deps(npm): Bump the npm-minor group in /ui with 17 updates by dependabot[bot] · Pull Request #100 · orange-dot/durable-functions

dependabot · 2026-04-13T20:48:48Z

Bumps the npm-minor group in /ui with 17 updates:

Package	From	To
@tanstack/react-form	`1.26.0`	`1.29.0`
@tanstack/react-query	`5.90.11`	`5.99.0`
@tanstack/react-router	`1.139.3`	`1.168.19`
axios	`1.13.5`	`1.15.0`
react	`19.2.0`	`19.2.5`
@types/react	`19.2.7`	`19.2.14`
react-dom	`19.2.0`	`19.2.5`
zustand	`5.0.8`	`5.0.12`
@playwright/test	`1.57.0`	`1.59.1`
@tailwindcss/postcss	`4.1.17`	`4.2.2`
@tanstack/react-query-devtools	`5.91.1`	`5.99.0`
@tanstack/router-devtools	`1.139.3`	`1.166.13`
autoprefixer	`10.4.22`	`10.5.0`
eslint-plugin-react-refresh	`0.4.24`	`0.5.2`
postcss	`8.5.6`	`8.5.9`
tailwindcss	`4.1.17`	`4.2.2`
typescript-eslint	`8.48.0`	`8.58.2`

Updates @tanstack/react-form from 1.26.0 to 1.29.0

Release notes

Sourced from @tanstack/react-form's releases.

@tanstack/react-form-nextjs@1.29.0

Patch Changes

Updated dependencies [d6ab662]:

@tanstack/react-form@1.29.0

@tanstack/react-form-remix@1.29.0

Patch Changes

Updated dependencies [d6ab662]:

@tanstack/react-form@1.29.0

@tanstack/react-form-start@1.29.0

Patch Changes

Updated dependencies [d6ab662]:

@tanstack/react-form@1.29.0

@tanstack/react-form@1.29.0

Minor Changes

Adds extension method to AppForm allowing for teams to extend upstream AppForms (#2106)

Patch Changes

Updated dependencies []:

@tanstack/form-core@1.29.0

@tanstack/react-form-nextjs@1.28.6

Patch Changes

Updated dependencies [7a1428d]:

@tanstack/react-form@1.28.6

@tanstack/react-form-remix@1.28.6

Patch Changes

Updated dependencies [7a1428d]:

@tanstack/react-form@1.28.6

@tanstack/react-form-start@1.28.6

Patch Changes

Updated dependencies [7a1428d]:

@tanstack/react-form@1.28.6

@tanstack/react-form@1.28.6

Patch Changes

fix(core): field unmount (#2068)

... (truncated)

Changelog

Sourced from @tanstack/react-form's changelog.

1.29.0

Minor Changes

Adds extension method to AppForm allowing for teams to extend upstream AppForms (#2106)

Patch Changes

Updated dependencies []:

@tanstack/form-core@1.29.0

1.28.6

Patch Changes

fix(core): field unmount (#2068)

Updated dependencies [7a1428d]:

@tanstack/form-core@1.28.6

1.28.5

Patch Changes

Reimplement fallback selector for Subscribe component (#2071)

Use a named function for the withForm HOC return to enable Fast Refresh. (#2067)

Updated dependencies [39932c1]:

@tanstack/form-core@1.28.5

1.28.4

Patch Changes

Refactor internals for substancially faster performance (#2035)

Updated dependencies [f88faaf]:

@tanstack/form-core@1.28.4

1.28.3

Patch Changes

form arrays now work again (#2041)

Updated dependencies [0b3952d]:

@tanstack/form-core@1.28.3

1.28.2

... (truncated)

Commits

254f157 ci: Version Packages (#2105)
d6ab662 feat(react-from): extend appform (#2106)
2d5f557 ci: Version Packages (#2097)
7a1428d fix(core): field unmount (#2068)
29c18f2 ci: Version Packages (#2070)
dc7c982 fix(react-form): default selector to identity in Subscribe component (#2065)
7ca9898 fix: allow fast refresh with withForm (#2067)
a4e8dec ci: Version Packages (#2059)
f88faaf Move to Alien-Signals Based Store (#2035)
ba32b7f ci: Version Packages (#2042)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @tanstack/react-form since your current version.

Updates @tanstack/react-query from 5.90.11 to 5.99.0

Release notes

Sourced from @tanstack/react-query's releases.

@tanstack/react-query-devtools@5.99.0

Patch Changes

Updated dependencies []:

@tanstack/query-devtools@5.99.0

@tanstack/react-query@5.99.0

@tanstack/react-query-next-experimental@5.99.0

Patch Changes

Updated dependencies []:

@tanstack/react-query@5.99.0

@tanstack/react-query-persist-client@5.99.0

Patch Changes

Updated dependencies []:

@tanstack/query-persist-client-core@5.99.0

@tanstack/react-query@5.99.0

@tanstack/react-query@5.99.0

Patch Changes

Updated dependencies []:

@tanstack/query-core@5.99.0

@tanstack/react-query-devtools@5.98.0

Patch Changes

Updated dependencies []:

@tanstack/query-devtools@5.98.0

@tanstack/react-query@5.98.0

@tanstack/react-query-next-experimental@5.98.0

Patch Changes

Updated dependencies []:

@tanstack/react-query@5.98.0

@tanstack/react-query-persist-client@5.98.0

Patch Changes

Updated dependencies []:

@tanstack/query-persist-client-core@5.98.0

@tanstack/react-query@5.98.0

@tanstack/react-query@5.98.0

Patch Changes

Updated dependencies []:

... (truncated)

Changelog

Sourced from @tanstack/react-query's changelog.

5.99.0

Patch Changes

Updated dependencies []:

@tanstack/query-core@5.99.0

5.98.0

Patch Changes

Updated dependencies []:

@tanstack/query-core@5.98.0

5.97.0

Patch Changes

Updated dependencies [2bfb12c]:

@tanstack/query-core@5.97.0

5.96.2

Patch Changes

Updated dependencies []:

@tanstack/query-core@5.96.2

5.96.1

Patch Changes

Updated dependencies []:

@tanstack/query-core@5.96.1

5.96.0

Patch Changes

Updated dependencies []:

@tanstack/query-core@5.96.0

5.95.2

Patch Changes

Updated dependencies [cd5a35b]:

@tanstack/query-core@5.95.2

5.95.1

... (truncated)

Commits

adc2543 ci: Version Packages (#10454)
6040278 ci: Version Packages (#10451)
125067c ci: Version Packages (#10436)
f699190 test(react-query): replace hardcoded query keys with 'queryKey()' utility (#1...
f3d3eea test(*): replace deprecated 'toMatchTypeOf' with 'toExtend' (#10413)
3d6e001 test(react-query/useSuspenseQueries): replace 'async/await sleep' with 'sleep...
7d7a21c test(react-query): replace 'async/await sleep' with 'sleep().then()' in test ...
5ca721f ci: Version Packages (#10379)
75052a7 ci: Version Packages (#10370)
73e783b ci: Version Packages (#10364)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @tanstack/react-query since your current version.

Updates @tanstack/react-router from 1.139.3 to 1.168.19

Release notes

Sourced from @tanstack/react-router's releases.

v1.166.7

Version 1.166.7 - 3/10/26, 7:24 PM

Changes

Fix

router-core: null prototype input/output objects (#6882) (dadf7e9) by @Sheraff

Chore

eslint: remove package-level unused-vars overrides (#6782) (d306d58) by @Sheraff

Packages

@tanstack/router-core@1.166.7

@tanstack/solid-router@1.166.7

@tanstack/react-router@1.166.7

@tanstack/vue-router@1.166.7

@tanstack/solid-router-ssr-query@1.166.7

@tanstack/react-router-ssr-query@1.166.7

@tanstack/vue-router-ssr-query@1.166.7

@tanstack/router-ssr-query-core@1.166.7

@tanstack/zod-adapter@1.166.7

@tanstack/valibot-adapter@1.166.7

@tanstack/arktype-adapter@1.166.7

@tanstack/router-devtools@1.166.7

@tanstack/solid-router-devtools@1.166.7

@tanstack/react-router-devtools@1.166.7

@tanstack/vue-router-devtools@1.166.7

@tanstack/router-devtools-core@1.166.7

@tanstack/router-generator@1.166.7

@tanstack/router-cli@1.166.7

@tanstack/router-plugin@1.166.7

@tanstack/router-vite-plugin@1.166.7

@tanstack/solid-start@1.166.7

@tanstack/solid-start-client@1.166.7

@tanstack/solid-start-server@1.166.7

@tanstack/vue-start@1.166.7

@tanstack/vue-start-client@1.166.7

@tanstack/vue-start-server@1.166.7

@tanstack/start-client-core@1.166.7

@tanstack/start-server-core@1.166.7

@tanstack/start-storage-context@1.166.7

@tanstack/react-start@1.166.7

@tanstack/react-start-client@1.166.7

@tanstack/react-start-server@1.166.7

@tanstack/start-plugin-core@1.166.7

@tanstack/start-static-server-functions@1.166.7

... (truncated)

Changelog

Sourced from @tanstack/react-router's changelog.

1.168.19

Patch Changes

Fix route file transforms to preserve route ID quoting, handle more exported Route patterns, and avoid incorrect import rewrites in edge cases. (#7167)

Improve transform robustness with clearer route-call detection, safer import removal, and expanded test coverage for quote preservation, constructor swaps, and unsupported route definitions.

1.168.18

Patch Changes

Updated dependencies [0e2c900]:

@tanstack/router-core@1.168.14

1.168.17

Patch Changes

Updated dependencies [812792f]:

@tanstack/router-core@1.168.13

1.168.16

Patch Changes

Updated dependencies [8ec9ca9]:

@tanstack/router-core@1.168.12

1.168.15

Patch Changes

shorten internal non-minifiable store names for byte shaving (#7152)

Updated dependencies [6355bb7]:

@tanstack/router-core@1.168.11

1.168.14

Patch Changes

migrate createStore > createAtom for simpler API (#7150)

Updated dependencies [459057c]:

@tanstack/router-core@1.168.10

1.168.13

Patch Changes

... (truncated)

Commits

85db378 ci: changeset release
105d056 fix(router-generator): harden route file transform rewrites (#7167)
c3900c8 ci: changeset release
3ef971f ci: changeset release
5cec6fb ci: changeset release
b059766 chore(types): re-export SearchMiddleware type from react-router (#7087)
c066031 ci: changeset release
6355bb7 refactor: shorten internal router store names (#7152)
27890af ci: changeset release
459057c refactor: switch router stores to atom get/set API (#7150)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @tanstack/react-router since your current version.

Updates axios from 1.13.5 to 1.15.0

Release notes

Sourced from axios's releases.

v1.15.0

This release delivers two critical security patches, adds runtime support for Deno and Bun, and includes significant CI hardening, documentation improvements, and routine dependency updates.

⚠️ Important Changes

Deprecation: url.parse() usage has been replaced to address Node.js deprecation warnings. If you are on a recent version of Node.js, this resolves console warnings you may have been seeing. (#10625)

🔒 Security Fixes

Proxy Handling: Fixed a no_proxy hostname normalisation bypass that could lead to Server-Side Request Forgery (SSRF). (#10661)

Header Injection: Fixed an unrestricted cloud metadata exfiltration vulnerability via a header injection chain. (#10660)

🚀 New Features

Runtime Support: Added compatibility checks and documentation for Deno and Bun environments. (#10652, #10653)

🔧 Maintenance & Chores

CI Security: Hardened workflow permissions to least privilege, added the zizmor security scanner, pinned action versions, and gated npm publishing with OIDC and environment protection. (#10618, #10619, #10627, #10637, #10666)

Dependencies: Bumped serialize-javascript, handlebars, picomatch, vite, and denoland/setup-deno to latest versions. Added a 7-day Dependabot cooldown period. (#10574, #10572, #10568, #10663, #10664, #10665, #10669, #10670, #10616)

Documentation: Unified docs, improved beforeRedirect credential leakage example, clarified withCredentials/withXSRFToken behaviour, HTTP/2 support notes, async/await timeout error handling, header case preservation, and various typo fixes. (#10649, #10624, #7452, #7471, #10654, #10644, #10589)

Housekeeping: Removed stale files, regenerated lockfile, and updated sponsor scripts and blocks. (#10584, #10650, #10582, #10640, #10659, #10668)

Tests: Added regression coverage for urlencoded Content-Type casing. (#10573)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve Axios:

@raashish1601 (#10573)

@Kilros0817 (#10625)

@ashstrc (#10624)

@Abhi3975 (#10589)

@theamodhshetty (#7452)

v1.14.0

This release focuses on compatibility fixes, adapter stability improvements, and test/tooling modernisation.

⚠️ Important Changes

Breaking Changes: None identified in this release.

Action Required: If you rely on env-based proxy behaviour or CJS resolution edge-cases, validate your integration after upgrade (notably proxy-from-env v2 alignment and main entry compatibility fix).

🚀 New Features

Runtime Features: No new end-user features were introduced in this release.

Test Coverage Expansion: Added broader smoke/module test coverage for CJS and ESM package usage. (#7510)

🐛 Bug Fixes

Headers: Trim trailing CRLF in normalised header values. (#7456)

HTTP/2: Close detached HTTP/2 sessions on timeout to avoid lingering sessions. (#7457)

Fetch Adapter: Cancel ReadableStream created during request-stream capability probing to prevent async resource leaks. (#7515)

Proxy Handling: Fixed env proxy behavior with proxy-from-env v2 usage. (#7499)

... (truncated)

Changelog

Sourced from axios's changelog.

v1.15.0 — April 7, 2026

This release delivers two critical security patches targeting header injection and SSRF via proxy bypass, adds official runtime support for Deno and Bun, and includes significant CI security hardening.

🔒 Security Fixes

Header Injection (CRLF): Rejects any header value containing \r or \n characters to block CRLF injection chains that could be used to exfiltrate cloud metadata (IMDS). Behavior change: headers with CR/LF now throw "Invalid character in header content". (#10660)

SSRF via no_proxy Bypass: Introduces a shouldBypassProxy helper that normalises hostnames (strips trailing dots, handles bracketed IPv6) before evaluating no_proxy/NO_PROXY rules, closing a gap that could cause loopback or internal hosts to be inadvertently proxied. (#10661)

🚀 New Features

Deno & Bun Runtime Support: Added full smoke test suites for Deno and Bun, with CI workflows that run both runtimes before any release is cut. (#10652)

🐛 Bug Fixes

Node.js v22 Compatibility: Replaced deprecated url.parse() calls with the WHATWG URL/URLSearchParams API across examples, sandbox, and tests, eliminating DEP0169 deprecation warnings on Node.js v22+. (#10625)

🔧 Maintenance & Chores

CI Security Hardening: Added zizmor GitHub Actions security scanner; switched npm publish to OIDC Trusted Publishing (removing the long-lived NODE_AUTH_TOKEN); pinned all action references to full commit SHAs; narrowed workflow permissions to least privilege; gated the publish step behind a dedicated npm-publish environment; and blocked the sponsor-block workflow from running on forks. (#10618, #10619, #10627, #10637, #10641, #10666)

Docs: Clarified HTTP/2 support and the unsupported httpVersion option; added documentation for header case preservation; improved the beforeRedirect example to prevent accidental credential leakage. (#10644, #10654, #10624)

Dependencies: Bumped picomatch, handlebars, serialize-javascript, vite (×3), denoland/setup-deno, and 4 additional dev dependencies to latest versions. (#10564, #10565, #10567, #10568, #10572, #10574, #10663, #10664, #10665, #10669, #10670)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

@Kilros0817 (#10625)

@shaanmajid (#10616, #10617, #10618, #10619, #10637, #10641, #10666)

@ashstrc (#10624, #10644)

@Abhi3975 (#10589)

@raashish1601 (#10573)

Full Changelog

v1.14.0 — March 27, 2026

This release fixes a security vulnerability in the formidable dependency, resolves a CommonJS compatibility regression, hardens proxy and HTTP/2 handling, and modernises the build and test toolchain.

🔒 Security Fixes

Formidable Vulnerability: Upgraded formidable from v2 to v3 to address a reported arbitrary-file vulnerability. Updated test server and assertions to align with the v3 API. (#7533)

🐛 Bug Fixes

... (truncated)

Commits

772a4e5 chore(release): prepare release 1.15.0 (#10671)
4b07137 chore(deps-dev): bump vite from 8.0.0 to 8.0.5 in /tests/smoke/esm (#10663)
51e57b3 chore(deps-dev): bump vite from 8.0.2 to 8.0.5 (#10664)
fba1a77 chore(deps-dev): bump vite from 8.0.2 to 8.0.5 in /tests/module/esm (#10665)
0bf6e28 chore(deps): bump denoland/setup-deno in the github-actions group (#10669)
8107157 chore(deps-dev): bump the development_dependencies group with 4 updates (#10670)
e66530e ci: require npm-publish environment for releases (#10666)
49f23cb chore(sponsor): update sponsor block (#10668)
3631854 fix: unrestricted cloud metadata exfiltration via header injection chain (#10...
fb3befb fix: no_proxy hostname normalization bypass leads to ssrf (#10661)
Additional commits viewable in compare view

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Updates react from 19.2.0 to 19.2.5

Release notes

Sourced from react's releases.

19.2.5 (April 8th, 2026)

React Server Components

Add more cycle protections (#36236 by @eps1lon and @unstubbable)

19.2.4 (January 26th, 2026)

React Server Components

Add more DoS mitigations to Server Actions, and harden Server Components (#35632 by @gnoff, @lubieowoce, @sebmarkbage, @unstubbable)

19.2.3 (December 11th, 2025)

React Server Components

Add extra loop protection to React Server Functions (@sebmarkbage #35351)

19.2.2 (December 11th, 2025)

React Server Components

Move react-server-dom-webpack/*.unbundled to private react-server-dom-unbundled (@eps1lon facebook/react#35290)

Patch Promise cycles and toString on Server Functions (@sebmarkbage, @unstubbable #35289, #35345)

19.2.1 (December 3rd, 2025)

React Server Components

Bring React Server Component fixes to Server Actions (@sebmarkbage #35277)

Changelog

Sourced from react's changelog.

19.2.1 (Dec 3, 2025)

React Server Components

Bring React Server Component fixes to Server Actions (@sebmarkbage #35277)

Commits

23f4f9f 19.2.5
90ab3f8 Version 19.2.4
612e371 Version 19.2.3
b910fc1 Version 19.2.2
053df4e Version 19.2.1
See full diff in compare view

Updates @types/react from 19.2.7 to 19.2.14

Commits

See full diff in compare view

Updates react-dom from 19.2.0 to 19.2.5

Release notes

Sourced from react-dom's releases.

19.2.5 (April 8th, 2026)

React Server Components

Add more cycle protections (#36236 by @eps1lon and @unstubbable)

19.2.4 (January 26th, 2026)

React Server Components

Add more DoS mitigations to Server Actions, and harden Server Components (#35632 by @gnoff, @lubieowoce, @sebmarkbage, @unstubbable)

19.2.3 (December 11th, 2025)

React Server Components

Add extra loop protection to React Server Functions (@sebmarkbage #35351)

19.2.2 (December 11th, 2025)

React Server Components

Move react-server-dom-webpack/*.unbundled to private react-server-dom-unbundled (@eps1lon facebook/react#35290)

Patch Promise cycles and toString on Server Functions (@sebmarkbage, @unstubbable #35289, #35345)

19.2.1 (December 3rd, 2025)

React Server Components

Bring React Server Component fixes to Server Actions (@sebmarkbage #35277)

Changelog

Sourced from react-dom's changelog.

19.2.1 (Dec 3, 2025)

React Server Components

Bring React Server Component fixes to Server Actions (@sebmarkbage #35277)

Commits

23f4f9f 19.2.5
90ab3f8 Version 19.2.4
612e371 Version 19.2.3
b910fc1 Version 19.2.2
053df4e Version 19.2.1
See full diff in compare view

Updates zustand from 5.0.8 to 5.0.12

Release notes

Sourced from zustand's releases.

v5.0.12

Two small fixes.

What's Changed

fix(persist): use latest state in post-rehydration callback by @Shohjahon-n in pmndrs/zustand#3391

fix(devtools): correct redux devtools config type extension by @grigoriy-reshetniak in pmndrs/zustand#3414

New Contributors

@pavan-sh made their first contribution in pmndrs/zustand#3378

@Copilot made their first contribution in pmndrs/zustand#3395

@Aravindsreeni made their first contribution in pmndrs/zustand#3400

@wallzero made their first contribution in pmndrs/zustand#3401

@chaesunbak made their first contribution in pmndrs/zustand#3405

@Shohjahon-n made their first contribution in pmndrs/zustand#3391

Full Changelog: pmndrs/zustand@v5.0.11...v5.0.12

v5.0.11

This release includes small improvements in middleware thanks to contributors.

What's Changed

chore: improve typing in devtools middleware by @grigoriy-reshetniak in pmndrs/zustand#3362

fix(persist): avoid relying on global localStorage by @honuuk in pmndrs/zustand#3367

fix(immer): Proper typing for immer middleware in combination with slices by @wheerd in pmndrs/zustand#3371

New Contributors

@SeongYongLee made their first contribution in pmndrs/zustand#3355

@grigoriy-reshetniak made their first contribution in pmndrs/zustand#3351

@DormancyWang made their first contribution in pmndrs/zustand#3363

@Ea-st-ring made their first contribution in pmndrs/zustand#3369

@winner07 made their first contribution in pmndrs/zustand#3373

@honuuk made their first contribution in pmndrs/zustand#3367

@wheerd made their first contribution in pmndrs/zustand#3371

Full Changelog: pmndrs/zustand@v5.0.10...v5.0.11

v5.0.10

This version includes a fix to the persist middleware for an edge case.

What's Changed

fix(persist): prevent race condition during concurrent rehydrate calls by @Niyaz-Mazhitov in pmndrs/zustand#3336

New Contributors

@max-programming made their first contribution in pmndrs/zustand#3310

@oleksandr-danylchenko made their first contribution in pmndrs/zustand#3319

@MateuszSobiech made their first contribution in pmndrs/zustand#3334

@EduardoRangelG made their first contribution in pmndrs/zustand#3326

@1mehdifaraji made their first contribution in pmndrs/zustand#3339

@kamja44 made their first contribution in pmndrs/zustand#3349

@Niyaz-Mazhitov made their first contribution in pmndrs/zustand#3336

... (truncated)

Commits

206012d 5.0.12
d714065 chore(deps): update dev dependencies (#3427)
89ebcd7 fix(devtools): correct redux devtools config type extension (#3414)
6213fc1 fix(persist): use latest state in post-rehydration callback (#3391)
a3869ca docs: fix broken links in beginner TypeScript guide (#3423)
c49df38 Hotfix section linking (#3410)
5561e9b Fix indentation for actions in index.md (#3406)
4966a15 fix(readme) : comparison documentaion link (#3405)
da381c3 Fix README internal links for GitHub rendering (#3403)
0d250b3 fix persist documentation link (#3401)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for zustand since your current version.

Updates @playwright/test from 1.57.0 to 1.59.1

Release notes

Sourced from @playwright/test's releases.

v1.59.1

Bug Fixes

[Windows] Reverted hiding console window when spawning browser processes, which caused regressions including broken codegen, --ui and show commands (#39990)

v1.59.0

🎬 Screencast

New page.screencast API provides a unified interface for capturing page content with:

Screencast recordings

Action annotations

Visual overlays

Real-time frame capture

Agentic video receipts

Screencast recording — record video with precise start/stop control, as an alternative to the Description has been truncated

Bumps the npm-minor group in /ui with 17 updates: | Package | From | To | | --- | --- | --- | | [@tanstack/react-form](https://github.com/TanStack/form/tree/HEAD/packages/react-form) | `1.26.0` | `1.29.0` | | [@tanstack/react-query](https://github.com/TanStack/query/tree/HEAD/packages/react-query) | `5.90.11` | `5.99.0` | | [@tanstack/react-router](https://github.com/TanStack/router/tree/HEAD/packages/react-router) | `1.139.3` | `1.168.19` | | [axios](https://github.com/axios/axios) | `1.13.5` | `1.15.0` | | [react](https://github.com/facebook/react/tree/HEAD/packages/react) | `19.2.0` | `19.2.5` | | [@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react) | `19.2.7` | `19.2.14` | | [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) | `19.2.0` | `19.2.5` | | [zustand](https://github.com/pmndrs/zustand) | `5.0.8` | `5.0.12` | | [@playwright/test](https://github.com/microsoft/playwright) | `1.57.0` | `1.59.1` | | [@tailwindcss/postcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-postcss) | `4.1.17` | `4.2.2` | | [@tanstack/react-query-devtools](https://github.com/TanStack/query/tree/HEAD/packages/react-query-devtools) | `5.91.1` | `5.99.0` | | [@tanstack/router-devtools](https://github.com/TanStack/router/tree/HEAD/packages/router-devtools) | `1.139.3` | `1.166.13` | | [autoprefixer](https://github.com/postcss/autoprefixer) | `10.4.22` | `10.5.0` | | [eslint-plugin-react-refresh](https://github.com/ArnaudBarre/eslint-plugin-react-refresh) | `0.4.24` | `0.5.2` | | [postcss](https://github.com/postcss/postcss) | `8.5.6` | `8.5.9` | | [tailwindcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss) | `4.1.17` | `4.2.2` | | [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.48.0` | `8.58.2` | Updates `@tanstack/react-form` from 1.26.0 to 1.29.0 - [Release notes](https://github.com/TanStack/form/releases) - [Changelog](https://github.com/TanStack/form/blob/main/packages/react-form/CHANGELOG.md) - [Commits](https://github.com/TanStack/form/commits/@tanstack/react-form@1.29.0/packages/react-form) Updates `@tanstack/react-query` from 5.90.11 to 5.99.0 - [Release notes](https://github.com/TanStack/query/releases) - [Changelog](https://github.com/TanStack/query/blob/main/packages/react-query/CHANGELOG.md) - [Commits](https://github.com/TanStack/query/commits/@tanstack/react-query@5.99.0/packages/react-query) Updates `@tanstack/react-router` from 1.139.3 to 1.168.19 - [Release notes](https://github.com/TanStack/router/releases) - [Changelog](https://github.com/TanStack/router/blob/main/packages/react-router/CHANGELOG.md) - [Commits](https://github.com/TanStack/router/commits/@tanstack/react-router@1.168.19/packages/react-router) Updates `axios` from 1.13.5 to 1.15.0 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.13.5...v1.15.0) Updates `react` from 19.2.0 to 19.2.5 - [Release notes](https://github.com/facebook/react/releases) - [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/react/commits/v19.2.5/packages/react) Updates `@types/react` from 19.2.7 to 19.2.14 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react) Updates `react-dom` from 19.2.0 to 19.2.5 - [Release notes](https://github.com/facebook/react/releases) - [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/react/commits/v19.2.5/packages/react-dom) Updates `zustand` from 5.0.8 to 5.0.12 - [Release notes](https://github.com/pmndrs/zustand/releases) - [Commits](pmndrs/zustand@v5.0.8...v5.0.12) Updates `@playwright/test` from 1.57.0 to 1.59.1 - [Release notes](https://github.com/microsoft/playwright/releases) - [Commits](microsoft/playwright@v1.57.0...v1.59.1) Updates `@tailwindcss/postcss` from 4.1.17 to 4.2.2 - [Release notes](https://github.com/tailwindlabs/tailwindcss/releases) - [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.2.2/packages/@tailwindcss-postcss) Updates `@tanstack/react-query-devtools` from 5.91.1 to 5.99.0 - [Release notes](https://github.com/TanStack/query/releases) - [Changelog](https://github.com/TanStack/query/blob/main/packages/react-query-devtools/CHANGELOG.md) - [Commits](https://github.com/TanStack/query/commits/@tanstack/react-query-devtools@5.99.0/packages/react-query-devtools) Updates `@tanstack/router-devtools` from 1.139.3 to 1.166.13 - [Release notes](https://github.com/TanStack/router/releases) - [Changelog](https://github.com/TanStack/router/blob/main/packages/router-devtools/CHANGELOG.md) - [Commits](https://github.com/TanStack/router/commits/@tanstack/router-devtools@1.166.13/packages/router-devtools) Updates `@types/react` from 19.2.7 to 19.2.14 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react) Updates `autoprefixer` from 10.4.22 to 10.5.0 - [Release notes](https://github.com/postcss/autoprefixer/releases) - [Changelog](https://github.com/postcss/autoprefixer/blob/main/CHANGELOG.md) - [Commits](postcss/autoprefixer@10.4.22...10.5.0) Updates `eslint-plugin-react-refresh` from 0.4.24 to 0.5.2 - [Release notes](https://github.com/ArnaudBarre/eslint-plugin-react-refresh/releases) - [Changelog](https://github.com/ArnaudBarre/eslint-plugin-react-refresh/blob/main/CHANGELOG.md) - [Commits](ArnaudBarre/eslint-plugin-react-refresh@v0.4.24...v0.5.2) Updates `postcss` from 8.5.6 to 8.5.9 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.5.6...8.5.9) Updates `tailwindcss` from 4.1.17 to 4.2.2 - [Release notes](https://github.com/tailwindlabs/tailwindcss/releases) - [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.2.2/packages/tailwindcss) Updates `typescript-eslint` from 8.48.0 to 8.58.2 - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.58.2/packages/typescript-eslint) --- updated-dependencies: - dependency-name: "@tanstack/react-form" dependency-version: 1.29.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-minor - dependency-name: "@tanstack/react-query" dependency-version: 5.99.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-minor - dependency-name: "@tanstack/react-router" dependency-version: 1.168.19 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-minor - dependency-name: axios dependency-version: 1.15.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-minor - dependency-name: react dependency-version: 19.2.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor - dependency-name: "@types/react" dependency-version: 19.2.14 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor - dependency-name: react-dom dependency-version: 19.2.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor - dependency-name: zustand dependency-version: 5.0.12 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor - dependency-name: "@playwright/test" dependency-version: 1.59.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor - dependency-name: "@tailwindcss/postcss" dependency-version: 4.2.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor - dependency-name: "@tanstack/react-query-devtools" dependency-version: 5.99.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor - dependency-name: "@tanstack/router-devtools" dependency-version: 1.166.13 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor - dependency-name: "@types/react" dependency-version: 19.2.14 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor - dependency-name: autoprefixer dependency-version: 10.5.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor - dependency-name: eslint-plugin-react-refresh dependency-version: 0.5.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor - dependency-name: postcss dependency-version: 8.5.9 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor - dependency-name: tailwindcss dependency-version: 4.2.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor - dependency-name: typescript-eslint dependency-version: 8.58.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-04-13T20:48:49Z

Labels

The following labels could not be found: npm. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

dependabot bot added the dependencies Pull requests that update a dependency file label Apr 13, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

deps(npm): Bump the npm-minor group in /ui with 17 updates#100

deps(npm): Bump the npm-minor group in /ui with 17 updates#100
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/ui/npm-minor-6830093566

dependabot bot commented on behalf of github Apr 13, 2026

Uh oh!

dependabot bot commented on behalf of github Apr 13, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Apr 13, 2026

@​tanstack/react-form-nextjs@​1.29.0

Patch Changes

@​tanstack/react-form-remix@​1.29.0

Patch Changes

@​tanstack/react-form-start@​1.29.0

Patch Changes

@​tanstack/react-form@​1.29.0

Minor Changes

Patch Changes

@​tanstack/react-form-nextjs@​1.28.6

Patch Changes

@​tanstack/react-form-remix@​1.28.6

Patch Changes

@​tanstack/react-form-start@​1.28.6

Patch Changes

@​tanstack/react-form@​1.28.6

Patch Changes

1.29.0

Minor Changes

Patch Changes

1.28.6

Patch Changes

1.28.5

Patch Changes

1.28.4

Patch Changes

1.28.3

Patch Changes

1.28.2

@​tanstack/react-query-devtools@​5.99.0

Patch Changes

@​tanstack/react-query-next-experimental@​5.99.0

Patch Changes

@​tanstack/react-query-persist-client@​5.99.0

Patch Changes

@​tanstack/react-query@​5.99.0

Patch Changes

@​tanstack/react-query-devtools@​5.98.0

Patch Changes

@​tanstack/react-query-next-experimental@​5.98.0

Patch Changes

@​tanstack/react-query-persist-client@​5.98.0

Patch Changes

@​tanstack/react-query@​5.98.0

Patch Changes

5.99.0

Patch Changes

5.98.0

Patch Changes

5.97.0

Patch Changes

5.96.2

Patch Changes

5.96.1

Patch Changes

5.96.0

Patch Changes

5.95.2

Patch Changes

5.95.1

v1.166.7

Changes

Fix

Chore

Packages

1.168.19

Patch Changes

1.168.18

Patch Changes

1.168.17

Patch Changes

1.168.16

Patch Changes

1.168.15

Patch Changes

1.168.14

Patch Changes

1.168.13

`@tanstack/react-form-nextjs@1`.29.0

`@tanstack/react-form-remix@1`.29.0

`@tanstack/react-form-start@1`.29.0

`@tanstack/react-form@1`.29.0

`@tanstack/react-form-nextjs@1`.28.6

`@tanstack/react-form-remix@1`.28.6

`@tanstack/react-form-start@1`.28.6

`@tanstack/react-form@1`.28.6

`@tanstack/react-query-devtools@5`.99.0

`@tanstack/react-query-next-experimental@5`.99.0

`@tanstack/react-query-persist-client@5`.99.0

`@tanstack/react-query@5`.99.0

`@tanstack/react-query-devtools@5`.98.0

`@tanstack/react-query-next-experimental@5`.98.0

`@tanstack/react-query-persist-client@5`.98.0

`@tanstack/react-query@5`.98.0