build(deps): bump the minor-and-patch group across 1 directory with 8 updates by dependabot[bot] · Pull Request #20 · Signor1/arc-onboard

dependabot · 2026-05-12T05:10:04Z

Bumps the minor-and-patch group with 8 updates in the / directory:

Package	From	To
@tanstack/react-query	`5.100.5`	`5.100.10`
next	`15.5.15`	`15.5.18`
react	`19.2.5`	`19.2.6`
react-dom	`19.2.5`	`19.2.6`
tailwind-merge	`3.5.0`	`3.6.0`
zustand	`5.0.12`	`5.0.13`
@types/node	`25.6.0`	`25.7.0`
postcss	`8.5.10`	`8.5.14`

Updates @tanstack/react-query from 5.100.5 to 5.100.10

Release notes

Sourced from @tanstack/react-query's releases.

@tanstack/react-query-devtools@5.100.9

Patch Changes

Updated dependencies [3d21cac]:

@tanstack/query-devtools@5.100.9

@tanstack/react-query@5.100.9

@tanstack/react-query-next-experimental@5.100.9

Patch Changes

Updated dependencies []:

@tanstack/react-query@5.100.9

@tanstack/react-query-persist-client@5.100.9

Patch Changes

Updated dependencies []:

@tanstack/query-persist-client-core@5.100.9

@tanstack/react-query@5.100.9

@tanstack/react-query@5.100.9

Patch Changes

Updated dependencies [fcee7bd]:

@tanstack/query-core@5.100.9

@tanstack/react-query-devtools@5.100.8

Patch Changes

Updated dependencies []:

@tanstack/query-devtools@5.100.8

@tanstack/react-query@5.100.8

@tanstack/react-query-next-experimental@5.100.8

Patch Changes

Updated dependencies []:

@tanstack/react-query@5.100.8

@tanstack/react-query-persist-client@5.100.8

Patch Changes

Updated dependencies []:

@tanstack/query-persist-client-core@5.100.8

@tanstack/react-query@5.100.8

@tanstack/react-query@5.100.8

Patch Changes

Updated dependencies []:

... (truncated)

Changelog

Sourced from @tanstack/react-query's changelog.

5.100.10

Patch Changes

Updated dependencies []:

@tanstack/query-core@5.100.10

5.100.9

Patch Changes

Updated dependencies [fcee7bd]:

@tanstack/query-core@5.100.9

5.100.8

Patch Changes

Updated dependencies []:

@tanstack/query-core@5.100.8

5.100.7

Patch Changes

Updated dependencies []:

@tanstack/query-core@5.100.7

5.100.6

Patch Changes

Updated dependencies []:

@tanstack/query-core@5.100.6

Commits

See full diff in compare view

Updates next from 15.5.15 to 15.5.18

Release notes

Sourced from next's releases.

v15.5.18

This release contains security fixes for the following advisories:

High:

GHSA-8h8q-6873-q5fj: Denial of Service with Server Components

GHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes

GHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up

GHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components

GHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection

GHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades

GHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n

Moderate:

GHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces

GHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input

GHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API

GHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses

Low:

GHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting

GHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned

v15.5.16

This release contains security fixes for the following advisories:

High:

GHSA-8h8q-6873-q5fj: Denial of Service with Server Components

GHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes

GHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components

GHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection

GHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades

GHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n

Moderate:

GHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces

GHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input

GHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API

GHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses

Low:

GHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting

GHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned

Commits

9ff92ce v15.5.18
00ebe23 [backport] Disable build caches for production/staging/force-preview deploys ...
62c97ab v15.5.17
423623a Turbopack: Match proxy matchers with webpack implementation (#93594)
fa78739 Turbopack: Fix middleware matcher suffix (#93590)
36e62c6 [backport] Turbopack: more strict vergen setup (#93588)
36589b5 [backport][test] Pin package manager to patch versions (#93596)
ad6fd4e v15.5.16
79d7dff Ignore malformed CSP nonce headers (#103)
c4f6908 router-server: guard upgrade proxy against absolute-url SSRF (#77) (#102)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for next since your current version.

Updates react from 19.2.5 to 19.2.6

Release notes

Sourced from react's releases.

19.2.6 (May 6th, 2026)

React Server Components

Type hardening and performance improvements (#36425 by @eps1lon and @unstubbable)

Commits

eaf3e95 Version 19.2.6
See full diff in compare view

Updates react-dom from 19.2.5 to 19.2.6

Release notes

Sourced from react-dom's releases.

19.2.6 (May 6th, 2026)

React Server Components

Type hardening and performance improvements (#36425 by @eps1lon and @unstubbable)

Commits

eaf3e95 Version 19.2.6
See full diff in compare view

Updates tailwind-merge from 3.5.0 to 3.6.0

Release notes

Sourced from tailwind-merge's releases.

v3.6.0

New Features

Add support for Tailwind CSS v4.3 by @dcastil in dcastil/tailwind-merge#677

Add postfixLookupClassGroups option to config to support Tailwind utilities where a slash is part of the full class name, like named container queries

Add support for readonly array values by @unional in dcastil/tailwind-merge#652

Documentation

Fix broken links in README by @maurer2 in dcastil/tailwind-merge#662

Other

Harden internal CI pipeline security by omitting git checkout by @dcastil, suggested by @kyletaylored in dcastil/tailwind-merge@6b2499c

Full Changelog: dcastil/tailwind-merge@v3.5.0...v3.6.0

Thanks to @brandonmcconnell, @manavm1990, @langy, @roboflow, @syntaxfm, @getsentry, @codecov, a private sponsor, @block, @openclaw, @sourcegraph, @mike-healy and more via @thnxdev for sponsoring tailwind-merge! ❤️

Commits

d54f7e5 v3.6.0
638871a Update README to add info about Tailwind CSS v4.3 support
39fc7b5 Revert "v3.6.0"
bd8390f v3.6.0
802877c add v3.6.0 changelog
a35feda Merge pull request #665 from dcastil/renovate/rollup-plugin-babel-7.x
940389c Merge pull request #667 from dcastil/renovate/release-drafter-release-drafter...
005af6d pin to specific version
5816ced implement breaking changes
17041e1 Merge pull request #676 from dcastil/dependabot/npm_and_yarn/babel/plugin-tra...
Additional commits viewable in compare view

Updates zustand from 5.0.12 to 5.0.13

Release notes

Sourced from zustand's releases.

v5.0.13

This release includes an improvement in the devtools middleware.

What's Changed

refactor(devtools): remove duplicate module augmentation by @mahmoodhamdi in pmndrs/zustand#3443

fix(devtools): support Firefox/Safari stack format in findCallerName by @SBolsec in pmndrs/zustand#3469

New Contributors

@mahmoodhamdi made their first contribution in pmndrs/zustand#3443

@FelixEckl-vireq made their first contribution in pmndrs/zustand#3466

@KimHyeongRae0 made their first contribution in pmndrs/zustand#3471

@lstak made their first contribution in pmndrs/zustand#3483

@AlexRixten made their first contribution in pmndrs/zustand#3474

@SBolsec made their first contribution in pmndrs/zustand#3469

Full Changelog: pmndrs/zustand@v5.0.12...v5.0.13

Commits

6bc451e 5.0.13
8ec2169 chore(deps): update dev dependencies (#3486)
4e9bcf0 fix(devtools): support Firefox/Safari stack format in findCallerName (#3469)
4b96f4e fix(docs): correct react-dom test utils import path (#3474)
c7516c1 fix(tests): change parameters for 'expect' in test (#3483)
1b04af1 docs(persist): fix signature to require persistOptions (#3477)
95d3f33 test(middleware/immer): add runtime tests for immer middleware (#3471)
3201328 Update TypeScript guide links in README.md (#3466)
00f96a3 chore(deps): bump actions/deploy-pages from 4.0.5 to 5.0.0 (#3447)
6330044 test: expand React subscribe test coverage (#3442)
Additional commits viewable in compare view

Updates @types/node from 25.6.0 to 25.7.0

Commits

See full diff in compare view

Updates postcss from 8.5.10 to 8.5.14

Release notes

Sourced from postcss's releases.

8.5.14

Fixed custom syntax regression (by @43081j).

8.5.13

Fixed postcss-scss commend regression.

8.5.12

Fixed reading any file via user-generated CSS.

Added opts.unsafeMap to disable checks.

8.5.11

Fixed nested brackets parsing performance (by @offset).

Changelog

Sourced from postcss's changelog.

8.5.14

Fixed custom syntax regression (by @43081j).

8.5.13

Fixed postcss-scss commend regression.

8.5.12

Fixed reading any file via user-generated CSS.

Added opts.unsafeMap to disable checks.

8.5.11

Fixed nested brackets parsing performance (by @offset).

Commits

3ec1394 Release 8.5.14 version
f2bb827 Update dependencies
d75953d Merge pull request #2084 from 43081j/raw-raws-rawing
68bd213 fix: always call raw to retrieve raw values
af58cf1 Release 8.5.13 version
f227dbd Temporary ignore pnpm 11 config
d3abd40 Update dependencies
dd06c3e Revert stringifier changes because of the conflict with postcss-scss
ae889c8 Try to fix CI
e0093e4 Move to pnpm 11
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

… updates Bumps the minor-and-patch group with 8 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@tanstack/react-query](https://github.com/TanStack/query/tree/HEAD/packages/react-query) | `5.100.5` | `5.100.10` | | [next](https://github.com/vercel/next.js) | `15.5.15` | `15.5.18` | | [react](https://github.com/facebook/react/tree/HEAD/packages/react) | `19.2.5` | `19.2.6` | | [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) | `19.2.5` | `19.2.6` | | [tailwind-merge](https://github.com/dcastil/tailwind-merge) | `3.5.0` | `3.6.0` | | [zustand](https://github.com/pmndrs/zustand) | `5.0.12` | `5.0.13` | | [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.6.0` | `25.7.0` | | [postcss](https://github.com/postcss/postcss) | `8.5.10` | `8.5.14` | Updates `@tanstack/react-query` from 5.100.5 to 5.100.10 - [Release notes](https://github.com/TanStack/query/releases) - [Changelog](https://github.com/TanStack/query/blob/main/packages/react-query/CHANGELOG.md) - [Commits](https://github.com/TanStack/query/commits/HEAD/packages/react-query) Updates `next` from 15.5.15 to 15.5.18 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v15.5.15...v15.5.18) Updates `react` from 19.2.5 to 19.2.6 - [Release notes](https://github.com/facebook/react/releases) - [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/react/commits/v19.2.6/packages/react) Updates `react-dom` from 19.2.5 to 19.2.6 - [Release notes](https://github.com/facebook/react/releases) - [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/react/commits/v19.2.6/packages/react-dom) Updates `tailwind-merge` from 3.5.0 to 3.6.0 - [Release notes](https://github.com/dcastil/tailwind-merge/releases) - [Commits](dcastil/tailwind-merge@v3.5.0...v3.6.0) Updates `zustand` from 5.0.12 to 5.0.13 - [Release notes](https://github.com/pmndrs/zustand/releases) - [Commits](pmndrs/zustand@v5.0.12...v5.0.13) Updates `@types/node` from 25.6.0 to 25.7.0 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `postcss` from 8.5.10 to 8.5.14 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.5.10...8.5.14) --- updated-dependencies: - dependency-name: "@tanstack/react-query" dependency-version: 5.100.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: next dependency-version: 15.5.18 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: react dependency-version: 19.2.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: react-dom dependency-version: 19.2.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: tailwind-merge dependency-version: 3.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: zustand dependency-version: 5.0.13 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: "@types/node" dependency-version: 25.7.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: postcss dependency-version: 8.5.14 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: minor-and-patch ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 12, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump the minor-and-patch group across 1 directory with 8 updates#20

build(deps): bump the minor-and-patch group across 1 directory with 8 updates#20
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/minor-and-patch-b8ed2eb16e

dependabot Bot commented on behalf of github May 12, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 12, 2026

@​tanstack/react-query-devtools@​5.100.9

Patch Changes

@​tanstack/react-query-next-experimental@​5.100.9

Patch Changes

@​tanstack/react-query-persist-client@​5.100.9

Patch Changes

@​tanstack/react-query@​5.100.9

Patch Changes

@​tanstack/react-query-devtools@​5.100.8

Patch Changes

@​tanstack/react-query-next-experimental@​5.100.8

Patch Changes

@​tanstack/react-query-persist-client@​5.100.8

Patch Changes

@​tanstack/react-query@​5.100.8

Patch Changes

5.100.10

Patch Changes

5.100.9

Patch Changes

5.100.8

Patch Changes

5.100.7

Patch Changes

5.100.6

Patch Changes

v15.5.18

v15.5.16

19.2.6 (May 6th, 2026)

React Server Components

19.2.6 (May 6th, 2026)

React Server Components

v3.6.0

New Features

Documentation

Other

v5.0.13

What's Changed

New Contributors

8.5.14

8.5.13

8.5.12

8.5.11

8.5.14

8.5.13

8.5.12

8.5.11

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

`@tanstack/react-query-devtools@5`.100.9

`@tanstack/react-query-next-experimental@5`.100.9

`@tanstack/react-query-persist-client@5`.100.9

`@tanstack/react-query@5`.100.9

`@tanstack/react-query-devtools@5`.100.8

`@tanstack/react-query-next-experimental@5`.100.8

`@tanstack/react-query-persist-client@5`.100.8

`@tanstack/react-query@5`.100.8