From db93ce1be1ff7b94d86f15f368f2aefac7b26b3a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 6 Aug 2025 13:20:39 +0000
Subject: [PATCH 1/4] chore(deps-dev): Bump sass from 1.89.2 to 1.90.0 (#1304)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [sass](https://github.com/sass/dart-sass) from 1.89.2 to 1.90.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sass/dart-sass/releases">sass's
releases</a>.</em></p>
<blockquote>
<h2>Dart Sass 1.90.0</h2>
<p>To install Sass 1.90.0, download one of the packages below and <a
href="https://katiek2.github.io/path-doc/">add it to your PATH</a>, or
see <a href="https://sass-lang.com/install">the Sass website</a> for
full installation instructions.</p>
<h1>Changes</h1>
<ul>
<li>Allow a <code>@forward</code>ed module to be loaded with a
configuration when that module has already been loaded with a different
configuration <em>and</em> the module doesn't define any variables that
would have been configured anyway.</li>
</ul>
<p>See the <a
href="https://github.com/sass/dart-sass/blob/master/CHANGELOG.md#1900">full
changelog</a> for changes in earlier releases.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/sass/dart-sass/blob/main/CHANGELOG.md">sass's
changelog</a>.</em></p>
<blockquote>
<h2>1.90.0</h2>
<ul>
<li>Allow a <code>@forward</code>ed module to be loaded with a
configuration when that module
has already been loaded with a different configuration <em>and</em> the
module
doesn't define any variables that would have been configured
anyway.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/sass/dart-sass/commit/d6f4f17eef454d870feae0b302d870ffa75beb76"><code>d6f4f17</code></a>
Allow unused configurations to go past <code>@forward</code> (<a
href="https://redirect.github.com/sass/dart-sass/issues/2600">#2600</a>)</li>
<li><a
href="https://github.com/sass/dart-sass/commit/02fa098afa81bbd3ae9bef2549fabab28a6e285a"><code>02fa098</code></a>
Bump <code>@​types/jest</code> from 29.5.14 to 30.0.0 in
/pkg/sass-parser (<a
href="https://redirect.github.com/sass/dart-sass/issues/2591">#2591</a>)</li>
<li><a
href="https://github.com/sass/dart-sass/commit/008bbefad0f5c1dd75fcbd853693b26c7e89b126"><code>008bbef</code></a>
Update embedded-host-node release pipeline (<a
href="https://redirect.github.com/sass/dart-sass/issues/2609">#2609</a>)</li>
<li><a
href="https://github.com/sass/dart-sass/commit/d3e1abf24fdf0663067c9d2750497dbc23bce5a4"><code>d3e1abf</code></a>
Bump jest from 29.7.0 to 30.0.4 in /pkg/sass-parser (<a
href="https://redirect.github.com/sass/dart-sass/issues/2603">#2603</a>)</li>
<li><a
href="https://github.com/sass/dart-sass/commit/b27c3ae9415ba83e3f44c34f6c2847bff1bc3e5d"><code>b27c3ae</code></a>
Fix CI by pinning postcss version to 8.5.5 and disable app armor for
browser ...</li>
<li><a
href="https://github.com/sass/dart-sass/commit/a42380fcf817e8765d1237c1bb5bfbd98ee73ad9"><code>a42380f</code></a>
Bump jest-extended from 5.0.3 to 6.0.0 in /pkg/sass-parser (<a
href="https://redirect.github.com/sass/dart-sass/issues/2587">#2587</a>)</li>
<li>See full diff in <a
href="https://github.com/sass/dart-sass/compare/1.89.2...1.90.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=sass&package-manager=npm_and_yarn&previous-version=1.89.2&new-version=1.90.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 56cc8241..716c6af2 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -103,7 +103,7 @@
         "istanbul-lib-coverage": "^3.2.2",
         "postcss": "^8.5.6",
         "react-hot-loader": "^4.13.1",
-        "sass": "^1.89.2",
+        "sass": "^1.90.0",
         "stylelint": "^16.23.0",
         "stylelint-config-recommended-scss": "^15.0.1",
         "stylelint-scss": "^6.12.1",
@@ -11430,9 +11430,9 @@
       "dev": true
     },
     "node_modules/sass": {
-      "version": "1.89.2",
-      "resolved": "https://registry.npmjs.org/sass/-/sass-1.89.2.tgz",
-      "integrity": "sha512-xCmtksBKd/jdJ9Bt9p7nPKiuqrlBMBuuGkQlkhZjjQk3Ty48lv93k5Dq6OPkKt4XwxDJ7tvlfrTa1MPA9bf+QA==",
+      "version": "1.90.0",
+      "resolved": "https://registry.npmjs.org/sass/-/sass-1.90.0.tgz",
+      "integrity": "sha512-9GUyuksjw70uNpb1MTYWsH9MQHOHY6kwfnkafC24+7aOMZn9+rVMBxRbLvw756mrBFbIsFg6Xw9IkR2Fnn3k+Q==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
diff --git a/package.json b/package.json
index f3a4af19..f0e7697a 100644
--- a/package.json
+++ b/package.json
@@ -134,7 +134,7 @@
     "istanbul-lib-coverage": "^3.2.2",
     "postcss": "^8.5.6",
     "react-hot-loader": "^4.13.1",
-    "sass": "^1.89.2",
+    "sass": "^1.90.0",
     "stylelint": "^16.23.0",
     "stylelint-config-recommended-scss": "^15.0.1",
     "stylelint-scss": "^6.12.1",

