Bump ra-data-json-server from 5.3.4 to 5.14.6 in /frontend

[dependabot]

Bumps ra-data-json-server from 5.3.4 to 5.14.6.

Release notes

Sourced from ra-data-json-server's releases.

5.14.6

• Fix possible prototype-polluting assignments in local data providers (#11227) (WiXSL)
• Fix duplicate IDs in <FieldToggle> when multiple column pickers are present (#11238) (Yashrajsingh2001)
• Fix incomplete string escaping in escapePath (#11226) (WiXSL)
• Fix <FormDataConsumer> to avoid ReDoS in source detection (#11224) (WiXSL)
• Fix <RichTextField> tag-stripping feature is polynomial and does not strip unfinished tags (#11225) (WiXSL)
• Fix <ArrayInput> shows validation error on mount when mode="onChange" (#11195) (WiXSL)
• Bump follow-redirects from 1.15.11 to 1.16.0 (#11240) (dependabot[bot])
• Bump axios from 1.13.6 to 1.15.0 (#11237) (dependabot[bot])
• Bump vite from 7.3.1 to 7.3.2 (#11234) (dependabot[bot])
• Bump defu from 6.1.4 to 6.1.6 (#11230) (dependabot[bot])
• Bump lodash from 4.17.23 to 4.18.1 (#11229) (dependabot[bot])
• Bump lodash-es from 4.17.23 to 4.18.1 (#11228) (dependabot[bot])
• [chore] Restrict test workflow token permissions (#11223) (WiXSL)

5.14.5

• Add ArrayFieldBase component (#11191) (WiXSL)
• [Fix] Prevent stale nested field values when re-adding items in SimpleFormIterator (#11201) (WiXSL)
• Fix useCreate fails to update the cache when id equals 0 (#11199) (ThieryMichel)
• Fix mutation hooks types (#11024) (djhi)
• [Doc] Add ArrayFieldBase headless documentation (#11192) (WiXSL)
• [chore] Fix headless docs build (#11188) (slax57)
• Bump path-to-regexp from 0.1.12 to 0.1.13 (#11210) (dependabot[bot])
• Bump handlebars from 4.7.7 to 4.7.9 (#11206) (dependabot[bot])
• Bump astro from 5.15.9 to 5.18.1 (#11205) (dependabot[bot])
• Bump picomatch from 2.3.1 to 2.3.2 (#11203) (dependabot[bot])
• Bump smol-toml from 1.5.2 to 1.6.1 (#11202) (dependabot[bot])
• Bump flatted from 3.3.3 to 3.4.2 (#11197) (dependabot[bot])
• Bump h3 from 1.15.8 to 1.15.9 (#11196) (dependabot[bot])
• Bump h3 from 1.15.5 to 1.15.8 (#11194) (dependabot[bot])
• Bump devalue from 5.6.3 to 5.6.4 (#11189) (dependabot[bot])
• Fix tar security alerts (#11215) (WiXSL)
• Fix markdown-it security alert (#11214) (WiXSL)
• Fix minimatch security alerts (#11213) (WiXSL)
• Fix ejs dependabot alert (#11211) (WiXSL)
• Fix picomatch dependabot alert (#11212) (WiXSL)

5.14.4

• Fix SavedQuery when disableSyncWithLocation is set (#11173) (ThieryMichel)
• Fix RichTextInput does not allow nesting unordered and ordered lists (#11179) (frlruehle)
• Fix compatibility with latest version of @hookform/resolvers (#11186) (slax57)
• [Doc] Use splat route for TanStack Start setup (#11182) (WiXSL)
• Fix security warnings due to outdated dependencies (#11183) (ThieryMichel)
• Bump js-yaml from 3.14.1 to 3.14.2 (#11185) (dependabot[bot])
• Bump dompurify from 3.3.1 to 3.3.2 (#11184) (dependabot[bot])
• Bump dompurify and @​types/dompurify (#11180) (dependabot[bot])

5.14.3

• Add default empty component and i18n messages to ListGuesser (#11165) (WiXSL)
• Fix <Edit>, <ReferenceField> and <List> to better support offline mode (#11161) (fzaninotto)

... (truncated)

Changelog

Sourced from ra-data-json-server's changelog.

5.14.6

• Fix possible prototype-polluting assignments in local data providers (#11227) (WiXSL)
• Fix duplicate IDs in <FieldToggle> when multiple column pickers are present (#11238) (Yashrajsingh2001)
• Fix incomplete string escaping in escapePath (#11226) (WiXSL)
• Fix <FormDataConsumer> to avoid ReDoS in source detection (#11224) (WiXSL)
• Fix <RichTextField> tag-stripping feature is polynomial and does not strip unfinished tags (#11225) (WiXSL)
• Fix <ArrayInput> shows validation error on mount when mode="onChange" (#11195) (WiXSL)
• Bump follow-redirects from 1.15.11 to 1.16.0 (#11240) (dependabot[bot])
• Bump axios from 1.13.6 to 1.15.0 (#11237) (dependabot[bot])
• Bump vite from 7.3.1 to 7.3.2 (#11234) (dependabot[bot])
• Bump defu from 6.1.4 to 6.1.6 (#11230) (dependabot[bot])
• Bump lodash from 4.17.23 to 4.18.1 (#11229) (dependabot[bot])
• Bump lodash-es from 4.17.23 to 4.18.1 (#11228) (dependabot[bot])
• [chore] Restrict test workflow token permissions (#11223) (WiXSL)

5.14.5

• Add ArrayFieldBase component (#11191) (WiXSL)
• [Fix] Prevent stale nested field values when re-adding items in SimpleFormIterator (#11201) (WiXSL)
• Fix useCreate fails to update the cache when id equals 0 (#11199) (ThieryMichel)
• Fix mutation hooks types (#11024) (djhi)
• [Doc] Add ArrayFieldBase headless documentation (#11192) (WiXSL)
• [chore] Fix headless docs build (#11188) (slax57)
• Bump path-to-regexp from 0.1.12 to 0.1.13 (#11210) (dependabot[bot])
• Bump handlebars from 4.7.7 to 4.7.9 (#11206) (dependabot[bot])
• Bump astro from 5.15.9 to 5.18.1 (#11205) (dependabot[bot])
• Bump picomatch from 2.3.1 to 2.3.2 (#11203) (dependabot[bot])
• Bump smol-toml from 1.5.2 to 1.6.1 (#11202) (dependabot[bot])
• Bump flatted from 3.3.3 to 3.4.2 (#11197) (dependabot[bot])
• Bump h3 from 1.15.8 to 1.15.9 (#11196) (dependabot[bot])
• Bump h3 from 1.15.5 to 1.15.8 (#11194) (dependabot[bot])
• Bump devalue from 5.6.3 to 5.6.4 (#11189) (dependabot[bot])
• Fix tar security alerts (#11215) (WiXSL)
• Fix markdown-it security alert (#11214) (WiXSL)
• Fix minimatch security alerts (#11213) (WiXSL)
• Fix ejs dependabot alert (#11211) (WiXSL)
• Fix picomatch dependabot alert (#11212) (WiXSL)

5.14.4

• Fix SavedQuery when disableSyncWithLocation is set (#11173) (ThieryMichel)
• Fix RichTextInput does not allow nesting unordered and ordered lists (#11179) (frlruehle)
• Fix compatibility with latest version of @hookform/resolvers (#11186) (slax57)
• [Doc] Use splat route for TanStack Start setup (#11182) (WiXSL)
• Fix security warnings due to outdated dependencies (#11183) (ThieryMichel)
• Bump js-yaml from 3.14.1 to 3.14.2 (#11185) (dependabot[bot])
• Bump dompurify from 3.3.1 to 3.3.2 (#11184) (dependabot[bot])
• Bump dompurify and @​types/dompurify (#11180) (dependabot[bot])

... (truncated)

Commits

• 2d8dcf6 Update changelog for version 5.14.6
• 326e1b9 v5.14.6
• 5221ea8 Merge pull request #11238 from Yashrajsingh2001/fix/field-toggle-duplicate-ids
• 995d8dd Merge pull request #11240 from marmelab/dependabot/npm_and_yarn/follow-redire...
• c3b3e70 Bump follow-redirects from 1.15.11 to 1.16.0
• 33db516 Merge pull request #11237 from marmelab/dependabot/npm_and_yarn/axios-1.15.0
• b49f652 fix: Prevent duplicate IDs in FieldToggle when multiple column pickers are pr...
• 5f07fa6 Bump axios from 1.13.6 to 1.15.0
• 5f505e7 Merge pull request #11234 from marmelab/dependabot/npm_and_yarn/vite-7.3.2
• 354731a Bump vite from 7.3.1 to 7.3.2
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)