deps(deps): bump the minor-and-patch group across 1 directory with 22 updates

[dependabot]

Bumps the minor-and-patch group with 20 updates in the / directory:

Package	From	To
immer	11.1.3	11.1.4
next	16.1.4	16.2.1
react	19.2.3	19.2.4
@types/react	19.2.9	19.2.14
react-dom	19.2.3	19.2.4
react-resizable-panels	4.5.2	4.8.0
tailwind-merge	3.4.0	3.5.0
zustand	5.0.10	5.0.12
@axe-core/cli	4.11.0	4.11.1
@axe-core/playwright	4.11.0	4.11.1
@eslint/compat	2.0.1	2.0.3
@eslint/eslintrc	3.3.3	3.3.5
@next/bundle-analyzer	16.1.4	16.2.1
@playwright/test	1.58.0	1.58.2
@vitest/coverage-v8	4.0.18	4.1.2
autoprefixer	10.4.23	10.4.27
eslint-config-next	16.1.4	16.2.1
lint-staged	16.2.7	16.4.0
postcss	8.5.6	8.5.8
web-vitals	5.1.0	5.2.0

Updates immer from 11.1.3 to 11.1.4

Release notes

Sourced from immer's releases.

v11.1.4

11.1.4 (2026-02-10)

Bug Fixes

• handle nested proxies after spreading and inserting into an array (90a7765)

Commits

• cdccf1a Merge pull request #1210 from immerjs/bugfix/1209-array-plugin-nested-drafts
• 90a7765 fix: handle nested proxies after spreading and inserting into an array
• See full diff in compare view

Updates next from 16.1.4 to 16.2.1

Release notes

Sourced from next's releases.

v16.2.1

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• docs: post release amends (#91715)
• docs: fix broken Activity Patterns demo link in preserving UI state guide (#91698)
• Fix adapter outputs for dynamic metadata routes (#91680)
• Turbopack: fix webpack loader runner layer (#91727)
• Fix server actions in standalone mode with cacheComponents (#91711)
• turbo-persistence: remove Unmergeable mmap advice (#91713)
• Fix layout segment optimization: move app-page imports to server-utility transition (#91701)
• Turbopack: lazy require metadata and handle TLA (#91705)
• [turbopack] Respect {eval:true} in worker_threads constructors (#91666)

Credits

Huge thanks to @​icyJoseph, @​abhishekmardiya, @​ijjk, @​mischnic, @​unstubbable, @​sokra, and @​lukesandberg for helping!

v16.2.1-canary.13

Misc Changes

• docs: opengraph-image papercuts: #92018
• Update revalidateTag examples to use the new two-argument signature: #92065

Credits

Huge thanks to @​icyJoseph and @​aurorascharff for helping!

v16.2.1-canary.12

Core Changes

• Upgrade React from 3cb2c420-20260324 to 9627b5a1-20260327: #92015
• [experiment] Add useOffline flag with offline retry behavior: #92011
• adapters: remove unused suffix code: #91997
• [experiment] Add useOffline hook to expose offline state to userland: #92012
• [turbopack] Don't use turborepo to build the docker image: #92029

Misc Changes

• Use RcStr directly in napi(object) structs instead of converting to String: #92014
• Rename SingleModuleReference::asset to SingleModuleReference::module: #92028

Credits

Huge thanks to @​acdlite, @​ztanner, @​mmastrac, @​sokra, and @​bgw for helping!

v16.2.1-canary.11

Core Changes

... (truncated)

Commits

• ed7d2ce v16.2.1
• 3e37bb4 docs: post release amends (#91715)
• a15ec6e docs: fix broken Activity Patterns demo link in preserving UI state guide (#9...
• 600cd2f Fix adapter outputs for dynamic metadata routes (#91680)
• 27886d3 Turbopack: fix webpack loader runner layer (#91727)
• 88fc430 Fix server actions in standalone mode with cacheComponents (#91711)
• 37aed86 turbo-persistence: remove Unmergeable mmap advice (#91713)
• d6195ec Fix layout segment optimization: move app-page imports to server-utility tran...
• 6cb97d6 Turbopack: lazy require metadata and handle TLA (#91705)
• e6b101a [turbopack] Respect {eval:true} in worker_threads constructors (#91666)
• Additional commits viewable in compare view

Updates react from 19.2.3 to 19.2.4

Release notes

Sourced from react's releases.

