Bump the production-minor-and-patch group with 3 updates

[dependabot]

Bumps the production-minor-and-patch group with 3 updates: @auth0/auth0-spa-js, @azure/msal-browser and mobx.

Updates @auth0/auth0-spa-js from 2.20.0 to 2.21.1

Release notes

Sourced from @​auth0/auth0-spa-js's releases.

v2.21.1

Changed

• fix: parse enrollment id and verify url from location header #1617 (yogeshchoudhary147)

v2.21.0

Added

• feat: add MyAccount API client #1615 (yogeshchoudhary147)
• feat: add passkey authentication support #1614 (yogeshchoudhary147)

Changelog

Sourced from @​auth0/auth0-spa-js's changelog.

v2.21.1 (2026-06-03)

Full Changelog

Changed

• fix: parse enrollment id and verify url from location header #1617 (yogeshchoudhary147)

v2.21.0 (2026-06-01)

Full Changelog

Added

• feat: add MyAccount API client #1615 (yogeshchoudhary147)
• feat: add passkey authentication support #1614 (yogeshchoudhary147)

Commits

• 0e3f99a Release v2.21.1 (#1619)
• df516c7 chore: remove webauthn enroll/verify types from MyAccount (#1618)
• 758a189 fix: parse enrollment id and verify url from location header (#1617)
• 1a230df Release v2.21.0 (#1616)
• 60b7d1b feat: add MyAccount API client (#1615)
• 05581c7 feat: add passkey authentication support (#1614)
• ef80317 docs: add delegation and impersonation example for CTE (#1611)
• See full diff in compare view

Updates @azure/msal-browser from 5.11.0 to 5.12.0

Release notes

Sourced from @​azure/msal-browser's releases.

@​azure/msal-browser v5.12.0

5.12.0

Fri, 05 Jun 2026 22:24:22 GMT

Minor changes

• Rename uxNotAllowed error code to uiNotAllowed #8608 (198982749+Copilot@users.noreply.github.com)
• Bump @​azure/msal-common to v16.7.0 (beachball)

Patches

• Set document.title during authentication redirects for accessibility and UX #8624 (sameera.gajjarapu@microsoft.com)
• Respect redirectStartPage in PlatformAuthInteractionClient.acquireTokenRedirect #8604 (lalimasharda@microsoft.com)
• Add PCA functions for custom authentication response handling #8590 (kshabelko@microsoft.com)
• Clear old-schema cache entries when encryption key is expired #8619 (thomas.norling@microsoft.com)
• bump msal-common to version 16.6.3 #8622 (lalimasharda@microsoft.com)

Commits

• 7588af3 fix ui_not_allowed naming while preserving ux_not_allowed compatibility (#8608)
• 37c7d2a fix: set restrictive file permissions in FilePersistence (#8623)
• 485552f Post release PR for msal-common (#8622)
• d2378a2 fix: set document.title during authentication redirects (#8624)
• 3469d15 Fix/clear stale encrypted cache entries (#8619)
• bc0b340 fix: inverted username filter in CacheManager (#8621)
• f96b364 Add PCA functions for custom authentication response handling (#8590)
• 4e18c5c fix: respect redirectStartPage in PlatformAuthInteractionClient.acquireTokenR...
• 08a2236 Post-release PR (#8596)
• cf5eb29 fix: add knownAuthorities check to issuer validation for CIAM GUID-based issu...
• See full diff in compare view

Updates mobx from 6.15.4 to 6.16.0

Release notes

Sourced from mobx's releases.

mobx@6.16.0

Minor Changes

• 6b3fb0ee725c0521bbaf7ba901a30261472a0e71 #4639 Thanks @​ashishkr96! - feat(mobx): make the 2022.3 @computed decorator lazy. ComputedValue is now created on first read of the decorated getter rather than eagerly during instance construction, avoiding wasted allocations for getters that are never used. On a 50k-instance × 10-getter class with one read per instance this cuts construction heap by ~50% and construction time by ~25%; the steady-state read path is unchanged. Closes #4616.

• f0c68749428fd4d3bba48e9685e44fd1ddbbee76 #4658 Thanks @​ashishkr96! - feat(mobx): make the 2022.3 @observable accessor decorator lazy. ObservableValue is now created on first read/write/observe of the decorated accessor rather than eagerly during instance construction, avoiding wasted allocations for fields that are never touched. On a 50k-instance × 10-field class with sparse access (1 of 10 fields read per instance), this cuts construction heap by ~82% and construction time by ~86% versus the eager path. Follow-up to #4639.

Patch Changes

• 7eb54418b16fb9b415c04c5b8e05779790dd74ed #4659 Thanks @​kubk! - Fix regression from #4639 where isComputedProp returned false for lazy @​computed properties before first read

• c22b4b705447a4ccdce93473255f4beb170613f3 #4657 Thanks @​kubk! - Add getOrInsert and getOrInsertComputed to ObservableMap for compatibility with ESNext Map typings.

Commits

• 2b1a51f Version Packages (#4656)
• f0c6874 feat(mobx): make 2022.3 @​observable decorator lazy (#4658)
• 7eb5441 Fix isComputedProp for lazy decorated computed properties (#4659)
• c22b4b7 Add getOrInsert and getOrInsertComputed to ObservableMap for compatibility wi...
• 6b3fb0e feat(mobx): make 2022.3 @​computed decorator lazy (#4639)
• 0e8fbd6 chore: Switch from Lerna and Yarn 1 to NPM (#4646)
• 1cd6a34 Version Packages (#4653)
• 82f1e42 Fix mobx-react Rolldown annotation warning (#4652)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions