deps(frontend)(deps): bump the tanstack group across 1 directory with 3 updates#144
Closed
dependabot[bot] wants to merge 1 commit into
Closed
deps(frontend)(deps): bump the tanstack group across 1 directory with 3 updates#144dependabot[bot] wants to merge 1 commit into
dependabot[bot] wants to merge 1 commit into
Conversation
… 3 updates Bumps the tanstack group with 3 updates in the /frontend directory: [@tanstack/react-query](https://github.com/TanStack/query/tree/HEAD/packages/react-query), [@tanstack/react-router](https://github.com/TanStack/router/tree/HEAD/packages/react-router) and [@tanstack/react-virtual](https://github.com/TanStack/virtual/tree/HEAD/packages/react-virtual). Updates `@tanstack/react-query` from 5.100.14 to 5.101.0 - [Release notes](https://github.com/TanStack/query/releases) - [Changelog](https://github.com/TanStack/query/blob/main/packages/react-query/CHANGELOG.md) - [Commits](https://github.com/TanStack/query/commits/@tanstack/react-query@5.101.0/packages/react-query) Updates `@tanstack/react-router` from 1.170.8 to 1.170.11 - [Release notes](https://github.com/TanStack/router/releases) - [Changelog](https://github.com/TanStack/router/blob/main/packages/react-router/CHANGELOG.md) - [Commits](https://github.com/TanStack/router/commits/@tanstack/react-router@1.170.11/packages/react-router) Updates `@tanstack/react-virtual` from 3.13.24 to 3.14.2 - [Release notes](https://github.com/TanStack/virtual/releases) - [Changelog](https://github.com/TanStack/virtual/blob/main/packages/react-virtual/CHANGELOG.md) - [Commits](https://github.com/TanStack/virtual/commits/@tanstack/react-virtual@3.14.2/packages/react-virtual) --- updated-dependencies: - dependency-name: "@tanstack/react-query" dependency-version: 5.101.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: tanstack - dependency-name: "@tanstack/react-router" dependency-version: 1.170.11 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: tanstack - dependency-name: "@tanstack/react-virtual" dependency-version: 3.14.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: tanstack ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
Owner
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
Owner
|
Superseded by #148, which consolidates all open Dependabot bumps and resolves each dependency to the latest compatible release (this PR's bump is included there). |
Contributor
Author
|
This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests. To ignore these dependencies, configure ignore rules in dependabot.yml |
dependabot
Bot
deleted the
dependabot/npm_and_yarn/frontend/tanstack-1c1b23bdb0
branch
pacphi
added a commit
that referenced
this pull request
Jun 8, 2026
…#148) * chore(deps): consolidate Dependabot PRs #125–#147 (latest compatible) Applies every open Dependabot bump on one branch, resolving each dependency to the latest compatible release rather than the (sometimes already-stale) version the PR pinned. Where the applied version is newer than the PR target, it is noted below. Frontend (pnpm): - vitest: → 4.1.8 [#127, target 4.1.7 superseded] - @storybook/react + storybook: → 10.4.2 [#128, target 10.4.1 superseded] - eslint: → 10.4.1; typescript-eslint: → 8.61.0 [#139, ts-eslint 8.60.1 superseded] - idb-keyval: → 6.2.5 [#140] - vite: → 8.0.16 [#141] - date-fns: → 4.4.0 [#142] - turbo: → 2.9.16 [#143] - @tanstack/react-query 5.101.0, react-router 1.170.15 (target 1.170.11 superseded), react-virtual 3.14.2 [#144] - react-dom: → 19.2.7 [#145]; react bumped to 19.2.7 to satisfy peer - zustand: → 5.0.14 [#146] Backend (Cargo): - openssl: → 0.10.80 [#125] - serde_json: → 1.0.150 [#132] - axum-test: → 20.1.0 [#133] - redis: → 1.2.2 [#134] - sqlx: 0.8 → 0.9.0 [#135] (breaking — see below) - fastembed: → 5.16.0 [#136, target 5.15.0 superseded] - uuid: → 1.23.2 [#137] - llama-cpp-4: 0.2 → 0.3.1 [#138, target 0.3.0 superseded] Rust toolchain: - Docker base image rust 1.95-slim → 1.96-slim [#147] - Align rust-toolchain.toml channel and Cargo.toml MSRV to 1.96.0, plus docker-compose RUST_VERSION and the setup/deployment/maintainer/README docs. sqlx 0.9 breaking change: - sqlx 0.9 only implements SqlSafeStr for &'static str; runtime-built query strings now require an explicit safety assertion. Added a single audited choke point `db::audited_sql()` (wraps sqlx::AssertSqlSafe) with one authoritative doc comment, and routed all dynamic-SQL call sites through it (vectors, api, cleanup, mcp, main, integration tests). Every such string is composed only from literals and bind-parameter markers; all values are bound. Verified: backend build (all targets) + 1900+ tests + clippy (strict) + fmt; frontend typecheck + build + tests + eslint + prettier; markdown/yaml lint + internal link check. * docs: align remaining Rust version refs in plan docs to 1.96 Follow-up to the dep consolidation: bump the two plan-doc Rust references (builtin-llm prerequisites and the illustrative CI Dockerfile snippet) from 1.95 to 1.96 to match the upgraded toolchain. Immutable historical records (ADRs, the march-2026 audit) are intentionally left as-is.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the tanstack group with 3 updates in the /frontend directory: @tanstack/react-query, @tanstack/react-router and @tanstack/react-virtual.
Updates
@tanstack/react-queryfrom 5.100.14 to 5.101.0Release notes
Sourced from @tanstack/react-query's releases.
Changelog
Sourced from @tanstack/react-query's changelog.
Commits
f3d8d2aci: Version Packages (#10774)532bb29fix(tests): disable local coverage instrumentation (#10776)Updates
@tanstack/react-routerfrom 1.170.8 to 1.170.11Release notes
Sourced from @tanstack/react-router's releases.
Changelog
Sourced from @tanstack/react-router's changelog.
Commits
7fc7c34ci: Version Packages (#7525)0ac831bci: Version Packages (#7508)2f53749fix: fix primitive beforeLoad errors (#7505)8b36591ci: Version Packages (#7504)d1997b6fix: fix streaming (#7497)Updates
@tanstack/react-virtualfrom 3.13.24 to 3.14.2Release notes
Sourced from @tanstack/react-virtual's releases.
Changelog
Sourced from @tanstack/react-virtual's changelog.
Commits
b983b21ci: Version Packages (#1184)fbf3bdbfeat(virtual-core): adduseCachedMeasurementsoption to preserve sizes when...13dec39docs: add directDomUpdates and directDomUpdatesMode options (#1185)c33902fci: Version Packages (#1182)d789c6eci: Version Packages (#1181)73e115dfeat(react-virtual): add directDomUpdates for re-render-free scroll positioni...693d915ci: Version Packages (#1174)fc992abfeat: support end-anchored virtualizers (#1173)949180bci: Version Packages (#1169)99355adperf: virtual-core rewrite for mount/measure-storm, plus iOS Safari handling ...Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions