chore(deps): bump the npm-minor-patch group in /frontend with 16 updates

[dependabot]

Bumps the npm-minor-patch group in /frontend with 16 updates:

Package	From	To
@tanstack/react-query	5.90.21	5.96.1
framer-motion	12.34.3	12.38.0
react-hook-form	7.71.2	7.72.0
react-resizable-panels	4.7.0	4.8.0
react-router-dom	7.13.1	7.13.2
recharts	3.7.0	3.8.1
@playwright/test	1.58.2	1.59.1
@tailwindcss/postcss	4.2.1	4.2.2
@types/node	25.3.3	25.5.0
@vitejs/plugin-react-swc	4.2.3	4.3.0
@vitest/coverage-v8	4.0.18	4.1.2
happy-dom	20.7.0	20.8.9
postcss	8.5.6	8.5.8
tailwindcss	4.2.1	4.2.2
typescript-eslint	8.56.1	8.58.0
vitest	4.0.18	4.1.2

Updates @tanstack/react-query from 5.90.21 to 5.96.1

Release notes

Sourced from @​tanstack/react-query's releases.

@​tanstack/react-query-devtools@​5.96.1

Patch Changes

• fix(build): exclude config files from production DTS rollup to prevent @types/node type pollution (#10358)

• Updated dependencies []:

  • @​tanstack/query-devtools@​5.96.1
  • @​tanstack/react-query@​5.96.1

@​tanstack/react-query-next-experimental@​5.96.1

Patch Changes

• Updated dependencies []:
  • @​tanstack/react-query@​5.96.1

@​tanstack/react-query-persist-client@​5.96.1

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-persist-client-core@​5.96.1
  • @​tanstack/react-query@​5.96.1

@​tanstack/react-query@​5.96.1

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.96.1

@​tanstack/react-query-devtools@​5.96.0

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.96.0
  • @​tanstack/react-query@​5.96.0

@​tanstack/react-query-next-experimental@​5.96.0

Patch Changes

• Updated dependencies []:
  • @​tanstack/react-query@​5.96.0

@​tanstack/react-query-persist-client@​5.96.0

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-persist-client-core@​5.96.0
  • @​tanstack/react-query@​5.96.0

@​tanstack/react-query@​5.96.0

Patch Changes

... (truncated)

Changelog

Sourced from @​tanstack/react-query's changelog.

5.96.1

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.96.1

5.96.0

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.96.0

5.95.2

Patch Changes

• Updated dependencies [cd5a35b]:
  • @​tanstack/query-core@​5.95.2

5.95.1

Patch Changes

• Updated dependencies [1f1775c]:
  • @​tanstack/query-core@​5.95.1

5.95.0

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.95.0

5.94.5

Patch Changes

• fix(*): resolve issue about excluded build directory (#10312)

• Updated dependencies [4b6536d]:

  • @​tanstack/query-core@​5.94.5

5.94.4

Patch Changes

• chore: fixed version (#10064)

... (truncated)

Commits

• 75052a7 ci: Version Packages (#10370)
• 73e783b ci: Version Packages (#10364)
• 14a97b7 test(react-query): replace 'import React' with 'import * as React' in 'usePre...
• fd8c068 test({react,preact}-query/useSuspenseQueries): merge redundant second 'descri...
• f168555 test({react,preact,solid}-query): move 'queryClient' and 'queryCache' to 'bef...
• afb5812 test({react,preact}-query/useSuspenseQueries): inline test helpers, remove sh...
• 9e1bb94 test(react-query/useSuspenseQueries): remove unnecessary 'act' wrapper from b...
• 55cee0a test({react,preact}-query/useSuspenseQueries): add test for not suspending bu...
• 7fc6e6a test({react,preact}-query/useSuspenseQueries): add test for not suspending bu...
• 1047cdc ci: Version Packages (#10326)
• Additional commits viewable in compare view

Updates framer-motion from 12.34.3 to 12.38.0

Changelog

Sourced from framer-motion's changelog.

[12.38.0] 2026-03-16

Added

• Added layoutAnchor prop to configure custom anchor point for resolving relative projection boxes.

Fixed

• Reorder: Fix axis switching after window resize.
• Reorder: Fix with virtualised lists.
• AnimatePresence: Ensure children are removed when exit animation matches current values.

[12.37.0] 2026-03-16

Added

• Support for hardware accelerating "start" and "end" offsets in scroll and useScroll.
• Support for oklch, oklab, lab, lch, color, color-mix, light-dark color types.

Fixed

• Fix whileInView with client-side navigation.
• Fix draggable elements when layout updates due to surrounding element re-renders.
• Improved memory pressure of layout animations.
• Ensure motion value returned from useSpring reports correct isAnimating().

[12.36.0] 2026-03-09

Added

• Allow dragSnapToOrigin to accept "x" or "y" for per-axis snapping.
• Added axis-locked layout animations with layout="x" and layout="y".
• Added skipInitialAnimation to useSpring.

Fixed

• Fixed height and width: auto animations with box-sizing: border-box.
• Reset component values when exit animation finishes.
• Ensure anticipate easing returns 1 at p === 1.
• Fix @emotion/is-prop-valid resolve error in Storybook.
• Remove data-pop-layout-id from exiting elements when animation interrupted.
• Ensure we skip WAAPI for non-animatable keyframes.
• Ensure we skip WAAPI for SVG transforms.
• Ensure MotionValue props are not passed to SVG.
• AnimatePresence: Prevent mode="wait" elements from getting stuck when switched rapidly.

[12.35.2] 2026-03-09

Fixed

... (truncated)

Commits

• 0bfc9fe v12.38.0
• 343cb0c Updating layoutAnchor
• ee99ad2 Updating changelog
• 062660b Updating changgelog
• 303da7d Updating readme
• b075adc Merge pull request #3647 from motiondivision/feat/layout-anchor
• f0991d6 Add missing layoutAnchor !== false guard in attemptToResolveRelativeTarget
• b5798e9 Merge pull request #3642 from motiondivision/worktree-fix-issue-3078
• 7686c19 Merge pull request #3636 from motiondivision/worktree-fix-issue-3061
• a95c487 Fix auto-scroll in reorder-virtualized test page
• Additional commits viewable in compare view

Updates react-hook-form from 7.71.2 to 7.72.0

Release notes

Sourced from react-hook-form's releases.

Version 7.72.0

⚓️ feat: built-in form level validate (#13195)

useForm({
  validate: async ({ formValues }: FormValidateResult) => {
    if (formValues.test1.length > formValues.test.length) {
      return {
        type: 'formError',
        message: 'something is wrong here',
      };
    }
if (formValues.test === 'test') {
  return 'direct error message';
}
return true;

},
});

🐞 fix: prevent useFieldArray from marking unrelated fields as dirty (#13299) 🐞 fix #13300 checkbox form validation ignored with native validation (#13310) 🌉 allow subscribe formState to track submit state (#13319)

thanks to @​WiXSL, @​BrendanC23 & @​6810779s

Commits

• 1fecf73 7.72.0
• f5373fe 🌉 allow subscribe formState to track submit state (#13319)
• f5deec5 📖 chore: update issue template CodeSandbox links (#13315)
• 3f4d0f3 🐞 fix #13300 checkbox form valdiation ignored with native valdiation (#13310)
• 2e8f081 🐞 fix: prevent useFieldArray from marking unrelated fields as dirty (#13299)
• 6067c3f ⚓️ feat: build-in form level validate (#13195)
• See full diff in compare view

Updates react-resizable-panels from 4.7.0 to 4.8.0

Release notes

Sourced from react-resizable-panels's releases.

4.8.0

• 699: useDefaultLayout hook automatically migrates legacy layouts to version 4 format; see issue 605 or PR 699 for details on how this works.

4.7.6

• 698: Replace Panel aria-disabled attribute with data-disabled

4.7.5

• 696: Improved server rendering support for defaultSize prop

4.7.4

• 689: Fix edge case bug with pointer event capture

4.7.3

• 690: Imperative Panel API supports non-percentage sizes

4.7.2

• 683: Don't scroll separator when setting focus

4.7.1

• 678: Change default overflow styles to support shadows

Changelog

Sourced from react-resizable-panels's changelog.

4.8.0

• 699: useDefaultLayout hook automatically migrates legacy layouts to version 4 format; see issue 605 for details on how this works.

4.7.6

• 698: Replace Panel aria-disabled attribute with data-disabled

4.7.5

• 696: Improved server rendering support for defaultSize prop

4.7.4

• 689: Fix edge case bug with pointer event capture

4.7.3

• 690: Imperative Panel API supports non-percentage sizes

4.7.2

• 683: Don't scroll separator when setting focus

4.7.1

• 678: Change default overflow styles to support shadows

Commits

• 1e299c3 4.7.6 -> 4.8.0
• 09bec23 Import version 3 saved layouts in version 4 (#699)
• 1adf716 Update CONTRIBUTING.md
• bf4f8c6 4.7.5 -> 4.7.6
• d7e4d97 Replace Panel aria-disabled attribute with data-disabled (#698)
• ebf443d Upgrade react-lib-tools
• 225be97 Upgrade react-lib-tools
• 57bf680 Tweaked defaultSize warning wording
• 6e41d82 4.7.4 -> 4.7.5
• 5941ff3 Improved server rendering support for defaultSize prop (#696)
• Additional commits viewable in compare view

Updates react-router-dom from 7.13.1 to 7.13.2

Changelog

Sourced from react-router-dom's changelog.

7.13.2

Patch Changes

• Updated dependencies:
  • react-router@7.13.2

Commits

• aadb56f chore: Update version for release (#14908)
• c68a9b3 chore: Update version for release (pre) (#14893)
• See full diff in compare view

Updates recharts from 3.7.0 to 3.8.1

Release notes

Sourced from recharts's releases.

v3.8.1

What's Changed

Bugfixes!

• fix(z-index): prevent elements from disappearing during dynamic zIndex transitions by @​VIDHITTS in recharts/recharts#7006
• fix: prevent tooltip flicker in syncMethod="value" with mismatched data arrays by @​roy7 in recharts/recharts#7020
• docs: add missing SVG props documentation to PolarGrid #3400 by @​ramanverse in recharts/recharts#6987
• fix: add cursor prop type to BaseChartProps by @​mixelburg in recharts/recharts#7065
• fix: restore arrow key navigation when active index is outside zoomed… by @​AbishekRaj2007 in recharts/recharts#7086
• Add test for ticks spacing by @​VIDHITTS in recharts/recharts#7082
• fix(Pie): skip minAngle redistribution when no segment needs it by @​Harikrushn9118 in recharts/recharts#7097
• fix(DefaultLegendContent): use entry.value for aria-label when formatter returns React element by @​mixelburg in recharts/recharts#7109
• fix(PolarRadiusAxis): update ticks prop type by @​PavelVanecek in recharts/recharts#7112
• fix: PieChart double padding gap when a data item has value 0 by @​Copilot in recharts/recharts#7113
• Add boxplot example by @​PavelVanecek in recharts/recharts#7130
• [fix] Update ticks calculator and domain extension by @​PavelVanecek in recharts/recharts#7146
• fix: guard against non-function d3-scale exports in getD3ScaleFromType by @​tdebarochez in recharts/recharts#7123
• fix: stackOffset expand should not override numerical XAxis domain by @​SeaL773 in recharts/recharts#7152
• fix: resolve keyboard navigation and tooltip issues for Pie charts (#6921) by @​olagokemills in recharts/recharts#7140
• fix(Tooltip): prevent crash on sparse or undefined payload entries by @​Om-Mishra09 in recharts/recharts#7149
• fix(RechartsWrapper): prevent ResizeObserver memory leak on ref update by @​Om-Mishra09 in recharts/recharts#7161

