Bump the npm-all group across 1 directory with 18 updates by dependabot[bot] · Pull Request #369 · rodlukas/UP-admin

dependabot · 2026-05-01T02:40:36Z

Bumps the npm-all group with 17 updates in the /frontend directory:

Package	From	To
@sentry/browser	`10.49.0`	`10.51.0`
@tanstack/react-query	`5.99.0`	`5.100.6`
@tanstack/react-router	`1.168.22`	`1.169.1`
axios	`1.15.0`	`1.15.2`
react-toastify	`11.0.5`	`11.1.0`
@babel/preset-env	`7.29.2`	`7.29.3`
@tanstack/eslint-plugin-query	`5.99.0`	`5.100.6`
@tanstack/react-query-devtools	`5.99.0`	`5.100.6`
@typescript-eslint/eslint-plugin	`8.58.2`	`8.59.1`
cssnano	`7.1.5`	`7.1.7`
eslint-plugin-react-hooks	`7.1.0`	`7.1.1`
html-webpack-plugin	`5.6.6`	`5.6.7`
jsdom	`29.0.2`	`29.1.1`
msw	`2.13.4`	`2.14.2`
postcss	`8.5.10`	`8.5.13`
terser-webpack-plugin	`5.4.0`	`5.5.0`
vitest	`4.1.4`	`4.1.5`

Updates @sentry/browser from 10.49.0 to 10.51.0

Release notes

Sourced from @sentry/browser's releases.

10.51.0

Important Changes
feat(cloudflare): Add trace propagation for RPC method calls (#20343)

Trace context is now propagated across Cloudflare Workers RPC calls, connecting traces between Workers and Durable Objects. This feature is opt-in and requires setting enableRpcTracePropagation: true in your SDK configuration:
// Worker
export default Sentry.withSentry(
  env => ({
    dsn: env.SENTRY_DSN,
    enableRpcTracePropagation: true,
  }),
  handler,
);
// Durable Object
export const MyDurableObject = Sentry.instrumentDurableObjectWithSentry(
env => ({
dsn: env.SENTRY_DSN,
enableRpcTracePropagation: true,
}),
MyDurableObjectBase,
);
feat(hono)!: Change setup for @sentry/hono/node (init in external file) (#20497)

To improve Node.js instrumentation, the sentry() middleware exported from @sentry/hono/node no longer accepts configuration options. Instead, you must configure the SDK by calling Sentry.init() in a dedicated instrumentation file that runs before your application code (read more in the Hono SDK readme:
// instrument.mjs (or instrument.ts)
import * as Sentry from '@sentry/hono/node';
Sentry.init({
dsn: 'DSN',
tracesSampleRate: 1.0,
});
feat(nitro): Add @sentry/nitro SDK (#19224)

A new @sentry/nitro package provides first-class Sentry support for Nitro applications, with HTTP handler and error instrumentation, middleware tracing, request isolation, and build-time source map uploading via withSentryConfig. Read more in the Nitro SDK docs and the Nitro SDK readme.
Other Changes

... (truncated)

Changelog

Sourced from @sentry/browser's changelog.

10.51.0

Important Changes
feat(cloudflare): Add trace propagation for RPC method calls (#20343)

Trace context is now propagated across Cloudflare Workers RPC calls, connecting traces between Workers and Durable Objects. This feature is opt-in and requires setting enableRpcTracePropagation: true in your SDK configuration:
// Worker
export default Sentry.withSentry(
  env => ({
    dsn: env.SENTRY_DSN,
    enableRpcTracePropagation: true,
  }),
  handler,
);
// Durable Object
export const MyDurableObject = Sentry.instrumentDurableObjectWithSentry(
env => ({
dsn: env.SENTRY_DSN,
enableRpcTracePropagation: true,
}),
MyDurableObjectBase,
);
feat(hono)!: Change setup for @sentry/hono/node (init in external file) (#20497)

To improve Node.js instrumentation, the sentry() middleware exported from @sentry/hono/node no longer accepts configuration options. Instead, you must configure the SDK by calling Sentry.init() in a dedicated instrumentation file that runs before your application code (read more in the Hono SDK readme:
// instrument.mjs (or instrument.ts)
import * as Sentry from '@sentry/hono/node';
Sentry.init({
dsn: 'DSN',
tracesSampleRate: 1.0,
});
feat(nitro): Add @sentry/nitro SDK (#19224)

A new @sentry/nitro package provides first-class Sentry support for Nitro applications, with HTTP handler and error instrumentation, middleware tracing, request isolation, and build-time source map uploading via withSentryConfig. Read more in the Nitro SDK docs and the Nitro SDK readme.
Other Changes

... (truncated)

Commits

dc0b839 release: 10.51.0
b3cabee Merge pull request #20599 from getsentry/prepare-release/10.51.0
3be99a9 meta(changelog): Update changelog for 10.51.0
bea1aad test(browser): Unflake some more tests (#20591)
50aa085 test(node): Unflake postgres tests (#20593)
1166839 fix(hono): Distinguish .use() middleware in sub-apps from .all() handlers...
217ad4a test(node): Fix flaky ANR test (#20592)
91ffb3f test(node): Fix flaky worker thread integration test (#20588)
c4e3902 chore(ci): Do not report flaky test issues if we cannot find a test name (#20...
c0005cd test(node): Update timeout for cron integration tests (#20586)
Additional commits viewable in compare view

Updates @tanstack/react-query from 5.99.0 to 5.100.6

Release notes

Sourced from @tanstack/react-query's releases.

@tanstack/react-query-devtools@5.100.6

Patch Changes

Updated dependencies []:

@tanstack/query-devtools@5.100.6

@tanstack/react-query@5.100.6

@tanstack/react-query-next-experimental@5.100.6

Patch Changes

Updated dependencies []:

@tanstack/react-query@5.100.6

@tanstack/react-query-persist-client@5.100.6

Patch Changes

Updated dependencies []:

@tanstack/query-persist-client-core@5.100.6

@tanstack/react-query@5.100.6

@tanstack/react-query@5.100.6

Patch Changes

Updated dependencies []:

@tanstack/query-core@5.100.6

@tanstack/react-query-devtools@5.100.5

Patch Changes

Updated dependencies []:

@tanstack/query-devtools@5.100.5

@tanstack/react-query@5.100.5

@tanstack/react-query-next-experimental@5.100.5

Patch Changes

Updated dependencies []:

@tanstack/react-query@5.100.5

@tanstack/react-query-persist-client@5.100.5

Patch Changes

Updated dependencies []:

@tanstack/query-persist-client-core@5.100.5

@tanstack/react-query@5.100.5

@tanstack/react-query@5.100.5

Patch Changes

Updated dependencies [a53ef97]:

... (truncated)

Changelog

Sourced from @tanstack/react-query's changelog.

5.100.6

Patch Changes

Updated dependencies []:

@tanstack/query-core@5.100.6

5.100.5

Patch Changes

Updated dependencies [a53ef97]:

@tanstack/query-core@5.100.5

5.100.4

Patch Changes

Updated dependencies []:

@tanstack/query-core@5.100.4

5.100.3

Patch Changes

fix(suspense): skip calling combine when queries would suspend (#10576)

Updated dependencies [f85d825]:

@tanstack/query-core@5.100.3

5.100.2

Patch Changes

Updated dependencies [ea4497e, d6a7bf3, 645d5d1]:

@tanstack/query-core@5.100.2

5.100.1

Patch Changes

Updated dependencies [1bb0d23]:

@tanstack/query-core@5.100.1

5.100.0

Patch Changes

Updated dependencies [6540a41]:

@tanstack/query-core@5.100.0

... (truncated)

Commits

87f7ccf ci: Version Packages (#10604)
441204b ci: Version Packages (#10582)
55afb3e ci: Version Packages (#10581)
fe287cc ci: Version Packages (#10579)
f85d825 Feature/use suspense queries combine (#10576)
93b2845 ci: Version Packages (#10575)
ea4497e fix(query-core): stop wrapping persister generics in NoInfer (#10510)
2f9527e ci: Version Packages (#10568)
ad517e5 ci: Version Packages (#10567)
6540a41 feat(core): callback for retryOnMount (#10515)
Additional commits viewable in compare view

Updates @tanstack/react-router from 1.168.22 to 1.169.1

Changelog

Sourced from @tanstack/react-router's changelog.

1.169.1

Patch Changes

Updated dependencies [4a1e63f]:

@tanstack/router-core@1.169.1

1.169.0

Minor Changes

Allow params.parse to experimentally return false to skip an incoming route candidate during path matching. Thrown parse errors still surface on the selected match instead of falling through, and outgoing typed route-template links continue to use exact route lookup followed by params.stringify for URL generation. (#7263)

Patch Changes

Updated dependencies [c992495]:

@tanstack/router-core@1.169.0

1.168.26

Patch Changes

Updated dependencies [b5c4183]:

@tanstack/router-core@1.168.18

1.168.25

Patch Changes

Updated dependencies [493148b]:

@tanstack/router-core@1.168.17

1.168.24

Patch Changes

Add TanStack Start inline CSS manifest support for SSR so route styles can be embedded in the HTML response and hydrated without duplicate stylesheet links. (#7253)

Updated dependencies [4d864ee]:

@tanstack/router-core@1.168.16

1.168.23

Patch Changes

fix(react-router): prevent webpack static analysis of React.use with let binding (#7182)

Commits

2c9f5c0 ci: changeset release
4a1e63f fix: parse params union inference (#7306)
dad0ec8 ci: changeset release
c992495 feat: match params (#7263)
a730094 ci: changeset release
1285422 ci: changeset release
4c161c5 ci: changeset release
4d864ee inline css (#7253)
91a7089 rsbuild plugin (#7228)
4d66d42 ci: changeset release
Additional commits viewable in compare view

Updates axios from 1.15.0 to 1.15.2

Release notes

Sourced from axios's releases.

v1.15.2

This release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in allowedSocketPaths allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.

🔒 Security Fixes

Prototype Pollution Hardening (HTTP Adapter): Hardened the Node HTTP adapter and resolveConfig/mergeConfig/validator paths to read only own properties and use null-prototype config objects, preventing polluted auth, baseURL, socketPath, beforeRedirect, and insecureHTTPParser from influencing requests. (#10779)

SSRF via socketPath: Rejects non-string socketPath values and adds an opt-in allowedSocketPaths config option to restrict permitted Unix domain socket paths, returning AxiosError ERR_BAD_OPTION_VALUE on mismatch. (#10777)

Supply-chain Hardening: Added .npmrc with ignore-scripts=true, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded SECURITY.md/THREATMODEL.md with provenance verification (npm audit signatures), 60-day resolution policy, and maintainer incident-response runbook. (#10776)

🚀 New Features

allowedSocketPaths Config Option: New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (#10777)

🐛 Bug Fixes

Keep-alive Socket Memory Leak: Installs a single per-socket error listener tracking the active request via kAxiosSocketListener/kAxiosCurrentReq, eliminating per-request listener accumulation, MaxListenersExceededWarning, and linear heap growth under concurrent or long-running keep-alive workloads (fixes #10780). (#10788)

🔧 Maintenance & Chores

Changelog: Updated CHANGELOG.md with v1.15.1 release notes. (#10781)

Full Changelog

v1.15.1

This release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.

🔒 Security Fixes

Header Injection Hardening: Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (#10749)

CRLF Stripping in Multipart Headers: Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (#10758)

Prototype Pollution / Auth Bypass: Replaced unsafe in checks with hasOwnProperty to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (#10761, #10760)

withXSRFToken Truthy Bypass: Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (#10762)

maxBodyLength With Zero Redirects: Enforces maxBodyLength even when maxRedirects is set to 0, closing a bypass path for oversized request bodies. (#10753)

Streamed Response maxContentLength Bypass: Applies maxContentLength to streamed responses that previously bypassed the cap. (#10754)

Follow-up CVE Completion: Completes an earlier incomplete CVE fix to fully close the regression window. (#10755)

🚀 New Features

AI-Based Docs Translations: Initial scaffold for AI-assisted translations of the documentation site. (#10705)

Location Request Header Type: Adds Location to CommonRequestHeadersList for accurate typing of redirect-aware requests. (#7528)

🐛 Bug Fixes

FormData Handling: Removes Content-Type when no boundary is present on FormData fetch requests, supports multi-select fields, cancels request.body instead of the source stream on fetch abort, and fixes a recursion bug in form-data serialisation. (#7314, #10676, #10702, #10726)

HTTP Adapter: Handles socket-only request errors without leaking keep-alive listeners. (#10576)

Progress Events: Clamps loaded to total for computable upload/download progress events. (#7458)

Types: Aligns runWhen type with the runtime behaviour in InterceptorManager and makes response header keys case-insensitive. (#7529, #10677)

buildFullPath: Uses strict equality in the base/relative URL check. (#7252)

AxiosURLSearchParams Regex: Improves the regex used for param serialisation to avoid edge-case mismatches. (#10736)

Resilient Value Parsing: Parses out header/config values instead of throwing on malformed input. (#10687)

... (truncated)

Changelog

Sourced from axios's changelog.

v1.15.2 - April 21, 2026

This release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in allowedSocketPaths allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.

🔒 Security Fixes

Prototype Pollution Hardening (HTTP Adapter): Hardened the Node HTTP adapter and resolveConfig/mergeConfig/validator paths to read only own properties and use null-prototype config objects, preventing polluted auth, baseURL, socketPath, beforeRedirect, and insecureHTTPParser from influencing requests. (#10779)

SSRF via socketPath: Rejects non-string socketPath values and adds an opt-in allowedSocketPaths config option to restrict permitted Unix domain socket paths, returning AxiosError ERR_BAD_OPTION_VALUE on mismatch. (#10777)

Supply-chain Hardening: Added .npmrc with ignore-scripts=true, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded SECURITY.md/THREATMODEL.md with provenance verification (npm audit signatures), 60-day resolution policy, and maintainer incident-response runbook. (#10776)

🚀 New Features

allowedSocketPaths Config Option: New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (#10777)

🐛 Bug Fixes

Keep-alive Socket Memory Leak: Installs a single per-socket error listener tracking the active request via kAxiosSocketListener/kAxiosCurrentReq, eliminating per-request listener accumulation, MaxListenersExceededWarning, and linear heap growth under concurrent or long-running keep-alive workloads (fixes #10780). (#10788)

🔧 Maintenance & Chores

Changelog: Updated CHANGELOG.md with v1.15.1 release notes. (#10781)

Full Changelog

v1.15.1 - April 19, 2026

This release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.

🔒 Security Fixes

Header Injection Hardening: Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (#10749)

CRLF Stripping in Multipart Headers: Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (#10758)

Prototype Pollution / Auth Bypass: Replaced unsafe in checks with hasOwnProperty to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (#10761, #10760)

withXSRFToken Truthy Bypass: Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (#10762)

maxBodyLength With Zero Redirects: Enforces maxBodyLength even when maxRedirects is set to 0, closing a bypass path for oversized request bodies. (#10753)

Streamed Response maxContentLength Bypass: Applies maxContentLength to streamed responses that previously bypassed the cap. (#10754)

Follow-up CVE Completion: Completes an earlier incomplete CVE fix to fully close the regression window. (#10755)

🚀 New Features

AI-Based Docs Translations: Initial scaffold for AI-assisted translations of the documentation site. (#10705)

... (truncated)

Commits

5829343 chore(release): prepare release 1.15.2 (#10789)
4709a48 fix: added fix for memory leak in sockets (#10788)
be33360 chore: update changelog (#10781)
4791514 fix: more header pollutions (#10779)
6feafcf fix: socket issue (#10777)
302e273 docs: update docs, add a couple actions etc (#10776)
ac42446 chore(release): prepare release 1.15.1 (#10767)
908f220 docs: update threatmodel (#10765)
f93f815 docs: added docs around potential decompressions bomb (#10763)
1728aa1 fix: short-circuits on any truthy non-boolean in withXSRFToken (#10762)
Additional commits viewable in compare view

Updates react-toastify from 11.0.5 to 11.1.0

Release notes

Sourced from react-toastify's releases.

v11.1.0

Release Notes

Features

CSP nonce support. <ToastContainer nonce={...}> applies the nonce to the injected <style> tag. Closes #1209.

Fixes

onChange fires status: 'removed' synchronously on toast.dismiss() instead of after the exit animation — observers (incl. useNotificationCenter) now see correctly ordered events. Also guards against double-onClose. Closes #1275.

Touch drag no longer re-pauses the toast on release — the old check compared a PointerEvent against 'touchend', which never matched. Closes #1217.

Vertical drag now visually moves the toast (--y gets a unit). Thanks @janpaepke, #1277.

Stacked scale is clamped at 0.5, preventing zero/negative scale in deep stacks. Closes #1171, #1174.

Stacked container respects mobile 100vw again. Closes #1234.

Accessibility

role="progressbar" now includes aria-valuenow, aria-valuemin, aria-valuemax. Thanks @singhankit001, #1283. Closes #1259.

Internal

Migrated to a pnpm workspace (pnpm link . no longer required for contributors). Publish layout unchanged — addon still ships inside the main package.

CSS now injected at mount via useStyleSheet (prerequisite for nonce).

Dep bumps: TypeScript 6, Vite 8, Cypress 15, React 19.2, plus the rest.

CI: upload-artifact v3 → v4.

Thanks to @janpaepke, @singhankit001, and reporters of the fixed issues.

Commits

769ce82 11.1.0
de21958 remove year from license
c800992 fix: add unit to --y CSS variable to fix vertical drag
e4ab712 fix chicken and egg issue
b3bbab5 bump artifact action
6d58ce4 fix: stacked toast invert size, when used as stacked
50e8e42 fix: stacked container on mobile not 100vw
1b2ee17 fix: dispatch 'removed' onChange event synchronously on dismiss
a2d376b feat: add ARIA accessibility attributes to ProgressBar
8375ace fix: touch bug in onDragTransitionEnd, closes #1217
Additional commits viewable in compare view

Updates @babel/preset-env from 7.29.2 to 7.29.3

Release notes

Sourced from @babel/preset-env's releases.

v7.29.3 (2026-04-30)

👓 Spec Compliance

babel-parser

#17923 Support flow extends bound (@JLHwung)

🐛 Bug Fix

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators

#17931 fix(decorators): replace super within all removed static elements (@JLHwung)

babel-register

#17915 Fix thread synchronization issues in @babel/register (@liuxingbaoyu)

babel-compat-data, babel-plugin-bugfix-safari-rest-destructuring-rhs-array, babel-preset-env

#17788 Add bugfix plugin for Safari array rest destructuring bug (@JLHwung)

💅 Polish

babel-parser

#17782 Improve trailing comma comment handling (@JLHwung)

📝 Documentation

#17847 Replace npmjs.com links with npmx.dev (@nicolo-ribaudo)

🏃‍♀️ Performance

babel-helper-import-to-platform-api, babel-plugin-proposal-import-wasm-source, babel-plugin-transform-json-modules

#17818 Load async Wasm and JSON imports in parallel (@nicolo-ribaudo)

Committers: 4

Babel Bot (@babel-bot)

Huáng Jùnliàng (@JLHwung)

Nicolò Ribaudo (@nicolo-ribaudo)

@liuxingbaoyu

Commits

183db7b v7.29.3
268f246 Add bugfix plugin for Safari array rest destructuring bug (#17788)
f8524d8 Update compat data (#17686)
See full diff in compare view

Updates @tanstack/eslint-plugin-query from 5.99.0 to 5.100.6

Release notes

Sourced from @tanstack/eslint-plugin-query's releases.

@tanstack/eslint-plugin-query@5.100.6

No release notes provided.

Changelog

Sourced from @tanstack/eslint-plugin-query's changelog.

5.100.6

5.100.5

5.100.4

5.100.3

5.100.2

5.100.1

5.100.0

5.99.2

5.99.1

Patch Changes

fix(eslint-plugin-query): fix no-void-query-fn false positive on enum returns for typescript 6. (#10460)

Commits

87f7ccf ci: Version Packages (#10604)
441204b ci: Version Packages (#10582)
55afb3e ci: Version Packages (#10581)
fe287cc ci: Version Packages (#10579)
93b2845 ci: Version Packages (#10575)
2f9527e ci: Version Packages (#10568)
ad517e5 ci: Version Packages (#10567)
6b6667e test(*): migrate 'test' to 'it' and enforce 'vitest/consistent-test-it' rule ...
a3ec7b3 ci: Version Packages (#10520)
69d2757 ci: Version Packages (#10514)
Additional commits viewable in compare view

Updates @tanstack/react-query-devtools from 5.99.0 to 5.100.6

Release notes

Sourced from @tanstack/react-query-devtools's releases.

@tanstack/react-query-devtools@5.100.6

Patch Changes

Updated dependencies []:

@tanstack/query-devtools@5.100.6

@tanstack/react-query@5.100.6

@tanstack/react-query-devtools@5.100.5

Patch Changes

Updated dependencies []:

@tanstack/query-devtools@5.100.5

@tanstack/react-query@5.100.5

@tanstack/react-query-devtools@5.100.4

Patch Changes

fix(devtools): change onClose callback type from () => unknown to () => void (#10118)

Updated dependencies [3d1a62e]:

@tanstack/query-devtools@5.100.4

@tanstack/react-query@5.100.4

@tanstack/react-query-devtools@5.100.3

Patch Changes

Updated dependencies [f85d825]:

@tanstack/react-query@5.100.3

@tanstack/query-devtools@5.100.3

@tanstack/react-query-devtools@5.100.2

Patch Changes

Updated dependencies []:

@tanstack/query-devtools@5.100.2

@tanstack/react-query@5.100.2

Changelog

Sourced from @tanstack/react-query-devtools's changelog.

5.100.6

Patch Changes

Updated dependencies []:

@tanstack/query-devtools@5.100.6

@tanstack/react-query@5.100.6

5.100.5

Patch Changes

Updated dependencies []:

@tanstack/query-devtools@5.100.5

@tanstack/react-query@5.100.5

5.100.4

Patch Changes

fix(devtools): change onClose callback type from () => unknown to () => void (#10118)

Updated dependencies [3d1a62e]:

@tanstack/query-devtools@5.100.4

@tanstack/react-query@5.100.4

5.100.3

Patch Changes

Updated dependencies [f85d825]:

@tanstack/react-query@5.100.3

@tanstack/query-devtools@5.100.3

5.100.2

Patch Changes

Updated dependencies []:

@tanstack/query-devtools@5.100.2

@tanstack/react-query@5.100.2

5.100.1

Patch Changes

Updated dependencies []:

@tanstack/query-devtools@5.100.1

@tanstack/react-query@5.100.1

... (truncated)

Commits

87f7ccf ci: Version Packages (#10604)
441204b ci: Version Packages (#10582)
55afb3e ci: Version Packages (#10581)
3d1a62e fix(devtools): change onClose callback type from () => unknown to () … (#10118)
fe287cc ci: Version Packages (#10579)
93b2845 ci: Version Packages (#10575)
2f9527e ci: Version Packages (#10568)
ad517e5 ci: Version Packages (#10567)
a3ec7b3 ci: Version Packages (#10520)
69d2757 ci: Version Packages (#10514)
See full diff in compare view

Updates @typescript-eslint/eslint-plugin from 8.58.2 to 8.59.1

Release notes

Sourced from @typescript-eslint/eslint-plugin's releases.

v8.59.1

8.59.1 (2026-04-27)

🩹 Fixes

eslint-plugin: [no-unnecessary-type-assertion] fix crash "TypeError: checker.getTypeArguments is not a function" (#12246)

eslint-plugin: [no-unnecessary-type-assertion] preserve index signatures in undefined unions (#12257)

eslint-plugin: [no-unnecessary-type-assertion] preserve phantom type arguments in generic inference (#12269)

eslint-plugin: [no-unnecessary-type-assertion] avoid false positive in logical assignment assertions (#12278)

eslint-plugin: [no-unnecessary-type-arguments] handle instantiation expressions (#12220)

eslint-plugin: [no-unnecessary-condition] treat void as nullish in no-unnecessary-condition (#12241)

❤️ Thank You

anasm266 @anasm266

Anshika Jain @Anshikakalpana

Ulrich Stark

yugo innami @nami8824

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.59.0

8.59.0 (2026-04-20)

🚀 Features

eslint-plugin: [no-unnecessary-type-assertion] report more cases based on assignability (#11789)

❤️ Thank You

Ulrich Stark

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @typescript-eslint/eslint-plugin's changelog.

8.59.1 (2026-04-27)

🩹 Fixes

eslint-plugin: [no-unnecessary-condition] treat void as nullish in no-unnecessary-condition (#12241)

eslint-plugin: [no-unnecessary-type-arguments] handle instantiation expressions (#12220)

eslint-plugin: [no-unnecessary-type-assertion] avoid false positive in logical assignment assertions (#12278)

eslint-plugin: [no-unnecessary-type-assertion] preserve phantom type arguments in generic inference (#12269)
Description has been truncated

Bumps the npm-all group with 17 updates in the /frontend directory: | Package | From | To | | --- | --- | --- | | [@sentry/browser](https://github.com/getsentry/sentry-javascript) | `10.49.0` | `10.51.0` | | [@tanstack/react-query](https://github.com/TanStack/query/tree/HEAD/packages/react-query) | `5.99.0` | `5.100.6` | | [@tanstack/react-router](https://github.com/TanStack/router/tree/HEAD/packages/react-router) | `1.168.22` | `1.169.1` | | [axios](https://github.com/axios/axios) | `1.15.0` | `1.15.2` | | [react-toastify](https://github.com/fkhadra/react-toastify) | `11.0.5` | `11.1.0` | | [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env) | `7.29.2` | `7.29.3` | | [@tanstack/eslint-plugin-query](https://github.com/TanStack/query/tree/HEAD/packages/eslint-plugin-query) | `5.99.0` | `5.100.6` | | [@tanstack/react-query-devtools](https://github.com/TanStack/query/tree/HEAD/packages/react-query-devtools) | `5.99.0` | `5.100.6` | | [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) | `8.58.2` | `8.59.1` | | [cssnano](https://github.com/cssnano/cssnano) | `7.1.5` | `7.1.7` | | [eslint-plugin-react-hooks](https://github.com/facebook/react/tree/HEAD/packages/eslint-plugin-react-hooks) | `7.1.0` | `7.1.1` | | [html-webpack-plugin](https://github.com/jantimon/html-webpack-plugin) | `5.6.6` | `5.6.7` | | [jsdom](https://github.com/jsdom/jsdom) | `29.0.2` | `29.1.1` | | [msw](https://github.com/mswjs/msw) | `2.13.4` | `2.14.2` | | [postcss](https://github.com/postcss/postcss) | `8.5.10` | `8.5.13` | | [terser-webpack-plugin](https://github.com/webpack/terser-webpack-plugin) | `5.4.0` | `5.5.0` | | [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `4.1.4` | `4.1.5` | Updates `@sentry/browser` from 10.49.0 to 10.51.0 - [Release notes](https://github.com/getsentry/sentry-javascript/releases) - [Changelog](https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md) - [Commits](getsentry/sentry-javascript@10.49.0...10.51.0) Updates `@tanstack/react-query` from 5.99.0 to 5.100.6 - [Release notes](https://github.com/TanStack/query/releases) - [Changelog](https://github.com/TanStack/query/blob/main/packages/react-query/CHANGELOG.md) - [Commits](https://github.com/TanStack/query/commits/@tanstack/react-query@5.100.6/packages/react-query) Updates `@tanstack/react-router` from 1.168.22 to 1.169.1 - [Release notes](https://github.com/TanStack/router/releases) - [Changelog](https://github.com/TanStack/router/blob/main/packages/react-router/CHANGELOG.md) - [Commits](https://github.com/TanStack/router/commits/@tanstack/react-router@1.169.1/packages/react-router) Updates `axios` from 1.15.0 to 1.15.2 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.15.0...v1.15.2) Updates `react-toastify` from 11.0.5 to 11.1.0 - [Release notes](https://github.com/fkhadra/react-toastify/releases) - [Commits](fkhadra/react-toastify@v11.0.5...v11.1.0) Updates `@babel/preset-env` from 7.29.2 to 7.29.3 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.29.3/packages/babel-preset-env) Updates `@tanstack/eslint-plugin-query` from 5.99.0 to 5.100.6 - [Release notes](https://github.com/TanStack/query/releases) - [Changelog](https://github.com/TanStack/query/blob/main/packages/eslint-plugin-query/CHANGELOG.md) - [Commits](https://github.com/TanStack/query/commits/@tanstack/eslint-plugin-query@5.100.6/packages/eslint-plugin-query) Updates `@tanstack/react-query-devtools` from 5.99.0 to 5.100.6 - [Release notes](https://github.com/TanStack/query/releases) - [Changelog](https://github.com/TanStack/query/blob/main/packages/react-query-devtools/CHANGELOG.md) - [Commits](https://github.com/TanStack/query/commits/@tanstack/react-query-devtools@5.100.6/packages/react-query-devtools) Updates `@typescript-eslint/eslint-plugin` from 8.58.2 to 8.59.1 - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.59.1/packages/eslint-plugin) Updates `@typescript-eslint/parser` from 8.58.2 to 8.59.1 - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.59.1/packages/parser) Updates `cssnano` from 7.1.5 to 7.1.7 - [Release notes](https://github.com/cssnano/cssnano/releases) - [Commits](https://github.com/cssnano/cssnano/compare/cssnano@7.1.5...cssnano@7.1.7) Updates `eslint-plugin-react-hooks` from 7.1.0 to 7.1.1 - [Release notes](https://github.com/facebook/react/releases) - [Changelog](https://github.com/facebook/react/blob/main/packages/eslint-plugin-react-hooks/CHANGELOG.md) - [Commits](https://github.com/facebook/react/commits/eslint-plugin-react-hooks@7.1.1/packages/eslint-plugin-react-hooks) Updates `html-webpack-plugin` from 5.6.6 to 5.6.7 - [Release notes](https://github.com/jantimon/html-webpack-plugin/releases) - [Changelog](https://github.com/jantimon/html-webpack-plugin/blob/main/CHANGELOG.md) - [Commits](jantimon/html-webpack-plugin@v5.6.6...v5.6.7) Updates `jsdom` from 29.0.2 to 29.1.1 - [Release notes](https://github.com/jsdom/jsdom/releases) - [Commits](jsdom/jsdom@v29.0.2...v29.1.1) Updates `msw` from 2.13.4 to 2.14.2 - [Release notes](https://github.com/mswjs/msw/releases) - [Changelog](https://github.com/mswjs/msw/blob/main/CHANGELOG.md) - [Commits](mswjs/msw@v2.13.4...v2.14.2) Updates `postcss` from 8.5.10 to 8.5.13 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.5.10...8.5.13) Updates `terser-webpack-plugin` from 5.4.0 to 5.5.0 - [Release notes](https://github.com/webpack/terser-webpack-plugin/releases) - [Changelog](https://github.com/webpack/terser-webpack-plugin/blob/main/CHANGELOG.md) - [Commits](webpack/terser-webpack-plugin@v5.4.0...v5.5.0) Updates `vitest` from 4.1.4 to 4.1.5 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.5/packages/vitest) --- updated-dependencies: - dependency-name: "@sentry/browser" dependency-version: 10.51.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-all - dependency-name: "@tanstack/react-query" dependency-version: 5.100.6 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-all - dependency-name: "@tanstack/react-router" dependency-version: 1.169.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-all - dependency-name: axios dependency-version: 1.15.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-all - dependency-name: react-toastify dependency-version: 11.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-all - dependency-name: "@babel/preset-env" dependency-version: 7.29.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-all - dependency-name: "@tanstack/eslint-plugin-query" dependency-version: 5.100.6 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-all - dependency-name: "@tanstack/react-query-devtools" dependency-version: 5.100.6 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-all - dependency-name: "@typescript-eslint/eslint-plugin" dependency-version: 8.59.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-all - dependency-name: "@typescript-eslint/parser" dependency-version: 8.59.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-all - dependency-name: cssnano dependency-version: 7.1.7 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-all - dependency-name: eslint-plugin-react-hooks dependency-version: 7.1.1 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-all - dependency-name: html-webpack-plugin dependency-version: 5.6.7 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-all - dependency-name: jsdom dependency-version: 29.1.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-all - dependency-name: msw dependency-version: 2.14.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-all - dependency-name: postcss dependency-version: 8.5.13 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-all - dependency-name: terser-webpack-plugin dependency-version: 5.5.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-all - dependency-name: vitest dependency-version: 4.1.5 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-all ... Signed-off-by: dependabot[bot] <support@github.com>

sonarqubecloud · 2026-05-01T02:41:31Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels May 1, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm-all group across 1 directory with 18 updates#369

Bump the npm-all group across 1 directory with 18 updates#369
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/frontend/npm-all-98fa469a18

dependabot Bot commented on behalf of github May 1, 2026

Uh oh!

sonarqubecloud Bot commented May 1, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 1, 2026

10.51.0

Important Changes

Other Changes

10.51.0

Important Changes

Other Changes

@​tanstack/react-query-devtools@​5.100.6

Patch Changes

@​tanstack/react-query-next-experimental@​5.100.6

Patch Changes

@​tanstack/react-query-persist-client@​5.100.6

Patch Changes

@​tanstack/react-query@​5.100.6

Patch Changes

@​tanstack/react-query-devtools@​5.100.5

Patch Changes

@​tanstack/react-query-next-experimental@​5.100.5

Patch Changes

@​tanstack/react-query-persist-client@​5.100.5

Patch Changes

@​tanstack/react-query@​5.100.5

Patch Changes

5.100.6

Patch Changes

5.100.5

Patch Changes

5.100.4

Patch Changes

5.100.3

Patch Changes

5.100.2

Patch Changes

5.100.1

Patch Changes

5.100.0

Patch Changes

1.169.1

Patch Changes

1.169.0

Minor Changes

Patch Changes

1.168.26

Patch Changes

1.168.25

Patch Changes

1.168.24

Patch Changes

1.168.23

Patch Changes

v1.15.2

🔒 Security Fixes

🚀 New Features

🐛 Bug Fixes

🔧 Maintenance & Chores

v1.15.1

🔒 Security Fixes

🚀 New Features

🐛 Bug Fixes

v1.15.2 - April 21, 2026

🔒 Security Fixes

🚀 New Features

🐛 Bug Fixes

🔧 Maintenance & Chores

v1.15.1 - April 19, 2026

🔒 Security Fixes

🚀 New Features

v11.1.0

Release Notes

Features

Fixes

Accessibility

Internal

v7.29.3 (2026-04-30)

👓 Spec Compliance

🐛 Bug Fix

💅 Polish

📝 Documentation

🏃‍♀️ Performance

`@tanstack/react-query-devtools@5`.100.6

`@tanstack/react-query-next-experimental@5`.100.6

`@tanstack/react-query-persist-client@5`.100.6

`@tanstack/react-query@5`.100.6

`@tanstack/react-query-devtools@5`.100.5

`@tanstack/react-query-next-experimental@5`.100.5

`@tanstack/react-query-persist-client@5`.100.5

`@tanstack/react-query@5`.100.5

`@tanstack/eslint-plugin-query@5`.100.6

`@tanstack/react-query-devtools@5`.100.6

`@tanstack/react-query-devtools@5`.100.5

`@tanstack/react-query-devtools@5`.100.4

`@tanstack/react-query-devtools@5`.100.3

`@tanstack/react-query-devtools@5`.100.2