Update react NPM component to 19.1.2

[vmoroz]

Description

Update react NPM package to 19.1.2 to address the reported security issue.
See: https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components

Type of Change

• Bug fix (non-breaking change which fixes an issue)

Why

Some server related security issues are found in react NPM package.

What

Update the react package to the recommended version.

Changelog

Should this change be included in the release notes: yes

Update react NPM package to 19.1.2 to address the reported security issue.

Microsoft Reviewers: Open in CodeFlow

[tido64]

I didn't think we could just bump React like this. At least upstream, the renderers are embedded. Manually bumping the version will cause issues: https://github.com/facebook/react-native/blob/main/packages/react-native/Libraries/Renderer/README.md

Are we rebuilding the renderers in RNW?

[acoates-ms]

I didn't think we could just bump React like this. At least upstream, the renderers are embedded. Manually bumping the version will cause issues: https://github.com/facebook/react-native/blob/main/packages/react-native/Libraries/Renderer/README.md

Are we rebuilding the renderers in RNW?

No we still use the embedded renderers. I looked at the changes in 19.1.1 -> 19.1.2 and nothing would affect the boundary. So really this will just shut up the errors for people. The actual security issue is around server components which we don't use in RN currently. So the fact that we don't actually pick up the new renderer is probably fine.

[iamAbhi-916]

lgtm.

Security fix following the patch version (19.1.2) from: GHSA-fv66-9v8q-g76r