Skip to content

chore(deps-dev): bump the npm-frontend-updates group in /frontend with 5 updates #299

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps-dev): bump the npm-frontend-updates group in /frontend with 5 updates #299

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 10, 2025
edited
Loading

Updates the requirements on @vitejs/plugin-react, jsdom, msw, playwright and @playwright/test to permit the latest version.
Updates @vitejs/plugin-react from 4.7.0 to 5.1.0

Release notes

Sourced from @​vitejs/plugin-react's releases.

plugin-react@5.1.0

Add @vitejs/plugin-react/preamble virtual module for SSR HMR (#890)

SSR applications can now initialize HMR runtime by importing @vitejs/plugin-react/preamble at the top of their client entry instead of manually calling transformIndexHtml. This simplifies SSR setup for applications that don't use the transformIndexHtml API.

Fix raw Rolldown support for Rolldown 1.0.0-beta.44+ (#930)

Rolldown 1.0.0-beta.44+ removed the top-level jsx option in favor of transform.jsx. This plugin now uses the transform.jsx option to support Rolldown 1.0.0-beta.44+.

plugin-react@5.0.4

Perf: use native refresh wrapper plugin in rolldown-vite (#881)

plugin-react@5.0.3

HMR did not work for components imported with queries with rolldown-vite (#872)

Perf: simplify refresh wrapper generation (#835)

plugin-react@5.0.2

Skip transform hook completely in rolldown-vite in dev if possible (#783)

plugin-react@5.0.1

Set optimizeDeps.rollupOptions.transform.jsx instead of optimizeDeps.rollupOptions.jsx for rolldown-vite (#735)

optimizeDeps.rollupOptions.jsx is going to be deprecated in favor of optimizeDeps.rollupOptions.transform.jsx.

Perf: skip babel-plugin-react-compiler if code has no "use memo" when { compilationMode: "annotation" } (#734)

Respect tsconfig jsxImportSource (#726)

Fix reactRefreshHost option on rolldown-vite (#716)

Fix RefreshRuntime being injected twice for class components on rolldown-vite (#708)

Skip babel-plugin-react-compiler on non client environment (689)

plugin-react@5.0.0

(Same content as v5.0.0-beta.0 https://github.com/vitejs/vite-plugin-react/releases/tag/plugin-react%405.0.0-beta.0)

Use Oxc for react refresh transform in rolldown-vite

When used with rolldown-vite, this plugin now uses Oxc for react refresh transform.

Since this behavior is what @vitejs/plugin-react-oxc did, @vitejs/plugin-react-oxc is now deprecated and the disableOxcRecommendation option is removed.

Also, while @vitejs/plugin-react-oxc used the production JSX transform even for NODE_ENV=development build, @vitejs/plugin-react uses the development JSX transform for NODE_ENV=development build.

Allow processing files in node_modules

The default value of exclude options is now [/\/node_modules\//] to allow processing files in node_modules directory. It was previously [] and files in node_modules was always excluded regardless of the value of exclude option.

... (truncated)

Changelog

Sourced from @​vitejs/plugin-react's changelog.

5.1.0 (2025-10-24)

Add @vitejs/plugin-react/preamble virtual module for SSR HMR (#890)

SSR applications can now initialize HMR runtime by importing @vitejs/plugin-react/preamble at the top of their client entry instead of manually calling transformIndexHtml. This simplifies SSR setup for applications that don't use the transformIndexHtml API.

Fix raw Rolldown support for Rolldown 1.0.0-beta.44+ (#930)

Rolldown 1.0.0-beta.44+ removed the top-level jsx option in favor of transform.jsx. This plugin now uses the transform.jsx option to support Rolldown 1.0.0-beta.44+.

5.0.4 (2025-09-27)

Perf: use native refresh wrapper plugin in rolldown-vite (#881)

5.0.3 (2025-09-17)

HMR did not work for components imported with queries with rolldown-vite (#872)

Perf: simplify refresh wrapper generation (#835)

5.0.2 (2025-08-28)

Skip transform hook completely in rolldown-vite in dev if possible (#783)

5.0.1 (2025-08-19)

Set optimizeDeps.rollupOptions.transform.jsx instead of optimizeDeps.rollupOptions.jsx for rolldown-vite (#735)

optimizeDeps.rollupOptions.jsx is going to be deprecated in favor of optimizeDeps.rollupOptions.transform.jsx.

Perf: skip babel-plugin-react-compiler if code has no "use memo" when { compilationMode: "annotation" } (#734)

Respect tsconfig jsxImportSource (#726)

Fix reactRefreshHost option on rolldown-vite (#716)

Fix RefreshRuntime being injected twice for class components on rolldown-vite (#708)

Skip babel-plugin-react-compiler on non client environment (689)

5.0.0 (2025-08-07)

5.0.0-beta.0 (2025-07-28)

Use Oxc for react refresh transform in rolldown-vite

When used with rolldown-vite, this plugin now uses Oxc for react refresh transform.

Since this behavior is what @vitejs/plugin-react-oxc did, @vitejs/plugin-react-oxc is now deprecated and the disableOxcRecommendation option is removed.

... (truncated)

Commits
  • 3e5a374 release: plugin-react@5.1.0
  • 44cbed4 fix(react): compat with newer rolldown (#930)
  • c54d3c6 chore(deps): update all non-major dependencies (#926)
  • a2d76d9 fix(deps): update all non-major dependencies (#918)
  • fffb7eb feat(react): expose virtual module to simplify hmr preamble setup on ssr (#890)
  • b79592a fix(deps): update react-related dependencies (#901)
  • 2d239fc fix(deps): update all non-major dependencies (#896)
  • 73be2f0 chore(deps): fix vitest > rolldown-vite dependency (#889)
  • 407795d fix(deps): update all non-major dependencies (#887)
  • 47db473 chore(react): fix ecosystem-ci failure (#888)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​vitejs/plugin-react since your current version.


Updates jsdom from 25.0.1 to 27.1.0

Release notes

Sourced from jsdom's releases.

Version 27.1.0

  • Improved CSS parsing by switching to @acemir/cssom, including support for nested selectors, nested declarations, layer statements, and improved at-rule validation. (acemir)
  • Fixed some selector cache invalidation issues where changes to attributes were not being picked up. (asamuzaK)
  • Fixed package.json "engines" field to reflect the new minimum Node.js versions needed to run jsdom, as noted in the changelog for v27.0.1.

Version 27.0.1

This release inadvertently raised the minimum Node.js version from v20.0.0 to v20.19.0+, v22.12.0+, v24.0.0+. (This happened via a dependency update.) This probably should have been a breaking (major) change, instead of happening in a patch version, since it prevents using earlier Node.js versions.

After further testing, we found that most of our development dependencies also require these versions, and so it's not feasible for the jsdom project to support earlier Node.js versions. (For example, our testing frameworks will not run on them.) If you need to use such earlier versions, or otherwise are working in an environment which gives related errors such as ERR_REQUIRE_ESM, then please stick with the v26.1.0 release of jsdom. (Noting, of course, that such versions are unsupported, and we will not respond to bug reports opened against them.)

Subsequent jsdom releases will explicitly require these minimum Node.js versions, and will have CI testing to ensure that the minimum version is not accidentally raised again.

Normal changelog:

  • Fixed some regressions in CSS selectors. Most such regression fixes were done in a minor update of a dependency, and thus available for all fresh installs of v27.0.0. However, one related to class="" attribute changes is only possible with a new version of jsdom. (asamuzaK)

Version 27.0.0

Changes since 26.1.0

  • Node.js v20 is now the minimum supported version.
  • Added a variety of event constructors, even though we do not implement their associated specifications or ever fire them: BeforeUnloadEvent, BlobEvent, DeviceMotionEvent (omitting requestPermission()), DeviceOrientationEvent (omitting requestPermission()), PointerEvent, PromiseRejectionEvent, and TransitionEvent.
  • Added movementX and movementY to MouseEvent. (These are from the Pointer Lock specification, the rest of which is not implemented.)
  • Added customElements.getName(). (mash-graz)
  • Updated the virtual console:
    • "jsdomError" events are now documented, with specific type properties and other properties that depend on the type.
    • sendTo() was renamed to forwardTo().
    • The jsdomErrors option to forwardTo() can be used to control which errors are sent to the Node.js console. This replaces the previous omitJSDOMErrors boolean option.
    • "jsdomError"s for failed XMLHttpRequest fetches are no longer emitted.
    • The values that are printed when forwarding "jsdomError"s to the Node.js console are streamlined.
  • Switched our CSS selector engine from nwsapi to @asamuzakjp/dom-selector, closing over 20 selector-related bugs.
  • Upgraded tough-cookie, which now considers URLs like http://localhost/ to be secure contexts (per the spec), and thus will return Secure-flagged cookies for such URLs. (colincasey)
  • Upgraded cssstyle, which brings along many improvements and fixes to the CSSStyleDeclaration object and its properties.
  • Updated the user agent stylesheet to be derived from the HTML Standard, instead of from an old revision of Chromium.
  • Changed element.click() to fire a PointerEvent instead of a MouseEvent.
  • Changed certain events to be passive by default.
  • Changed the <input> element's pattern="" attribute to use the v regular expression flag, instead of u.
  • Fixed many specification conformance issues with the Window object, including named properties and changing various data properties to accessor properties.
  • Fixed document.createEvent() to accept a more correct set of event names.
  • Fixed the ElementInternals accessibility getters and setters. (They were introduced in v23.1.0, but due to inadequate test coverage never actually worked.)
  • Fixed using Object.defineProperty() on certain objects, such as HTMLSelectElement instances.
  • Fixed jsdom.reconfigure({ url }) not updating document.baseURI or properties derived from it. (This regressed in v26.1.0.)
  • Fixed CSS system colors, as well as the initial, inherit, and unset keywords, to resolve correctly. (asamuzaK)
  • Fixed CSS display style resolution. (asamuzaK)

Changes since 27.0.0-beta.3

  • Upgraded cssstyle, which brings along various CSS parsing fixes.

Version 27.0.0-beta.3

  • Breaking change: upgraded tough-cookie, which now considers URLs like http://localhost/ to be secure contexts (per the spec), and thus will return Secure-flagged cookies for such URLs. (colincasey)

... (truncated)

Changelog

Sourced from jsdom's changelog.

27.1.0

  • Improved CSS parsing by switching to @acemir/cssom, including support for nested selectors, nested declarations, layer statements, and improved at-rule validation. (acemir)
  • Fixed some selector cache invalidation issues where changes to attributes were not being picked up. (asamuzaK)
  • Fixed package.json "engines" field to reflect the new minimum Node.js versions needed to run jsdom, as noted in the changelog for v27.0.1.

27.0.1

This release inadvertently raised the minimum Node.js version from v20.0.0 to v20.19.0+, v22.12.0+, v24.0.0+. (This happened via a dependency update.) This probably should have been a breaking (major) change, instead of happening in a patch version, since it prevents using earlier Node.js versions.

After further testing, we found that most of our development dependencies also require these versions, and so it's not feasible for the jsdom project to support earlier Node.js versions. (For example, our testing frameworks will not run on them.) If you need to use such earlier versions, or otherwise are working in an environment which gives related errors such as ERR_REQUIRE_ESM, then please stick with the v26.1.0 release of jsdom. (Noting, of course, that such versions are unsupported, and we will not respond to bug reports opened against them.)

Subsequent jsdom releases will explicitly require these minimum Node.js versions, and will have CI testing to ensure that the minimum version is not accidentally raised again.

Normal changelog:

  • Fixed some regressions in CSS selectors. Most such regression fixes were done in a minor update of a dependency, and thus available for all fresh installs of v27.0.0. However, one related to class="" attribute changes is only possible with a new version of jsdom. (asamuzaK)

27.0.0

Changes since 26.1.0

  • Node.js v20 is now the minimum supported version.
  • Added a variety of event constructors, even though we do not implement their associated specifications or ever fire them: BeforeUnloadEvent, BlobEvent, DeviceMotionEvent (omitting requestPermission()), DeviceOrientationEvent (omitting requestPermission()), PointerEvent, PromiseRejectionEvent, and TransitionEvent.
  • Added movementX and movementY to MouseEvent. (These are from the Pointer Lock specification, the rest of which is not implemented.)
  • Added customElements.getName(). (mash-graz)
  • Updated the virtual console:
    • "jsdomError" events are now documented, with specific type properties and other properties that depend on the type.
    • sendTo() was renamed to forwardTo().
    • The jsdomErrors option to forwardTo() can be used to control which errors are sent to the Node.js console. This replaces the previous omitJSDOMErrors boolean option.
    • "jsdomError"s for failed XMLHttpRequest fetches are no longer emitted.
    • The values that are printed when forwarding "jsdomError"s to the Node.js console are streamlined.
  • Switched our CSS selector engine from nwsapi to @asamuzakjp/dom-selector, closing over 20 selector-related bugs.
  • Upgraded tough-cookie, which now considers URLs like http://localhost/ to be secure contexts (per the spec), and thus will return Secure-flagged cookies for such URLs. (colincasey)
  • Upgraded cssstyle, which brings along many improvements and fixes to the CSSStyleDeclaration object and its properties.
  • Updated the user agent stylesheet to be derived from the HTML Standard, instead of from an old revision of Chromium.
  • Changed element.click() to fire a PointerEvent instead of a MouseEvent.
  • Changed certain events to be passive by default.
  • Changed the <input> element's pattern="" attribute to use the v regular expression flag, instead of u.
  • Fixed many specification conformance issues with the Window object, including named properties and changing various data properties to accessor properties.
  • Fixed document.createEvent() to accept a more correct set of event names.
  • Fixed the ElementInternals accessibility getters and setters. (They were introduced in v23.1.0, but due to inadequate test coverage never actually worked.)
  • Fixed using Object.defineProperty() on certain objects, such as HTMLSelectElement instances.
  • Fixed jsdom.reconfigure({ url }) not updating document.baseURI or properties derived from it. (This regressed in v26.1.0.)
  • Fixed CSS system colors, as well as the initial, inherit, and unset keywords, to resolve correctly. (asamuzaK)
  • Fixed CSS display style resolution. (asamuzaK)

Changes since 27.0.0-beta.3

  • Upgraded cssstyle, which brings along various CSS parsing fixes.

... (truncated)

Commits
  • adb999a Version 27.1.0
  • 91f40c4 Update dependencies and dev dependencies
  • ebad33c Note more strict minimum version requirement
  • bd02585 Swap rweb-cssom to @​acemir/cssom
  • f15c830 Add failing test for cssText setter
  • a833763 Clear domSelector cache on attribute change
  • 819ff52 Version 27.0.1
  • 23539d4 Call domSelector.clear() on class change
  • 894151b Add regression tests and update dependencies
  • aa2d8db Add a regression test for getComputedStyle() across shadow boundaries
  • Additional commits viewable in compare view

Updates msw from 2.12.0 to 2.12.1

Release notes

Sourced from msw's releases.

v2.12.1 (2025-11-09)

Bug Fixes

  • setupWorker: fix response init in response:* events (#2621) (7f48f21189f1c04349890bb8523f772f6ae9eb08) @​jbms
Commits

Updates playwright to 1.56.1

Release notes

Sourced from playwright's releases.

v1.56.1

Highlights

#37871 chore: allow local-network-access permission in chromium #37891 fix(agents): remove workspaceFolder ref from vscode mcp #37759 chore: rename agents to test agents #37757 chore(mcp): fallback to cwd when resolving test config

Browser Versions

  • Chromium 141.0.7390.37
  • Mozilla Firefox 142.0.1
  • WebKit 26.0
Commits

Updates @playwright/test to 1.56.1

Release notes

Sourced from @​playwright/test's releases.

v1.56.1

Highlights

#37871 chore: allow local-network-access permission in chromium #37891 fix(agents): remove workspaceFolder ref from vscode mcp #37759 chore: rename agents to test agents #37757 chore(mcp): fallback to cwd when resolving test config

Browser Versions

  • Chromium 141.0.7390.37
  • Mozilla Firefox 142.0.1
  • WebKit 26.0
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps-dev): bump the npm-frontend-updates group
6f9562b 
Updates the requirements on [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react), [jsdom](https://github.com/jsdom/jsdom), [msw](https://github.com/mswjs/msw), [playwright](https://github.com/microsoft/playwright) and [@playwright/test](https://github.com/microsoft/playwright) to permit the latest version.

Updates `@vitejs/plugin-react` from 4.7.0 to 5.1.0
- [Release notes](https://github.com/vitejs/vite-plugin-react/releases)
- [Changelog](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite-plugin-react/commits/plugin-react@5.1.0/packages/plugin-react)

Updates `jsdom` from 25.0.1 to 27.1.0
- [Release notes](https://github.com/jsdom/jsdom/releases)
- [Changelog](https://github.com/jsdom/jsdom/blob/main/Changelog.md)
- [Commits](jsdom/jsdom@25.0.1...27.1.0)

Updates `msw` from 2.12.0 to 2.12.1
- [Release notes](https://github.com/mswjs/msw/releases)
- [Changelog](https://github.com/mswjs/msw/blob/main/CHANGELOG.md)
- [Commits](mswjs/msw@v2.12.0...v2.12.1)

Updates `playwright` to 1.56.1
- [Release notes](https://github.com/microsoft/playwright/releases)
- [Commits](microsoft/playwright@v1.49.0...v1.56.1)

Updates `@playwright/test` to 1.56.1
- [Release notes](https://github.com/microsoft/playwright/releases)
- [Commits](microsoft/playwright@v1.49.0...v1.56.1)

---
updated-dependencies:
- dependency-name: "@vitejs/plugin-react"
  dependency-version: 5.1.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: npm-frontend-updates
- dependency-name: jsdom
  dependency-version: 27.1.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: npm-frontend-updates
- dependency-name: msw
  dependency-version: 2.12.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-frontend-updates
- dependency-name: playwright
  dependency-version: 1.56.1
  dependency-type: direct:development
  dependency-group: npm-frontend-updates
- dependency-name: "@playwright/test"
  dependency-version: 1.56.1
  dependency-type: direct:development
  dependency-group: npm-frontend-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Nov 17, 2025

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.

7 similar comments
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Nov 24, 2025

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Dec 1, 2025

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Dec 8, 2025

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Dec 15, 2025

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Dec 22, 2025

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Dec 29, 2025

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Jan 5, 2026

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies frontend

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant