Skip to content

Chore(deps): Bump the minor-and-patch group across 1 directory with 20 updates#2902

Open
dependabot[bot] wants to merge 2 commits into
masterfrom
dependabot/npm_and_yarn/minor-and-patch-ee6f5b7d63
Open

Chore(deps): Bump the minor-and-patch group across 1 directory with 20 updates#2902
dependabot[bot] wants to merge 2 commits into
masterfrom
dependabot/npm_and_yarn/minor-and-patch-ee6f5b7d63

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 14, 2026

Copy link
Copy Markdown
Contributor

Bumps the minor-and-patch group with 20 updates in the / directory:

Package From To
@typescript-eslint/eslint-plugin 8.61.0 8.63.0
@typescript-eslint/parser 8.61.0 8.63.0
@vercel/ncc 0.44.0 0.44.1
prettier 3.8.4 3.9.4
ts-loader 9.6.0 9.6.2
webpack 5.107.2 5.108.4
eslint-plugin-jsdoc 63.0.11 63.0.12
styled-components 6.4.2 6.4.3
@ledgerhq/hw-app-str 7.7.4 7.7.5
@ledgerhq/hw-transport-webhid 6.35.4 6.36.0
@radix-ui/react-dialog 1.1.16 1.1.19
@radix-ui/react-popover 1.1.16 1.1.19
@sentry/browser 10.63.0 10.64.0
@tailwindcss/postcss 4.3.1 4.3.2
@types/chrome 0.1.43 0.2.2
react-router-dom 7.17.0 7.18.1
semver 7.8.4 7.8.5
tailwindcss 4.3.1 4.3.2
@playwright/test 1.61.0 1.61.1
postcss 8.5.15 8.5.16

Updates @typescript-eslint/eslint-plugin from 8.61.0 to 8.63.0

Release notes

Sourced from @​typescript-eslint/eslint-plugin's releases.

v8.63.0

8.63.0 (2026-07-06)

🚀 Features

  • eslint-plugin: [no-misused-promises] detect async usage of a sync dispose usage (#12426)

🩹 Fixes

  • eslint-plugin: [method-signature-style] suggest converting readonly function properties instead of emitting invalid syntax (#12447, #12446)
  • eslint-plugin: [no-unnecessary-type-assertion] handle optional-chained calls to overloaded functions (#12491, #12485)
  • eslint-plugin: [no-base-to-string] don't flag a shadowed String() call (#12492)
  • scope-manager: export ClassStaticBlockScope (#12460)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.62.1

8.62.1 (2026-06-29)

🩹 Fixes

  • eslint-plugin: [prefer-optional-chain] use suggestion instead of autofix for trailing binary operator (#12328)
  • eslint-plugin: [no-unnecessary-boolean-literal-compare] preserve boolean result in fixer for nullable true comparisons (#12365)
  • eslint-plugin: [no-unnecessary-type-assertion] parenthesize object literal at left edge of expression statement (#12443, #12418)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.62.0

8.62.0 (2026-06-22)

🚀 Features

... (truncated)

Changelog

Sourced from @​typescript-eslint/eslint-plugin's changelog.

8.63.0 (2026-07-06)

🚀 Features

  • eslint-plugin: [no-misused-promises] detect async usage of a sync dispose usage (#12426)

🩹 Fixes

  • eslint-plugin: [no-base-to-string] don't flag a shadowed String() call (#12492)
  • eslint-plugin: [no-unnecessary-type-assertion] handle optional-chained calls to overloaded functions (#12491, #12485)
  • eslint-plugin: [method-signature-style] suggest converting readonly function properties instead of emitting invalid syntax (#12447, #12446)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.62.1 (2026-06-29)

🩹 Fixes

  • eslint-plugin: [no-unnecessary-type-assertion] parenthesize object literal at left edge of expression statement (#12443, #12418)
  • eslint-plugin: [no-unnecessary-boolean-literal-compare] preserve boolean result in fixer for nullable true comparisons (#12365)
  • eslint-plugin: [prefer-optional-chain] use suggestion instead of autofix for trailing binary operator (#12328)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.62.0 (2026-06-22)

🚀 Features

  • remove redundant package.json "files" (#12444)

❤️ Thank You

... (truncated)

Commits
  • 290cf6c chore(release): publish 8.63.0
  • 8d8fda6 feat(eslint-plugin): [no-misused-promises] detect async usage of a sync dispo...
  • fec4f4f fix(eslint-plugin): [no-base-to-string] don't flag a shadowed String() call (...
  • fb3da79 fix(eslint-plugin): [no-unnecessary-type-assertion] handle optional-chained c...
  • dd02057 docs: [no-base-to-string] clarify ignoredTypeNames description (#12488)
  • 5b224e7 docs: [ban-ts-comment] clarify that @ts-expect-error is allowed by default ...
  • a9a9d43 docs: [restrict-template-expressions] clarify allowArray option behavior (#...
  • 091fe82 fix(eslint-plugin): [method-signature-style] suggest converting readonly func...
  • d5502f9 docs: clarify consistent-type-imports guidance for verbatimModuleSyntax (#12194)
  • 61a9dba chore(eslint-plugin): switch auto-generated test cases to hand-written in pre...
  • Additional commits viewable in compare view

Updates @typescript-eslint/parser from 8.61.0 to 8.63.0

Release notes

Sourced from @​typescript-eslint/parser's releases.

v8.63.0

8.63.0 (2026-07-06)

🚀 Features

  • eslint-plugin: [no-misused-promises] detect async usage of a sync dispose usage (#12426)

🩹 Fixes

  • eslint-plugin: [method-signature-style] suggest converting readonly function properties instead of emitting invalid syntax (#12447, #12446)
  • eslint-plugin: [no-unnecessary-type-assertion] handle optional-chained calls to overloaded functions (#12491, #12485)
  • eslint-plugin: [no-base-to-string] don't flag a shadowed String() call (#12492)
  • scope-manager: export ClassStaticBlockScope (#12460)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.62.1

8.62.1 (2026-06-29)

🩹 Fixes

  • eslint-plugin: [prefer-optional-chain] use suggestion instead of autofix for trailing binary operator (#12328)
  • eslint-plugin: [no-unnecessary-boolean-literal-compare] preserve boolean result in fixer for nullable true comparisons (#12365)
  • eslint-plugin: [no-unnecessary-type-assertion] parenthesize object literal at left edge of expression statement (#12443, #12418)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.62.0

8.62.0 (2026-06-22)

🚀 Features

... (truncated)

Changelog

Sourced from @​typescript-eslint/parser's changelog.

8.63.0 (2026-07-06)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.62.1 (2026-06-29)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.62.0 (2026-06-22)

🚀 Features

  • remove redundant package.json "files" (#12444)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.61.1 (2026-06-15)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

Updates @vercel/ncc from 0.44.0 to 0.44.1

Release notes

Sourced from @​vercel/ncc's releases.

0.44.1

0.44.1 (2026-06-29)

Bug Fixes

Commits

Updates prettier from 3.8.4 to 3.9.4

Release notes

Sourced from prettier's releases.

3.9.4

  • Angular: Format @content(name) -> @content (name) to align with other block syntax (#19499 by @​fisker)

🔗 Changelog

3.9.3

🔗 Changelog

3.9.1

🔗 Changelog

3.9.0

diff

🔗 Prettier 3.9: Major parser upgrades and Formatting improvements

3.8.5

🔗 Changelog

Changelog

Sourced from prettier's changelog.

3.9.4

diff

Angular: Format @content(name) -> @content (name) to align with other block syntax (#19499 by @​fisker)

<!-- Input -->
<FancyButton [label]="title">
  @content (icon) {
    <span>Icon!</span>
  }
  @content (description) {
    <span>Description text</span>
  }
  <span>Other children</span>
</FancyButton>
<!-- Prettier 3.9.3 -->
<FancyButton [label]="title">
@​content(icon) {
<span>Icon!</span>
}
@​content(description) {
<span>Description text</span>
}
<span>Other children</span>
</FancyButton>
<!-- Prettier 3.9.4 -->
<FancyButton [label]="title">
@​content (icon) {
<span>Icon!</span>
}
@​content (description) {
<span>Description text</span>
}
<span>Other children</span>
</FancyButton>

3.9.3

diff

Markdown: Fix unexpected removal of characters in liquid syntax (#19489 by @​seiyab)

</tr></table> 

... (truncated)

Commits
  • b693cb2 Release 3.9.4
  • 2e92ac0 Angular: Format @content(name) -> @content (name) to align with other blo...
  • abed2c2 Bump Prettier dependency to 3.9.3
  • 6cfbc00 Clean changelog_unreleased
  • 3732e1d Release 3.9.3
  • a74a7b0 Allow decorators to be used with declare on class fields (#19492)
  • bd9e11a Correct text identification in liquid syntax (#19489)
  • 269eee3 Bump Prettier dependency to 3.9.1
  • ec7ccd1 Clean changelog_unreleased
  • c47654c Release 3.9.1
  • Additional commits viewable in compare view

Updates ts-loader from 9.6.0 to 9.6.2

Release notes

Sourced from ts-loader's releases.

v9.6.2

Officially ts-loader has supported 3.6.3+ versions of TypeScript. This change means that certain scenarios with older versions of TS will now certainly fail. If anyone is actually using these versions it would be surprising.

v9.6.1

Changelog

Sourced from ts-loader's changelog.

9.6.2

Officially ts-loader has supported 3.6.3+ versions of TypeScript. This change means that certain scenarios with older versions of TS will now certainly fail. If anyone is actually using these versions it would be surprising.

9.6.1

Commits
  • b347bb7 chore: trim runtime dependencies — remove enhanced-resolve/semver, swap micro...
  • 32d82e6 fix: rspack support (#1699)
  • 6bd992e chore: Update GitHub Actions workflow for release
  • See full diff in compare view

Updates webpack from 5.107.2 to 5.108.4

Release notes

Sourced from webpack's releases.

v5.108.4

Patch Changes

v5.108.3

Patch Changes

v5.108.2

Patch Changes

v5.108.1

Patch Changes

  • Fix invalid property access for escaped namespace imports with multi-character mangled export names. (by @​xiaoxiaojx in #21280)

  • Add frames to ProfilingPlugin TracingStartedInBrowser event so the trace loads in Chrome DevTools. (by @​alexander-akait in #21269)

v5.108.0

Minor Changes

  • Treat top-level await and import.meta as ES module markers, matching Node.js syntax detection so no explicit module type is needed. (by @​alexander-akait in #21218)

... (truncated)

Changelog

Sourced from webpack's changelog.

5.108.4

Patch Changes

5.108.3

Patch Changes

5.108.2

Patch Changes

5.108.1

Patch Changes

  • Fix invalid property access for escaped namespace imports with multi-character mangled export names. (by @​xiaoxiaojx in #21280)

  • Add frames to ProfilingPlugin TracingStartedInBrowser event so the trace loads in Chrome DevTools. (by @​alexander-akait in #21269)

... (truncated)

Commits
  • bb9ccfd chore(release): new release (#21319)
  • 7639066 fix: invalidate provided-exports cache with lazy barrel (#21326)
  • ae28c54 perf: reduce CPU and memory overhead of the HTML and CSS pipelines (#21332)
  • e6fb547 perf: re-encode the HTML AST as struct-of-arrays behind a path-based visitor ...
  • 5ce1c22 fix(html): resolve asset URLs against <base href> (#21329)
  • 0e43c4a test(html): cover generateError, ignored-source, and null-character parse pat...
  • cebd793 refactor: build export-presence guards from a lazy boolean formula (#21320)
  • c2628cf fix: don't resolve new URL() directory references as modules (#21312)
  • 00d8b2f perf: speed up non-CSS-Modules CSS parsing by skipping unused AST work (#21324)
  • f7a3f6d perf: reduce HTML parser memory and CPU with parser-level skip options (#21323)
  • Additional commits viewable in compare view

Updates eslint-plugin-jsdoc from 63.0.11 to 63.0.12

Release notes

Sourced from eslint-plugin-jsdoc's releases.

v63.0.12

63.0.12 (2026-07-06)

Bug Fixes

Commits

Updates styled-components from 6.4.2 to 6.4.3

Release notes

Sourced from styled-components's releases.

styled-components@6.4.3

Patch Changes

  • f692ec2: Fix a TypeScript error when wrapping a component whose props can't be statically read, such as Mantine v7's polymorphic-factory components (Button, Card, Menu.Item, and similar). These styled components no longer reject every prop, including children; arbitrary props are accepted again at the JSX call site and via .attrs(), while components with readable prop types stay fully type-checked.
  • f692ec2: Keep TypeScript attribute autocomplete working while you type props on a polymorphic styled component. When a component renders a different element through as (for example as="video"), beginning to type a new prop name could make the whole suggestion list vanish; the rendered element's props now keep autocompleting as you go.

styled-components@6.4.3-prerelease-20260602021501

Patch Changes

  • f692ec2: Fix a TypeScript error when wrapping a component whose props can't be statically read, such as Mantine v7's polymorphic-factory components (Button, Card, Menu.Item, and similar). These styled components no longer reject every prop, including children; arbitrary props are accepted again at the JSX call site and via .attrs(), while components with readable prop types stay fully type-checked.
  • f692ec2: Keep TypeScript attribute autocomplete working while you type props on a polymorphic styled component. When a component renders a different element through as (for example as="video"), beginning to type a new prop name could make the whole suggestion list vanish; the rendered element's props now keep autocompleting as you go.

Full Changelog: styled-components/styled-components@styled-components@6.4.2...styled-components@6.4.3-prerelease-20260602021501

Commits
  • e066341 Version Packages
  • f692ec2 fix(types): permissive props for un-introspectable targets, plus as-target au...
  • See full diff in compare view

Updates @ledgerhq/hw-app-str from 7.7.4 to 7.7.5

Commits
  • 782f01b Merge release into main
  • e60462f chore(release): 🚀 prepare release [skip ci]
  • bbdd288 Merge pull request #19127 from LedgerHQ/lwd_410_release_notes
  • 5c97666 LWD 4.10 release notes
  • bace3e1 Merge pull request #19109 from LedgerHQ/support/qaa_release_fix_settings
  • 9b71dcf Merge pull request #19106 from LedgerHQ/support/qaa_fix_my_wallet_setting
  • 4e38e75 chore(prerelease): 🚀 release prerelease [LLD(4.10.0-next.6), LLM(4.10....
  • eec1dad Merge pull request #19098 from LedgerHQ/support/cherry-pick-ff-env-resolve-at...
  • 6a0d89f Merge pull request #19097 from LedgerHQ/support/release_fix_q1_w40
  • 98eb6d6 Merge pull request #19073 from LedgerHQ/fix/ff-env-flags-base-resolved
  • Additional commits viewable in compare view

Updates @ledgerhq/hw-transport-webhid from 6.35.4 to 6.36.0

Commits
  • 782f01b Merge release into main
  • e60462f chore(release): 🚀 prepare release [skip ci]
  • bbdd288 Merge pull request #19127 from LedgerHQ/lwd_410_release_notes
  • 5c97666 LWD 4.10 release notes
  • bace3e1 Merge pull request #19109 from LedgerHQ/support/qaa_release_fix_settings
  • 9b71dcf Merge pull request #19106 from LedgerHQ/support/qaa_fix_my_wallet_setting
  • 4e38e75 chore(prerelease): 🚀 release prerelease [LLD(4.10.0-next.6), LLM(4.10....
  • eec1dad Merge pull request #19098 from LedgerHQ/support/cherry-pick-ff-env-resolve-at...
  • 6a0d89f Merge pull request #19097 from LedgerHQ/support/release_fix_q1_w40
  • 98eb6d6 Merge pull request #19073 from LedgerHQ/fix/ff-env-flags-base-resolved
  • Additional commits viewable in compare view

Updates @radix-ui/react-dialog from 1.1.16 to 1.1.19

Changelog

Sourced from @​radix-ui/react-dialog's changelog.

1.1.19

  • Updated dependencies: @radix-ui/react-dismissable-layer@1.1.15, @radix-ui/primitive@1.1.5, @radix-ui/react-context@1.2.0, @radix-ui/react-focus-scope@1.1.12, @radix-ui/react-presence@1.1.7

1.1.18

  • Updated dependencies: @radix-ui/react-primitive@2.1.7, @radix-ui/react-dismissable-layer@1.1.14, @radix-ui/react-focus-scope@1.1.11, @radix-ui/react-portal@1.1.13

1.1.17

  • Removed dev-only warnings for dialogs when title and/or description is not rendered.
  • Fixed Dismissable Layer so outside interactions stopped by extension UI overlays do not dismiss dialogs or popovers.
  • Updated dependencies: @radix-ui/react-slot@1.3.0, @radix-ui/react-dismissable-layer@1.1.13, @radix-ui/react-primitive@2.1.6, @radix-ui/react-focus-scope@1.1.10, @radix-ui/react-portal@1.1.12
Commits

Updates @radix-ui/react-popover from 1.1.16 to 1.1.19

Changelog

Sourced from @​radix-ui/react-popover's changelog.

1.1.19

  • Updated dependencies: @radix-ui/react-dismissable-layer@1.1.15, @radix-ui/primitive@1.1.5, @radix-ui/react-context@1.2.0, @radix-ui/react-focus-scope@1.1.12, @radix-ui/react-presence@1.1.7, @radix-ui/react-popper@1.3.3

1.1.18

  • Updated dependencies: @radix-ui/react-primitive@2.1.7, @radix-ui/react-dismissable-layer@1.1.14, @radix-ui/react-focus-scope@1.1.11, @radix-ui/react-popper@1.3.2, @radix-ui/react-portal@1.1.13

1.1.17

  • Fixed Dismissable Layer so outside interactions stopped by extension UI overlays do not dismiss dialogs or popovers.
  • Updated dependencies: @radix-ui/react-slot@1.3.0, @radix-ui/react-popper@1.3.1, @radix-ui/react-dismissable-layer@1.1.13, @radix-ui/react-primitive@2.1.6, @radix-ui/react-focus-scope@1.1.10, @radix-ui/react-portal@1.1.12
Commits

Updates @sentry/browser from 10.63.0 to 10.64.0

Release notes

Sourced from @​sentry/browser's releases.

10.64.0

Important Changes

  • feat(cloudflare): Add nodejs_compat entrypoint (#21881)

    The Cloudflare SDK now ships a dedicated @sentry/cloudflare/nodejs_compat entrypoint for Workers running with the nodejs_compat flag. This entrypoint unlocks Node SDK features on Cloudflare, including the prismaIntegration (#21882) and AI v7 support for the vercelAiIntegration (#21917).

    This entrypoint is a drop-in replacement, so you can switch your imports from @sentry/cloudflare directly to @sentry/cloudflare/nodejs_compat. To use it, your Worker must set the nodejs_compat compatibility flag in wrangler.toml/wrangler.jsonc. This will become the default entrypoint in v11.

  • feat: Use Sentry's minimal OpenTelemetry tracer provider by default (#21666, #21680, #21842)

    The Node SDK now registers Sentry's own minimal SentryTracerProvider by default, which creates native Sentry spans directly instead of routing them through the full OpenTelemetry SDK span pipeline. This reduces overhead for the common case where you don't need the full OpenTelemetry tracing stack.

    If you rely on OpenTelemetry SDK features that the minimal provider doesn't support, you can opt out and fall back to the full OpenTelemetry BasicTracerProvider by setting openTelemetryBasicTracerProvider: true in your Sentry.init() options. Providing custom openTelemetrySpanProcessors also forces the full provider automatically.

Other Changes

  • feat(bun,deno,node): pg orchestrion instrumentation (#21826)
  • feat(bun): enable new mysql, pg integrations in 'bun build' (#21828)
  • feat(cloudflare): Enable AI v7 support for Cloudflare in the /nodejs_compat entrypoint (#21917)
  • feat(cloudflare): Expose prismaIntegration in nodejs_compat export (#21882)
  • feat(core): Add sentry.trace_lifecycle attribute (#21850)
  • feat(core): Add deferred segment-span transaction capture (#21839)
  • feat(deps): Bump OpenTelemetry dependencies to latest (#21988)
  • feat(mongoose): Instrument mongoose >= 9.7 via native tracing channels (#21803)
  • feat(replays): Record segment names that occur during replay (#21851)
  • fix(browser): Accept precisely-typed GrowthBook class in growthbookIntegration (#21825)
  • fix(browser): Flush telemetry when page is hidden (#21862)
  • fix(cloudflare): Catch potential errors during flush and dispose (#21976)
  • fix(core): Capture Anthropic stream stop_reason from message_delta (#21907)
  • fix(core): Print getTraceMetaTags in 1 line to prevent hydration errors (#22004)
  • fix(nextjs): Add immutable browser chunks to upload assets (#21978)
  • fix(nextjs): Handle Middleware.execute root spans on Node.js runtime (#22013)
  • fix(react/solid/vue): Instrument TanStack Router navigations via onBeforeLoad/onResolved (#21975)
  • chore: Add experimentalUseDiagnosticsChannelInjection in node size-limit (#21992)
  • chore: Add external contributor to CHANGELOG.md (#21945)
  • chore: Clarify usage of hoistTransitiveImports option (#21888)
  • chore: Make @​sentry/conventions sideEffect free during bundling (#22015)
  • chore: Remove runtime ESM/CJS switching (#21761)
  • chore(ci): Replace app-id with client-id in GH workflows (#21914)
  • chore(cloudflare): Disallow Node SDK usage outside of nodejs_compat (#21884)
  • chore(cloudflare): Disallow server-utils usage outside of nodejs_compat (#21918)
  • chore(node-core): Move isCjs to its own file to prevent sideEffects (#21856)
  • ci: Increase Node integration test timeout to 20 minutes (#21903)
  • deps(server-utils): Bump @​apm-js-collab/tracing-hooks to 0.10.1 (#21892)
  • feat(server-utils): Implement orchestrion-based instrumentation for vercel-ai v6 (#21658)

... (truncated)

Changelog

Sourced from @​sentry/browser's changelog.

10.64.0

Important Changes

  • feat(cloudflare): Add nodejs_compat entrypoint (#21881)

    The Cloudflare SDK now ships a dedicated @sentry/cloudflare/nodejs_compat entrypoint for Workers running with the nodejs_compat flag. This entrypoint unlocks Node SDK features on Cloudflare, including the prismaIntegration (#21882) and AI v7 support for the vercelAiIntegration (#21917).

    This entrypoint is a drop-in replacement, so you can switch your imports from @sentry/cloudflare directly to @sentry/cloudflare/nodejs_compat. To use it, your Worker must set the nodejs_compat compatibility flag in wrangler.toml/wrangler.jsonc. This will become the default entrypoint in v11.

  • feat: Use Sentry's minimal OpenTelemetry tracer provider by default (#21666, #21680, #21842)

    The Node SDK now registers Sentry's own minimal SentryTracerProvider by default, which creates native Sentry spans directly instead of routing them through the full OpenTelemetry SDK span pipeline. This reduces overhead for the common case where you don't need the full OpenTelemetry tracing stack.

    If you rely on OpenTelemetry SDK features that the minimal provider d...

    Description has been truncated

…0 updates

Bumps the minor-and-patch group with 20 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) | `8.61.0` | `8.63.0` |
| [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) | `8.61.0` | `8.63.0` |
| [@vercel/ncc](https://github.com/vercel/ncc) | `0.44.0` | `0.44.1` |
| [prettier](https://github.com/prettier/prettier) | `3.8.4` | `3.9.4` |
| [ts-loader](https://github.com/TypeStrong/ts-loader) | `9.6.0` | `9.6.2` |
| [webpack](https://github.com/webpack/webpack) | `5.107.2` | `5.108.4` |
| [eslint-plugin-jsdoc](https://github.com/gajus/eslint-plugin-jsdoc) | `63.0.11` | `63.0.12` |
| [styled-components](https://github.com/styled-components/styled-components) | `6.4.2` | `6.4.3` |
| [@ledgerhq/hw-app-str](https://github.com/LedgerHQ/ledger-live) | `7.7.4` | `7.7.5` |
| [@ledgerhq/hw-transport-webhid](https://github.com/LedgerHQ/ledger-live) | `6.35.4` | `6.36.0` |
| [@radix-ui/react-dialog](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/dialog) | `1.1.16` | `1.1.19` |
| [@radix-ui/react-popover](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/popover) | `1.1.16` | `1.1.19` |
| [@sentry/browser](https://github.com/getsentry/sentry-javascript) | `10.63.0` | `10.64.0` |
| [@tailwindcss/postcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-postcss) | `4.3.1` | `4.3.2` |
| [@types/chrome](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/chrome) | `0.1.43` | `0.2.2` |
| [react-router-dom](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom) | `7.17.0` | `7.18.1` |
| [semver](https://github.com/npm/node-semver) | `7.8.4` | `7.8.5` |
| [tailwindcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss) | `4.3.1` | `4.3.2` |
| [@playwright/test](https://github.com/microsoft/playwright) | `1.61.0` | `1.61.1` |
| [postcss](https://github.com/postcss/postcss) | `8.5.15` | `8.5.16` |



Updates `@typescript-eslint/eslint-plugin` from 8.61.0 to 8.63.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.63.0/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.61.0 to 8.63.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.63.0/packages/parser)

Updates `@vercel/ncc` from 0.44.0 to 0.44.1
- [Release notes](https://github.com/vercel/ncc/releases)
- [Commits](vercel/ncc@0.44.0...0.44.1)

Updates `prettier` from 3.8.4 to 3.9.4
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](prettier/prettier@3.8.4...3.9.4)

Updates `ts-loader` from 9.6.0 to 9.6.2
- [Release notes](https://github.com/TypeStrong/ts-loader/releases)
- [Changelog](https://github.com/TypeStrong/ts-loader/blob/main/CHANGELOG.md)
- [Commits](TypeStrong/ts-loader@v9.6.0...v9.6.2)

Updates `webpack` from 5.107.2 to 5.108.4
- [Release notes](https://github.com/webpack/webpack/releases)
- [Changelog](https://github.com/webpack/webpack/blob/main/CHANGELOG.md)
- [Commits](webpack/webpack@v5.107.2...v5.108.4)

Updates `eslint-plugin-jsdoc` from 63.0.11 to 63.0.12
- [Release notes](https://github.com/gajus/eslint-plugin-jsdoc/releases)
- [Commits](gajus/eslint-plugin-jsdoc@v63.0.11...v63.0.12)

Updates `styled-components` from 6.4.2 to 6.4.3
- [Release notes](https://github.com/styled-components/styled-components/releases)
- [Commits](https://github.com/styled-components/styled-components/compare/styled-components@6.4.2...styled-components@6.4.3)

Updates `@ledgerhq/hw-app-str` from 7.7.4 to 7.7.5
- [Release notes](https://github.com/LedgerHQ/ledger-live/releases)
- [Commits](https://github.com/LedgerHQ/ledger-live/compare/@ledgerhq/hw-app-str@7.7.4...@ledgerhq/hw-app-str@7.7.5)

Updates `@ledgerhq/hw-transport-webhid` from 6.35.4 to 6.36.0
- [Release notes](https://github.com/LedgerHQ/ledger-live/releases)
- [Commits](https://github.com/LedgerHQ/ledger-live/compare/@ledgerhq/hw-transport-webhid@6.35.4...@ledgerhq/hw-transport-webhid@6.36.0)

Updates `@radix-ui/react-dialog` from 1.1.16 to 1.1.19
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/dialog/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/dialog)

Updates `@radix-ui/react-popover` from 1.1.16 to 1.1.19
- [Changelog](https://github.com/radix-ui/primitives/blob/main/packages/react/popover/CHANGELOG.md)
- [Commits](https://github.com/radix-ui/primitives/commits/HEAD/packages/react/popover)

Updates `@sentry/browser` from 10.63.0 to 10.64.0
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md)
- [Commits](getsentry/sentry-javascript@10.63.0...10.64.0)

Updates `@tailwindcss/postcss` from 4.3.1 to 4.3.2
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.2/packages/@tailwindcss-postcss)

Updates `@types/chrome` from 0.1.43 to 0.2.2
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/chrome)

Updates `react-router-dom` from 7.17.0 to 7.18.1
- [Release notes](https://github.com/remix-run/react-router/releases)
- [Changelog](https://github.com/remix-run/react-router/blob/react-router-dom@7.18.1/packages/react-router-dom/CHANGELOG.md)
- [Commits](https://github.com/remix-run/react-router/commits/react-router-dom@7.18.1/packages/react-router-dom)

Updates `semver` from 7.8.4 to 7.8.5
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md)
- [Commits](npm/node-semver@v7.8.4...v7.8.5)

Updates `tailwindcss` from 4.3.1 to 4.3.2
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.2/packages/tailwindcss)

Updates `@playwright/test` from 1.61.0 to 1.61.1
- [Release notes](https://github.com/microsoft/playwright/releases)
- [Commits](microsoft/playwright@v1.61.0...v1.61.1)

Updates `postcss` from 8.5.15 to 8.5.16
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.5.15...8.5.16)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.63.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.63.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@vercel/ncc"
  dependency-version: 0.44.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: prettier
  dependency-version: 3.9.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: ts-loader
  dependency-version: 9.6.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: webpack
  dependency-version: 5.108.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: eslint-plugin-jsdoc
  dependency-version: 63.0.12
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: styled-components
  dependency-version: 6.4.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@ledgerhq/hw-app-str"
  dependency-version: 7.7.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@ledgerhq/hw-transport-webhid"
  dependency-version: 6.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@radix-ui/react-dialog"
  dependency-version: 1.1.19
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@radix-ui/react-popover"
  dependency-version: 1.1.19
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@sentry/browser"
  dependency-version: 10.64.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@tailwindcss/postcss"
  dependency-version: 4.3.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@types/chrome"
  dependency-version: 0.2.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: react-router-dom
  dependency-version: 7.18.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: semver
  dependency-version: 7.8.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: tailwindcss
  dependency-version: 4.3.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@playwright/test"
  dependency-version: 1.61.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: postcss
  dependency-version: 8.5.16
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jul 14, 2026
Copilot AI review requested due to automatic review settings July 14, 2026 17:05
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jul 14, 2026

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot can't review bot-authored pull requests automatically. A user with Copilot access can request a review manually.

@socket-security

socket-security Bot commented Jul 14, 2026

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm eslint-plugin-jsdoc is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: package.jsonnpm/eslint-plugin-jsdoc@63.0.12

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/eslint-plugin-jsdoc@63.0.12. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm webpack is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: package.jsonnpm/webpack@5.108.4

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/webpack@5.108.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants