarations: Fixed model-viewer.d.ts for React 19's JSX namespace changes

// React 18 (before)
declare namespace JSX {
  interface IntrinsicElements { ... }
}

// React 19 (after)
declare module 'react' {
  namespace JSX {
    interface IntrinsicElements { ... }
  }
}

Verification

• Build passes
• All tests pass
• CodeQL: no alerts

Original prompt

what's this warning on firebase? Security Check Recommended (CVE-2025-55182): Please review your application's dependencies. If you are running React or Next.js applications, immediately update to the latest stable versions (React 19.2.1 or the relevant version of Next.js), and redeploy.

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.