Skip to content

chore(deps): bump the root-minor-patch group across 1 directory with 16 updates#82

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/root-minor-patch-c1a7ec70e0
Open

chore(deps): bump the root-minor-patch group across 1 directory with 16 updates#82
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/root-minor-patch-c1a7ec70e0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Bumps the root-minor-patch group with 15 updates in the / directory:

Package From To
@fortawesome/fontawesome-svg-core 7.2.0 7.3.0
@fortawesome/free-brands-svg-icons 7.2.0 7.3.0
@fortawesome/free-regular-svg-icons 7.2.0 7.3.0
@fortawesome/free-solid-svg-icons 7.2.0 7.3.0
firebase 12.14.0 12.15.0
react-hook-form 7.78.0 7.80.0
react-router-dom 7.17.0 7.18.1
@types/node 22.19.20 22.20.0
@typescript-eslint/eslint-plugin 8.61.0 8.62.1
@vitejs/plugin-react 6.0.2 6.0.3
autoprefixer 10.5.0 10.5.2
firebase-tools 15.19.1 15.22.3
postcss 8.5.15 8.5.16
prettier 3.8.3 3.9.3
vite 8.0.16 8.1.0

Updates @fortawesome/fontawesome-svg-core from 7.2.0 to 7.3.0

Release notes

Sourced from @​fortawesome/fontawesome-svg-core's releases.

Release 7.3.0

Change log available at https://fontawesome.com/docs/changelog/

Commits

Updates @fortawesome/free-brands-svg-icons from 7.2.0 to 7.3.0

Release notes

Sourced from @​fortawesome/free-brands-svg-icons's releases.

Release 7.3.0

Change log available at https://fontawesome.com/docs/changelog/

Commits

Updates @fortawesome/free-regular-svg-icons from 7.2.0 to 7.3.0

Release notes

Sourced from @​fortawesome/free-regular-svg-icons's releases.

Release 7.3.0

Change log available at https://fontawesome.com/docs/changelog/

Commits

Updates @fortawesome/free-solid-svg-icons from 7.2.0 to 7.3.0

Release notes

Sourced from @​fortawesome/free-solid-svg-icons's releases.

Release 7.3.0

Change log available at https://fontawesome.com/docs/changelog/

Commits

Updates firebase from 12.14.0 to 12.15.0

Release notes

Sourced from firebase's releases.

firebase@12.15.0

For more detailed release notes, see Firebase JavaScript SDK Release Notes.

What's Changed

@​firebase/app@​0.15.0

Minor Changes

  • 420156e #10023 - Add ability to call initializeAppCheck without a provider. If no provider is passed to initializeAppCheck, App Check will attempt to initialize with a ReCaptchaEnterpriseProvider using the site key found in the recaptchaSiteKey field of the Firebase project config.

@​firebase/app-check@​0.12.0

Minor Changes

  • 420156e #10023 - Add ability to call initializeAppCheck without a provider. If no provider is passed to initializeAppCheck, App Check will attempt to initialize with a ReCaptchaEnterpriseProvider using the site key found in the recaptchaSiteKey field of the Firebase project config.

Patch Changes

  • e389f70 #9991 (fixes #9405) - Fix error causing Auth and AppCheck conflict when both are using ReCAPTCHA Enterprise.

firebase@12.15.0

Minor Changes

  • 043c0ab #9929 - Merge offline pipeline implementation with one minor API change

  • 420156e #10023 - Add ability to call initializeAppCheck without a provider. If no provider is passed to initializeAppCheck, App Check will attempt to initialize with a ReCaptchaEnterpriseProvider using the site key found in the recaptchaSiteKey field of the Firebase project config.

Patch Changes

@​firebase/firestore@​4.16.0

Minor Changes

  • 043c0ab #9929 - Merge offline pipeline implementation with one minor API change

@​firebase/ai@​2.13.1

Patch Changes

... (truncated)

Commits
  • 05c2691 Version Packages (#10080)
  • 93cecd0 Merge main into release
  • fa26af2 Change setup-node@master to v4 (#10090)
  • 67c41e3 Merge main into release
  • 9bef5ab feat(ai): Deprecate Google Maps Grounding enableWidget (#10035)
  • 40b2a8c run ratchet (#10064)
  • 3dcf8ec Revert "chore(ci): make all firestore integration tests optional (#10028)" (#...
  • 36d0ca3 Merge main into release
  • 6990f26 Fix querystring to always use apiKey even if a key is specified in the reques...
  • 712091c Support API key referrer restrictions by changing the Auth SDK referrer polic...
  • Additional commits viewable in compare view

Updates react-hook-form from 7.78.0 to 7.80.0

Release notes

Sourced from react-hook-form's releases.

Version 7.80.0

🧄 feat: disable useFieldArray fields (#13535)

const { fields } = useFieldArray({ disabled: true });
fields[0].disabled; // contains disabled props

🛺 perf: make rhf more performant (#13524) 🐞 fix(deepEqual): empty array and empty plain object should not be equal (#13533)

thanks to @​JSap0914

Version 7.79.0

🚷 feat: use field array disabled (#13520)

useFieldArray({ disabled, name: 'test' })

🐞 fix controller onChange promise (#13518) 🐞 fix: track visited pairs in deepEqual to avoid false positives with shared object references (#13515) 🐞 fix #12651 issue: field validation with shouldUseNativeValidation does not behave native like for radio groups (#13512) 🐞 fix #12754 createFormControl breaks with fast refresh in dev mode (#13511) 🐞 close #12709 #12750 StrictMode would remove field value & get mounted again (#13508) 🐞 fix #13505 issue: In v8 with React compiler, a change in formState errors does not cause child components to re-render (#13510)

thanks to @​DucMinhNe & @​louzhedong

Changelog

Sourced from react-hook-form's changelog.

[7.80.0] - 2026-06-20

Added

  • disabled prop support for individual fields within useFieldArray

Fixed

  • deepEqual incorrectly treating empty array [] and empty plain object {} as equal

Performance

  • Improve onChange, setValid, dirty checking, setValue, and setValues performance

[7.79.0] - 2026-06-13

Added

  • disabled option to useFieldArray

Fixed

  • Controller onChange promise return type
  • deepEqual false positives with shared object references
  • shouldUseNativeValidation behavior for radio groups
  • createFormControl stability with fast refresh in dev mode
  • StrictMode value preservation during remount
  • formState.errors reactivity with React compiler
Commits

Updates react-router-dom from 7.17.0 to 7.18.1

Changelog

Sourced from react-router-dom's changelog.

v7.18.1

Patch Changes

v7.18.0

Patch Changes

Commits

Updates @types/node from 22.19.20 to 22.20.0

Commits

Updates @typescript-eslint/eslint-plugin from 8.61.0 to 8.62.1

Release notes

Sourced from @​typescript-eslint/eslint-plugin's releases.

v8.62.1

8.62.1 (2026-06-29)

🩹 Fixes

  • eslint-plugin: [prefer-optional-chain] use suggestion instead of autofix for trailing binary operator (#12328)
  • eslint-plugin: [no-unnecessary-boolean-literal-compare] preserve boolean result in fixer for nullable true comparisons (#12365)
  • eslint-plugin: [no-unnecessary-type-assertion] parenthesize object literal at left edge of expression statement (#12443, #12418)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.62.0

8.62.0 (2026-06-22)

🚀 Features

  • remove redundant package.json "files" (#12444)

🩹 Fixes

  • add "files" to rule-schema-to-typescript-types (#12441)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.61.1

8.61.1 (2026-06-15)

🩹 Fixes

  • eslint-plugin: [consistent-indexed-object-style] do not remove comments when fixing (#12396, #10577)
  • eslint-plugin: [no-unnecessary-type-assertion] avoid false positive for template literal expressions (#12281)
  • eslint-plugin: [no-unnecessary-type-assertion] wrap object literal in parens when removing TSTypeAssertion in arrow body (#12394, #12393)
  • eslint-plugin: [no-unnecessary-boolean-literal-compare] fix precedence bug in autofix (#12413)
  • eslint-plugin: [no-unnecessary-template-expression] respect ECMAScript line terminators (#12388)

... (truncated)

Changelog

Sourced from @​typescript-eslint/eslint-plugin's changelog.

8.62.1 (2026-06-29)

🩹 Fixes

  • eslint-plugin: [no-unnecessary-type-assertion] parenthesize object literal at left edge of expression statement (#12443, #12418)
  • eslint-plugin: [no-unnecessary-boolean-literal-compare] preserve boolean result in fixer for nullable true comparisons (#12365)
  • eslint-plugin: [prefer-optional-chain] use suggestion instead of autofix for trailing binary operator (#12328)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.62.0 (2026-06-22)

🚀 Features

  • remove redundant package.json "files" (#12444)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.61.1 (2026-06-15)

🩹 Fixes

  • eslint-plugin: [no-unnecessary-template-expression] respect ECMAScript line terminators (#12388)
  • eslint-plugin: [no-unnecessary-boolean-literal-compare] fix precedence bug in autofix (#12413)
  • eslint-plugin: [no-unnecessary-type-assertion] wrap object literal in parens when removing TSTypeAssertion in arrow body (#12394, #12393)
  • eslint-plugin: [no-unnecessary-type-assertion] avoid false positive for template literal expressions (#12281)
  • eslint-plugin: [consistent-indexed-object-style] do not remove comments when fixing (#12396, #10577)

❤️ Thank You

... (truncated)

Commits
  • 3ea32f4 chore(release): publish 8.62.1
  • 4ecca6d fix(eslint-plugin): [no-unnecessary-type-assertion] parenthesize object liter...
  • f3a7ec7 chore(eslint-plugin-internal): [no-dynamic-tests] restrict where noFormat can...
  • 301f350 fix(eslint-plugin): [no-unnecessary-boolean-literal-compare] preserve boolean...
  • ebce2d4 fix(eslint-plugin): [prefer-optional-chain] use suggestion instead of autofix...
  • 54e2857 chore(release): publish 8.62.0
  • 81e4c26 feat: remove redundant package.json "files" (#12444)
  • b784054 chore: use stableTypeOrdering compiler option (#12427)
  • aaad718 chore(release): publish 8.61.1
  • 0cc8f35 fix(eslint-plugin): [no-unnecessary-template-expression] respect ECMAScript l...
  • Additional commits viewable in compare view

Updates @typescript-eslint/parser from 8.61.0 to 8.62.1

Release notes

Sourced from @​typescript-eslint/parser's releases.

v8.62.1

8.62.1 (2026-06-29)

🩹 Fixes

  • eslint-plugin: [prefer-optional-chain] use suggestion instead of autofix for trailing binary operator (#12328)
  • eslint-plugin: [no-unnecessary-boolean-literal-compare] preserve boolean result in fixer for nullable true comparisons (#12365)
  • eslint-plugin: [no-unnecessary-type-assertion] parenthesize object literal at left edge of expression statement (#12443, #12418)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.62.0

8.62.0 (2026-06-22)

🚀 Features

  • remove redundant package.json "files" (#12444)

🩹 Fixes

  • add "files" to rule-schema-to-typescript-types (#12441)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.61.1

8.61.1 (2026-06-15)

🩹 Fixes

  • eslint-plugin: [consistent-indexed-object-style] do not remove comments when fixing (#12396, #10577)
  • eslint-plugin: [no-unnecessary-type-assertion] avoid false positive for template literal expressions (#12281)
  • eslint-plugin: [no-unnecessary-type-assertion] wrap object literal in parens when removing TSTypeAssertion in arrow body (#12394, #12393)
  • eslint-plugin: [no-unnecessary-boolean-literal-compare] fix precedence bug in autofix (#12413)
  • eslint-plugin: [no-unnecessary-template-expression] respect ECMAScript line terminators (#12388)

... (truncated)

Changelog

Sourced from @​typescript-eslint/parser's changelog.

8.62.1 (2026-06-29)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.62.0 (2026-06-22)

🚀 Features

  • remove redundant package.json "files" (#12444)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.61.1 (2026-06-15)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

Updates @vitejs/plugin-react from 6.0.2 to 6.0.3

Changelog

Sourced from @​vitejs/plugin-react's changelog.

6.0.3 (2026-06-23)

Commits
  • 640fd35 release: plugin-react@6.0.3
  • 889efb0 fix(deps): update all non-major dependencies (#1249)
  • 6c57dd4 fix(plugin-react): use '/' base in bundledDev preamble to fix non-root base p...
  • 3cc33a7 fix(deps): update react-related dependencies (#1245)
  • c0f7c7f docs: mention the Biome rule in the "Consistent components exports" section (...
  • cd80f0f fix(deps): update all non-major dependencies (#1241)
  • e38acca fix(deps): update all non-major dependencies (#1227)
  • 9a9bb26 perf(react): improve react compiler preset so that slightly more modules are ...
  • See full diff in compare view

Updates autoprefixer from 10.5.0 to 10.5.2

Release notes

Sourced from autoprefixer's releases.

10.5.2

  • Moved -webkit-fill-available before -moz-available, so Firefox will use -webkit- version which is closer to stretch.

10.5.1

Changelog

Sourced from autoprefixer's changelog.

10.5.2

  • Moved -webkit-fill-available before -moz-available, so Firefox will use -webkit- version which is closer to stretch.

10.5.1

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for autoprefixer since your current version.


Updates firebase-tools from 15.19.1 to 15.22.3

Release notes

Sourced from firebase-tools's releases.

v15.22.3

  • Disable 'keep-alive' in google-auth-library calls to avoid Premature close errors on some Node versions (#10716).

v15.22.2

  • Upgrade zod to v4 and drop the deprecated zod-to-json-schema dependency in favor of zod v4's built-in z.toJSONSchema().
  • Updated the Firebase Data Connect local toolkit to v3.4.14, which includes the following changes:
    • Fix linter warnings in generated Kotlin SDK files.
  • Changed calls to 'cloudbilling.googleapis.com' to use user project quota to avoid shared quota exhaustion issues.
  • Fixed an intermittent "Premature close" error during login and API requests by retrying once without keep-alive. (#10692)

v15.22.1

  • Fixed various issues with Data Connect emulator / deploy by updating binary to version 3.4.13.
  • Temporarily pinned firebase-docker-image to Node 24.16.0 to mitigate nodejs/node#63989.

v15.22.0

  • Added apphosting:secrets:revokeaccess command. (#10669)
  • Updated Pub/Sub emulator to version 0.8.33.
  • Updated Data Connect emulator to version 3.4.12.
  • Fix Data Connect non-deterministic output order of generated SDK files when compiled from multiple GQL source files.
  • Optimize Data Connect singular relation filters on PKs to avoid EXISTS subqueries.

v15.21.0

  • Fixed an issue where login:*, target:*, and ext:* subcommands were missing from firebase --help.
  • Functions can declare additional API dependencies (#10621)
  • Added mock Passkey (WebAuthn) support to the Auth emulator. (#10636)
  • Fixes spawn activate.bat ENOENT error on Windows when initializing Python functions. (#10608)
  • Fixed an issue where Cloud Run rewrites in the Hosting emulator would always hit the live Cloud Run API instead of routing to the local functions emulator. (#10588)
  • Removed temporary warning directing Dart functions users to Cloud Console, as Firebase Console now supports Dart functions. (#10584)
  • Updated the Firebase Data Connect local toolkit to v3.4.11, which includes the following changes:
    • [changed] Updated the Golang dependency version to 1.25.11.
  • Fixed issue where apptesting:execute command rejects documented --test-username, --test-password, and --test-password-file options.
  • Updated Web Frameworks to warn about missing SSRF protection config in Angular 22 deploys (#10523)
  • Fixed an issue where Astro 6 SSR deploys returned HTTP 500 by preserving the server/ directory in the generated Cloud Function. (#10537)

v15.20.0

  • Removed the prompt and backend deletion of Data Connect services during firebase deploy. (#10619)
  • Fixes firebase init dataconnect failing with ENOEXEC when creating a new template app on some operating systems. (#10616)
  • Support setting the Google Cloud Storage (GCS) test results bucket in apptesting:execute and appdistribution:distribute
Commits
  • 0a43888 15.22.3
  • 99a945b fix: configure npm registry for firepit-builder in cloudbuild (#10720)
  • 2ad25cf fix: disable keep-alive on GoogleAuth transporter to avoid Premature close er...
  • a0a3d67 [firebase-release] Removed change log and reset repo after 15.22.2 release
  • a58d885 15.22.2
  • e72e51e feat: use user project quota for cloudbilling API calls (#10712)
  • 04e1bfc feat: cache cloudbilling API checks to reduce 429 quota issues (#10711)
  • 72dccb3 Retry without keep-alive after a premature close error (#10697)
  • 85fd359 Update FDC emulator to v3.4.14 (#10702)
  • 98265db feat: Add service mapping and defensive global region check for v2 Auth Event...
  • Additional commits viewable in compare view

Updates postcss from 8.5.15 to 8.5.16

Release notes

Sourced from postcss's releases.

8.5.16

Changelog

Sourced from postcss's changelog.

8.5.16

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for postcss since your current version.


Updates prettier from 3.8.3 to 3.9.3

Release notes

Sourced from prettier's releases.

3.9.3

🔗 Changelog

3.9.1

🔗 Changelog

3.9.0

diff

🔗 Prettier 3.9: Major parser upgrades and Formatting improvements

3.8.5

🔗 Changelog

3.8.4

🔗 Changelog

Changelog

Sourced from prettier's changelog.

3.9.3

diff

Markdown: Fix unexpected removal of characters in liquid syntax (#19489 by @​seiyab)

// Input
<!-- Input -->
{{ page.title
}} text
<!-- Prettier 3.9.1 -->
{{ page.title
text
<!-- Prettier 3.9.3 -->
{{ page.title
}} text

TypeScript: Allow decorators to be used with declare on class fields (#19492 by @​evoactivity)

Extensively used within the Ember ecosystem, decorators with declare on class fields will ignore the babel parser error and allow Prettier to format the code without breaking it.

// Input
export default class ProjectStatusComponent extends Component<ProjectStatusSig> {
  @service declare server: ServerService;
}
// Prettier 3.9.1
// SyntaxError: Decorators can't be used with a declare field. (2:3)
//  1 | export default class ProjectStatusComponent extends Component<ProjectStatusSig> {
//> 2 |   @​service declare server: ServerService;
//    |   ^
//  3 | }
// Prettier 3.9.3
export default class ProjectStatusComponent extends Component<ProjectStatusSig> {
@​service declare server: ServerService;
}

3.9.1

diff

... (truncated)

Commits
  • 3732e1d Release 3.9.3
  • a74a7b0 Allow decorators to be used with declare on class fields (#19492)
  • bd9e11a Correct text identification in liquid syntax (#19489)
  • 269eee3 Bump Prettier dependency to 3.9.1
  • ec7ccd1 Clean changelog_unreleased
  • c47654c Release 3.9.1
  • 06159aa Fix bug in release script
  • 4bc5ab4 Update file-entry-cache to 11.1.5 (#19483)
  • b7fd58b Release @prettier/plugin-oxc@0.2.0 and @prettier/plugin-hermes@0.2.0
  • 3006400 Revert changes in release script
  • Additional commits viewable in compare view

Updates vite from 8.0.16 to 8.1.0

Release notes

Sourced from vite's releases.

create-vite@8.1.0

Please refer to CHANGELOG.md for details.

plugin-legacy@8.1.0

Please refer to CHANGELOG.md for details.

v8.1.0

Please refer to CHANGELOG.md for details.

plugin-legacy@8.1.0-beta.0

Please refer to CHANGELOG.md for details.

v8.1.0-beta.0

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.1.0 (2026-06-23)

Features

  • extend server.fs.deny list with common files (#22707) (61ba8fd)
  • update rolldown to 1.1.2 (#22695) (

…16 updates

Bumps the root-minor-patch group with 15 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@fortawesome/fontawesome-svg-core](https://github.com/FortAwesome/Font-Awesome) | `7.2.0` | `7.3.0` |
| [@fortawesome/free-brands-svg-icons](https://github.com/FortAwesome/Font-Awesome) | `7.2.0` | `7.3.0` |
| [@fortawesome/free-regular-svg-icons](https://github.com/FortAwesome/Font-Awesome) | `7.2.0` | `7.3.0` |
| [@fortawesome/free-solid-svg-icons](https://github.com/FortAwesome/Font-Awesome) | `7.2.0` | `7.3.0` |
| [firebase](https://github.com/firebase/firebase-js-sdk) | `12.14.0` | `12.15.0` |
| [react-hook-form](https://github.com/react-hook-form/react-hook-form) | `7.78.0` | `7.80.0` |
| [react-router-dom](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom) | `7.17.0` | `7.18.1` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `22.19.20` | `22.20.0` |
| [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) | `8.61.0` | `8.62.1` |
| [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react) | `6.0.2` | `6.0.3` |
| [autoprefixer](https://github.com/postcss/autoprefixer) | `10.5.0` | `10.5.2` |
| [firebase-tools](https://github.com/firebase/firebase-tools) | `15.19.1` | `15.22.3` |
| [postcss](https://github.com/postcss/postcss) | `8.5.15` | `8.5.16` |
| [prettier](https://github.com/prettier/prettier) | `3.8.3` | `3.9.3` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `8.0.16` | `8.1.0` |



Updates `@fortawesome/fontawesome-svg-core` from 7.2.0 to 7.3.0
- [Release notes](https://github.com/FortAwesome/Font-Awesome/releases)
- [Changelog](https://github.com/FortAwesome/Font-Awesome/blob/7.x/CHANGELOG.md)
- [Commits](FortAwesome/Font-Awesome@7.2.0...7.3.0)

Updates `@fortawesome/free-brands-svg-icons` from 7.2.0 to 7.3.0
- [Release notes](https://github.com/FortAwesome/Font-Awesome/releases)
- [Changelog](https://github.com/FortAwesome/Font-Awesome/blob/7.x/CHANGELOG.md)
- [Commits](FortAwesome/Font-Awesome@7.2.0...7.3.0)

Updates `@fortawesome/free-regular-svg-icons` from 7.2.0 to 7.3.0
- [Release notes](https://github.com/FortAwesome/Font-Awesome/releases)
- [Changelog](https://github.com/FortAwesome/Font-Awesome/blob/7.x/CHANGELOG.md)
- [Commits](FortAwesome/Font-Awesome@7.2.0...7.3.0)

Updates `@fortawesome/free-solid-svg-icons` from 7.2.0 to 7.3.0
- [Release notes](https://github.com/FortAwesome/Font-Awesome/releases)
- [Changelog](https://github.com/FortAwesome/Font-Awesome/blob/7.x/CHANGELOG.md)
- [Commits](FortAwesome/Font-Awesome@7.2.0...7.3.0)

Updates `firebase` from 12.14.0 to 12.15.0
- [Release notes](https://github.com/firebase/firebase-js-sdk/releases)
- [Changelog](https://github.com/firebase/firebase-js-sdk/blob/main/CHANGELOG.md)
- [Commits](https://github.com/firebase/firebase-js-sdk/compare/firebase@12.14.0...firebase@12.15.0)

Updates `react-hook-form` from 7.78.0 to 7.80.0
- [Release notes](https://github.com/react-hook-form/react-hook-form/releases)
- [Changelog](https://github.com/react-hook-form/react-hook-form/blob/master/CHANGELOG.md)
- [Commits](react-hook-form/react-hook-form@v7.78.0...v7.80.0)

Updates `react-router-dom` from 7.17.0 to 7.18.1
- [Release notes](https://github.com/remix-run/react-router/releases)
- [Changelog](https://github.com/remix-run/react-router/blob/react-router-dom@7.18.1/packages/react-router-dom/CHANGELOG.md)
- [Commits](https://github.com/remix-run/react-router/commits/react-router-dom@7.18.1/packages/react-router-dom)

Updates `@types/node` from 22.19.20 to 22.20.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `@typescript-eslint/eslint-plugin` from 8.61.0 to 8.62.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.62.1/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.61.0 to 8.62.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.62.1/packages/parser)

Updates `@vitejs/plugin-react` from 6.0.2 to 6.0.3
- [Release notes](https://github.com/vitejs/vite-plugin-react/releases)
- [Changelog](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite-plugin-react/commits/plugin-react@6.0.3/packages/plugin-react)

Updates `autoprefixer` from 10.5.0 to 10.5.2
- [Release notes](https://github.com/postcss/autoprefixer/releases)
- [Changelog](https://github.com/postcss/autoprefixer/blob/main/CHANGELOG.md)
- [Commits](postcss/autoprefixer@10.5.0...10.5.2)

Updates `firebase-tools` from 15.19.1 to 15.22.3
- [Release notes](https://github.com/firebase/firebase-tools/releases)
- [Commits](firebase/firebase-tools@v15.19.1...v15.22.3)

Updates `postcss` from 8.5.15 to 8.5.16
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.5.15...8.5.16)

Updates `prettier` from 3.8.3 to 3.9.3
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](prettier/prettier@3.8.3...3.9.3)

Updates `vite` from 8.0.16 to 8.1.0
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/create-vite@8.1.0/packages/vite)

---
updated-dependencies:
- dependency-name: "@fortawesome/fontawesome-svg-core"
  dependency-version: 7.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: root-minor-patch
- dependency-name: "@fortawesome/free-brands-svg-icons"
  dependency-version: 7.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: root-minor-patch
- dependency-name: "@fortawesome/free-regular-svg-icons"
  dependency-version: 7.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: root-minor-patch
- dependency-name: "@fortawesome/free-solid-svg-icons"
  dependency-version: 7.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: root-minor-patch
- dependency-name: firebase
  dependency-version: 12.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: root-minor-patch
- dependency-name: react-hook-form
  dependency-version: 7.80.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: root-minor-patch
- dependency-name: react-router-dom
  dependency-version: 7.18.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: root-minor-patch
- dependency-name: "@types/node"
  dependency-version: 22.20.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: root-minor-patch
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.62.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: root-minor-patch
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.62.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: root-minor-patch
- dependency-name: "@vitejs/plugin-react"
  dependency-version: 6.0.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: root-minor-patch
- dependency-name: autoprefixer
  dependency-version: 10.5.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: root-minor-patch
- dependency-name: firebase-tools
  dependency-version: 15.22.3
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: root-minor-patch
- dependency-name: postcss
  dependency-version: 8.5.16
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: root-minor-patch
- dependency-name: prettier
  dependency-version: 3.9.3
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: root-minor-patch
- dependency-name: vite
  dependency-version: 8.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: root-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 29, 2026
@socket-security

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm @emnapi/runtime is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: package-lock.jsonnpm/vite@8.1.0npm/@emnapi/runtime@1.11.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@emnapi/runtime@1.11.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm firebase-tools is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: package-lock.jsonnpm/firebase-tools@15.22.3

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/firebase-tools@15.22.3. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants