Skip to content

chore(deps): bump the production-dependencies group across 1 directory with 7 updates#43

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/production-dependencies-bc4f6944c8
Closed

chore(deps): bump the production-dependencies group across 1 directory with 7 updates#43
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/production-dependencies-bc4f6944c8

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 27, 2026

Copy link
Copy Markdown
Contributor

Bumps the production-dependencies group with 7 updates in the / directory:

Package From To
helmet 8.1.0 8.2.0
pg 8.20.0 8.22.0
uuid 13.0.0 14.0.1
mobx 6.15.0 6.16.1
react 19.2.4 19.2.7
react-dom 19.2.4 19.2.7
react-router 7.14.0 8.0.1

Updates helmet from 8.1.0 to 8.2.0

Changelog

Sourced from helmet's changelog.

8.2.0 - 2026-05-21

  • Cross-Origin-Opener-Policy: support noopener-allow-popups. See #522
  • Improve error message when passing duplicate options
Commits

Updates pg from 8.20.0 to 8.22.0

Changelog

Sourced from pg's changelog.

pg@8.22.0

pg@8.21.0

Commits

Updates uuid from 13.0.0 to 14.0.1

Release notes

Sourced from uuid's releases.

v14.0.1

14.0.1 (2026-06-20)

Bug Fixes

  • add types condition to node export for moduleResolution bundler (#961) (27ffae5)

v14.0.0

14.0.0 (2026-04-19)

⚠ BREAKING CHANGES

  • expect crypto to be global everywhere (requires node@20+) (#935)
  • drop node@18 support (#934)

Features

Bug Fixes

  • expect crypto to be global everywhere (requires node@20+) (#935) (f2c235f)
  • Use GITHUB_TOKEN for release-please and enable npm provenance (#925) (ffa3138)

v13.0.2

13.0.2 (2026-05-04)

Bug Fixes

  • rerelease to fix provenance. (49ccb35)

v13.0.1

13.0.1 (2026-04-27)

Bug Fixes

Changelog

Sourced from uuid's changelog.

14.0.1 (2026-06-20)

Bug Fixes

  • add types condition to node export for moduleResolution bundler (#961) (27ffae5)

14.0.0 (2026-04-19)

Security

  • Fixes GHSA-w5hq-g745-h8pq: v3(), v5(), and v6() did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid offset was provided. A RangeError is now thrown if offset < 0 or offset + 16 > buf.length.

⚠ BREAKING CHANGES

  • crypto is now expected to be globally defined (requires node@20+) (#935)
  • drop node@18 support (#934)
  • upgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for uuid since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.


Updates mobx from 6.15.0 to 6.16.1

Release notes

Sourced from mobx's releases.

mobx@6.16.1

Patch Changes

mobx@6.16.0

Minor Changes

  • 6b3fb0ee725c0521bbaf7ba901a30261472a0e71 #4639 Thanks @​ashishkr96! - feat(mobx): make the 2022.3 @computed decorator lazy. ComputedValue is now created on first read of the decorated getter rather than eagerly during instance construction, avoiding wasted allocations for getters that are never used. On a 50k-instance × 10-getter class with one read per instance this cuts construction heap by ~50% and construction time by ~25%; the steady-state read path is unchanged. Closes #4616.

  • f0c68749428fd4d3bba48e9685e44fd1ddbbee76 #4658 Thanks @​ashishkr96! - feat(mobx): make the 2022.3 @observable accessor decorator lazy. ObservableValue is now created on first read/write/observe of the decorated accessor rather than eagerly during instance construction, avoiding wasted allocations for fields that are never touched. On a 50k-instance × 10-field class with sparse access (1 of 10 fields read per instance), this cuts construction heap by ~82% and construction time by ~86% versus the eager path. Follow-up to #4639.

Patch Changes

mobx@6.15.4

Patch Changes

mobx@6.15.3

Patch Changes

mobx@6.15.2

Patch Changes

mobx@6.15.1

Patch Changes

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for mobx since your current version.


Updates react from 19.2.4 to 19.2.7

Release notes

Sourced from react's releases.

19.2.7 (June 1st, 2026)

React Server Components

19.2.6 (May 6th, 2026)

React Server Components

19.2.5 (April 8th, 2026)

React Server Components

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react since your current version.


Updates react-dom from 19.2.4 to 19.2.7

Release notes

Sourced from react-dom's releases.

19.2.7 (June 1st, 2026)

React Server Components

19.2.6 (May 6th, 2026)

React Server Components

19.2.5 (April 8th, 2026)

React Server Components

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react-dom since your current version.


Updates react-router from 7.14.0 to 8.0.1

Release notes

Sourced from react-router's releases.

v8.0.1

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v801

v8.0.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v800

v7.18.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7180

v7.17.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7170

v7.16.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7160

v7.15.1

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7151

v7.15.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7150

v7.14.2

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7142

v7.14.1

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7141

Changelog

Sourced from react-router's changelog.

v8.0.1

Patch Changes

  • Remove the obsolete AppLoadContext type export accidentally left over from v7 now that middleware is always enabled and server request context is provided through RouterContextProvider. (#15207)

v8.0.0

Major Changes

  • Remove the future.v8_trailingSlashAwareDataRequests flag (#15100)
    • Trailing slash-aware data request URLs are now the default behavior.
  • Update tsconfig.json target/lib from ES2020 -> ES2022 (591853e)
  • Switch the published packages in packages/ to ESM-only. (#14895) (59ebcf1)
  • Remove deprecated data parameter in favor of loaderData for meta APIs (to align with Route.ComponentProps) (#14931)
    • Route.MetaArgs, Route.MetaMatch, MetaArgs, MetaMatch, Route.ComponentProps.matches, UIMatch
  • Remove future.v8_passThroughRequests flag - the raw incoming request is now always passed through to loader/action. Use url for the normalized URL without React Router-specific implementation details (.data suffixes, index/_routes search params). (#15079)
  • Remove internal hasErrorBoundary field added to router.routes when using a data router (#15074)
    • This should not impact user-facing code since this was an internal prop and was computed based on the presence of ErrorBoundary or errorElement on your route
    • hasErrorBoundary is no longer accepted on RouteObject (IndexRouteObject/NonIndexRouteObject), DataRouteObject, <Route> JSX props, or as a key in lazy route definitions.
    • The MapRoutePropertiesFunction signature no longer requires returning hasErrorBoundary; the router infers it directly.
  • Remove react-router-dom package (#15076)
    • In v7 everything DOM-specific was collapsed into react-router/dom
      • react-router-dom was kept around as a convenience so existing v6 app imports would still work
    • For v8, you will need to swap react-router-dom imports:
      • RouterProvider/HydratedRouter should be imported from react-router/dom
      • Everything else should be imported from react-router
  • Remove future.v8_middleware flag — middleware is always enabled in v8 (#15078)
    • The future.v8_middleware flag has been removed; middleware is now always enabled
    • The context parameter passed to loader, action, and middleware functions is always a RouterContextProvider instance
    • getLoadContext functions in custom servers must return a RouterContextProvider — returning a plain object is no longer supported
    • The MiddlewareEnabled type (previously exported as UNSAFE_MiddlewareEnabled) has been removed since the conditional it gated is now unconditional
    • The Future module augmentation pattern (interface Future { v8_middleware: true }) is no longer needed to type context in Data Mode
  • Update minimum Node version to 22.22.0 (#14928)
  • Update minimum React version to 19.2.7 (#15062)

Minor Changes

  • Bump dependencies (#15080)
    • Bumped cookie from ^1.0.1 to ^1.1.1
    • Bumped set-cookie-parser from ^2.6.0 to ^3.1.0

Patch Changes

  • Ensure client middleware errors load lazy route error boundaries before bubbling (#15086)
  • Remove explicit onSubmit type override from SharedFormProps to fix deprecation warning with @types/react@19.x (#14932) (59ebcf1)
  • Update package builds to preserve individual module files in published artifacts. Public APIs and documented import paths are unchanged. (#15092)
    • Updated package TypeScript configs to support modern module syntax used by the build configuration.
  • Migrate package builds from tsup to tsdown. Published package entry points and public APIs are unchanged. (#15092)
  • Upgrade React Router's TypeScript tooling to TypeScript 6. Runtime behavior and public APIs are unchanged. (#15092)

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…y with 7 updates

Bumps the production-dependencies group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [helmet](https://github.com/helmetjs/helmet) | `8.1.0` | `8.2.0` |
| [pg](https://github.com/brianc/node-postgres/tree/HEAD/packages/pg) | `8.20.0` | `8.22.0` |
| [uuid](https://github.com/uuidjs/uuid) | `13.0.0` | `14.0.1` |
| [mobx](https://github.com/mobxjs/mobx) | `6.15.0` | `6.16.1` |
| [react](https://github.com/facebook/react/tree/HEAD/packages/react) | `19.2.4` | `19.2.7` |
| [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) | `19.2.4` | `19.2.7` |
| [react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router) | `7.14.0` | `8.0.1` |



Updates `helmet` from 8.1.0 to 8.2.0
- [Changelog](https://github.com/helmetjs/helmet/blob/main/CHANGELOG.md)
- [Commits](helmetjs/helmet@v8.1.0...v8.2.0)

Updates `pg` from 8.20.0 to 8.22.0
- [Changelog](https://github.com/brianc/node-postgres/blob/master/CHANGELOG.md)
- [Commits](https://github.com/brianc/node-postgres/commits/pg@8.22.0/packages/pg)

Updates `uuid` from 13.0.0 to 14.0.1
- [Release notes](https://github.com/uuidjs/uuid/releases)
- [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md)
- [Commits](uuidjs/uuid@v13.0.0...v14.0.1)

Updates `mobx` from 6.15.0 to 6.16.1
- [Release notes](https://github.com/mobxjs/mobx/releases)
- [Commits](https://github.com/mobxjs/mobx/commits/mobx@6.16.1)

Updates `react` from 19.2.4 to 19.2.7
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react)

Updates `react-dom` from 19.2.4 to 19.2.7
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react-dom)

Updates `react-router` from 7.14.0 to 8.0.1
- [Release notes](https://github.com/remix-run/react-router/releases)
- [Changelog](https://github.com/remix-run/react-router/blob/main/packages/react-router/CHANGELOG.md)
- [Commits](https://github.com/remix-run/react-router/commits/react-router@8.0.1/packages/react-router)

---
updated-dependencies:
- dependency-name: helmet
  dependency-version: 8.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: pg
  dependency-version: 8.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: uuid
  dependency-version: 14.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-dependencies
- dependency-name: mobx
  dependency-version: 6.16.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: react
  dependency-version: 19.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: react-dom
  dependency-version: 19.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: react-router
  dependency-version: 8.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency label Jun 27, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jul 4, 2026

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jul 4, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/production-dependencies-bc4f6944c8 branch July 4, 2026 02:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants