Bump the all group across 1 directory with 11 updates

[dependabot]

Bumps the all group with 11 updates in the /app-frontend directory:

Package	From	To
core-js	3.39.0	3.40.0
react-router	7.1.1	7.2.0
react-router-dom	7.1.1	7.2.0
@types/node	22.10.5	22.13.5
@types/react	19.0.2	19.0.10
@types/react-dom	19.0.2	19.0.4
less	4.2.1	4.2.2
postcss	8.4.49	8.5.3
ts-loader	9.5.1	9.5.2
typescript	5.7.2	5.7.3
webpack	5.97.1	5.98.0

Updates core-js from 3.39.0 to 3.40.0

Changelog

Sourced from core-js's changelog.

3.40.0 - 2025.01.08

• Changes v3.39.0...v3.40.0 (130 commits)
• Added Error.isError stage 3 proposal:
  • Added built-ins:
    • Error.isError
  • We have no bulletproof way to polyfill this method / check if the object is an error, so it's an enough naive implementation that is marked as .sham
• Explicit Resource Management stage 3 proposal:
  • Updated the way async disposing of only sync disposable resources, tc39/proposal-explicit-resource-management/218
• Iterator sequencing stage 2.7 proposal:
  • Reuse IteratorResult objects when possible, tc39/proposal-iterator-sequencing/17, tc39/proposal-iterator-sequencing/18, December 2024 TC39 meeting
• Added a fix of V8 < 12.8 / NodeJS < 22.10 bug with handling infinite length of set-like objects in Set methods
• Optimized DataView.prototype.{ getFloat16, setFloat16 } performance, #1379, thanks @​LeviPesin
• Dropped unneeded feature detection of non-standard %TypedArray%.prototype.toSpliced
• Dropped possible re-usage of some non-standard / early stage features (like Math.scale) available on global
• Some other minor improvements
• Compat data improvements:
  • RegExp.escape marked as shipped from Safari 18.2
  • Promise.try marked as shipped from Safari 18.2
  • Math.f16round and DataView.prototype.{ getFloat16, setFloat16 } marked as shipped from Safari 18.2
  • Uint8Array to / from base64 and hex proposal methods marked as shipped from Safari 18.2
  • JSON.parse source text access proposal features marked as shipped from FF135
  • RegExp.escape marked as shipped from FF134
  • Promise.try marked as shipped from FF134
  • Symbol.dispose, Symbol.asyncDispose and Iterator.prototype[@@dispose] marked as shipped from FF135
  • JSON.parse source text access proposal features marked as shipped from Bun 1.1.43
  • Fixed NodeJS version where URL.parse was added - 22.1 instead of 22.0
  • Added Deno 2.1 compat data mapping
  • Added Rhino 1.8.0 compat data with significant number of modern features
  • Added Electron 35 compat data mapping
  • Updated Opera 115+ compat data mapping
  • Added Opera Android 86 and 87 compat data mapping

Commits

• 6e49392 v3.40.0
• 34e4086 update the way async disposing of only sync disposable resources
• e21bdbf bump the year
• dd21b36 add a fix of V8 < 12.8 / NodeJS < 22.10 bug with handling infinite length of ...
• 8de4f9a re-use IteratorResult objects when possible in Iterator.concat
• 696feb8 add Error.isError
• 19d4688 enable eslint-plugin-es-x no-nonstandard-*-properties rules
• ebf97cc drop unneeded non-standard %TypedArray%.prototype.toSpliced feature detection
• f37b548 don't use globally available non-standard Math.scale
• 5c7cc53 inline internals/math-f16round
• Additional commits viewable in compare view

Updates react-router from 7.1.1 to 7.2.0

Release notes

Sourced from react-router's releases.

v7.2.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v720

v.7.1.5

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v715

v7.1.4

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v714

v7.1.3

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v713

v7.1.2

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v712

Changelog

Sourced from react-router's changelog.

7.2.0

Minor Changes

• New type-safe href utility that guarantees links point to actual paths in your app (#13012)

  import { href } from "react-router";
  export default function Component() {
  const link = href("/blog/:slug", { slug: "my-first-post" });
  return (
  <main>
  <Link to={href("/products/:id", { id: "asdf" })} />
  <NavLink to={href("/:lang?/about", { lang: "en" })} />
  </main>
  );
  }

Patch Changes

• Fix typegen for repeated params (#13012)

  In React Router, path parameters are keyed by their name. So for a path pattern like /a/:id/b/:id?/c/:id, the last :id will set the value for id in useParams and the params prop. For example, /a/1/b/2/c/3 will result in the value { id: 3 } at runtime.

  Previously, generated types for params incorrectly modeled repeated params with an array. So /a/1/b/2/c/3 generated a type like { id: [1,2,3] }.

  To be consistent with runtime behavior, the generated types now correctly model the "last one wins" semantics of path parameters. So /a/1/b/2/c/3 now generates a type like { id: 3 }.

• Don't apply Single Fetch revalidation de-optimization when in SPA mode since there is no server HTTP request (#12948)

• Properly handle revalidations to across a prerender/SPA boundary (#13021)

  • In "hybrid" applications where some routes are pre-rendered and some are served from a SPA fallback, we need to avoid making .data requests if the path wasn't pre-rendered because the request will 404
  • We don't know all the pre-rendered paths client-side, however:
    • All loader data in ssr:false mode is static because it's generated at build time
    • A route must use a clientLoader to do anything dynamic
    • Therefore, if a route only has a loader and not a clientLoader, we disable revalidation by default because there is no new data to retrieve
    • We short circuit and skip single fetch .data request logic if there are no server loaders with shouldLoad=true in our single fetch dataStrategy
    • This ensures that the route doesn't cause a .data request that would 404 after a submission

• Error at build time in ssr:false + prerender apps for the edge case scenario of: (#13021)

  • A parent route has only a loader (does not have a clientLoader)
  • The parent route is pre-rendered

... (truncated)

Commits

• 4b5793d chore: Update version for release (#13051)
• e7eb36f chore: Update version for release (pre) (#13050)
• 95fd01d chore: Update version for release (pre) (#13048)
• 597f3d2 Fix clientLoader calls to serverLoader for prerendered routes (#13047)
• 6bb9e5c chore: Update version for release (pre) (#13041)
• 5811466 Add additional JSDoc comments to commonly used APIs for better API reference ...
• 3f98a9a chore: Update version for release (pre) (#13038)
• ab5b05b feat(react-router): add SerializesTo brand type (#12264)
• e8719ad chore: Update version for release (pre) (#13022)
• f27fcf2 Fix a few edge case bugs with hybrid ssr:false/prerender scenarios (#13021)
• Additional commits viewable in compare view

Updates react-router-dom from 7.1.1 to 7.2.0

Release notes

Sourced from react-router-dom's releases.

v7.1.3

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v713

[email protected]

Patch Changes

• Updated dependencies
  • [email protected]
  • [email protected]

[email protected]

Patch Changes

• Updated dependencies
  • [email protected]
  • [email protected]

[email protected]

Patch Changes

• Updated dependencies
  • [email protected]
  • [email protected]

[email protected]

Patch Changes

• Updated dependencies
  • [email protected]
  • [email protected]

[email protected]

Patch Changes

• Updated dependencies
  • [email protected]
  • [email protected]

[email protected]

Patch Changes

• Updated dependencies
  • [email protected]
  • [email protected]

[email protected]

Patch Changes

• 44bce3c6: Fix react-router-dom peer dependency version
  • [email protected]

... (truncated)

Changelog

Sourced from react-router-dom's changelog.

7.2.0

Patch Changes

• Updated dependencies:
  • [email protected]

7.1.5

Patch Changes

• Updated dependencies:
  • [email protected]

7.1.4

Patch Changes

• Updated dependencies:
  • [email protected]

7.1.3

Patch Changes

• Updated dependencies:
  • [email protected]

7.1.2

Patch Changes

• Updated dependencies:
  • [email protected]

Commits

• 4b5793d chore: Update version for release (#13051)
• e7eb36f chore: Update version for release (pre) (#13050)
• 95fd01d chore: Update version for release (pre) (#13048)
• 6bb9e5c chore: Update version for release (pre) (#13041)
• 3f98a9a chore: Update version for release (pre) (#13038)
• e8719ad chore: Update version for release (pre) (#13022)
• 7a4e20d chore: Update version for release (pre) (#13014)
• c9dea37 chore: Update version for release (pre) (#13011)
• ac399b7 Merge branch 'release-next' into dev
• 6b6ed18 chore: Update version for release (#12929)
• Additional commits viewable in compare view

Updates @types/node from 22.10.5 to 22.13.5

Commits

• See full diff in compare view

Updates @types/react from 19.0.2 to 19.0.10

Commits

• See full diff in compare view

Updates @types/react-dom from 19.0.2 to 19.0.4

Commits

• See full diff in compare view

Updates less from 4.2.1 to 4.2.2

Release notes

Sourced from less's releases.

v4.2.2

less/less.js#4290 Fix less/less.js#4268 nested pseudo-selector parsing (@​puckowski) less/less.js#4291 Enhance Less.js test environment setup (#4291) (@​iChenLei) less/less.js#4295 Fix less/less.js#4252 container queries created via mixin evaluating variables incorrectly (@​puckowski) less/less.js#4294 Fix less/less.js#3737 allow blank variable declarationd (@​puckowski) less/less.js#4292 Fix less/less.js#4258 variable interpolation after math (@​puckowski) less/less.js#4293 Fix less/less.js#4264 strip line comment from expression (@​puckowski) less/less.js#4302 Fix less/less.js#4301 at-rule declarations missing (@​puckowski) less/less.js#4309 Fix Node 23 CI (#4309) (@​iChenLei)

Changelog

Sourced from less's changelog.

v4.2.2 (2025-01-04)

• #4290 Fix #4268 nested pseudo-selector parsing (@​puckowski)
• #4291 Enhance Less.js test environment setup (#4291) (@​iChenLei)
• #4295 Fix #4252 container queries created via mixin evaluating variables incorrectly (@​puckowski)
• #4294 Fix #3737 allow blank variable declarationd (@​puckowski)
• #4292 Fix #4258 variable interpolation after math (@​puckowski)
• #4293 Fix #4264 strip line comment from expression (@​puckowski)
• #4302 Fix #4301 at-rule declarations missing (@​puckowski)
• #4309 Fix Node 23 CI (#4309) (@​iChenLei)

Commits

• 1e7b003 Release v4.2.2 (#4307)
• ab5c82f fix: node23 ci (#4309)
• c2053cb ci: enhance our test environment setup (#4291)
• 9d92b0c fix(issue:4301) at-rule declarations missing (#4302)
• 145d95e fix(issue:4264) strip line comment from expression (#4293)
• 304c310 fix(issue:4258) variable interpolation after math (#4292)
• 509a007 fix(issue:3737) allow blank variable declarations (#4294)
• See full diff in compare view

Updates postcss from 8.4.49 to 8.5.3

Release notes

Sourced from postcss's releases.

8.5.3

• Added more details to Unknown word error (by @​hiepxanh).
• Fixed types (by @​romainmenke).
• Fixed docs (by @​catnipan).

8.5.2

• Fixed end position of rules with semicolon (by @​romainmenke).

8.5.1

• Fixed backwards compatibility for complex cases (by @​romainmenke).

8.5 “Duke Alloces”

PostCSS 8.5 brought API to work better with non-CSS sources like HTML, Vue.js/Svelte sources or CSS-in-JS.

@​romainmenke during his work on Stylelint added Input#document in additional to Input#css.

root.source.input.document //=> "<p>Hello</p>
                           //    <style>
                           //    p {
                           //      color: green;
                           //    }
                           //    </style>"
root.source.input.css      //=> "p {
                           //      color: green;
                           //    }"

Thanks to Sponsors

This release was possible thanks to our community.

If your company wants to support the sustainability of front-end infrastructure or wants to give some love to PostCSS, you can join our supporters by:

• Tidelift with a Spotify-like subscription model supporting all projects from your lock file.
• Direct donations at GitHub Sponsors or Open Collective.

Changelog

Sourced from postcss's changelog.

8.5.3

• Added more details to Unknown word error (by @​hiepxanh).
• Fixed types (by @​romainmenke).
• Fixed docs (by @​catnipan).

8.5.2

• Fixed end position of rules with semicolon (by @​romainmenke).

8.5.1

• Fixed backwards compatibility for complex cases (by @​romainmenke).

8.5 “Duke Alloces”

• Added Input#document for sources like CSS-in-JS or HTML (by @​romainmenke).

Commits

• 22c309d Release 8.5.3 version
• a2b594f Update ESLint config
• 8232ba0 Fix tests
• 5082831 Fix text
• 4fdb54b update: parser.js to clarify error message
• 06006ec AtRule can be empty
• 755f08f fix typo: them -> then (#2016)
• 692fcde Release 8.5.2 version
• b70e98f Update dependencies
• ba587e3 Fix end position of rules with ownSemicon (#2012)
• Additional commits viewable in compare view

Updates ts-loader from 9.5.1 to 9.5.2

Release notes

Sourced from ts-loader's releases.

v9.5.2

• fix: add more detailed error messages - thanks @​hai-x

This release is actually v9.5.2 but due to a problem with the initial release workflow we incremented to v9.5.3

Changelog

Sourced from ts-loader's changelog.

9.5.2

• fix: add more detailed error messages - thanks @​hai-x

Commits

• e652315 fix: add more detailed error messages (#1665)
• 36b6bf2 Upgrade TypeScript to 5.7 (#1661)
• 6a4e29c Create SECURITY.md
• 5379bb1 Update testpack for TypeScript 5.6 (#1656)
• 95110c6 Ts 55 (#1651)
• 7d8b38e Typescript54 (#1647)
• effc0e1 feat: upgrade to 5.3 (#1641)
• See full diff in compare view

Updates typescript from 5.7.2 to 5.7.3

Release notes

Sourced from typescript's releases.

TypeScript 5.7.3

For release notes, check out the release announcement.

• fixed issues query for Typescript 5.7.0 (Beta).
• fixed issues query for Typescript 5.7.1 (RC).
• fixed issues query for Typescript 5.7.2 (Stable).
• fixed issues query for Typescript 5.7.3 (Stable).

Downloads are available on npm

Commits

• a5e123d Update LKG
• 8bc0204 🤖 Pick PR #60828 (Fix CodeQL configuration, releases) into release-5.7 (#60923)
• 7aa63df 🤖 Pick PR #60393 (Don't try to add an implicit undefi...) into release-5.7 (#...
• 9df7c36 Bump version to 5.7.3 and LKG
• e167412 🤖 Pick PR #60794 (Harden sanitizeLog against incorr...) into release-5.7 (#...
• 9ba364c Fix coverage build on release-5.7 (#60792)
• 4b7441a 🤖 Pick PR #60680 (Mark the inherited any-based index ...) into release-5.7 (#...
• e844dc3 Cherry-pick #60402, #60440, #60616 into release-5.7 (#60777)
• 21b02a1 🤖 Pick PR #60749 (Do not require import attribute on ...) into release-5.7 (#...
• b82fd16 🤖 Pick PR #60576 (Avoid incorrectly reusing assertion...) into release-5.7 (#...
• Additional commits viewable in compare view

Updates webpack from 5.97.1 to 5.98.0

Release notes

Sourced from webpack's releases.

v5.98.0

Fixes

• Avoid the deprecation message #19062 by @​alexander-akait
• Should not escape CSS local ident in JS #19060 by @​JSerFeng
• MF parse range not compatible with Safari #19083 by @​alexander-akait
• Preserve filenameTemplate in new split chunk #19104 by @​henryqdineen
• Use module IDs for final render order #19184 by @​dmichon-msft
• Strip blob: protocol when public path is auto #19199 by @​alexander-akait
• Respect output.charset everywhere #19202 by @​alexander-akait
• Node async WASM loader generation #19210 by @​ashi009
• Correct BuildInfo and BuildMeta type definitions #19200 by @​inottn

Performance Improvements

• Improve FlagDependencyExportsPlugin for large JSON by depth #19058 by @​hai-x
• Optimize assign-depths #19193 by @​dmichon-msft
• Use startsWith for matching instead of converting the string to a regex #19207 by @​inottn

Chores

• Bump nanoid from 3.3.7 to 3.3.8 #19063 by @​dependabot
• Fixed incorrect typecast in DefaultStatsFactoryPlugin #19156 by @​Andarist
• Improved readme.md by adding video links for understanding webpack #19101 by @​Vansh5632
• Typo fix #19205 by @​hai-x
• Adopt the new webpack governance model #18804 by @​ovflowd

Features

• Implement /* webpackIgnore: true */ for require.resolve #19201 by @​alexander-akait

Continuous Integration

• CI fix #19196 by @​alexander-akait

New Contributors

• @​Andarist made their first contribution in webpack/webpack#19156
• @​Vansh5632 made their first contribution in webpack/webpack#19101
• @​ashi009 made their first contribution in webpack/webpack#19210
• @​ovflowd made their first contribution in webpack/webpack#18804

Full Changelog: webpack/webpack@v5.97.1...v5.98.0

Commits

• f1bdec5 5.98.0
• 9579f22 chore: adopt the new webpack governance model (#18804)
• a1edb20 fix: node async wasm loader now use output.module to determinate code gener...
• e55b08b perf: use startsWith for matching instead of converting the string to a regex
• 6e14dba chore: fix typo (#19205)
• f123ce5 fix: respect output.charset everywhere (#19202)
• af20c7b fix: strip blob: protocol when public path is auto (#19199)
• 80826c5 feat: implement /* webpackIgnore: true */ for require.resolve (#19201)
• ac6ffca fix(types): correct BuildInfo and BuildMeta type definitions (#19200)
• 8ac130a ci: fix
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.