deps(deps): bump the minor-updates group across 1 directory with 31 updates

[dependabot]

Bumps the minor-updates group with 27 updates in the / directory:

Package	From	To
@azure/identity	4.13.0	4.13.1
@azure/keyvault-secrets	4.10.0	4.11.2
@azure/msal-react	5.0.4	5.4.0
@prisma/adapter-pg	7.4.1	7.8.0
@prisma/client	7.4.1	7.8.0
@types/node	25.0.10	25.6.2
applicationinsights	3.13.0	3.14.0
framer-motion	12.29.0	12.38.0
hls.js	1.6.15	1.6.16
pg	8.18.0	8.20.0
prisma	7.4.1	7.8.0
react	19.2.3	19.2.6
@types/react	19.2.9	19.2.14
react-dom	19.2.3	19.2.6
react-router-dom	7.13.0	7.15.0
workbox-window	7.4.0	7.4.1
ws	8.19.0	8.20.0
@capacitor/cli	8.0.2	8.3.3
@capacitor/core	8.0.1	8.3.3
@tailwindcss/postcss	4.1.18	4.3.0
@typescript-eslint/eslint-plugin	8.56.0	8.59.2
@vitejs/plugin-basic-ssl	2.1.4	2.3.0
autoprefixer	10.4.23	10.5.0
eslint-plugin-react-hooks	7.0.1	7.1.1
eslint-plugin-react-refresh	0.4.26	0.5.2
vite-plugin-pwa	1.2.0	1.3.0
vitest	4.0.18	4.1.5

Updates @azure/identity from 4.13.0 to 4.13.1

Commits

• 0604e47 Sync eng/common directory with azure-sdk-tools for PR 13235 (#36861)
• 85a1361 Silence 1ESPT non-blocking error (#36342)
• a6ce3c7 [Identity] Bump MSAL dependency to v5 (#37685)
• 6d2d180 restore assets.json from @​azure/storage-blob_12.31.0
• See full diff in compare view

Updates @azure/keyvault-secrets from 4.10.0 to 4.11.2

Changelog

Sourced from @​azure/keyvault-secrets's changelog.

4.11.2 (2026-04-27)

Bugs Fixed

• Fixed an issue where contentType passed to setSecret() and updateSecretProperties() was not forwarded to the service request body. #38301

4.11.1 (2026-04-09)

Bugs Fixed

• Fix dependency issue.

4.11.0 (2026-04-01)

Features Added

• Added support for service API version 2025-07-01 which is now the default. #37785
• Added outContentType option to getSecret() allowing callers to request PEM-format output for certificate-backed secrets (e.g., outContentType: KnownContentType.PEM). #37785
• Added previousVersion readonly property to SecretProperties which returns the identifier of the previous certificate version. #37785

Commits

• 3c982d5 [keyvault-secrets] Forward contentType in secret request bodies (#38301)
• 7c3e114 Migrate keyvault packages to config/ and #platform/* imports (#38315)
• e8f0055 chore: Update registry for all package.json and adjust check rules (#38281)
• 19aa758 [keyvault] fix dependency issue (#38082)
• 6a0d0d7 feat(warp): add extends support for config inheritance (#37937)
• 86810ea [AutoPR @​azure-keyvault-certificates]-generated-from-SDK Generation - JS-6075...
• 5f52351 [AutoPR @​azure-keyvault-secrets]-generated-from-SDK Generation - JS-6050881 (...
• c0f19b7 Migrate libs with no polyfills to warp (#37372)
• 694ee21 use export/import type when applicable (#37385)
• 2563f96 Remove @​azure/core-http-compat dependency from keyvault packages (#36921)
• Additional commits viewable in compare view

Updates @azure/msal-browser from 5.2.0 to 5.10.0

Release notes

Sourced from @​azure/msal-browser's releases.

@​azure/msal-browser v5.10.0

5.10.0

Thu, 07 May 2026 19:01:04 GMT

Minor changes

• Add native auth e2e sample app (yongdiwang@microsoft.com)
• Remove duplicate typings in the build output #8557 (thomas.norling@microsoft.com)
• Bump @​azure/msal-common to v16.6.0 (beachball)

Patches

• Stop looking in localStorage for temporary cache #8579 (-g)

@​azure/msal-browser v5.9.0

5.9.0

Tue, 28 Apr 2026 21:30:31 GMT

Minor changes

• Bump @​azure/msal-browser to match @​azure/msal-browser-1p (msaljsbuilds@microsoft.com)
• Bump @​azure/msal-common to v16.5.2 (beachball)

Patches

• Use client_info=1 string value in native auth token requests #8562 (jiashen@microsoft.com)
• Fix CookieStorage.getItem and getKeys throwing URIError when unrelated cookies contain invalid percent-encoded sequences #7531 (198982749+Copilot@users.noreply.github.com)

@​azure/msal-browser v5.8.0

5.8.0

Tue, 21 Apr 2026 22:41:19 GMT

Minor changes

• Add CJS build for redirect-bridge subpath export #8541 (kshabelko@microsoft.com)
• Bump @​azure/msal-common to v16.5.1 (beachball)

Patches

• Add flat username (alias) attribute support in sign-up flow #8536 (yongdiwang@microsoft.com)
• Update cache schema version to fix bug when upgrading from v4 to v5 #8545 (thomas.norling@microsoft.com)
• Improved account filtering when login hint is provided #8478 (lalimasharda@microsoft.com)

@​azure/msal-browser v5.7.0

5.7.0

Thu, 16 Apr 2026 22:44:53 GMT

... (truncated)

Commits

• See full diff in compare view

Updates @azure/msal-react from 5.0.4 to 5.4.0

Release notes

Sourced from @​azure/msal-react's releases.

@​azure/msal-browser v5.4.0

5.4.0

Mon, 02 Mar 2026 19:25:47 GMT

Minor changes

• Bump @​azure/msal-browser to match @​azure/msal-browser-1p (msaljsbuilds@microsoft.com)
• Bump @​azure/msal-common to v16.2.0 (beachball)
• Bump eslint-config-msal to v0.0.0 (beachball)
• Bump msal-test-utils to v0.0.1 (beachball)
• Bump rollup-msal to v0.0.0 (beachball)

@​azure/msal-react v5.4.0

5.4.0

Thu, 07 May 2026 19:01:04 GMT

Minor changes

• Remove duplicate typings in the build output #8557 (thomas.norling@microsoft.com)
• Bump @​azure/msal-browser to v5.10.0 (beachball)

@​azure/msal-react v5.3.2

5.3.2

Tue, 28 Apr 2026 21:30:33 GMT

Patches

• Bump @​azure/msal-browser to v5.9.0 (beachball)

@​azure/msal-react v5.3.1

5.3.1

Tue, 21 Apr 2026 22:41:19 GMT

Patches

• Bump @​azure/msal-browser to v5.8.0 (beachball)

@​azure/msal-browser v5.3.0

5.3.0

Tue, 24 Feb 2026 21:51:51 GMT

Minor changes

• Add silentRefreshReason telemetry field to PerformanceEvent #8336 (kshabelko@microsoft.com)
• Bump @​azure/msal-common to v16.1.0 (beachball)

... (truncated)

Commits

• b4e498c Stop looking in localStorage for temporary cache (#8579)
• 1b261b4 Bump uuid and @​actions/core in /.github/actions/issue_template_bot (#8571)
• 1d8d2ae Update docs with popup closure detection and interaction status details (#8580)
• bd7b6c4 Use local e2eTestUtils path for samples (#8578)
• 64b3278 Add MSAL client metadata headers to IMDS managed identity requests (#8529)
• 45bb72c Restore NativeAuthSample app, e2e tests, and 3p-e2e pipeline (re-apply #8176,...
• b79cadc Dedupe build output (#8557)
• 644ab48 Post-release PR (#8574)
• 7ca7202 fix(sample): acquire token after B2C edit profile policy (#8568)
• 29a826b Address dependabot Github Actions alerts (#8550)
• Additional commits viewable in compare view

Updates @prisma/adapter-pg from 7.4.1 to 7.8.0

Release notes

Sourced from @​prisma/adapter-pg's releases.

7.8.0

Today, we are excited to share the 7.8.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

Highlights

ORM

Features

Prisma Client

• Added a queryPlanCacheMaxSize option to the PrismaClient constructor for fine-grained control over the query plan cache. Pass 0 to disable the cache entirely, or omit it to use the default cache size. A larger value can improve performance in applications that execute many unique queries, while a smaller one can reduce memory usage. (#29503)

Bug Fixes

Prisma Client

• Fixed an equality filter panic and incorrect ::jsonb cast when filtering on PostgreSQL JSON list columns. Queries using where: { jsonListField: { equals: [...] } }prisma/prisma-engines#5804
• Fixed case-insensitive JSON field filtering (mode: insensitive), allowing where: { jsonField: { equals: "...", mode: "insensitive" } }prisma/prisma-engines#5806
• Fixed incorrect parameterization of enum values that have a custom database name set via @map. (#29422)
• Fixed a database parameter limit check (P2029), which could incorrectly reject or miss over-limit queries. (#29422)
• Fixed a regression that caused missing SQL Server VARCHARprisma/prisma-engines#5801

Schema Engine

• Fixed a misleading error message in prisma migrate diff that referenced the --shadow-database-url CLI flag, which was removed in Prisma 7. (#29455)
• Fixed prisma migrate dev (and shadow database migration replay in general) failing with CREATE INDEX CONCURRENTLY cannot run inside a transaction blockprisma/prisma-engines#5799
• Fixed PostgreSQL introspection silently dropping sequence defaults when the database returns the schema-qualified form pg_catalog.nextval('sequence_name'::regclass) instead of the bare nextval(...). Columns backed by sequences now correctly appear as @default(autoincrement())prisma/prisma-engines#5802

Driver Adapters

• @​prisma/adapter-d1: Savepoint operations (createSavepoint, rollbackToSavepoint, releaseSavepoint) now silently no-op with debug logging instead of executing SQL statements, consistent with how the D1 adapter already treats top-level transactions. (#29499)

Open roles at Prisma

Interested in joining Prisma? We're growing and have several exciting opportunities across the company for developers who are passionate about building with Prisma. Explore our open positions on our Careers page and find the role that's right for you.

Enterprise support

Thousands of teams use Prisma and many of them already tap into our Enterprise & Agency Support Program for hands-on help with everything from schema integrations and performance tuning to security and compliance.

With this program you also get priority issue triage and bug fixes, expert scalability advice, and custom training so that your Prisma-powered apps stay rock-solid at any scale. Learn more or join: https://prisma.io/enterprise.

7.7.0

Today, we are excited to share the 7.7.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

... (truncated)

Commits

• f2ca67e feat: pg statement name generator (#29395)
• 4131568 fix: set @​types/pg to ^8.16.0 (#29390)
• 33667c3 fix(adapter-pg): handle both quoted/unquoted column names in ColumnNotFound e...
• e97b3e0 feat(adapter-pg): accept connection string URL in PrismaPg constructor (#29287)
• fc38fb7 Make @​types/pg a direct dependency of adapter-pg (#29277)
• 6091e02 feat: add support for nested transaction rollbacks via savepoints in sql (#21...
• See full diff in compare view

Updates @prisma/client from 7.4.1 to 7.8.0

Release notes

Sourced from @​prisma/client's releases.

7.8.0

Today, we are excited to share the 7.8.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

Highlights

ORM

Features

Prisma Client

• Added a queryPlanCacheMaxSize option to the PrismaClient constructor for fine-grained control over the query plan cache. Pass 0 to disable the cache entirely, or omit it to use the default cache size. A larger value can improve performance in applications that execute many unique queries, while a smaller one can reduce memory usage. (#29503)

Bug Fixes

Prisma Client

• Fixed an equality filter panic and incorrect ::jsonb cast when filtering on PostgreSQL JSON list columns. Queries using where: { jsonListField: { equals: [...] } }prisma/prisma-engines#5804
• Fixed case-insensitive JSON field filtering (mode: insensitive), allowing where: { jsonField: { equals: "...", mode: "insensitive" } }prisma/prisma-engines#5806
• Fixed incorrect parameterization of enum values that have a custom database name set via @map. (#29422)
• Fixed a database parameter limit check (P2029), which could incorrectly reject or miss over-limit queries. (#29422)
• Fixed a regression that caused missing SQL Server VARCHARprisma/prisma-engines#5801

Schema Engine

• Fixed a misleading error message in prisma migrate diff that referenced the --shadow-database-url CLI flag, which was removed in Prisma 7. (#29455)
• Fixed prisma migrate dev (and shadow database migration replay in general) failing with CREATE INDEX CONCURRENTLY cannot run inside a transaction blockprisma/prisma-engines#5799
• Fixed PostgreSQL introspection silently dropping sequence defaults when the database returns the schema-qualified form pg_catalog.nextval('sequence_name'::regclass) instead of the bare nextval(...). Columns backed by sequences now correctly appear as @default(autoincrement())prisma/prisma-engines#5802

Driver Adapters

• @​prisma/adapter-d1: Savepoint operations (createSavepoint, rollbackToSavepoint, releaseSavepoint) now silently no-op with debug logging instead of executing SQL statements, consistent with how the D1 adapter already treats top-level transactions. (#29499)

Open roles at Prisma

Interested in joining Prisma? We're growing and have several exciting opportunities across the company for developers who are passionate about building with Prisma. Explore our open positions on our Careers page and find the role that's right for you.

Enterprise support

Thousands of teams use Prisma and many of them already tap into our Enterprise & Agency Support Program for hands-on help with everything from schema integrations and performance tuning to security and compliance.

With this program you also get priority issue triage and bug fixes, expert scalability advice, and custom training so that your Prisma-powered apps stay rock-solid at any scale. Learn more or join: https://prisma.io/enterprise.

7.7.0

Today, we are excited to share the 7.7.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

... (truncated)

Commits

• 62b44ac chore(deps): update engines to 7.8.0-5.e96eae70cf4ade6a15d7e6064d5b0b4f7d835d...
• 4104864 feat: add a query plan cache size parameter (#29503)
• 723ba7b chore(deps): update engines to 7.8.0-4.8c287008617e9b12f313df99e2c821ae61ea9a...
• cadbafe chore(deps): update engines to 7.8.0-2.3187e3937290320ba3c7dbd5aa94af67942b44...
• f705533 chore(deps): update engines to 7.8.0-1.7b80cc56c645c6e03c7541474e6a7c8d91b70d...
• fbab4e8 Fix 29271 (#29303)
• 6a3c3cc chore: extract parameterization to client-engine-runtime (#29422)
• 5b420f8 fix(client): prevent caching of createMany queries to avoid cache bloat and p...
• 30f0af6 feat: dmmf streaming with an E2E test (#29377)
• 14c3c2e fix: pin E2E typescript to prevent 6 upgrade (#29383)
• Additional commits viewable in compare view

Updates @types/node from 25.0.10 to 25.6.2

Commits

• See full diff in compare view

Updates applicationinsights from 3.13.0 to 3.14.0

Release notes

Sourced from applicationinsights's releases.

3.14.0

microsoft/ApplicationInsights-node.js#1490 microsoft/ApplicationInsights-node.js#1489 microsoft/ApplicationInsights-node.js#1488 microsoft/ApplicationInsights-node.js#1487 microsoft/ApplicationInsights-node.js#1485

Changelog

Sourced from applicationinsights's changelog.

3.14.0 (2026-02-24)

Other Changes

• Update OTel global detection to wait for the customer app to initialize before detection.

Commits

• 8af259e Release 3.14.0 (#1492)
• f1af803 Update Azure Functions Dependency & Update Version Compatibility (#1490)
• 83c56b5 Revert delta. (#1489)
• 5e8ee08 Set temporality to delta. (#1488)
• 3fbe1fd Update README.md (#1487)
• b223fd3 Add otel detection delay. (#1485)
• See full diff in compare view

Updates framer-motion from 12.29.0 to 12.38.0

Changelog

Sourced from framer-motion's changelog.

[12.38.0] 2026-03-16

Added

• Added layoutAnchor prop to configure custom anchor point for resolving relative projection boxes.

Fixed

• Reorder: Fix axis switching after window resize.
• Reorder: Fix with virtualised lists.
• AnimatePresence: Ensure children are removed when exit animation matches current values.

[12.37.0] 2026-03-16

Added

• Support for hardware accelerating "start" and "end" offsets in scroll and useScroll.
• Support for oklch, oklab, lab, lch, color, color-mix, light-dark color types.

Fixed

• Fix whileInView with client-side navigation.
• Fix draggable elements when layout updates due to surrounding element re-renders.
• Improved memory pressure of layout animations.
• Ensure motion value returned from useSpring reports correct isAnimating().

[12.36.0] 2026-03-09

Added

• Allow dragSnapToOrigin to accept "x" or "y" for per-axis snapping.
• Added axis-locked layout animations with layout="x" and layout="y".
• Added skipInitialAnimation to useSpring.

Fixed

• Fixed height and width: auto animations with box-sizing: border-box.
• Reset component values when exit animation finishes.
• Ensure anticipate easing returns 1 at p === 1.
• Fix @emotion/is-prop-valid resolve error in Storybook.
• Remove data-pop-layout-id from exiting elements when animation interrupted.
• Ensure we skip WAAPI for non-animatable keyframes.
• Ensure we skip WAAPI for SVG transforms.
• Ensure MotionValue props are not passed to SVG.
• AnimatePresence: Prevent mode="wait" elements from getting stuck when switched rapidly.

[12.35.2] 2026-03-09

Fixed

... (truncated)

Commits

• 0bfc9fe v12.38.0
• 343cb0c Updating layoutAnchor
• ee99ad2 Updating changelog
• 062660b Updating changgelog
• 303da7d Updating readme
• b075adc Merge pull request #3647 from motiondivision/feat/layout-anchor
• f0991d6 Add missing layoutAnchor !== false guard in attemptToResolveRelativeTarget
• b5798e9 Merge pull request #3642 from motiondivision/worktree-fix-issue-3078
• 7686c19 Merge pull request #3636 from motiondivision/worktree-fix-issue-3061
• a95c487 Fix auto-scroll in reorder-virtualized test page
• Additional commits viewable in compare view

Updates hls.js from 1.6.15 to 1.6.16

Release notes

Sourced from hls.js's releases.

v1.6.16

Summary

HLS.js v1.6.16 includes bug fixes and improvements over the last release.

Changes Since The Last Release

video-dev/hls.js@v1.6.15...v1.6.16

• Fix Interstitials live start with short sliding window (#7799)
• Limit buffering while paused outside live sliding window (#7788)

Demo Page

https://121bff6b.hls-js-dev.pages.dev/demo/

Feedback

Please provide feedback via Issues in GitHub. For more details on how to contribute to HLS.js, see our CONTRIBUTING guide.

Commits

• 7e19f21 Cherry-pick changes from #7799
• 1596a02 Limit buffering while paused outside live sliding window (#7788)
• 7c9e8f7 Fix Interstitials live start with short sliding window (N3 or less / no seek ...
• b001910 Increase minimum Windows test version for saucelabs
• See full diff in compare view

Updates pg from 8.18.0 to 8.20.0

Changelog

Sourced from pg's changelog.

pg@8.20.0

• Add onConnect callback to pg.Pool constructor options allowing for async initialization of newly created & connected pooled clients.

pg@8.19.0

• Deprecate interal query queue.
• Pass connection parameters to password callback.

Commits

• c9070cc Publish
• ad36e3c fix: typo in deprecation notice for client.query() (#3618)
• f2d7d11 Publish
• 5a4bafc Deprecate Client's internal query queue (#3603)
• a215bfb Typo fix in PgPass deprecation (funciton) (#3605)
• 01e0556 fix(pg-query-stream): invoke this.callback on cursor end/error (#2810)
• e6e3692 Pass connection parameters to password callback (#3602)
• d80d883 test: Fix TLS connection test ending too early
• f332f28 fix: Connection timeout handling for native clients in connected state (#3512)
• b2e9cb1 Remove testAsync - its redundant (#3588)
• Additional commits viewable in compare view

Updates prisma from 7.4.1 to 7.8.0

Release notes

Sourced from prisma's releases.

7.8.0

Today, we are excited to share the 7.8.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

Highlights

ORM

Features

Prisma Client

• Added a queryPlanCacheMaxSize option to the PrismaClient constructor for fine-grained control over the query plan cache. Pass 0 to disable the cache entirely, or omit it to use the default cache size. A larger value can improve performance in applications that execute many unique queries, while a smaller one can reduce memory usage. (#29503)

Bug Fixes

Prisma Client

• Fixed an equality filter panic and incorrect ::jsonb cast when filtering on PostgreSQL JSON list columns. Queries using where: { jsonListField: { equals: [...] } }prisma/prisma-engines#5804
• Fixed case-insensitive JSON field filtering (mode: insensitive), allowing where: { jsonField: { equals: "...", mode: "insensitive" } }prisma/prisma-engines#5806
• Fixed incorrect parameterization of enum values that have a custom database name set via @map. (#29422)
• Fixed a database parameter limit check (P2029), which could incorrectly reject or miss over-limit queries. (#29422)
• Fixed a regression that caused missing SQL Server VARCHARprisma/prisma-engines#5801

Schema Engine

• Fixed a misleading error message in prisma migrate diff that referenced the --shadow-database-url CLI flag, which was removed in Prisma 7. (#29455)
• Fixed prisma migrate dev (and shadow database migration replay in general) failing with CREATE INDEX CONCURRENTLY cannot run inside a transaction blockprisma/prisma-engines#5799
• Fixed PostgreSQL introspection silently dropping sequence defaults when the database returns the schema-qualified form pg_catalog.nextval('sequence_name'::regclass) instead of the bare nextval(...). Columns backed by sequences now correctly appear as @default(autoincrement())prisma/prisma-engines#5802

Driver Adapters

• @​prisma/adapter-d1: Savepoint operations (createSavepoint, rollbackToSavepoint, releaseSavepoint) now silently no-op with debug logging instead of executing SQL statements, consistent with how the D1 adapter already treats top-level transactions. (#29499)

Open roles at Prisma

Interested in joining Prisma? We're growing and have several exciting opportunities across the company for developers who are passionate about building with Prisma. Explore our open positions on our Careers page and find the role that's right for you.

Enterprise support

Thousands of teams use Prisma and many of them already tap into our Enterprise & Agency Support Program for hands-on help with everything from schema integrations and performance tuning to security and compliance.

With this program you also get priority issue triage and bug fixes, expert scalability advice, and custom training so that your Prisma-powered apps stay rock-solid at any scale. Learn more or join: https://prisma.io/enterprise.

7.7.0

Today, we are excited to share the 7.7.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

... (truncated)

Commits

• 5723406 fix(cli): route bootstrap telemetry to Prisma Web Properties project (#29473)
• 8e71aa7 fix(cli): install missing @prisma/client in prisma bootstrap (#29444)
• ada077b fix(cli): bootstrap UX — auto-install deps, resumable flow, timeout handling ...
• 9b0b7f5 feat(cli): add prisma bootstrap command (#29374)
• 5fece0a chore: bump @​prisma/dev to 0.24.3 (#29396)
• 45d7e0f feat(cli): add prisma postgres link command (#29352)
• adbdf15 Pre-bundle Studio frontend assets and replace Hono (#29389)
• f8258ad chore: bump effect to fix vulnerability (#29384)
• 74839a9 feat(cli): update bundled @​prisma/studio-core to 0.27.3 (#29376)
• 309b4bc refactor: extract 'prisma-client-js' into PRISMA_CLIENT_JS_PROVIDER constant ...
• Additional commits viewable in compare view

Updates react from 19.2.3 to 19.2.6

Release notes

Sourced from react's releases.

19.2.6 (May 6th, 2026)

React Server Components

• Type hardening and performance improvements (#36425 by @​eps1lon and @​unstubbable)

19.2.5 (April 8th, 2026)

React Server Components

• Add more cycle protections (#36236 by @​eps1lon and @​unstubbable)

19.2.4 (January 26th, 2026)

React Server Components

• Add more DoS mitigations to Server Actions, and harden Server Components (#35632 by @​gnoff, @​lubieowoce, @​sebmarkbage, @​unstubbable)

Commits

• eaf3e95 Version 19.2.6
• 23f4f9f 19.2.5
• 90ab3f8 Version 19.2.4
• See full diff in compare view

Updates @types/react from 19.2.9 to 19.2.14

Commits

• See full diff in compare view

Updates react-dom from 19.2.3 to 19.2.6

Release notes

Sourced from react-dom's releases.

19.2.6 (May 6th, 2026)

React Server Components

• Type hardening and performance improvements (#36425 by @​eps1lon and @​unstubbable)

19.2.5 (April 8th, 2026)

React Server Components

• Add more cycle protections (#36236 by @​eps1lon and @​unstubbable)

19.2.4 (January 26th, 2026)

React Server Components

• Add more DoS mitigations to Server Actions, and harden Server Components (#35632 by @​gnoff, @​lubieowoce, @​sebmarkbage, @​unstubbable)

Commits

• eaf3e95 Version 19.2.6
• 23f4f9f 19.2.5
• 90ab3f8 Version 19.2.4
• See full diff in compare view

Updates react-router-dom from 7.13.0 to 7.15.0

Changelog

Sourced from react-router-dom's changelog.

v7.15.0

Patch Changes

• Updated dependencies:
  • react-router@7.15.0

v7.14.2

Patch Changes

• Updated dependencies:
  • react-router@7.14.2

v7.14.1

Patch Changes

• Updated dependencies:
  • react-router@7.14.1

7.14.0

Patch Changes

• Updated dependencies:
  • react-router@7.14.0

7.13.2

Patch Changes

• Updated dependencies:
  • react-router@7.13.2

7.13.1

Patch Changes

• Updated dependencies:
  • react-router@7.13.1

Commits

• 97c8de7 Release v7.15.0 (#15018)
• cf1d250 Release v7.14.2 (#14993)
• 197674b Release 7.14.1 (#14973)
• a87774f Add new release process (#14916)
• e31077b chore: Update version for release (#14945)
• 6683e85 chore: Update version for release (pre) (#14943)
• aadb56f chore: Update version for release (#14908)
• c68a9b3 chore: Update version for release (pre) (#14893)
• aa3f078 chore: Update version for release (#14829)
• 3207a5c chore: Update version for release (pre) (#14814)
• See full diff in compare view

Updates workbox-window from 7.4.0 to 7.4.1

Release notes

Sourced from workbox-window's releases.

Workbox v7.4.1

What's Changed

• migrate rollup v4 and plugins by @​AJIb63PT in GoogleChrome/workbox#3446
• Bump jws from 4.0.0 to 4.0.1 by @​dependabot[bot] in GoogleChrome/workbox#3447
• Bump node-forge from 1.3.1 to 1.3.3 by @​dependabot[bot] in GoogleChrome/workbox#3449
• Bump brace-expansion in /packages/workbox-webpack-plugin by @​dependabot[bot] in GoogleChrome/workbox#3448
• Bump flatted from 3.3.1 to 3.4.2 by @​dependabot[bot] in GoogleChrome/workbox#3477
• Bump rollup from 4.53.3 to 4.59.0 by @​dependabot[bot] in GoogleChrome/workbox#3474
• Bump ajv from 8.6.0 to 8.18.0 in /packages/workbox-build by @​dependabot[bot] in GoogleChrome/workbox#3462
• Bump ajv from 8.12.0 to 8.18.0 in /packages/workbox-cli by @​dependabot[bot] in GoogleChrome/workbox#3460
• Bump picomatch by @​dependabot[bot] in GoogleChrome/workbox#3478
• Bump picomatch from 2.3.1 to 2.3.2 in /packages/workbox-cli by @​dependabot[bot] in GoogleChrome/workbox#3479
• Bump lodash from 4.17.21 to 4.17.23 in /packages/workbox-webpack-plugin by @​dependabot[bot] in GoogleChrome/workbox#3453
• Bump lodash from 4.17.21 to 4.17.23 by @​dependabot[bot] in GoogleChrome/workbox#3452
• Bump ajv from 6.12.6 to 6.14.0 in /packages/workbox-webpack-plugin by @​dependabot[bot] in GoogleChrome/workbox#3461
• Bump lodash from 4.17.21 to 4.17.23 in /packages/workbox-cli by ...

  Description has been truncated