From 4ea195827557cac855d4840115d328f5c5a9cd6a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 6 Aug 2025 17:14:01 +0000
Subject: [PATCH 2/4] chore(deps): Bump tmp from 0.2.3 to 0.2.4 (#1305)

Bumps [tmp](https://github.com/raszi/node-tmp) from 0.2.3 to 0.2.4.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/raszi/node-tmp/commit/08fa3abac32b621506512724b28b56b9c4a95846"><code>08fa3ab</code></a>
Update version</li>
<li><a
href="https://github.com/raszi/node-tmp/commit/1cf4ec54180a77a2a95dc1941efa1659774c8787"><code>1cf4ec5</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/raszi/node-tmp/commit/188b25e529496e37adaf1a1d9dccb40019a08b1b"><code>188b25e</code></a>
Fix GHSA-52f5-9888-hmc6</li>
<li><a
href="https://github.com/raszi/node-tmp/commit/73b9fe45bbb40157acdfab8126dd0911de91c8fa"><code>73b9fe4</code></a>
Add test case for GHSA-52f5-9888-hmc6</li>
<li><a
href="https://github.com/raszi/node-tmp/commit/b8e2f29a7575352e49e4882a836aab4bd2ec927f"><code>b8e2f29</code></a>
Remove broken tests</li>
<li><a
href="https://github.com/raszi/node-tmp/commit/2892a027b4d2d3a25d1d08a398bc108a0200857f"><code>2892a02</code></a>
Remove outdated URL</li>
<li><a
href="https://github.com/raszi/node-tmp/commit/f5923182461a89e9de5a7a09c75f410a76979ae7"><code>f592318</code></a>
Reformat package.json</li>
<li><a
href="https://github.com/raszi/node-tmp/commit/995ac8cc45867b44babdf232a1ab0a3bb1d25d95"><code>995ac8c</code></a>
Merge pull request <a
href="https://redirect.github.com/raszi/node-tmp/issues/301">#301</a>
from raszi/dependabot/npm_and_yarn/braces-3.0.3</li>
<li><a
href="https://github.com/raszi/node-tmp/commit/caa758d7b55783c1e9abcb34695fdb9a812c30b7"><code>caa758d</code></a>
Bump braces from 3.0.2 to 3.0.3</li>
<li>See full diff in <a
href="https://github.com/raszi/node-tmp/compare/v0.2.3...v0.2.4">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tmp&package-manager=npm_and_yarn&previous-version=0.2.3&new-version=0.2.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/maplibre/maputnik/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 package-lock.json | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 716c6af2..1aed1b6b 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -12589,10 +12589,11 @@
       "license": "MIT"
     },
     "node_modules/tmp": {
-      "version": "0.2.3",
-      "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.2.3.tgz",
-      "integrity": "sha512-nZD7m9iCPC5g0pYmcaxogYKggSfLsdxl8of3Q/oIbqCqLLIO9IAF0GWjX1z9NZRHPiXv8Wex4yDCaZsgEw0Y8w==",
+      "version": "0.2.4",
+      "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.2.4.tgz",
+      "integrity": "sha512-UdiSoX6ypifLmrfQ/XfiawN6hkjSBpCjhKxxZcWlUUmoXLaCKQU0bx4HF/tdDK2uzRuchf1txGvrWBzYREssoQ==",
       "dev": true,
+      "license": "MIT",
       "engines": {
         "node": ">=14.14"
       }

From 0bbb04e4ff24ecd3bbd83f6ca189f87ed9ffe402 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 7 Aug 2025 13:25:50 +0000
Subject: [PATCH 3/4] chore(deps-dev): Bump @vitejs/plugin-react from 4.7.0 to
 5.0.0 (#1306)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps
[@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react)
from 4.7.0 to 5.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/vitejs/vite-plugin-react/releases"><code>@​vitejs/plugin-react</code>'s
releases</a>.</em></p>
<blockquote>
<h2>plugin-react@5.0.0</h2>
<p>No release notes provided.</p>
<h2>plugin-react@5.0.0-beta.0</h2>
<h3>Use Oxc for react refresh transform in rolldown-vite</h3>
<p>When used with rolldown-vite, this plugin now uses Oxc for react
refresh transform.</p>
<p>Since this behavior is what <code>@vitejs/plugin-react-oxc</code>
did, <code>@vitejs/plugin-react-oxc</code> is now deprecated and the
<code>disableOxcRecommendation</code> option is removed.</p>
<p>Also, while <code>@vitejs/plugin-react-oxc</code> used the production
JSX transform even for <code>NODE_ENV=development</code> build,
<code>@vitejs/plugin-react</code> uses the development JSX transform for
<code>NODE_ENV=development</code> build.</p>
<h3>Allow processing files in <code>node_modules</code></h3>
<p>The default value of <code>exclude</code> options is now
<code>[/\/node_modules\//]</code> to allow processing files in
<code>node_modules</code> directory. It was previously <code>[]</code>
and files in <code>node_modules</code> was always excluded regardless of
the value of <code>exclude</code> option.</p>
<h3><code>react</code> and <code>react-dom</code> is no longer added to
<a
href="https://vite.dev/config/#resolve-dedupe"><code>resolve.dedupe</code></a>
automatically</h3>
<p>Adding values to <code>resolve.dedupe</code> forces Vite to resolve
them differently from how Node.js does, which can be confusing and may
not be expected. This plugin no longer adds <code>react</code> and
<code>react-dom</code> to <code>resolve.dedupe</code> automatically.</p>
<p>If you encounter errors after upgrading, check your package.json for
version mismatches in <code>dependencies</code> or
<code>devDependencies</code>, as well as your package manager’s
configuration. If you prefer the previous behavior, you can manually add
<code>react</code> and <code>react-dom</code> to
<code>resolve.dedupe</code>.</p>
<h3>Remove old <code>babel-plugin-react-compiler</code> support that
requires <code>runtimeModule</code> option</h3>
<p><code>runtimeModule</code> option is no longer needed in newer
<code>babel-plugin-react-compiler</code> versions. Make sure to use a
newer version of <code>babel-plugin-react-compiler</code> that supports
<code>target</code> option.</p>
<h3>Require Node 20.19+, 22.12+</h3>
<p>This plugin now requires Node 20.19+ or 22.12+.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react/CHANGELOG.md"><code>@​vitejs/plugin-react</code>'s
changelog</a>.</em></p>
<blockquote>
<h2>5.0.0 (2025-08-07)</h2>
<h2>5.0.0-beta.0 (2025-07-28)</h2>
<h3>Use Oxc for react refresh transform in rolldown-vite</h3>
<p>When used with rolldown-vite, this plugin now uses Oxc for react
refresh transform.</p>
<p>Since this behavior is what <code>@vitejs/plugin-react-oxc</code>
did, <code>@vitejs/plugin-react-oxc</code> is now deprecated and the
<code>disableOxcRecommendation</code> option is removed.</p>
<p>Also, while <code>@vitejs/plugin-react-oxc</code> used the production
JSX transform even for <code>NODE_ENV=development</code> build,
<code>@vitejs/plugin-react</code> uses the development JSX transform for
<code>NODE_ENV=development</code> build.</p>
<h3>Allow processing files in <code>node_modules</code></h3>
<p>The default value of <code>exclude</code> options is now
<code>[/\/node_modules\//]</code> to allow processing files in
<code>node_modules</code> directory. It was previously <code>[]</code>
and files in <code>node_modules</code> was always excluded regardless of
the value of <code>exclude</code> option.</p>
<h3><code>react</code> and <code>react-dom</code> is no longer added to
<a
href="https://vite.dev/config/#resolve-dedupe"><code>resolve.dedupe</code></a>
automatically</h3>
<p>Adding values to <code>resolve.dedupe</code> forces Vite to resolve
them differently from how Node.js does, which can be confusing and may
not be expected. This plugin no longer adds <code>react</code> and
<code>react-dom</code> to <code>resolve.dedupe</code> automatically.</p>
<p>If you encounter errors after upgrading, check your package.json for
version mismatches in <code>dependencies</code> or
<code>devDependencies</code>, as well as your package manager’s
configuration. If you prefer the previous behavior, you can manually add
<code>react</code> and <code>react-dom</code> to
<code>resolve.dedupe</code>.</p>
<h3>Remove old <code>babel-plugin-react-compiler</code> support that
requires <code>runtimeModule</code> option</h3>
<p><code>runtimeModule</code> option is no longer needed in newer
<code>babel-plugin-react-compiler</code> versions. Make sure to use a
newer version of <code>babel-plugin-react-compiler</code> that supports
<code>target</code> option.</p>
<h3>Require Node 20.19+, 22.12+</h3>
<p>This plugin now requires Node 20.19+ or 22.12+.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/vitejs/vite-plugin-react/commit/9e4a94428dae6d39ccc13e0220f2abc7a76aeb5e"><code>9e4a944</code></a>
release: plugin-react@5.0.0</li>
<li><a
href="https://github.com/vitejs/vite-plugin-react/commit/61d777ddc8524256f890f43a2a78dbfbfd1e97ac"><code>61d777d</code></a>
fix(deps): update all non-major dependencies (<a
href="https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react/issues/670">#670</a>)</li>
<li><a
href="https://github.com/vitejs/vite-plugin-react/commit/7d3a57aa97961aea9998105ba0512f9beae1bbff"><code>7d3a57a</code></a>
release: plugin-react@5.0.0-beta.0</li>
<li><a
href="https://github.com/vitejs/vite-plugin-react/commit/9ffd86df3c0cfc2060669cac7cc0b86144158b1b"><code>9ffd86d</code></a>
fix(react): use development jsx transform for
<code>NODE_ENV=development</code> build (#...</li>
<li><a
href="https://github.com/vitejs/vite-plugin-react/commit/133d7865f42aa3376b5d3119fdb6a71eaf600275"><code>133d786</code></a>
feat: merge <code>plugin-react-oxc</code> into <code>plugin-react</code>
(<a
href="https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react/issues/609">#609</a>)</li>
<li><a
href="https://github.com/vitejs/vite-plugin-react/commit/26326b36f1fd191ebee3e05294cd1c0fe6d8bc76"><code>26326b3</code></a>
feat!: support including files in node_modules (<a
href="https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react/issues/306">#306</a>)</li>
<li><a
href="https://github.com/vitejs/vite-plugin-react/commit/9ce3b22e4bc7db28f549b9c9b9195d2bd82ff736"><code>9ce3b22</code></a>
fix(deps): update all non-major dependencies (<a
href="https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react/issues/593">#593</a>)</li>
<li><a
href="https://github.com/vitejs/vite-plugin-react/commit/cadd7d22a772b7442cd57ab428592efba532e41a"><code>cadd7d2</code></a>
fix!: remove <code>resolve.dedupe</code> (<a
href="https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react/issues/586">#586</a>)</li>
<li><a
href="https://github.com/vitejs/vite-plugin-react/commit/005f16e6e9ac5dad01ed8cb029cc586f8f60c27a"><code>005f16e</code></a>
refactor!: remove old <code>babel-plugin-react-compiler</code> support
(<a
href="https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react/issues/584">#584</a>)</li>
<li><a
href="https://github.com/vitejs/vite-plugin-react/commit/b9efa3fb356f687d25dce370f9f756cf370280dc"><code>b9efa3f</code></a>
refactor!: bump required node version to 20.19+, 22.12+ and drop CJS
build (#...</li>
<li>Additional commits viewable in <a
href="https://github.com/vitejs/vite-plugin-react/commits/plugin-react@5.0.0/packages/plugin-react">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@vitejs/plugin-react&package-manager=npm_and_yarn&previous-version=4.7.0&new-version=5.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 package-lock.json | 18 +++++++++---------
 package.json      |  2 +-
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 1aed1b6b..6b4f049f 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -90,7 +90,7 @@
         "@types/string-hash": "^1.1.3",
         "@types/uuid": "^10.0.0",
         "@types/wicg-file-system-access": "^2023.10.6",
-        "@vitejs/plugin-react": "^4.7.0",
+        "@vitejs/plugin-react": "^5.0.0",
         "cors": "^2.8.5",
         "cypress": "^14.5.3",
         "cypress-plugin-tab": "^1.0.5",
@@ -2331,9 +2331,9 @@
       }
     },
     "node_modules/@rolldown/pluginutils": {
-      "version": "1.0.0-beta.27",
-      "resolved": "https://registry.npmjs.org/@rolldown/pluginutils/-/pluginutils-1.0.0-beta.27.tgz",
-      "integrity": "sha512-+d0F4MKMCbeVUJwG96uQ4SgAznZNSq93I3V+9NHA4OpvqG8mRCpGdKmK8l/dl02h2CCDHwW2FqilnTyDcAnqjA==",
+      "version": "1.0.0-beta.30",
+      "resolved": "https://registry.npmjs.org/@rolldown/pluginutils/-/pluginutils-1.0.0-beta.30.tgz",
+      "integrity": "sha512-whXaSoNUFiyDAjkUF8OBpOm77Szdbk5lGNqFe6CbVbJFrhCCPinCbRA3NjawwlNHla1No7xvXXh+CpSxnPfUEw==",
       "dev": true,
       "license": "MIT"
     },
@@ -3511,21 +3511,21 @@
       }
     },
     "node_modules/@vitejs/plugin-react": {
-      "version": "4.7.0",
-      "resolved": "https://registry.npmjs.org/@vitejs/plugin-react/-/plugin-react-4.7.0.tgz",
-      "integrity": "sha512-gUu9hwfWvvEDBBmgtAowQCojwZmJ5mcLn3aufeCsitijs3+f2NsrPtlAWIR6OPiqljl96GVCUbLe0HyqIpVaoA==",
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/@vitejs/plugin-react/-/plugin-react-5.0.0.tgz",
+      "integrity": "sha512-Jx9JfsTa05bYkS9xo0hkofp2dCmp1blrKjw9JONs5BTHOvJCgLbaPSuZLGSVJW6u2qe0tc4eevY0+gSNNi0YCw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@babel/core": "^7.28.0",
         "@babel/plugin-transform-react-jsx-self": "^7.27.1",
         "@babel/plugin-transform-react-jsx-source": "^7.27.1",
-        "@rolldown/pluginutils": "1.0.0-beta.27",
+        "@rolldown/pluginutils": "1.0.0-beta.30",
         "@types/babel__core": "^7.20.5",
         "react-refresh": "^0.17.0"
       },
       "engines": {
-        "node": "^14.18.0 || >=16.0.0"
+        "node": "^20.19.0 || >=22.12.0"
       },
       "peerDependencies": {
         "vite": "^4.2.0 || ^5.0.0 || ^6.0.0 || ^7.0.0"
diff --git a/package.json b/package.json
index f0e7697a..481731a5 100644
--- a/package.json
+++ b/package.json
@@ -121,7 +121,7 @@
     "@types/string-hash": "^1.1.3",
     "@types/uuid": "^10.0.0",
     "@types/wicg-file-system-access": "^2023.10.6",
-    "@vitejs/plugin-react": "^4.7.0",
+    "@vitejs/plugin-react": "^5.0.0",
     "cors": "^2.8.5",
     "cypress": "^14.5.3",
     "cypress-plugin-tab": "^1.0.5",

From 727bc7dfae3522ccb32c9a8165c24dbd52c7854f Mon Sep 17 00:00:00 2001
From: Birk Skyum <74932975+birkskyum@users.noreply.github.com>
Date: Thu, 7 Aug 2025 20:34:13 +0200
Subject: [PATCH 4/4] Move docker to node 22 (#1309)

This unblocks the CI

We already use node 22 in the CI most places, I just forgot the
Dockerfile, and now that Node 18 is recently EOL it appear to be failing
there.

## Launch Checklist

<!-- Thanks for the PR! Feel free to add or remove items from the
checklist. -->


 - [X] Briefly describe the changes in this PR.
 - [ ] Link to related issues.
- [ ] Include before/after visuals or gifs if this PR includes visual
changes.
 - [ ] Write tests for all new functionality.
 - [ ] Add an entry to `CHANGELOG.md` under the `## main` section.
---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index d000fba8..03904708 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM node:18 as builder
+FROM node:22 as builder
 WORKDIR /maputnik
 
 # Only copy package.json to prevent npm install from running on every build