Skip to content

chore(deps)(deps): bump the production-dependencies group in /webs with 6 updates#244

Merged
ZeroDeng01 merged 1 commit into
mainfrom
dependabot/npm_and_yarn/webs/production-dependencies-a223a78c18
Jul 6, 2026
Merged

chore(deps)(deps): bump the production-dependencies group in /webs with 6 updates#244
ZeroDeng01 merged 1 commit into
mainfrom
dependabot/npm_and_yarn/webs/production-dependencies-a223a78c18

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor

Bumps the production-dependencies group in /webs with 6 updates:

Package From To
apexcharts 5.15.2 5.16.0
framer-motion 12.42.0 12.42.2
i18next 26.3.3 26.3.4
react-router 7.18.0 7.18.1
react-router-dom 7.18.0 7.18.1
vite 8.1.0 8.1.3

Updates apexcharts from 5.15.2 to 5.16.0

Release notes

Sourced from apexcharts's releases.

💎 Version 5.16.0

✨ Features

Drilldown navigation (opt-in)

Click a data point to drill into a child level, with a breadcrumb trail and back navigation. Supported on bar, column, pie, donut, treemap, and heatmap. Tree-shakeable: import the feature and enable it.

import ApexCharts from 'apexcharts'
import 'apexcharts/features/drilldown'
const options = {
chart: {
type: 'bar',
drilldown: {
enabled: true,
series: [
{ id: 'fruits', name: 'Fruits', data: [{ x: 'Apple', y: 40 }, { x: 'Banana', y: 30 }] },
],
// breadcrumb: { show: true, position: 'top-left', rootLabel: 'All' },
// animation: { zoomFromPoint: true }, // unfold the child from the clicked point
// onDrillDown: async ({ point }) => fetchChild(point), // async level loading
},
},
series: [{ name: 'Categories', data: [{ x: 'Fruits', y: 70, drilldown: 'fruits' }, { x: 'Vegetables', y: 55 }] }],
}

  • Child levels are declared inline in chart.drilldown.series, or fetched on demand via onDrillDown.
  • Breadcrumb is configurable (position, separator, rootLabel, formatter) and includes a back-arrow.
  • Optional animation.zoomFromPoint unfolds the child level outward from the clicked point (and folds back on drill-up).

Pie / donut external (outer) data labels with leader lines (opt-in)

Render each slice's name outside the pie, connected by a leader line, so users no longer need to map legend colors back to slices. Pie and donut only (ignored for polarArea). The percentage keeps rendering inside the slice.

plotOptions: {
  pie: {
    dataLabels: {
      external: {
        show: true,
        // formatter: (name, { percent }) => [name, percent.toFixed(1) + '%'],
        // connector: { show: true, width: 1, length: 16, gap: 6 },
      },
    },
  },
}

Scatter jitter: strip plots and overplotting (opt-in)

Spread overlapping scatter points apart. Two uses, one engine. Offsets are in axis units, deterministic (SSR-safe), and applied to the drawn positions only, so tooltips still show the true values.

... (truncated)

Commits
  • 548d828 release: 5.16.0
  • 2e00b44 fix(test): remove unused loadChart fixture arg in pie-name-labels spec
  • aac162f feat(scatter): jitter support for strip plots and overplotting
  • 3501fca feat(pie): external (outer) data labels with leader lines for pie/donut
  • b888a65 docs(drilldown): add pie/donut drilldown demo
  • a238e84 feat(drilldown): treemap + heatmap support, trigger-point expand, drill routi...
  • 8bdfc4f fix(drilldown): reset legend-collapse state on drill; add breadcrumb back-arrow
  • da0a907 feat(drilldown): add opt-in drilldown navigation feature (Phase 1)
  • a25b339 Merge branch 'main' of https://github.com/apexcharts/apexcharts.js
  • 7bcd5ce feat(dataReducer): downsample rangeArea/rangeBar via min-max bucket aggregation
  • Additional commits viewable in compare view

Updates framer-motion from 12.42.0 to 12.42.2

Changelog

Sourced from framer-motion's changelog.

[12.42.2] 2026-07-01

Fixed

  • animateView: Cropped group layers now animate border-radius from the old to new radius.

[12.42.1] 2026-06-30

Fixed

  • animateView: Old layer fade out now cancelled when defining .new().
Commits
  • 40e8756 v12.42.2
  • 718ccc7 Merge pull request #3768 from motiondivision/view-cropped-corner-radius
  • 19195a4 Dedupe corner-radius longhands; merge crop box/radii measurements
  • 5299aa6 Resolve cropped-clip radius timing once; fix transition-option leak
  • 937cdf3 Animate cropped view-transition group corner radius
  • fd2d6f6 v12.42.1
  • 2223d87 Hold the old layer when only a non-opacity .new() is set
  • See full diff in compare view

Updates i18next from 26.3.3 to 26.3.4

Release notes

Sourced from i18next's releases.

v26.3.4

  • fix(security): deepExtend (used by addResourceBundle(..., deep, overwrite)) no longer recurses into inherited properties. It checked key existence with the in operator, which walks the prototype chain, so a source key matching an inherited built-in (e.g. hasOwnProperty, toString) caused recursion into the shared Object.prototype function and, with overwrite: true, could overwrite e.g. Object.prototype.hasOwnProperty.call with a non-callable value — corrupting a shared built-in process-wide (DoS). Existence is now checked with Object.prototype.hasOwnProperty.call, so such keys are copied as plain own data instead. This complements the existing __proto__/constructor guard and is also strictly more correct for an own-property merge. Only affects applications that pass attacker-controlled data with deep: true and overwrite: true; no standard backend/integration does this. Distinct from CVE-2026-48713 / CVE-2026-48714 (different packages, setPath mechanism). Thanks to zx (Jace) for the responsible disclosure.
Changelog

Sourced from i18next's changelog.

26.3.4

  • fix(security): deepExtend (used by addResourceBundle(..., deep, overwrite)) no longer recurses into inherited properties. It checked key existence with the in operator, which walks the prototype chain, so a source key matching an inherited built-in (e.g. hasOwnProperty, toString) caused recursion into the shared Object.prototype function and, with overwrite: true, could overwrite e.g. Object.prototype.hasOwnProperty.call with a non-callable value — corrupting a shared built-in process-wide (DoS). Existence is now checked with Object.prototype.hasOwnProperty.call, so such keys are copied as plain own data instead. This complements the existing __proto__/constructor guard and is also strictly more correct for an own-property merge. Only affects applications that pass attacker-controlled data with deep: true and overwrite: true; no standard backend/integration does this. Distinct from CVE-2026-48713 / CVE-2026-48714 (different packages, setPath mechanism). See advisory GHSA-6jcc-5g8w-32mx, CVSS 5.9 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H). Thanks to zx (Jace) @​manus-use for the responsible disclosure.
Commits

Updates react-router from 7.18.0 to 7.18.1

Release notes

Sourced from react-router's releases.

v7.18.1

See the changelog for release notes: https://github.com/remix-run/react-router/blob/v7/CHANGELOG.md#v7181

Changelog

Sourced from react-router's changelog.

v7.18.1

Patch Changes

  • No changes
Commits

Updates react-router-dom from 7.18.0 to 7.18.1

Changelog

Sourced from react-router-dom's changelog.

v7.18.1

Patch Changes

Commits

Updates vite from 8.1.0 to 8.1.3

Release notes

Sourced from vite's releases.

v8.1.3

Please refer to CHANGELOG.md for details.

v8.1.2

Please refer to CHANGELOG.md for details.

v8.1.1

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.1.3 (2026-07-02)

Bug Fixes

8.1.2 (2026-06-30)

Bug Fixes

  • deps: revert es-module-lexer to 2.1.0 (#22827) (0d3bd7c)
  • restore, "fix: resolve pnpm .modules.yaml from workspace root instead of cwd (#22757)" (#22825) (efb98cc)
  • revert, "fix: escape ids with multiple null bytes (#22687)" (cccef55)
  • revert, "fix: resolve pnpm .modules.yaml from workspace root instead of cwd (#22757)" (cf97711)

8.1.1 (2026-06-30)

Features

  • update dynamic import warning to link to Vite docs (#22823) (62bd7af)

Bug Fixes

  • bundled-dev: avoid stack overflow on import.meta.hot.invalidate() (#22797) (709eb8e)
  • bundled-dev: serve assets emitted during HMR/lazy compile (#22745) (5876b2c)
  • bundledDev: skip plugin transform hooks for rolldown-lazy stub modules (#22778) (8f925e2)
  • css: preserve dollar signs in external @import urls with lightningcss (#22718) (9fa7ab4)
  • css: resolve tsconfig paths in CSS and Sass @​import (#22775) (ef0b891)
  • deps: update all non-major dependencies (#22734) (e635f49)
  • deps: update all non-major dependencies (#22804) (8837400)
  • deps: update rolldown-related dependencies (#22591) (2ce6677)
  • escape ids with multiple null bytes (#22687) (833fc30)
  • hide console window when running 'net use' on Windows (#22698) (92b63f2)
  • ignore bundled config temp dir (#22800) (043a810)
  • invert esbuild.jsxSideEffects when converting to oxc.jsx.pure (#22809) (33895ba)
  • optimize-deps: ignore ERR_CLOSED_SERVER in scanner (#22784) (085a0ab)
  • optimizer: scanner should resolve input from root (#22769) (9722b07)
  • resolve pnpm .modules.yaml from workspace root instead of cwd (#22757) (2531ac7)
  • return sourcemap field from some plugins that were lacking (#22782) (7e18bf8)
  • server: handle malformed URI in indexHtmlMiddleware (#22781) (84f5ccc)

Miscellaneous Chores

Code Refactoring

  • css: remove lightningcss null byte bug workaround (#22822) (2dafd3b)
  • use pre-defined environments variable to avoid duplicate Object.values calls (#22790) (1113acf)

... (truncated)

Commits
  • 578ffb8 release: v8.1.3
  • 7103c3a fix(deps): bump es-module-lexer to 2.3.0 (#22838)
  • 1534d36 fix(css): inject inlined CSS after the shebang line (#22717)
  • c4acd69 fix(ssr): correct stacktrace column position for first line (#22828)
  • 2c53054 fix: preload css for nested dynamic imports (#22759)
  • ba31193 release: v8.1.2
  • 0d3bd7c fix(deps): revert es-module-lexer to 2.1.0 (#22827)
  • efb98cc fix: restore, "fix: resolve pnpm .modules.yaml from workspace root instead of...
  • cf97711 fix: revert, "fix: resolve pnpm .modules.yaml from workspace root instead of ...
  • cccef55 fix: revert, "fix: escape ids with multiple null bytes (#22687)"
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the production-dependencies group in /webs with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [apexcharts](https://github.com/apexcharts/apexcharts.js) | `5.15.2` | `5.16.0` |
| [framer-motion](https://github.com/motiondivision/motion) | `12.42.0` | `12.42.2` |
| [i18next](https://github.com/i18next/i18next) | `26.3.3` | `26.3.4` |
| [react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router) | `7.18.0` | `7.18.1` |
| [react-router-dom](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom) | `7.18.0` | `7.18.1` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `8.1.0` | `8.1.3` |


Updates `apexcharts` from 5.15.2 to 5.16.0
- [Release notes](https://github.com/apexcharts/apexcharts.js/releases)
- [Commits](apexcharts/apexcharts.js@v5.15.2...v5.16.0)

Updates `framer-motion` from 12.42.0 to 12.42.2
- [Changelog](https://github.com/motiondivision/motion/blob/main/CHANGELOG.md)
- [Commits](motiondivision/motion@v12.42.0...v12.42.2)

Updates `i18next` from 26.3.3 to 26.3.4
- [Release notes](https://github.com/i18next/i18next/releases)
- [Changelog](https://github.com/i18next/i18next/blob/master/CHANGELOG.md)
- [Commits](i18next/i18next@v26.3.3...v26.3.4)

Updates `react-router` from 7.18.0 to 7.18.1
- [Release notes](https://github.com/remix-run/react-router/releases)
- [Changelog](https://github.com/remix-run/react-router/blob/react-router@7.18.1/packages/react-router/CHANGELOG.md)
- [Commits](https://github.com/remix-run/react-router/commits/react-router@7.18.1/packages/react-router)

Updates `react-router-dom` from 7.18.0 to 7.18.1
- [Release notes](https://github.com/remix-run/react-router/releases)
- [Changelog](https://github.com/remix-run/react-router/blob/react-router-dom@7.18.1/packages/react-router-dom/CHANGELOG.md)
- [Commits](https://github.com/remix-run/react-router/commits/react-router-dom@7.18.1/packages/react-router-dom)

Updates `vite` from 8.1.0 to 8.1.3
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.1.3/packages/vite)

---
updated-dependencies:
- dependency-name: apexcharts
  dependency-version: 5.16.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: framer-motion
  dependency-version: 12.42.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: i18next
  dependency-version: 26.3.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: react-router
  dependency-version: 7.18.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: react-router-dom
  dependency-version: 7.18.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: vite
  dependency-version: 8.1.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: dependencies, frontend. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@ZeroDeng01 ZeroDeng01 merged commit e7319bd into main Jul 6, 2026
16 of 17 checks passed
@ZeroDeng01 ZeroDeng01 deleted the dependabot/npm_and_yarn/webs/production-dependencies-a223a78c18 branch July 6, 2026 02:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant