Update all non-major frontend-admin dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@sentry/react (source)	10.49.0 → 10.50.0
@tanstack/eslint-plugin-query (source)	5.99.2 → 5.100.5
@tanstack/react-query (source)	5.99.2 → 5.100.5
@tanstack/react-query-devtools (source)	5.99.2 → 5.100.5
axios (source)	1.15.1 → 1.15.2
postcss (source)	8.5.10 → 8.5.12
react-hook-form (source)	7.73.1 → 7.74.0
react-router (source)	7.14.1 → 7.14.2

---

Release Notes

getsentry/sentry-javascript (@​sentry/react)

v10.50.0

Compare Source

TanStack/query (@​tanstack/eslint-plugin-query)

v5.100.5

Compare Source

v5.100.4

Compare Source

v5.100.3

Compare Source

v5.100.2

v5.100.1

v5.100.0

Compare Source

TanStack/query (@​tanstack/react-query)

v5.100.5

Compare Source

Patch Changes

• Updated dependencies [a53ef97]:
  • @​tanstack/query-core@​5.100.5

v5.100.4

Compare Source

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.100.4

v5.100.3

Compare Source

Patch Changes

• fix(suspense): skip calling combine when queries would suspend (#​10576)

• Updated dependencies [f85d825]:

  • @​tanstack/query-core@​5.100.3

v5.100.2

Patch Changes

• Updated dependencies [ea4497e, d6a7bf3, 645d5d1]:
  • @​tanstack/query-core@​5.100.2

v5.100.1

Patch Changes

• Updated dependencies [1bb0d23]:
  • @​tanstack/query-core@​5.100.1

v5.100.0

Compare Source

Patch Changes

• Updated dependencies [6540a41]:
  • @​tanstack/query-core@​5.100.0

TanStack/query (@​tanstack/react-query-devtools)

v5.100.5

Compare Source

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.100.5
  • @​tanstack/react-query@​5.100.5

v5.100.4

Compare Source

Patch Changes

• fix(devtools): change onClose callback type from () => unknown to () => void (#​10118)

• Updated dependencies [3d1a62e]:

  • @​tanstack/query-devtools@​5.100.4
  • @​tanstack/react-query@​5.100.4

v5.100.3

Compare Source

Patch Changes

• Updated dependencies [f85d825]:
  • @​tanstack/react-query@​5.100.3
  • @​tanstack/query-devtools@​5.100.3

v5.100.2

Compare Source

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.100.2
  • @​tanstack/react-query@​5.100.2

v5.100.1

Compare Source

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.100.1
  • @​tanstack/react-query@​5.100.1

v5.100.0

Compare Source

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.100.0
  • @​tanstack/react-query@​5.100.0

axios/axios (axios)

v1.15.2

Compare Source

This release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in allowedSocketPaths allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.

🔒 Security Fixes

• Prototype Pollution Hardening (HTTP Adapter): Hardened the Node HTTP adapter and resolveConfig/mergeConfig/validator paths to read only own properties and use null-prototype config objects, preventing polluted auth, baseURL, socketPath, beforeRedirect, and insecureHTTPParser from influencing requests. (#​10779)
• SSRF via socketPath: Rejects non-string socketPath values and adds an opt-in allowedSocketPaths config option to restrict permitted Unix domain socket paths, returning AxiosError ERR_BAD_OPTION_VALUE on mismatch. (#​10777)
• Supply-chain Hardening: Added .npmrc with ignore-scripts=true, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded SECURITY.md/THREATMODEL.md with provenance verification (npm audit signatures), 60-day resolution policy, and maintainer incident-response runbook. (#​10776)

🚀 New Features

• allowedSocketPaths Config Option: New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (#​10777)

🐛 Bug Fixes

• Keep-alive Socket Memory Leak: Installs a single per-socket error listener tracking the active request via kAxiosSocketListener/kAxiosCurrentReq, eliminating per-request listener accumulation, MaxListenersExceededWarning, and linear heap growth under concurrent or long-running keep-alive workloads (fixes #​10780). (#​10788)

🔧 Maintenance & Chores

• Changelog: Updated CHANGELOG.md with v1.15.1 release notes. (#​10781)

Full Changelog

postcss/postcss (postcss)

v8.5.12

Compare Source

• Fixed reading any file via user-generated CSS.
• Added opts.unsafeMap to disable checks.

v8.5.11

Compare Source

• Fixed nested brackets parsing performance (by @​offset).

react-hook-form/react-hook-form (react-hook-form)

v7.74.0: Version 7.74.0

Compare Source

🪇 feat: setValues (#​13201)

setValues((data) => {
  return {
    ...data,
    name: 'test'
  }
})

setValues(formValues);

🐞 fix: preserve previous field value when useController name changes (#​13395)
🐞 fix: handle null parent when unregistering nested field (#​13396)
🐞 fix: treat NaN as empty when valueAsNumber is true in validateField (#​13388)
🪢 fix build to exclude test files (#​13387)

thanks to @​Yihao-G & @​mixelburg

remix-run/react-router (react-router)

v7.14.2

Compare Source

Patch Changes

• Remove the un-documented custom error serialization logic from the internal turbo-stream implementation. React Router only automatically handles serialization of Error and it's standard subtypes (SyntaxError, TypeError, etc.). ([aabf4a1)

• Properly handle parent middleware redirects during fetcher.load ([aabf4a1)

• Remove redundant Omit<RouterProviderProps, "flushSync"> from react-router/dom RouterProvider ([aabf4a1)

• Improved types for generatePath's param arg ([aabf4a1)

  Type errors when required params are omitted:

  // Before
  // Passes type checks, but throws at runtime 💥
  generatePath(":required", { required: null });
  
  // After
  generatePath(":required", { required: null });
  //                          ^^^^^^^^ Type 'null' is not assignable to type 'string'.ts(2322)

  Allow omission of optional params:

  // Before
  generatePath(":optional?", {});
  //                         ^^ Property 'optional' is missing in type '{}' but required in type '{ optional: string | null | undefined; }'.ts(2741)
  
  // After
  generatePath(":optional?", {});

  Allows extra keys:

  // Before
  generatePath(":a", { a: "1", b: "2" });
  //                           ^ Object literal may only specify known properties, and 'b' does not exist in type '{ a: string; }'.ts(2353)
  
  // After
  generatePath(":a", { a: "1", b: "2" });

---

Configuration

📅 Schedule: (in timezone Europe/Budapest)

• Branch creation
  • Only on Sunday and Saturday (* * * * 0,6)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 93.37%. Comparing base (f7a6ae2) to head (29c5ed5).
⚠️ Report is 7 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1652   +/-   ##
=======================================
  Coverage   93.37%   93.37%           
=======================================
  Files          76       76           
  Lines        2386     2386           
  Branches      183      183           
=======================================
  Hits         2228     2228           
  Misses        132      132           
  Partials       26       26           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.