New Contributors

• @​AbishekRaj2007 made their first contribution in recharts/recharts#7086
• @​tdebarochez made their first contribution in recharts/recharts#7123
• @​SeaL773 made their first contribution in recharts/recharts#7152
• @​olagokemills made their first contribution in recharts/recharts#7140

Full Changelog: recharts/recharts@v3.8.0...v3.8.1

v3.8.0

What's Changed

We added generics to our data and dataKey props and now you can have your charts validated by TypeScript. See the full guide here: https://recharts.github.io/en-US/guide/typescript/

We are releasing new helper functions and hooks that will allow you to precisely target mouse interactions, and convert coordinates. See the guide here: https://recharts.github.io/en-US/guide/coordinateSystems/

And new functions and hooks:

getRelativeCoordinate - converts mouse events to pixel positions

Convert Data → Pixels:

useXAxisScale - returns a function to convert X data values to pixel positions useYAxisScale - returns a function to convert Y data values to pixel positions useCartesianScale - convenience hook for converting both at once

Pixels → Data:

... (truncated)

Commits

• 5b10788 chore(deps-dev): bump diff from 8.0.3 to 8.0.4 (#7156)
• 222396f chore(deps): bump react-router-dom from 7.13.1 to 7.13.2 (#7164)
• c2642da chore(deps-dev): bump typescript-eslint from 8.57.1 to 8.57.2 (#7166)
• b186929 fix(RechartsWrapper): prevent ResizeObserver memory leak on ref update (#7161)
• 738f71f fix(Tooltip): prevent crash on sparse or undefined payload entries (#7149)
• 00daf0b chore(deps-dev): bump rollup from 4.59.0 to 4.60.0 (#7158)
• eba4f2a chore(deps-dev): bump marked from 17.0.4 to 17.0.5 (#7157)
• 201d060 fix: resolve keyboard navigation and tooltip issues for Pie charts (#6921) (#...
• 670d092 chore(deps-dev): bump flatted from 3.3.3 to 3.4.2 (#7150)
• 86ca8de fix: stackOffset expand should not override numerical XAxis domain (#7152)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by corkscreewe, a new releaser for recharts since your current version.

Updates @playwright/test from 1.58.2 to 1.59.1

Release notes

Sourced from @​playwright/test's releases.

v1.59.1

Bug Fixes

• [Windows] Reverted hiding console window when spawning browser processes, which caused regressions including broken codegen, --ui and show commands (#39990)

v1.59.0

🎬 Screencast

New page.screencast API provides a unified interface for capturing page content with:

• Screencast recordings
• Action annotations
• Visual overlays
• Real-time frame capture
• Agentic video receipts

Screencast recording — record video with precise start/stop control, as an alternative to the recordVideo option:

await page.screencast.start({ path: 'video.webm' });
// ... perform actions ...
await page.screencast.stop();

Action annotations — enable built-in visual annotations that highlight interacted elements and display action titles during recording:

await page.screencast.showActions({ position: 'top-right' });

screencast.showActions() accepts position ('top-left', 'top', 'top-right', 'bottom-left', 'bottom', 'bottom-right'), duration (ms per annotation), and fontSize (px). Returns a disposable to stop showing actions.

Action annotations can also be enabled in test fixtures via the video option:

// playwright.config.ts
export default defineConfig({
  use: {
    video: {
      mode: 'on',
      show: {
        actions: { position: 'top-left' },
        test: { position: 'top-right' },
      },
</tr></table> 

... (truncated)

Commits

• d466ac5 chore: mark v1.59.1 (#40005)
• 530e7e5 cherry-pick(#4004): fix(cli): kill-all should kill dashboard
• 9aa216c cherry-pick(#39994): Revert "fix(windows): hide console window when spawning ...
• 01b2b15 cherry-pick(#39980): chore: more release notes fixes
• a5cb6c9 cherry-pick(#39972): chore: expose browser.bind and browser.unbind APIs
• 99a17b5 cherry-pick(#39975): chore: support opening .trace files via .link indirection
• 43607c3 cherry-pick(#39974): chore(webkit): update Safari user-agent version to 26.4
• 62cabe1 cherry-pick(#39969): chore(npm): include all *.md from lib (#39970)
• 0c65a75 cherry-pick(#39968): chore: screencast.showActions api
• f04155b cherry-pick(#39958): chore: release notes for langs v1.59
• Additional commits viewable in compare view

Updates @tailwindcss/postcss from 4.2.1 to 4.2.2

Release notes

Sourced from @​tailwindcss/postcss's releases.

v4.2.2

Added

• Support Vite 8 in @tailwindcss/vite (#19790)

Fixed

• Don't crash when candidates contain prototype properties like row-constructor (#19725)
• Canonicalize calc(var(--spacing)*…) expressions into --spacing(…) (#19769)
• Fix crash in canonicalization step when handling utilities containing @property at-rules (e.g. shadow-sm border) (#19727)
• Skip full reload for server only modules scanned by client CSS when using @tailwindcss/vite (#19745)
• Improve canonicalization for bare values exceeding default spacing scale suggestions (e.g. w-1234 h-1234 → size-1234) (#19809)
• Fix canonicalization resulting in empty list (e.g. w-5 h-5 size-5 → '' instead of size-5) (#19812)

Changelog

Sourced from @​tailwindcss/postcss's changelog.

[4.2.2] - 2026-03-18

Fixed

• Don't crash when candidates contain prototype properties like row-constructor (#19725)
• Canonicalize calc(var(--spacing)*…) expressions into --spacing(…) (#19769)
• Fix crash in canonicalization step when handling utilities containing @property at-rules (e.g. shadow-sm border) (#19727)
• Skip full reload for server only modules scanned by client CSS when using @tailwindcss/vite (#19745)
• Add support for Vite 8 in @tailwindcss/vite (#19790)
• Improve canonicalization for bare values exceeding default spacing scale suggestions (e.g. w-1234 h-1234 → size-1234) (#19809)
• Fix canonicalization resulting in empty list (e.g. w-5 h-5 size-5 → '' instead of size-5) (#19812)
• Resolve tsconfig paths to allow for @import '@/path/to/file'; when using @tailwindcss/vite (#19803)

Commits

• d596b0c 4.2.2 (#19821)
• faa5e88 Cleanup inconsistencies related to (regex) escapes (#19804)
• See full diff in compare view

Updates @types/node from 25.3.3 to 25.5.0

Commits

• See full diff in compare view

Updates @vitejs/plugin-react-swc from 4.2.3 to 4.3.0

Release notes

Sourced from @​vitejs/plugin-react-swc's releases.

plugin-react-swc@4.3.0

Add Vite 8 to peerDependencies range #1142

This plugin is compatible with Vite 8.

Changelog

Sourced from @​vitejs/plugin-react-swc's changelog.

4.3.0 (2026-03-12)

Add Vite 8 to peerDependencies range #1142

This plugin is compatible with Vite 8.

Commits

• See full diff in compare view

Updates @vitest/coverage-v8 from 4.0.18 to 4.1.2

Release notes

Sourced from @​vitest/coverage-v8's releases.

v4.1.2

This release bumps Vitest's flatted version and removes version pinning to resolve flatted's CVE related issues (vitest-dev/vitest#9975).

   🐞 Bug Fixes

• Don't resolve setupFiles from parent directory  -  by @​hi-ogawa in vitest-dev/vitest#9960 (7aa93)
• Ensure sequential mock/unmock resolution  -  by @​hi-ogawa and Claude Opus 4.6 in vitest-dev/vitest#9830 (7c065)
• browser: Take failure screenshot if toMatchScreenshot can't capture a stable screenshot  -  by @​macarie in vitest-dev/vitest#9847 (faace)
• coverage: Correct coverageConfigDefaults values and types  -  by @​Arthie in vitest-dev/vitest#9940 (b3c99)
• pretty-format: Fix output limit over counting  -  by @​hi-ogawa in vitest-dev/vitest#9965 (d3b7a)
• Disable colors if agent is detected  -  by @​sheremet-va and @​AriPerkkio in vitest-dev/vitest#9851 (6f97b)

    View changes on GitHub

v4.1.1

   🚀 Features

• experimental:
  • Expose matchesTags to test if the current filter matches tags  -  by @​sheremet-va in vitest-dev/vitest#9913 (eec53)
  • Introduce experimental.vcsProvider  -  by @​sheremet-va in vitest-dev/vitest#9928 (56115)

   🐞 Bug Fixes

• Mark TestProject.testFilesList internal properly  -  by @​sapphi-red in vitest-dev/vitest#9867 (54f26)
• Detect fixture that returns without calling use  -  by @​oilater in vitest-dev/vitest#9831 and vitest-dev/vitest#9861 (633ae)
• Drop vite 8.beta support  -  by @​AriPerkkio in vitest-dev/vitest#9862 (b78f5)
• Type regression in vi.mocked() static class methods  -  by @​purepear and @​hi-ogawa in vitest-dev/vitest#9857 (90926)
• Properly re-evaluate actual modules of mocked external  -  by @​hi-ogawa in vitest-dev/vitest#9898 (ae5ec)
• Preserve coverage report when html reporter overlaps  -  by @​hi-ogawa in vitest-dev/vitest#9889 (2d81a)
• Provide vi.advanceTimers to the preview provider  -  by @​sheremet-va in vitest-dev/vitest#9891 (1bc3e)
• Don't leak event listener in playwright provider  -  by @​sheremet-va in vitest-dev/vitest#9910 (d9355)
• Open browser in --standalone mode without running tests  -  by @​sheremet-va in vitest-dev/vitest#9911 (e78ad)
• Guard disposable and optional body  -  by @​sheremet-va in vitest-dev/vitest#9912 (6fdb2)
• Resolve retry.condition RegExp serialization issue  -  by @​nstepien and @​hi-ogawa in vitest-dev/vitest#9942 (7b605)
• collect:
  • Don't treat extra props on test return as tests  -  by @​sheremet-va in vitest-dev/vitest#9871 (141e7)
• coverage:
  • Simplify provider types  -  by @​AriPerkkio in vitest-dev/vitest#9931 (aaf9f)
  • Load built-in provider without module runner  -  by @​AriPerkkio in vitest-dev/vitest#9939 (bf892)
• expect:
  • Soft assertions continue after .resolves/.rejects promise errors  -  by @​mixelburg, Maks Pikov, Claude Opus 4.6 (1M context) and @​hi-ogawa in vitest-dev/vitest#9843 (6d74b)
  • Fix sinon-chai style API  -  by @​hi-ogawa in vitest-dev/vitest#9943 (0f08d)
• pretty-format:
  • Limit output for large object  -  by @​hi-ogawa and Claude Opus 4.6 (1M context) in vitest-dev/vitest#9949 (0d5f9)

    View changes on GitHub

v4.1.0

Vitest 4.1 is out!

... (truncated)

Commits

• fc6f482 chore: release v4.1.2
• 1f2d318 chore: release v4.1.1
• aaf9f18 fix(coverage): simplify provider types (#9931)
• 4150b91 chore: release v4.1.0
• 0c2c013 chore: release v4.1.0-beta.6
• 689a22a fix(browser): types of getCDPSession and cdp() (#9716)
• 94eb73b chore(deps): update eslint packages (#9615)
• 8c96bb0 refator: update links to npmx (#9783)
• aaf7758 chore: standardize packages README (#9776)
• 57cbe39 chore(deps): update ast-v8-to-istanbul to v1 (#9755)
• Additional commits viewable in compare view

Updates happy-dom from 20.7.0 to 20.8.9

Release notes

Sourced from happy-dom's releases.

v20.8.9

👷‍♂️ Patch fixes

• Fixes issue where cookies from the current origin was being forwarded to the target origin in fetch requests - By @​capricorn86 in task #2117
  • A security advisory (GHSA-w4gp-fjgq-3q4g) was reported for this security vulnerability. Big thanks to @​r74tech for reporting this!

v20.8.8

👷‍♂️ Patch fixes

• Fixes issue where export names can be interpolated as executable code in ESM - By @​capricorn86 in task #2113
  • A security advisory (GHSA-6q6h-j7hj-3r64) has been reported that shows a security vulnerability where it may be possible to escape the VM context and get access to process level functionality in unsafe environments using CommonJS. Big thanks to @​tndud042713 for reporting this!

v20.8.7

👷‍♂️ Patch fixes

• Replace implementing Node.js Console with common IConsole interface to support latest version of Bun - By @​YevheniiKotyrlo in task #1845

v20.8.6

👷‍♂️ Patch fixes

• Request.formData() should honor "Content-Type" header - By @​brianhelba in task #2106

v20.8.5

👷‍♂️ Patch fixes

• Fixes error thrown when modifying DOM structure in connectedCallback() - By @​capricorn86 in task #2110

v20.8.4

👷‍♂️ Patch fixes

• Replace ConsoleConstructor import with indexed access type - By @​YevheniiKotyrlo in task #1845

v20.8.3

👷‍♂️ Patch fixes

• Throw error if event is not of type Event in EventTarget.dispatchEvent() - By @​capricorn86 in task #2054

v20.8.2

👷‍♂️ Patch fixes

• Resets Event.cancelBubble and Event.defaultPrevented when calling Event.initEvent() - By @​capricorn86 in task #2090

v20.8.1

👷‍♂️ Patch fixes

• Make "inert" attribute block focus interactions - By @​coffeeandwork in task #1422

v20.8.0

🎨 Features

• Adds support for setPointerCapture, hasPointerCapture, and releasePointerCapture to Element - By @​coffeeandwork in task #1733

v20.7.2

👷‍♂️ Patch fixes

• Properly decode CSS escape sequences in attribute selector values - By @​silverwind

v20.7.1

👷‍♂️ Patch fixes

• Fixes issue related to parsing direct descendants (>) and universal (*) query selectors - By @​Cherry in task #2078

Commits

• 68324c2 fix: #2117 Fixes issue related to cookies from the current origin being for...
• 5437fdf fix: #2113 Fixes issue where export names can be interpolated as executable...
• 7e97acb f...

  Description has been truncated

  Greptile Summary

  This is a routine automated dependency bump from Dependabot, updating 16 packages in the /frontend directory with minor and patch version increments. All updates are low-risk; notably, happy-dom (20.7.0 → 20.8.9) addresses two security advisories (GHSA-w4gp-fjgq-3q4g: cross-origin cookie leakage, and GHSA-6q6h-j7hj-3r64: ESM VM escape in CommonJS), and @vitest/coverage-v8 (4.0.18 → 4.1.2) resolves a flatted CVE. Merging this PR is encouraged to bring in those security patches.

  Key changes:

  • Security patches: happy-dom fixes two CVEs (cross-origin cookie forwarding and ESM code injection); @vitest/coverage-v8 removes a pinned vulnerable flatted version.
  • New features available: react-hook-form 7.72.0 adds built-in form-level validation; react-resizable-panels 4.8.0 adds useDefaultLayout with legacy-layout migration; framer-motion 12.38.0 adds layoutAnchor, axis-locked layout animations, and several AnimatePresence fixes.
  • Test tooling: @playwright/test 1.59.1 fixes a Windows regression from 1.59.0 (broken codegen/--ui commands).
  • Minor inconsistency: vitest in package.json was not bumped from ^4.0.18 to ^4.1.2 to match @vitest/coverage-v8; the lockfile compensates, but it is worth aligning the minimum version.

  Confidence Score: 5/5

  Safe to merge — all updates are minor/patch bumps with no breaking changes; security fixes in happy-dom and vitest coverage make this actively beneficial.

  The sole finding is a P2 style inconsistency (vitest minimum version in package.json not bumped to match the lockfile resolution). The lockfile correctly pins both packages to 4.1.2, so there is no functional impact. Security patches and no breaking changes in the upgrade set justify a confident merge recommendation.

  No files require special attention; the only note is the vitest version constraint in frontend/package.json line 102.

  Important Files Changed

  Filename	Overview
  frontend/package.json	16 dependency version bumps; vitest minimum version not updated in package.json (stays at ^4.0.18) while @vitest/coverage-v8 is bumped to ^4.1.2, creating a minor inconsistency.
  frontend/package-lock.json	Lockfile correctly resolves all bumped packages including vitest@4.1.2, tailwindcss@4.2.2, and happy-dom@20.8.9 with its security patches.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[Dependabot PR - 16 npm bumps] --> B{Category}
    B --> C[Runtime deps]
    B --> D[Dev/Test deps]
    C --> C1["@tanstack/react-query 5.96.1\nframer-motion 12.38.0\nreact-hook-form 7.72.0\nreact-resizable-panels 4.8.0\nreact-router-dom 7.13.2\nrecharts 3.8.1"]
    D --> D1["@playwright/test 1.59.1\n@tailwindcss/postcss 4.2.2\n@types/node 25.5.0\n@vitejs/plugin-react-swc 4.3.0\npostcss 8.5.8\ntailwindcss 4.2.2\ntypescript-eslint 8.58.0\nvitest 4.1.2 (lockfile only)"]
    D --> D2["⚠️ Security patches\nhappy-dom 20.8.9 - 2 CVEs fixed\n@vitest/coverage-v8 4.1.2 - flatted CVE"]
    style D2 fill:#f96,color:#000

Loading

Prompt To Fix All With AI

This is a comment left during a code review.
Path: frontend/package.json
Line: 102

Comment:
**`vitest` minimum version not bumped alongside `@vitest/coverage-v8`**

The PR description lists `vitest` as being bumped from `4.0.18` to `4.1.2`, and `@vitest/coverage-v8` was correctly updated to `^4.1.2` — but `vitest` itself still reads `^4.0.18` in `package.json`. The lockfile resolves both to `4.1.2` so there is no functional breakage, but a fresh `npm install` without the lockfile could legitimately install any `4.x` release from `4.0.18` onwards and create a version mismatch between `vitest` and `@vitest/coverage-v8`.

```suggestion
    "vitest": "^4.1.2"
```

How can I resolve this? If you propose a fix, please make it concise.

_{Reviews (1): Last reviewed commit: "chore(deps): bump the npm-minor-patch gr..." | Re-trigger Greptile}

Greptile also left 1 inline comment on this PR.

[greptile-apps]

vitest minimum version not bumped alongside @vitest/coverage-v8

The PR description lists vitest as being bumped from 4.0.18 to 4.1.2, and @vitest/coverage-v8 was correctly updated to ^4.1.2 — but vitest itself still reads ^4.0.18 in package.json. The lockfile resolves both to 4.1.2 so there is no functional breakage, but a fresh npm install without the lockfile could legitimately install any 4.x release from 4.0.18 onwards and create a version mismatch between vitest and @vitest/coverage-v8.

Suggested change

	}
	"vitest": "^4.1.2"

Prompt To Fix With AI

This is a comment left during a code review.
Path: frontend/package.json
Line: 102

Comment:
**`vitest` minimum version not bumped alongside `@vitest/coverage-v8`**

The PR description lists `vitest` as being bumped from `4.0.18` to `4.1.2`, and `@vitest/coverage-v8` was correctly updated to `^4.1.2` — but `vitest` itself still reads `^4.0.18` in `package.json`. The lockfile resolves both to `4.1.2` so there is no functional breakage, but a fresh `npm install` without the lockfile could legitimately install any `4.x` release from `4.0.18` onwards and create a version mismatch between `vitest` and `@vitest/coverage-v8`.

```suggestion
    "vitest": "^4.1.2"
```

How can I resolve this? If you propose a fix, please make it concise.