fix(repo): Use ~ instead of ^ for react peers

[jacekradko]

Description

The previous ranges using ^ (e.g., ^19.0.3 || ^19.1.4 || ^19.2.3) created overlapping constraints where ^19.0.3 already matched versions like 19.1.x and 19.2.x, making the subsequent entries redundant. By switching to ~ for React 19 versions, each range now correctly targets a specific minor version track (e.g., ~19.0.3 matches only 19.0.x patches), which properly captures the intent of disallowing specific vulnerable versions of react.

Related: #7423

Checklist

• pnpm test runs as expected.
• pnpm build runs as expected.
• (If applicable) JSDoc comments have been added or updated for any package exports
• (If applicable) Documentation has been updated

Type of change

• 🐛 Bug fix
• 🌟 New feature
• 🔨 Breaking change
• 📖 Refactoring / dependency upgrade / documentation
• other:

Summary by CodeRabbit

• Chores
  • Updated React peer dependency version constraints across Clerk packages to enable more flexible patch-level updates for React 19 while maintaining compatibility with React 18.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[changeset-bot]

🦋 Changeset detected

Latest commit: 9ec818e

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 19 packages

Name	Type
@clerk/chrome-extension	Patch
@clerk/expo	Patch
@clerk/expo-passkeys	Patch
@clerk/nextjs	Patch
@clerk/react	Patch
@clerk/react-router	Patch
@clerk/shared	Patch
@clerk/tanstack-react-start	Patch
@clerk/ui	Patch
@clerk/agent-toolkit	Patch
@clerk/astro	Patch
@clerk/backend	Patch
@clerk/clerk-js	Patch
@clerk/express	Patch
@clerk/fastify	Patch
@clerk/localizations	Patch
@clerk/nuxt	Patch
@clerk/testing	Patch
@clerk/vue	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
clerk-js-sandbox	Ready	Preview, Comment	Dec 19, 2025 2:50am

[pkg-pr-new]

Open in StackBlitz

@clerk/agent-toolkit

npm i https://pkg.pr.new/@clerk/agent-toolkit@7512

@clerk/astro

npm i https://pkg.pr.new/@clerk/astro@7512

@clerk/backend

npm i https://pkg.pr.new/@clerk/backend@7512

@clerk/chrome-extension

npm i https://pkg.pr.new/@clerk/chrome-extension@7512

@clerk/clerk-js

npm i https://pkg.pr.new/@clerk/clerk-js@7512

@clerk/dev-cli

npm i https://pkg.pr.new/@clerk/dev-cli@7512

@clerk/expo

npm i https://pkg.pr.new/@clerk/expo@7512

@clerk/expo-passkeys

npm i https://pkg.pr.new/@clerk/expo-passkeys@7512

@clerk/express

npm i https://pkg.pr.new/@clerk/express@7512

@clerk/fastify

npm i https://pkg.pr.new/@clerk/fastify@7512

@clerk/localizations

npm i https://pkg.pr.new/@clerk/localizations@7512

@clerk/nextjs

npm i https://pkg.pr.new/@clerk/nextjs@7512

@clerk/nuxt

npm i https://pkg.pr.new/@clerk/nuxt@7512

@clerk/react

npm i https://pkg.pr.new/@clerk/react@7512

@clerk/react-router

npm i https://pkg.pr.new/@clerk/react-router@7512

@clerk/shared

npm i https://pkg.pr.new/@clerk/shared@7512

@clerk/tanstack-react-start

npm i https://pkg.pr.new/@clerk/tanstack-react-start@7512

@clerk/testing

npm i https://pkg.pr.new/@clerk/testing@7512

@clerk/ui

npm i https://pkg.pr.new/@clerk/ui@7512

@clerk/upgrade

npm i https://pkg.pr.new/@clerk/upgrade@7512

@clerk/vue

npm i https://pkg.pr.new/@clerk/vue@7512

commit: 9ec818e

[coderabbitai]

📝 Walkthrough

Walkthrough

This change updates React peer dependency version constraints across the Clerk monorepo. The changeset marks multiple packages as having patch-level updates to their React peer dependencies, switching from caret (^) to tilde (~) operators for React 19 versions. The pnpm-workspace.yaml catalog is simultaneously updated to reflect a mixed constraint approach: caret ranges for React 18.x and tilde ranges for React 19.x. These adjustments ensure non-overlapping version constraints across the dependency specifications.

Pre-merge checks

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and accurately describes the main change: switching React peer dependency version ranges from caret (^) to tilde (~) notation across multiple packages.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

---

📜 Recent review details

Configuration used: Repository YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 323e66d and 9ec818e.

📒 Files selected for processing (2)

• .changeset/fix-react-peer-dependency-ranges.md (1 hunks)
• pnpm-workspace.yaml (1 hunks)

🧰 Additional context used

📓 Path-based instructions (3)

**/*.{js,jsx,ts,tsx,json,md,yml,yaml}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use Prettier for consistent code formatting

Files:

• pnpm-workspace.yaml

**/*.{js,ts,jsx,tsx,json,md,yml,yaml}

📄 CodeRabbit inference engine (.cursor/rules/monorepo.mdc)

Use Prettier for code formatting across all packages

Files:

• pnpm-workspace.yaml

**/*

⚙️ CodeRabbit configuration file

If there are no tests added or modified as part of the PR, please suggest that tests be added to cover the changes.

**/*: Only comment on issues that would block merging, ignore minor or stylistic concerns.
Restrict feedback to errors, security risks, or functionality-breaking problems.
Do not post comments on code style, formatting, or non-critical improvements.
Keep reviews short: flag only issues that make the PR unsafe to merge.
Group similar issues into a single comment instead of posting multiple notes.
Skip repetition: if a pattern repeats, mention it once at a summary level only.
Do not add general suggestions, focus strictly on merge-blocking concerns.
If there are no critical problems, respond with minimal approval (e.g., 'Looks good'). Do not add additional review.
Avoid line-by-line commentary unless it highlights a critical bug or security hole.
Highlight only issues that could cause runtime errors, data loss, or severe maintainability issues.
Ignore minor optimization opportunities, focus solely on correctness and safety.
Provide a top-level summary of critical blockers rather than detailed per-line notes.
Comment only when the issue must be resolved before merge, otherwise remain silent.
When in doubt, err on the side of fewer comments, brevity and blocking issues only.
Avoid posting any refactoring issues.

Files:

• pnpm-workspace.yaml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (25)

• GitHub Check: Integration Tests (quickstart, chrome, 15)
• GitHub Check: Integration Tests (vue, chrome)
• GitHub Check: Integration Tests (nextjs, chrome, 16)
• GitHub Check: Integration Tests (handshake:staging, chrome)
• GitHub Check: Integration Tests (astro, chrome)
• GitHub Check: Integration Tests (quickstart, chrome, 16)
• GitHub Check: Integration Tests (nextjs, chrome, 15)
• GitHub Check: Integration Tests (machine, chrome, RQ)
• GitHub Check: Integration Tests (billing, chrome, RQ)
• GitHub Check: Integration Tests (tanstack-react-start, chrome)
• GitHub Check: Integration Tests (react-router, chrome)
• GitHub Check: Integration Tests (handshake, chrome)
• GitHub Check: Integration Tests (machine, chrome)
• GitHub Check: Integration Tests (nextjs, chrome, 16, RQ)
• GitHub Check: Integration Tests (nuxt, chrome)
• GitHub Check: Integration Tests (custom, chrome)
• GitHub Check: Integration Tests (sessions:staging, chrome)
• GitHub Check: Integration Tests (billing, chrome)
• GitHub Check: Integration Tests (express, chrome)
• GitHub Check: Integration Tests (sessions, chrome)
• GitHub Check: Integration Tests (generic, chrome)
• GitHub Check: Integration Tests (localhost, chrome)
• GitHub Check: Integration Tests (ap-flows, chrome)
• GitHub Check: semgrep-cloud-platform/scan
• GitHub Check: Analyze (javascript-typescript)

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}