Skip to content

build: bump the all-frontend-deps group in /src/frontend with 21 updates#423

Merged
github-actions[bot] merged 1 commit intodependabotchangesfrom
dependabot/npm_and_yarn/src/frontend/dependabotchanges/all-frontend-deps-e69d7d87f4
May 2, 2026
Merged

build: bump the all-frontend-deps group in /src/frontend with 21 updates#423
github-actions[bot] merged 1 commit intodependabotchangesfrom
dependabot/npm_and_yarn/src/frontend/dependabotchanges/all-frontend-deps-e69d7d87f4

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 1, 2026

Bumps the all-frontend-deps group in /src/frontend with 21 updates:

Package From To
@fluentui/react-components 9.73.6 9.73.8
@fluentui/react-icons 2.0.323 2.0.325
@tailwindcss/vite 4.2.2 4.2.4
autoprefixer 10.4.27 10.5.0
axios 1.15.0 1.15.2
lucide-react 1.7.0 1.14.0
postcss 8.5.8 8.5.13
@tailwindcss/postcss 4.2.2 4.2.4
react 19.2.4 19.2.5
react-dom 19.2.4 19.2.5
react-router-dom 7.13.2 7.14.2
tailwindcss 4.2.2 4.2.4
uuid 13.0.0 14.0.0
@azure/msal-browser 5.6.2 5.9.0
@azure/msal-react 5.2.0 5.3.2
eslint 10.1.0 10.2.1
eslint-plugin-react-hooks 7.0.1 7.1.1
globals 17.4.0 17.5.0
rollup 4.60.1 4.60.2
vite 8.0.3 8.0.10
vite-plugin-svgr 5.0.0 5.2.0

Updates @fluentui/react-components from 9.73.6 to 9.73.8

Commits

Updates @fluentui/react-icons from 2.0.323 to 2.0.325

Commits

Updates @tailwindcss/vite from 4.2.2 to 4.2.4

Release notes

Sourced from @​tailwindcss/vite's releases.

v4.2.4

Fixed

  • Ensure imports in @import and @plugin still resolve correctly when using Vite aliases in @tailwindcss/vite (#19947)

v4.2.3

Fixed

  • Canonicalization: improve canonicalizations for tracking-* utilities by preferring non-negative utilities (e.g. -tracking-tightertracking-wider) (#19827)
  • Fix crash due to invalid characters in candidate (exceeding valid unicode code point range) (#19829)
  • Ensure query params in imports are considered unique resources when using @tailwindcss/webpack (#19723)
  • Canonicalization: collapse arbitrary values into shorthand utilities (e.g. px-[1.2rem] py-[1.2rem]p-[1.2rem]) (#19837)
  • Canonicalization: collapse border-{t,b}-* into border-y-*, border-{l,r}-* into border-x-*, and border-{t,r,b,l}-* into border-* (#19842)
  • Canonicalization: collapse scroll-m{t,b}-* into scroll-my-*, scroll-m{l,r}-* into scroll-mx-*, and scroll-m{t,r,b,l}-* into scroll-m-* (#19842)
  • Canonicalization: collapse scroll-p{t,b}-* into scroll-py-*, scroll-p{l,r}-* into scroll-px-*, and scroll-p{t,r,b,l}-* into scroll-p-* (#19842)
  • Canonicalization: collapse overflow-{x,y}-* into overflow-* (#19842)
  • Canonicalization: collapse overscroll-{x,y}-* into overscroll-* (#19842)
  • Read from --placeholder-color instead of --background-color for placeholder-* utilities (#19843)
  • Upgrade: ensure files are not emptied out when killing the upgrade process while it's running (#19846)
  • Upgrade: use config.content when migrating from Tailwind CSS v3 to Tailwind CSS v4 (#19846)
  • Upgrade: never migrate files that are ignored by git (#19846)
  • Add .env and .env.* to default ignored content files (#19846)
  • Canonicalization: migrate overflow-ellipsis into text-ellipsis (#19849)
  • Canonicalization: migrate start-fullinset-s-full, start-autoinset-s-auto, start-pxinset-s-px, and start-<number>inset-s-<number> as well as negative versions (#19849)
  • Canonicalization: migrate end-fullinset-e-full, end-autoinset-e-auto, end-pxinset-e-px, and end-<number>inset-e-<number> as well as negative versions (#19849)
  • Canonicalization: move the - sign inside the arbitrary value -left-[9rem]left-[-9rem] (#19858)
  • Canonicalization: move the - sign outside the arbitrary value ml-[calc(-1*var(--width))]-ml-(--width) (#19858)
  • Improve performance when scanning JSONL / NDJSON files (#19862)
  • Support NODE_PATH environment variable in standalone CLI (#19617)
Changelog

Sourced from @​tailwindcss/vite's changelog.

[4.2.4] - 2026-04-21

Fixed

  • Ensure imports in @import and @plugin still resolve correctly when using Vite aliases in @tailwindcss/vite (#19947)

[4.2.3] - 2026-04-20

Fixed

  • Canonicalization: improve canonicalization for tracking-* utilities by preferring non-negative utilities (e.g. -tracking-tightertracking-wider) (#19827)
  • Fix crash due to invalid characters in candidate (exceeding valid unicode code point range) (#19829)
  • Ensure query params in imports are considered unique resources when using @tailwindcss/webpack (#19723)
  • Canonicalization: collapse arbitrary values into shorthand utilities (e.g. px-[1.2rem] py-[1.2rem]p-[1.2rem]) (#19837)
  • Canonicalization: collapse border-{t,b}-* into border-y-*, border-{l,r}-* into border-x-*, and border-{t,r,b,l}-* into border-* (#19842)
  • Canonicalization: collapse scroll-m{t,b}-* into scroll-my-*, scroll-m{l,r}-* into scroll-mx-*, and scroll-m{t,r,b,l}-* into scroll-m-* (#19842)
  • Canonicalization: collapse scroll-p{t,b}-* into scroll-py-*, scroll-p{l,r}-* into scroll-px-*, and scroll-p{t,r,b,l}-* into scroll-p-* (#19842)
  • Canonicalization: collapse overflow-{x,y}-* into overflow-* (#19842)
  • Canonicalization: collapse overscroll-{x,y}-* into overscroll-* (#19842)
  • Read from --placeholder-color instead of --background-color for placeholder-* utilities (#19843)
  • Upgrade: ensure files are not emptied out when killing the upgrade process while it's running (#19846)
  • Upgrade: use config.content when migrating from Tailwind CSS v3 to Tailwind CSS v4 (#19846)
  • Upgrade: never migrate files that are ignored by git (#19846)
  • Add .env and .env.* to default ignored content files (#19846)
  • Canonicalization: migrate overflow-ellipsis into text-ellipsis (#19849)
  • Canonicalization: migrate start-fullinset-s-full, start-autoinset-s-auto, start-pxinset-s-px, and start-<number>inset-s-<number> as well as negative versions (#19849)
  • Canonicalization: migrate end-fullinset-e-full, end-autoinset-e-auto, end-pxinset-e-px, and end-<number>inset-e-<number> as well as negative versions (#19849)
  • Canonicalization: move the - sign inside the arbitrary value -left-[9rem]left-[-9rem] (#19858)
  • Canonicalization: move the - sign outside the arbitrary value ml-[calc(-1*var(--width))]-ml-(--width) (#19858)
  • Improve performance when scanning JSONL / NDJSON files (#19862)
  • Support NODE_PATH environment variable in standalone CLI (#19617)
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​tailwindcss/vite since your current version.


Updates autoprefixer from 10.4.27 to 10.5.0

Release notes

Sourced from autoprefixer's releases.

10.5.0 “Each Endeavouring, All Achieving”

  • Added mask-position-x and mask-position-y support (by @​toporek).
Changelog

Sourced from autoprefixer's changelog.

10.5.0 “Each Endeavouring, All Achieving”

  • Added mask-position-x and mask-position-y support (by @​toporek).
Commits

Updates axios from 1.15.0 to 1.15.2

Release notes

Sourced from axios's releases.

v1.15.2

This release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in allowedSocketPaths allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.

🔒 Security Fixes

  • Prototype Pollution Hardening (HTTP Adapter): Hardened the Node HTTP adapter and resolveConfig/mergeConfig/validator paths to read only own properties and use null-prototype config objects, preventing polluted auth, baseURL, socketPath, beforeRedirect, and insecureHTTPParser from influencing requests. (#10779)
  • SSRF via socketPath: Rejects non-string socketPath values and adds an opt-in allowedSocketPaths config option to restrict permitted Unix domain socket paths, returning AxiosError ERR_BAD_OPTION_VALUE on mismatch. (#10777)
  • Supply-chain Hardening: Added .npmrc with ignore-scripts=true, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded SECURITY.md/THREATMODEL.md with provenance verification (npm audit signatures), 60-day resolution policy, and maintainer incident-response runbook. (#10776)

🚀 New Features

  • allowedSocketPaths Config Option: New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (#10777)

🐛 Bug Fixes

  • Keep-alive Socket Memory Leak: Installs a single per-socket error listener tracking the active request via kAxiosSocketListener/kAxiosCurrentReq, eliminating per-request listener accumulation, MaxListenersExceededWarning, and linear heap growth under concurrent or long-running keep-alive workloads (fixes #10780). (#10788)

🔧 Maintenance & Chores

  • Changelog: Updated CHANGELOG.md with v1.15.1 release notes. (#10781)

Full Changelog

v1.15.1

This release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.

🔒 Security Fixes

  • Header Injection Hardening: Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (#10749)
  • CRLF Stripping in Multipart Headers: Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (#10758)
  • Prototype Pollution / Auth Bypass: Replaced unsafe in checks with hasOwnProperty to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (#10761, #10760)
  • withXSRFToken Truthy Bypass: Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (#10762)
  • maxBodyLength With Zero Redirects: Enforces maxBodyLength even when maxRedirects is set to 0, closing a bypass path for oversized request bodies. (#10753)
  • Streamed Response maxContentLength Bypass: Applies maxContentLength to streamed responses that previously bypassed the cap. (#10754)
  • Follow-up CVE Completion: Completes an earlier incomplete CVE fix to fully close the regression window. (#10755)

🚀 New Features

  • AI-Based Docs Translations: Initial scaffold for AI-assisted translations of the documentation site. (#10705)
  • Location Request Header Type: Adds Location to CommonRequestHeadersList for accurate typing of redirect-aware requests. (#7528)

🐛 Bug Fixes

  • FormData Handling: Removes Content-Type when no boundary is present on FormData fetch requests, supports multi-select fields, cancels request.body instead of the source stream on fetch abort, and fixes a recursion bug in form-data serialisation. (#7314, #10676, #10702, #10726)
  • HTTP Adapter: Handles socket-only request errors without leaking keep-alive listeners. (#10576)
  • Progress Events: Clamps loaded to total for computable upload/download progress events. (#7458)
  • Types: Aligns runWhen type with the runtime behaviour in InterceptorManager and makes response header keys case-insensitive. (#7529, #10677)
  • buildFullPath: Uses strict equality in the base/relative URL check. (#7252)
  • AxiosURLSearchParams Regex: Improves the regex used for param serialisation to avoid edge-case mismatches. (#10736)
  • Resilient Value Parsing: Parses out header/config values instead of throwing on malformed input. (#10687)

... (truncated)

Changelog

Sourced from axios's changelog.

v1.15.2 - April 21, 2026

This release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in allowedSocketPaths allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.

🔒 Security Fixes

  • Prototype Pollution Hardening (HTTP Adapter): Hardened the Node HTTP adapter and resolveConfig/mergeConfig/validator paths to read only own properties and use null-prototype config objects, preventing polluted auth, baseURL, socketPath, beforeRedirect, and insecureHTTPParser from influencing requests. (#10779)
  • SSRF via socketPath: Rejects non-string socketPath values and adds an opt-in allowedSocketPaths config option to restrict permitted Unix domain socket paths, returning AxiosError ERR_BAD_OPTION_VALUE on mismatch. (#10777)
  • Supply-chain Hardening: Added .npmrc with ignore-scripts=true, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded SECURITY.md/THREATMODEL.md with provenance verification (npm audit signatures), 60-day resolution policy, and maintainer incident-response runbook. (#10776)

🚀 New Features

  • allowedSocketPaths Config Option: New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (#10777)

🐛 Bug Fixes

  • Keep-alive Socket Memory Leak: Installs a single per-socket error listener tracking the active request via kAxiosSocketListener/kAxiosCurrentReq, eliminating per-request listener accumulation, MaxListenersExceededWarning, and linear heap growth under concurrent or long-running keep-alive workloads (fixes #10780). (#10788)

🔧 Maintenance & Chores

  • Changelog: Updated CHANGELOG.md with v1.15.1 release notes. (#10781)

Full Changelog

v1.15.1 - April 19, 2026

This release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.

🔒 Security Fixes

  • Header Injection Hardening: Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (#10749)

  • CRLF Stripping in Multipart Headers: Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (#10758)

  • Prototype Pollution / Auth Bypass: Replaced unsafe in checks with hasOwnProperty to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (#10761, #10760)

  • withXSRFToken Truthy Bypass: Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (#10762)

  • maxBodyLength With Zero Redirects: Enforces maxBodyLength even when maxRedirects is set to 0, closing a bypass path for oversized request bodies. (#10753)

  • Streamed Response maxContentLength Bypass: Applies maxContentLength to streamed responses that previously bypassed the cap. (#10754)

  • Follow-up CVE Completion: Completes an earlier incomplete CVE fix to fully close the regression window. (#10755)

🚀 New Features

  • AI-Based Docs Translations: Initial scaffold for AI-assisted translations of the documentation site. (#10705)

... (truncated)

Commits

Updates lucide-react from 1.7.0 to 1.14.0

Release notes

Sourced from lucide-react's releases.

Version 1.14.0

What's Changed

Full Changelog: lucide-icons/lucide@1.13.0...1.14.0

Version 1.13.0

What's Changed

Full Changelog: lucide-icons/lucide@1.12.0...1.13.0

Version 1.12.0

What's Changed

Full Changelog: lucide-icons/lucide@1.10.0...1.12.0

Version 1.11.0

What's Changed

New Contributors

Full Changelog: lucide-icons/lucide@1.9.0...1.11.0

Version 1.10.0

What's Changed

... (truncated)

Commits
  • 50d8af5 docs(readme): Update readme files (#4320)
  • 653e44b feat(packages): use .mjs for ESM bundles (#4285)
  • 7623e23 feat(docs): add Zephyr Cloud to Hero Backers tier & rework updateSponsors scr...
  • See full diff in compare view

Updates postcss from 8.5.8 to 8.5.13

Release notes

Sourced from postcss's releases.

8.5.13

  • Fixed postcss-scss commend regression.

8.5.12

  • Fixed reading any file via user-generated CSS.
  • Added opts.unsafeMap to disable checks.

8.5.11

  • Fixed nested brackets parsing performance (by @​offset).

8.5.10

  • Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

  • Speed up source map encoding paring in case of the error.
Changelog

Sourced from postcss's changelog.

8.5.13

  • Fixed postcss-scss commend regression.

8.5.12

  • Fixed reading any file via user-generated CSS.
  • Added opts.unsafeMap to disable checks.

8.5.11

  • Fixed nested brackets parsing performance (by @​offset).

8.5.10

  • Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

  • Speed up source map encoding paring in case of the error.
Commits

Updates @tailwindcss/postcss from 4.2.2 to 4.2.4

Release notes

Sourced from @​tailwindcss/postcss's releases.

v4.2.4

Fixed

  • Ensure imports in @import and @plugin still resolve correctly when using Vite aliases in @tailwindcss/vite (#19947)

v4.2.3

Fixed

  • Canonicalization: improve canonicalizations for tracking-* utilities by preferring non-negative utilities (e.g. -tracking-tightertracking-wider) (#19827)
  • Fix crash due to invalid characters in candidate (exceeding valid unicode code point range) (#19829)
  • Ensure query params in imports are considered unique resources when using @tailwindcss/webpack (#19723)
  • Canonicalization: collapse arbitrary values into shorthand utilities (e.g. px-[1.2rem] py-[1.2rem]p-[1.2rem]) (#19837)
  • Canonicalization: collapse border-{t,b}-* into border-y-*, border-{l,r}-* into border-x-*, and border-{t,r,b,l}-* into border-* (#19842)
  • Canonicalization: collapse scroll-m{t,b}-* into scroll-my-*, scroll-m{l,r}-* into scroll-mx-*, and scroll-m{t,r,b,l}-* into scroll-m-* (#19842)
  • Canonicalization: collapse scroll-p{t,b}-* into scroll-py-*, scroll-p{l,r}-* into scroll-px-*, and scroll-p{t,r,b,l}-* into scroll-p-* (#19842)
  • Canonicalization: collapse overflow-{x,y}-* into overflow-* (#19842)
  • Canonicalization: collapse overscroll-{x,y}-* into overscroll-* (#19842)
  • Read from --placeholder-color instead of --background-color for placeholder-* utilities (#19843)
  • Upgrade: ensure files are not emptied out when killing the upgrade process while it's running (#19846)
  • Upgrade: use config.content when migrating from Tailwind CSS v3 to Tailwind CSS v4 (#19846)
  • Upgrade: never migrate files that are ignored by git (#19846)
  • Add .env and .env.* to default ignored content files (#19846)
  • Canonicalization: migrate overflow-ellipsis into text-ellipsis (#19849)
  • Canonicalization: migrate start-fullinset-s-full, start-autoinset-s-auto, start-pxinset-s-px, and start-<number>inset-s-<number> as well as negative versions (#19849)
  • Canonicalization: migrate end-fullinset-e-full, end-autoinset-e-auto, end-pxinset-e-px, and end-<number>inset-e-<number> as well as negative versions (#19849)
  • Canonicalization: move the - sign inside the arbitrary value -left-[9rem]left-[-9rem] (#19858)
  • Canonicalization: move the - sign outside the arbitrary value ml-[calc(-1*var(--width))]-ml-(--width) (#19858)
  • Improve performance when scanning JSONL / NDJSON files (#19862)
  • Support NODE_PATH environment variable in standalone CLI (#19617)
Changelog

Sourced from @​tailwindcss/postcss's changelog.

[4.2.4] - 2026-04-21

Fixed

  • Ensure imports in @import and @plugin still resolve correctly when using Vite aliases in @tailwindcss/vite (#19947)

[4.2.3] - 2026-04-20

Fixed

  • Canonicalization: improve canonicalization for tracking-* utilities by preferring non-negative utilities (e.g. -tracking-tightertracking-wider) (#19827)
  • Fix crash due to invalid characters in candidate (exceeding valid unicode code point range) (#19829)
  • Ensure query params in imports are considered unique resources when using @tailwindcss/webpack (#19723)
  • Canonicalization: collapse arbitrary values into shorthand utilities (e.g. px-[1.2rem] py-[1.2rem]p-[1.2rem]) (#19837)
  • Canonicalization: collapse border-{t,b}-* into border-y-*, border-{l,r}-* into border-x-*, and border-{t,r,b,l}-* into border-* (#19842)
  • Canonicalization: collapse scroll-m{t,b}-* into scroll-my-*, scroll-m{l,r}-* into scroll-mx-*, and scroll-m{t,r,b,l}-* into scroll-m-* (#19842)
  • Canonicalization: collapse scroll-p{t,b}-* into scroll-py-*, scroll-p{l,r}-* into scroll-px-*, and scroll-p{t,r,b,l}-* into scroll-p-* (#19842)
  • Canonicalization: collapse overflow-{x,y}-* into overflow-* (#19842)
  • Canonicalization: collapse overscroll-{x,y}-* into overscroll-* (#19842)
  • Read from --placeholder-color instead of --background-color for placeholder-* utilities (#19843)
  • Upgrade: ensure files are not emptied out when killing the upgrade process while it's running (#19846)
  • Upgrade: use config.content when migrating from Tailwind CSS v3 to Tailwind CSS v4 (#19846)
  • Upgrade: never migrate files that are ignored by git (#19846)
  • Add .env and .env.* to default ignored content files (#19846)
  • Canonicalization: migrate overflow-ellipsis into text-ellipsis (#19849)
  • Canonicalization: migrate start-fullinset-s-full, start-autoinset-s-auto, start-pxinset-s-px, and start-<number>inset-s-<number> as well as negative versions (#19849)
  • Canonicalization: migrate end-fullinset-e-full, end-autoinset-e-auto, end-pxinset-e-px, and end-<number>inset-e-<number> as well as negative versions (#19849)
  • Canonicalization: move the - sign inside the arbitrary value -left-[9rem]left-[-9rem] (#19858)
  • Canonicalization: move the - sign outside the arbitrary value ml-[calc(-1*var(--width))]-ml-(--width) (#19858)
  • Improve performance when scanning JSONL / NDJSON files (#19862)
  • Support NODE_PATH environment variable in standalone CLI (#19617)
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​tailwindcss/postcss since your current version.


Updates react from 19.2.4 to 19.2.5

Release notes

Sourced from react's releases.

19.2.5 (April 8th, 2026)

React Server Components

Commits

Updates react-dom from 19.2.4 to 19.2.5

Release notes

Sourced from react-dom's releases.

19.2.5 (April 8th, 2026)

React Server Components

Commits

Updates react-router-dom from 7.13.2 to 7.14.2

Changelog

Sourced from react-router-dom's changelog.

v7.14.2

Patch Changes

v7.14.1

Patch Changes

7.14.0

Patch Changes

  • Updated dependencies:
    • react-router@7.14.0
Commits

Updates tailwindcss from 4.2.2 to 4.2.4

Release notes

Sourced from tailwindcss's releases.

v4.2.4

Fixed

  • Ensure imports in @import and @plugin still resolve correctly when using Vite aliases in @tailwindcss/vite (#19947)

v4.2.3

Fixed

  • Canonicalization: improve canonicalizations for tracking-* utilities by preferring non-negative utilities (e.g. -tracking-tightertracking-wider) (#19827)
  • Fix crash due to invalid characters in candidate (exceeding valid unicode code point range) (#19829)
  • Ensure query params in imports are considered unique resources when using @tailwindcss/webpack (#19723)
  • Canonicalization: collapse arbitrary values into shorthand utilities (e.g. px-[1.2rem] py-[1.2rem]p-[1.2rem]) (#19837)
  • Canonicalization: collapse border-{t,b}-* into border-y-*, border-{l,r}-* into border-x-*, and border-{t,r,b,l}-* into border-* (#19842)
  • Canonicalization: collapse scroll-m{t,b}-* into scroll-my-*, scroll-m{l,r}-* into scroll-mx-*, and scroll-m{t,r,b,l}-* into scroll-m-* (#19842)
  • Canonicalization: collapse scroll-p{t,b}-* into scroll-py-*, scroll-p{l,r}-* into scroll-px-*, and scroll-p{t,r,b,l}-* into scroll-p-* (#19842)
  • Canonicalization: collapse overflow-{x,y}-* into overflow-* (#19842)
  • Canonicalization: collapse overscroll-{x,y}-* into overscroll-* (#19842)
  • Read from --placeholder-color instead of --background-color for placeholder-* utilities (#19843)
  • Upgrade: ensure files are not emptied out when killing the upgrade process while it's running (#19846)
  • Upgrade: use config.content when migrating from Tailwind CSS v3 to Tailwind CSS v4 (#19846)
  • Upgrade: never migrate files that are ignored by git (#19846Description has been truncated

@dependabot
build: bump the all-frontend-deps group in /src/frontend with 21 updates
d41d0da 
Bumps the all-frontend-deps group in /src/frontend with 21 updates:

| Package | From | To |
| --- | --- | --- |
| [@fluentui/react-components](https://github.com/microsoft/fluentui) | `9.73.6` | `9.73.8` |
| [@fluentui/react-icons](https://github.com/microsoft/fluentui-system-icons) | `2.0.323` | `2.0.325` |
| [@tailwindcss/vite](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-vite) | `4.2.2` | `4.2.4` |
| [autoprefixer](https://github.com/postcss/autoprefixer) | `10.4.27` | `10.5.0` |
| [axios](https://github.com/axios/axios) | `1.15.0` | `1.15.2` |
| [lucide-react](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react) | `1.7.0` | `1.14.0` |
| [postcss](https://github.com/postcss/postcss) | `8.5.8` | `8.5.13` |
| [@tailwindcss/postcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-postcss) | `4.2.2` | `4.2.4` |
| [react](https://github.com/facebook/react/tree/HEAD/packages/react) | `19.2.4` | `19.2.5` |
| [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) | `19.2.4` | `19.2.5` |
| [react-router-dom](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom) | `7.13.2` | `7.14.2` |
| [tailwindcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss) | `4.2.2` | `4.2.4` |
| [uuid](https://github.com/uuidjs/uuid) | `13.0.0` | `14.0.0` |
| [@azure/msal-browser](https://github.com/AzureAD/microsoft-authentication-library-for-js) | `5.6.2` | `5.9.0` |
| [@azure/msal-react](https://github.com/AzureAD/microsoft-authentication-library-for-js) | `5.2.0` | `5.3.2` |
| [eslint](https://github.com/eslint/eslint) | `10.1.0` | `10.2.1` |
| [eslint-plugin-react-hooks](https://github.com/facebook/react/tree/HEAD/packages/eslint-plugin-react-hooks) | `7.0.1` | `7.1.1` |
| [globals](https://github.com/sindresorhus/globals) | `17.4.0` | `17.5.0` |
| [rollup](https://github.com/rollup/rollup) | `4.60.1` | `4.60.2` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `8.0.3` | `8.0.10` |
| [vite-plugin-svgr](https://github.com/pd4d10/vite-plugin-svgr) | `5.0.0` | `5.2.0` |


Updates `@fluentui/react-components` from 9.73.6 to 9.73.8
- [Release notes](https://github.com/microsoft/fluentui/releases)
- [Commits](https://github.com/microsoft/fluentui/commits)

Updates `@fluentui/react-icons` from 2.0.323 to 2.0.325
- [Changelog](https://github.com/microsoft/fluentui-system-icons/blob/main/docs/releases.md)
- [Commits](https://github.com/microsoft/fluentui-system-icons/commits)

Updates `@tailwindcss/vite` from 4.2.2 to 4.2.4
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.2.4/packages/@tailwindcss-vite)

Updates `autoprefixer` from 10.4.27 to 10.5.0
- [Release notes](https://github.com/postcss/autoprefixer/releases)
- [Changelog](https://github.com/postcss/autoprefixer/blob/main/CHANGELOG.md)
- [Commits](postcss/autoprefixer@10.4.27...10.5.0)

Updates `axios` from 1.15.0 to 1.15.2
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.15.0...v1.15.2)

Updates `lucide-react` from 1.7.0 to 1.14.0
- [Release notes](https://github.com/lucide-icons/lucide/releases)
- [Commits](https://github.com/lucide-icons/lucide/commits/1.14.0/packages/lucide-react)

Updates `postcss` from 8.5.8 to 8.5.13
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.5.8...8.5.13)

Updates `@tailwindcss/postcss` from 4.2.2 to 4.2.4
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.2.4/packages/@tailwindcss-postcss)

Updates `react` from 19.2.4 to 19.2.5
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.5/packages/react)

Updates `react-dom` from 19.2.4 to 19.2.5
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.5/packages/react-dom)

Updates `react-router-dom` from 7.13.2 to 7.14.2
- [Release notes](https://github.com/remix-run/react-router/releases)
- [Changelog](https://github.com/remix-run/react-router/blob/main/packages/react-router-dom/CHANGELOG.md)
- [Commits](https://github.com/remix-run/react-router/commits/react-router-dom@7.14.2/packages/react-router-dom)

Updates `tailwindcss` from 4.2.2 to 4.2.4
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.2.4/packages/tailwindcss)

Updates `uuid` from 13.0.0 to 14.0.0
- [Release notes](https://github.com/uuidjs/uuid/releases)
- [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md)
- [Commits](uuidjs/uuid@v13.0.0...v14.0.0)

Updates `@azure/msal-browser` from 5.6.2 to 5.9.0
- [Release notes](https://github.com/AzureAD/microsoft-authentication-library-for-js/releases)
- [Commits](AzureAD/microsoft-authentication-library-for-js@msal-browser-v5.6.2...msal-browser-v5.9.0)

Updates `@azure/msal-react` from 5.2.0 to 5.3.2
- [Release notes](https://github.com/AzureAD/microsoft-authentication-library-for-js/releases)
- [Commits](AzureAD/microsoft-authentication-library-for-js@msal-react-v5.2.0...msal-react-v5.3.2)

Updates `eslint` from 10.1.0 to 10.2.1
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v10.1.0...v10.2.1)

Updates `eslint-plugin-react-hooks` from 7.0.1 to 7.1.1
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/facebook/react/blob/main/packages/eslint-plugin-react-hooks/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/eslint-plugin-react-hooks@7.1.1/packages/eslint-plugin-react-hooks)

Updates `globals` from 17.4.0 to 17.5.0
- [Release notes](https://github.com/sindresorhus/globals/releases)
- [Commits](sindresorhus/globals@v17.4.0...v17.5.0)

Updates `rollup` from 4.60.1 to 4.60.2
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](rollup/rollup@v4.60.1...v4.60.2)

Updates `vite` from 8.0.3 to 8.0.10
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.0.10/packages/vite)

Updates `vite-plugin-svgr` from 5.0.0 to 5.2.0
- [Release notes](https://github.com/pd4d10/vite-plugin-svgr/releases)
- [Commits](pd4d10/vite-plugin-svgr@v5.0.0...v5.2.0)

---
updated-dependencies:
- dependency-name: "@fluentui/react-components"
  dependency-version: 9.73.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-frontend-deps
- dependency-name: "@fluentui/react-icons"
  dependency-version: 2.0.325
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-frontend-deps
- dependency-name: "@tailwindcss/vite"
  dependency-version: 4.2.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-frontend-deps
- dependency-name: autoprefixer
  dependency-version: 10.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-frontend-deps
- dependency-name: axios
  dependency-version: 1.15.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-frontend-deps
- dependency-name: lucide-react
  dependency-version: 1.14.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-frontend-deps
- dependency-name: postcss
  dependency-version: 8.5.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-frontend-deps
- dependency-name: "@tailwindcss/postcss"
  dependency-version: 4.2.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-frontend-deps
- dependency-name: react
  dependency-version: 19.2.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-frontend-deps
- dependency-name: react-dom
  dependency-version: 19.2.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-frontend-deps
- dependency-name: react-router-dom
  dependency-version: 7.14.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-frontend-deps
- dependency-name: tailwindcss
  dependency-version: 4.2.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-frontend-deps
- dependency-name: uuid
  dependency-version: 14.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all-frontend-deps
- dependency-name: "@azure/msal-browser"
  dependency-version: 5.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-frontend-deps
- dependency-name: "@azure/msal-react"
  dependency-version: 5.3.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-frontend-deps
- dependency-name: eslint
  dependency-version: 10.2.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-frontend-deps
- dependency-name: eslint-plugin-react-hooks
  dependency-version: 7.1.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-frontend-deps
- dependency-name: globals
  dependency-version: 17.5.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-frontend-deps
- dependency-name: rollup
  dependency-version: 4.60.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all-frontend-deps
- dependency-name: vite
  dependency-version: 8.0.10
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all-frontend-deps
- dependency-name: vite-plugin-svgr
  dependency-version: 5.2.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-frontend-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 1, 2026
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label May 1, 2026
@dependabot dependabot Bot added the javascript Pull requests that update javascript code label May 1, 2026
@dependabot dependabot Bot requested a review from dgp10801 as a code owner May 1, 2026 03:51
@github-actions github-actions Bot merged commit 6f3e98b into dependabotchanges May 2, 2026
2 checks passed
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/src/frontend/dependabotchanges/all-frontend-deps-e69d7d87f4 branch May 2, 2026 00:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Avijit-Microsoft Avijit-Microsoft Awaiting requested review from Avijit-Microsoft Avijit-Microsoft is a code owner

@Roopan-Microsoft Roopan-Microsoft Awaiting requested review from Roopan-Microsoft Roopan-Microsoft is a code owner

@Prajwal-Microsoft Prajwal-Microsoft Awaiting requested review from Prajwal-Microsoft Prajwal-Microsoft is a code owner

@aniaroramsft aniaroramsft Awaiting requested review from aniaroramsft aniaroramsft is a code owner

@marktayl1 marktayl1 Awaiting requested review from marktayl1 marktayl1 is a code owner

@Vinay-Microsoft Vinay-Microsoft Awaiting requested review from Vinay-Microsoft Vinay-Microsoft is a code owner

@toherman-msft toherman-msft Awaiting requested review from toherman-msft toherman-msft is a code owner

@nchandhi nchandhi Awaiting requested review from nchandhi nchandhi is a code owner

@dgp10801 dgp10801 Awaiting requested review from dgp10801 dgp10801 is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants