Skip to content

chore: bump the all group in /web with 3 updates#1025

Merged
Aureliolo merged 1 commit intomainfrom
dependabot/npm_and_yarn/web/all-6ffaadcdf2
Apr 3, 2026
Merged

chore: bump the all group in /web with 3 updates#1025
Aureliolo merged 1 commit intomainfrom
dependabot/npm_and_yarn/web/all-6ffaadcdf2

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 3, 2026

Bumps the all group in /web with 3 updates: react-router, @eslint-react/eslint-plugin and esbuild.

Updates react-router from 7.13.2 to 7.14.0

Release notes

Sourced from react-router's releases.

v7.14.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7140

Changelog

Sourced from react-router's changelog.

7.14.0

Patch Changes

  • UNSTABLE RSC FRAMEWORK MODE BREAKING CHANGE - Existing route module exports remain unchanged from stable v7 non-RSC mode, but new exports are added for RSC mode. If you want to use RSC features, you will need to update your route modules to export the new annotations. (#14901)

    If you are using RSC framework mode currently, you will need to update your route modules to the new conventions. The following route module components have their own mutually exclusive server component counterparts:

    Server Component Export Client Component
    ServerComponent default
    ServerErrorBoundary ErrorBoundary
    ServerLayout Layout
    ServerHydrateFallback HydrateFallback

    If you were previously exporting a ServerComponent, your ErrorBoundary, Layout, and HydrateFallback were also server components. If you want to keep those as server components, you can rename them and prefix them with Server. If you were previously importing the implementations of those components from a client module, you can simply inline them.

    Example:

    Before

    import { ErrorBoundary as ClientErrorBoundary } from "./client";
export function ServerComponent() {
// ...
}
export function ErrorBoundary() {
return <ClientErrorBoundary />;
}
export function Layout() {
// ...
}
export function HydrateFallback() {
// ...
}

    After

    export function ServerComponent() {
  // ...
}
export function ErrorBoundary() {
// previous implementation of ClientErrorBoundary, this is now a client component

... (truncated)

Commits

Updates @eslint-react/eslint-plugin from 4.2.1 to 4.2.3

Release notes

Sourced from @​eslint-react/eslint-plugin's releases.

v4.2.3 (2026-04-03)

What's Changed

✨ New

  • jsx: add jsx-no-leaked-dollar rule, add suggest fix to jsx-no-leaked-semicolon rule (#1688) (b86bdd6da)
  • jsx: add jsx-no-leaked-semicolon rule, closes #1685 (#1686) (fbb495000)

📝 Documentation

  • update recipe section structure (Code→Rule, Usage→Config) (8cade3008)
  • update custom rule examples code style (#1684) (dc9d05c33)
  • update recipe titles to Title Case (6a2d941b6)
  • improve recipes overview (8278f45c9)

Full Changelog: Rel1cx/eslint-react@v4.2.2...v4.2.3

v4.2.2 (2026-04-02)

What's Changed

🪄 Improvements

  • refactor(kit): Rename RuleDefinition to RuleFunction and deprecate the old name (#1683). The RuleDefinition type is now deprecated and will be removed in a future major release. Please migrate to RuleFunction.

📝 Documentation

  • docs: Add noCircularEffect recipe and register in examples, closes #755 (#1681).
  • docs: Add component-hook-factories recipe and update examples.
  • docs: Add noExplicitSpreadProps rule to custom-rules-of-props recipe, closes #503.
  • docs: Migrate recipe docs to MDX format.
  • docs: Flatten recipe docs from tabbed UI to plain markdown sections.
  • docs: Standardize quotes in rule descriptions (#1680).
  • docs: Standardize punctuation and phrasing in recipe docs (#1682).
  • docs: Standardize recipe frontmatter descriptions.
  • docs(website): Update recipes overview page.
  • docs(website): Add "See Also" cross-references to recipes docs.
  • docs(website): Simplify rule definition example in recipes overview.
  • docs: Remove obsolete component-hook-factories references from recipes.
  • docs: Remove Roadmap section from READMEs.
  • docs: Remove Custom Rules for Missing Rules link.
  • docs: Add Recipes link and update install command.
  • docs: Switch to installing @eslint-react/kit without rc tag.

Full Changelog: Rel1cx/eslint-react@v4.2.1...v4.2.2

Changelog

Sourced from @​eslint-react/eslint-plugin's changelog.

v4.2.3 (2026-04-03)

✨ New

  • jsx: add jsx-no-leaked-dollar rule, add suggest fix to jsx-no-leaked-semicolon rule (#1688) (b86bdd6da)
  • jsx: add jsx-no-leaked-semicolon rule, closes #1685 (#1686) (fbb495000)

📝 Documentation

  • update recipe section structure (Code→Rule, Usage→Config) (8cade3008)
  • update custom rule examples code style (#1684) (dc9d05c33)
  • update recipe titles to Title Case (6a2d941b6)
  • improve recipes overview (8278f45c9)

Full Changelog: Rel1cx/eslint-react@v4.2.2...v4.2.3

v4.2.2 (2026-04-02)

🪄 Improvements

  • refactor(kit): Rename RuleDefinition to RuleFunction and deprecate the old name (#1683). The RuleDefinition type is now deprecated and will be removed in a future major release. Please migrate to RuleFunction.

📝 Documentation

  • docs: Add noCircularEffect recipe and register in examples, closes #755 (#1681).
  • docs: Add component-hook-factories recipe and update examples.
  • docs: Add noExplicitSpreadProps rule to custom-rules-of-props recipe, closes #503.
  • docs: Migrate recipe docs to MDX format.
  • docs: Flatten recipe docs from tabbed UI to plain markdown sections.
  • docs: Standardize quotes in rule descriptions (#1680).
  • docs: Standardize punctuation and phrasing in recipe docs (#1682).
  • docs: Standardize recipe frontmatter descriptions.
  • docs(website): Update recipes overview page.
  • docs(website): Add "See Also" cross-references to recipes docs.
  • docs(website): Simplify rule definition example in recipes overview.
  • docs: Remove obsolete component-hook-factories references from recipes.
  • docs: Remove Roadmap section from READMEs.
  • docs: Remove Custom Rules for Missing Rules link.
  • docs: Add Recipes link and update install command.
  • docs: Switch to installing @eslint-react/kit without rc tag.

Full Changelog: Rel1cx/eslint-react@v4.2.1...v4.2.2

Commits
  • e5e2732 release: 4.2.3
  • b86bdd6 feat(jsx): add jsx-no-leaked-dollar rule, add suggest fix to jsx-no-leaked-se...
  • fbb4950 feat(jsx): add jsx-no-leaked-semicolon rule, closes #1685 (#1686)
  • 47eb968 release: 4.2.3-beta.1
  • b2bf66a release: 4.2.3-beta.0
  • b93af46 release: 4.2.2
  • 232bf9a Remove Custom Rules for Missing Rules link
  • 1bb7818 Remove Roadmap section from READMEs
  • See full diff in compare view

Updates esbuild from 0.27.5 to 0.28.0

Release notes

Sourced from esbuild's releases.

v0.28.0

  • Add support for with { type: 'text' } imports (#4435)

    The import text proposal has reached stage 3 in the TC39 process, which means that it's recommended for implementation. It has also already been implemented by Deno and Bun. So with this release, esbuild also adds support for it. This behaves exactly the same as esbuild's existing text loader. Here's an example:

    import string from './example.txt' with { type: 'text' }
console.log(string)

  • Add integrity checks to fallback download path (#4343)

    Installing esbuild via npm is somewhat complicated with several different edge cases (see esbuild's documentation for details). If the regular installation of esbuild's platform-specific package fails, esbuild's install script attempts to download the platform-specific package itself (first with the npm command, and then with a HTTP request to registry.npmjs.org as a last resort).

    This last resort path previously didn't have any integrity checks. With this release, esbuild will now verify that the hash of the downloaded binary matches the expected hash for the current release. This means the hashes for all of esbuild's platform-specific binary packages will now be embedded in the top-level esbuild package. Hopefully this should work without any problems. But just in case, this change is being done as a breaking change release.

  • Update the Go compiler from 1.25.7 to 1.26.1

    This upgrade should not affect anything. However, there have been some significant internal changes to the Go compiler, so esbuild could potentially behave differently in certain edge cases:

    • It now uses the new garbage collector that comes with Go 1.26.
    • The Go compiler is now more aggressive with allocating memory on the stack.
    • The executable format that the Go linker uses has undergone several changes.
    • The WebAssembly build now unconditionally makes use of the sign extension and non-trapping floating-point to integer conversion instructions.

    You can read the Go 1.26 release notes for more information.

v0.27.7

  • Fix lowering of define semantics for TypeScript parameter properties (#4421)

    The previous release incorrectly generated class fields for TypeScript parameter properties even when the configured target environment does not support class fields. With this release, the generated class fields will now be correctly lowered in this case:

    // Original code
class Foo {
  constructor(public x = 1) {}
  y = 2
}
// Old output (with --loader=ts --target=es2021)
class Foo {
constructor(x = 1) {
this.x = x;
__publicField(this, "y", 2);
}
x;
}
// New output (with --loader=ts --target=es2021)
class Foo {

... (truncated)

Changelog

Sourced from esbuild's changelog.

0.28.0

  • Add support for with { type: 'text' } imports (#4435)

    The import text proposal has reached stage 3 in the TC39 process, which means that it's recommended for implementation. It has also already been implemented by Deno and Bun. So with this release, esbuild also adds support for it. This behaves exactly the same as esbuild's existing text loader. Here's an example:

    import string from './example.txt' with { type: 'text' }
console.log(string)

  • Add integrity checks to fallback download path (#4343)

    Installing esbuild via npm is somewhat complicated with several different edge cases (see esbuild's documentation for details). If the regular installation of esbuild's platform-specific package fails, esbuild's install script attempts to download the platform-specific package itself (first with the npm command, and then with a HTTP request to registry.npmjs.org as a last resort).

    This last resort path previously didn't have any integrity checks. With this release, esbuild will now verify that the hash of the downloaded binary matches the expected hash for the current release. This means the hashes for all of esbuild's platform-specific binary packages will now be embedded in the top-level esbuild package. Hopefully this should work without any problems. But just in case, this change is being done as a breaking change release.

  • Update the Go compiler from 1.25.7 to 1.26.1

    This upgrade should not affect anything. However, there have been some significant internal changes to the Go compiler, so esbuild could potentially behave differently in certain edge cases:

    • It now uses the new garbage collector that comes with Go 1.26.
    • The Go compiler is now more aggressive with allocating memory on the stack.
    • The executable format that the Go linker uses has undergone several changes.
    • The WebAssembly build now unconditionally makes use of the sign extension and non-trapping floating-point to integer conversion instructions.

    You can read the Go 1.26 release notes for more information.

0.27.7

  • Fix lowering of define semantics for TypeScript parameter properties (#4421)

    The previous release incorrectly generated class fields for TypeScript parameter properties even when the configured target environment does not support class fields. With this release, the generated class fields will now be correctly lowered in this case:

    // Original code
class Foo {
  constructor(public x = 1) {}
  y = 2
}
// Old output (with --loader=ts --target=es2021)
class Foo {
constructor(x = 1) {
this.x = x;
__publicField(this, "y", 2);
}
x;
}

... (truncated)

Commits
  • 6a794df publish 0.28.0 to npm
  • 64ee0ea fix #4435: support with { type: text } imports
  • ef65aee fix sort order in snapshots_packagejson.txt
  • 1a26a8e try to fix test-old-ts, also shuffle CI tasks
  • 556ce6c use '' instead of null to omit build hashes
  • 8e675a8 ci: allow missing binary hashes for tests
  • 7067763 Reapply "update go 1.25.7 => 1.26.1"
  • 39473a9 fix #4343: integrity check for binary download
  • 2025c9f publish 0.27.7 to npm
  • c6b586e fix typo in Makefile for @esbuild/win32-x64
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore: bump the all group in /web with 3 updates
eb4a2d3 
Bumps the all group in /web with 3 updates: [react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router), [@eslint-react/eslint-plugin](https://github.com/Rel1cx/eslint-react/tree/HEAD/packages/plugins/eslint-plugin) and [esbuild](https://github.com/evanw/esbuild).


Updates `react-router` from 7.13.2 to 7.14.0
- [Release notes](https://github.com/remix-run/react-router/releases)
- [Changelog](https://github.com/remix-run/react-router/blob/main/packages/react-router/CHANGELOG.md)
- [Commits](https://github.com/remix-run/react-router/commits/react-router@7.14.0/packages/react-router)

Updates `@eslint-react/eslint-plugin` from 4.2.1 to 4.2.3
- [Release notes](https://github.com/Rel1cx/eslint-react/releases)
- [Changelog](https://github.com/Rel1cx/eslint-react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/Rel1cx/eslint-react/commits/v4.2.3/packages/plugins/eslint-plugin)

Updates `esbuild` from 0.27.5 to 0.28.0
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](evanw/esbuild@v0.27.5...v0.28.0)

---
updated-dependencies:
- dependency-name: react-router
  dependency-version: 7.14.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: "@eslint-react/eslint-plugin"
  dependency-version: 4.2.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: esbuild
  dependency-version: 0.28.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file scope:web Vue 3 dashboard type:chore Maintenance, cleanup, dependency updates labels Apr 3, 2026
@dependabot dependabot bot requested a review from Aureliolo as a code owner April 3, 2026 06:12
@dependabot dependabot bot added dependencies Pull requests that update a dependency file scope:web Vue 3 dashboard labels Apr 3, 2026
@socket-security
Copy link
Copy Markdown

socket-security bot commented Apr 3, 2026

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatednpm/​@​eslint-react/​eslint-plugin@​4.2.1 ⏵ 4.2.399 +110010096100

View full report

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 3, 2026

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

@Aureliolo Aureliolo merged commit 21d40d3 into main Apr 3, 2026
24 checks passed
@Aureliolo Aureliolo deleted the dependabot/npm_and_yarn/web/all-6ffaadcdf2 branch April 3, 2026 07:29
@Aureliolo Aureliolo mentioned this pull request Apr 3, 2026
Merged
Aureliolo added a commit that referenced this pull request Apr 3, 2026
@Aureliolo @github-actions
chore(main): release 0.5.8 (#1002)
7639021 
🤖 I have created a release *beep* *boop*
---


##
[0.5.8](v0.5.7...v0.5.8)
(2026-04-03)


### Features

* auto-select embedding model + fine-tuning pipeline wiring
([#999](#999))
([a4cbc4e](a4cbc4e)),
closes [#965](#965)
[#966](#966)
* ceremony scheduling batch 3 -- milestone strategy, template defaults,
department overrides
([#1019](#1019))
([321d245](321d245))
* five-pillar evaluation framework for HR performance tracking
([#1017](#1017))
([5e66cbd](5e66cbd)),
closes [#699](#699)
* populate comparison page with 53 competitor entries
([#1000](#1000))
([5cb232d](5cb232d)),
closes [#993](#993)
* throughput-adaptive and external-trigger ceremony scheduling
strategies ([#1003](#1003))
([bb5c9a4](bb5c9a4)),
closes [#973](#973)
[#974](#974)


### Bug Fixes

* eliminate backup service I/O from API test lifecycle
([#1015](#1015))
([08d9183](08d9183))
* update run_affected_tests.py to use -n 8
([#1014](#1014))
([3ee9fa7](3ee9fa7))


### Performance

* reduce pytest parallelism from -n auto to -n 8
([#1013](#1013))
([43e0707](43e0707))


### CI/CD

* bump docker/login-action from 4.0.0 to 4.1.0 in the all group
([#1027](#1027))
([e7e28ec](e7e28ec))
* bump wrangler from 4.79.0 to 4.80.0 in /.github in the all group
([#1023](#1023))
([1322a0d](1322a0d))


### Maintenance

* bump github.com/mattn/go-runewidth from 0.0.21 to 0.0.22 in /cli in
the all group
([#1024](#1024))
([b311694](b311694))
* bump https://github.com/astral-sh/ruff-pre-commit from v0.15.8 to
0.15.9 in the all group
([#1022](#1022))
([1650087](1650087))
* bump node from `71be405` to `387eebd` in /docker/sandbox in the all
group ([#1021](#1021))
([40bd2f6](40bd2f6))
* bump node from `cf38e1f` to `ad82eca` in /docker/web in the all group
([#1020](#1020))
([f05ab9f](f05ab9f))
* bump the all group in /web with 3 updates
([#1025](#1025))
([21d40d3](21d40d3))
* bump the all group with 2 updates
([#1026](#1026))
([36778de](36778de))
* enable additional eslint-react rules and fix violations
([#1028](#1028))
([80423be](80423be))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

---------

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Aureliolo Aureliolo Awaiting requested review from Aureliolo Aureliolo is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file scope:web Vue 3 dashboard type:chore Maintenance, cleanup, dependency updates

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Aureliolo