deps: bump the dependencies-minor group across 1 directory with 13 updates

[dependabot]

Bumps the dependencies-minor group with 13 updates in the / directory:

Package	From	To
@fontsource-variable/figtree	5.2.8	5.2.10
@fontsource/ibm-plex-mono	5.2.6	5.2.7
@hookform/resolvers	5.1.1	5.2.2
@oddbird/css-anchor-positioning	0.6.1	0.7.0
next	15.5.2	15.5.4
react	19.1.0	19.2.0
@types/react	19.1.8	19.2.2
react-dom	19.1.0	19.2.0
@types/react-dom	19.1.6	19.2.1
react-hook-form	7.60.0	7.64.0
@playwright/test	1.54.1	1.56.0
sass	1.89.2	1.93.2
typescript	5.8.3	5.9.3

Updates @fontsource-variable/figtree from 5.2.8 to 5.2.10

Commits

• See full diff in compare view

Updates @fontsource/ibm-plex-mono from 5.2.6 to 5.2.7

Commits

• See full diff in compare view

Updates @hookform/resolvers from 5.1.1 to 5.2.2

Release notes

Sourced from @​hookform/resolvers's releases.

v5.2.2

5.2.2 (2025-09-14)

Bug Fixes

• zod: fix output type for Zod 4 resolver (#803) (e95721d)

v5.2.1

5.2.1 (2025-07-29)

Bug Fixes

• discriminated union for zod v4 mini (#784) (49a0d7b)
• zod v4 peer deps (#798) (2d28e6a)
• zod: fix output type for Zod 4 resolver (#801) (bc09647)

v5.2.0

5.2.0 (2025-07-25)

Features

• ajv: add ajv-formats for ajvResolver (#797) (f040039)

Commits

• e95721d fix(zod): fix output type for Zod 4 resolver (#803)
• 49a0d7b fix: discriminated union for zod v4 mini (#784)
• bc09647 fix(zod): fix output type for Zod 4 resolver (#801)
• 2d28e6a fix: zod v4 peer deps (#798)
• f040039 feat(ajv): add ajv-formats for ajvResolver (#797)
• See full diff in compare view

Updates @oddbird/css-anchor-positioning from 0.6.1 to 0.7.0

Release notes

Sourced from @​oddbird/css-anchor-positioning's releases.

v0.7.0

What's Changed

• 🚀 Work with anchor and target inside same shadow root by @​wkillerud in oddbird/css-anchor-positioning#353
• 🏠 INTERNAL: Upgrade dependencies

New Contributors

• @​wkillerud made their first contribution in oddbird/css-anchor-positioning#353

Full Changelog: oddbird/css-anchor-positioning@v0.6.1...v0.7.0

Commits

• 40f3a89 v0.7.0
• db16313 Work with anchor and target inside same shadow root (#353)
• b18b8ed Merge pull request #352 from oddbird/dependabot/npm_and_yarn/dev-9d451710aa
• ea505c5 Merge pull request #351 from oddbird/dependabot/npm_and_yarn/prod-8404f4c51f
• d4bbb67 chore(deps-dev): Bump the dev group with 13 updates
• ae3512f chore(deps): Bump the prod group with 2 updates
• 2f9b4c5 Merge pull request #348 from oddbird/dependabot/npm_and_yarn/npm_and_yarn-f5c...
• 98ccee3 chore(deps-dev): Bump vite in the npm_and_yarn group across 1 directory
• 15ebcc0 Merge pull request #346 from oddbird/dependabot/github_actions/actions/setup-...
• 2cc99a6 Merge pull request #347 from oddbird/dependabot/github_actions/actions/setup-...
• Additional commits viewable in compare view

Updates next from 15.5.2 to 15.5.4

Release notes

Sourced from next's releases.

v15.5.4

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• fix: ensure onRequestError is invoked when otel enabled (#83343)
• fix: devtools initial position should be from next config (#83571)
• [devtool] fix overlay styles are missing (#83721)
• Turbopack: don't match dynamic pattern for node_modules packages (#83176)
• Turbopack: don't treat metadata routes as RSC (#82911)
• [turbopack] Improve handling of symlink resolution errors in track_glob and read_glob (#83357)
• Turbopack: throw large static metadata error earlier (#82939)
• fix: error overlay not closing when backdrop clicked (#83981)
• Turbopack: flush Node.js worker IPC on error (#84077)

Misc Changes

• [CNA] use linter preference (#83194)
• CI: use KV for test timing data (#83745)
• docs: september improvements and fixes (#83997)

Credits

Huge thanks to @​yiminghe, @​huozhi, @​devjiwonchoi, @​mischnic, @​lukesandberg, @​ztanner, @​icyJoseph, @​leerob, @​fufuShih, @​dwrth, @​aymericzip, @​obendev, @​molebox, @​OoMNoO, @​pontasan, @​styfle, @​HondaYt, @​ryuapp, @​lpalmes, and @​ijjk for helping!

v15.5.3

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• fix: validation return types of pages API routes (#83069)
• fix: relative paths in dev in validator.ts (#83073)
• fix: remove satisfies keyword from type validation to preserve old TS compatibility (#83071)

Credits

Huge thanks to @​bgub for helping!

Commits

• 40f1d78 v15.5.4
• cb30f0a [backport] docs: september improvements and fixes (#83997)
• b6a32bb [backport] [CNA] use linter preference (#83194) (#84087)
• 26d61f1 [backport] Turbopack: flush Node.js worker IPC on error (#84079)
• e11e87a [backport] fix: error overlay not closing when backdrop clicked (#83981) (#83...
• 0a29888 [backport] fix: devtools initial position should be from next config (#83571)...
• 7a53950 [backport] Turbopack: don't treat metadata routes as RSC (#83804)
• 050bdf1 [backport] Turbopack: throw large static metadata error earlier (#83816)
• 1f6ea09 [backport] Turbopack: Improve handling of symlink resolution errors (#83805)
• c7d1855 [backport] CI: use KV for test timing data (#83860)
• Additional commits viewable in compare view

Updates react from 19.1.0 to 19.2.0

Release notes

Sourced from react's releases.

19.2.0 (Oct 1, 2025)

Below is a list of all new features, APIs, and bug fixes.

Read the React 19.2 release post for more information.

New React Features

• <Activity>: A new API to hide and restore the UI and internal state of its children.
• useEffectEvent is a React Hook that lets you extract non-reactive logic into an Effect Event.
• cacheSignal (for RSCs) lets your know when the cache() lifetime is over.
• React Performance tracks appear on the Performance panel’s timeline in your browser developer tools

New React DOM Features

• Added resume APIs for partial pre-rendering with Web Streams:
  • resume: to resume a prerender to a stream.
  • resumeAndPrerender: to resume a prerender to HTML.
• Added resume APIs for partial pre-rendering with Node Streams:
  • resumeToPipeableStream: to resume a prerender to a stream.
  • resumeAndPrerenderToNodeStream: to resume a prerender to HTML.
• Updated prerender APIs to return a postponed state that can be passed to the resume APIs.

Notable changes

• React DOM now batches suspense boundary reveals, matching the behavior of client side rendering. This change is especially noticeable when animating the reveal of Suspense boundaries e.g. with the upcoming <ViewTransition> Component. React will batch as much reveals as possible before the first paint while trying to hit popular first-contentful paint metrics.
• Add Node Web Streams (prerender, renderToReadableStream) to server-side-rendering APIs for Node.js
• Use underscore instead of : IDs generated by useId

All Changes

React

• <Activity /> was developed over many years, starting before ClassComponent.setState (@​acdlite @​sebmarkbage and many others)
• Stringify context as "SomeContext" instead of "SomeContext.Provider" (@​kassens #33507)
• Include stack of cause of React instrumentation errors with %o placeholder (@​eps1lon #34198)
• Fix infinite useDeferredValue loop in popstate event (@​acdlite #32821)
• Fix a bug when an initial value was passed to useDeferredValue (@​acdlite #34376)
• Fix a crash when submitting forms with Client Actions (@​sebmarkbage #33055)
• Hide/unhide the content of dehydrated suspense boundaries if they resuspend (@​sebmarkbage #32900)
• Avoid stack overflow on wide trees during Hot Reload (@​sophiebits #34145)
• Improve Owner and Component stacks in various places (@​sebmarkbage, @​eps1lon: #33629, #33724, #32735, #33723)
• Add cacheSignal (@​sebmarkbage #33557)

React DOM

• Block on Suspensey Fonts during reveal of server-side-rendered content (@​sebmarkbage #33342)
• Use underscore instead of : for IDs generated by useId (@​sebmarkbage, @​eps1lon: #32001, facebook/react#33342#33099, #33422)
• Stop warning when ARIA 1.3 attributes are used (@​Abdul-Omira #34264)
• Allow nonce to be used on hoistable styles (@​Andarist #32461)
• Warn for using a React owned node as a Container if it also has text content (@​sebmarkbage #32774)

... (truncated)

Changelog

Sourced from react's changelog.

19.2.0 (October 1st, 2025)

Below is a list of all new features, APIs, and bug fixes.

Read the React 19.2 release post for more information.

New React Features

• <Activity>: A new API to hide and restore the UI and internal state of its children.
• useEffectEvent is a React Hook that lets you extract non-reactive logic into an Effect Event.
• cacheSignal (for RSCs) lets your know when the cache() lifetime is over.
• React Performance tracks appear on the Performance panel’s timeline in your browser developer tools

New React DOM Features

• Added resume APIs for partial pre-rendering with Web Streams:
  • resume: to resume a prerender to a stream.
  • resumeAndPrerender: to resume a prerender to HTML.
• Added resume APIs for partial pre-rendering with Node Streams:
  • resumeToPipeableStream: to resume a prerender to a stream.
  • resumeAndPrerenderToNodeStream: to resume a prerender to HTML.
• Updated prerender APIs to return a postponed state that can be passed to the resume APIs.

Notable changes

• React DOM now batches suspense boundary reveals, matching the behavior of client side rendering. This change is especially noticeable when animating the reveal of Suspense boundaries e.g. with the upcoming <ViewTransition> Component. React will batch as much reveals as possible before the first paint while trying to hit popular first-contentful paint metrics.
• Add Node Web Streams (prerender, renderToReadableStream) to server-side-rendering APIs for Node.js
• Use underscore instead of : IDs generated by useId

All Changes

React

• <Activity /> was developed over many years, starting before ClassComponent.setState (@​acdlite @​sebmarkbage and many others)
• Stringify context as "SomeContext" instead of "SomeContext.Provider" (@​kassens #33507)
• Include stack of cause of React instrumentation errors with %o placeholder (@​eps1lon #34198)
• Fix infinite useDeferredValue loop in popstate event (@​acdlite #32821)
• Fix a bug when an initial value was passed to useDeferredValue (@​acdlite #34376)
• Fix a crash when submitting forms with Client Actions (@​sebmarkbage #33055)
• Hide/unhide the content of dehydrated suspense boundaries if they resuspend (@​sebmarkbage #32900)
• Avoid stack overflow on wide trees during Hot Reload (@​sophiebits #34145)
• Improve Owner and Component stacks in various places (@​sebmarkbage, @​eps1lon: #33629, #33724, #32735, #33723)
• Add cacheSignal (@​sebmarkbage #33557)

React DOM

• Block on Suspensey Fonts during reveal of server-side-rendered content (@​sebmarkbage #33342)
• Use underscore instead of : for IDs generated by useId (@​sebmarkbage, @​eps1lon: #32001, facebook/react#33342#33099, #33422)
• Stop warning when ARIA 1.3 attributes are used (@​Abdul-Omira #34264)
• Allow nonce to be used on hoistable styles (@​Andarist #32461)

... (truncated)

Commits

• 5667a41 Bump next prerelease version numbers (#34639)
• 8bb7241 Bump useEffectEvent to Canary (#34610)
• e3c9656 Ensure Performance Track are Clamped and Don't overlap (#34509)
• 68f00c9 Release Activity in Canary (#34374)
• 0e10ee9 [Reconciler] Set ProfileMode for Host Root Fiber by default in dev (#34432)
• 3bf8ab4 Add missing Activity export to development mode (#34439)
• 1549bda [Flight] Only assign _store in dev mode when creating lazy types (#34354)
• bb6f0c8 [Flight] Fix wrong missing key warning when static child is blocked (#34350)
• 05addfc Update Flow to 0.266 (#34271)
• ec5dd0a Update Flow to 0.257 (#34253)
• Additional commits viewable in compare view

Updates @types/react from 19.1.8 to 19.2.2

Commits

• See full diff in compare view

Updates react-dom from 19.1.0 to 19.2.0

Release notes

Sourced from react-dom's releases.

19.2.0 (Oct 1, 2025)

Below is a list of all new features, APIs, and bug fixes.

Read the React 19.2 release post for more information.

New React Features

• <Activity>: A new API to hide and restore the UI and internal state of its children.
• useEffectEvent is a React Hook that lets you extract non-reactive logic into an Effect Event.
• cacheSignal (for RSCs) lets your know when the cache() lifetime is over.
• React Performance tracks appear on the Performance panel’s timeline in your browser developer tools

New React DOM Features

• Added resume APIs for partial pre-rendering with Web Streams:
  • resume: to resume a prerender to a stream.
  • resumeAndPrerender: to resume a prerender to HTML.
• Added resume APIs for partial pre-rendering with Node Streams:
  • resumeToPipeableStream: to resume a prerender to a stream.
  • resumeAndPrerenderToNodeStream: to resume a prerender to HTML.
• Updated prerender APIs to return a postponed state that can be passed to the resume APIs.

Notable changes

• React DOM now batches suspense boundary reveals, matching the behavior of client side rendering. This change is especially noticeable when animating the reveal of Suspense boundaries e.g. with the upcoming <ViewTransition> Component. React will batch as much reveals as possible before the first paint while trying to hit popular first-contentful paint metrics.
• Add Node Web Streams (prerender, renderToReadableStream) to server-side-rendering APIs for Node.js
• Use underscore instead of : IDs generated by useId

All Changes

React

• <Activity /> was developed over many years, starting before ClassComponent.setState (@​acdlite @​sebmarkbage and many others)
• Stringify context as "SomeContext" instead of "SomeContext.Provider" (@​kassens #33507)
• Include stack of cause of React instrumentation errors with %o placeholder (@​eps1lon #34198)
• Fix infinite useDeferredValue loop in popstate event (@​acdlite #32821)
• Fix a bug when an initial value was passed to useDeferredValue (@​acdlite #34376)
• Fix a crash when submitting forms with Client Actions (@​sebmarkbage #33055)
• Hide/unhide the content of dehydrated suspense boundaries if they resuspend (@​sebmarkbage #32900)
• Avoid stack overflow on wide trees during Hot Reload (@​sophiebits #34145)
• Improve Owner and Component stacks in various places (@​sebmarkbage, @​eps1lon: #33629, #33724, #32735, #33723)
• Add cacheSignal (@​sebmarkbage #33557)

React DOM

• Block on Suspensey Fonts during reveal of server-side-rendered content (@​sebmarkbage #33342)
• Use underscore instead of : for IDs generated by useId (@​sebmarkbage, @​eps1lon: #32001, facebook/react#33342#33099, #33422)
• Stop warning when ARIA 1.3 attributes are used (@​Abdul-Omira #34264)
• Allow nonce to be used on hoistable styles (@​Andarist #32461)
• Warn for using a React owned node as a Container if it also has text content (@​sebmarkbage #32774)

... (truncated)

Changelog

Sourced from react-dom's changelog.

19.2.0 (October 1st, 2025)

Below is a list of all new features, APIs, and bug fixes.

Read the React 19.2 release post for more information.

New React Features

• <Activity>: A new API to hide and restore the UI and internal state of its children.
• useEffectEvent is a React Hook that lets you extract non-reactive logic into an Effect Event.
• cacheSignal (for RSCs) lets your know when the cache() lifetime is over.
• React Performance tracks appear on the Performance panel’s timeline in your browser developer tools

New React DOM Features

• Added resume APIs for partial pre-rendering with Web Streams:
  • resume: to resume a prerender to a stream.
  • resumeAndPrerender: to resume a prerender to HTML.
• Added resume APIs for partial pre-rendering with Node Streams:
  • resumeToPipeableStream: to resume a prerender to a stream.
  • resumeAndPrerenderToNodeStream: to resume a prerender to HTML.
• Updated prerender APIs to return a postponed state that can be passed to the resume APIs.

Notable changes

• React DOM now batches suspense boundary reveals, matching the behavior of client side rendering. This change is especially noticeable when animating the reveal of Suspense boundaries e.g. with the upcoming <ViewTransition> Component. React will batch as much reveals as possible before the first paint while trying to hit popular first-contentful paint metrics.
• Add Node Web Streams (prerender, renderToReadableStream) to server-side-rendering APIs for Node.js
• Use underscore instead of : IDs generated by useId

All Changes

React

• <Activity /> was developed over many years, starting before ClassComponent.setState (@​acdlite @​sebmarkbage and many others)
• Stringify context as "SomeContext" instead of "SomeContext.Provider" (@​kassens #33507)
• Include stack of cause of React instrumentation errors with %o placeholder (@​eps1lon #34198)
• Fix infinite useDeferredValue loop in popstate event (@​acdlite #32821)
• Fix a bug when an initial value was passed to useDeferredValue (@​acdlite #34376)
• Fix a crash when submitting forms with Client Actions (@​sebmarkbage #33055)
• Hide/unhide the content of dehydrated suspense boundaries if they resuspend (@​sebmarkbage #32900)
• Avoid stack overflow on wide trees during Hot Reload (@​sophiebits #34145)
• Improve Owner and Component stacks in various places (@​sebmarkbage, @​eps1lon: #33629, #33724, #32735, #33723)
• Add cacheSignal (@​sebmarkbage #33557)

React DOM

• Block on Suspensey Fonts during reveal of server-side-rendered content (@​sebmarkbage #33342)
• Use underscore instead of : for IDs generated by useId (@​sebmarkbage, @​eps1lon: #32001, facebook/react#33342#33099, #33422)
• Stop warning when ARIA 1.3 attributes are used (@​Abdul-Omira #34264)
• Allow nonce to be used on hoistable styles (@​Andarist #32461)

... (truncated)

Commits

• 8618113 Bump scheduler version (#34671)
• 1bd1f01 Ship partial-prerendering APIs to Canary (#34633)
• 2f0649a [Fizz] Remove nonce option from resume-and-prerender APIs (#34664)
• 5667a41 Bump next prerelease version numbers (#34639)
• e08f53b Match react-dom/static test entrypoints and published entrypoints (#34599)
• 8bb7241 Bump useEffectEvent to Canary (#34610)
• 83c88ad Handle fabric root level fragment with compareDocumentPosition (#34533)
• 68f00c9 Release Activity in Canary (#34374)
• 3168e08 [flags] enable opt-in for enableDefaultTransitionIndicator (#34373)
• 3434ff4 Add scrollIntoView to fragment instances (#32814)
• Additional commits viewable in compare view

Updates @types/react-dom from 19.1.6 to 19.2.1

Commits

• See full diff in compare view

Updates react-hook-form from 7.60.0 to 7.64.0

Release notes

Sourced from react-hook-form's releases.

Version 7.64.0

🚏 Support optional array fields in PathValueImpl type (#13057) 🐞 fix: preserve Controller's defaultValue with shouldUnregister prop (#13063) ✂ chore: remove unused field ids ref in useFieldArray (#13066)

thanks to @​MPrieur-chaps, @​gynekolog & @​uk960214

Version 7.63.0

🥢 feat: extract form values by form state (#12936)

getValues(undefined, { dirtyFields: true }); // return only dirty fields 
getValues(undefined, { touchedFields: true });  // return only touched fields 

🦍 feat: improve get dirty fields logic (#13049) 🐿️ chore: remove duplicated function isMessage (#13050) 🐞 fix: use field name to update isValidating fields (#13000) 🐞 fix: unregister previous field when switching conditional Controllers (#13041) 🐞 fix: only excuse trigger function when deps has a valid array (#13056)

thanks to @​candymask0712, @​GorkemKir, @​kimtaejin3, @​m2na7 & @​abnud11

Version 7.62.0

👨‍🔧 prevent onBlur for readOnly fields (#12971) 🐞 fix #12988 sync two defaultValues after reset with new defaultValues (#12990) 🐞 fix: do not override prototype of data in cloneObject (#12985) 🐞 fix field name type conflict in nested FieldErrors (#12972)

thanks to @​candymask0712, @​Adityapradh, @​Ty3uK & @​kichikawa57

Version 7.61.1

Revert "⌨️ fix: watch return type based on defaultValue (#12896)"

Version 7.61.0

🧮 feat: compute prop for useWatch subscription (#12503)

• subscribe to the entire form but only return updated value with certain condition

type FormValue = {
  test: string;
}
const watchedValue = useWatch({
control: methods.control,
compute: (data: FormValue) => {
if (data.test?.length) {
return data.test;
}
</tr></table>

... (truncated)

Commits

• 87d8b77 7.64.0
• 6c3b8f7 🥃 chore: upgrade dev deps (#13076)
• 23c699a ✂ chore: remove unused field ids ref in useFieldArray (#13066)
• 37f51ac 🐞 fix: preserve Controller's defaultValue with shouldUnregister prop (#13063)
• 8d61561 🚏 Support optional array fields in PathValueImpl type (#13057)
• b5b7329 7.63.0
• 86a7fb3 🐞 fix: only excuse trigger function when deps has a valid array (#13056)
• 4bfd420 🏔️ chore: major dev deps upgrade (#13053)
• 66b7daf 🔩 chore: lib dev deps upgrade (#13051)
• 62b26d8 🐿️ chore: remove duplicated function isMessage (#13050)
• Additional commits viewable in compare view

Updates @playwright/test from 1.54.1 to 1.56.0

Release notes

Sourced from @​playwright/test's releases.

v1.56.0

Playwright Agents

Introducing Playwright Agents, three custom agent definitions designed to guide LLMs through the core process of building a Playwright test:

• 🎭 planner explores the app and produces a Markdown test plan
• 🎭 generator transforms the Markdown plan into the Playwright Test files
• 🎭 healer executes the test suite and automatically repairs failing tests

Run npx playwright init-agents with your client of choice to generate the latest agent definitions:

# Generate agent files for each agentic loop
# Visual Studio Code
npx playwright init-agents --loop=vscode
# Claude Code
npx playwright init-agents --loop=claude
# opencode
npx playwright init-agents --loop=opencode

[!NOTE] VS Code v1.105 (currently on the VS Code Insiders channel) is needed for the agentic experience in VS Code. It will become stable shortly, we are a bit ahead of times with this functionality!

Learn more about Playwright Agents

New APIs

• New methods page.consoleMessages() and page.pageErrors() for retrieving the most recent console messages from the page
• New method page.requests() for retrieving the most recent network requests from the page
• Added --test-list and --test-list-invert to allow manual specification of specific tests from a file

UI Mode and HTML Reporter

• Added option to 'html' reporter to disable the "Copy prompt" button
• Added option to 'html' reporter and UI Mode to merge files, collapsing test and describe blocks into a single unified list
• Added option to UI Mode mirroring the --update-snapshots options
• Added option to UI Mode to run only a single worker at a time

Breaking Changes

• Event browserContext.on('backgroundpage') has been deprecated and will not be emitted. Method browserContext.backgroundPages() will return an empty list

Miscellaneous

• Aria snapshots render and compare input placeholder
• Added environment variable PLAYWRIGHT_TEST to Playwright worker processes to allow discriminating on testing status

Browser Versions

• Chromium 141.0.7390.37
• Mozilla Firefox 142.0.1
• WebKit 26.0

v1.55.1

... (truncated)

Commits

• b6af258 cherry-pick(#37727): devops: fix NPM release step (#37728)
• d2ef7bb chore: mark v1.56.0 (#37722)
• 1621d0b cherry-pick(#37715): chore: disable RenderDocument feature (#37718)
• ffbf82b cherry-pick(#37687): docs: v1.56 release notes (#37687) (#37720)
• 2c5e33d cherry-pick(#37703): docs: pageErrors should return strings in Java and C#
• 0a91ecf cherry-pick(#37694): chore: move best practices into the journal
• a5c4437 cherry-pick(#37693): docs: use VS Code images for test agents
• 6d13fbe cherry-pick(#37690): Revert "fix(trace): survive sw restart"
• d2c267c cherry-pick(#37689): Revert "fix(trace): should survive ping as the first com...
• d1fdd81 fix(snapshot): draw a minimum size browser window for small snapshots (#37640)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​playwright/test since your current version.

Updates @types/react from 19.1.8 to 19.2.2

Commits

• See full diff in compare view

Updates @types/react-dom from 19.1.6 to 19.2.1

Commits

• See full diff in compare view

Updates sass from 1.89.2 to 1.93.2

Release notes

Sourced from sass's releases.

Dart Sass 1.93.2

To install Sass 1.93.2, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

• No user-visible changes.

JavaS...

Description has been truncated

[fossabot]

✓ Safe to upgrade

I recommend merging this upgrade because the codebase does not use any of the deprecated APIs or breaking change patterns identified in the release notes. The application uses modern React patterns (no ReactDOM.render or deprecated lifecycle methods), standard CSS instead of Sass (avoiding @​import and type() function issues), and does not access Next.js params/searchParams properties that would be affected by async API changes. The security vulnerability CVE-2025-29927 affects Next.js middleware using x-middleware-subrequest headers, which this application does not use—the middleware only implements security headers via @​nosecone/next. The application meets all Node.js version requirements (requires Node 20, all upgraded packages support Node 18+). While 44 new features and 50 bug fixes are included, no code changes are required to adopt this upgrade.

What we checked

• Project requires Node.js >=20, which exceeds the Node.js 18+ requirement introduced by React 19.2.0 and other upgraded packages ^[1]
• Middleware uses @​nosecone/next for security headers only, does not handle x-middleware-subrequest headers mentioned in CVE-2025-29927 ^[2]
• React Hook Form usage follows current patterns with resolver and formState, not affected by the removed field ids reference or shouldUnregister changes ^[3]
• Application uses plain CSS, not Sass/SCSS files, avoiding breaking changes related to @​import deprecation, type() function, and mixed-decls ^[4]
• Playwright configuration uses standard device presets, not affected by Chromium manifest v2 deprecation or viewport/text selector breaking changes ^[5]
• Next.js 15 breaking changes documented but not applicable: no async params/searchParams usage found in codebase, no dynamic API calls in page components ^[6]

Dependency Usage

This Next.js application serves as a demo/example site with form validation and modern UI features, powered by a focused set of dependencies. The core functionality centers on three demonstration forms (EmailForm, RLForm, SuppportForm) that use React Hook Form with Zod schema validation integrated via @​hookform/resolvers to provide robust client-side form validation and error handling. The visual foundation relies on @​fontsource packages (Figtree Variable and IBM Plex Mono) for typography, Sass for stylesheet compilation, and @​oddbird/css-anchor-positioning to polyfill modern CSS anchor positioning for the hamburger navigation popover on mobile devices. Next.js handles the application framework including routing, metadata, and server/client components, while React and React DOM provide the underlying component model and rendering, with Playwright configured for end-to-end testing of the application.

• @​hookform/resolvers: components/EmailForm.tsx:3 - This code is using zodResolver from @​hookform/resolvers/zod to validate form inputs by integrating Zod schema validation with React Hook Form, ensuring type-safe and runtime validation of form data.
• @​hookform/resolvers: components/RLForm.tsx:3 - The code is using the zodResolver from @​hookform/resolvers/zod to validate form inputs by integrating Zod schema validation with React Hook Form, enabling type-safe and declarative form validation.

View 42 more usages

• @​hookform/resolvers:

  example-nextjs-1e0f2/components/SuppportForm.tsx

  Line 3 in 18f8de8

  import { zodResolver } from "@hookform/resolvers/zod";

  - The code is using zodResolver from @​hookform/resolvers/zod to validate form inputs by converting a Zod schema into a format compatible with React Hook Form's validation system.
• next:

  example-nextjs-1e0f2/app/layout.tsx

  Line 1 in 18f8de8

  import { Metadata } from "next";

  - This code snippet is importing the Metadata type from Next.js, which is typically used to define and customize metadata for pages or layouts in a Next.js application, allowing you to set things like title, description, and other SEO-related properties.
• next:

  example-nextjs-1e0f2/app/layout.tsx

  Line 2 in 18f8de8

  import Image from "next/image";

  - This code snippet is importing various Next.js core components and assets, including Image, Link, Script, and Metadata, which are commonly used for page layout, navigation, external script management, and metadata configuration in a Next.js application.
• next:

  example-nextjs-1e0f2/app/layout.tsx

  Line 3 in 18f8de8

  import Link from "next/link";

  - This code snippet is importing various Next.js core components and assets (like images and scripts) that are commonly used in a Next.js application's layout file to help with metadata, routing, image optimization, and script management.
• next:

  example-nextjs-1e0f2/app/layout.tsx

  Line 4 in 18f8de8

  import Script from "next/script";

  - This code snippet is importing various Next.js components and assets, specifically the Image, Link, and Script components from Next.js, along with two logo SVG files (for dark and light themes) using local asset imports.
• next:

  example-nextjs-1e0f2/app/page.tsx

  Line 1 in 18f8de8

  import Link from "next/link";

  - This code snippet is defining the main landing page (IndexPage) for a Next.js application, importing a Link component from Next.js for navigation and a custom WhatNext component, and attempting to retrieve an Arcjet site key from environment variables.
• next:

  example-nextjs-1e0f2/components/EmailForm.tsx

  Line 4 in 18f8de8

  import { useRouter } from "next/navigation";

  - In this context, useRouter() from next/navigation is being used to programmatically navigate or redirect the user to a different page within a Next.js application after a form submission or specific action.
• next:

  example-nextjs-1e0f2/components/NavLink.tsx

  Line 3 in 18f8de8

  import Link from "next/link";

  - This code appears to be setting up a client-side navigation link component in Next.js, importing the core Link component from Next.js, using the usePathname hook for navigation tracking, and preparing to define custom link properties using TypeScript's ComponentProps type.
• next:

  example-nextjs-1e0f2/components/NavLink.tsx

  Line 4 in 18f8de8

  import { usePathname } from "next/navigation";

  - This code snippet is importing and preparing to use the usePathname hook from Next.js's navigation module to potentially determine the current route path in a React component, likely for creating an active navigation link or conditional rendering based on the current URL.
• next:

  example-nextjs-1e0f2/components/SuppportForm.tsx

  Line 4 in 18f8de8

  import { useRouter } from "next/navigation";

  - The code is using Next.js's useRouter hook from next/navigation to enable programmatic navigation within a React component, likely for routing or redirecting after form submission.
• next:

  example-nextjs-1e0f2/app/attack/page.tsx

  Line 1 in 18f8de8

  import type { Metadata } from "next";

  - This code snippet appears to be importing metadata and setting up the initial structure for a Next.js page related to an attack dashboard, likely preparing to define page metadata and import necessary components for rendering.
• next:

  example-nextjs-1e0f2/app/attack/page.tsx

  Line 2 in 18f8de8

  import { headers } from "next/headers";

  - This code is importing the headers function from next/headers, which allows server-side access to HTTP request headers in a Next.js application, typically used to retrieve information about the current request within a server component or route handler.
• next:

  example-nextjs-1e0f2/app/attack/page.tsx

  Line 3 in 18f8de8

  import Link from "next/link";

  - This code snippet appears to be importing various modules and types for a Next.js page component, setting up metadata, headers, links, and likely preparing to render a dashboard-related component in the /attack route of a Next.js application.
• next:

  example-nextjs-1e0f2/app/bots/page.tsx

  Line 1 in 18f8de8

  import type { Metadata } from "next";

  - This code snippet appears to be importing metadata types and other Next.js-related modules for building a page or component in a Next.js application, likely for setting up page metadata and creating navigation or dashboard-related elements.
• next:

  example-nextjs-1e0f2/app/bots/page.tsx

  Line 2 in 18f8de8

  import { headers } from "next/headers";

  - The code is importing the headers function from next/headers, which allows server-side access to HTTP request headers in a Next.js application, enabling dynamic handling of request metadata during server-side rendering or server components.
• next:

  example-nextjs-1e0f2/app/bots/page.tsx

  Line 3 in 18f8de8

  import Link from "next/link";

  - Based on the partial import snippet, this looks like a Next.js page component that is importing various Next.js utilities and components, likely preparing to render a page related to bots or a dashboard, with metadata and navigation capabilities.
• next:

  example-nextjs-1e0f2/app/rate-limiting/page.tsx

  Line 1 in 18f8de8

  import type { Metadata } from "next";

  - This code appears to be importing the Metadata type from Next.js, which is typically used to define metadata for a page in a Next.js application, such as setting page titles, descriptions, and other SEO-related information.
• next:

  example-nextjs-1e0f2/app/rate-limiting/page.tsx

  Line 2 in 18f8de8

  import Link from "next/link";

  - This code snippet appears to be importing metadata and various React components for a rate limiting page in a Next.js application, likely preparing to render a form and related UI elements for rate limit configuration or demonstration.
• next:

  example-nextjs-1e0f2/app/sensitive-info/page.tsx

  Line 1 in 18f8de8

  import type { Metadata } from "next";

  - This code is importing the Metadata type from Next.js, which is typically used to define page-level metadata for search engine optimization (SEO) and other page-level information in a Next.js application.
• next:

  example-nextjs-1e0f2/app/sensitive-info/page.tsx

  Line 2 in 18f8de8

  import Link from "next/link";

  - This code is importing metadata type definitions, a Link component for client-side navigation, and two custom components (VisitDashboard and WhatNext) for a Next.js page, likely preparing to render a page with dynamic routing and metadata configuration.
• next:

  example-nextjs-1e0f2/app/signup/page.tsx

  Line 1 in 18f8de8

  import type { Metadata } from "next";

  - In this Next.js code snippet, the Metadata type is being imported from the "next" module, which is typically used to define and customize metadata (such as page title, description, and other SEO-related attributes) for a specific page or route in a Next.js application.
• next:

  example-nextjs-1e0f2/app/signup/page.tsx

  Line 2 in 18f8de8

  import Link from "next/link";

  - This code is importing metadata type definitions, a Link component for client-side navigation, and two custom React components (VisitDashboard and WhatNext) from Next.js, which are likely used to structure and render the signup page's content and navigation elements.
• next:

  example-nextjs-1e0f2/components/compositions/VisitDashboard.tsx

  Line 1 in 18f8de8

  import Link from "next/link";

  - This code snippet appears to be importing Next.js components and dependencies, specifically using the Link component from Next.js for navigation, which allows for client-side routing between pages in a Next.js application.
• next:

  example-nextjs-1e0f2/components/compositions/WhatNext.tsx

  Line 1 in 18f8de8

  import Link from "next/link";

  - This code snippet appears to be a React component called WhatNext that conditionally renders a section when a deployed prop is true, likely using Next.js's Link component for navigation, though the code seems to be incomplete or cut off mid-line.
• next:

  example-nextjs-1e0f2/app/attack/test/route.ts

  Line 1 in 18f8de8

  import { type NextRequest, NextResponse } from "next/server";

  - This code is configuring a Next.js route to dynamically generate responses without caching, and appears to be setting up Arcjet (a security library) for request protection, specifically importing NextRequest and NextResponse from Next.js's server module to handle server-side request and response operations.
• next:

  example-nextjs-1e0f2/app/bots/test/route.ts

  Line 1 in 18f8de8

  import { type NextRequest, NextResponse } from "next/server";

  - This code is configuring a Next.js route to be dynamically rendered and preparing to use Arcjet for bot detection and rate limiting, with the dynamic export ensuring that the route is not statically cached.
• next:

  example-nextjs-1e0f2/app/rate-limiting/test/route.ts

  Line 3 in 18f8de8

  import { type NextRequest, NextResponse } from "next/server";

  - This code appears to be setting up rate limiting for a Next.js route using the Arcjet library, which helps control the number of requests a client can make within a specified time window to prevent abuse or excessive API calls.
• next:

  example-nextjs-1e0f2/app/sensitive-info/test/route.ts

  Line 1 in 18f8de8

  import { type NextRequest, NextResponse } from "next/server";

  - This code appears to be setting up a route handler in Next.js for handling sensitive information, likely involving form validation and potentially applying security rules using the Arcjet library for protection.
• next:

  example-nextjs-1e0f2/app/signup/test/route.ts

  Line 1 in 18f8de8

  import { type NextRequest, NextResponse } from "next/server";

  - This code is importing Next.js server-side routing utilities (NextRequest and NextResponse) along with a form validation schema and Arcjet protection middleware, likely preparing to handle a secure signup route with validation and protection rules.
• next: https://github.com/Jobayer071/example-nextjs-1e0f2/blob/18f8de8a57eebfb80fd78ee7d1e127f4a106647a/app/api/auth/[...nextauth]/route.ts#L3 - This code appears to be importing Next.js server-side types and utilities (NextRequest, NextResponse) for handling authentication routes in a Next.js application, likely in conjunction with Arcjet for bot detection and rate limiting.
• react:

  example-nextjs-1e0f2/components/NavLink.tsx

  Line 5 in 18f8de8

  import type { ComponentProps } from "react";

  - This code is importing the ComponentProps type from React to potentially define or extend the props type for a custom link component, specifically within a Next.js navigation context, though the comment suggests the type usage might be incomplete or not fully implemented.
• react:

  example-nextjs-1e0f2/components/PopoverTarget.tsx

  Line 3 in 18f8de8

  import { type ComponentProps, useEffect, useRef } from "react";

  - This code snippet appears to be setting up a React component that uses CSS anchor positioning, likely preparing a target element for a popover or tooltip with custom positioning behavior, potentially involving a polyfill for browser compatibility.
• react:

  example-nextjs-1e0f2/components/RLForm.tsx

  Line 4 in 18f8de8

  import { useState } from "react";

  - This code is importing and setting up a React functional component with form state management using React Hook Form and Zod for form validation, allowing for dynamic and type-safe form handling.
• react:

  example-nextjs-1e0f2/components/brand/LogoMarkSpark.tsx

  Line 4 in 18f8de8

  import { forwardRef, useEffect, useState } from "react";

  - This code snippet appears to be importing React hooks (forwardRef, useEffect, useState) and the useTheme hook from next-themes, and beginning to define a component with some dark mode visual data, likely for a logo or branding element that will have different visual representations based on the current theme.
• react:

  example-nextjs-1e0f2/components/compositions/VisitDashboard.tsx

  Line 2 in 18f8de8

  import * as React from "react";

  - This code snippet appears to be importing React core functionality and related components for a Visit Dashboard page, including Next.js Link component, React's memo for performance optimization, and a custom LogoMarkSpark component, suggesting preparation for rendering a dashboard with potential navigation and memoized rendering optimizations.
• react:

  example-nextjs-1e0f2/components/compositions/VisitDashboard.tsx

  Line 3 in 18f8de8

  import { memo } from "react";

  - The code is using React's memo higher-order component to potentially optimize the rendering performance of the VisitDashboard component by preventing unnecessary re-renders when its props haven't changed.
• react:

  example-nextjs-1e0f2/components/icons/ArrowExternal.tsx

  Line 1 in 18f8de8

  import { forwardRef } from "react";

  - This React code defines a functional component called ArrowExternal that uses forwardRef to create an SVG icon component which can receive a ref and optional CSS classes, allowing the ref to be passed through to the underlying SVG element.
• react-hook-form:

  example-nextjs-1e0f2/components/EmailForm.tsx

  Line 5 in 18f8de8

  import { useForm } from "react-hook-form";

  - This code is setting up a form validation and handling mechanism using react-hook-form with Zod schema validation, likely preparing to manage form state, validate input, and handle form submission in a type-safe manner.
• react-hook-form:

  example-nextjs-1e0f2/components/RLForm.tsx

  Line 5 in 18f8de8

  import { useForm } from "react-hook-form";

  - This code is using the useForm hook from react-hook-form with Zod validation (via zodResolver) to create a form management system that enables form state handling, validation, and submission in a React component.
• react-hook-form:

  example-nextjs-1e0f2/components/SuppportForm.tsx

  Line 5 in 18f8de8

  import { useForm } from "react-hook-form";

  - This code is using the useForm hook from react-hook-form to create a form with validation schema powered by Zod, likely preparing to manage form state, handle submissions, and perform client-side form validation.
• @​playwright/test:

  example-nextjs-1e0f2/playwright.config.ts

  Line 1 in 18f8de8

  import { defineConfig, devices } from "@playwright/test";

  - This code is configuring Playwright test settings by importing the defineConfig and devices utilities from @​playwright/test, and then using defineConfig to set up the test directory and potentially other test configuration options for running automated browser tests across different device/browser configurations.
• @​playwright/test:

  example-nextjs-1e0f2/tests/screenshots.test.ts

  Line 1 in 18f8de8

  import { expect, test } from "@playwright/test";

  - This code is importing the expect and test functions from Playwright's testing framework, which are typically used for writing and running automated browser-based tests with assertions and test case definitions.

Other Usages (44)

These usages were analyzed but no breaking changes were detected:

@​hookform/resolvers

• example-nextjs-1e0f2/components/EmailForm.tsx

  Line 3 in 18f8de8

  import { zodResolver } from "@hookform/resolvers/zod";

• example-nextjs-1e0f2/components/RLForm.tsx

  Line 3 in 18f8de8

  import { zodResolver } from "@hookform/resolvers/zod";

• example-nextjs-1e0f2/components/SuppportForm.tsx

  Line 3 in 18f8de8

  import { zodResolver } from "@hookform/resolvers/zod";

next

• example-nextjs-1e0f2/app/layout.tsx

  Line 1 in 18f8de8

  import { Metadata } from "next";

• example-nextjs-1e0f2/app/layout.tsx

  Line 2 in 18f8de8

  import Image from "next/image";

• example-nextjs-1e0f2/app/layout.tsx

  Line 3 in 18f8de8

  import Link from "next/link";

• example-nextjs-1e0f2/app/layout.tsx

  Line 4 in 18f8de8

  import Script from "next/script";

• example-nextjs-1e0f2/app/page.tsx

  Line 1 in 18f8de8

  import Link from "next/link";

• ...and 24 more

react

• example-nextjs-1e0f2/components/NavLink.tsx

  Line 5 in 18f8de8

  import type { ComponentProps } from "react";

• example-nextjs-1e0f2/components/PopoverTarget.tsx

  Line 3 in 18f8de8

  import { type ComponentProps, useEffect, useRef } from "react";

• example-nextjs-1e0f2/components/RLForm.tsx

  Line 4 in 18f8de8

  import { useState } from "react";

• example-nextjs-1e0f2/components/brand/LogoMarkSpark.tsx

  Line 4 in 18f8de8

  import { forwardRef, useEffect, useState } from "react";

• example-nextjs-1e0f2/components/compositions/VisitDashboard.tsx

  Line 2 in 18f8de8

  import * as React from "react";

• ...and 2 more

react-hook-form

• example-nextjs-1e0f2/components/EmailForm.tsx

  Line 5 in 18f8de8

  import { useForm } from "react-hook-form";

• example-nextjs-1e0f2/components/RLForm.tsx

  Line 5 in 18f8de8

  import { useForm } from "react-hook-form";

• example-nextjs-1e0f2/components/SuppportForm.tsx

  Line 5 in 18f8de8

  import { useForm } from "react-hook-form";

@​playwright/test

• example-nextjs-1e0f2/playwright.config.ts

  Line 1 in 18f8de8

  import { defineConfig, devices } from "@playwright/test";

• example-nextjs-1e0f2/tests/screenshots.test.ts

  Line 1 in 18f8de8

  import { expect, test } from "@playwright/test";

Changes

Critical Breaking Changes Require Immediate Action

React ecosystem now requires Node.js 18+ and switched to flat ESLint config as default (legacy moved to recommended-legacy). Playwright dropped Chromium extension manifest v2 support. Sass reserved the type() function name, breaking existing @​function definitions, and changed declaration ordering when interleaved with nested rules, obsoleting the mixed-decls deprecation. React Hook Form removed unused field IDs in useFieldArray.

Key Stability Improvements

React fixed multiple critical bugs including infinite useDeferredValue loops, Client Actions crashes, React.use failures inside lazy components, and deeply nested Suspense SSR issues. Next.js resolved error overlay, devtools positioning, and validation type issues. Playwright fixed Codegen Administrator Terminal failures and repeated option spam.

Notable New Capabilities

React introduced the

• Breaking: Require Node.js 18 or newer. (@​michaelfaith in #32458) (vv19.2.0, release notes)
• Breaking: Flat config is now the default recommended preset. Legacy config moved to recommended-legacy. (@​michaelfaith in #32457) (vv19.2.0, release notes)
• Breaking: Require Node.js 18 or newer. (@​michaelfaith in #32458) (vv19.2.0, release notes)

View 200 more changes

• zod: fix output type for Zod 4 resolver (#803) (e95721d) (vv5.2.2, release notes)
• discriminated union for zod v4 mini (#784) (49a0d7b) (vv5.2.1, release notes)
• zod v4 peer deps (#798) (2d28e6a) (vv5.2.1, release notes)
• ajv: add ajv-formats for ajvResolver (#797) (f040039) (vv5.2.0, release notes)
• 🚀 Work with anchor and target inside same shadow root by @​wkillerud in Work with anchor and target inside same shadow root oddbird/css-anchor-positioning#353 (vv0.7.0, release notes)
• 🏠 INTERNAL: Upgrade dependencies (vv0.7.0, release notes)
• @​wkillerud made their first contribution in Work with anchor and target inside same shadow root oddbird/css-anchor-positioning#353 (vv0.7.0, release notes)
• ensure onRequestError is invoked when otel enabled (#83343) (vv15.5.4, release notes)
• devtools initial position should be from next config (#83571) (vv15.5.4, release notes)
• [devtool] fix overlay styles are missing (#83721) (vv15.5.4, release notes)
• Turbopack: don't match dynamic pattern for node_modules packages (#83176) (vv15.5.4, release notes)
• Turbopack: don't treat metadata routes as RSC (#82911) (vv15.5.4, release notes)
• [turbopack] Improve handling of symlink resolution errors in track_glob and read_glob (#83357) (vv15.5.4, release notes)
• Turbopack: throw large static metadata error earlier (#82939) (vv15.5.4, release notes)
• error overlay not closing when backdrop clicked (#83981) (vv15.5.4, release notes)
• Turbopack: flush Node.js worker IPC on error (#84077) (vv15.5.4, release notes)
• [CNA] use linter preference (#83194) (vv15.5.4, release notes)
• CI: use KV for test timing data (#83745) (vv15.5.4, release notes)
• docs: september improvements and fixes (#83997) (vv15.5.4, release notes)
• validation return types of pages API routes (#83069) (vv15.5.3, release notes)
• relative paths in dev in validator.ts (#83073) (vv15.5.3, release notes)
• remove satisfies keyword from type validation to preserve old TS compatibility (#83071) (vv15.5.3, release notes)
• <Activity>: A new API to hide and restore the UI and internal state of its children. (vv19.2.0, release notes)
• useEffectEvent is a React Hook that lets you extract non-reactive logic into an Effect Event. (vv19.2.0, release notes)
• cacheSignal (for RSCs) lets your know when the cache() lifetime is over. (vv19.2.0, release notes)
• React Performance tracks appear on the Performance panel’s timeline in your browser developer tools (vv19.2.0, release notes)
• Added resume APIs for partial pre-rendering with Web Streams: (vv19.2.0, release notes)
• resume: to resume a prerender to a stream. (vv19.2.0, release notes)
• resumeAndPrerender: to resume a prerender to HTML. (vv19.2.0, release notes)
• Updated prerender APIs to return a postponed state that can be passed to the resume APIs. (vv19.2.0, release notes)
• React DOM now batches suspense boundary reveals, matching the behavior of client side rendering. This change is especially noticeable when animating the reveal of Suspense boundaries e.g. with the upcoming <ViewTransition> Component. React will batch as much reveals as possible before the first paint while trying to hit popular first-contentful paint metrics. (vv19.2.0, release notes)
• Add Node Web Streams (prerender, renderToReadableStream) to server-side-rendering APIs for Node.js (vv19.2.0, release notes)
• Use underscore instead of : IDs generated by useId (vv19.2.0, release notes)
• <Activity /> was developed over many years, starting before ClassComponent.setState (@​acdlite @​sebmarkbage and many others) (vv19.2.0, release notes)
• Stringify context as "SomeContext" instead of "SomeContext.Provider" (@​kassens #33507) (vv19.2.0, release notes)
• Include stack of cause of React instrumentation errors with %o placeholder (@​eps1lon #34198) (vv19.2.0, release notes)
• Fix infinite useDeferredValue loop in popstate event (@​acdlite #32821) (vv19.2.0, release notes)
• Fix a bug when an initial value was passed to useDeferredValue (@​acdlite #34376) (vv19.2.0, release notes)
• Fix a crash when submitting forms with Client Actions (@​sebmarkbage #33055) (vv19.2.0, release notes)
• Hide/unhide the content of dehydrated suspense boundaries if they resuspend (@​sebmarkbage #32900) (vv19.2.0, release notes)
• Avoid stack overflow on wide trees during Hot Reload (@​sophiebits #34145) (vv19.2.0, release notes)
• Improve Owner and Component stacks in various places (@​sebmarkbage, @​eps1lon: #33629, #33724, #32735, #33723) (vv19.2.0, release notes)
• Add cacheSignal (@​sebmarkbage #33557) (vv19.2.0, release notes)
• Block on Suspensey Fonts during reveal of server-side-rendered content (@​sebmarkbage #33342) (vv19.2.0, release notes)
• Use underscore instead of : for IDs generated by useId (@​sebmarkbage, @​eps1lon: #32001, [Fizz] Block on Suspensey Fonts during reveal facebook/react#33342#33099, #33422) (vv19.2.0, release notes)
• Stop warning when ARIA 1.3 attributes are used (@​Abdul-Omira #34264) (vv19.2.0, release notes)
• Allow nonce to be used on hoistable styles (@​Andarist #32461) (vv19.2.0, release notes)
• Warn for using a React owned node as a Container if it also has text content (@​sebmarkbage #32774) (vv19.2.0, release notes)
• s/HTML/text for for error messages if text hydration mismatches (@​rickhanlonii #32763) (vv19.2.0, release notes)
• Fix a bug with React.use inside React.lazy-ed Component (@​hi-ogawa #33941) (vv19.2.0, release notes)
• Enable the progressiveChunkSize option for server-side-rendering APIs (@​sebmarkbage #33027) (vv19.2.0, release notes)
• Fix a bug with deeply nested Suspense inside Suspense fallback when server-side-rendering (@​gnoff #33467) (vv19.2.0, release notes)
• Avoid hanging when suspending after aborting while rendering (@​gnoff #34192) (vv19.2.0, release notes)
• Add Node Web Streams to server-side-rendering APIs for Node.js (@​sebmarkbage #33475) (vv19.2.0, release notes)
• Preload <img> and <link> using hints before they're rendered (@​sebmarkbage #34604) (vv19.2.0, release notes)
• Log error if production elements are rendered during development (@​eps1lon #34189) (vv19.2.0, release notes)
• Fix a bug when returning a Temporary reference (e.g. a Client Reference) from Server Functions (@​sebmarkbage #34084, @​denk0403 #33761) (vv19.2.0, release notes)
• Pass line/column to filterStackFrame (@​eps1lon #33707) (vv19.2.0, release notes)
• Support Async Modules in Turbopack Server References (@​lubieowoce #34531) (vv19.2.0, release notes)
• Add support for .mjs file extension in Webpack (@​jennyscript #33028) (vv19.2.0, release notes)
• Fix a wrong missing key warning (@​unstubbable #34350) (vv19.2.0, release notes)
• Make console log resolve in predictable order (@​sebmarkbage #33665) (vv19.2.0, release notes)
• createContainer and createHydrationContainer had their parameter order adjusted after on* handlers to account for upcoming experimental APIs (vv19.2.0, release notes)
• New Violations: Disallow calling use within try/catch blocks. (@​poteto in #34040) (vv19.2.0, release notes)
• New Violations: Disallow calling useEffectEvent functions in arbitrary closures. (@​jbrown215 in #33544) (vv19.2.0, release notes)
• Handle React.useEffect in addition to useEffect in rules-of-hooks. (@​Ayc0 in #34076) (vv19.2.0, release notes)
• Added react-hooks settings config option that to accept additionalEffectHooks that are used across exhaustive-deps and rules-of-hooks rules. (@​jbrown215) in #34497 (vv19.2.0, release notes)
• Fixed Owner Stacks to work with ES2015 function.name semantics (#33680 by @​hoxyq) (vv19.1.1, release notes)
• <Activity>: A new API to hide and restore the UI and internal state of its children. (vv19.2.0, release notes)
• useEffectEvent is a React Hook that lets you extract non-reactive logic into an Effect Event. (vv19.2.0, release notes)
• cacheSignal (for RSCs) lets your know when the cache() lifetime is over. (vv19.2.0, release notes)
• React Performance tracks appear on the Performance panel’s timeline in your browser developer tools (vv19.2.0, release notes)
• Added resume APIs for partial pre-rendering with Web Streams: (vv19.2.0, release notes)
• resume: to resume a prerender to a stream. (vv19.2.0, release notes)
• resumeAndPrerender: to resume a prerender to HTML. (vv19.2.0, release notes)
• Updated prerender APIs to return a postponed state that can be passed to the resume APIs. (vv19.2.0, release notes)
• React DOM now batches suspense boundary reveals, matching the behavior of client side rendering. This change is especially noticeable when animating the reveal of Suspense boundaries e.g. with the upcoming <ViewTransition> Component. React will batch as much reveals as possible before the first paint while trying to hit popular first-contentful paint metrics. (vv19.2.0, release notes)
• Add Node Web Streams (prerender, renderToReadableStream) to server-side-rendering APIs for Node.js (vv19.2.0, release notes)
• Use underscore instead of : IDs generated by useId (vv19.2.0, release notes)
• <Activity /> was developed over many years, starting before ClassComponent.setState (@​acdlite @​sebmarkbage and many others) (vv19.2.0, release notes)
• Stringify context as "SomeContext" instead of "SomeContext.Provider" (@​kassens #33507) (vv19.2.0, release notes)
• Include stack of cause of React instrumentation errors with %o placeholder (@​eps1lon #34198) (vv19.2.0, release notes)
• Fix infinite useDeferredValue loop in popstate event (@​acdlite #32821) (vv19.2.0, release notes)
• Fix a bug when an initial value was passed to useDeferredValue (@​acdlite #34376) (vv19.2.0, release notes)
• Fix a crash when submitting forms with Client Actions (@​sebmarkbage #33055) (vv19.2.0, release notes)
• Hide/unhide the content of dehydrated suspense boundaries if they resuspend (@​sebmarkbage #32900) (vv19.2.0, release notes)
• Avoid stack overflow on wide trees during Hot Reload (@​sophiebits #34145) (vv19.2.0, release notes)
• Improve Owner and Component stacks in various places (@​sebmarkbage, @​eps1lon: #33629, #33724, #32735, #33723) (vv19.2.0, release notes)
• Add cacheSignal (@​sebmarkbage #33557) (vv19.2.0, release notes)
• Block on Suspensey Fonts during reveal of server-side-rendered content (@​sebmarkbage #33342) (vv19.2.0, release notes)
• Use underscore instead of : for IDs generated by useId (@​sebmarkbage, @​eps1lon: #32001, [Fizz] Block on Suspensey Fonts during reveal facebook/react#33342#33099, #33422) (vv19.2.0, release notes)
• Stop warning when ARIA 1.3 attributes are used (@​Abdul-Omira #34264) (vv19.2.0, release notes)
• Allow nonce to be used on hoistable styles (@​Andarist #32461) (vv19.2.0, release notes)
• Warn for using a React owned node as a Container if it also has text content (@​sebmarkbage #32774) (vv19.2.0, release notes)
• s/HTML/text for for error messages if text hydration mismatches (@​rickhanlonii #32763) (vv19.2.0, release notes)
• Fix a bug with React.use inside React.lazy-ed Component (@​hi-ogawa #33941) (vv19.2.0, release notes)
• Enable the progressiveChunkSize option for server-side-rendering APIs (@​sebmarkbage #33027) (vv19.2.0, release notes)
• Fix a bug with deeply nested Suspense inside Suspense fallback when server-side-rendering (@​gnoff #33467) (vv19.2.0, release notes)
• Avoid hanging when suspending after aborting while rendering (@​gnoff #34192) (vv19.2.0, release notes)
• Add Node Web Streams to server-side-rendering APIs for Node.js (@​sebmarkbage #33475) (vv19.2.0, release notes)
• Preload <img> and <link> using hints before they're rendered (@​sebmarkbage #34604) (vv19.2.0, release notes)
• Log error if production elements are rendered during development (@​eps1lon #34189) (vv19.2.0, release notes)
• Fix a bug when returning a Temporary reference (e.g. a Client Reference) from Server Functions (@​sebmarkbage #34084, @​denk0403 #33761) (vv19.2.0, release notes)
• Pass line/column to filterStackFrame (@​eps1lon #33707) (vv19.2.0, release notes)
• Support Async Modules in Turbopack Server References (@​lubieowoce #34531) (vv19.2.0, release notes)
• Add support for .mjs file extension in Webpack (@​jennyscript #33028) (vv19.2.0, release notes)
• Fix a wrong missing key warning (@​unstubbable #34350) (vv19.2.0, release notes)
• Make console log resolve in predictable order (@​sebmarkbage #33665) (vv19.2.0, release notes)
• createContainer and createHydrationContainer had their parameter order adjusted after on* handlers to account for upcoming experimental APIs (vv19.2.0, release notes)
• Breaking: Flat config is now the default recommended preset. Legacy config moved to recommended-legacy. (@​michaelfaith in #32457) (vv19.2.0, release notes)
• New Violations: Disallow calling use within try/catch blocks. (@​poteto in #34040) (vv19.2.0, release notes)
• New Violations: Disallow calling useEffectEvent functions in arbitrary closures. (@​jbrown215 in #33544) (vv19.2.0, release notes)
• Handle React.useEffect in addition to useEffect in rules-of-hooks. (@​Ayc0 in #34076) (vv19.2.0, release notes)
• Added react-hooks settings config option that to accept additionalEffectHooks that are used across exhaustive-deps and rules-of-hooks rules. (@​jbrown215) in #34497 (vv19.2.0, release notes)
• Fixed Owner Stacks to work with ES2015 function.name semantics (#33680 by @​hoxyq) (vv19.1.1, release notes)
• Added support for optional array fields in PathValueImpl type (vv7.64.0, release notes)
• Fixed issue preserving Controller's defaultValue when shouldUnregister prop is used (vv7.64.0, release notes)
• Removed unused field ids reference in useFieldArray hook (vv7.64.0, release notes)
• Add ability to extract form values directly from form state in react-hook-form (vv7.63.0, release notes)
• Added support for returning only dirty fields with getValues(undefined, { dirtyFields: true }) (vv7.63.0, release notes)
• Added support for returning only touched fields with getValues(undefined, { touchedFields: true }) (vv7.63.0, release notes)
• Improve logic for getting dirty fields (vv7.63.0, release notes)
• Remove duplicated isMessage function (vv7.63.0, release notes)
• Fix updating isValidating fields using field name (vv7.63.0, release notes)
• Fix unregistering previous field when switching conditional Controllers (vv7.63.0, release notes)
• Fix trigger function execution to only occur when dependencies are a valid array (vv7.63.0, release notes)
• Prevent onBlur event for read-only form fields (vv7.62.0, release notes)
• Synchronize default values after form reset (vv7.62.0, release notes)
• Fix issue with object cloning to prevent prototype override (vv7.62.0, release notes)
• Resolve field name type conflict in nested field errors (vv7.62.0, release notes)
• Added a new compute prop for useWatch subscription (vv7.61.0, release notes)
• subscribe to the entire form but only return updated value with certain condition (vv7.61.0, release notes)
• subscribe to a specific form value state (vv7.61.0, release notes)
• Added compute option to useWatch hook, allowing conditional transformation of watched value based on a custom function (vv7.61.0, release notes)
• compute function receives the watched data and can return a modified value or an empty string based on a condition (vv7.61.0, release notes)
• The example shows a specific implementation that returns the data only if its length is greater than 3 characters, otherwise returning an empty string (vv7.61.0, release notes)
• Trigger watch callbacks only in response to value changes (vv7.61.0, release notes)
• Track name with setValue subscription callbacks (vv7.61.0, release notes)
• Fix watch return type based on defaultValue (vv7.61.0, release notes)
• Fix subscribing with latest defaultValues (vv7.61.0, release notes)
• Fix handling of explicit "multipart/form-data" encType in Form Component (vv7.61.0, release notes)
• Remove React wildcard import to resolve ESM build issues (vv7.61.0, release notes)
• Improve exclude patterns (vv7.61.0, release notes)
• Remove unused omit function (vv7.61.0, release notes)
• Introduced Playwright Agents, which are custom agent definitions aimed at guiding Large Language Models (LLMs) through the process of creating Playwright tests (vv1.56.0, release notes)
• 🎭 planner explores the app and produces a Markdown test plan (vv1.56.0, release notes)
• 🎭 generator transforms the Markdown plan into the Playwright Test files (vv1.56.0, release notes)
• 🎭 healer executes the test suite and automatically repairs failing tests (vv1.56.0, release notes)
• Added a new command npx playwright init-agents to generate the latest agent definitions (vv1.56.0, release notes)
• Supports generating agent definitions with a client of choice (vv1.56.0, release notes)
• Added new command npx playwright init-agents with optional --loop=vscode flag for initializing agents in VSCode (vv1.56.0, release notes)
• Added CLI command npx playwright init-agents --loop=claude for initializing agents with Claude configuration (vv1.56.0, release notes)
• Added new CLI command npx playwright init-agents with a --loop=opencode option (vv1.56.0, release notes)
• New methods page.consoleMessages() and page.pageErrors() for retrieving the most recent console messages from the page (vv1.56.0, release notes)
• New method page.requests() for retrieving the most recent network requests from the page (vv1.56.0, release notes)
• Added --test-list and --test-list-invert to allow manual specification of specific tests from a file (vv1.56.0, release notes)
• Added option to 'html' reporter to disable the "Copy prompt" button (vv1.56.0, release notes)
• Added option to 'html' reporter and UI Mode to merge files, collapsing test and describe blocks into a single unified list (vv1.56.0, release notes)
• Added option to UI Mode mirroring the --update-snapshots options (vv1.56.0, release notes)
• Added option to UI Mode to run only a single worker at a time (vv1.56.0, release notes)
• Event browserContext.on('backgroundpage') has been deprecated and will not be emitted. Method browserContext.backgroundPages() will return an empty list (vv1.56.0, release notes)
• Aria snapshots render and compare input placeholder (vv1.56.0, release notes)
• Added environment variable PLAYWRIGHT_TEST to Playwright worker processes to allow discriminating on testing status (vv1.56.0, release notes)
• Chromium 141.0.7390.37 (vv1.56.0, release notes)
• Mozilla Firefox 142.0.1 (vv1.56.0, release notes)
• WebKit 26.0 (vv1.56.0, release notes)
• Upgrade Chromium to version 140.0.7339.186 (vv1.55.1, release notes)
• Fix internal error related to step ID not found (vv1.55.1, release notes)
• Fix HTML reporter displaying a broken chip link when no projects exist (vv1.55.1, release notes)
• Revert previous change tracking inert elements as hidden (vv1.55.1, release notes)
• Remove usage of -k option (vv1.55.1, release notes)
• Chromium 140.0.7339.186 (vv1.55.1, release notes)
• Mozilla Firefox 141.0 (vv1.55.1, release notes)
• Google Chrome 139 (vv1.55.1, release notes)
• Microsoft Edge 139 (vv1.55.1, release notes)
• New Property testStepInfo.titlePath Returns the full title path starting from the test file, including test and step titles. (vv1.55.0, release notes)
• Automatic toBeVisible() assertions: Codegen can now generate automatic toBeVisible() assertions for common UI interactions. This feature can be enabled in the Codegen settings UI. (vv1.55.0, release notes)
• ⚠️ Dropped support for Chromium extension manifest v2. (vv1.55.0, release notes)
• Added support for Debian 13 "Trixie". (vv1.55.0, release notes)
• Fixed regression where Codegen could not launch in Administrator Terminal on Windows due to ProtocolError (vv1.54.2, release notes)
• Fixed regression causing Playwright Codegen to repeatedly spam selected options (vv1.54.2, release notes)
• Fixed regression preventing Codegen from starting with a target language specification (vv1.54.2, release notes)
• Chromium 139.0.7258.5 (vv1.54.2, release notes)
• Mozilla Firefox 140.0.2 (vv1.54.2, release notes)
• Google Chrome 140 (vv1.54.2, release notes)
• Microsoft Edge 140 (vv1.54.2, release notes)
• Fixed a compilation error caused by an outdated buf dependency. (v1.89.2, changelog)
• No user-visible changes. (v1.93.2, changelog)
• Fix another error in the release process for @​sass/types. (v1.93.2, changelog)
• Fix a crash when a style rule contains a nested @​import, and the loaded file @​uses a user-defined module as well as @​includes a top-level mixin which emits top-level declarations. (v1.93.0, release notes)
• Release a @​sass/types package which contains the type annotations used by both the sass and sass-embedded package without any additional code or dependencies. (v1.93.0, release notes)
• Fix a bug where variable definitions from one imported, forwarded module would not be passed as implicit configuration to a later imported, forwarded module. (v1.92.1, release notes)
• Breaking change: Emit declarations, childless at-rules, and comments in the order they appear in the source even when they're interleaved with nested rules. This obsoletes the mixed-decls deprecation. (v1.92.0, release notes)
• Breaking change: The function name type() is now fully reserved for the plain CSS function. This means that @​function definitions with the name type will produce errors, while function calls will be parsed as special function strings. (v1.92.0, release notes)
• Configuring private variables using @​use ... with, @​forward ... with, and meta.load-css(..., $with: ...) is now deprecated. Private variables were always intended to be fully encapsulated within the module that defines them, and this helps enforce that encapsulation. (v1.92.0, release notes)
• Fix a bug where @​extend rules loaded through a mixture of @​import and @​use rules could fail to apply correctly. (v1.92.0, release notes)
• In --watch mode, delete the source map when the associated source file is deleted. (v1.92.0, release notes)
• Potentially breaking change: meta.inspect() (as well as other systems that use it such as @​debug and certain error messages) now emits numbers with as high precision as is available instead of rounding to the nearest 1e⁻¹⁰ as we do when serializing to CSS. This better fits the purpose of meta.inspect(), which is to provide full information about the structure of a Sass value. (v1.91.0, release notes)
• Passing a rest argument ($arg...) before a positional or named argument when calling a function or mixin is now deprecated. This was always outside the specified syntax, but it was historically treated the same as passing the rest argument at the end of the argument list whether or not that matched the visual order of the arguments. (v1.91.0, release notes)
• Allow a @​forwarded module to be loaded with a configuration when that module has already been loaded with a different configuration and the module doesn't define any variables that would have been configured anyway. (v1.90.0, release notes)

References (6)

[1]: Project requires Node.js >=20, which exceeds the Node.js 18+ requirement introduced by React 19.2.0 and other upgraded packages

example-nextjs-1e0f2/package.json

Line 18 in 18f8de8

"node": ">=20"

[2]: Middleware uses @​nosecone/next for security headers only, does not handle x-middleware-subrequest headers mentioned in CVE-2025-29927

example-nextjs-1e0f2/middleware.ts

Line 1 in 18f8de8

import { isDevelopment } from "@arcjet/env";

[3]: React Hook Form usage follows current patterns with resolver and formState, not affected by the removed field ids reference or shouldUnregister changes

example-nextjs-1e0f2/components/EmailForm.tsx

Line 17 in 18f8de8

} = useForm<z.infer<typeof formSchema>>({

[4]: Application uses plain CSS, not Sass/SCSS files, avoiding breaking changes related to @​import deprecation, type() function, and mixed-decls

example-nextjs-1e0f2/styles/styles.css

Line 1 in 18f8de8

@layer global, component, utility;

[5]: Playwright configuration uses standard device presets, not affected by Chromium manifest v2 deprecation or viewport/text selector breaking changes

example-nextjs-1e0f2/playwright.config.ts

Line 28 in 18f8de8

projects: [

[6]: Next.js 15 breaking changes documented but not applicable: no async params/searchParams usage found in codebase, no dynamic API calls in page components (source link)

---

fossabot analyzed this PR using static analysis and dependency research.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​types/​react-dom@​19.1.6 ⏵ 19.2.1	+1		+1	+1
	@​types/​react@​19.1.8 ⏵ 19.2.2				+1
	@​fontsource-variable/​figtree@​5.2.8 ⏵ 5.2.10	+5		+2	+8
	next@​15.5.2 ⏵ 15.5.4	+2		+1	+1
	react@​19.1.0 ⏵ 19.2.0	+1		+1
	@​fontsource/​ibm-plex-mono@​5.2.6 ⏵ 5.2.7	+1		+2	+7
	typescript@​5.8.3 ⏵ 5.9.3	+1		+1
	@​hookform/​resolvers@​5.1.1 ⏵ 5.2.2	+1		+1	+2
	react-dom@​19.1.0 ⏵ 19.2.0	+1		+1
	@​oddbird/​css-anchor-positioning@​0.6.1 ⏵ 0.7.0	+2		+1	+6
	react-hook-form@​7.60.0 ⏵ 7.64.0	+1		+1	+2
	sass@​1.89.2 ⏵ 1.93.2	+1
	@​playwright/​test@​1.54.1 ⏵ 1.56.0

View full report

[netlify]

✅ Deploy Preview for gilded-rugelach-722bc0 ready!

Name	Link
🔨 Latest commit	18f8de8
🔍 Latest deploy log	https://app.netlify.com/projects/gilded-rugelach-722bc0/deploys/68e58230f512770008bf8d65
😎 Deploy Preview	https://deploy-preview-3--gilded-rugelach-722bc0.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.
Lighthouse	1 paths audited Performance: 93 Accessibility: 100 Best Practices: 83 SEO: 100 PWA: - View the detailed breakdown and full score reports

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.