chore(deps): bump the minor-patch group across 1 directory with 14 updates

[dependabot]

Bumps the minor-patch group with 14 updates in the /frontend directory:

Package	From	To
@tanstack/react-query	5.96.1	5.97.0
axios	1.14.0	1.15.0
i18next	26.0.3	26.0.4
lucide-react	1.7.0	1.8.0
react	19.2.4	19.2.5
react-dom	19.2.4	19.2.5
react-hook-form	7.72.0	7.72.1
react-router	7.13.2	7.14.0
@tanstack/eslint-plugin-query	5.96.1	5.97.0
@types/node	25.5.0	25.6.0
eslint	10.1.0	10.2.0
prettier	3.8.1	3.8.2
typescript-eslint	8.58.0	8.58.1
vite	8.0.3	8.0.8

Updates @tanstack/react-query from 5.96.1 to 5.97.0

Release notes

Sourced from @​tanstack/react-query's releases.

@​tanstack/react-query-devtools@​5.97.0

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.97.0
  • @​tanstack/react-query@​5.97.0

@​tanstack/react-query-next-experimental@​5.97.0

Patch Changes

• Updated dependencies []:
  • @​tanstack/react-query@​5.97.0

@​tanstack/react-query-persist-client@​5.97.0

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-persist-client-core@​5.97.0
  • @​tanstack/react-query@​5.97.0

@​tanstack/react-query@​5.97.0

Patch Changes

• Updated dependencies [2bfb12c]:
  • @​tanstack/query-core@​5.97.0

@​tanstack/react-query-devtools@​5.96.2

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.96.2
  • @​tanstack/react-query@​5.96.2

@​tanstack/react-query-next-experimental@​5.96.2

Patch Changes

• Updated dependencies []:
  • @​tanstack/react-query@​5.96.2

@​tanstack/react-query-persist-client@​5.96.2

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-persist-client-core@​5.96.2
  • @​tanstack/react-query@​5.96.2

@​tanstack/react-query@​5.96.2

Patch Changes

• Updated dependencies []:

... (truncated)

Changelog

Sourced from @​tanstack/react-query's changelog.

5.97.0

Patch Changes

• Updated dependencies [2bfb12c]:
  • @​tanstack/query-core@​5.97.0

5.96.2

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.96.2

Commits

• 125067c ci: Version Packages (#10436)
• f699190 test(react-query): replace hardcoded query keys with 'queryKey()' utility (#1...
• f3d3eea test(*): replace deprecated 'toMatchTypeOf' with 'toExtend' (#10413)
• 3d6e001 test(react-query/useSuspenseQueries): replace 'async/await sleep' with 'sleep...
• 7d7a21c test(react-query): replace 'async/await sleep' with 'sleep().then()' in test ...
• 5ca721f ci: Version Packages (#10379)
• See full diff in compare view

Updates axios from 1.14.0 to 1.15.0

Release notes

Sourced from axios's releases.

v1.15.0

This release delivers two critical security patches, adds runtime support for Deno and Bun, and includes significant CI hardening, documentation improvements, and routine dependency updates.

⚠️ Important Changes

• Deprecation: url.parse() usage has been replaced to address Node.js deprecation warnings. If you are on a recent version of Node.js, this resolves console warnings you may have been seeing. (#10625)

🔒 Security Fixes

• Proxy Handling: Fixed a no_proxy hostname normalisation bypass that could lead to Server-Side Request Forgery (SSRF). (#10661)
• Header Injection: Fixed an unrestricted cloud metadata exfiltration vulnerability via a header injection chain. (#10660)

🚀 New Features

• Runtime Support: Added compatibility checks and documentation for Deno and Bun environments. (#10652, #10653)

🔧 Maintenance & Chores

• CI Security: Hardened workflow permissions to least privilege, added the zizmor security scanner, pinned action versions, and gated npm publishing with OIDC and environment protection. (#10618, #10619, #10627, #10637, #10666)
• Dependencies: Bumped serialize-javascript, handlebars, picomatch, vite, and denoland/setup-deno to latest versions. Added a 7-day Dependabot cooldown period. (#10574, #10572, #10568, #10663, #10664, #10665, #10669, #10670, #10616)
• Documentation: Unified docs, improved beforeRedirect credential leakage example, clarified withCredentials/withXSRFToken behaviour, HTTP/2 support notes, async/await timeout error handling, header case preservation, and various typo fixes. (#10649, #10624, #7452, #7471, #10654, #10644, #10589)
• Housekeeping: Removed stale files, regenerated lockfile, and updated sponsor scripts and blocks. (#10584, #10650, #10582, #10640, #10659, #10668)
• Tests: Added regression coverage for urlencoded Content-Type casing. (#10573)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve Axios:

• @​raashish1601 (#10573)
• @​Kilros0817 (#10625)
• @​ashstrc (#10624)
• @​Abhi3975 (#10589)
• @​theamodhshetty (#7452)

Changelog

Sourced from axios's changelog.

Changelog

1.13.3 (2026-01-20)

Bug Fixes

• http2: Use port 443 for HTTPS connections by default. (#7256) (d7e6065)
• interceptor: handle the error in the same interceptor (#6269) (5945e40)
• main field in package.json should correspond to cjs artifacts (#5756) (7373fbf)
• package.json: add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (#5754) (b89217e)
• silentJSONParsing=false should throw on invalid JSON (#7253) (#7257) (7d19335)
• turn AxiosError into a native error (#5394) (#5558) (1c6a86d)
• types: add handlers to AxiosInterceptorManager interface (#5551) (8d1271b)
• types: restore AxiosError.cause type from unknown to Error (#7327) (d8233d9)
• unclear error message is thrown when specifying an empty proxy authorization (#6314) (6ef867e)

Features

• add undefined as a value in AxiosRequestConfig (#5560) (095033c)
• add automatic minor and patch upgrades to dependabot (#6053) (65a7584)
• add Node.js coverage script using c8 (closes #7289) (#7294) (ec9d94e)
• added copilot instructions (3f83143)
• compatibility with frozen prototypes (#6265) (860e033)
• enhance pipeFileToResponse with error handling (#7169) (88d7884)
• types: Intellisense for string literals in a widened union (#6134) (f73474d), closes microsoft/TypeScript#33471

Reverts

• Revert "fix: silentJSONParsing=false should throw on invalid JSON (#7253) (#7…" (#7298) (a4230f5), closes #7253 #7 #7298
• deps: bump peter-evans/create-pull-request from 7 to 8 in the github-actions group (#7334) (2d6ad5e)

Contributors to this release

• Ashvin Tiwari
• Nikunj Mochi
• Anchal Singh
• jasonsaayman
• Julian Dax
• Akash Dhar Dubey
• Madhumita
• Tackoil
• Justin Dhillon
• Rudransh
• WuMingDao
• codenomnom
• Nandan Acharya
• Eric Dubé
• Tibor Pilz
• Gabriel Quaresma
• Turadg Aleahmad

... (truncated)

Commits

• 772a4e5 chore(release): prepare release 1.15.0 (#10671)
• 4b07137 chore(deps-dev): bump vite from 8.0.0 to 8.0.5 in /tests/smoke/esm (#10663)
• 51e57b3 chore(deps-dev): bump vite from 8.0.2 to 8.0.5 (#10664)
• fba1a77 chore(deps-dev): bump vite from 8.0.2 to 8.0.5 in /tests/module/esm (#10665)
• 0bf6e28 chore(deps): bump denoland/setup-deno in the github-actions group (#10669)
• 8107157 chore(deps-dev): bump the development_dependencies group with 4 updates (#10670)
• e66530e ci: require npm-publish environment for releases (#10666)
• 49f23cb chore(sponsor): update sponsor block (#10668)
• 3631854 fix: unrestricted cloud metadata exfiltration via header injection chain (#10...
• fb3befb fix: no_proxy hostname normalization bypass leads to ssrf (#10661)
• Additional commits viewable in compare view

Updates i18next from 26.0.3 to 26.0.4

Release notes

Sourced from i18next's releases.

v26.0.4

• fix(types): inline formatting options like {{price, currency(EUR)}} are now correctly resolved to their base format type (e.g. number for currency) instead of falling back to string 2378

Changelog

Sourced from i18next's changelog.

26.0.4

• fix(types): inline formatting options like {{price, currency(EUR)}} are now correctly resolved to their base format type (e.g. number for currency) instead of falling back to string 2378

Commits

• 9e64c75 26.0.4
• cd1f15f fix(types): inline formatting options #2378
• 660c785 ts: test todo hint
• 7d2b638 ts repro test
• 29e07bf ts repro test
• See full diff in compare view

Updates lucide-react from 1.7.0 to 1.8.0

Release notes

Sourced from lucide-react's releases.

Version 1.8.0

What's Changed

• docs(packages/angular): add packageDirname for @​lucide/angular by @​rhutchison in lucide-icons/lucide#4211
• chore(icons): Username change knarlix to RajnishKMehta by @​RajnishKMehta in lucide-icons/lucide#4208
• ci(@​lucide/angular): Fix publishing problem by @​ericfennis in lucide-icons/lucide#4213
• docs: fix broken links in pull_request_template.md (got 404 page) by @​whoisBugsbunny in lucide-icons/lucide#4224
• fix(lucide-static): add viewBox to sprite symbol elements by @​TomaTV in lucide-icons/lucide#4223
• docs: Fix link to icon design principles in statement by @​whoisBugsbunny in lucide-icons/lucide#4225
• feat(docs): add Zephyr Cloud to Hero Backers tier by @​karsa-mistmere in lucide-icons/lucide#4226
• fix(icons): fixes gap issues in radio-off.svg by @​karsa-mistmere in lucide-icons/lucide#4227
• fix(icons): renamed text-select to square-dashed-text by @​jguddas in lucide-icons/lucide#3943
• fix(docs): improve mobile layout of v1 banner by @​karsa-mistmere in lucide-icons/lucide#4254
• fix(@​lucide/svelte): aria-hidden="true" was never set by @​blt-r in lucide-icons/lucide#4234
• fix(icons): remove ui/ux tag from heart-minus, add delete instead by @​karsa-mistmere in lucide-icons/lucide#4266
• chore(deps-dev): bump vite from 7.3.1 to 7.3.2 by @​dependabot[bot] in lucide-icons/lucide#4276
• chore(deps): bump lodash-es from 4.17.23 to 4.18.1 by @​dependabot[bot] in lucide-icons/lucide#4251
• chore(deps): bump vite from 5.4.21 to 6.4.2 by @​dependabot[bot] in lucide-icons/lucide#4286
• feat(docs): use initOnMounted: true for useSessionStorage in CarbonAdOverlay by @​karsa-mistmere in lucide-icons/lucide#4275
• feat(icons): added bookmark-off icon by @​ZeenatLawal in lucide-icons/lucide#4283

New Contributors

• @​rhutchison made their first contribution in lucide-icons/lucide#4211
• @​whoisBugsbunny made their first contribution in lucide-icons/lucide#4224
• @​TomaTV made their first contribution in lucide-icons/lucide#4223
• @​blt-r made their first contribution in lucide-icons/lucide#4234
• @​ZeenatLawal made their first contribution in lucide-icons/lucide#4283

Full Changelog: lucide-icons/lucide@1.7.0...1.8.0

Commits

• 7623e23 feat(docs): add Zephyr Cloud to Hero Backers tier & rework updateSponsors scr...
• See full diff in compare view

Updates react from 19.2.4 to 19.2.5

Release notes

Sourced from react's releases.

19.2.5 (April 8th, 2026)

React Server Components

• Add more cycle protections (#36236 by @​eps1lon and @​unstubbable)

Commits

• 23f4f9f 19.2.5
• See full diff in compare view

Updates react-dom from 19.2.4 to 19.2.5

Release notes

Sourced from react-dom's releases.

19.2.5 (April 8th, 2026)

React Server Components

• Add more cycle protections (#36236 by @​eps1lon and @​unstubbable)

Commits

• 23f4f9f 19.2.5
• See full diff in compare view

Updates react-hook-form from 7.72.0 to 7.72.1

Release notes

Sourced from react-hook-form's releases.

Version 7.72.1

🐞 fix: add isDirty check for numeric string keys in defaultValues (issue #13346) (#13347) 🐞 fix: prevent setValue with shouldDirty from polluting unrelated dirty fields (#13326) 🐞 fix: memoize control in HookFormControlContext to prevent render conflicts (#13272) (#13312) 🐞 fix: isNameInFieldArray should check all ancestor paths for nested field arrays (#13318) 🐞 fix: #13320 formState.isValid incorrect on Controller re-mount (#13324)

thanks to @​6810779s, @​candymask0712, @​olagokemills, @​shahmir-oscilar & @​bae080311

Commits

• 724e563 7.72.1
• ba649e9 🐞 test: add isDirty check for numeric string keys in defaultValues (issue #13...
• 2f56eb0 🛖 build(deps): bump yaml from 1.10.2 to 1.10.3 in /app (#13335)
• f29f546 👯 combine duplicated code (#13328)
• 2cfc8a5 🐞 fix: prevent setValue with shouldDirty from polluting unrelated dirty field...
• 44e8815 🐞 fix: memoize control in HookFormControlContext to prevent render conflicts ...
• 302d160 🐞 fix: isNameInFieldArray should check all ancestor paths for nested field ar...
• d7ccd70 🦾 dev deps upgrade (#13325)
• fddf779 🐞 fix: #13320 formState.isValid incorrect on Controller re-mount (#13324)
• 26ae54e 🛖 build(deps-dev): bump rollup from 4.53.3 to 4.59.0 (#13323)
• See full diff in compare view

Updates react-router from 7.13.2 to 7.14.0

Release notes

Sourced from react-router's releases.

v7.14.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7140

Changelog

Sourced from react-router's changelog.

7.14.0

Patch Changes

• UNSTABLE RSC FRAMEWORK MODE BREAKING CHANGE - Existing route module exports remain unchanged from stable v7 non-RSC mode, but new exports are added for RSC mode. If you want to use RSC features, you will need to update your route modules to export the new annotations. (#14901)

  If you are using RSC framework mode currently, you will need to update your route modules to the new conventions. The following route module components have their own mutually exclusive server component counterparts:

  Server Component Export	Client Component
  ServerComponent	default
  ServerErrorBoundary	ErrorBoundary
  ServerLayout	Layout
  ServerHydrateFallback	HydrateFallback

  If you were previously exporting a ServerComponent, your ErrorBoundary, Layout, and HydrateFallback were also server components. If you want to keep those as server components, you can rename them and prefix them with Server. If you were previously importing the implementations of those components from a client module, you can simply inline them.

  Example:

  Before

  import { ErrorBoundary as ClientErrorBoundary } from "./client";
  export function ServerComponent() {
  // ...
  }
  export function ErrorBoundary() {
  return <ClientErrorBoundary />;
  }
  export function Layout() {
  // ...
  }
  export function HydrateFallback() {
  // ...
  }

  After

  export function ServerComponent() {
    // ...
  }
  export function ErrorBoundary() {
  // previous implementation of ClientErrorBoundary, this is now a client component

... (truncated)

Commits

• e31077b chore: Update version for release (#14945)
• 6683e85 chore: Update version for release (pre) (#14943)
• 49a2ed5 Merge branch 'main' into release-next
• e8b3c3a feat: RSC framework mode prerender (#14907)
• 82eca19 docs: clarify useViewTransitionState matches to or from path (#14922)
• d439188 feat:! new RSC framework mode module API (#14901)
• 98641e2 feat: rsc prefetch (#14902)
• 903d924 chore: format
• 0d57748 Merge branch 'release-next' into dev
• 921db15 chore: format
• Additional commits viewable in compare view

Updates @tanstack/eslint-plugin-query from 5.96.1 to 5.97.0

Release notes

Sourced from @​tanstack/eslint-plugin-query's releases.

@​tanstack/eslint-plugin-query@​5.97.0

Minor Changes

• feat(eslint): support eslint v10 and typescript v6 (#10182)

@​tanstack/eslint-plugin-query@​5.96.2

Patch Changes

• fix(eslint-plugin): normalize whitespace in allowList variable matching for multiline expressions (#10337)

Changelog

Sourced from @​tanstack/eslint-plugin-query's changelog.

5.97.0

Minor Changes

• feat(eslint): support eslint v10 and typescript v6 (#10182)

5.96.2

Patch Changes

• fix(eslint-plugin): normalize whitespace in allowList variable matching for multiline expressions (#10337)

Commits

• 125067c ci: Version Packages (#10436)
• 23a4029 feat(eslint-plugin-query): add ESLint v10 to peer dependencies (#10182)
• 5ca721f ci: Version Packages (#10379)
• deb62e0 fix(eslint-plugin): normalize whitespace in allowList variable matching for m...
• See full diff in compare view

Updates @types/node from 25.5.0 to 25.6.0

Commits

• See full diff in compare view

Updates eslint from 10.1.0 to 10.2.0

Release notes

Sourced from eslint's releases.

v10.2.0

Features

• 586ec2f feat: Add meta.languages support to rules (#20571) (Copilot)
• 14207de feat: add Temporal to no-obj-calls (#20675) (Pixel998)
• bbb2c93 feat: add Temporal to ES2026 globals (#20672) (Pixel998)

Bug Fixes

• 542cb3e fix: update first-party dependencies (#20714) (Francesco Trotta)

Documentation

• a2af743 docs: add language to configuration objects (#20712) (Francesco Trotta)
• 845f23f docs: Update README (GitHub Actions Bot)
• 5fbcf59 docs: remove sourceType from ts playground link (#20477) (Tanuj Kanti)
• 8702a47 docs: Update README (GitHub Actions Bot)
• ddeaded docs: Update README (GitHub Actions Bot)
• 2b44966 docs: add Major Releases section to Manage Releases (#20269) (Milos Djermanovic)
• eab65c7 docs: update eslint versions in examples (#20664) (루밀LuMir)
• 3e4a299 docs: update ESM Dependencies policies with note for own-usage packages (#20660) (Milos Djermanovic)

Chores

• 8120e30 refactor: extract no unmodified loop condition (#20679) (kuldeep kumar)
• 46e8469 chore: update dependency markdownlint-cli2 to ^0.22.0 (#20697) (renovate[bot])
• 01ed3aa test: add unit tests for unicode utilities (#20622) (Manish chaudhary)
• 811f493 ci: remove --legacy-peer-deps from types integration tests (#20667) (Milos Djermanovic)
• 6b86fcf chore: update dependency npm-run-all2 to v8 (#20663) (renovate[bot])
• 632c4f8 chore: add prettier update commit to .git-blame-ignore-revs (#20662) (루밀LuMir)
• b0b0f21 chore: update dependency eslint-plugin-regexp to ^3.1.0 (#20659) (Milos Djermanovic)
• 228a2dd chore: update dependency eslint-plugin-eslint-plugin to ^7.3.2 (#20661) (Milos Djermanovic)
• 3ab4d7e test: Add tests for eslintrc-style keys (#20645) (kuldeep kumar)

Commits

• 000128c 10.2.0
• 1988fad Build: changelog update for 10.2.0
• 542cb3e fix: update first-party dependencies (#20714)
• a2af743 docs: add language to configuration objects (#20712)
• 845f23f docs: Update README
• 5fbcf59 docs: remove sourceType from ts playground link (#20477)
• 8702a47 docs: Update README
• ddeaded docs: Update README
• 8120e30 refactor: extract no unmodified loop condition (#20679)
• 46e8469 chore: update dependency markdownlint-cli2 to ^0.22.0 (#20697)
• Additional commits viewable in compare view

Updates prettier from 3.8.1 to 3.8.2

Release notes

Sourced from prettier's releases.

3.8.2

• Support Angular v21.2

🔗 Changelog

Changelog

Sourced from prettier's changelog.

3.8.2

diff

Angular: Support Angular v21.2 (#18722, #19034 by @​fisker)

Exhaustive typechecking with @default never;

<!-- Input -->
@switch (foo) {
  @case (1) {}
  @default never;
}
<!-- Prettier 3.8.1 -->
SyntaxError: Incomplete block "default never". If you meant to write the @ character, you should use the "&#64;" HTML entity instead. (3:3)
<!-- Prettier 3.8.2 -->
@​switch (foo) {
@​case (1) {}
@​default never;
}

arrow function and instanceof expressions.

<!-- Input -->
@let fn = (a) =>        a?    1:2;
{{ fn ( a         instanceof b)}}
<!-- Prettier 3.8.1 -->
@​let fn = (a) =>        a?    1:2;
{{ fn ( a         instanceof b)}}
<!-- Prettier 3.8.2 -->
@​let fn = (a) => (a ? 1 : 2);
{{ fn(a instanceof b) }}

Commits

• b31557c Release 3.8.2
• 96bbaed Support Angular v21.2 (#18722)
• 881360b Support default never in Angular v21.2 (#19034)
• 07d6724 Bump Prettier dependency to 3.8.1
• 8b4a53a Clean changelog_unreleased
• See full diff in compare view

Updates typescript-eslint from 8.58.0 to 8.58.1

Release notes

Sourced from typescript-eslint's releases.

v8.58.1

8.58.1 (2026-04-08)

🩹 Fixes

• eslint-plugin: [no-unused-vars] fix false negative for type predicate parameter (#12004)

❤️ Thank You

• MinJae @​Ju-MINJAE

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from typescript-eslint's changelog.

8.58.1 (2026-04-08)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

• 5311ed3 chore(release): publish 8.58.1
• See full diff in compare view

Updates vite from 8.0.3 to 8.0.8

Release notes

Sourced from vite's releases.

v8.0.8

Please refer to CHANGELOG.md for details.

v8.0.7

Please refer to CHANGELOG.md for details.

v8.0.6

Please refer to CHANGELOG.md for details.

v8.0.5

Please refer to CHANGELOG.md for details.

v8.0.4

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.0.8 (2026-04-09)

Features

• update rolldown to 1.0.0-rc.15 (#22201) (6baf587)

Bug Fixes

• avoid dns.getDefaultResultOrder temporary (#22202) (15f1c15)
• ssr: class property keys hoisting matching imports (#22199) (e137601)

8.0.7 (2026-04-07)

Bug Fixes

• use sync dns.getDefaultResultOrder instead of dns.promises (#22185) (5c05b04)

8.0.6 (2026-04-07)

Features

• update rolldown to 1.0.0-rc.13 (#22097) (51d3e48)

Bug Fixes

• css: avoid mutating sass error multiple times (#22115) (d5081c2)
• optimize-deps: hoist CJS interop assignment (#22156) (17a8f9e)

Performance Improvements

• early return in getLocalhostAddressIfDiffersFromDNS when DNS order is verbatim (#22151) (56ec256)

Miscellaneous Chores

• create-vite:Description has been truncated

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.