Bump the npm-bump group across 1 directory with 24 updates

[dependabot]

Bumps the npm-bump group with 24 updates in the /frontend directory:

Package	From	To
@marsidev/react-turnstile	1.3.1	1.4.2
@reduxjs/toolkit	2.11.0	2.11.2
@uiw/react-md-editor	4.0.8	4.0.11
react	19.2.0	19.2.4
@types/react	19.2.7	19.2.14
react-dom	19.2.0	19.2.4
react-hook-form	7.67.0	7.71.2
react-router	7.9.6	7.13.1
zod	4.1.13	4.3.6
@rtk-query/codegen-openapi	2.1.0	2.2.0
@trivago/prettier-plugin-sort-imports	6.0.0	6.0.2
css-loader	7.1.2	7.1.4
dotenv	17.2.3	17.3.1
eslint-plugin-prettier	5.5.4	5.5.5
eslint-plugin-react-refresh	0.4.24	0.5.2
eslint-plugin-svg-jsx	1.2.4	1.3.0
html-webpack-plugin	5.6.5	5.6.6
mini-css-extract-plugin	2.9.4	2.10.0
sass	1.94.2	1.97.3
sass-loader	16.0.6	16.0.7
typescript-eslint	8.48.0	8.56.1
webpack	5.103.0	5.105.3
webpack-bundle-analyzer	5.1.0	5.2.0
webpack-dev-server	5.2.2	5.2.3

Updates @marsidev/react-turnstile from 1.3.1 to 1.4.2

Release notes

Sourced from @​marsidev/react-turnstile's releases.

v1.4.2

   🐞 Bug Fixes

• FeedbackEnabled option cannot be set to false  -  by @​lenstr (42035)

    View changes on GitHub

v1.4.1

   🐞 Bug Fixes

• Prevent race condition when loading Turnstile script  -  by @​marsidev in marsidev/react-turnstile#116 (200c6)

    View changes on GitHub

v1.4.0

What's Changed

• Upgrade Dependencies by @​marsidev in marsidev/react-turnstile#115

    View changes on GitHub

Commits

• 3c270c7 chore: release v1.4.2
• 0fc17a7 Merge pull request #120 from lenstr/fix/feedback-enabled-false
• 420358c fix: feedbackEnabled option cannot be set to false
• eaa1541 refactor: lint & format code
• 93a60c7 chore(tests): fix e2e tests
• 13bee79 chore(demo): upgrade tailwind
• a06a6d1 chore: update deps
• 3e9e3a2 chore: release v1.4.1
• 62458d0 Merge pull request #118 from marsidev/116-bug-turnstile-widget-is-not-display...
• 200c6ca fix: prevent race condition when loading Turnstile script (#116)
• Additional commits viewable in compare view

Updates @reduxjs/toolkit from 2.11.0 to 2.11.2

Release notes

Sourced from @​reduxjs/toolkit's releases.

v2.11.2

This bugfix release updates the AbortSignal handling to fall back if DOMException isn't available (such as RN environments), and updates the TypedUseInfiniteQueryHookResult type to correctly include fetchNextPage/fetchPreviousPage fields.

Changelog

Bugfixes

The AbortSignal changes in 2.11.1 used DOMException in a couple places to match the expected behavior of AbortSignal, but turns out that's not available in environments like React Native. We've updated the logic to fall back to a plain Error if DOMException isn't available.

The TypedUseInfiniteQueryHookResult type wasn't correctly including the fetchNextPage/fetchPreviousPage fields, and now it does.

What's Changed

• fix: use a normal Error when DOMException isn't available by @​EskiMojo14 in reduxjs/redux-toolkit#5161
• Include page functions in TypedUseInfiniteQueryHookResult by @​markerikson in reduxjs/redux-toolkit#5165

Full Changelog: reduxjs/redux-toolkit@v2.11.1...v2.11.2

v2.11.1

This bugfix release fixes an issue with our internal AbortSignal handling that was reported as causing an error in a rare reset situation. We've also restructured our publishing process to use NPM Trusted Publishing, and updated our TS support matrix to only support TS 5.4+.

Changelog

Publishing Changes

We've previously done most of our releases semi-manually locally, with various release process CLI tools. With the changes to NPM publishing security and the recent wave of NPM attacks, we've updated our publishing process to solely use NPM Trusted Publishing via workflows. We've also done a hardening pass on our own CI setup.

We had done a couple releases via CI workflows previously, and later semi-manual releases caused PNPM to warn that RTK was no longer trusted. This release should be trusted and will resolve that issue.

