Monthly dependency updates: Bump the "maintenance" group with 3 updates across multiple ecosystems

[dependabot]

Bumps the maintenance group with 9 updates:

Package	From	To
prejudice	4dff49a	341186b
pride	5bf27ee	6f678cd
qs	6.15.0	6.15.1
react	19.2.4	19.2.5
react-dom	19.2.4	19.2.5
react-router-dom	7.13.2	7.14.2
@eslint/compat	2.0.3	2.0.5
eslint	10.1.0	10.2.1
globals	17.4.0	17.5.0

Updates prejudice from 4dff49a to 341186b

Commits

• 341186b Merge pull request #77 from mlibrary/pin-dockerfile-images
• 11b4d14 Merge branch 'master' into pin-dockerfile-images
• ed5b6a2 Monthly dependency updates: Bump the app-dependencies group with 2 updates (#78)
• d5af89f Pin dockerfile images.
• 1768e83 Merge pull request #76 from mlibrary/cleanup-2026-04-07
• 1835a01 Updating project details.
• 567629d eslint script and config updates.
• 8c0d363 Undoing esbuild installation and setup.
• 9583f20 Changing the main file to the prod build.
• e7f309e Uncommenting running ESLint.
• Additional commits viewable in compare view

Updates pride from 5bf27ee to 6f678cd

Commits

• 6f678cd Merge pull request #227 from mlibrary/github-actions-sha
• 44136c0 Updating GitHub Actions workflow to use specific versions of actions for bett...
• 4353518 Monthly dependency updates: Bump the maintenance group with 5 updates (#226)
• See full diff in compare view

Updates qs from 6.15.0 to 6.15.1

Changelog

Sourced from qs's changelog.

6.15.1

• [Fix] parse: parameterLimit: Infinity with throwOnLimitExceeded: true silently drops all parameters
• [Deps] update @ljharb/eslint-config
• [Dev Deps] update @ljharb/eslint-config, iconv-lite
• [Tests] increase coverage

Commits

• 3f5e1c5 v6.15.1
• c85b67f [Fix] parse: parameterLimit: Infinity with throwOnLimitExceeded: true s...
• 4dfa0f0 [Deps] update @ljharb/eslint-config
• dbb05d7 [Dev Deps] update @ljharb/eslint-config, iconv-lite
• b0cfe7c [Tests] increase coverage
• See full diff in compare view

Updates react from 19.2.4 to 19.2.5

Release notes

Sourced from react's releases.

19.2.5 (April 8th, 2026)

React Server Components

• Add more cycle protections (#36236 by @​eps1lon and @​unstubbable)

Commits

• 23f4f9f 19.2.5
• See full diff in compare view

Updates react-dom from 19.2.4 to 19.2.5

Release notes

Sourced from react-dom's releases.

19.2.5 (April 8th, 2026)

React Server Components

• Add more cycle protections (#36236 by @​eps1lon and @​unstubbable)

Commits

• 23f4f9f 19.2.5
• See full diff in compare view

Updates react-router-dom from 7.13.2 to 7.14.2

Changelog

Sourced from react-router-dom's changelog.

v7.14.2

Patch Changes

• Updated dependencies:
  • react-router@7.14.2

v7.14.1

Patch Changes

• Updated dependencies:
  • react-router@7.14.1

7.14.0

Patch Changes

• Updated dependencies:
  • react-router@7.14.0

Commits

• cf1d250 Release v7.14.2 (#14993)
• 197674b Release 7.14.1 (#14973)
• a87774f Add new release process (#14916)
• e31077b chore: Update version for release (#14945)
• 6683e85 chore: Update version for release (pre) (#14943)
• See full diff in compare view

Updates @eslint/compat from 2.0.3 to 2.0.5

Release notes

Sourced from @​eslint/compat's releases.

migrate-config: v2.0.5

2.0.5 (2026-04-03)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​eslint/compat bumped from ^2.0.3 to ^2.0.4
  • devDependencies
    • @​eslint/core bumped from ^1.1.1 to ^1.2.0

compat: v2.0.5

2.0.5 (2026-04-08)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​eslint/core bumped from ^1.2.0 to ^1.2.1

migrate-config: v2.0.4

2.0.4 (2026-03-20)

Bug Fixes

• update dependency @​eslint/eslintrc to ^3.3.5 (#397) (8567c19)

compat: v2.0.4

2.0.4 (2026-04-03)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​eslint/core bumped from ^1.1.1 to ^1.2.0

Changelog

Sourced from @​eslint/compat's changelog.

2.0.5 (2026-04-08)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​eslint/core bumped from ^1.2.0 to ^1.2.1

2.0.4 (2026-04-03)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​eslint/core bumped from ^1.1.1 to ^1.2.0

Commits

• d2dbf7b chore: release main (#424)
• fe114ee chore: release main (#413)
• 8863791 docs: Update README sponsors
• 835ddf9 docs: Update README sponsors
• 8cd3676 docs: Update README sponsors
• 4d73459 docs: Update README sponsors
• a6c7a26 chore: update eslint and eslint-config-eslint (#401)
• See full diff in compare view

Updates eslint from 10.1.0 to 10.2.1

Release notes

Sourced from eslint's releases.

v10.2.1

Bug Fixes

• 14be92b fix: model generator yield resumption paths in code path analysis (#20665) (sethamus)
• 84a19d2 fix: no-async-promise-executor false positives for shadowed Promise (#20740) (xbinaryx)
• af764af fix: clarify language and processor validation errors (#20729) (Pixel998)
• e251b89 fix: update eslint (#20715) (renovate[bot])

Documentation

• ca92ca0 docs: reuse markdown-it instance for markdown filter (#20768) (Amaresh S M)
• 57d2ee2 docs: Enable Eleventy incremental mode for watch (#20767) (Amaresh S M)
• c1621b9 docs: fix typos in code-path-analyzer.js (#20700) (Ayush Shukla)
• 1418d52 docs: Update README (GitHub Actions Bot)
• 39771e6 docs: Update README (GitHub Actions Bot)
• 71e0469 docs: fix incomplete JSDoc param description in no-shadow rule (#20728) (kuldeep kumar)
• 22119ce docs: clarify scope of for-direction rule with dead code examples (#20723) (Amaresh S M)
• 8f3fb77 docs: document meta.docs.dialects (#20718) (Pixel998)

Chores

• 7ddfea9 chore: update dependency prettier to v3.8.2 (#20770) (renovate[bot])
• fac40e1 ci: bump pnpm/action-setup from 5.0.0 to 6.0.0 (#20763) (dependabot[bot])
• 7246f92 test: add tests for SuppressionsService.load() error handling (#20734) (kuldeep kumar)
• 4f34b1e chore: update pnpm/action-setup action to v5 (#20762) (renovate[bot])
• 51080eb test: processor service (#20731) (kuldeep kumar)
• e7e1889 chore: remove stale babel-eslint10 fixture and test (#20727) (kuldeep kumar)
• 4e1a87c test: remove redundant async/await in flat config array tests (#20722) (Pixel998)
• 066eabb test: add rule metadata coverage for languages and docs.dialects (#20717) (Pixel998)

v10.2.0

Features

• 586ec2f feat: Add meta.languages support to rules (#20571) (Copilot)
• 14207de feat: add Temporal to no-obj-calls (#20675) (Pixel998)
• bbb2c93 feat: add Temporal to ES2026 globals (#20672) (Pixel998)

Bug Fixes

• 542cb3e fix: update first-party dependencies (#20714) (Francesco Trotta)

Documentation

• a2af743 docs: add language to configuration objects (#20712) (Francesco Trotta)
• 845f23f docs: Update README (GitHub Actions Bot)
• 5fbcf59 docs: remove sourceType from ts playground link (#20477) (Tanuj Kanti)
• 8702a47 docs: Update README (GitHub Actions Bot)
• ddeaded docs: Update README (GitHub Actions Bot)
• 2b44966 docs: add Major Releases section to Manage Releases (#20269) (Milos Djermanovic)
• eab65c7 docs: update eslint versions in examples (#20664) (루밀LuMir)
• 3e4a299 docs: update ESM Dependencies policies with note for own-usage packages (#20660) (Milos Djermanovic)

Chores

• 8120e30 refactor: extract no unmodified loop condition (#20679) (kuldeep kumar)
• 46e8469 chore: update dependency markdownlint-cli2 to ^0.22.0 (#20697) (renovate[bot])
• 01ed3aa test: add unit tests for unicode utilities (#20622) (Manish chaudhary)

... (truncated)

Commits

• 4d1d8f9 10.2.1
• 3e33105 Build: changelog update for 10.2.1
• ca92ca0 docs: reuse markdown-it instance for markdown filter (#20768)
• 7ddfea9 chore: update dependency prettier to v3.8.2 (#20770)
• 57d2ee2 docs: Enable Eleventy incremental mode for watch (#20767)
• c1621b9 docs: fix typos in code-path-analyzer.js (#20700)
• fac40e1 ci: bump pnpm/action-setup from 5.0.0 to 6.0.0 (#20763)
• 7246f92 test: add tests for SuppressionsService.load() error handling (#20734)
• 4f34b1e chore: update pnpm/action-setup action to v5 (#20762)
• 1418d52 docs: Update README
• Additional commits viewable in compare view

Updates globals from 17.4.0 to 17.5.0

Release notes

Sourced from globals's releases.

v17.5.0

• Update globals (2026-04-12) (#342) 5d84602

---

sindresorhus/globals@v17.4.0...v17.5.0

Commits

• b8170c8 17.5.0
• 5d84602 Update globals (2026-04-12) (#342)
• 1b727e5 Fix build script for ES globals (#341)
• See full diff in compare view

Bumps the maintenance group with 3 updates: actions/setup-node, softprops/action-gh-release and docker/build-push-action.

Updates actions/setup-node from 6.3.0 to 6.4.0

Release notes

Sourced from actions/setup-node's releases.

v6.4.0

What's Changed

Dependency updates:

• Upgrade @​actions dependencies by @​Copilot in actions/setup-node#1525
• Update Node.js versions in versions.yml and bump package to v6.4.0 by @​priya-kinthali in actions/setup-node#1533

New Contributors

• @​Copilot made their first contribution in actions/setup-node#1525

Full Changelog: actions/setup-node@v6...v6.4.0

Commits

• 48b55a0 Update Node.js versions in versions.yml and bump package to v6.4.0 (#1533)
• ab72c7e Upgrade @​actions dependencies (#1525)
• See full diff in compare view

Updates softprops/action-gh-release from 2.6.1 to 3.0.0

Release notes

Sourced from softprops/action-gh-release's releases.

v3.0.0

3.0.0 is a major release that moves the action runtime from Node 20 to Node 24. Use v3 on GitHub-hosted runners and self-hosted fleets that already support the Node 24 Actions runtime. If you still need the last Node 20-compatible line, stay on v2.6.2.

What's Changed

Other Changes 🔄

• Move the action runtime and bundle target to Node 24
• Update @types/node to the Node 24 line and allow future Dependabot updates
• Keep the floating major tag on v3; v2 remains pinned to the latest 2.x release

v2.6.2

What's Changed

Other Changes 🔄

• chore(deps): bump picomatch from 4.0.3 to 4.0.4 by @​dependabot[bot] in softprops/action-gh-release#775
• chore(deps): bump brace-expansion from 5.0.4 to 5.0.5 by @​dependabot[bot] in softprops/action-gh-release#777
• chore(deps): bump vite from 8.0.0 to 8.0.5 by @​dependabot[bot] in softprops/action-gh-release#781

Full Changelog: softprops/action-gh-release@v2...v2.6.2

Changelog

Sourced from softprops/action-gh-release's changelog.

3.0.0

3.0.0 is a major release that moves the action runtime from Node 20 to Node 24. Use v3 on GitHub-hosted runners and self-hosted fleets that already support the Node 24 Actions runtime. If you still need the last Node 20-compatible line, stay on v2.6.2.

What's Changed

Other Changes 🔄

• Move the action runtime and bundle target to Node 24
• Update @types/node to the Node 24 line and allow future Dependabot updates
• Keep the floating major tag on v3; v2 remains pinned to the latest 2.x release

2.6.2

What's Changed

Other Changes 🔄

• chore(deps): bump picomatch from 4.0.3 to 4.0.4 by @​dependabot[bot] in softprops/action-gh-release#775
• chore(deps): bump brace-expansion from 5.0.4 to 5.0.5 by @​dependabot[bot] in softprops/action-gh-release#777
• chore(deps): bump vite from 8.0.0 to 8.0.5 by @​dependabot[bot] in softprops/action-gh-release#781

2.6.1

2.6.1 is a patch release focused on restoring linked discussion thread creation when discussion_category_name is set. It fixes [#764](https://github.com/softprops/action-gh-release/issues/764), where the draft-first publish flow stopped carrying the discussion category through the final publish step.

If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.

What's Changed

Bug fixes 🐛

• fix: preserve discussion category on publish by @​chenrui333 in softprops/action-gh-release#765

2.6.0

2.6.0 is a minor release centered on previous_tag support for generate_release_notes, which lets workflows pin GitHub's comparison base explicitly instead of relying on the default range. It also includes the recent concurrent asset upload recovery fix, a working_directory docs sync, a checked-bundle freshness guard for maintainers, and clearer immutable-prerelease guidance where GitHub platform behavior imposes constraints on how prerelease asset uploads can be published.

If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.

What's Changed

... (truncated)

Commits

• b430933 release: cut v3.0.0 for Node 24 upgrade (#670)
• c2e35e0 chore(deps): bump the npm group across 1 directory with 7 updates (#783)
• 3bb1273 release 2.6.2
• c34030f chore: bump node to 24.14.1
• 8975bd0 chore(deps): bump vite from 8.0.0 to 8.0.5 (#781)
• f71937f chore(deps): bump brace-expansion from 5.0.4 to 5.0.5 (#777)
• 3f0d239 chore(deps): bump picomatch from 4.0.3 to 4.0.4 (#775)
• See full diff in compare view

Updates docker/build-push-action from 7.0.0 to 7.1.0

Release notes

Sourced from docker/build-push-action's releases.

v7.1.0

• Git context query format support by @​crazy-max in docker/build-push-action#1505
• Bump @​docker/actions-toolkit from 0.79.0 to 0.87.0 by @​crazy-max in docker/build-push-action#1505
• Bump brace-expansion from 1.1.12 to 1.1.13 in docker/build-push-action#1500
• Bump fast-xml-parser from 5.4.2 to 5.5.7 in docker/build-push-action#1489
• Bump flatted from 3.3.3 to 3.4.2 in docker/build-push-action#1491
• Bump glob from 10.3.12 to 10.5.0 in docker/build-push-action#1490
• Bump handlebars from 4.7.8 to 4.7.9 in docker/build-push-action#1497
• Bump lodash from 4.17.23 to 4.18.1 in docker/build-push-action#1510
• Bump picomatch from 4.0.3 to 4.0.4 in docker/build-push-action#1496
• Bump undici from 6.23.0 to 6.24.1 in docker/build-push-action#1486
• Bump vite from 7.3.1 to 7.3.2 in docker/build-push-action#1509

Full Changelog: docker/build-push-action@v7.0.0...v7.1.0

Commits

• bcafcac Merge pull request #1509 from docker/dependabot/npm_and_yarn/vite-7.3.2
• 18e62f1 Merge pull request #1510 from docker/dependabot/npm_and_yarn/lodash-4.18.1
• 46580d2 chore: update generated content
• 3f80b25 chore(deps): Bump lodash from 4.17.23 to 4.18.1
• efeec95 Merge pull request #1505 from crazy-max/refactor-git-context
• ddf04b0 Merge pull request #1511 from docker/dependabot/github_actions/crazy-max-dot-...
• db08d97 chore(deps): Bump the crazy-max-dot-github group with 2 updates
• ef1fb96 Merge pull request #1508 from docker/dependabot/github_actions/docker/login-a...
• 2d8f2a1 chore: update generated content
• 919ac7b fix test since secrets are not written to temp path anymore
• Additional commits viewable in compare view

Bumps the maintenance group with 1 update: node.

Updates node from 25.8.2 to 25.9.0

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions