Upgrade React/NextJS version to fix CVE-2025-55182

[git-hulk]

Refer to https://snyk.io/blog/security-advisory-critical-rce-vulnerabilities-react-server-components/

[git-hulk]

cc @Jitmisra, I cannot add you as a reviewer since you haven't joined the Apache group yet.

[Copilot]

Pull request overview

This PR upgrades React, Next.js, and related dependencies to address CVE-2025-55182, a critical RCE vulnerability in React Server Components. The upgrade includes moving from Next.js 15.5.4 to 16.0.7, React 19.2.0 to 19.2.1, and ESLint 8 to 9.39.1.

• Upgrades Next.js from 15.5.4 to ^16.0.7 and React from 19.2.0 to ^19.2.1
• Updates TypeScript configuration including JSX compiler option and dev types inclusion
• Upgrades ESLint from ^8 to ^9.39.1 and related type definitions

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File	Description
webui/package.json	Updates React, Next.js, ESLint, and type definition versions to address security vulnerability
webui/tsconfig.json	Modifies JSX compilation setting, adds dev types to includes, and reformats configuration file

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 49.14%. Comparing base (6c56470) to head (799129b).
⚠️ Report is 102 commits behind head on unstable.

Additional details and impacted files

@@             Coverage Diff              @@
##           unstable     #370      +/-   ##
============================================
+ Coverage     43.38%   49.14%   +5.75%     
============================================
  Files            37       45       +8     
  Lines          2971     3783     +812     
============================================
+ Hits           1289     1859     +570     
- Misses         1544     1716     +172     
- Partials        138      208      +70     

Flag	Coverage Δ
unittests	49.14% <ø> (+5.75%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[PragmaTwice]

BTW since this is a major version update of nextjs, have you tried to check if the webui works well after the update? cc @git-hulk

[git-hulk]

BTW since this is a major version update of nextjs, have you tried to check if the webui works well after the update? cc @git-hulk

Yes, I have simply tested the namespace creation. By the way, I will raise a minor release vote this week to mitigate this CVE issue for users.