Sourced from @​reduxjs/toolkit's releases.

v2.9.2

This bugfix release fixes a potential internal data leak in SSR environments, improves handling of headers in fetchBaseQuery, improves retry handling for unexpected errors and request aborts, and fixes a longstanding issue with prefetch leaving an unused subscription. We've also shipped a new graphqlRequestBaseQuery release with updated dependencies and better error handling.

Changelog

Internal Subscription Handling

We had a report that a Redux SSR app had internal subscription data showing up across different requests. After investigation, this was a bug introduced by the recent RTKQ perf optimizations, where the internal subscription fields were hoisted outside of the middleware setup and into createApi itself. This meant they existed outside of the per-store-instance lifecycle. We've reworked the logic to ensure the data is per-store again. We also fixed another issue that miscalculated when there was an active request while checking for cache entry cleanup.

Note that no actual app data was leaked in this case, just the internal subscription IDs that RTKQ uses in its own middleware to track the existence of subscriptions per cache entry.

fetchBaseQuery Headers

We've updated fetchBaseQuery to avoid setting content-type in cases where a non-JSONifiable value like FormData is being passed as the request body, so that the browser can set that content type itself. It also now sets the accept header based on the selected responseHandler (JSON or text).

retry Behavior and Cleanup

The retry util now respects the maxRetries option when catching unknown errors in addition to the existing known errors logic. It also now checks the request's AbortSignal and will stop retrying if aborted.

In conjunction with that, dispatching resetApiState will now abort all in-flight requests.

The prefetch util and usePrefetch hook had a long-standing issue where they would create a subscription for a cache entry, but there was no way to clean up that subscription. This meant that the cache entry was effectively permanent. They now initiate the request without adding a subscription. This will fetch the cache entry and leave it in the store for the keepUnusedDataFor period as intended, giving your app time to actually subscribe to the value (such as prefetching the cache entry in a route handler, and then subscribing in a component).

graphqlRequestBaseQuery

We've published @rtk-query/graphql-request-base-query v2.3.2, which updates the graphql-request dep to ^7. We also fixed an issue where the error handling rethrew unknown errors - it now returns {error} as a base query is supposed to.

What's Changed

• Fix potential subscription leakage in SSR environments by @​markerikson in reduxjs/redux-toolkit#5111
• Improve fetchBaseQuery default headers handling by @​markerikson in reduxjs/redux-toolkit#5112
• Respect maxRetries for unexpected errors by @​markerikson in reduxjs/redux-toolkit#5113
• fix: update graphql-request dependency to include version ^7.0.0 by @​eyesfocus in reduxjs/redux-toolkit#4987
• Add retry abort handling and abort on resetApiState by @​markerikson in reduxjs/redux-toolkit#5114
• Don't create subscriptions for prefetch calls by @​markerikson in reduxjs/redux-toolkit#5116

Full Changelog: reduxjs/redux-toolkit@v2.9.1...v2.9.2

• 32887d7 Release 2.9.2
• 4432629 Don't create subscriptions for prefetch calls (#5116)
• c86d948 Add retry abort handling and abort on resetApiState (#5114)
• 02630d2 fix: update graphql-request dependency to include version ^7.0.0 (#4987)
• 1b95037 Respect maxRetries for unexpected errors (#5113)
• c490b19 Improve fetchBaseQuery default headers handling (#5112)
• 7b7faea Fix potential subscription leakage in SSR environments (#5111)
• See full diff in compare view

Sourced from dayjs's releases.

v1.11.19

1.11.19 (2025-10-31)

Bug Fixes

• added usage warnings for diff + updated unit tests (#2948) (269a7a9)
• dont instantiate regexes within ar locale functions to avoid performance overhead (#2898) (af5e9f0)
• replace italian locale "un' ora fa" with "un'ora fa", add tests for it (#2930) (9e9f76c)
• Updated Belarusian locale with relative time (#2656) (1d8746c)

Sourced from dayjs's changelog.

1.11.19 (2025-10-31)

Bug Fixes

• added usage warnings for diff + updated unit tests (#2948) (269a7a9)
• dont instantiate regexes within ar locale functions to avoid performance overhead (#2898) (af5e9f0)
• replace italian locale "un' ora fa" with "un'ora fa", add tests for it (#2930) (9e9f76c)
• Updated Belarusian locale with relative time (#2656) (1d8746c)

• 02b7a5c chore(release): 1.11.19 [skip ci]
• 37193be Merge pull request #2950 from iamkun/dev
• 2db920b chore: update doc
• 4f72974 chore: update doc
• 0b36a07 chore: update doc
• 269a7a9 fix: added usage warnings for diff + updated unit tests (#2948)
• 9e3132e chore: update doc
• 84201e6 chore: update doc
• 80401e3 chore: update readme
• 88ad3fd test: Add unit test for Belarusian locale (#2934)
• Additional commits viewable in compare view

Sourced from react-router's releases.

v7.9.5

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v795

Sourced from react-router's changelog.

7.9.5

Patch Changes

• Move RSCHydratedRouter and utils to /dom export. (#14457)

• useRoute: return type-safe handle (#14462)

  For example:

  // app/routes/admin.tsx
  const handle = { hello: "world" };

  // app/routes/some-other-route.tsx
  export default function Component() {
    const admin = useRoute("routes/admin");
    if (!admin) throw new Error("Not nested within 'routes/admin'");
    console.log(admin.handle);
    //                ^? { hello: string }
  }

• Ensure action handlers run for routes with middleware even if no loader is present (#14443)

• Add unstable_instrumentations API to allow users to add observablity to their apps by instrumenting route loaders, actions, middlewares, lazy, as well as server-side request handlers and client side navigations/fetches (#14412)

  • Framework Mode:
    • entry.server.tsx: export const unstable_instrumentations = [...]
    • entry.client.tsx: <HydratedRouter unstable_instrumentations={[...]} />
  • Data Mode
    • createBrowserRouter(routes, { unstable_instrumentations: [...] })

  This also adds a new unstable_pattern parameter to loaders/actions/middleware which contains the un-interpolated route pattern (i.e., /blog/:slug) which is useful for aggregating performance metrics by route

• a191812 chore: Update version for release (#14485)
• 74bef78 chore: Update version for release (pre) (#14469)
• c0577e4 Merge branch 'main' into release-next
• 0163df4 fix(react-router): run action handlers for routes with middleware even if no ...
• c84016b Minor updates for instrumentations (#14467)
• adadca5 Add unstable_instrumentations API (#14412)
• dea842d fix: move RSCHydratedRouter and utils to /dom export (#14457)
• 1d1b188 useRoute: return type-safe handle (#14462)
• 3e3a223 docs: fix references (#14441)
• 158847e fix: Fix invalid markdown link for createHashRouter (#14434)
• Additional commits viewable in compare view

• See full diff in compare view

Sourced from vite's releases.

v7.1.12

Please refer to CHANGELOG.md for details.

Sourced from vite's changelog.

7.1.12 (2025-10-23)

Bug Fixes

• deps: downgrade commonjs plugin to 28.0.6 to avoid rollup/plugins#1909 (#20990) (56fd722)

• 2436afe release: v7.1.12
• 56fd722 fix(deps): downgrade commonjs plugin to 28.0.6 to avoid rollup/plugins#1909 (...
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions