The title says it all. We have been on React 16.8 for the past two months. Without even knowing it.
It all started when a package called highlight.js broke our builds after some controversy:
https://github.com/highlightjs/highlight.js/issues/1984#issuecomment-467087611
Which prompted us to quickly switch to Yarn for all our dependency management needs. But alas, when you don’t lock dependencies to specific versions in your package.json, why would you expect the same versions to be used in your yarn.lock file…
Lesson learned. Lock your dependencies to exact versions. And ALWAYS check what versions of packages are being installed whenever your lock file updates.