Thanks to the e18e folks and their excellent guide at https://e18e.dev/docs/publishing for making this process easier!

TS Support Matrix Updates

We've previously mentioned rolling changes to our TS support matrix in release notes, but didn't officially document our support policy. We've added a description of the support policy (last 2 years of TS releases, matching DefinitelyTyped) and the current oldest TS version we support in the docs:

• https://redux-toolkit.js.org/introduction/getting-started#typescript
• https://redux-toolkit.js.org/usage/usage-with-typescript#introduction

As of today, we've updated the support matrix to be TS 5.4+ . As always, it's possible RTK will work if you're using an earlier version of TS, but we don't test against earlier versions and don't support any issues with those versions.

We have run an initial test with the upcoming TS 7.0 native tsgo release. We found a couple minor issues with our own TS build and test setup, but no obvious issues with using RTK with TS 7.0.

Bug Fixes

A user reported a rare edge case where the combination of resetApiState and retry() could lead to an error calling an AbortController. We've restructured our AbortController handling logic to avoid that (and simplified a bit of our internals in the process).

What's Changed

• Use trusted publishing and harden workflows by @​markerikson in reduxjs/redux-toolkit#5152

... (truncated)

Commits

• 646d54c Release 2.11.2
• 819b29c Include page functions in TypedUseInfiniteQueryHookResult (#5165)
• 9af97ca fix: use a normal Error when DOMException isn't available (#5161)
• 3615d1a Merge pull request #5120 from reduxjs/vitest-bumps
• fae3b95 avoid excessive type instantiation
• d296e33 fix type issue with RTKQ and reselect
• 9ce71b9 add node to types field
• d14d427 remove unused tests
• 324dd05 bump vite to match
• b0887c4 bump to vitest v4
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​reduxjs/toolkit since your current version.

Updates @uiw/react-md-editor from 4.0.8 to 4.0.11

Release notes

Sourced from @​uiw/react-md-editor's releases.

v4.0.11

Documentation v4.0.11: https://raw.githack.com/uiwjs/react-md-editor/2383fb1/index.html
Comparing Changes: uiwjs/react-md-editor@v4.0.10...v4.0.11

npm i @uiw/react-md-editor@4.0.11

• 📖 doc: update core/README.md. 86fc092 @​github-actions-bot
• 🆎 type: fix nohighlight typescript declaration (#699) 6dfb534 @​Stopa

v4.0.10

Documentation v4.0.10: https://raw.githack.com/uiwjs/react-md-editor/827c15c/index.html
Comparing Changes: uiwjs/react-md-editor@v4.0.9...v4.0.10

npm i @uiw/react-md-editor@4.0.10

• 🐞 fix: expose utility functions in nohighlight entrypoint (#698) a155c57 @​Stopa

v4.0.9

Documentation v4.0.9: https://raw.githack.com/uiwjs/react-md-editor/3e3a622/index.html
Comparing Changes: uiwjs/react-md-editor@v4.0.8...v4.0.9

npm i @uiw/react-md-editor@4.0.9

• 🆎 type: fix type issue. a3b65db @​jaywcjlove
• 🌍 website: resolve build error by fixing cytoscape module export issue. da1f419 @​jaywcjlove
• 🐞 fix: resolve build error by fixing cytoscape module export issue. 36dfb65 @​jaywcjlove
• 🐞 fix: add --no-border-checks to map:safe script for CI compatibility a51cde9 @​jaywcjlove
• 📖 doc: add example. #695 5604e13 @​jaywcjlove
• 🌟 feat: Export keyboard handlers and add documentation for headless mode (#697) ae03f17 @​Stopa

Commits

• 2cf10e6 released v4.0.11 #699
• 6dfb534 type: fix nohighlight typescript declaration (#699)
• 86fc092 doc: update core/README.md.
• 1ac19cb released v4.0.10 (#698)
• 7b196b3 doc: update core/README.md.
• a155c57 fix: expose utility functions in nohighlight entrypoint (#698)
• 8baee5b released v4.0.9 #697
• a96b9e9 doc: update core/README.md.
• ae03f17 feat: Export keyboard handlers and add documentation for headless mode (#697)
• 5604e13 doc: add example. #695
• Additional commits viewable in compare view

Updates react from 19.2.0 to 19.2.4

Release notes

Sourced from react's releases.

19.2.4 (January 26th, 2026)

React Server Components

• Add more DoS mitigations to Server Actions, and harden Server Components (#35632 by @​gnoff, @​lubieowoce, @​sebmarkbage, @​unstubbable)

19.2.3 (December 11th, 2025)

React Server Components

• Add extra loop protection to React Server Functions (@​sebmarkbage #35351)

19.2.2 (December 11th, 2025)

React Server Components

• Move react-server-dom-webpack/*.unbundled to private react-server-dom-unbundled (@​eps1lon facebook/react#35290)
• Patch Promise cycles and toString on Server Functions (@​sebmarkbage, @​unstubbable #35289, #35345)

19.2.1 (December 3rd, 2025)

React Server Components

• Bring React Server Component fixes to Server Actions (@​sebmarkbage #35277)

Changelog

Sourced from react's changelog.

19.2.1 (Dec 3, 2025)

React Server Components

• Bring React Server Component fixes to Server Actions (@​sebmarkbage #35277)

Commits

• 90ab3f8 Version 19.2.4
• 612e371 Version 19.2.3
• b910fc1 Version 19.2.2
• 053df4e Version 19.2.1
• See full diff in compare view

Updates @types/react from 19.2.7 to 19.2.14

Commits

• See full diff in compare view

Updates react-dom from 19.2.0 to 19.2.4

Release notes

Sourced from react-dom's releases.

19.2.4 (January 26th, 2026)

React Server Components

• Add more DoS mitigations to Server Actions, and harden Server Components (#35632 by @​gnoff, @​lubieowoce, @​sebmarkbage, @​unstubbable)

19.2.3 (December 11th, 2025)

React Server Components

• Add extra loop protection to React Server Functions (@​sebmarkbage #35351)

19.2.2 (December 11th, 2025)

React Server Components

• Move react-server-dom-webpack/*.unbundled to private react-server-dom-unbundled (@​eps1lon facebook/react#35290)
• Patch Promise cycles and toString on Server Functions (@​sebmarkbage, @​unstubbable #35289, #35345)

19.2.1 (December 3rd, 2025)

React Server Components

• Bring React Server Component fixes to Server Actions (@​sebmarkbage #35277)

Changelog

Sourced from react-dom's changelog.

19.2.1 (Dec 3, 2025)

React Server Components

• Bring React Server Component fixes to Server Actions (@​sebmarkbage #35277)

Commits

• 90ab3f8 Version 19.2.4
• 612e371 Version 19.2.3
• b910fc1 Version 19.2.2
• 053df4e Version 19.2.1
• See full diff in compare view

Updates react-hook-form from 7.67.0 to 7.71.2

Release notes

Sourced from react-hook-form's releases.

Version 7.71.2

🕵️‍♂️ fix: use DeepPartialSkipArrayKey for WatchObserver value parameter (#13278) 🧹 fix(clearErrors): emit name signal for targeted field updates (#13280)

thanks to @​veeceey, @​kaigritun, @​pgoslatara & @​seongbiny

Version v7.71.1

🐞 fix #13250 issue with booleans_as_integers (#13252)

Version 7.71.0

⚡ perf: memoize FormProvider context value to prevent unnecessary rerenders (#13235) 🚄 perf: separate control context to prevent unnecessary rerenders (#13234) 🐞 fix: update isValid when field disabled state changes (#13231) 👌 chore: optimize bundle size via safe terser options (#13243) (#13244)

thanks to @​kamja44, @​a28689604 & @​newsiberian

Version 7.70.0

✅ watch type improvement (#13228) 🐞 fix: prevent field array ghost elements with keepDirtyValues (#13188) 🐞 fix: improve invalid date handling in deepEqual and validation (#13230) 🐞 fix(types): handle branded types correctly in DeepPartial (#13222) 🐞 fix native validation focus issue (#13220) 🐞 change spread operator to set name with depricated names prop, then override with new name prop is supplied (#13214) 🐞 fix: prevent duplicate subscription trigger in setValue (#13206) (#13209) 👌 chore: fix lib type check include tests (#13229)

thanks to @​EdwardEB, @​constantly-dev & @​a28689604

🎄 Version 7.69.0

📏 feat: align API with useWatch (#13192) 🤦🏻‍♂️ chore: update @​deprecated names prop on (#13198) 🏥 chore: safely call function methods on elements (#13190) 🪖 chore: cve-2025-67779 (#13196) 🪖 chore: cve-2025-55184 & cve-2025-55183 (#13194) 🪖 chore: CVE-2025-55182 Critical RCE vulnerabilty (#13175) 🔬 test: add regression tests for #12837 and #13136 (#13187) 🐞 fix(reset): preserve isValid state when keepIsValid option is used (#13173) 🐞 fix: ensure each createFormControl.subscribe subscription listens only to the changes it subscribes to (#12968) 🐞 fix(validation): batch isValidating state updates with validation result (#13181) 🐞 fix(createFormControl): resolve race condition between setError and setFocus (#13138) (#13169) 🧿 fix control prop type (#13189) 🔔 chore: clean cloneObject logic (#13179)

thanks to @​PierreCrb, @​a28689604, @​AnuragM7666, @​ap0nia, @​dusan233 & @​hlongc

Version 7.68.0

🎧 feat: <FormStateSubscribe /> component (#13142)

... (truncated)

Commits

• 85684f9 7.71.2
• 4933dcc 🧹 fix(clearErrors): emit name signal for targeted field updates (#13280)
• 319b3ed 🕵️‍♂️ fix: use DeepPartialSkipArrayKey for WatchObserver value parameter (#13...
• 0e04ad3 🏋️‍♀️ chore: Update outdated GitHub Actions versions (#13274)
• 3adba2b ✅ test: add unit tests for update utility (#13268)
• 51589c5 7.71.1
• fc57a62 🐞 fix #13250 issue with booleans_as_integers (#13252)
• 195139d 7.71.0
• e26f886 👌 chore: optimize bundle size via safe terser options (#13243) (#13244)
• 17c85ed 🚄 perf: separate control context to prevent unnecessary rerenders (#13234)
• Additional commits viewable in compare view

Updates react-router from 7.9.6 to 7.13.1

Release notes

Sourced from react-router's releases.

v7.13.1

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7131

v7.13.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7130

v7.12.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7120

v7.11.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7110

v7.10.1

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7101

v7.10.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7100

Changelog

Sourced from react-router's changelog.

7.13.1

Patch Changes

• fix null reference exception in bad codepath leading to invalid route tree comparisons (#14780)

• fix: clear timeout when turbo-stream encoding completes (#14810)

• Improve error message when Origin header is invalid (#14743)

• Fix matchPath optional params matching without a "/" separator. (#14689)

  • matchPath("/users/:id?", "/usersblah") now returns null.
  • matchPath("/test_route/:part?", "/test_route_more") now returns null.

• add RSC unstable_getRequest (#14758)

• Fix HydrateFallback rendering during initial lazy route discovery with matching splat route (#14740)

• [UNSTABLE] Add support for <Link unstable_mask> in Data Mode which allows users to navigate to a URL in the router but "mask" the URL displayed in the browser. This is useful for contextual routing usages such as displaying an image in a model on top of a gallery, but displaying a browser URL directly to the image that can be shared and loaded without the contextual gallery in the background. (#14716)

  // routes/gallery.tsx
  export function clientLoader({ request }: Route.LoaderArgs) {
    let sp = new URL(request.url).searchParams;
    return {
      images: getImages(),
      // When the router location has the image param, load the modal data
      modalImage: sp.has("image") ? getImage(sp.get("image")!) : null,
    };
  }
  export default function Gallery({ loaderData }: Route.ComponentProps) {
  return (
  <>
  <GalleryGrid>
  {loaderData.images.map((image) => (
  <Link
  key={image.id}
  {/* Navigate the router to /galley?image=N /}}
  to={/gallery?image=${image.id}}
  {/ But display /images/N in the URL bar */}}
  unstable_mask={/images/${image.id}}
  >
  <img src={image.url} alt={image.alt} />
  </Link>
  ))}
  </GalleryGrid>
    {/* When the modal data exists, display the modal */}
    {data.modalImage ? (

... (truncated)

Commits

• aa3f078 chore: Update version for release (#14829)
• 3207a5c chore: Update version for release (pre) (#14814)
• aa93af3 Merge branch 'main' into release-next
• db7eb57 Fix manifest version mismatch reload losing query parameters and hash (#14813)
• 2994019 Add support for <Link unstable_mask> (#14716)
• 6dda561 fix: clear timeout when turbo-stream encoding completes (#14735) (#14810)
• 407d885 Revert "fix: clear timeout when turbo-stream encoding completes (#14735)" (#1...
• 11a1600 Fix meta function API reference URL (#14808)
• 44991a9 fix: clear timeout when turbo-stream encoding completes (#14735)
• b66e632 Fix hydrate fallback rendering during initial lazy route discovery (#14740)
• Additional commits viewable in compare view

Updates zod from 4.1.13 to 4.3.6

Release notes

Sourced from zod's releases.

v4.3.6

Commits:

• 9977fb0868432461de265a773319e80a90ba3e37 Add brand.dev to sponsors
• f4b7bae3468f6188b8f004e007d722148fc91d77 Update pullfrog.yml (#5634)
• 251d7163a0ac7740fee741428d913e3c55702ace Clean up workflow_call
• edd4132466da0f5065a8e051b599d01fdd1081d8 fix: add missing User-agent to robots.txt and allow all (#5646)
• 85db85e9091d0706910d60c7eb2e9c181edd87bd fix: typo in codec.test.ts file (#5628)
• cbf77bb12bdfda2e054818e79001f5cb3798ce76 Avoid non null assertion (#5638)
• dfbbf1c1ae0c224b8131d80ddf0a264262144086 Avoid re-exported star modules (#5656)
• 762e911e5773f949452fd6dd4e360f2362110e8e Generalize numeric key handling
• ca3c8629c0c2715571f70b44c2433cad3db7fe4e v4.3.6

v4.3.5

Commits:

• 21afffdb42ccab554036312e33fed0ea3cb8f982 [Docs] Update migration guide docs for deprecation of message (#5595)
• e36743e513aadb307b29949a80d6eb0dcc8fc278 Improve mini treeshaking
• 0cdc0b8597999fd9ca99767b912c1e82c1ff2d6c 4.3.5

v4.3.4

Commits:

• 1a8bea3b474eada6f219c163d0d3ad09fadabe72 Add integration tests
• e01cd02b2f23d7e9078d3813830b146f8a2258b4 Support patternProperties for looserecord (#5592)
• 089e5fbb0f58ce96d2c4fb34cd91724c78df4af5 Improve looseRecord docs
• decef9c418d9a598c3f1bada06891ba5d922c5cd Fix lint
• 9443aab00d44d5d5f4a7eada65fc0fc851781042 Drop iso time in fromJSONSchema
• 66bda7491a1b9eab83bdeec0c12f4efc7290bd48 Remove .refine() from ZodMiniType
• b4ab94ca608cd5b581bfc12b20dd8d95b35b3009 4.3.4

v4.3.3

Commits:

• f3b2151959d215d405f54dff3c7ab3bf1fd887ca v4.3.3

v4.3.2

Commits:

• bf96635d243118de6e4f260077aa137453790bf6 Loosen strictObjectinside intersection (#5587)
• f71dc0182ab0f0f9a6be6295b07faca269e10179 Remove Juno (#5590)
• 0f41e5a12a43e6913c9dcb501b2b5136ea86500d 4.3.2

v4.3.1

Commits:

• 0fe88407a4149c907929b757dc6618d8afe998fc allow non-overwriting extends with refinements. 4.3.1

v4.3.0

This is Zod's biggest release since 4.0. It addresses several of Zod's longest-standing feature requests.

... (truncated)

Commits

• ca3c862 v4.3.6
• 762e911 Generalize numeric key handling
• dfbbf1c Avoid re-exported star modules (#5656)
• cbf77bb Avoid non null assertion (#5638)
• 85db85e fix: typo in codec.test.ts file (#5628)
• edd4132 fix: add missing User-agent to robots.txt and allow all (#5646)
• 251d716 Clean up workflow_call
• f4b7bae Update pullfrog.yml (#5634)
• 9977fb0 Add brand.dev to sponsors
• 0cdc0b8 4.3.5
• Additional commits viewable in compare view

Updates @rtk-query/codegen-openapi from 2.1.0 to 2.2.0

Release notes

Sourced from @​rtk-query/codegen-openapi's releases.

@​rtk-query/codegen-openapi@​2.2.0

This feature release adds new RTKQ codegen config options for outputting regex constants when the pattern keyword is used in an OpenAPI definition, and defining explicit tag overrides on a per-endpoint basis as part of the codegen config.

What's Changed

• feat: (codegen) output regex patterns for generated schemas by @​RhysOnlyBetter in reduxjs/redux-toolkit#5146
• feat(codegen): support explicit tag overrides without altering defaults by @​w3di in reduxjs/redux-toolkit#5135
• Add test for #3369 by @​markerikson in reduxjs/redux-toolkit#5154

Full Changelog: https://github.com/reduxjs/redux-toolkit/compare/@​rtk-query/codegen-openapi@​2.1.0...@​rtk-query/codegen-openapi@​2.2.0

Commits

• cbfeafe Release @​rtk-query/codegen-openapi 2.2.0
• 949b77b Release @​rtk-query/codegen-openapi 2.2.0-alpha.0
• 30d0d88 Add test for #3369 (#5154)
• cdff16f feat(codegen): support explicit tag overrides without altering defaults (#5135)
• 53d02cc feat: (codegen) output regex patterns for generated schemas (#5146)
• 96ca56f Add missed release-it entry (#5153)
• 55af92a Use trusted publishing and harden workflows (#5152)
• 92db1da docs: explain stripping undefined params before URLSearchParams (#5147)
• 39e7c8f Release 2.11.0
• c13e494 Add refetchCachedPages option for infinite query (#5016)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​rtk-query/codegen-openapi since your current version.

Updates @trivago/prettier-plugin-sort-imports from 6.0.0 to 6.0.2

Release notes

Sourced from @​trivago/prettier-plugin-sort-imports's releases.

v6.0.2

What's Changed

• Fix recognising mandatory prefix built-in imports by @​TomFryersMidsummer in trivago/prettier-plugin-sort-imports#389

New Contributors

• @​TomFryersMidsummer made their first contribution in trivago/prettier-plugin-sort-imports#389

Full Changelog: trivago/prettier-plugin-sort-imports@v6.0.1...v6.0.2

v6.0.1

What's Changed

• ignore eslint errors due to undefined export variables by @​vladislavarsenev in trivago/prettier-plugin-sort-imports#391

Full Changelog: trivago/prettier-plugin-sort-imports@v6.0.0...v6.0.1

Changelog

Sourced from @​trivago/prettier-plugin-sort-imports's changelog.

6.0.2

Bug fixes

• Fix recognising mandatory prefix built-in imports #389 by @​TomFryersMidsummer - Fixed detection of Node.js built-in modules that are only accessible with the node: prefix (like node:test, node:sqlite) to be correctly recognized when using <BUILTIN_MODULES> placeholder

6.0.1

Bug fixes

• Fix Svelte export snippet parsing #390 - Fixed by adding support for new Svelte snippet syntax

Commits

• d9c690f bump version. update changelog.
• 97214c3 Merge pull request #389 from TomFryersMidsummer/patch-1
• 7235355 Merge branch 'main' into patch-1
• 0c37c9d bump version
• 035e20a Merge pull request #391 from trivago/svelte-snippet-support
• d626e1b ignore eslint errors due to undefined export variables
• 0b1dc59 Fix recognising mandatory prefix built-in imports
• See full diff in compare view

Updates @types/react from 19.2.7 to 19.2.14

Commits

• See full diff in compare view

Updates css-loader from 7.1.2 to 7.1.4

Release notes

Sourced from css-loader's releases.

v7.1.4

7.1.4 (2026-02-16)

Bug Fixes

• update peer dependency for @​rspack/core v2 (#1652) (aeddefe)

v7.1.3

7.1.3 (2026-01-27)

Bug Fixes

• allow to use module class name (#1649) (01869bc)
• use official createHash for hashes (#1618) (06587e5)
• use official hash* options for hashes (#1619) (9544c3e)

Changelog

Sourced from css-loader's changelog.

7.1.4 (2026-02-16)

Bug Fixes

• update peer dependency for @​rspack/core v2 (#1652) (aeddefe)

7.1.3 (2026-01-27)

Bug Fixes

• allow to use module class name (#1649) (01869bc)
• use official createHash for hashes (#1618) (06587e5)
• use official hash* options for hashes (#1619) (9544c3e)

Commits

• 5b795af chore(release): 7.1.4
• aeddefe fix: update peer dependency for @​rspack/core v2 (#1652)
• b2b2de7 chore(release): 7.1.3
• 01869bc fix: allow to use module class name (#1649)
• 7dd15ec chore(deps): bump js-yaml (#1648)
• db26202 chore(deps-dev): bump lodash from 4.17.21 to 4.17.23 (#1647)
• 7daf1b8 Update CONTRIBUTING link to point to GitHub page
• de1e633 chore: correct link path (#1645)
• 563ad63 chore: migrate from contrib and swap branches (#1644)
• e68bf7e chore: update github actions/checkout from v4 to v5 (#1642)
• Additional commits viewable in compare view

Updates dotenv from 17.2.3 to 17.3.1

Changelog

Sourced from dotenv's changelog.

17.3.1 (2026-02-12)

Changed

• Fix as2 example command in README and update spanish README

17.3.0 (2026-02-12)

Added

• Add a new README section on dote...

  Description has been truncated

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.