Thanks to visit codestin.com
Credit goes to github.com

Skip to content

chore(deps): Bump the npm-minor group across 1 directory with 26 updates#132

Open
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/frontend/develop/npm-minor-37566c3539
Open

chore(deps): Bump the npm-minor group across 1 directory with 26 updates#132
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/frontend/develop/npm-minor-37566c3539

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm-minor group with 23 updates in the /frontend directory:

Package From To
@tanstack/react-query 5.99.0 5.101.2
axios 1.15.0 1.18.1
date-fns 4.1.0 4.4.0
framer-motion 12.38.0 12.42.0
lucide-react 1.8.0 1.22.0
react 19.2.5 19.2.7
@types/react 19.2.14 19.2.17
react-dom 19.2.5 19.2.7
react-router-dom 7.14.0 7.18.0
recharts 3.8.1 3.9.0
tailwind-merge 3.5.0 3.6.0
zustand 5.0.12 5.0.14
@tailwindcss/postcss 4.2.2 4.3.1
@vitejs/plugin-react 6.0.1 6.0.3
@vitest/coverage-v8 4.1.4 4.1.9
autoprefixer 10.4.27 10.5.2
eslint-plugin-react-hooks 7.0.1 7.1.1
eslint-plugin-react-refresh 0.5.2 0.5.3
globals 17.5.0 17.7.0
jsdom 29.0.2 29.1.1
msw 2.13.2 2.14.6
typescript-eslint 8.58.1 8.62.0
vite 8.0.8 8.1.0

Updates @tanstack/react-query from 5.99.0 to 5.101.2

Release notes

Sourced from @​tanstack/react-query's releases.

@​tanstack/react-query-devtools@​5.101.2

Patch Changes

@​tanstack/react-query-next-experimental@​5.101.2

Patch Changes

  • Updated dependencies []:
    • @​tanstack/react-query@​5.101.2

@​tanstack/react-query-persist-client@​5.101.2

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-persist-client-core@​5.101.2
    • @​tanstack/react-query@​5.101.2

@​tanstack/react-query@​5.101.2

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-core@​5.101.2

@​tanstack/react-query-devtools@​5.101.1

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-devtools@​5.101.1
    • @​tanstack/react-query@​5.101.1

@​tanstack/react-query-next-experimental@​5.101.1

Patch Changes

  • Updated dependencies []:
    • @​tanstack/react-query@​5.101.1

@​tanstack/react-query-persist-client@​5.101.1

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-persist-client-core@​5.101.1
    • @​tanstack/react-query@​5.101.1

@​tanstack/react-query@​5.101.1

Patch Changes

... (truncated)

Changelog

Sourced from @​tanstack/react-query's changelog.

5.101.2

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-core@​5.101.2

5.101.1

Patch Changes

  • Updated dependencies [9eff92e]:
    • @​tanstack/query-core@​5.101.1

5.101.0

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-core@​5.101.0

5.100.14

Patch Changes

  • fix(react-query): do not go into optimistic fetching state when not subscribed (#10759)

  • Updated dependencies []:

    • @​tanstack/query-core@​5.100.14

5.100.13

Patch Changes

  • Updated dependencies [d423168]:
    • @​tanstack/query-core@​5.100.13

5.100.12

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-core@​5.100.12

5.100.11

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-core@​5.100.11

... (truncated)

Commits
  • 610e8d1 ci: Version Packages (#10996)
  • 1f84256 docs: document the select typing caveat for parallel-queries hooks (#10984)
  • b809297 ci: Version Packages (#10977)
  • ccc843e test({react,preact}-query/useQueries): move type-only tests to 'useQueries.te...
  • 4154613 test({react,preact}-query/useMutation): split 'should handle conditional logi...
  • 8bb5fde test({react,preact}-query/useMutation): split 'should pass meta to mutation' ...
  • 87426a3 test(react-query): replace deprecated 'toBeCalledTimes' with 'toHaveBeenCalle...
  • feb1efd test(*): move 'vi.useRealTimers' to the end of 'afterEach' so cleanup runs un...
  • f3d8d2a ci: Version Packages (#10774)
  • 532bb29 fix(tests): disable local coverage instrumentation (#10776)
  • Additional commits viewable in compare view

Updates axios from 1.15.0 to 1.18.1

Release notes

Sourced from axios's releases.

v1.18.1 — June 21, 2026

This release focuses on Node HTTP adapter fixes, safer AxiosError serialisation, runtime/type correctness fixes, documentation updates, and dependency maintenance.

🐛 Bug Fixes

  • AxiosError Serialisation: Made AxiosError#cause non-enumerable to prevent circular JSON serialisation failures when errors include nested causes. (#10913)
  • Node HTTP Adapter: Guarded socket.setKeepAlive for proxy agent streams, accepted path-only URLs when socketPath is configured, deferred environment proxy handling to Node, and explicitly passed maxBodyLength through to follow-redirects. (#10917, #10930, #10942, #10993)
  • Runtime and Type Correctness: Fixed several runtime crashes, type definition mismatches, and incorrect error handling paths. (#10959, #11021)
  • AxiosURLSearchParams: Switched the encoder callback to an arrow function so encoder.call(this) receives the AxiosURLSearchParams instance correctly. (#11019)

🔧 Maintenance & Chores

  • Documentation: Documented sensitive headers and status transition behaviour, prepared cleaned-up docs, added Deno install instructions, and clarified that request data is request-specific (#11007, #11010, #11023, #11025)

  • Dependencies: Bumped vite, rollup, form-data, js-yaml, and multer across the root project, docs, smoke tests, and module test workspaces. (#11011, #11012, #11013, #11014, #11015, #11016, #11017, #11026)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

v1.18.0 — June 13, 2026

This release hardens redirect and URL handling, improves the validateStatus configuration semantics, and includes updates to documentation, dependencies, and release metadata.

🔒 Security Fixes

  • Redirect Header Safety: Added Node HTTP adapter support for stripping caller-specified sensitive headers on cross-origin redirects, helping prevent custom auth headers such as API keys from leaking to another origin. (#10892)

  • URL And Request Hardening: Rejects malformed http: and https: URLs that omit // with ERR_INVALID_URL, while tightening prototype-pollution-safe config reads, stream size limits, FormData depth handling, data URL sizing, and local NO_PROXY matching. (#11000)

🐛 Bug Fixes

  • Status Validation: Added transitional.validateStatusUndefinedResolves so applications can opt in to treating validateStatus: undefined like the option was omitted, while validateStatus: null remains the explicit way to accept every status. (#10899)

🔧 Maintenance & Chores

  • Documentation: Published the v1.17.0 release notes, fixed a changelog typo, clarified the package update PR policy, and marked the proxy request config as Node.js-only in the advanced docs. (#10984, #10988, #10992, #10995)

  • Dependencies: Bumped @babel/core, @babel/preset-env, @commitlint/cli, @commitlint/config-conventional, @rollup/plugin-babel, @rollup/plugin-commonjs, @vitest/browser, @vitest/browser-playwright, eslint, lint-staged, rollup, vitest, and actions/checkout. (#10989, #10996, #10997)

  • Release Metadata: Prepared the 1.18.0 release by updating package metadata and the runtime VERSION value. (#11003)

... (truncated)

Changelog

Sourced from axios's changelog.

Changelog

v1.18.0 — June 13, 2026

This release hardens redirect and URL handling, improves the validateStatus configuration semantics, and includes updates to documentation, dependencies, and release metadata.

🔒 Security Fixes

  • Redirect Header Safety: Added Node HTTP adapter support for stripping caller-specified sensitive headers on cross-origin redirects, helping prevent custom auth headers such as API keys from leaking to another origin. (#10892)

  • URL And Request Hardening: Rejects malformed http: and https: URLs that omit // with ERR_INVALID_URL, while tightening prototype-pollution-safe config reads, stream size limits, FormData depth handling, data URL sizing, and local NO_PROXY matching. (#11000)

🐛 Bug Fixes

  • Status Validation: Added transitional.validateStatusUndefinedResolves so applications can opt in to treating validateStatus: undefined like the option was omitted, while validateStatus: null remains the explicit way to accept every status. (#10899)

🔧 Maintenance & Chores

  • Documentation: Published the v1.17.0 release notes, fixed a changelog typo, clarified the package update PR policy, and marked the proxy request config as Node.js-only in the advanced docs. (#10984, #10988, #10992, #10995)

  • Dependencies: Bumped @babel/core, @babel/preset-env, @commitlint/cli, @commitlint/config-conventional, @rollup/plugin-babel, @rollup/plugin-commonjs, @vitest/browser, @vitest/browser-playwright, eslint, lint-staged, rollup, vitest, and actions/checkout. (#10989, #10996, #10997)

  • Release Metadata: Prepared the 1.18.0 release by updating package metadata and the runtime VERSION value. (#11003)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

v1.17.0 — June 1, 2026

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

🔒 Security Fixes

  • Config Hardening: Guarded socketPath, params, and paramsSerializer reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (#10901, #10922)
  • Release Publishing: Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (#10926)

🚀 New Features

  • HTTP Compression: Added Node HTTP adapter support for zstd response decompression, with transitional.advertiseZstdAcceptEncoding controlling whether zstd is advertised in Accept-Encoding. (#6792, #10920)

🐛 Bug Fixes

  • Authentication Handling: Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (#10929, #10896)

... (truncated)

Commits
  • a209bfb chore(release): prepare release 1.18.1 (#11027)
  • fa6a55e chore(deps-dev): bump multer from 2.1.1 to 2.2.0 (#11026)
  • 40e7be8 docs: clarifies that request data is request-specific in axios (#11025)
  • a446b39 fix(AxiosURLSearchParams): use arrow function so encoder.call(this) receives ...
  • cf1306a docs: add Deno to install instructions (#11023)
  • b32880a fix: incorrect use of error (#11021)
  • 1792eda fix: ensure maxBodyLength is explicitly passed to follow-redirects (#10993)
  • 30499d6 fix: various runtime crashes and type definition mismatches (#10959)
  • 20ce9c4 fix(http): defer env proxy handling to Node (#10942)
  • e64bcf9 chore(deps): merge branch 'v1.x' into tests/module/cjs (#11014)
  • Additional commits viewable in compare view

Updates date-fns from 4.1.0 to 4.4.0

Release notes

Sourced from date-fns's releases.

v4.4.0

This release revisits the approach to CDN usage and introduces a new package, @date-fns/cdn and deprecates the date-fns CDN scripts. It allowed reducing the zipped package size from 5.83 MB down to 3.96 MB without introducing any breaking changes.

In v5.0.0-alpha.0 where CDN scripts are completely removed from date-fns the change is more significant and brings the zipped package size down to 2.89 MB.

It is just the first step in optimizing the package size. Expect further size reduction in the future v4 and v5 versions.

Changed

  • DEPRECATED: The date-fns CDN scripts are now deprecated and will be removed in the next major release. Please switch to the new @date-fns/cdn package for CDN usage.

  • Removed CDN source maps to reduce the package size. If you rely on them, please switch to the new @date-fns/cdn package that still includes them.

v4.3.0

Kudos to @​ImRodry and @​puneetdixit200 for their contributions.

Fixed

v4.2.1

Fixed

  • Fixed type definitions missing in v4.2.0 due to TypeScript misconfiguration.

v4.2.0

This is a minor release in all senses, it only includes documentation updates (first of many) that points to the new You Don't Need date-fns* page.

* Not really

Changed

  • Added Temporal API references to the JSDoc annotations of add, addBusinessDays, and addDays.
Commits
  • cd53d25 Promote to v4.4.0
  • d948ec1 Preserve but deprecate CDN versions for v4, set up v5 with polyfills
  • ee65753 Add root mise :format task
  • 9f5bdf5 Add positional argument to test/smoke.sh script
  • 651ead6 Split CDN bundles into separate @​date-fns/cdn package
  • 224c1a2 Deprecate type tests as attw hangs on date-fns package
  • 7bb2842 Switch PACKAGE_OUTPUT_PATH to --dist flag in the package build script
  • b6ad5ac Add flags to control package build script
  • 424a783 Fix docs release after moving to monorepo setup
  • f95bcf1 (docs): Add missing tsx dependency
  • Additional commits viewable in compare view

Updates framer-motion from 12.38.0 to 12.42.0

Changelog

Sourced from framer-motion's changelog.

[12.42.0] 2026-06-24

Changed

  • animateView: Layers are automatically grouped to match their DOM-hierarchy. New .group(false) method opts-out.

Fixed

  • animateView: Auto-crop is now aspect-ratio aware, disabling crops for matching aspect-ratios.
  • animateView: Disabled automatic border-radius animation.

[12.41.0] 2026-06-23

Added

  • animateView: Moves from Motion+ Early Access and alpha to main library.
  • animateView: .add() resolves a CSS selector or Element to automatically generate, apply and remove view-transition-name.
  • animateView: .new() and .old() configures values to animate on new and old layers.
  • animateView: .layout() can set a custom transition on the size/position animation of the currently selected elements.
  • animateView: Group layers now automatically crop with children set to cover, with border-radius animating from old radius to new. .crop(false) disables this behaviour.
  • animateView: .class(name) tags currently selected elements with a view-transition-class as a custom CSS hook.

Fixed

  • AnimatePresence: Prevent stuck exit animations when children interrupt.
  • drag: Child e.stopPropagation() no longer break drag end.
  • Fixing Next.js OOM on Windows when importing via motion package.
  • animateLayout: Improve handling of parallel/interleaved calls.

Changed

  • animateView: .enter() and .exit() now refer specifically to new and old layers where there are no matching old or new layers.
  • animateView: Interrupted transition setups now return resolved animation rather than throwing.

[12.40.0] 2026-05-21

Added

  • path option to transition.
  • arc() for motion along an arc.

[12.39.0] 2026-05-18

Added

  • Support for repeatType and repeatDelay in animation sequences.

Fixed

  • Variants: Re-run keyframe animations when switching between variant labels even when they share identical keyframe arrays.

... (truncated)

Commits
  • 9c84145 v12.42.0
  • 60d7c72 Add view-transition group nesting and aspect-aware cropping
  • 6437276 Updating
  • f0f893e v12.41.0
  • c0c53cb Updating changelog
  • 18c3e3e Removing plans
  • 378fc4c Merge pull request #3761 from motiondivision/worktree-view-target
  • 94ea505 Merge branch 'main' into worktree-view-target
  • de65f6b Fade auto morph crossfades over the spring's visual duration
  • f8af239 Let an explicit duration override the inherited spring on a view layer
  • Additional commits viewable in compare view

Updates lucide-react from 1.8.0 to 1.22.0

Release notes

Sourced from lucide-react's releases.

Version 1.22.0

What's Changed

New Contributors

Full Changelog: lucide-icons/lucide@1.21.0...1.22.0

Version 1.21.0

What's Changed

New Contributors

Full Changelog: lucide-icons/lucide@1.20.0...1.21.0

Version 1.20.0

What's Changed

... (truncated)

Commits
  • 5ff536e ci(release.yml): Fix workflow and remove version scripts in package scripts...
  • 07c885e fix(docs): fix zephyr-cloud URL in readmes
  • 50d8af5 docs(readme): Update readme files (#4320)
  • 653e44b feat(packages): use .mjs for ESM bundles (#4285)
  • See full diff in compare view

Updates react from 19.2.5 to 19.2.7

Release notes

Sourced from react's releases.

19.2.7 (June 1st, 2026)

React Server Components

19.2.6 (May 6th, 2026)

React Server Components

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react since your current version.


Updates @types/react from 19.2.14 to 19.2.17

Commits

Updates react-dom from 19.2.5 to 19.2.7

Release notes

Sourced from react-dom's releases.

19.2.7 (June 1st, 2026)

React Server Components

19.2.6 (May 6th, 2026)

React Server Components

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react-dom since your current version.


Updates react-router-dom from 7.14.0 to 7.18.0

Changelog

Sourced from react-router-dom's changelog.

v7.18.0

Patch Changes

v7.17.0

Patch Changes

v7.16.0

Patch Changes

  • Remove stale/invalid unpkg field from package.json. This was removed from other packages with the release of v7 but missed in the react-router-dom re-export package (#15075)
  • Updated dependencies:

v7.15.1

Patch Changes

v7.15.0

Patch Changes

v7.14.2

Patch Changes

v7.14.1

Patch Changes

Commits

Updates recharts from 3.8.1 to 3.9.0

Release notes

Sourced from recharts's releases.

v3.9.0

What's Changed

Animations

3.9 comes with new animations! There are several bug fixes and what's best, all animations are now fully customizable.

See the animations guide on https://recharts.github.io/en-US/guide/animations/

New features other than animations

Bugfixes

Tree-shaking

We now have focused tree-shaking tests that allow us to observe exactly which components end up in the final bundle and why. I have also removed some unnecessary loops and you should see the final bundle size decrease somewhat as a result.

... (truncated)

Commits
  • 8c1cce7 v3.9.0 (#7490)
  • e5fe9bb Add custom fillOpacity on hover website example (#7489)
  • ad1590f Add test for Pie and Legend animation (#7488)
  • 337edbd Add animate-by-scroll example and update docs (#7487)
  • 0063aa4 fix: preserve single-value line dash gaps during animation (#7405)
  • 6dbe130 Add new example where chart animates by scroll (#7484)
  • a2c4171 Manual animations on website (#7483)
  • c88f5f3 Simplify and export some of the new animation props (#7481)
  • 410cf5c Renaming some of the animation props (<...

    Description has been truncated

---
updated-dependencies:
- dependency-name: "@tailwindcss/postcss"
  dependency-version: 4.3.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-minor
- dependency-name: "@tanstack/react-query"
  dependency-version: 5.101.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-minor
- dependency-name: "@types/react"
  dependency-version: 19.2.17
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-minor
- dependency-name: "@types/react"
  dependency-version: 19.2.17
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-minor
- dependency-name: "@vitejs/plugin-react"
  dependency-version: 6.0.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-minor
- dependency-name: "@vitest/coverage-v8"
  dependency-version: 4.1.9
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-minor
- dependency-name: autoprefixer
  dependency-version: 10.5.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-minor
- dependency-name: axios
  dependency-version: 1.18.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-minor
- dependency-name: date-fns
  dependency-version: 4.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-minor
- dependency-name: eslint-plugin-react-hooks
  dependency-version: 7.1.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-minor
- dependency-name: eslint-plugin-react-refresh
  dependency-version: 0.5.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-minor
- dependency-name: framer-motion
  dependency-version: 12.42.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-minor
- dependency-name: globals
  dependency-version: 17.7.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-minor
- dependency-name: jsdom
  dependency-version: 29.1.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-minor
- dependency-name: lucide-react
  dependency-version: 1.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-minor
- dependency-name: msw
  dependency-version: 2.14.6
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-minor
- dependency-name: postcss
  dependency-version: 8.5.15
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-minor
- dependency-name: react
  dependency-version: 19.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-minor
- dependency-name: react-dom
  dependency-version: 19.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-minor
- dependency-name: react-router-dom
  dependency-version: 7.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-minor
- dependency-name: recharts
  dependency-version: 3.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-minor
- dependency-name: tailwind-merge
  dependency-version: 3.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-minor
- dependency-name: tailwindcss
  dependency-version: 4.3.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-minor
- dependency-name: typescript-eslint
  dependency-version: 8.62.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-minor
- dependency-name: vite
  dependency-version: 8.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-minor
- dependency-name: vitest
  dependency-version: 4.1.9
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-minor
- dependency-name: zustand
  dependency-version: 5.0.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/frontend/develop/npm-minor-37566c3539 branch from 5287b08 to dfcddf5 Compare July 10, 2026 19:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants