chore(deps): bump the npm-dependencies group across 1 directory with 10 updates

[dependabot]

Bumps the npm-dependencies group with 10 updates in the /apps/web directory:

Package	From	To
@tailwindcss/vite	4.2.4	4.3.0
date-fns	4.1.0	4.4.0
react	19.2.5	19.2.7
@types/react	19.2.14	19.2.16
react-dom	19.2.5	19.2.7
react-router-dom	7.13.0	7.16.0
recharts	3.7.0	3.8.1
tailwind-merge	3.5.0	3.6.0
tailwindcss	4.2.4	4.3.0
msw	2.12.10	2.14.6

Updates @tailwindcss/vite from 4.2.4 to 4.3.0

Release notes

Sourced from @​tailwindcss/vite's releases.

v4.3.0

Added

• Add @container-size utility (#18901)
• Add scrollbar-{auto,thin,none} utilities for scrollbar-width, and scrollbar-thumb-* / scrollbar-track-* color utilities for scrollbar-color (#19981, #20019)
• Add scrollbar-gutter-* utilities (#20018)
• Add zoom-* utilities (#20020)
• Add tab-* utilities (#20022)
• Allow using @variant with stacked variants (e.g. @variant hover:focus { … }) (#19996)
• Allow using @variant with compound variants (e.g. @variant hover, focus { … }) (#19996)
• Support --default(…) in --value(…) and --modifier(…) for functional @utility definitions (#19989)

Fixed

• Ensure @plugin resolves package JavaScript entries instead of browser CSS entries when using @tailwindcss/vite (#19949)
• Fix relative @import and @plugin paths resolving from the wrong directory when using @tailwindcss/vite (#19965)
• Ensure CSS files containing @variant are processed by @tailwindcss/vite (#19966)
• Resolve imports relative to base when result.opts.from is not provided when using @tailwindcss/postcss (#19980)
• Canonicalization: preserve significant _ whitespace in arbitrary values (#19986)
• Canonicalization: add parentheses when removing whitespace from arbitrary values would hurt readability (e.g. w-[calc(100%---spacing(60))] → w-[calc(100%-(--spacing(60)))]) (#19986)
• Canonicalization: preserve the original unit in arbitrary values instead of normalizing to base units (e.g. -mt-[20in] → mt-[-20in], not mt-[-1920px]) (#19988)
• Canonicalization: migrate arbitrary :has() variants from [&:has(…)] to has-[…] (#19991)
• Upgrade: don’t migrate inline style attributes (e.g. style="flex-grow: 1" → style="flex-grow: 1", not style="grow: 1") (#19918)
• Allow multiple @utility definitions with the same name but different value types (#19777)
• Export missing PluginWithConfig type from tailwindcss/plugin to fix errors when inferring plugin config types (#19707)
• Ensure start and end legacy utilities without values do not generate CSS (#20003)
• Ensure --value(…) is required in functional @utility definitions (#20005)
• Canonicalization: preserve required whitespace around operators in negated arbitrary values (e.g. -left-[(var(--a)+var(--b))]) (#20011)

Changelog

Sourced from @​tailwindcss/vite's changelog.

[4.3.0] - 2026-05-08

Added

• Add @container-size utility (#18901)
• Add scrollbar-{auto,thin,none} utilities for scrollbar-width, and scrollbar-thumb-* / scrollbar-track-* color utilities for scrollbar-color (#19981, #20019)
• Add scrollbar-gutter-* utilities (#20018)
• Add zoom-* utilities (#20020)
• Add tab-* utilities (#20022)
• Allow using @variant with stacked variants (e.g. @variant hover:focus { … }) (#19996)
• Allow using @variant with compound variants (e.g. @variant hover, focus { … }) (#19996)
• Support --default(…) in --value(…) and --modifier(…) for functional @utility definitions (#19989)

Fixed

• Ensure @plugin resolves package JavaScript entries instead of browser CSS entries when using @tailwindcss/vite (#19949)
• Fix relative @import and @plugin paths resolving from the wrong directory when using @tailwindcss/vite (#19965)
• Ensure CSS files containing @variant are processed by @tailwindcss/vite (#19966)
• Resolve imports relative to base when result.opts.from is not provided when using @tailwindcss/postcss (#19980)
• Canonicalization: preserve significant _ whitespace in arbitrary values (#19986)
• Canonicalization: add parentheses when removing whitespace from arbitrary values would hurt readability (e.g. w-[calc(100%---spacing(60))] → w-[calc(100%-(--spacing(60)))]) (#19986)
• Canonicalization: preserve the original unit in arbitrary values instead of normalizing to base units (e.g. -mt-[20in] → mt-[-20in], not mt-[-1920px]) (#19988)
• Canonicalization: migrate arbitrary :has() variants from [&:has(…)] to has-[…] (#19991)
• Upgrade: don’t migrate inline style attributes (e.g. style="flex-grow: 1" → style="flex-grow: 1", not style="grow: 1") (#19918)
• Allow multiple @utility definitions with the same name but different value types (#19777)
• Export missing PluginWithConfig type from tailwindcss/plugin to fix errors when inferring plugin config types (#19707)
• Ensure start and end legacy utilities without values do not generate CSS (#20003)
• Ensure --value(…) is required in functional @utility definitions (#20005)
• Canonicalization: preserve required whitespace around operators in negated arbitrary values (e.g. -left-[(var(--a)+var(--b))]) (#20011)

Commits

• 588bd73 4.3.0 (#20023)
• d194d4c docs: fix various typos in comments and documentation (#19878)
• db27049 fix(@​tailwindcss/vite): include @​variant in feature detection (#19966)
• 5a79990 Always resolve relative files, relative to the current .css file (#19965)
• f3fdda2 fix(vite): avoid resolving JS plugins to browser CSS entries (#19949)
• See full diff in compare view

Updates date-fns from 4.1.0 to 4.4.0

Release notes

Sourced from date-fns's releases.

v4.4.0

This release revisits the approach to CDN usage and introduces a new package, @date-fns/cdn and deprecates the date-fns CDN scripts. It allowed reducing the zipped package size from 5.83 MB down to 3.96 MB without introducing any breaking changes.

In v5.0.0-alpha.0 where CDN scripts are completely removed from date-fns the change is more significant and brings the zipped package size down to 2.89 MB.

It is just the first step in optimizing the package size. Expect further size reduction in the future v4 and v5 versions.

Changed

• DEPRECATED: The date-fns CDN scripts are now deprecated and will be removed in the next major release. Please switch to the new @date-fns/cdn package for CDN usage.

• Removed CDN source maps to reduce the package size. If you rely on them, please switch to the new @date-fns/cdn package that still includes them.

v4.3.0

Kudos to @​ImRodry and @​puneetdixit200 for their contributions.

Fixed

• Fixed missing modularized optimization fallback (for Next.js and others). See #4193.

• Fixed pt locale first day of week to be Sunday. See #4195 by @​ImRodry.

• Fixed zh-CN, zh-HK, and zh-TW locale month parsing for October, November, and December. See #4194 by @​puneetdixit200.

v4.2.1

Fixed

• Fixed type definitions missing in v4.2.0 due to TypeScript misconfiguration.

v4.2.0

This is a minor release in all senses, it only includes documentation updates (first of many) that points to the new You Don't Need date-fns* page.

* Not really

Changed

• Added Temporal API references to the JSDoc annotations of add, addBusinessDays, and addDays.

Commits

• cd53d25 Promote to v4.4.0
• d948ec1 Preserve but deprecate CDN versions for v4, set up v5 with polyfills
• ee65753 Add root mise :format task
• 9f5bdf5 Add positional argument to test/smoke.sh script
• 651ead6 Split CDN bundles into separate @​date-fns/cdn package
• 224c1a2 Deprecate type tests as attw hangs on date-fns package
• 7bb2842 Switch PACKAGE_OUTPUT_PATH to --dist flag in the package build script
• b6ad5ac Add flags to control package build script
• 424a783 Fix docs release after moving to monorepo setup
• f95bcf1 (docs): Add missing tsx dependency
• Additional commits viewable in compare view

Updates react from 19.2.5 to 19.2.7

Release notes

Sourced from react's releases.

19.2.7 (June 1st, 2026)

React Server Components

• Fixed missing FormData entries in Server Actions which regressed in 19.2.6 (#36566 by @​unstubbable)

19.2.6 (May 6th, 2026)

React Server Components

• Type hardening and performance improvements (#36425 by @​eps1lon and @​unstubbable)

Commits

• 6117d7c Version 19.2.7 (#36591)
• eaf3e95 Version 19.2.6
• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react since your current version.

Updates @types/react from 19.2.14 to 19.2.16

Commits

• See full diff in compare view

Updates react-dom from 19.2.5 to 19.2.7

Release notes

Sourced from react-dom's releases.

19.2.7 (June 1st, 2026)

React Server Components

• Fixed missing FormData entries in Server Actions which regressed in 19.2.6 (#36566 by @​unstubbable)

19.2.6 (May 6th, 2026)

React Server Components

• Type hardening and performance improvements (#36425 by @​eps1lon and @​unstubbable)

Commits

• 6117d7c Version 19.2.7 (#36591)
• eaf3e95 Version 19.2.6
• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react-dom since your current version.

Updates react-router-dom from 7.13.0 to 7.16.0

Changelog

Sourced from react-router-dom's changelog.

v7.16.0

Patch Changes

• Remove stale/invalid unpkg field from package.json. This was removed from other packages with the release of v7 but missed in the react-router-dom re-export package (#15075)
• Updated dependencies:
  • react-router@7.16.0

v7.15.1

Patch Changes

• Updated dependencies:
  • react-router@7.15.1

v7.15.0

Patch Changes

• Updated dependencies:
  • react-router@7.15.0

v7.14.2

Patch Changes

• Updated dependencies:
  • react-router@7.14.2

v7.14.1

Patch Changes

• Updated dependencies:
  • react-router@7.14.1

7.14.0

Patch Changes

• Updated dependencies:
  • react-router@7.14.0

7.13.2

Patch Changes

• Updated dependencies:
  • react-router@7.13.2

... (truncated)

Commits

• 8984d23 Release v7.16.0 (#15105)
• 3ed77af chore: format
• e96962b fix: remove stale unpkg field from react-router-dom (#15075)
• 587d08f Release v7.15.1 (#15038)
• 97c8de7 Release v7.15.0 (#15018)
• cf1d250 Release v7.14.2 (#14993)
• 197674b Release 7.14.1 (#14973)
• a87774f Add new release process (#14916)
• e31077b chore: Update version for release (#14945)
• 6683e85 chore: Update version for release (pre) (#14943)
• Additional commits viewable in compare view

Updates recharts from 3.7.0 to 3.8.1

Release notes

Sourced from recharts's releases.

v3.8.1

What's Changed

Bugfixes!

• fix(z-index): prevent elements from disappearing during dynamic zIndex transitions by @​VIDHITTS in recharts/recharts#7006
• fix: prevent tooltip flicker in syncMethod="value" with mismatched data arrays by @​roy7 in recharts/recharts#7020
• docs: add missing SVG props documentation to PolarGrid #3400 by @​ramanverse in recharts/recharts#6987
• fix: add cursor prop type to BaseChartProps by @​mixelburg in recharts/recharts#7065
• fix: restore arrow key navigation when active index is outside zoomed… by @​AbishekRaj2007 in recharts/recharts#7086
• Add test for ticks spacing by @​VIDHITTS in recharts/recharts#7082
• fix(Pie): skip minAngle redistribution when no segment needs it by @​Harikrushn9118 in recharts/recharts#7097
• fix(DefaultLegendContent): use entry.value for aria-label when formatter returns React element by @​mixelburg in recharts/recharts#7109
• fix(PolarRadiusAxis): update ticks prop type by @​PavelVanecek in recharts/recharts#7112
• fix: PieChart double padding gap when a data item has value 0 by @​Copilot in recharts/recharts#7113
• Add boxplot example by @​PavelVanecek in recharts/recharts#7130
• [fix] Update ticks calculator and domain extension by @​PavelVanecek in recharts/recharts#7146
• fix: guard against non-function d3-scale exports in getD3ScaleFromType by @​tdebarochez in recharts/recharts#7123
• fix: stackOffset expand should not override numerical XAxis domain by @​SeaL773 in recharts/recharts#7152
• fix: resolve keyboard navigation and tooltip issues for Pie charts (#6921) by @​olagokemills in recharts/recharts#7140
• fix(Tooltip): prevent crash on sparse or undefined payload entries by @​Om-Mishra09 in recharts/recharts#7149
• fix(RechartsWrapper): prevent ResizeObserver memory leak on ref update by @​Om-Mishra09 in recharts/recharts#7161

New Contributors

• @​AbishekRaj2007 made their first contribution in recharts/recharts#7086
• @​tdebarochez made their first contribution in recharts/recharts#7123
• @​SeaL773 made their first contribution in recharts/recharts#7152
• @​olagokemills made their first contribution in recharts/recharts#7140

Full Changelog: recharts/recharts@v3.8.0...v3.8.1

v3.8.0

What's Changed

We added generics to our data and dataKey props and now you can have your charts validated by TypeScript. See the full guide here: https://recharts.github.io/en-US/guide/typescript/

We are releasing new helper functions and hooks that will allow you to precisely target mouse interactions, and convert coordinates. See the guide here: https://recharts.github.io/en-US/guide/coordinateSystems/

And new functions and hooks:

getRelativeCoordinate - converts mouse events to pixel positions

Convert Data → Pixels:

useXAxisScale - returns a function to convert X data values to pixel positions useYAxisScale - returns a function to convert Y data values to pixel positions useCartesianScale - convenience hook for converting both at once

Pixels → Data:

... (truncated)

Commits

• 5b10788 chore(deps-dev): bump diff from 8.0.3 to 8.0.4 (#7156)
• 222396f chore(deps): bump react-router-dom from 7.13.1 to 7.13.2 (#7164)
• c2642da chore(deps-dev): bump typescript-eslint from 8.57.1 to 8.57.2 (#7166)
• b186929 fix(RechartsWrapper): prevent ResizeObserver memory leak on ref update (#7161)
• 738f71f fix(Tooltip): prevent crash on sparse or undefined payload entries (#7149)
• 00daf0b chore(deps-dev): bump rollup from 4.59.0 to 4.60.0 (#7158)
• eba4f2a chore(deps-dev): bump marked from 17.0.4 to 17.0.5 (#7157)
• 201d060 fix: resolve keyboard navigation and tooltip issues for Pie charts (#6921) (#...
• 670d092 chore(deps-dev): bump flatted from 3.3.3 to 3.4.2 (#7150)
• 86ca8de fix: stackOffset expand should not override numerical XAxis domain (#7152)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by corkscreewe, a new releaser for recharts since your current version.

Updates tailwind-merge from 3.5.0 to 3.6.0

Release notes

Sourced from tailwind-merge's releases.

v3.6.0

New Features

• Add support for Tailwind CSS v4.3 by @​dcastil in dcastil/tailwind-merge#677
  • Add postfixLookupClassGroups option to config to support Tailwind utilities where a slash is part of the full class name, like named container queries
• Add support for readonly array values by @​unional in dcastil/tailwind-merge#652

Documentation

• Fix broken links in README by @​maurer2 in dcastil/tailwind-merge#662

Other

• Harden internal CI pipeline security by omitting git checkout by @​dcastil, suggested by @​kyletaylored in dcastil/tailwind-merge@6b2499c

Full Changelog: dcastil/tailwind-merge@v3.5.0...v3.6.0

Thanks to @​brandonmcconnell, @​manavm1990, @​langy, @​roboflow, @​syntaxfm, @​getsentry, @​codecov, a private sponsor, @​block, @​openclaw, @​sourcegraph, @​mike-healy and more via @​thnxdev for sponsoring tailwind-merge! ❤️

Commits

• d54f7e5 v3.6.0
• 638871a Update README to add info about Tailwind CSS v4.3 support
• 39fc7b5 Revert "v3.6.0"
• bd8390f v3.6.0
• 802877c add v3.6.0 changelog
• a35feda Merge pull request #665 from dcastil/renovate/rollup-plugin-babel-7.x
• 940389c Merge pull request #667 from dcastil/renovate/release-drafter-release-drafter...
• 005af6d pin to specific version
• 5816ced implement breaking changes
• 17041e1 Merge pull request #676 from dcastil/dependabot/npm_and_yarn/babel/plugin-tra...
• Additional commits viewable in compare view

Updates tailwindcss from 4.2.4 to 4.3.0

Release notes

Sourced from tailwindcss's releases.

v4.3.0

Added

• Add @container-size utility (#18901)
• Add scrollbar-{auto,thin,none} utilities for scrollbar-width, and scrollbar-thumb-* / scrollbar-track-* color utilities for scrollbar-color (#19981, #20019)
• Add scrollbar-gutter-* utilities (#20018)
• Add zoom-* utilities (#20020)
• Add tab-* utilities (#20022)
• Allow using @variant with stacked variants (e.g. @variant hover:focus { … }) (#19996)
• Allow using @variant with compound variants (e.g. @variant hover, focus { … }) (#19996)
• Support --default(…) in --value(…) and --modifier(…) for functional @utility definitions (#19989)

Fixed

• Ensure @plugin resolves package JavaScript entries instead of browser CSS entries when using @tailwindcss/vite (#19949)
• Fix relative @import and @plugin paths resolving from the wrong directory when using @tailwindcss/vite (#19965)
• Ensure CSS files containing @variant are processed by @tailwindcss/vite (#19966)
• Resolve imports relative to base when result.opts.from is not provided when using @tailwindcss/postcss (#19980)
• Canonicalization: preserve significant _ whitespace in arbitrary values (#19986)
• Canonicalization: add parentheses when removing whitespace from arbitrary values would hurt readability (e.g. w-[calc(100%---spacing(60))] → w-[calc(100%-(--spacing(60)))]) (#19986)
• Canonicalization: preserve the original unit in arbitrary values instead of normalizing to base units (e.g. -mt-[20in] → mt-[-20in], not mt-[-1920px]) (#19988)
• Canonicalization: migrate arbitrary :has() variants from [&:has(…)] to has-[…] (#19991)
• Upgrade: don’t migrate inline style attributes (e.g. style="flex-grow: 1" → style="flex-grow: 1", not style="grow: 1") (#19918)
• Allow multiple @utility definitions with the same name but different value types (#19777)
• Export missing PluginWithConfig type from tailwindcss/plugin to fix errors when inferring plugin config types (#19707)
• Ensure start and end legacy utilities without values do not generate CSS (#20003)
• Ensure --value(…) is required in functional @utility definitions (#20005)
• Canonicalization: preserve required whitespace around operators in negated arbitrary values (e.g. -left-[(var(--a)+var(--b))]) (#20011)

Changelog

Sourced from tailwindcss's changelog.

[4.3.0] - 2026-05-08

Added

• Add @container-size utility (#18901)
• Add scrollbar-{auto,thin,none} utilities for scrollbar-width, and scrollbar-thumb-* / scrollbar-track-* color utilities for scrollbar-color (#19981, #20019)
• Add scrollbar-gutter-* utilities (#20018)
• Add zoom-* utilities (#20020)
• Add tab-* utilities (#20022)
• Allow using @variant with stacked variants (e.g. @variant hover:focus { … }) (#19996)
• Allow using @variant with compound variants (e.g. @variant hover, focus { … }) (#19996)
• Support --default(…) in --value(…) and --modifier(…) for functional @utility definitions (#19989)

Fixed

• Ensure @plugin resolves package JavaScript entries instead of browser CSS entries when using @tailwindcss/vite (#19949)
• Fix relative @import and @plugin paths resolving from the wrong directory when using @tailwindcss/vite (#19965)
• Ensure CSS files containing @variant are processed by @tailwindcss/vite (#19966)
• Resolve imports relative to base when result.opts.from is not provided when using @tailwindcss/postcss (#19980)
• Canonicalization: preserve significant _ whitespace in arbitrary values (#19986)
• Canonicalization: add parentheses when removing whitespace from arbitrary values would hurt readability (e.g. w-[calc(100%---spacing(60))] → w-[calc(100%-(--spacing(60)))]) (#19986)
• Canonicalization: preserve the original unit in arbitrary values instead of normalizing to base units (e.g. -mt-[20in] → mt-[-20in], not mt-[-1920px]) (#19988)
• Canonicalization: migrate arbitrary :has() variants from [&:has(…)] to has-[…] (#19991)
• Upgrade: don’t migrate inline style attributes (e.g. style="flex-grow: 1" → style="flex-grow: 1", not style="grow: 1") (#19918)
• Allow multiple @utility definitions with the same name but different value types (#19777)
• Export missing PluginWithConfig type from tailwindcss/plugin to fix errors when inferring plugin config types (#19707)
• Ensure start and end legacy utilities without values do not generate CSS (#20003)
• Ensure --value(…) is required in functional @utility definitions (#20005)
• Canonicalization: preserve required whitespace around operators in negated arbitrary values (e.g. -left-[(var(--a)+var(--b))]) (#20011)

Commits

• 588bd73 4.3.0 (#20023)
• 59936c6 Add tab-* utilities (#20022)
• 90a2373 add zoom-* utilities (#20020)
• 2e1ccf7 Add scrollbar-gutter-* utilities (#20018)
• 754e751 Use non-existing example in tests (#20021)
• 12eb5ae Cleanup noisy test output (#20015)
• 4255671 Improve snapshot tests (#20013)
• 8c77989 Ensure math operators are surrounded by whitespace in arbitrary values (#20011)
• b4db3b9 Add scrollbar-width and scrollbar-color utilities (#19981)
• 08cad84 Support --default(…) in --value(…) and --modifier(…) to support fallbac...
• Additional commits viewable in compare view

Updates msw from 2.12.10 to 2.14.6

Release notes

Sourced from msw's releases.

v2.14.6 (2026-05-11)

Bug Fixes

• defineNetwork: prevent event forwarding manually (#2740) (ccb40e08e3ef1dd80da217f74a1093be260a3f51) @​kettanaito

v2.14.5 (2026-05-08)

Bug Fixes

• ws: remove all frame listeners on client closure (#2739) (91a5d4131ceae9250acc40e0fa44b3c64f030d3e) @​kettanaito

v2.14.4 (2026-05-07)

Bug Fixes

• add finalize API for handler cleanup (#2738) (a288f5452970da6537ff31fce6b7f99eb620e563) @​kettanaito

v2.14.3 (2026-05-04)

Bug Fixes

• prevent frame abort listener leak (#2737) (c4567d2a398fb3315cebea4b66e9b79022ad569c) @​kettanaito

v2.14.2 (2026-04-29)

Bug Fixes

• export the NetworkApi type (#2734) (f0c03214b59f906ca8e92e3f0bb5d08fdf7d6f5e) @​kettanaito

v2.14.1 (2026-04-29)

Bug Fixes

• export default handler controllers (#2733) (f8dc874a236a4bd376c23cce9dd55ed59b8279e2) @​kettanaito

v2.14.0 (2026-04-29)

Features

• support ws.onUpgrade for handling connection upgrades (#2732) (e00e4d693db34884a316f659b8dcfb507cd79dce) @​kettanaito

Bug Fixes

• do not clone user-provided responses (#2731) (6953307c8061626d31a3651e69d47c885c0e4b76) @​kettanaito
• HttpResponse: forward cookies only when response is used (#2728) (30668e68f403535636bfb8dc12c64299d9c1c6e6) @​kettanaito

v2.13.6 (2026-04-24)

Bug Fixes

... (truncated)

Commits

• 2befc51 chore(release): v2.14.6
• ccb40e0 fix(defineNetwork): prevent event forwarding manually (#2740)
• c07e09b chore(release): v2.14.5
• 91a5d41 fix(ws): remove all frame listeners on client closure (#2739)
• d697485 chore(release): v2.14.4
• a288f54 fix: add finalize API for handler cleanup (#2738)
• de18888 chore(release): v2.14.3
• c4567d2 fix: prevent frame abort listener leak (#2737)
• 4bc4a5c chore(release): v2.14.2
• f0c0321 fix: export the NetworkApi type (#2734)
• Additional commits viewable in compare view

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	axios@​1.13.5
	@​vitest/​coverage-v8@​4.0.18
	@​radix-ui/​react-slot@​1.2.4
	@​radix-ui/​react-switch@​1.2.6
	@​types/​express@​5.0.6
	@​types/​supertest@​6.0.3
	@​types/​react-dom@​19.2.3
	filecoin-pin@​0.21.0
	@​types/​react@​19.2.14
	@​willsoto/​nestjs-prometheus@​6.0.2
	@​types/​node@​25.2.3
	any-signal@​4.2.0
	class-transformer@​0.5.1
	class-validator@​0.14.3
	assemblyscript@​0.19.23
	cron@​4.4.0
	@​testing-library/​user-event@​14.6.1
	helmet@​8.1.0
	@​testing-library/​dom@​10.4.1
	@​testing-library/​react@​16.3.2
	@​testing-library/​jest-dom@​6.9.1
	@​tailwindcss/​vite@​4.2.4
	@​vitejs/​plugin-react@​5.1.4
	@​swc/​core@​1.15.11

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm @react-native/debugger-frontend is 96.0% likely obfuscated Confidence: 0.96 Location: Package overview From: pnpm-lock.yaml → npm/@react-native/debugger-frontend@0.83.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@react-native/debugger-frontend@0.83.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm @sentry/node-core is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pnpm-lock.yaml → npm/filecoin-pin@0.21.0 → npm/@sentry/node-core@10.52.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@sentry/node-core@10.52.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm entities is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: pnpm-lock.yaml → npm/entities@6.0.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/entities@6.0.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report