19.2.4 (January 26th, 2026)

React Server Components

• Add more DoS mitigations to Server Actions, and harden Server Components (#35632 by @​gnoff, @​lubieowoce, @​sebmarkbage, @​unstubbable)

Commits

• 90ab3f8 Version 19.2.4
• See full diff in compare view

Updates @types/react from 19.2.9 to 19.2.14

Commits

• See full diff in compare view

Updates react-dom from 19.2.3 to 19.2.4

Release notes

Sourced from react-dom's releases.

19.2.4 (January 26th, 2026)

React Server Components

• Add more DoS mitigations to Server Actions, and harden Server Components (#35632 by @​gnoff, @​lubieowoce, @​sebmarkbage, @​unstubbable)

Commits

• 90ab3f8 Version 19.2.4
• See full diff in compare view

Updates react-resizable-panels from 4.5.2 to 4.8.0

Release notes

Sourced from react-resizable-panels's releases.

4.8.0

• 699: useDefaultLayout hook automatically migrates legacy layouts to version 4 format; see issue 605 or PR 699 for details on how this works.

4.7.6

• 698: Replace Panel aria-disabled attribute with data-disabled

4.7.5

• 696: Improved server rendering support for defaultSize prop

4.7.4

• 689: Fix edge case bug with pointer event capture

4.7.3

• 690: Imperative Panel API supports non-percentage sizes

4.7.2

• 683: Don't scroll separator when setting focus

4.7.1

• 678: Change default overflow styles to support shadows

4.7.0

• 677: Add groupResizeBehavior prop to Panel, enabling panels to retain their current size (pixels) size when the parent Group is resized.

4.6.5

• 670: Check for undefined adoptedStyleSheets (to better support environments like jsdom)
• 671: Bug-fix: Update in-memory layout cache when group is resized by double-clicking on a separator

4.6.4

• 664, 665: Resize actions sometimes "jump" on touch devices

4.6.3

• Fixed a problem with project logo not displaying correctly in the README for the Firefox browser.

4.6.2

• 660: Group guards against layouts with mis-ordered Panel id keys

4.6.1

• 658: Imperative Panel and Group APIs ignored disabled status when resizing panels; this is an explicit override of the disabled state and is required to support conditionally disabled groups.
• 658: Separator component does not set a cursor: not-allowed style if the parent Group has cursors disabled.

4.6.0

• 657: Allow Panel and Separator components to be disabled

4.5.9

• 649: Optimization: Replace useForceUpdate with useSyncExternalStore to avoid side effect of swallowing "click" events in certain cases
• 654: Bugfix Imperative Group method setLayout persists layout to in-memory cache
• 652: Re-enable collapsible panel bugfix after fixing another reported issue

4.5.8

... (truncated)

Changelog

Sourced from react-resizable-panels's changelog.

4.8.0

• 699: useDefaultLayout hook automatically migrates legacy layouts to version 4 format; see issue 605 for details on how this works.

4.7.6

• 698: Replace Panel aria-disabled attribute with data-disabled

4.7.5

• 696: Improved server rendering support for defaultSize prop

4.7.4

• 689: Fix edge case bug with pointer event capture

4.7.3

• 690: Imperative Panel API supports non-percentage sizes

4.7.2

• 683: Don't scroll separator when setting focus

4.7.1

• 678: Change default overflow styles to support shadows

4.7.0

• 677: Add groupResizeBehavior prop to Panel, enabling panels to retain their current size (pixels) size when the parent Group is resized.

4.6.5

• 670: Check for undefined adoptedStyleSheets (to better support environments like jsdom)
• 671: Bug-fix: Update in-memory layout cache when group is resized by double-clicking on a separator

4.6.4

• 664, 665: Resize actions sometimes "jump" on touch devices

4.6.3

• Fixed a problem with project logo not displaying correctly in the README for the Firefox browser.

4.6.2

• 660: Group guards against layouts with mis-ordered Panel id keys

4.6.1

... (truncated)

Commits

• 1e299c3 4.7.6 -> 4.8.0
• 09bec23 Import version 3 saved layouts in version 4 (#699)
• 1adf716 Update CONTRIBUTING.md
• bf4f8c6 4.7.5 -> 4.7.6
• d7e4d97 Replace Panel aria-disabled attribute with data-disabled (#698)
• ebf443d Upgrade react-lib-tools
• 225be97 Upgrade react-lib-tools
• 57bf680 Tweaked defaultSize warning wording
• 6e41d82 4.7.4 -> 4.7.5
• 5941ff3 Improved server rendering support for defaultSize prop (#696)
• Additional commits viewable in compare view

Updates tailwind-merge from 3.4.0 to 3.5.0

Release notes

Sourced from tailwind-merge's releases.

v3.5.0

New Features

• Add support for Tailwind CSS v4.2 by @​dcastil in dcastil/tailwind-merge#651

Full Changelog: dcastil/tailwind-merge@v3.4.1...v3.5.0

Thanks to @​brandonmcconnell, @​manavm1990, @​langy, @​roboflow, @​syntaxfm, @​getsentry, @​codecov, a private sponsor, @​block, @​openclaw, @​sourcegraph and more via @​thnxdev for sponsoring tailwind-merge! ❤️

v3.4.1

Bug Fixes

• Prevent arbitrary font-family and font-weight from merging by @​roneymoon in dcastil/tailwind-merge#635

Full Changelog: dcastil/tailwind-merge@v3.4.0...v3.4.1

Thanks to @​brandonmcconnell, @​manavm1990, @​langy, @​roboflow, @​syntaxfm, @​getsentry, @​codecov, a private sponsor, @​block, @​openclaw, @​sourcegraph and more via @​thnxdev for sponsoring tailwind-merge! ❤️

Commits

• 270ac79 v3.5.0
• 86f772e add changelog for 3.5.0
• 6c1f77c Merge pull request #651 from dcastil/feature/add-support-for-tailwind-css-v4.2
• 7a4cacf Add support for decimal fraction values
• 9ef0f79 fix incorrectly escaped characters
• f4938b0 update README with v4.2 support
• b02a572 Add Tailwind v4.2 font-features utilities support
• 5bd25ec Add Tailwind v4.2 logical sizing utilities
• 697c920 Add Tailwind v4.2 logical border block utilities
• 6656a47 Improve JSDoc comments for logical insets
• Additional commits viewable in compare view

Updates zustand from 5.0.10 to 5.0.12

Release notes

Sourced from zustand's releases.

v5.0.12

Two small fixes.

What's Changed

• fix(persist): use latest state in post-rehydration callback by @​Shohjahon-n in pmndrs/zustand#3391
• fix(devtools): correct redux devtools config type extension by @​grigoriy-reshetniak in pmndrs/zustand#3414

New Contributors

• @​pavan-sh made their first contribution in pmndrs/zustand#3378
• @​Copilot made their first contribution in pmndrs/zustand#3395
• @​Aravindsreeni made their first contribution in pmndrs/zustand#3400
• @​wallzero made their first contribution in pmndrs/zustand#3401
• @​chaesunbak made their first contribution in pmndrs/zustand#3405
• @​Shohjahon-n made their first contribution in pmndrs/zustand#3391

Full Changelog: pmndrs/zustand@v5.0.11...v5.0.12

v5.0.11

This release includes small improvements in middleware thanks to contributors.

What's Changed

• chore: improve typing in devtools middleware by @​grigoriy-reshetniak in pmndrs/zustand#3362
• fix(persist): avoid relying on global localStorage by @​honuuk in pmndrs/zustand#3367
• fix(immer): Proper typing for immer middleware in combination with slices by @​wheerd in pmndrs/zustand#3371

New Contributors

• @​SeongYongLee made their first contribution in pmndrs/zustand#3355
• @​grigoriy-reshetniak made their first contribution in pmndrs/zustand#3351
• @​DormancyWang made their first contribution in pmndrs/zustand#3363
• @​Ea-st-ring made their first contribution in pmndrs/zustand#3369
• @​winner07 made their first contribution in pmndrs/zustand#3373
• @​honuuk made their first contribution in pmndrs/zustand#3367
• @​wheerd made their first contribution in pmndrs/zustand#3371

Full Changelog: pmndrs/zustand@v5.0.10...v5.0.11

Commits

• 206012d 5.0.12
• d714065 chore(deps): update dev dependencies (#3427)
• 89ebcd7 fix(devtools): correct redux devtools config type extension (#3414)
• 6213fc1 fix(persist): use latest state in post-rehydration callback (#3391)
• a3869ca docs: fix broken links in beginner TypeScript guide (#3423)
• c49df38 Hotfix section linking (#3410)
• 5561e9b Fix indentation for actions in index.md (#3406)
• 4966a15 fix(readme) : comparison documentaion link (#3405)
• da381c3 Fix README internal links for GitHub rendering (#3403)
• 0d250b3 fix persist documentation link (#3401)
• Additional commits viewable in compare view

Updates @axe-core/cli from 4.11.0 to 4.11.1

Release notes

Sourced from @​axe-core/cli's releases.

Release 4.11.1

Bug Fixes

• reorder exports to place types first (#1261) (40d22e3), closes #1243
• Update axe-core to v4.11.1 (#1271) (77f577e)

Changelog

Sourced from @​axe-core/cli's changelog.

4.11.1 (2026-01-09)

Bug Fixes

• reorder exports to place types first (#1261) (40d22e3), closes #1243
• Update axe-core to v4.11.1 (#1271) (77f577e)

Commits

• 66a3106 chore(release): v4.11.1 (#1275)
• 9a07fd7 chore: RC v4.11.1 (#1272)
• 999a563 chore: applying release changes
• 26e0d0b chore: RC v4.11.1
• 77f577e fix: Update axe-core to v4.11.1 (#1271)
• 40d22e3 fix: reorder exports to place types first (#1261)
• bd80a5f chore: rebuild lockfile (#1266)
• a73c6a8 chore: bump the npm-low-risk group across 1 directory with 27 updates (#1265)
• a80460d chore: bump @​wdio/mocha-framework from 8.39.0 to 9.20.1 (#1256)
• 2199e1b chore: bump mocha from 9.2.2 to 11.7.5 (#1257)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​axe-core/cli since your current version.

Updates @axe-core/playwright from 4.11.0 to 4.11.1

Release notes

Sourced from @​axe-core/playwright's releases.

Release 4.11.1

Bug Fixes

• reorder exports to place types first (#1261) (40d22e3), closes #1243
• Update axe-core to v4.11.1 (#1271) (77f577e)

Changelog

Sourced from @​axe-core/playwright's changelog.

4.11.1 (2026-01-09)

Bug Fixes

• reorder exports to place types first (#1261) (40d22e3), closes #1243
• Update axe-core to v4.11.1 (#1271) (77f577e)

Commits

• 66a3106 chore(release): v4.11.1 (#1275)
• 9a07fd7 chore: RC v4.11.1 (#1272)
• 999a563 chore: applying release changes
• 26e0d0b chore: RC v4.11.1
• 77f577e fix: Update axe-core to v4.11.1 (#1271)
• 40d22e3 fix: reorder exports to place types first (#1261)
• bd80a5f chore: rebuild lockfile (#1266)
• a73c6a8 chore: bump the npm-low-risk group across 1 directory with 27 updates (#1265)
• a80460d chore: bump @​wdio/mocha-framework from 8.39.0 to 9.20.1 (#1256)
• 2199e1b chore: bump mocha from 9.2.2 to 11.7.5 (#1257)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​axe-core/playwright since your current version.

Updates @eslint/compat from 2.0.1 to 2.0.3

Release notes

Sourced from @​eslint/compat's releases.

compat: v2.0.3

2.0.3 (2026-03-06)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​eslint/core bumped from ^1.1.0 to ^1.1.1

migrate-config: v2.0.3

2.0.3 (2026-03-06)

Bug Fixes

• update dependency @​eslint/eslintrc to ^3.3.4 (#382) (cecf46e)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​eslint/compat bumped from ^2.0.2 to ^2.0.3
  • devDependencies
    • @​eslint/core bumped from ^1.1.0 to ^1.1.1

compat: v2.0.2

2.0.2 (2026-01-29)

Bug Fixes

• add eslint 10 as peer dependency (#361) (ecb37dc)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​eslint/core bumped from ^1.0.1 to ^1.1.0

migrate-config: v2.0.2

2.0.2 (2026-01-29)

Dependencies

• The following workspace dependencies were updated
  • dependencies

... (truncated)

Changelog

Sourced from @​eslint/compat's changelog.

2.0.3 (2026-03-06)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​eslint/core bumped from ^1.1.0 to ^1.1.1

2.0.2 (2026-01-29)

Bug Fixes

• add eslint 10 as peer dependency (#361) (ecb37dc)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​eslint/core bumped from ^1.0.1 to ^1.1.0

Commits

• 41eb19f chore: release main (#380)
• 5c42055 docs: Update README sponsors
• b13b482 docs: Update README sponsors
• 53d0bc3 docs: Update README sponsors
• bc1da95 docs: Update README sponsors
• 542bc6b docs: Update README sponsors
• 7cb43b6 build: standardize test scripts (#357)
• 98521c2 docs: Update README sponsors
• 7960653 chore: release main (#356)
• ecb37dc fix: add eslint 10 as peer dependency (#361)
• Additional commits viewable in compare view

Updates @eslint/eslintrc from 3.3.3 to 3.3.5

Release notes

Sourced from @​eslint/eslintrc's releases.

eslintrc: v3.3.5

3.3.5 (2026-03-04)

Bug Fixes

• update dependency minimatch to ^3.1.5 (#227) (3dc2381)

eslintrc: v3.3.4

3.3.4 (2026-02-22)

Bug Fixes

• update ajv to 6.14.0 to address security vulnerabilities (#221) (9139140)
• update minimatch to 3.1.3 to address security vulnerabilities (#224) (30339d0)

Changelog

Sourced from @​eslint/eslintrc's changelog.

3.3.5 (2026-03-04)

Bug Fixes

• update dependency minimatch to ^3.1.5 (#227) (3dc2381)

3.3.4 (2026-02-22)

Bug Fixes

• update ajv to 6.14.0 to address security vulnerabilities (#221) (9139140)
• update minimatch to 3.1.3 to address security vulnerabilities (#224) (30339d0)

Commits

• 5135df1 chore: release 3.3.5 🚀 (#228)
• c109d69 docs: Update README sponsors
• 3dc2381 fix: update dependency minimatch to ^3.1.5 (#227)
• 81385b6 ci: pin Node.js 25.6.1 (#226)
• 4c45e24 chore: release 3.3.4 🚀 (#223)
• 30339d0 fix: update minimatch to 3.1.3 to address security vulnerabilities (#224)
• 9139140 fix: update ajv to 6.14.0 to address security vulnerabilities (#221)
• 245ada5 docs: Update README sponsors
• 78b1a0e docs: Update README sponsors
• df32fff docs: Update README sponsors
• Additional commits viewable in compare view

Updates @next/bundle-analyzer from 16.1.4 to 16.2.1

Release notes

Sourced from @​next/bundle-analyzer's releases.

v16.2.1

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• docs: post release amends (#91715)
• docs: fix broken Activity Patterns demo link in preserving UI state guide (#91698)
• Fix adapter outputs for dynamic metadata routes (#91680)
• Turbopack: fix webpack loader runner layer (#91727)
• Fix server actions in standalone mode with cacheComponents (#91711)
• turbo-persistence: remove Unmergeable mmap advice (#91713)
• Fix layout segment optimization: move app-page imports to server-utility transition (#91701)
• Turbopack: lazy require metadata and handle TLA (#91705)
• [turbopack] Respect {eval:true} in worker_threads constructors (#91666)

Credits

Huge thanks to @​icyJoseph, @​abhishekmardiya, @​ijjk, @​mischnic, @​unstubbable, @​sokra, and @​lukesandberg for helping!

v16.2.1-canary.13

Misc Changes

• docs: opengraph-image papercuts: #92018
• Update revalidateTag examples to use the new two-argument signature: #92065

Credits

Huge thanks to @​icyJoseph and @​aurorascharff for helping!

v16.2.1-canary.12

Core Changes

• Upgrade React from 3cb2c420-20260324 to 9627b5a1-20260327: #92015
• [experiment] Add useOffline flag with offline retry behavior: #92011
• adapters: remove unused suffix code: #91997
• [experiment] Add useOffline hook to expose offline state to userland: #92012
• [turbopack] Don't use turborepo to build the docker image: #92029

Misc Changes

• Use RcStr directly in napi(object) structs instead of converting to String: #92014
• Rename SingleModuleReference::asset to SingleModuleReference::module: #92028

Credits

Huge thanks to @​acdlite, @​ztanner, @​mmastrac, @​sokra, and @​bgw for helping!

v16.2.1-canary.11

Core Changes

... (truncated)

Commits

• ed7d2ce v16.2.1
• c5c94df v16.2.0
• 3683192 v16.2.0-canary.104
• 6689814 v16.2.0-canary.103
• ad66dbc v16.2.0-canary.102
• b856498 v16.2.0-canary.101
• 136b77e v16.2.0-canary.100
• 0f59973 v16.2.0-canary.99
• 792522d v16.2.0-canary.98
• 2769b55 v16.2.0-canary.97
• Additional commits viewable in compare view

Updates @playwright/test from 1.58.0 to 1.58.2

Release notes

Sourced from @​playwright/test's releases.

v1.58.2

Highlights

#39121 fix(trace viewer): make paths via stdin work #39129 fix: do not force swiftshader on chromium mac

Browser Versions

• Chromium 145.0.7632.6
• Mozilla Firefox 146.0.1
• WebKit 26.0

v1.58.1

Highlights

#39036 fix(msedge): fix local network permissions #39037 chore: update cft download location #38995 chore(webkit): disable frame sessions on fronzen builds

Browser Versions

• Chromium 145.0.7632.6
• Mozilla Firefox 146.0.1
• WebKit 26.0

Commits

• ce480a9 cherry-pick(#39171): devops: add ubuntu-22.04-arm bot
• e40c137 chore: mark v1.58.2 (#39155)
• 50b7296 cherry-pick(#39152): chore: fix execSync inheriting stdio
• f3dcf50 cherry-pick(#39129): fix: do not force swiftshader on chromium mac
• 8684e08 cherry-pick(#39121): fix(trace viewer): make paths via stdin work
• 97bc385 cherry-pick(#38995): chore(webkit): disable frame sessions on fronzen builds
• ad625fe chore: mark v1.58.1 (#39055)
• f07234d cherry-pick(#39036): fix(msedge): fix local network permissions (#39053)
• ab8136c cherry-pick(#39037): chore: update cft download location (#39052)
• aa6ffeb cherry-pick(#39014): docs: add 1.58 release notes for Java, Python, and C#
• See full diff in compare view

Updates @types/react from 19.2.9 to 19.2.14

Co...

Description has been truncated

[dependabot]

Labels

The following labels could not be found: automated, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud