deps-dev(deps-dev): bump the dev-dependencies group across 1 directory with 4 updates

[dependabot]

Bumps the dev-dependencies group with 4 updates in the / directory: @types/node, @vitejs/plugin-react, eslint-config-next and knip.

Updates @types/node from 25.0.10 to 25.2.2

Commits

• See full diff in compare view

Updates @vitejs/plugin-react from 5.1.2 to 5.1.3

Changelog

Sourced from @​vitejs/plugin-react's changelog.

5.1.3 (2026-02-02)

Commits

• cf0cb8a release: plugin-react@5.1.3
• 99e480c fix(deps): update all non-major dependencies (#1090)
• 77f5e42 fix(deps): update react 19.2.4 (#1084)
• e327da4 fix(deps): update all non-major dependencies (#1083)
• 3d3dbc2 chore: add metadata for vite-plugin-registry (#1078)
• 58dfb9d fix(deps): update all non-major dependencies (#1066)
• fefad3d fix(deps): update all non-major dependencies (#1048)
• 36704df chore: setup oxfmt for formatting (#997)
• 54231d9 docs(plugin-react): add docs for exclude option (#1046)
• 6d203af fix(deps): update all non-major dependencies (#1030)
• Additional commits viewable in compare view

Updates eslint-config-next from 16.1.4 to 16.1.6

Release notes

Sourced from eslint-config-next's releases.

v16.1.6

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Upgrade to swc 54 (#88207)
• implement LRU cache with invocation ID scoping for minimal mode response cache (#88509)
• tweak LRU sentinel key (#89123)

Credits

Huge thanks to @​mischnic, @​wyattjoh, and @​ztanner for helping!

v16.1.5

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472 https://vercel.com/changelog/summary-of-cve-2026-23864

Commits

• adf8c61 v16.1.6
• acba4a6 v16.1.5
• See full diff in compare view

Updates knip from 5.82.1 to 5.83.1

Release notes

Sourced from knip's releases.

Release 5.83.1

• Fix package.json import (f8c14c873127481927306751479001d16deafa58)
• Organize imports (5d716bae3919b3cd684f0c8c9af73a960d12c5cd)
• Update a bunch of dependencies (78bf644bbfc6554109d7098f83cd30fc8e115900)
• Add minimal test suite to vscode-knip (b6395089f6b307a145d2493bca59db9d5bc3364a)
• Add support for monorepo when installing dependency (close #1501) (5782b07f79eb1a25f90c5fdd62b1217db11246b1)
• Fix unused file output in table (0f3dbb47b850e731c4405e06809aa069f68c7608)
• Restore slonik in ecosystem tests (35d9185a39cb1efba55ce8a749d3eb9a31eb82a4)
• Fix type in exported value case (resolve #1508) (d6dda74021a2bc08931691ba1d10029102b0e425)
• Organize imports (fcdd33b9e8f9169cc0bfb921b468f163ec0f980f)
• Remove unused export (c777bae22c500606857d9df820aab8af7593b24e)
• Don't flag exports (including used as type) in protected or consumed exports (a01bec149b8977e0927bd1ecd9d0197a1626e3a6)
• Add npmx.dev to ecosystem tests (8f8205261fe88144df6cf0cde6e7007952f8ba1d)
• fix: fix vitest setupFiles resolution (#1511) (273b940f7e32ff7156c3a24875f5d9265ff2559a) - thanks @​tmair!
• Improve & extend vitest args handling (6c49e5ca61866a8d3fe62aaf8f5a6764aa9c4e86)
• Detect Bun differently to avoid TS complaint (c1499d32332751fbbed4baa648f5360f1db36dbc)
• A temporary workaround until they catch up 🤫 (028b9726dfab717a41d95d7e73ad8ee2ca929d31)
• feat(vite): detect module entry from index.html (#1487) (a76ab85337c5459a0d22128d33d5fcd9e3623db6) - thanks @​WooWan!
• Auto-format (69150bfd315dff04778f067438194122e4d50761)
• Add double-dash handling and add tests (close #1404) (4c1de75890c53f35529b6ea6f24e159c9532bedf)
• Revert most of previous commit 4c1de75 (0cd91ae44ee1bddc584c2fb7494147aeb3f53feb)
• Auto-format (cf3d8ff92cb53b769814c4140b3c56023d92fd27)

Release 5.83.0

• fix: skip empty string entries in package.json exports (#1477) (6b64ac5b89916869a2361077a51dc28adb4679df) - thanks @​SBoudrias!
• add LS version to serverInfo (#1468) (2c28cb8dc8923d83800959a7a259b439d5c50a0e) - thanks @​niklas-wortmann!
• Avoid highlighting path-like specifiers (#1488) (c8fec09666ad0ce145e1d2bbf99737a6bc95fd05) - thanks @​azat-io!
• Update avatar URLs (#1489) (d612ac2dab39a560875c53b9cccb3d920caafdd1) - thanks @​azat-io!
• Copy fix-fixtures to tmp dir (bd1519c30bb0a4004cfae463f10f8b066b778d95)
• Don't add excluded issue types (resolve #1486) (4eeeec602a8275f8f8d4252157ed6fa3cdd83f24)
• Minor refactor (767b2c5927d940f8815d157c2fa50c67f0a80d63)
• Edit docs (78111c96f54da3c41cfb84bd972bb5e836e1b859)
• feat: add plugin for expressive-code (#1493) (fbf958a9bfb2d913c345c98283a793a7f10faae5) - thanks @​cylewaitforit!
• Truncate file path left-side (resolves #1494) (235949c0b68e0bf2f3eb9ef0f3f88e750984e70a)
• Revert fix-fixture format test (fails in outside cwd) (8e961259bddef4652ae3b98387d1afa8514429ec)
• Skip empty manifest entries (resolve #1497) (d314ce43e7f9fe26125db167c1a8af4728329828)
• Filter out empty issue objects in compact reporter (resolve #1482) (7df0b4d8ee888f524132cd96260e18b870e8c57c)
• Lint/group import statements (61e7a24460e11bd2e9e27e9a791953eb004947df)
• Update AGENTS.md & docs (7537f8a1c474ce931a05a06efcc238eef5806447)
• Optimize relative path helper (ac8a45454f9e8d88898141e112897803c844f803)
• Move postinstall script to non-production (360110bed44d77da4ed5e553a63986176d2ed716)
• Ignore simple-git-hooks in production (like husky etc) (bbab35b144080d061641b6b6a6545176e5286553)
• Move & add testimonials (5ab18133b0e375508b34014085e10b78dcfd88ff)
• Update sponsors page (4534a55e37f804bfdef65522354b053f28a5a8f2)
• Edit docs, add config hints page (1a73a053dad914025e330c03cabaf9ded2444e91)
• Rename reporter to match project style (58f8c4e476b8a051dd27fdf27859014c4954289b)
• Auto-format (854124f7b5436436d57c5249f9b64f53e71e1994)
• Refactor fs helper to match project style (f22e7e94a48ac0dedf41985f3928ff556d04d727)

Commits

• 801d588 Release knip@5.83.1
• cf3d8ff Auto-format
• 0cd91ae Revert most of previous commit 4c1de75
• 4c1de75 Add double-dash handling and add tests (close #1404)
• 69150bf Auto-format
• a76ab85 feat(vite): detect module entry from index.html (#1487)
• c1499d3 Detect Bun differently to avoid TS complaint
• 6c49e5c Improve & extend vitest args handling
• 273b940 fix: fix vitest setupFiles resolution (#1511)
• a01bec1 Don't flag exports (including used as type) in protected or consumed exports
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: npm. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
npm/@babel/code-frame	7.29.0	🟢 6.3	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 8 Found 24/29 approved changesets -- score normalized to 8 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 38 existing vulnerabilities detected
npm/@babel/core	7.29.0	🟢 6.3	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 8 Found 24/29 approved changesets -- score normalized to 8 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 38 existing vulnerabilities detected
npm/@babel/generator	7.29.1	🟢 6.3	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 8 Found 24/29 approved changesets -- score normalized to 8 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 38 existing vulnerabilities detected
npm/@babel/parser	7.29.0	🟢 6.3	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 8 Found 24/29 approved changesets -- score normalized to 8 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 38 existing vulnerabilities detected
npm/@babel/traverse	7.29.0	🟢 6.3	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 8 Found 24/29 approved changesets -- score normalized to 8 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 38 existing vulnerabilities detected
npm/@babel/types	7.29.0	🟢 6.3	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 8 Found 24/29 approved changesets -- score normalized to 8 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 38 existing vulnerabilities detected
npm/@next/eslint-plugin-next	16.1.6	🟢 5.3	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 26/30 approved changesets -- score normalized to 8 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 10 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy 🟢 10 security policy file detected Packaging 🟢 10 packaging workflow detected Binary-Artifacts ⚠️ 0 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing 🟢 10 project is fuzzed Vulnerabilities ⚠️ 0 267 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@rolldown/pluginutils	1.0.0-rc.2	Unknown	Unknown
npm/@types/node	25.2.2	🟢 6.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 7 Found 23/29 approved changesets -- score normalized to 7 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 9 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing ⚠️ 0 project is not fuzzed
npm/@vitejs/plugin-react	5.1.3	🟢 7.1	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 2 Found 5/23 approved changesets -- score normalized to 2 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 7 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 7 dependency not pinned by hash detected -- score normalized to 7 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy 🟢 10 security policy file detected SAST 🟢 8 SAST tool is not run on all commits -- score normalized to 8 Vulnerabilities 🟢 6 4 existing vulnerabilities detected
npm/eslint-config-next	16.1.6	🟢 5.3	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 26/30 approved changesets -- score normalized to 8 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 10 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy 🟢 10 security policy file detected Packaging 🟢 10 packaging workflow detected Binary-Artifacts ⚠️ 0 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing 🟢 10 project is fuzzed Vulnerabilities ⚠️ 0 267 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/knip	5.83.1	Unknown	Unknown

Scanned Files

• package-lock.json