fix(deps): update all non-major dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
@rollup/rollup-darwin-arm64 (source)	4.55.1 → 4.60.1
@sentry/browser (source)	8.55.0 → 8.55.1
@sentry/node (source)	8.55.0 → 8.55.1
@tanstack/react-query (source)	5.90.17 → 5.96.2
@tanstack/react-query-devtools (source)	5.91.2 → 5.96.2
@types/lodash (source)	4.17.23 → 4.17.24
@types/node (source)	22.19.7 → 22.19.17
@types/react (source)	19.2.8 → 19.2.14
axios (source)	1.13.5 → 1.14.0
cypress (source)	15.9.0 → 15.13.0
i18next-browser-languagedetector	8.2.0 → 8.2.1
i18next-fs-backend	2.6.1 → 2.6.3
i18next-http-backend	3.0.2 → 3.0.4
nodemon (source)	3.1.11 → 3.1.14
pg (source)	8.17.1 → 8.20.0
prettier (source)	3.8.0 → 3.8.1
qs	6.14.2 → 6.15.0
react (source)	19.2.3 → 19.2.4
react-dom (source)	19.2.3 → 19.2.4
react-router (source)	7.12.0 → 7.14.0
react-router-dom (source)	7.12.0 → 7.14.0
react-to-print	3.2.0 → 3.3.0
rimraf	6.1.2 → 6.1.3
winston-loki	6.1.3 → 6.1.4

---

Release Notes

rollup/rollup (@​rollup/rollup-darwin-arm64)

v4.60.1

Compare Source

2026-03-30

Bug Fixes

• Resolve a situation where side effect imports could be dropped due to a caching issue (#​6286)

Pull Requests

• #​6286: fix: skip dropping side-effects on namespaceReexportsByName cache hit (#​6274) (@​littlegrayss, @​TrickyPi)
• #​6317: chore(deps): pin dependencies (@​renovate[bot], @​lukastaegert)
• #​6318: chore(deps): update msys2/setup-msys2 digest to cafece8 (@​renovate[bot], @​lukastaegert)
• #​6319: chore(deps): update minor/patch updates (@​renovate[bot], @​lukastaegert)
• #​6320: chore(deps): pin dependency typescript to v5 (@​renovate[bot], @​lukastaegert)
• #​6321: chore(deps): update openharmony-rs/setup-ohos-sdk action to v1 (@​renovate[bot], @​lukastaegert)
• #​6322: fix(deps): update swc monorepo (major) (@​renovate[bot], @​lukastaegert)
• #​6323: chore(deps): lock file maintenance (@​renovate[bot])
• #​6324: chore(deps): lock file maintenance (@​renovate[bot], @​lukastaegert)

v4.60.0

Compare Source

2026-03-22

Features

• Support source phase imports as long as they are external (#​6279)

Pull Requests

• #​6279: feat: external only Source Phase imports support (@​guybedford, @​lukastaegert)

v4.59.1

Compare Source

2026-03-21

Bug Fixes

• Fix a crash when using lazy dynamic imports with moduleSideEffects:false (#​6306)

Pull Requests

• #​6281: fix(deps): update minor/patch updates (@​renovate[bot], @​lukastaegert)
• #​6282: chore(deps): update github artifact actions (major) (@​renovate[bot], @​lukastaegert)
• #​6283: chore(deps): update dependency nyc to v18 (@​renovate[bot], @​lukastaegert)
• #​6284: fix(deps): update swc monorepo (major) (@​renovate[bot])
• #​6285: chore(deps): lock file maintenance (@​renovate[bot])
• #​6290: chore(deps): update minor/patch updates (@​renovate[bot], @​lukastaegert)
• #​6291: chore(deps): update dependency @​shikijs/vitepress-twoslash to v4 (@​renovate[bot])
• #​6292: chore(deps): lock file maintenance (@​renovate[bot])
• #​6297: chore(deps): update minor/patch updates (@​renovate[bot])
• #​6298: chore(deps): lock file maintenance (@​renovate[bot])
• #​6299: chore(deps): lock file maintenance (@​renovate[bot])
• #​6300: docs: update packagephobia link (@​bluwy)
• #​6301: chore(deps): update dependency lint-staged to ^16.3.3 (@​renovate[bot])
• #​6306: fix: fix chunk assignment for deoptimized module with dynamic import (@​JoaoBrlt, @​lukastaegert)
• #​6307: chore(deps): update minor/patch updates (@​renovate[bot])
• #​6308: chore(deps): update dependency lru-cache to v11 (@​renovate[bot])
• #​6309: chore(deps): update dependency vite to v8 (@​renovate[bot])
• #​6310: chore(deps): lock file maintenance (@​renovate[bot])
• #​6311: chore(deps): lock file maintenance (@​renovate[bot])
• #​6312: chore(deps): lock file maintenance (@​renovate[bot])

v4.59.0

Compare Source

2026-02-22

Features

• Throw when the generated bundle contains paths that would leave the output directory (#​6276)

Pull Requests

• #​6275: Validate bundle stays within output dir (@​lukastaegert)

v4.58.0

Compare Source

2026-02-20

Features

• Also support __NO_SIDE_EFFECTS__ annotation before variable declarations declaring function expressions (#​6272)

Pull Requests

• #​6256: docs: document PreRenderedChunk properties including isDynamicEntry and isImplicitEntry (@​njg7194, @​lukastaegert)
• #​6259: docs: Correct typo and improve sentence structure in docs for output.experimentalMinChunkSize (@​millerick, @​lukastaegert)
• #​6260: fix(deps): update rust crate swc_compiler_base to v47 (@​renovate[bot], @​lukastaegert)
• #​6261: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #​6262: Avoid unnecessary cloning of the code string (@​lukastaegert)
• #​6263: fix(deps): update minor/patch updates (@​renovate[bot], @​lukastaegert)
• #​6265: chore(deps): lock file maintenance (@​renovate[bot])
• #​6267: fix(deps): update minor/patch updates (@​renovate[bot])
• #​6268: chore(deps): update dependency eslint-plugin-unicorn to v63 (@​renovate[bot], @​lukastaegert)
• #​6269: chore(deps): update dependency lru-cache to v11 (@​renovate[bot])
• #​6270: chore(deps): lock file maintenance (@​renovate[bot])
• #​6272: forward NO_SIDE_EFFECTS annotations to function expressions in variable declarations (@​lukastaegert)

v4.57.1

Compare Source

2026-01-30

Bug Fixes

• Fix heap corruption issue in Windows (#​6251)
• Ensure exports of a dynamic import are fully included when called from a try...catch (#​6254)

Pull Requests

• #​6251: fix: Isolate and cache process.report.getReport() calls in a child process for robust environment detection (@​alan-agius4, @​lukastaegert)
• #​6252: chore(deps): update dependency lru-cache to v11 (@​renovate[bot])
• #​6253: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #​6254: Fully include dynamic imports in a try-catch (@​lukastaegert)
• #​6255: chore(deps): lock file maintenance (@​renovate[bot])

v4.57.0

Compare Source

2026-01-27

Features

• Add import attributes to all plugin hooks that did not provide them yet (#​5700)
• Deprecate returning import attributes from load or transform hooks as that will no longer be supported with rollup 5 (#​5700)

Pull Requests

• #​5700: extend more hooks to include import attributes and add warnings (@​TrickyPi, @​lukastaegert)
• #​6243: fix(deps): update swc monorepo (major) (@​renovate[bot], @​lukastaegert)
• #​6244: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #​6245: chore(deps): lock file maintenance (@​renovate[bot])
• #​6246: Refactor to reduce Rollup 5 upgrade diff (@​lukastaegert)

v4.56.0

Compare Source

2026-01-22

Features

• Track object property inclusions of dynamic namespace members (#​6230)

Bug Fixes

• Handle methods that access dynamically imported namespace members via this (#​6230)

Pull Requests

• #​6230: Refine namespace handling (@​lukastaegert)

v4.55.3

Compare Source

2026-01-21

Bug Fixes

• Fix JSX semicolon insert position in variable declarations (#​6241)

Pull Requests

• #​6241: Fix JSX semicolon insertion (@​lukastaegert)

v4.55.2

Compare Source

2026-01-19

Bug Fixes

• Sort manual chunks by execution order to reduce circular dependency issues (#​6240)

Pull Requests

• #​6234: chore(deps): pin cross-platform-actions/action action to 492b0c8 (@​renovate[bot])
• #​6235: chore(deps): update dependency globals to v17 (@​renovate[bot], @​lukastaegert)
• #​6236: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #​6237: chore(deps): lock file maintenance (@​renovate[bot])
• #​6239: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #​6240: Sort manual chunks by module execution order (@​TrickyPi)

getsentry/sentry-javascript (@​sentry/browser)

v8.55.1

Compare Source

• fix(v8/browser): Ensure that performance.measure spans have a positive duration (#​19959)
• fix(v8/core): Filter gmo error and Facebook mobile error (#​15447)

TanStack/query (@​tanstack/react-query)

v5.96.2

Compare Source

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.96.2

v5.96.1

Compare Source

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.96.1

v5.96.0

Compare Source

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.96.0

v5.95.2

Compare Source

Patch Changes

• Updated dependencies [cd5a35b]:
  • @​tanstack/query-core@​5.95.2

v5.95.1

Compare Source

Patch Changes

• Updated dependencies [1f1775c]:
  • @​tanstack/query-core@​5.95.1

v5.95.0

Compare Source

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.95.0

v5.94.5

Compare Source

Patch Changes

• fix(*): resolve issue about excluded build directory (#​10312)

• Updated dependencies [4b6536d]:

  • @​tanstack/query-core@​5.94.5

v5.94.4

Compare Source

Patch Changes

• chore: fixed version (#​10064)

• Updated dependencies [4c75210]:

  • @​tanstack/query-core@​5.94.4

v5.91.3

Compare Source

Patch Changes

• fix: stop node types from leaking into browser (#​10302)

v5.91.2

Compare Source

Patch Changes

• fix(streamedQuery): maintain error state on reset refetch with initialData defined (#​10287)

• Updated dependencies [248975e]:

  • @​tanstack/query-core@​5.91.2

v5.91.0

Compare Source

Minor Changes

• feat: environmentManager (#​10199)

Patch Changes

• Updated dependencies [6fa901b]:
  • @​tanstack/query-core@​5.91.0

v5.90.21

Compare Source

Patch Changes

• refactor(react-query/useQueries): remove unreachable 'willFetch' branch in suspense promise collection (#​10082)

v5.90.20

Compare Source

Patch Changes

• Updated dependencies [e7258c5]:
  • @​tanstack/query-core@​5.90.20

v5.90.19

Compare Source

Patch Changes

• Updated dependencies [53fc74e]:
  • @​tanstack/query-core@​5.90.19

v5.90.18

Compare Source

Patch Changes

• Updated dependencies [dea1614]:
  • @​tanstack/query-core@​5.90.18

TanStack/query (@​tanstack/react-query-devtools)

v5.96.2

Compare Source

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.96.2
  • @​tanstack/react-query@​5.96.2

v5.96.1

Compare Source

Patch Changes

• fix(build): exclude config files from production DTS rollup to prevent @types/node type pollution (#​10358)

• Updated dependencies []:

  • @​tanstack/query-devtools@​5.96.1
  • @​tanstack/react-query@​5.96.1

v5.96.0

Compare Source

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.96.0
  • @​tanstack/react-query@​5.96.0

v5.95.2

Compare Source

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.95.2
  • @​tanstack/react-query@​5.95.2

v5.95.1

Compare Source

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.95.1
  • @​tanstack/react-query@​5.95.1

v5.95.0

Compare Source

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.95.0
  • @​tanstack/react-query@​5.95.0

v5.94.5

Patch Changes

• fix(*): resolve issue about excluded build directory (#​10312)

• Updated dependencies [4b6536d]:

  • @​tanstack/query-devtools@​5.94.5
  • @​tanstack/react-query@​5.94.5

v5.94.4

Patch Changes

• chore: fixed version (#​10064)

• Updated dependencies [4c75210]:

  • @​tanstack/query-devtools@​5.94.4
  • @​tanstack/react-query@​5.94.4

v5.91.3

Compare Source

Patch Changes

• Updated dependencies [83366c4]:
  • @​tanstack/query-devtools@​5.93.0

axios/axios (axios)

v1.14.0

Compare Source

v1.13.6

Compare Source

This release focuses on platform compatibility, error handling improvements, and code quality maintenance.

⚠️ Important Changes

• Breaking Changes: None identified in this release.
• Action Required: Users targeting React Native should verify their integration, particularly if relying on specific Blob or FormData behaviours, as improvements have been made to support these objects.

🚀 New Features

• React Native Blob Support: Axios now includes support for React Native Blob objects. Thanks to @​moh3n9595 for the initial implementation. (#​5764)
• Code Quality: Implemented prettier across the codebase and resolved associated formatting issues. (#​7385)

🐛 Bug Fixes

• Environment Compatibility:

  • Fixed module exports for React Native and Browserify environments. (#​7386)
  • Added safe FormData detection for the WeChat Mini Program environment. (#​7324)

• Error Handling:

  • AxiosError.message is now correctly enumerable. (#​7392)
  • AxiosError.from now correctly copies the status property from the source error, ensuring better error propagation. (#​7403)

🔧 Maintenance & Chores

• Dependencies: Updated the development_dependencies group (5 updates). (#​7432)
• Infrastructure: Migrated @​rollup/plugin-babel from v5.3.1 to v6.1.0. (#​7424)
• Documentation: Added missing JSDoc comments to utilities. (#​7427)

🌟 New Contributors

We are thrilled to welcome our new contributors! Thank you for helping improve the project:

• @​Gudahtt (#​7386)
• @​ybbus (#​7392)
• @​Shiwaangee (#​7324)
• @​skrtheboss (#​7403)
• @​Janaka66 (#​7427)
• @​moh3n9595 (#​5764)
• @​digital-wizard48 (#​7424)

Full Changelog: v1.13.5...v1.13.6

cypress-io/cypress (cypress)

v15.13.0

Compare Source

Changelog: https://docs.cypress.io/app/references/changelog#15-13-0

v15.12.0

Compare Source

v15.11.0

Compare Source

Changelog: https://docs.cypress.io/app/references/changelog#15-11-0

v15.10.0

Compare Source

Changelog: https://docs.cypress.io/app/references/changelog#15-10-0

i18next/i18next-browser-languageDetector (i18next-browser-languagedetector)

v8.2.1

Compare Source

• Add missing typescript definition for hash options 33154

i18next/i18next-fs-backend (i18next-fs-backend)

v2.6.3

Compare Source

• use own interpolation function instead of relying on i18next's interpolator

v2.6.2

Compare Source

i18next/i18next-http-backend (i18next-http-backend)

v3.0.4

Compare Source

• use own interpolation function for loadPath and addPath instead of relying on i18next's interpolator i18next#2420 — this means only {{lng}} and {{ns}} placeholders are supported; custom interpolation prefix/suffix from i18next config no longer applies to backend paths

remy/nodemon (nodemon)

v3.1.14

Compare Source

Bug Fixes

• get watch working on windows (cfebe2f), closes #​2270

v3.1.13

Compare Source

Bug Fixes

• TypeScript definition for 'restart' args (5c03715), closes #​2265

v3.1.12

Compare Source

Bug Fixes

• bump minimatch (9376af3), closes #​2267

brianc/node-postgres (pg)

v8.20.0

Compare Source

• Add onConnect callback to pg.Pool constructor options allowing for async initialization of newly created & connected pooled clients.

v8.19.0

Compare Source

• Deprecate interal query queue.
• Pass connection parameters to password callback.

v8.18.0

Compare Source

• Return the client instance as the result of calling connect (previously it was void).

v8.17.2

Compare Source

prettier/prettier (prettier)

v3.8.1

Compare Source

ljharb/qs (qs)

v6.15.0

Compare Source

• [New] parse: add strictMerge option to wrap object/primitive conflicts in an array (#​425, #​122)
• [Fix] duplicates option should not apply to bracket notation keys (#​514)

facebook/react (react)

v19.2.4: 19.2.4 (January 26th, 2026)

Compare Source

React Server Components

• Add more DoS mitigations to Server Actions, and harden Server Components (#​35632 by @​gnoff, @​lubieowoce, @​sebmarkbage, @​unstubbable)

remix-run/react-router (react-router)

v7.14.0

Compare Source

Patch Changes

• UNSTABLE RSC FRAMEWORK MODE BREAKING CHANGE - Existing route module exports remain unchanged from stable v7 non-RSC mode, but new exports are added for RSC mode. If you want to use RSC features, you will need to update your route modules to export the new annotations. (#​14901)

  If you are using RSC framework mode currently, you will need to update your route modules to the new conventions. The following route module components have their own mutually exclusive server component counterparts:

  Server Component Export	Client Component
  ServerComponent	default
  ServerErrorBoundary	ErrorBoundary
  ServerLayout	Layout
  ServerHydrateFallback	HydrateFallback

  If you were previously exporting a ServerComponent, your ErrorBoundary, Layout, and HydrateFallback were also server components. If you want to keep those as server components, you can rename them and prefix them with Server. If you were previously importing the implementations of those components from a client module, you can simply inline them.

  Example:

  Before

  import { ErrorBoundary as ClientErrorBoundary } from "./client";
  
  export function ServerComponent() {
    // ...
  }
  
  export function ErrorBoundary() {
    return <ClientErrorBoundary />;
  }
  
  export function Layout() {
    // ...
  }
  
  export function HydrateFallback() {
    // ...
  }

  After

  export function ServerComponent() {
    // ...
  }
  
  export function ErrorBoundary() {
    // previous implementation of ClientErrorBoundary, this is now a client component
  }
  
  export function ServerLayout() {
    // rename previous Layout export to ServerLayout to make it a server component
  }
  
  export function ServerHydrateFallback() {
    // rename previous HydrateFallback export to ServerHydrateFallback to make it a server component
  }

• rsc Link prefetch (#​14902)

• Remove recursion from turbo-stream v2 allowing for encoding / decoding of massive payloads. (#​14838)

• encodeViaTurboStream leaked memory via unremoved AbortSignal listener (#​14900)

v7.13.2

Compare Source

Patch Changes

• Fix clientLoader.hydrate when an ancestor route is also hydrating a clientLoader (#​14835)

• Fix type error when passing Framework Mode route components using Route.ComponentProps to createRoutesStub (#​14892)

• Fix percent encoding in relative path navigation (#​14786)

• Add future.unstable_passThroughRequests flag (#​14775)

  By default, React Router normalizes the request.url passed to your loader, action, and middleware functions by removing React Router's internal implementation details (.data suffixes, index + _routes query params).

  Enabling this flag removes that normalization and passes the raw HTTP request instance to your handlers. This provides a few benefits:

  • Reduces server-side overhead by eliminating multiple new Request() calls on the critical path
  • Allows you to distinguish document from data requests in your handlers base don the presence of a .data suffix (useful for observability purposes)

  If you were previously relying on the normalization of request.url, you can switch to use the new sibling unstable_url parameter which contains a URL instance representing the normalized location:

  // ❌ Before: you could assume there was no `.data` suffix in `request.url`
  export async function loader({ request }: Route.LoaderArgs) {
    let url = new URL(request.url);
    if (url.pathname === "/path") {
      // This check will fail with the flag enabled because the `.data` suffix will
      // exist on data requests
    }
  }
  
  // ✅ After: use `unstable_url` for normalized routing logic and `request.url`
  // for raw routing logic
  export async function loader({ request, unstable_url }: Route.LoaderArgs) {
    if (unstable_url.pathname === "/path") {
      // This will always have the `.data` suffix stripped
    }
  
    // And now you can distinguish between document versus data requests
    let isDataRequest = new URL(request.url).pathname.endsWith(".data");
  }

• Internal refactor to consolidate framework-agnostic/React-specific route type layers - no public API changes (#​14765)

• Sync protocol validation to rsc flows (#​14882)

• Add a new unstable_url: URL parameter to route handler methods (loader, action, middleware, etc.) representin

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codacy-production]

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

🟢 Metrics 0 complexity · 0 duplication

Metric	Results
Complexity	0
Duplication	0

View in Codacy

_{TIP This summary will be updated as you push new changes. Give us feedback}