Bump the npm-minor-patch group across 1 directory with 4 updates

[dependabot]

Bumps the npm-minor-patch group with 4 updates in the /frontend-pwa directory: react, @types/react, orval and vite.

Updates react from 19.1.1 to 19.2.0

Release notes

Sourced from react's releases.

19.2.0 (Oct 1, 2025)

Below is a list of all new features, APIs, and bug fixes.

Read the React 19.2 release post for more information.

New React Features

• <Activity>: A new API to hide and restore the UI and internal state of its children.
• useEffectEvent is a React Hook that lets you extract non-reactive logic into an Effect Event.
• cacheSignal (for RSCs) lets your know when the cache() lifetime is over.
• React Performance tracks appear on the Performance panel’s timeline in your browser developer tools

New React DOM Features

• Added resume APIs for partial pre-rendering with Web Streams:
  • resume: to resume a prerender to a stream.
  • resumeAndPrerender: to resume a prerender to HTML.
• Added resume APIs for partial pre-rendering with Node Streams:
  • resumeToPipeableStream: to resume a prerender to a stream.
  • resumeAndPrerenderToNodeStream: to resume a prerender to HTML.
• Updated prerender APIs to return a postponed state that can be passed to the resume APIs.

Notable changes

• React DOM now batches suspense boundary reveals, matching the behavior of client side rendering. This change is especially noticeable when animating the reveal of Suspense boundaries e.g. with the upcoming <ViewTransition> Component. React will batch as much reveals as possible before the first paint while trying to hit popular first-contentful paint metrics.
• Add Node Web Streams (prerender, renderToReadableStream) to server-side-rendering APIs for Node.js
• Use underscore instead of : IDs generated by useId

All Changes

React

• <Activity /> was developed over many years, starting before ClassComponent.setState (@​acdlite @​sebmarkbage and many others)
• Stringify context as "SomeContext" instead of "SomeContext.Provider" (@​kassens #33507)
• Include stack of cause of React instrumentation errors with %o placeholder (@​eps1lon #34198)
• Fix infinite useDeferredValue loop in popstate event (@​acdlite #32821)
• Fix a bug when an initial value was passed to useDeferredValue (@​acdlite #34376)
• Fix a crash when submitting forms with Client Actions (@​sebmarkbage #33055)
• Hide/unhide the content of dehydrated suspense boundaries if they resuspend (@​sebmarkbage #32900)
• Avoid stack overflow on wide trees during Hot Reload (@​sophiebits #34145)
• Improve Owner and Component stacks in various places (@​sebmarkbage, @​eps1lon: #33629, #33724, #32735, #33723)
• Add cacheSignal (@​sebmarkbage #33557)

React DOM

• Block on Suspensey Fonts during reveal of server-side-rendered content (@​sebmarkbage #33342)
• Use underscore instead of : for IDs generated by useId (@​sebmarkbage, @​eps1lon: #32001, facebook/react#33342#33099, #33422)
• Stop warning when ARIA 1.3 attributes are used (@​Abdul-Omira #34264)
• Allow nonce to be used on hoistable styles (@​Andarist #32461)
• Warn for using a React owned node as a Container if it also has text content (@​sebmarkbage #32774)

... (truncated)

Changelog

Sourced from react's changelog.

19.2.0 (October 1st, 2025)

Below is a list of all new features, APIs, and bug fixes.

Read the React 19.2 release post for more information.

New React Features

• <Activity>: A new API to hide and restore the UI and internal state of its children.
• useEffectEvent is a React Hook that lets you extract non-reactive logic into an Effect Event.
• cacheSignal (for RSCs) lets your know when the cache() lifetime is over.
• React Performance tracks appear on the Performance panel’s timeline in your browser developer tools

New React DOM Features

• Added resume APIs for partial pre-rendering with Web Streams:
  • resume: to resume a prerender to a stream.
  • resumeAndPrerender: to resume a prerender to HTML.
• Added resume APIs for partial pre-rendering with Node Streams:
  • resumeToPipeableStream: to resume a prerender to a stream.
  • resumeAndPrerenderToNodeStream: to resume a prerender to HTML.
• Updated prerender APIs to return a postponed state that can be passed to the resume APIs.

