From 60c57135c4a2cfa57f8517897e0e797727a449ee Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 28 Jul 2025 16:39:09 +0000 Subject: [PATCH 1/8] chore(deps-dev): Bump cypress from 14.5.2 to 14.5.3 (#1295) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [cypress](https://github.com/cypress-io/cypress) from 14.5.2 to 14.5.3.
Release notes

Sourced from cypress's releases.

v14.5.3

Changelog: https://docs.cypress.io/app/references/changelog#14-5-3

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cypress&package-manager=npm_and_yarn&previous-version=14.5.2&new-version=14.5.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 32 ++++++++++++++++---------------- package.json | 2 +- 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/package-lock.json b/package-lock.json index cdaee5e6..70fd7dfd 100644 --- a/package-lock.json +++ b/package-lock.json @@ -92,7 +92,7 @@ "@types/wicg-file-system-access": "^2023.10.6", "@vitejs/plugin-react": "^4.7.0", "cors": "^2.8.5", - "cypress": "^14.5.2", + "cypress": "^14.5.3", "cypress-plugin-tab": "^1.0.5", "eslint": "^9.31.0", "eslint-plugin-react": "^7.37.5", @@ -614,9 +614,9 @@ "license": "MIT" }, "node_modules/@cypress/request": { - "version": "3.0.8", - "resolved": "https://registry.npmjs.org/@cypress/request/-/request-3.0.8.tgz", - "integrity": "sha512-h0NFgh1mJmm1nr4jCwkGHwKneVYKghUyWe6TMNrk0B9zsjAJxpg8C4/+BAcmLgCPa1vj1V8rNUaILl+zYRUWBQ==", + "version": "3.0.9", + "resolved": "https://registry.npmjs.org/@cypress/request/-/request-3.0.9.tgz", + "integrity": "sha512-I3l7FdGRXluAS44/0NguwWlO83J18p0vlr2FYHrJkWdNYhgVoiYo61IXPqaOsL+vNxU1ZqMACzItGK3/KKDsdw==", "dev": true, "license": "Apache-2.0", "dependencies": { @@ -626,7 +626,7 @@ "combined-stream": "~1.0.6", "extend": "~3.0.2", "forever-agent": "~0.6.1", - "form-data": "~4.0.0", + "form-data": "~4.0.4", "http-signature": "~1.4.0", "is-typedarray": "~1.0.0", "isstream": "~0.1.2", @@ -4848,14 +4848,14 @@ "dev": true }, "node_modules/cypress": { - "version": "14.5.2", - "resolved": "https://registry.npmjs.org/cypress/-/cypress-14.5.2.tgz", - "integrity": "sha512-O4E4CEBqDHLDrJD/dfStHPcM+8qFgVVZ89Li7xDU0yL/JxO/V0PEcfF2I8aGa7uA2MGNLkNUAnghPM83UcHOJw==", + "version": "14.5.3", + "resolved": "https://registry.npmjs.org/cypress/-/cypress-14.5.3.tgz", + "integrity": "sha512-syLwKjDeMg77FRRx68bytLdlqHXDT4yBVh0/PPkcgesChYDjUZbwxLqMXuryYKzAyJsPsQHUDW1YU74/IYEUIA==", "dev": true, "hasInstallScript": true, "license": "MIT", "dependencies": { - "@cypress/request": "^3.0.8", + "@cypress/request": "^3.0.9", "@cypress/xvfb": "^1.2.4", "@types/sinonjs__fake-timers": "8.1.1", "@types/sizzle": "^2.3.2", @@ -12585,22 +12585,22 @@ "license": "ISC" }, "node_modules/tldts": { - "version": "6.1.85", - "resolved": "https://registry.npmjs.org/tldts/-/tldts-6.1.85.tgz", - "integrity": "sha512-gBdZ1RjCSevRPFix/hpaUWeak2/RNUZB4/8frF1r5uYMHjFptkiT0JXIebWvgI/0ZHXvxaUDDJshiA0j6GdL3w==", + "version": "6.1.86", + "resolved": "https://registry.npmjs.org/tldts/-/tldts-6.1.86.tgz", + "integrity": "sha512-WMi/OQ2axVTf/ykqCQgXiIct+mSQDFdH2fkwhPwgEwvJ1kSzZRiinb0zF2Xb8u4+OqPChmyI6MEu4EezNJz+FQ==", "dev": true, "license": "MIT", "dependencies": { - "tldts-core": "^6.1.85" + "tldts-core": "^6.1.86" }, "bin": { "tldts": "bin/cli.js" } }, "node_modules/tldts-core": { - "version": "6.1.85", - "resolved": "https://registry.npmjs.org/tldts-core/-/tldts-core-6.1.85.tgz", - "integrity": "sha512-DTjUVvxckL1fIoPSb3KE7ISNtkWSawZdpfxGxwiIrZoO6EbHVDXXUIlIuWympPaeS+BLGyggozX/HTMsRAdsoA==", + "version": "6.1.86", + "resolved": "https://registry.npmjs.org/tldts-core/-/tldts-core-6.1.86.tgz", + "integrity": "sha512-Je6p7pkk+KMzMv2XXKmAE3McmolOQFdxkKw0R8EYNr7sELW46JqnNeTX8ybPiQgvg1ymCoF8LXs5fzFaZvJPTA==", "dev": true, "license": "MIT" }, diff --git a/package.json b/package.json index a4627c94..0d3e2ecb 100644 --- a/package.json +++ b/package.json @@ -123,7 +123,7 @@ "@types/wicg-file-system-access": "^2023.10.6", "@vitejs/plugin-react": "^4.7.0", "cors": "^2.8.5", - "cypress": "^14.5.2", + "cypress": "^14.5.3", "cypress-plugin-tab": "^1.0.5", "eslint": "^9.31.0", "eslint-plugin-react": "^7.37.5", From 499d183dccc24f18119d80a880dd5e8c07b1b2d5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 28 Jul 2025 16:42:40 +0000 Subject: [PATCH 2/8] chore(deps-dev): Bump @eslint/js from 9.31.0 to 9.32.0 (#1297) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) from 9.31.0 to 9.32.0.
Release notes

Sourced from @​eslint/js's releases.

v9.32.0

Features

  • 1245000 feat: support explicit resource management in core rules (#19828) (fnx)
  • 0e957a7 feat: support typescript types in accessor rules (#19882) (fnx)

Bug Fixes

  • 960fd40 fix: Upgrade @​eslint/js (#19971) (Nicholas C. Zakas)
  • bbf23fa fix: Refactor reporting into FileReport (#19877) (Nicholas C. Zakas)
  • d498887 fix: bump @​eslint/plugin-kit to 0.3.4 to resolve vulnerability (#19965) (Milos Djermanovic)
  • f46fc6c fix: report only global references in no-implied-eval (#19932) (Nitin Kumar)
  • 7863d26 fix: remove outdated types in ParserOptions.ecmaFeatures (#19944) (ntnyq)
  • 3173305 fix: update execScript message in no-implied-eval rule (#19937) (TKDev7)

Documentation

  • 86e7426 docs: Update README (GitHub Actions Bot)

Chores

  • 50de1ce chore: package.json update for @​eslint/js release (Jenkins)
  • 74f01a3 ci: unpin jiti to version ^2.5.1 (#19970) (루밀LuMir)
  • 2ab1381 ci: pin jiti to version 2.4.2 (#19964) (Francesco Trotta)
  • b7f7545 test: switch to flat config mode in SourceCode tests (#19953) (Milos Djermanovic)
  • f5a35e3 test: switch to flat config mode in eslint-fuzzer (#19960) (Milos Djermanovic)
  • e22af8c refactor: use CustomRuleDefinitionType in JSRuleDefinition (#19949) (Francesco Trotta)
  • e855717 chore: switch performance tests to hyperfine (#19919) (Francesco Trotta)
  • 2f73a23 test: switch to flat config mode in ast-utils tests (#19948) (Milos Djermanovic)
  • c565a53 chore: exclude further_reading_links.json from Prettier formatting (#19943) (Milos Djermanovic)
Changelog

Sourced from @​eslint/js's changelog.

v9.32.0 - July 25, 2025

  • 960fd40 fix: Upgrade @​eslint/js (#19971) (Nicholas C. Zakas)
  • 50de1ce chore: package.json update for @​eslint/js release (Jenkins)
  • bbf23fa fix: Refactor reporting into FileReport (#19877) (Nicholas C. Zakas)
  • 74f01a3 ci: unpin jiti to version ^2.5.1 (#19970) (루밀LuMir)
  • d498887 fix: bump @​eslint/plugin-kit to 0.3.4 to resolve vulnerability (#19965) (Milos Djermanovic)
  • 2ab1381 ci: pin jiti to version 2.4.2 (#19964) (Francesco Trotta)
  • b7f7545 test: switch to flat config mode in SourceCode tests (#19953) (Milos Djermanovic)
  • f5a35e3 test: switch to flat config mode in eslint-fuzzer (#19960) (Milos Djermanovic)
  • f46fc6c fix: report only global references in no-implied-eval (#19932) (Nitin Kumar)
  • 86e7426 docs: Update README (GitHub Actions Bot)
  • e22af8c refactor: use CustomRuleDefinitionType in JSRuleDefinition (#19949) (Francesco Trotta)
  • 1245000 feat: support explicit resource management in core rules (#19828) (fnx)
  • e855717 chore: switch performance tests to hyperfine (#19919) (Francesco Trotta)
  • 0e957a7 feat: support typescript types in accessor rules (#19882) (fnx)
  • 2f73a23 test: switch to flat config mode in ast-utils tests (#19948) (Milos Djermanovic)
  • 7863d26 fix: remove outdated types in ParserOptions.ecmaFeatures (#19944) (ntnyq)
  • c565a53 chore: exclude further_reading_links.json from Prettier formatting (#19943) (Milos Djermanovic)
  • 3173305 fix: update execScript message in no-implied-eval rule (#19937) (TKDev7)
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@eslint/js&package-manager=npm_and_yarn&previous-version=9.31.0&new-version=9.32.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 21 +++++++++++++++++---- package.json | 2 +- 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index 70fd7dfd..81344ff0 100644 --- a/package-lock.json +++ b/package-lock.json @@ -62,7 +62,7 @@ }, "devDependencies": { "@cypress/code-coverage": "^3.14.5", - "@eslint/js": "^9.31.0", + "@eslint/js": "^9.32.0", "@istanbuljs/nyc-config-typescript": "^1.0.2", "@rollup/plugin-replace": "^6.0.2", "@shellygo/cypress-test-utils": "^5.0.2", @@ -1274,9 +1274,9 @@ } }, "node_modules/@eslint/js": { - "version": "9.31.0", - "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.31.0.tgz", - "integrity": "sha512-LOm5OVt7D4qiKCqoiPbA7LWmI+tbw1VbTUowBcUMgQSuM6poJufkFkYDcQpo5KfgD39TnNySV26QjOh7VFpSyw==", + "version": "9.32.0", + "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.32.0.tgz", + "integrity": "sha512-BBpRFZK3eX6uMLKz8WxFOBIFFcGFJ/g8XuwjTHCqHROSIsopI+ddn/d5Cfh36+7+e5edVS8dbSHnBNhrLEX0zg==", "dev": true, "license": "MIT", "engines": { @@ -5969,6 +5969,19 @@ "node": "^18.18.0 || ^20.9.0 || >=21.1.0" } }, + "node_modules/eslint/node_modules/@eslint/js": { + "version": "9.31.0", + "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.31.0.tgz", + "integrity": "sha512-LOm5OVt7D4qiKCqoiPbA7LWmI+tbw1VbTUowBcUMgQSuM6poJufkFkYDcQpo5KfgD39TnNySV26QjOh7VFpSyw==", + "dev": true, + "license": "MIT", + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "url": "https://eslint.org/donate" + } + }, "node_modules/eslint/node_modules/brace-expansion": { "version": "1.1.11", "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", diff --git a/package.json b/package.json index 0d3e2ecb..6bdc2322 100644 --- a/package.json +++ b/package.json @@ -93,7 +93,7 @@ }, "devDependencies": { "@cypress/code-coverage": "^3.14.5", - "@eslint/js": "^9.31.0", + "@eslint/js": "^9.32.0", "@istanbuljs/nyc-config-typescript": "^1.0.2", "@rollup/plugin-replace": "^6.0.2", "@shellygo/cypress-test-utils": "^5.0.2", From 1805763ba51f13b82b48cf3a154dbaa18c1fce73 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 28 Jul 2025 16:51:10 +0000 Subject: [PATCH 3/8] chore(deps-dev): Bump eslint from 9.31.0 to 9.32.0 (#1298) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [eslint](https://github.com/eslint/eslint) from 9.31.0 to 9.32.0.
Release notes

Sourced from eslint's releases.

v9.32.0

Features

  • 1245000 feat: support explicit resource management in core rules (#19828) (fnx)
  • 0e957a7 feat: support typescript types in accessor rules (#19882) (fnx)

Bug Fixes

  • 960fd40 fix: Upgrade @​eslint/js (#19971) (Nicholas C. Zakas)
  • bbf23fa fix: Refactor reporting into FileReport (#19877) (Nicholas C. Zakas)
  • d498887 fix: bump @​eslint/plugin-kit to 0.3.4 to resolve vulnerability (#19965) (Milos Djermanovic)
  • f46fc6c fix: report only global references in no-implied-eval (#19932) (Nitin Kumar)
  • 7863d26 fix: remove outdated types in ParserOptions.ecmaFeatures (#19944) (ntnyq)
  • 3173305 fix: update execScript message in no-implied-eval rule (#19937) (TKDev7)

Documentation

  • 86e7426 docs: Update README (GitHub Actions Bot)

Chores

  • 50de1ce chore: package.json update for @​eslint/js release (Jenkins)
  • 74f01a3 ci: unpin jiti to version ^2.5.1 (#19970) (루밀LuMir)
  • 2ab1381 ci: pin jiti to version 2.4.2 (#19964) (Francesco Trotta)
  • b7f7545 test: switch to flat config mode in SourceCode tests (#19953) (Milos Djermanovic)
  • f5a35e3 test: switch to flat config mode in eslint-fuzzer (#19960) (Milos Djermanovic)
  • e22af8c refactor: use CustomRuleDefinitionType in JSRuleDefinition (#19949) (Francesco Trotta)
  • e855717 chore: switch performance tests to hyperfine (#19919) (Francesco Trotta)
  • 2f73a23 test: switch to flat config mode in ast-utils tests (#19948) (Milos Djermanovic)
  • c565a53 chore: exclude further_reading_links.json from Prettier formatting (#19943) (Milos Djermanovic)
Changelog

Sourced from eslint's changelog.

v9.32.0 - July 25, 2025

  • 960fd40 fix: Upgrade @​eslint/js (#19971) (Nicholas C. Zakas)
  • 50de1ce chore: package.json update for @​eslint/js release (Jenkins)
  • bbf23fa fix: Refactor reporting into FileReport (#19877) (Nicholas C. Zakas)
  • 74f01a3 ci: unpin jiti to version ^2.5.1 (#19970) (루밀LuMir)
  • d498887 fix: bump @​eslint/plugin-kit to 0.3.4 to resolve vulnerability (#19965) (Milos Djermanovic)
  • 2ab1381 ci: pin jiti to version 2.4.2 (#19964) (Francesco Trotta)
  • b7f7545 test: switch to flat config mode in SourceCode tests (#19953) (Milos Djermanovic)
  • f5a35e3 test: switch to flat config mode in eslint-fuzzer (#19960) (Milos Djermanovic)
  • f46fc6c fix: report only global references in no-implied-eval (#19932) (Nitin Kumar)
  • 86e7426 docs: Update README (GitHub Actions Bot)
  • e22af8c refactor: use CustomRuleDefinitionType in JSRuleDefinition (#19949) (Francesco Trotta)
  • 1245000 feat: support explicit resource management in core rules (#19828) (fnx)
  • e855717 chore: switch performance tests to hyperfine (#19919) (Francesco Trotta)
  • 0e957a7 feat: support typescript types in accessor rules (#19882) (fnx)
  • 2f73a23 test: switch to flat config mode in ast-utils tests (#19948) (Milos Djermanovic)
  • 7863d26 fix: remove outdated types in ParserOptions.ecmaFeatures (#19944) (ntnyq)
  • c565a53 chore: exclude further_reading_links.json from Prettier formatting (#19943) (Milos Djermanovic)
  • 3173305 fix: update execScript message in no-implied-eval rule (#19937) (TKDev7)
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=eslint&package-manager=npm_and_yarn&previous-version=9.31.0&new-version=9.32.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 52 ++++++++++++----------------------------------- package.json | 2 +- 2 files changed, 14 insertions(+), 40 deletions(-) diff --git a/package-lock.json b/package-lock.json index 81344ff0..216b3ce5 100644 --- a/package-lock.json +++ b/package-lock.json @@ -94,7 +94,7 @@ "cors": "^2.8.5", "cypress": "^14.5.3", "cypress-plugin-tab": "^1.0.5", - "eslint": "^9.31.0", + "eslint": "^9.32.0", "eslint-plugin-react": "^7.37.5", "eslint-plugin-react-hooks": "^5.2.0", "eslint-plugin-react-refresh": "^0.4.20", @@ -1200,9 +1200,9 @@ } }, "node_modules/@eslint/core": { - "version": "0.14.0", - "resolved": "https://registry.npmjs.org/@eslint/core/-/core-0.14.0.tgz", - "integrity": "sha512-qIbV0/JZr7iSDjqAc60IqbLdsj9GDt16xQtWD+B78d/HAlvysGdZZ6rpJHGAc2T0FQx1X6thsSPdnoiGKdNtdg==", + "version": "0.15.1", + "resolved": "https://registry.npmjs.org/@eslint/core/-/core-0.15.1.tgz", + "integrity": "sha512-bkOp+iumZCCbt1K1CmWf0R9pM5yKpDv+ZXtvSyQpudrI9kuFLp+bM2WOPXImuD/ceQuaa8f5pj93Y7zyECIGNA==", "dev": true, "license": "Apache-2.0", "dependencies": { @@ -1296,13 +1296,13 @@ } }, "node_modules/@eslint/plugin-kit": { - "version": "0.3.1", - "resolved": "https://registry.npmjs.org/@eslint/plugin-kit/-/plugin-kit-0.3.1.tgz", - "integrity": "sha512-0J+zgWxHN+xXONWIyPWKFMgVuJoZuGiIFu8yxk7RJjxkzpGmyja5wRFqZIVtjDVOQpV+Rw0iOAjYPE2eQyjr0w==", + "version": "0.3.4", + "resolved": "https://registry.npmjs.org/@eslint/plugin-kit/-/plugin-kit-0.3.4.tgz", + "integrity": "sha512-Ul5l+lHEcw3L5+k8POx6r74mxEYKG5kOb6Xpy2gCRW6zweT6TEhAf8vhxGgjhqrd/VO/Dirhsb+1hNpD1ue9hw==", "dev": true, "license": "Apache-2.0", "dependencies": { - "@eslint/core": "^0.14.0", + "@eslint/core": "^0.15.1", "levn": "^0.4.1" }, "engines": { @@ -5768,9 +5768,9 @@ } }, "node_modules/eslint": { - "version": "9.31.0", - "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.31.0.tgz", - "integrity": "sha512-QldCVh/ztyKJJZLr4jXNUByx3gR+TDYZCRXEktiZoUR3PGy4qCmSbkxcIle8GEwGpb5JBZazlaJ/CxLidXdEbQ==", + "version": "9.32.0", + "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.32.0.tgz", + "integrity": "sha512-LSehfdpgMeWcTZkWZVIJl+tkZ2nuSkyyB9C27MZqFWXuph7DvaowgcTvKqxvpLW1JZIk8PN7hFY3Rj9LQ7m7lg==", "dev": true, "license": "MIT", "dependencies": { @@ -5780,8 +5780,8 @@ "@eslint/config-helpers": "^0.3.0", "@eslint/core": "^0.15.0", "@eslint/eslintrc": "^3.3.1", - "@eslint/js": "9.31.0", - "@eslint/plugin-kit": "^0.3.1", + "@eslint/js": "9.32.0", + "@eslint/plugin-kit": "^0.3.4", "@humanfs/node": "^0.16.6", "@humanwhocodes/module-importer": "^1.0.1", "@humanwhocodes/retry": "^0.4.2", @@ -5956,32 +5956,6 @@ "url": "https://opencollective.com/eslint" } }, - "node_modules/eslint/node_modules/@eslint/core": { - "version": "0.15.1", - "resolved": "https://registry.npmjs.org/@eslint/core/-/core-0.15.1.tgz", - "integrity": "sha512-bkOp+iumZCCbt1K1CmWf0R9pM5yKpDv+ZXtvSyQpudrI9kuFLp+bM2WOPXImuD/ceQuaa8f5pj93Y7zyECIGNA==", - "dev": true, - "license": "Apache-2.0", - "dependencies": { - "@types/json-schema": "^7.0.15" - }, - "engines": { - "node": "^18.18.0 || ^20.9.0 || >=21.1.0" - } - }, - "node_modules/eslint/node_modules/@eslint/js": { - "version": "9.31.0", - "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.31.0.tgz", - "integrity": "sha512-LOm5OVt7D4qiKCqoiPbA7LWmI+tbw1VbTUowBcUMgQSuM6poJufkFkYDcQpo5KfgD39TnNySV26QjOh7VFpSyw==", - "dev": true, - "license": "MIT", - "engines": { - "node": "^18.18.0 || ^20.9.0 || >=21.1.0" - }, - "funding": { - "url": "https://eslint.org/donate" - } - }, "node_modules/eslint/node_modules/brace-expansion": { "version": "1.1.11", "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", diff --git a/package.json b/package.json index 6bdc2322..e1f223d9 100644 --- a/package.json +++ b/package.json @@ -125,7 +125,7 @@ "cors": "^2.8.5", "cypress": "^14.5.3", "cypress-plugin-tab": "^1.0.5", - "eslint": "^9.31.0", + "eslint": "^9.32.0", "eslint-plugin-react": "^7.37.5", "eslint-plugin-react-hooks": "^5.2.0", "eslint-plugin-react-refresh": "^0.4.20", From 2d242c2a47cf3cb1362a6a370e314de006bd97e2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 30 Jul 2025 13:58:44 +0000 Subject: [PATCH 4/8] chore(deps-dev): Bump stylelint from 16.22.0 to 16.23.0 (#1300) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [stylelint](https://github.com/stylelint/stylelint) from 16.22.0 to 16.23.0.
Release notes

Sourced from stylelint's releases.

16.23.0

It adds 5 new rules, 1 option to a rule and fixes 3 bugs. We've turned on the new rules in our standard config.

Changelog

Sourced from stylelint's changelog.

16.23.0 - 2025-07-29

It adds 5 new rules, 1 option to a rule and fixes 3 bugs. We've turned on the new rules in our standard config.

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=stylelint&package-manager=npm_and_yarn&previous-version=16.22.0&new-version=16.23.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 63 ++++++++++++++++++++++------------------------- package.json | 2 +- 2 files changed, 31 insertions(+), 34 deletions(-) diff --git a/package-lock.json b/package-lock.json index 216b3ce5..56cc8241 100644 --- a/package-lock.json +++ b/package-lock.json @@ -104,7 +104,7 @@ "postcss": "^8.5.6", "react-hot-loader": "^4.13.1", "sass": "^1.89.2", - "stylelint": "^16.22.0", + "stylelint": "^16.23.0", "stylelint-config-recommended-scss": "^15.0.1", "stylelint-scss": "^6.12.1", "typescript": "^5.8.3", @@ -1716,14 +1716,11 @@ } }, "node_modules/@keyv/serialize": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/@keyv/serialize/-/serialize-1.0.3.tgz", - "integrity": "sha512-qnEovoOp5Np2JDGonIDL6Ayihw0RhnRh6vxPuHo4RDn1UOzwEo4AeIfpL6UGIrsceWrCMiVPgwRjbHu4vYFc3g==", + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/@keyv/serialize/-/serialize-1.1.0.tgz", + "integrity": "sha512-RlDgexML7Z63Q8BSaqhXdCYNBy/JQnqYIwxofUrNLGCblOMHp+xux2Q8nLMLlPpgHQPoU0Do8Z6btCpRBEqZ8g==", "dev": true, - "license": "MIT", - "dependencies": { - "buffer": "^6.0.3" - } + "license": "MIT" }, "node_modules/@lit-labs/ssr-dom-shim": { "version": "1.3.0", @@ -4244,24 +4241,24 @@ } }, "node_modules/cacheable": { - "version": "1.10.0", - "resolved": "https://registry.npmjs.org/cacheable/-/cacheable-1.10.0.tgz", - "integrity": "sha512-SSgQTAnhd7WlJXnGlIi4jJJOiHzgnM5wRMEPaXAU4kECTAMpBoYKoZ9i5zHmclIEZbxcu3j7yY/CF8DTmwIsHg==", + "version": "1.10.3", + "resolved": "https://registry.npmjs.org/cacheable/-/cacheable-1.10.3.tgz", + "integrity": "sha512-M6p10iJ/VT0wT7TLIGUnm958oVrU2cUK8pQAVU21Zu7h8rbk/PeRtRWrvHJBql97Bhzk3g1N6+2VKC+Rjxna9Q==", "dev": true, "license": "MIT", "dependencies": { - "hookified": "^1.8.2", - "keyv": "^5.3.3" + "hookified": "^1.10.0", + "keyv": "^5.4.0" } }, "node_modules/cacheable/node_modules/keyv": { - "version": "5.3.4", - "resolved": "https://registry.npmjs.org/keyv/-/keyv-5.3.4.tgz", - "integrity": "sha512-ypEvQvInNpUe+u+w8BIcPkQvEqXquyyibWE/1NB5T2BTzIpS5cGEV1LZskDzPSTvNAaT4+5FutvzlvnkxOSKlw==", + "version": "5.4.0", + "resolved": "https://registry.npmjs.org/keyv/-/keyv-5.4.0.tgz", + "integrity": "sha512-TMckyVjEoacG5IteUpUrOBsFORtheqziVyyY2dLUwg1jwTb8u48LX4TgmtogkNl9Y9unaEJ1luj10fGyjMGFOQ==", "dev": true, "license": "MIT", "dependencies": { - "@keyv/serialize": "^1.0.3" + "@keyv/serialize": "^1.1.0" } }, "node_modules/cachedir": { @@ -7239,9 +7236,9 @@ } }, "node_modules/hookified": { - "version": "1.9.1", - "resolved": "https://registry.npmjs.org/hookified/-/hookified-1.9.1.tgz", - "integrity": "sha512-u3pxtGhKjcSXnGm1CX6aXS9xew535j3lkOCegbA6jdyh0BaAjTbXI4aslKstCr6zUNtoCxFGFKwjbSHdGrMB8g==", + "version": "1.11.0", + "resolved": "https://registry.npmjs.org/hookified/-/hookified-1.11.0.tgz", + "integrity": "sha512-aDdIN3GyU5I6wextPplYdfmWCo+aLmjjVbntmX6HLD5RCi/xKsivYEBhnRD+d9224zFf008ZpLMPlWF0ZodYZw==", "dev": true, "license": "MIT" }, @@ -12051,9 +12048,9 @@ } }, "node_modules/stylelint": { - "version": "16.22.0", - "resolved": "https://registry.npmjs.org/stylelint/-/stylelint-16.22.0.tgz", - "integrity": "sha512-SVEMTdjKNV4ollUrIY9ordZ36zHv2/PHzPjfPMau370MlL2VYXeLgSNMMiEbLGRO8RmD2R8/BVUeF2DfnfkC0w==", + "version": "16.23.0", + "resolved": "https://registry.npmjs.org/stylelint/-/stylelint-16.23.0.tgz", + "integrity": "sha512-69T5aS2LUY306ekt1Q1oaSPwz/jaG9HjyMix3UMrai1iEbuOafBe2Dh8xlyczrxFAy89qcKyZWWtc42XLx3Bbw==", "dev": true, "funding": [ { @@ -12080,7 +12077,7 @@ "debug": "^4.4.1", "fast-glob": "^3.3.3", "fastest-levenshtein": "^1.0.16", - "file-entry-cache": "^10.1.1", + "file-entry-cache": "^10.1.3", "global-modules": "^2.0.0", "globby": "^11.1.0", "globjoin": "^0.1.4", @@ -12215,25 +12212,25 @@ } }, "node_modules/stylelint/node_modules/file-entry-cache": { - "version": "10.1.1", - "resolved": "https://registry.npmjs.org/file-entry-cache/-/file-entry-cache-10.1.1.tgz", - "integrity": "sha512-zcmsHjg2B2zjuBgjdnB+9q0+cWcgWfykIcsDkWDB4GTPtl1eXUA+gTI6sO0u01AqK3cliHryTU55/b2Ow1hfZg==", + "version": "10.1.3", + "resolved": "https://registry.npmjs.org/file-entry-cache/-/file-entry-cache-10.1.3.tgz", + "integrity": "sha512-D+w75Ub8T55yor7fPgN06rkCAUbAYw2vpxJmmjv/GDAcvCnv9g7IvHhIZoxzRZThrXPFI2maeY24pPbtyYU7Lg==", "dev": true, "license": "MIT", "dependencies": { - "flat-cache": "^6.1.10" + "flat-cache": "^6.1.12" } }, "node_modules/stylelint/node_modules/flat-cache": { - "version": "6.1.10", - "resolved": "https://registry.npmjs.org/flat-cache/-/flat-cache-6.1.10.tgz", - "integrity": "sha512-B6/v1f0NwjxzmeOhzfXPGWpKBVA207LS7lehaVKQnFrVktcFRfkzjZZ2gwj2i1TkEUMQht7ZMJbABUT5N+V1Nw==", + "version": "6.1.12", + "resolved": "https://registry.npmjs.org/flat-cache/-/flat-cache-6.1.12.tgz", + "integrity": "sha512-U+HqqpZPPXP5d24bWuRzjGqVqUcw64k4nZAbruniDwdRg0H10tvN7H6ku1tjhA4rg5B9GS3siEvwO2qjJJ6f8Q==", "dev": true, "license": "MIT", "dependencies": { - "cacheable": "^1.10.0", + "cacheable": "^1.10.3", "flatted": "^3.3.3", - "hookified": "^1.9.1" + "hookified": "^1.10.0" } }, "node_modules/stylelint/node_modules/ignore": { diff --git a/package.json b/package.json index e1f223d9..f3a4af19 100644 --- a/package.json +++ b/package.json @@ -135,7 +135,7 @@ "postcss": "^8.5.6", "react-hot-loader": "^4.13.1", "sass": "^1.89.2", - "stylelint": "^16.22.0", + "stylelint": "^16.23.0", "stylelint-config-recommended-scss": "^15.0.1", "stylelint-scss": "^6.12.1", "typescript": "^5.8.3", From db93ce1be1ff7b94d86f15f368f2aefac7b26b3a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 6 Aug 2025 13:20:39 +0000 Subject: [PATCH 5/8] chore(deps-dev): Bump sass from 1.89.2 to 1.90.0 (#1304) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [sass](https://github.com/sass/dart-sass) from 1.89.2 to 1.90.0.
Release notes

Sourced from sass's releases.

Dart Sass 1.90.0

To install Sass 1.90.0, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

  • Allow a @forwarded module to be loaded with a configuration when that module has already been loaded with a different configuration and the module doesn't define any variables that would have been configured anyway.

See the full changelog for changes in earlier releases.

Changelog

Sourced from sass's changelog.

1.90.0

  • Allow a @forwarded module to be loaded with a configuration when that module has already been loaded with a different configuration and the module doesn't define any variables that would have been configured anyway.
Commits
  • d6f4f17 Allow unused configurations to go past @forward (#2600)
  • 02fa098 Bump @​types/jest from 29.5.14 to 30.0.0 in /pkg/sass-parser (#2591)
  • 008bbef Update embedded-host-node release pipeline (#2609)
  • d3e1abf Bump jest from 29.7.0 to 30.0.4 in /pkg/sass-parser (#2603)
  • b27c3ae Fix CI by pinning postcss version to 8.5.5 and disable app armor for browser ...
  • a42380f Bump jest-extended from 5.0.3 to 6.0.0 in /pkg/sass-parser (#2587)
  • See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=sass&package-manager=npm_and_yarn&previous-version=1.89.2&new-version=1.90.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 8 ++++---- package.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index 56cc8241..716c6af2 100644 --- a/package-lock.json +++ b/package-lock.json @@ -103,7 +103,7 @@ "istanbul-lib-coverage": "^3.2.2", "postcss": "^8.5.6", "react-hot-loader": "^4.13.1", - "sass": "^1.89.2", + "sass": "^1.90.0", "stylelint": "^16.23.0", "stylelint-config-recommended-scss": "^15.0.1", "stylelint-scss": "^6.12.1", @@ -11430,9 +11430,9 @@ "dev": true }, "node_modules/sass": { - "version": "1.89.2", - "resolved": "https://registry.npmjs.org/sass/-/sass-1.89.2.tgz", - "integrity": "sha512-xCmtksBKd/jdJ9Bt9p7nPKiuqrlBMBuuGkQlkhZjjQk3Ty48lv93k5Dq6OPkKt4XwxDJ7tvlfrTa1MPA9bf+QA==", + "version": "1.90.0", + "resolved": "https://registry.npmjs.org/sass/-/sass-1.90.0.tgz", + "integrity": "sha512-9GUyuksjw70uNpb1MTYWsH9MQHOHY6kwfnkafC24+7aOMZn9+rVMBxRbLvw756mrBFbIsFg6Xw9IkR2Fnn3k+Q==", "dev": true, "license": "MIT", "dependencies": { diff --git a/package.json b/package.json index f3a4af19..f0e7697a 100644 --- a/package.json +++ b/package.json @@ -134,7 +134,7 @@ "istanbul-lib-coverage": "^3.2.2", "postcss": "^8.5.6", "react-hot-loader": "^4.13.1", - "sass": "^1.89.2", + "sass": "^1.90.0", "stylelint": "^16.23.0", "stylelint-config-recommended-scss": "^15.0.1", "stylelint-scss": "^6.12.1", From 4ea195827557cac855d4840115d328f5c5a9cd6a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 6 Aug 2025 17:14:01 +0000 Subject: [PATCH 6/8] chore(deps): Bump tmp from 0.2.3 to 0.2.4 (#1305) Bumps [tmp](https://github.com/raszi/node-tmp) from 0.2.3 to 0.2.4.
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tmp&package-manager=npm_and_yarn&previous-version=0.2.3&new-version=0.2.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/maplibre/maputnik/network/alerts).
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index 716c6af2..1aed1b6b 100644 --- a/package-lock.json +++ b/package-lock.json @@ -12589,10 +12589,11 @@ "license": "MIT" }, "node_modules/tmp": { - "version": "0.2.3", - "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.2.3.tgz", - "integrity": "sha512-nZD7m9iCPC5g0pYmcaxogYKggSfLsdxl8of3Q/oIbqCqLLIO9IAF0GWjX1z9NZRHPiXv8Wex4yDCaZsgEw0Y8w==", + "version": "0.2.4", + "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.2.4.tgz", + "integrity": "sha512-UdiSoX6ypifLmrfQ/XfiawN6hkjSBpCjhKxxZcWlUUmoXLaCKQU0bx4HF/tdDK2uzRuchf1txGvrWBzYREssoQ==", "dev": true, + "license": "MIT", "engines": { "node": ">=14.14" } From 0bbb04e4ff24ecd3bbd83f6ca189f87ed9ffe402 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 7 Aug 2025 13:25:50 +0000 Subject: [PATCH 7/8] chore(deps-dev): Bump @vitejs/plugin-react from 4.7.0 to 5.0.0 (#1306) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react) from 4.7.0 to 5.0.0.
Release notes

Sourced from @​vitejs/plugin-react's releases.

plugin-react@5.0.0

No release notes provided.

plugin-react@5.0.0-beta.0

Use Oxc for react refresh transform in rolldown-vite

When used with rolldown-vite, this plugin now uses Oxc for react refresh transform.

Since this behavior is what @vitejs/plugin-react-oxc did, @vitejs/plugin-react-oxc is now deprecated and the disableOxcRecommendation option is removed.

Also, while @vitejs/plugin-react-oxc used the production JSX transform even for NODE_ENV=development build, @vitejs/plugin-react uses the development JSX transform for NODE_ENV=development build.

Allow processing files in node_modules

The default value of exclude options is now [/\/node_modules\//] to allow processing files in node_modules directory. It was previously [] and files in node_modules was always excluded regardless of the value of exclude option.

react and react-dom is no longer added to resolve.dedupe automatically

Adding values to resolve.dedupe forces Vite to resolve them differently from how Node.js does, which can be confusing and may not be expected. This plugin no longer adds react and react-dom to resolve.dedupe automatically.

If you encounter errors after upgrading, check your package.json for version mismatches in dependencies or devDependencies, as well as your package manager’s configuration. If you prefer the previous behavior, you can manually add react and react-dom to resolve.dedupe.

Remove old babel-plugin-react-compiler support that requires runtimeModule option

runtimeModule option is no longer needed in newer babel-plugin-react-compiler versions. Make sure to use a newer version of babel-plugin-react-compiler that supports target option.

Require Node 20.19+, 22.12+

This plugin now requires Node 20.19+ or 22.12+.

Changelog

Sourced from @​vitejs/plugin-react's changelog.

5.0.0 (2025-08-07)

5.0.0-beta.0 (2025-07-28)

Use Oxc for react refresh transform in rolldown-vite

When used with rolldown-vite, this plugin now uses Oxc for react refresh transform.

Since this behavior is what @vitejs/plugin-react-oxc did, @vitejs/plugin-react-oxc is now deprecated and the disableOxcRecommendation option is removed.

Also, while @vitejs/plugin-react-oxc used the production JSX transform even for NODE_ENV=development build, @vitejs/plugin-react uses the development JSX transform for NODE_ENV=development build.

Allow processing files in node_modules

The default value of exclude options is now [/\/node_modules\//] to allow processing files in node_modules directory. It was previously [] and files in node_modules was always excluded regardless of the value of exclude option.

react and react-dom is no longer added to resolve.dedupe automatically

Adding values to resolve.dedupe forces Vite to resolve them differently from how Node.js does, which can be confusing and may not be expected. This plugin no longer adds react and react-dom to resolve.dedupe automatically.

If you encounter errors after upgrading, check your package.json for version mismatches in dependencies or devDependencies, as well as your package manager’s configuration. If you prefer the previous behavior, you can manually add react and react-dom to resolve.dedupe.

Remove old babel-plugin-react-compiler support that requires runtimeModule option

runtimeModule option is no longer needed in newer babel-plugin-react-compiler versions. Make sure to use a newer version of babel-plugin-react-compiler that supports target option.

Require Node 20.19+, 22.12+

This plugin now requires Node 20.19+ or 22.12+.

Commits
  • 9e4a944 release: plugin-react@5.0.0
  • 61d777d fix(deps): update all non-major dependencies (#670)
  • 7d3a57a release: plugin-react@5.0.0-beta.0
  • 9ffd86d fix(react): use development jsx transform for NODE_ENV=development build (#...
  • 133d786 feat: merge plugin-react-oxc into plugin-react (#609)
  • 26326b3 feat!: support including files in node_modules (#306)
  • 9ce3b22 fix(deps): update all non-major dependencies (#593)
  • cadd7d2 fix!: remove resolve.dedupe (#586)
  • 005f16e refactor!: remove old babel-plugin-react-compiler support (#584)
  • b9efa3f refactor!: bump required node version to 20.19+, 22.12+ and drop CJS build (#...
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@vitejs/plugin-react&package-manager=npm_and_yarn&previous-version=4.7.0&new-version=5.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 18 +++++++++--------- package.json | 2 +- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/package-lock.json b/package-lock.json index 1aed1b6b..6b4f049f 100644 --- a/package-lock.json +++ b/package-lock.json @@ -90,7 +90,7 @@ "@types/string-hash": "^1.1.3", "@types/uuid": "^10.0.0", "@types/wicg-file-system-access": "^2023.10.6", - "@vitejs/plugin-react": "^4.7.0", + "@vitejs/plugin-react": "^5.0.0", "cors": "^2.8.5", "cypress": "^14.5.3", "cypress-plugin-tab": "^1.0.5", @@ -2331,9 +2331,9 @@ } }, "node_modules/@rolldown/pluginutils": { - "version": "1.0.0-beta.27", - "resolved": "https://registry.npmjs.org/@rolldown/pluginutils/-/pluginutils-1.0.0-beta.27.tgz", - "integrity": "sha512-+d0F4MKMCbeVUJwG96uQ4SgAznZNSq93I3V+9NHA4OpvqG8mRCpGdKmK8l/dl02h2CCDHwW2FqilnTyDcAnqjA==", + "version": "1.0.0-beta.30", + "resolved": "https://registry.npmjs.org/@rolldown/pluginutils/-/pluginutils-1.0.0-beta.30.tgz", + "integrity": "sha512-whXaSoNUFiyDAjkUF8OBpOm77Szdbk5lGNqFe6CbVbJFrhCCPinCbRA3NjawwlNHla1No7xvXXh+CpSxnPfUEw==", "dev": true, "license": "MIT" }, @@ -3511,21 +3511,21 @@ } }, "node_modules/@vitejs/plugin-react": { - "version": "4.7.0", - "resolved": "https://registry.npmjs.org/@vitejs/plugin-react/-/plugin-react-4.7.0.tgz", - "integrity": "sha512-gUu9hwfWvvEDBBmgtAowQCojwZmJ5mcLn3aufeCsitijs3+f2NsrPtlAWIR6OPiqljl96GVCUbLe0HyqIpVaoA==", + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/@vitejs/plugin-react/-/plugin-react-5.0.0.tgz", + "integrity": "sha512-Jx9JfsTa05bYkS9xo0hkofp2dCmp1blrKjw9JONs5BTHOvJCgLbaPSuZLGSVJW6u2qe0tc4eevY0+gSNNi0YCw==", "dev": true, "license": "MIT", "dependencies": { "@babel/core": "^7.28.0", "@babel/plugin-transform-react-jsx-self": "^7.27.1", "@babel/plugin-transform-react-jsx-source": "^7.27.1", - "@rolldown/pluginutils": "1.0.0-beta.27", + "@rolldown/pluginutils": "1.0.0-beta.30", "@types/babel__core": "^7.20.5", "react-refresh": "^0.17.0" }, "engines": { - "node": "^14.18.0 || >=16.0.0" + "node": "^20.19.0 || >=22.12.0" }, "peerDependencies": { "vite": "^4.2.0 || ^5.0.0 || ^6.0.0 || ^7.0.0" diff --git a/package.json b/package.json index f0e7697a..481731a5 100644 --- a/package.json +++ b/package.json @@ -121,7 +121,7 @@ "@types/string-hash": "^1.1.3", "@types/uuid": "^10.0.0", "@types/wicg-file-system-access": "^2023.10.6", - "@vitejs/plugin-react": "^4.7.0", + "@vitejs/plugin-react": "^5.0.0", "cors": "^2.8.5", "cypress": "^14.5.3", "cypress-plugin-tab": "^1.0.5", From 727bc7dfae3522ccb32c9a8165c24dbd52c7854f Mon Sep 17 00:00:00 2001 From: Birk Skyum <74932975+birkskyum@users.noreply.github.com> Date: Thu, 7 Aug 2025 20:34:13 +0200 Subject: [PATCH 8/8] Move docker to node 22 (#1309) This unblocks the CI We already use node 22 in the CI most places, I just forgot the Dockerfile, and now that Node 18 is recently EOL it appear to be failing there. ## Launch Checklist - [X] Briefly describe the changes in this PR. - [ ] Link to related issues. - [ ] Include before/after visuals or gifs if this PR includes visual changes. - [ ] Write tests for all new functionality. - [ ] Add an entry to `CHANGELOG.md` under the `## main` section. --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index d000fba8..03904708 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM node:18 as builder +FROM node:22 as builder WORKDIR /maputnik # Only copy package.json to prevent npm install from running on every build