chore(deps)(deps): bump the production-dependencies group across 1 directory with 14 updates

[dependabot]

Bumps the production-dependencies group with 14 updates in the /frontend directory:

Package	From	To
@aws-amplify/ui-react	6.13.0	6.15.3
@aws-sdk/client-pinpoint	3.913.0	3.1029.0
@aws-sdk/client-pinpoint-email	3.913.0	3.1029.0
@headlessui/react	2.2.9	2.2.10
@testing-library/react	16.3.0	16.3.2
aws-amplify	6.15.7	6.16.3
dompurify	3.3.0	3.3.3
@types/dompurify	3.0.5	3.2.0
framer-motion	12.23.24	12.38.0
react	19.2.0	19.2.5
@types/react	19.2.2	19.2.14
react-dom	19.2.0	19.2.5
@types/react-dom	19.2.2	19.2.3
recharts	3.3.0	3.8.1

Updates @aws-amplify/ui-react from 6.13.0 to 6.15.3

Release notes

Sourced from @​aws-amplify/ui-react's releases.

@​aws-amplify/ui-react@​6.15.3

Patch Changes

• #6947 00c6b6cb4d0dfe4f6389b70da04acdb3f70bde53 Thanks @​soberm! - fix(deps): bump lodash from 4.17.23 to 4.18.1

• Updated dependencies [00c6b6cb4d0dfe4f6389b70da04acdb3f70bde53, aea51618abe852ffedd4375a592cffb976880a66]:

  • @​aws-amplify/ui@​6.15.3
  • @​aws-amplify/ui-react-core@​3.6.3

@​aws-amplify/ui-react@​6.15.2

Patch Changes

• Updated dependencies [d7c34c609830395d09f078902de1c17aa5674d5f]:
  • @​aws-amplify/ui@​6.15.2
  • @​aws-amplify/ui-react-core@​3.6.2

@​aws-amplify/ui-react@​6.15.1

Patch Changes

• #6853 8b2d38cd9da29d159c26070299b4ac4b97419b82 Thanks @​sarayev! - fix(authenticator): exclude username from user attributes in force change password flow

• Updated dependencies [8b2d38cd9da29d159c26070299b4ac4b97419b82]:

  • @​aws-amplify/ui@​6.15.1
  • @​aws-amplify/ui-react-core@​3.6.1

@​aws-amplify/ui-react@​6.15.0

Minor Changes

• #6834 0401829108ffae82db4fa776c96e8d0075a591b9 Thanks @​osama-rizk! - feat(storage-browser): Folder deletion.

Patch Changes

• Updated dependencies [0401829108ffae82db4fa776c96e8d0075a591b9]:
  • @​aws-amplify/ui-react-core@​3.6.0
  • @​aws-amplify/ui@​6.15.0

@​aws-amplify/ui-react@​6.14.0

Minor Changes

• #6783 167714536a6dbe43f918b5c8f3a46afb6f9c66fb Thanks @​ahmedhamouda78! - Add passwordless authentication support

Patch Changes

• Updated dependencies [25cf1983b7ecf91f7ab7bb1c2cb76a4df252fdf7, 167714536a6dbe43f918b5c8f3a46afb6f9c66fb]:
  • @​aws-amplify/ui@​6.14.0
  • @​aws-amplify/ui-react-core@​3.5.0

@​aws-amplify/ui-react@​6.13.2

Patch Changes

... (truncated)

Changelog

Sourced from @​aws-amplify/ui-react's changelog.

6.15.3

Patch Changes

• #6947 00c6b6cb4d0dfe4f6389b70da04acdb3f70bde53 Thanks @​soberm! - fix(deps): bump lodash from 4.17.23 to 4.18.1

• Updated dependencies [00c6b6cb4d0dfe4f6389b70da04acdb3f70bde53, aea51618abe852ffedd4375a592cffb976880a66]:

  • @​aws-amplify/ui@​6.15.3
  • @​aws-amplify/ui-react-core@​3.6.3

6.15.2

Patch Changes

• Updated dependencies [d7c34c609830395d09f078902de1c17aa5674d5f]:
  • @​aws-amplify/ui@​6.15.2
  • @​aws-amplify/ui-react-core@​3.6.2

6.15.1

Patch Changes

• #6853 8b2d38cd9da29d159c26070299b4ac4b97419b82 Thanks @​sarayev! - fix(authenticator): exclude username from user attributes in force change password flow

• Updated dependencies [8b2d38cd9da29d159c26070299b4ac4b97419b82]:

  • @​aws-amplify/ui@​6.15.1
  • @​aws-amplify/ui-react-core@​3.6.1

6.15.0

Minor Changes

• #6834 0401829108ffae82db4fa776c96e8d0075a591b9 Thanks @​osama-rizk! - feat(storage-browser): Folder deletion.

Patch Changes

• Updated dependencies [0401829108ffae82db4fa776c96e8d0075a591b9]:
  • @​aws-amplify/ui-react-core@​3.6.0
  • @​aws-amplify/ui@​6.15.0

6.14.0

Minor Changes

• #6783 167714536a6dbe43f918b5c8f3a46afb6f9c66fb Thanks @​ahmedhamouda78! - Add passwordless authentication support

Patch Changes

• Updated dependencies [25cf1983b7ecf91f7ab7bb1c2cb76a4df252fdf7, 167714536a6dbe43f918b5c8f3a46afb6f9c66fb]:
  • @​aws-amplify/ui@​6.14.0

... (truncated)

Commits

• 417341e Version Packages (#6917)
• a60edd8 chore(deps): bump lodash from 4.17.23 to 4.18.1 (#6942)
• caa09bb chore(deps-dev): bump eslint from 8.44.0 to 9.26.0 (#6825)
• f5d5e72 Version Packages (#6888)
• 46515f3 Version Packages (#6854)
• 7dc7e4b Version Packages (#6844)
• f5bf6fa Version Packages (#6781)
• 1677145 feat(authenticator): add passwordless authentication support (#6783)
• e7dfb41 chore(deps): bump lodash from 4.17.21 to 4.17.23 (#6813)
• fc6e149 Version Packages (#6739)
• Additional commits viewable in compare view

Updates @aws-sdk/client-pinpoint from 3.913.0 to 3.1029.0

Release notes

Sourced from @​aws-sdk/client-pinpoint's releases.

v3.1029.0

3.1029.0(2026-04-10)

New Features

• client-observabilityadmin: CloudWatch Observability Admin adds support for multi-region telemetry evaluation and telemetry enablement rules. (861e172a)
• client-rtbfabric: Adds optional health check configuration for Responder Gateways with ASG Managed Endpoints. When provided, RTB Fabric continuously probes customers' instance IPs and routes traffic only to healthy ones, reducing errors during deployments, scaling events, and instance failures. (3e890437)
• client-ecs: Minor updates to exceptions for completeness (788ab4a6)
• client-devops-agent: Devops Agent now supports associate Splunk, Datadog and custom MCP server to an Agent Space. (44503175)
• client-mediaconvert: Adds support for MV-HEVC video output and clear lead for AV1 DRM output. (812d3dad)
• client-imagebuilder: Image pipelines can now automatically apply tags to images they create. Set the imageTags property when creating or updating your pipelines to get started. (5eb366f5)
• client-sagemaker: Support new SageMaker StartClusterHealthCheck API for on-demand DHC on Hyperpod EKS cluster. Support updated CreateCluster, UpdateCluster, DescribeCluster, BatchAddClusterNodes APIs for flexible instance group on HyperPod cluster (dfcde032)
• client-connect: Conversational Analytics for Email (fd2820f8)

---

For list of updated packages, view updated-packages.md in assets-3.1029.0.zip

v3.1028.0

3.1028.0(2026-04-09)

Chores

• codegen: bump codegen version to 0.48.0 (#7924) (037593a7)

New Features

• client-bcm-dashboards: Scheduled email reports of Billing and Cost Management Dashboards (5e7231a1)
• client-mediaconnect: Adds support for MediaLive Channel-type Router Inputs. (858c746d)
• client-bedrock-agentcore: Introducing support for SearchRegistryRecords API on AgentCoreRegistry (6ac1ecc5)
• client-sagemaker: Release support for g7e instance types for SageMaker HyperPod (c92e9e66)
• client-bedrock-agentcore-control: Initial release for CRUDL in AgentCore Registry Service (ec576322)
• client-redshift-data: The BatchExecuteStatement API now supports named SQL parameters, enabling secure batch queries with parameterized values. This enhancement helps prevent SQL injection vulnerabilities and improves query reusability. (de8f2afb)

---

For list of updated packages, view updated-packages.md in assets-3.1028.0.zip

v3.1027.0

3.1027.0(2026-04-08)

New Features

• clients: update client endpoints as of 2026-04-08 (88eb6682)
• client-outposts: Add AWS Outposts APIs to view renewal pricing options and submit renewal requests for Outpost contracts (ba6c2a7e)
• client-ecr: Add UnableToListUpstreamImageReferrersException in ListImageReferrers (459df0bc)
• client-backup: Adding EKS specific backup vault notification types for AWS Backup. (c5badfde)
• client-marketplace-discovery: AWS Marketplace Discovery API provides an interface that enables programmatic access to the AWS Marketplace catalog, including searching and browsing listings, retrieving product details and fulfillment options, and accessing public and private offer pricing and terms. (1523d996)

... (truncated)

Changelog

Sourced from @​aws-sdk/client-pinpoint's changelog.

3.1029.0 (2026-04-10)

Note: Version bump only for package @​aws-sdk/client-pinpoint

3.1028.0 (2026-04-09)

Note: Version bump only for package @​aws-sdk/client-pinpoint

3.1027.0 (2026-04-08)

Note: Version bump only for package @​aws-sdk/client-pinpoint

3.1026.0 (2026-04-07)

Note: Version bump only for package @​aws-sdk/client-pinpoint

3.1025.0 (2026-04-06)

Note: Version bump only for package @​aws-sdk/client-pinpoint

3.1024.0 (2026-04-03)

Note: Version bump only for package @​aws-sdk/client-pinpoint

3.1023.0 (2026-04-02)

... (truncated)

Commits

• 5d5aaed Publish v3.1029.0
• edca62d Publish v3.1028.0
• 690d8d4 Publish v3.1027.0
• 67ea2f7 Publish v3.1026.0
• b19357a chore(codegen): update for sparse types and retry 2.1 updates (#7916)
• 8cfa946 Publish v3.1025.0
• 99bf9fc Publish v3.1024.0
• 34e7b07 Publish v3.1023.0
• e7e636a Publish v3.1022.0
• 86db170 Publish v3.1021.0
• Additional commits viewable in compare view

Updates @aws-sdk/client-pinpoint-email from 3.913.0 to 3.1029.0

Release notes

Sourced from @​aws-sdk/client-pinpoint-email's releases.

v3.1029.0

3.1029.0(2026-04-10)

New Features

• client-observabilityadmin: CloudWatch Observability Admin adds support for multi-region telemetry evaluation and telemetry enablement rules. (861e172a)
• client-rtbfabric: Adds optional health check configuration for Responder Gateways with ASG Managed Endpoints. When provided, RTB Fabric continuously probes customers' instance IPs and routes traffic only to healthy ones, reducing errors during deployments, scaling events, and instance failures. (3e890437)
• client-ecs: Minor updates to exceptions for completeness (788ab4a6)
• client-devops-agent: Devops Agent now supports associate Splunk, Datadog and custom MCP server to an Agent Space. (44503175)
• client-mediaconvert: Adds support for MV-HEVC video output and clear lead for AV1 DRM output. (812d3dad)
• client-imagebuilder: Image pipelines can now automatically apply tags to images they create. Set the imageTags property when creating or updating your pipelines to get started. (5eb366f5)
• client-sagemaker: Support new SageMaker StartClusterHealthCheck API for on-demand DHC on Hyperpod EKS cluster. Support updated CreateCluster, UpdateCluster, DescribeCluster, BatchAddClusterNodes APIs for flexible instance group on HyperPod cluster (dfcde032)
• client-connect: Conversational Analytics for Email (fd2820f8)

---

For list of updated packages, view updated-packages.md in assets-3.1029.0.zip

v3.1028.0

3.1028.0(2026-04-09)

Chores

• codegen: bump codegen version to 0.48.0 (#7924) (037593a7)

New Features

• client-bcm-dashboards: Scheduled email reports of Billing and Cost Management Dashboards (5e7231a1)
• client-mediaconnect: Adds support for MediaLive Channel-type Router Inputs. (858c746d)
• client-bedrock-agentcore: Introducing support for SearchRegistryRecords API on AgentCoreRegistry (6ac1ecc5)
• client-sagemaker: Release support for g7e instance types for SageMaker HyperPod (c92e9e66)
• client-bedrock-agentcore-control: Initial release for CRUDL in AgentCore Registry Service (ec576322)
• client-redshift-data: The BatchExecuteStatement API now supports named SQL parameters, enabling secure batch queries with parameterized values. This enhancement helps prevent SQL injection vulnerabilities and improves query reusability. (de8f2afb)

---

For list of updated packages, view updated-packages.md in assets-3.1028.0.zip

v3.1027.0

3.1027.0(2026-04-08)

New Features

• clients: update client endpoints as of 2026-04-08 (88eb6682)
• client-outposts: Add AWS Outposts APIs to view renewal pricing options and submit renewal requests for Outpost contracts (ba6c2a7e)
• client-ecr: Add UnableToListUpstreamImageReferrersException in ListImageReferrers (459df0bc)
• client-backup: Adding EKS specific backup vault notification types for AWS Backup. (c5badfde)
• client-marketplace-discovery: AWS Marketplace Discovery API provides an interface that enables programmatic access to the AWS Marketplace catalog, including searching and browsing listings, retrieving product details and fulfillment options, and accessing public and private offer pricing and terms. (1523d996)

... (truncated)

Changelog

Sourced from @​aws-sdk/client-pinpoint-email's changelog.

3.1029.0 (2026-04-10)

Note: Version bump only for package @​aws-sdk/client-pinpoint-email

3.1028.0 (2026-04-09)

Note: Version bump only for package @​aws-sdk/client-pinpoint-email

3.1027.0 (2026-04-08)

Note: Version bump only for package @​aws-sdk/client-pinpoint-email

3.1026.0 (2026-04-07)

Note: Version bump only for package @​aws-sdk/client-pinpoint-email

3.1025.0 (2026-04-06)

Note: Version bump only for package @​aws-sdk/client-pinpoint-email

3.1024.0 (2026-04-03)

Note: Version bump only for package @​aws-sdk/client-pinpoint-email

3.1023.0 (2026-04-02)

... (truncated)

Commits

• 5d5aaed Publish v3.1029.0
• edca62d Publish v3.1028.0
• 690d8d4 Publish v3.1027.0
• 67ea2f7 Publish v3.1026.0
• b19357a chore(codegen): update for sparse types and retry 2.1 updates (#7916)
• 8cfa946 Publish v3.1025.0
• 99bf9fc Publish v3.1024.0
• 34e7b07 Publish v3.1023.0
• e7e636a Publish v3.1022.0
• 86db170 Publish v3.1021.0
• Additional commits viewable in compare view

Updates @headlessui/react from 2.2.9 to 2.2.10

Release notes

Sourced from @​headlessui/react's releases.

@​headlessui/react@​v2.2.10

Fixed

• Don’t render <Portal> while hydrating (#3825)
• Fix passing props on Fragment error due to Symbol(react.lazy) (#3873)

Changelog

Sourced from @​headlessui/react's changelog.

[2.2.10] - 2026-04-07

Fixed

• Don’t render <Portal> while hydrating (#3825)
• Fix passing props on Fragment error due to Symbol(react.lazy) (#3873)

Commits

• d13526d 2.2.10 - @​headlessui/react
• b0dcd8f Handle props on Fragment error due to Symbol(react.lazy) (#3873)
• 7baca70 Don’t render \<Portal>s while hydrating (#3825)
• 5ef7395 Add RefProp to props (#3823)
• See full diff in compare view

Updates @testing-library/react from 16.3.0 to 16.3.2

Release notes

Sourced from @​testing-library/react's releases.

v16.3.2

16.3.2 (2026-01-19)

Bug Fixes

• Update 'onCaughtError' type inference in 'RenderOptions' to work with React v19 (#1438) (f32bd1b)

v16.3.1

16.3.1 (2025-12-15)

Bug Fixes

• Switch to trusted publishing (#1437) (a2d37ff)

Commits

• f32bd1b fix: Update 'onCaughtError' type inference in 'RenderOptions' to work with Re...
• a2d37ff fix: Switch to trusted publishing (#1437)
• cd6a175 chore: fix action permissions (#1436)
• 22b8c28 chore: fix release (#1435)
• d996673 chore: new release workflow (#1434)
• 205ce17 chore: fix typo in jest.config.js (#1427)
• aba5740 [test] Fix tests for react@experimental (#1424)
• 590bc18 [test] Fix npm run typecheck (#1423)
• 1c931a6 chore(deps): use npm-run-all2 (#1411)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​testing-library/react since your current version.

Updates aws-amplify from 6.15.7 to 6.16.3

Release notes

Sourced from aws-amplify's releases.

aws-amplify@6.16.3

Patch Changes

• Updated dependencies [e2b77fa]:
  • @​aws-amplify/storage@​6.13.2

All notable changes to this project will be documented in this file. See Conventional Commits for commit guidelines.

2026-02-05 Amplify JS release - aws-amplify@6.16.2

What's Changed

• chore: Merge release into main by @​aws-amplify-ops in aws-amplify/amplify-js#14686
• feat(rtn-web-browser): add unit tests by @​ahmedhamouda78 in aws-amplify/amplify-js#14541
• fix(auth): rename passwordless_options to passwordless by @​ahmedhamouda78 in aws-amplify/amplify-js#14691
• chore(deps-dev): bump next from 16.1.1 to 16.1.5 by @​dependabot[bot] in aws-amplify/amplify-js#14692
• chore(deps): bump fast-xml-parser from 4.5.3 to 5.3.4 by @​dependabot[bot] in aws-amplify/amplify-js#14699
• Version Packages (#14701) by @​soberm in aws-amplify/amplify-js#14702
• chore(deps): bump @aws-sdk/* to 3.982.0 by @​pranavosu in aws-amplify/amplify-js#14704
• release(required): Amplify JS release by @​Simone319 in aws-amplify/amplify-js#14705

Full Changelog: https://github.com/aws-amplify/amplify-js/compare/aws-amplify@6.16.0...aws-amplify@6.16.2

2026-02-02 Amplify JS release - aws-amplify@6.16.1

No change.

2026-01-23 Amplify JS release - aws-amplify@6.16.0

What's Changed

• chore: Merge release into main by @​sarayev in aws-amplify/amplify-js#14674
• fix: add CI environment check to pre-push hook by @​sarayev in aws-amplify/amplify-js#14675
• chore: add deprecation warning related to Pinpoint end of support by @​soberm in aws-amplify/amplify-js#14676
• chore: enable missing tests by @​soberm in aws-amplify/amplify-js#14672
• chore: enable kinesis tests by @​soberm in aws-amplify/amplify-js#14652
• feat(storage): add folder deletion support to remove API by @​osama-rizk in aws-amplify/amplify-js#14671
• chore(deps): bump lodash from 4.17.21 to 4.17.23 by @​dependabot[bot] in aws-amplify/amplify-js#14683
• fix: skip integ_react_interactions_chatbot_v1 test due to Lex V1 rate limiting by @​ahmedhamouda78 in aws-amplify/amplify-js#14684
• feat(auth): add passwordless configuration parsing and validation by @​ahmedhamouda78 in aws-amplify/amplify-js#14679
• release: Amplify JS release by @​osama-rizk in aws-amplify/amplify-js#14680

Full Changelog: https://github.com/aws-amplify/amplify-js/compare/aws-amplify@6.15.10...aws-amplify@6.16.0

2026-01-15 Amplify JS release - aws-amplify@6.15.10

What's Changed

• chore: Merge release into main by @​osama-rizk in aws-amplify/amplify-js#14651
• chore(deps-dev): bump next from 14.2.32 to 14.2.35 by @​dependabot[bot] in aws-amplify/amplify-js#14656
• fix(rtn-push-notification): android build/rn 0.81.4 compatibility by @​osama-rizk in aws-amplify/amplify-js#14654
• fix: upgrade qs dependency to ^6.14.1 by @​sarayev in aws-amplify/amplify-js#14665
• fix: append params instead of constructor by @​bobbor in aws-amplify/amplify-js#14662
• feat: add next16 support by @​bobbor in aws-amplify/amplify-js#14639

... (truncated)

Commits

• c9706b8 Version Packages (main) (#14748)
• b9a7fce Version Packages
• e2b77fa chore(deps): Add a changeset for #14724
• 9108e72 chore(deps): dependency cleanup (#14743)
• 24c0a0b chore(deps): replace sqlite3 with better-sqlite3 (#14744)
• eb205a6 chore(deps): bump @​tootallnate/once to 3.0.1 via resolutions (#14741)
• 4971ebd build: turbo migration (#14698)
• af6ff6d chore(deps): update minimatch resolutions (#14739)
• 54bf753 fix: resolve serialize-javascript security vulnerability (CVE) (#14735)
• f4e2b9f chore(deps): bump fast-xml-parser from 5.3.6 to 5.3.8 (#14734)
• Additional commits viewable in compare view

Updates dompurify from 3.3.0 to 3.3.3

Release notes

Sourced from dompurify's releases.

DOMPurify 3.3.3

• Fixed an engine requirement for Node 20 which caused hiccups, thanks @​Rotzbua

DOMPurify 3.3.2

• Fixed a possible bypass caused by jsdom's faulty raw-text tag parsing, thanks multiple reporters
• Fixed a prototype pollution issue when working with custom elements, thanks @​christos-eth
• Fixed a lenient config parsing in _isValidAttribute, thanks @​christos-eth
• Bumped and removed several dependencies, thanks @​Rotzbua
• Fixed the test suite after bumping dependencies, thanks @​Rotzbua

DOMPurify 3.3.1

• Updated ADD_FORBID_CONTENTS setting to extend default list, thanks @​MariusRumpf
• Updated the ESM import syntax to be more correct, thanks @​binhpv

Commits

• 8bcbf73 chore: Preparing 3.3.3 release
• 5faddd6 fix: engine requirement (#1210)
• 0f91e3a Update README.md
• d5ff1a8 Merge branch 'main' of github.com:cure53/DOMPurify
• c3efd48 fix: moved back from jsdom 28 to jsdom 20
• 988b888 fix: moved back from jsdom 28 to jsdom 20
• 2726c74 chore: Preparing 3.3.2 release
• 6202c7e build(deps): bump @​tootallnate/once and jsdom (#1204)
• 302b51d fix: Expanded the regex ever so slightly to also cover script
• cd85175 Merge branch 'main' of github.com:cure53/DOMPurify
• Additional commits viewable in compare view

Updates @types/dompurify from 3.0.5 to 3.2.0

Commits

• See full diff in compare view

Updates framer-motion from 12.23.24 to 12.38.0

Changelog

Sourced from framer-motion's changelog.

[12.38.0] 2026-03-16

Added

• Added layoutAnchor prop to configure custom anchor point for resolving relative projection boxes.

Fixed

• Reorder: Fix axis switching after window resize.
• Reorder: Fix with virtualised lists.
• AnimatePresence: Ensure children are removed when exit animation matches current values.

[12.37.0] 2026-03-16

Added

• Support for hardware accelerating "start" and "end" offsets in scroll and useScroll.
• Support for oklch, oklab, lab, lch, color, color-mix, light-dark color types.

Fixed

• Fix whileInView with client-side navigation.
• Fix draggable elements when layout updates due to surrounding element re-renders.
• Improved memory pressure of layout animations.
• Ensure motion value returned from useSpring reports correct isAnimating().

[12.36.0] 2026-03-09

Added

• Allow dragSnapToOrigin to accept "x" or "y" for per-axis snapping.
• Added axis-locked layout animations with layout="x" and layout="y".
• Added skipInitialAnimation to useSpring.

Fixed

• Fixed height and width: auto animations with box-sizing: border-box.
• Reset component values when exit animation finishes.
• Ensure anticipate easing returns 1 at p === 1.
• Fix @emotion/is-prop-valid resolve error in Storybook.
• Remove data-pop-layout-id from exiting elements when animation interrupted.
• Ensure we skip WAAPI for non-animatable keyframes.
• Ensure we skip WAAPI for SVG transforms.
• Ensure MotionValue props are not passed to SVG.
• AnimatePresence: Prevent mode="wait" elements from getting stuck when switched rapidly.

[12.35.2] 2026-03-09

Fixed

... (truncated)

Commits

• 0bfc9fe v12.38.0
• 343cb0c Updating layoutAnchor
• ee99ad2 Updating changelog
• 062660b Updating changgelog
• 303da7d Updating readme
• b075adc Merge pull request #3647 from motiondivision/feat/layout-anchor
• f0991d6 Add missing layoutAnchor !== false guard in attemptToResolveRelativeTarget
• b5798e9 Merge pull request #3642 from motiondivision/worktree-fix-issue-3078
• 7686c19 Merge pull request #3636 from motiondivision/worktree-fix-issue-3061
• a95c487 Fix auto-scroll in reorder-virtualized test page
• Additional commits viewable in compare view

Updates react from 19.2.0 to 19.2.5

Release notes

Sourced from react's releases.

19.2.5 (April 8th, 2026)

React Server Components

• Add more cycle protections (#36236 by @​eps1lon and @​unstubbable)

19.2.4 (January 26th, 2026)

React Server Components

• Add more DoS mitigations to Server Actions, and harden Server Components (#35632 by @​gnoff, @​lubieowoce, @​sebmarkbage, @​unstubbable)

19.2.3 (December 11th, 2025)

React Server Components

• Add extra loop protection to React Server Functions (@​sebmarkbage #35351)

19.2.2 (December 11th, 2025)

React Server Components

• Move react-server-dom-webpack/*.unbundled to private react-server-dom-unbundled (@​eps1lon facebook/react#35290)
• Patch Promise cycles and toString on Server Functions (@​sebmarkbage, @​unstubbable #35289, #35345)

19.2.1 (December 3rd, 2025)

React Server Components

• Bring React Server Component fixes to Server Actions (@​sebmarkbage #35277)

Changelog

Sourced from react's changelog.

19.2.1 (Dec 3, 2025)

React Server Components

• Bring React Server Component fixes to Server Actions (@​sebmarkbage #35277)

Commits

• 23f4f9f 19.2.5
• 90ab3f8 Version 19.2.4
• 612e371 Version 19.2.3
• b910fc1 Version 19.2.2
• 053df4e Version 19.2.1
• See full diff in compare view

Updates @types/react from 19.2.2 to 19.2.14

Commits

• See full diff in compare view

Updates react-dom from 19.2.0 to 19.2.5

Release notes

Sourced from react-dom's releases.

19.2.5 (April 8th, 2026)

React Server Components

• Add more cycle protections (#36236 by @​eps1lon and @​unstubbable)

19.2.4 (January 26th, 2026)

React Server Components

• Add more DoS mitigations to Server Actions, and harden Server Components (#35632 by @​gnoff, @​lubieowoce, @​sebmarkbage, @​unstubbable)

19.2.3 (December 11th, 2025)

React Server Components

• Add extra loop protection to React Server Functions (@​sebmarkbage #35351)

19.2.2 (December 11th, 2025)

React Server Components

• Move react-server-dom-webpack/*.unbundled to private react-server-dom-unbundled (@​eps1lon facebook/react#35290)
• Patch Promise cycles and toString on Server Functions (@​sebmarkbage, @​unstubbable #35289, #35345)

19.2.1 (December 3rd, 2025)

React Server Components

• Bring React Server Component fixes to Server Actions (@​sebmarkbage #35277)

ChangelogDescription has been truncated

[dependabot]

Assignees

The following users could not be added as assignees: aquachain-dev-team. Either the username does not exist or it does not have the correct permissions to be added as an assignee.

Labels

The following labels could not be found: automated, frontend. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[github-actions]

⚠️ Manual review required

This is a minor version update that may include new features.

Action Required:

1. Review the changelog for breaking changes
2. Test the changes locally
3. Approve and merge if everything looks good

📋 This PR will not be auto-merged and requires manual approval.