Notable changes

• React DOM now batches suspense boundary reveals, matching the behavior of client side rendering. This change is especially noticeable when animating the reveal of Suspense boundaries e.g. with the upcoming <ViewTransition> Component. React will batch as much reveals as possible before the first paint while trying to hit popular first-contentful paint metrics.
• Add Node Web Streams (prerender, renderToReadableStream) to server-side-rendering APIs for Node.js
• Use underscore instead of : IDs generated by useId

All Changes

React

• <Activity /> was developed over many years, starting before ClassComponent.setState (@​acdlite @​sebmarkbage and many others)
• Stringify context as "SomeContext" instead of "SomeContext.Provider" (@​kassens #33507)
• Include stack of cause of React instrumentation errors with %o placeholder (@​eps1lon #34198)
• Fix infinite useDeferredValue loop in popstate event (@​acdlite #32821)
• Fix a bug when an initial value was passed to useDeferredValue (@​acdlite #34376)
• Fix a crash when submitting forms with Client Actions (@​sebmarkbage #33055)
• Hide/unhide the content of dehydrated suspense boundaries if they resuspend (@​sebmarkbage #32900)
• Avoid stack overflow on wide trees during Hot Reload (@​sophiebits #34145)
• Improve Owner and Component stacks in various places (@​sebmarkbage, @​eps1lon: #33629, #33724, #32735, #33723)
• Add cacheSignal (@​sebmarkbage #33557)

React DOM

• Block on Suspensey Fonts during reveal of server-side-rendered content (@​sebmarkbage #33342)
• Use underscore instead of : for IDs generated by useId (@​sebmarkbage, @​eps1lon: #32001, facebook/react#33342#33099, #33422)
• Stop warning when ARIA 1.3 attributes are used (@​Abdul-Omira #34264)
• Allow nonce to be used on hoistable styles (@​Andarist #32461)

... (truncated)

Commits

• 5667a41 Bump next prerelease version numbers (#34639)
• 8bb7241 Bump useEffectEvent to Canary (#34610)
• e3c9656 Ensure Performance Track are Clamped and Don't overlap (#34509)
• 68f00c9 Release Activity in Canary (#34374)
• 0e10ee9 [Reconciler] Set ProfileMode for Host Root Fiber by default in dev (#34432)
• 3bf8ab4 Add missing Activity export to development mode (#34439)
• 1549bda [Flight] Only assign _store in dev mode when creating lazy types (#34354)
• bb6f0c8 [Flight] Fix wrong missing key warning when static child is blocked (#34350)
• 05addfc Update Flow to 0.266 (#34271)
• ec5dd0a Update Flow to 0.257 (#34253)
• Additional commits viewable in compare view

Updates @types/react from 18.3.24 to 19.2.2

Commits

• See full diff in compare view

Updates orval from 7.11.2 to 7.16.0

Release notes

Sourced from orval's releases.

Release v7.16.0

What's Changed

• Process config file with jiti - v7 by @​Noyabronok in orval-labs/orval#2518
• Release v7.16.0 by @​github-actions[bot] in orval-labs/orval#2519

Full Changelog: orval-labs/orval@v7.15.0...v7.16.0

Release v7.15.0

What's Changed

[!IMPORTANT]
Breaking change: Node 22.18.0 or higher is required

• chore(deps): bump actions/setup-node from 4 to 6 by @​dependabot[bot] in orval-labs/orval#2453
• fix: generate prefetch hook for hook based mutator by @​aizerin in orval-labs/orval#2456
• feat: option to generate query invalidations by @​aizerin in orval-labs/orval#2457
• chore(deps): bump hono from 4.9.7 to 4.10.2 by @​dependabot[bot] in orval-labs/orval#2462
• fix(hono): zValidator wrapper doesn't typecheck with 0.7.4 by @​xandris in orval-labs/orval#2468
• fix(zod): add line breaks to export constants by @​melloware in orval-labs/orval#2469
• fix(query): deduplicate error response types by @​melloware in orval-labs/orval#2471
• fix(zod): fixed bug where zod did not correctly use namespace import by @​chcederquist in orval-labs/orval#2472
• fix(axios): "responseType: text" incorrectly being added by @​snebjorn in orval-labs/orval#2473
• Release v7.15.0 by @​github-actions[bot] in orval-labs/orval#2474

New Contributors

• @​aizerin made their first contribution in orval-labs/orval#2456

Full Changelog: orval-labs/orval@v7.14.0...v7.15.0

Release v7.14.0

[!IMPORTANT]
Breaking change: Node 22.18.0 or higher is required

What's Changed

• Breaking change: Node 22.18.0 or higher is required
• Skip version check when using a Bun/Pnpm workspace catalog by @​xorob0 in orval-labs/orval#2434
• chore: removes the last require() usages by @​snebjorn in orval-labs/orval#2435
• Fix typo for infinite by @​JurianArie in orval-labs/orval#2437
• Docs: Update output.md by @​gialmisi in orval-labs/orval#2438
• fix: don't mangle external URL $ref by @​xandris in orval-labs/orval#2439
• fix(zod): consider path-level parameters when generating zod schemas by @​xandris in orval-labs/orval#2440
• fix(useOperationIdAsQueryKey): make sure operationName is returned as string by @​mortik in orval-labs/orval#2443
• fix(hono): zValidator not imported consistently by @​xandris in orval-labs/orval#2444
• fix(zod): update type handling from 'any' to 'unknown' in schema definitions by @​alexmarqs in orval-labs/orval#2445
• fix(hono): some configs generate wrong imports by @​xandris in orval-labs/orval#2448
• Fix: Support OpenAPI 3.1 Multi-Type Arrays in Zod Generator by @​rang-ali in orval-labs/orval#2447
• Release v7.14.0 by @​github-actions[bot] in orval-labs/orval#2449

New Contributors

... (truncated)

Commits

• 253ae76 chore(release): bump version to v7.16.0 (#2519)
• 1d22214 Update base branch for release preparation
• 13d6a8a Add step to remove stableVersion fields from package.json
• cf0f1e1 Process config file with jiti - v7 (#2518)
• bdacff4 chore(release): bump version to v7.15.0 (#2474)
• 0dfe795 fix(axios): "responseType: text" incorrectly being added (#2473)
• b119209 fix(zod): fixed bug where zod did not correctly use namespace import (#2472)
• 8d0812b fix(query): deduplicate error response types (#2471)
• 3592bae Disable samples update step in tests workflow
• 86b6d4b fix(zod): add line breaks to export constants (#2469)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by melloware, a new releaser for orval since your current version.

Updates vite from 7.1.12 to 7.2.2

Release notes

Sourced from vite's releases.

v7.2.2

Please refer to CHANGELOG.md for details.

plugin-legacy@7.2.1

Please refer to CHANGELOG.md for details.

v7.2.1

Please refer to CHANGELOG.md for details.

plugin-legacy@7.2.0

Please refer to CHANGELOG.md for details.

v7.2.0

Please refer to CHANGELOG.md for details.

v7.2.0-beta.1

Please refer to CHANGELOG.md for details.

v7.2.0-beta.0

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

7.2.2 (2025-11-07)

Bug Fixes

• revert "refactor: use fs.cpSync (#21019)" (#21081) (728c8ee)

7.2.1 (2025-11-06)

Bug Fixes

• worker: some worker asset was missing (#21074) (82d2d6c)

Code Refactoring

• build: rename indexOfMatchInSlice to findPreloadMarker (#21054) (f83264f)

7.2.0 (2025-11-05)

Bug Fixes

• css: fallback to sass when sass-embedded platform binary is missing (#21002) (b1fd616)
• module-runner: make getBuiltins response JSON serializable (#21029) (ad5b3bf)
• types: add undefined to optional properties for exactOptionalProperties type compatibility (#21040) (2833c55)

Miscellaneous Chores

• deps: update rolldown-related dependencies (#21047) (e3a6a83)

7.2.0-beta.1 (2025-10-29)

Bug Fixes

• increase stream reset rate limit for HTTP2 (#21024) (4f44f22)
• optimizer: externalize virtual modules for html like files (#21001) (e5af352)

Documentation

• clarify the values are escaped automatically (#21017) (246df13)

Code Refactoring

• use fs.cpSync (#21019) (a2df778)

7.2.0-beta.0 (2025-10-28)

Features

• add import.meta.resolve support for ESM config (bundle config loader) (#20962) (f86789a)
• add perEnvironmentWatchChangeDuringDev (#20996) (a5e98e6)
• add vite client connect events (#20978) (543d87c)
• build: emit license (#18546) (b42c3fb)
• dev: support HTTP2 even if proxy feature is used (#20869) (fc21af7)
• lib: enable minification but keep pure annotations for es output with terser (#20522) (df997d0)
• optimizer: add rush lockfile support (#20833) (718ca2d)
• utils: support multiple certificates in resolveServerUrls (#20707) (24513e5)

... (truncated)

Commits

• 572aaca release: v7.2.2
• 728c8ee fix: revert "refactor: use fs.cpSync (#21019)" (#21081)
• a532e68 release: v7.2.1
• 82d2d6c fix(worker): some worker asset was missing (#21074)
• f83264f refactor(build): rename indexOfMatchInSlice to findPreloadMarker (#21054)
• 8293de0 release: v7.2.0
• 2833c55 fix(types): add undefined to optional properties for exactOptionalProperties ...
• e3a6a83 chore(deps): update rolldown-related dependencies (#21047)
• b1fd616 fix(css): fallback to sass when sass-embedded platform binary is missing (#21...
• ad5b3bf fix(module-runner): make getBuiltins response JSON serializable (#21029)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies, npm. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.