MAINT: Bump the minor-and-patch group in /frontend with 11 updates

[dependabot]

Bumps the minor-and-patch group in /frontend with 11 updates:

Package	From	To
@azure/msal-browser	5.14.0	5.15.0
@azure/msal-react	5.4.5	5.5.0
@fluentui/react-components	9.74.1	9.74.2
axios	1.18.0	1.18.1
react-router-dom	7.16.0	7.18.0
@playwright/test	1.61.0	1.61.1
@typescript-eslint/eslint-plugin	8.61.1	8.62.0
@typescript-eslint/parser	8.61.1	8.62.0
@vitejs/plugin-react	6.0.2	6.0.3
globals	17.6.0	17.7.0
vite	8.0.16	8.1.0

Updates @azure/msal-browser from 5.14.0 to 5.15.0

Release notes

Sourced from @​azure/msal-browser's releases.

@​azure/msal-browser v5.15.0

5.15.0

Tue, 23 Jun 2026 22:19:29 GMT

Minor changes

• Request idToken claims (signin_state, login_hint) by default and add kmsi on AccountInfo #8656 (thnorlin@microsoft.com)
• Make correlationId a required parameter on AuthError and all derived error classes #8609 (sameera.gajjarapu@microsoft.com)
• Add NativeAccountId property to TenantProfile and deprecate top-level AccountEntity property #8649 (lalimasharda@microsoft.com)
• Bump @​azure/msal-common to v16.10.0 (beachball)

Commits

• f8cf6a4 feat: add default idToken claims (signin_state, login_hint) and kmsi on Accou...
• 906f4d8 Migrate region discovery to IMDS /compute JSON endpoint (#8660)
• 6d53ace Deprecate the max_age request parameter and stop validating tokens (#8664)
• 27c074b [correlationId] Make correlationId a required parameter on AuthError construc...
• e5eb6fd Add Native Account Id to TenantProfile (#8649)
• f06838b Post-release PR (#8657)
• 9941501 docs: warn that events should not be used for telemetry (#8641)
• See full diff in compare view

Updates @azure/msal-react from 5.4.5 to 5.5.0

Release notes

Sourced from @​azure/msal-react's releases.

@​azure/msal-browser v5.5.0

5.5.0

Fri, 13 Mar 2026 22:36:58 GMT

Minor changes

• Add MCP Support #8363 (shylasummers@microsoft.com)
• Bump @​azure/msal-common to v16.3.0 (beachball)
• Bump eslint-config-msal to v0.0.0 (beachball)
• Bump msal-test-utils to v0.0.1 (beachball)
• Bump rollup-msal to v0.0.0 (beachball)

Patches

• Additional telemetry for monitor_window_timeout errors #8385 (thomas.norling@microsoft.com)
• Fix JSON object conversion in PlatformDOMRequest #8348 (lalimasharda@microsoft.com)

@​azure/msal-react v5.5.0

5.5.0

Tue, 23 Jun 2026 22:19:30 GMT

Minor changes

• Match the updated msal-browser AuthError signature #8609 (sameera.gajjarapu@microsoft.com)
• Bump @​azure/msal-browser to v5.15.0 (beachball)

Commits

• f8cf6a4 feat: add default idToken claims (signin_state, login_hint) and kmsi on Accou...
• 906f4d8 Migrate region discovery to IMDS /compute JSON endpoint (#8660)
• 6d53ace Deprecate the max_age request parameter and stop validating tokens (#8664)
• 27c074b [correlationId] Make correlationId a required parameter on AuthError construc...
• e5eb6fd Add Native Account Id to TenantProfile (#8649)
• f06838b Post-release PR (#8657)
• 9941501 docs: warn that events should not be used for telemetry (#8641)
• See full diff in compare view

Updates @fluentui/react-components from 9.74.1 to 9.74.2

Commits

• 6dee27b release: applying package updates - react-components
• a4b871c release: applying package updates - web-components
• bf1159a chore: fix inline and wrapping examples in link stories (#36342)
• 67f015f fix: add accessible name to message bar stories dismiss button and fixup comp...
• 2369784 chore: fix tab panel content example in stories (#36341)
• 251296a fix: ensure accordion content inherits color properly (#36339)
• bb7bb76 release: applying package updates - web-components
• ac9ed94 fix(web-components): SB docsite build (#36329)
• f38ccbd feat(react-button): add useMenuButtonBase_unstable base hook (#36319)
• 186b17d test(react-button): add hook regression tests for MenuButton (#36325)
• Additional commits viewable in compare view

Updates axios from 1.18.0 to 1.18.1

Release notes

Sourced from axios's releases.

v1.18.1 — June 21, 2026

This release focuses on Node HTTP adapter fixes, safer AxiosError serialisation, runtime/type correctness fixes, documentation updates, and dependency maintenance.

🐛 Bug Fixes

• AxiosError Serialisation: Made AxiosError#cause non-enumerable to prevent circular JSON serialisation failures when errors include nested causes. (#10913)
• Node HTTP Adapter: Guarded socket.setKeepAlive for proxy agent streams, accepted path-only URLs when socketPath is configured, deferred environment proxy handling to Node, and explicitly passed maxBodyLength through to follow-redirects. (#10917, #10930, #10942, #10993)
• Runtime and Type Correctness: Fixed several runtime crashes, type definition mismatches, and incorrect error handling paths. (#10959, #11021)
• AxiosURLSearchParams: Switched the encoder callback to an arrow function so encoder.call(this) receives the AxiosURLSearchParams instance correctly. (#11019)

🔧 Maintenance & Chores

• Documentation: Documented sensitive headers and status transition behaviour, prepared cleaned-up docs, added Deno install instructions, and clarified that request data is request-specific (#11007, #11010, #11023, #11025)

• Dependencies: Bumped vite, rollup, form-data, js-yaml, and multer across the root project, docs, smoke tests, and module test workspaces. (#11011, #11012, #11013, #11014, #11015, #11016, #11017, #11026)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

• @​webdevelopersrinu (#10913)
• @​sijie-Z (#10993)
• @​bartlomieju (#11023)
• @​JSap0914 (#11019)

Full Changelog

Changelog

Sourced from axios's changelog.

Changelog

Commits

• a209bfb chore(release): prepare release 1.18.1 (#11027)
• fa6a55e chore(deps-dev): bump multer from 2.1.1 to 2.2.0 (#11026)
• 40e7be8 docs: clarifies that request data is request-specific in axios (#11025)
• a446b39 fix(AxiosURLSearchParams): use arrow function so encoder.call(this) receives ...
• cf1306a docs: add Deno to install instructions (#11023)
• b32880a fix: incorrect use of error (#11021)
• 1792eda fix: ensure maxBodyLength is explicitly passed to follow-redirects (#10993)
• 30499d6 fix: various runtime crashes and type definition mismatches (#10959)
• 20ce9c4 fix(http): defer env proxy handling to Node (#10942)
• e64bcf9 chore(deps): merge branch 'v1.x' into tests/module/cjs (#11014)
• Additional commits viewable in compare view

Updates react-router-dom from 7.16.0 to 7.18.0

Changelog

Sourced from react-router-dom's changelog.

v7.18.0

Patch Changes

• Updated dependencies:
  • react-router@7.18.0

v7.17.0

Patch Changes

• Updated dependencies:
  • react-router@7.17.0

Commits

• 6fb1e79 Release v7.18.0 (#15187)
• 195a0d0 Release v7.17.0 (#15145)
• See full diff in compare view

Updates @playwright/test from 1.61.0 to 1.61.1

Release notes

Sourced from @​playwright/test's releases.

v1.61.1

Bug Fixes

• #41365 [Bug]: Expect.Extend matcher with same name as default matcher in same expect instance overrides default matchers implementation to custom matcher
• #41351 [Bug]: Playwright UI mode: apiRequestContext._wrapApiCall reports unexpected number of bytes (same test passes in headed mode)
• #41360 [Bug]: Trace viewer: message times in websockets are downscaled by 1000
• #41311 [Bug]: [Regression]: Sync loader throws "context.conditions?.includes is not a function" on Node 22.15
• #41371 [Regression]: Sync ESM loader (registerHooks) fails to resolve extensionless .ts subpath imports across pnpm workspace symlinks

Commits

• 39e3553 cherry-pick(#41399): fix(test): load require-reached files as commonjs in syn...
• 4328122 chore: mark v1.61.1 (#41404)
• 2c29a94 fix(tracing): stop recording websocket frames outside of chunks (#41398)
• 4324b19 cherry-pick(#41367): fix(test): keep builtin expect matchers on base extend
• 041e7e3 cherry-pick(#41364): fix(har): WebSocket message timestamps should be in mi...
• b8a0fc3 cherry-pick(#41309, #43149): Revert "fix(firefox): treat `navigationCommitted...
• b5a3175 cherry-pick(#41319): fix(loader): support other node versions
• d4724a9 cherry-pick(#41290): feat(docker): add Ubuntu 26.04 (Resolute Raccoon) image
• See full diff in compare view

Updates @typescript-eslint/eslint-plugin from 8.61.1 to 8.62.0

Release notes

Sourced from @​typescript-eslint/eslint-plugin's releases.

v8.62.0

8.62.0 (2026-06-22)

🚀 Features

• remove redundant package.json "files" (#12444)

🩹 Fixes

• add "files" to rule-schema-to-typescript-types (#12441)

❤️ Thank You

• Kirk Waiblinger @​kirkwaiblinger

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/eslint-plugin's changelog.

8.62.0 (2026-06-22)

🚀 Features

• remove redundant package.json "files" (#12444)

❤️ Thank You

• Kirk Waiblinger @​kirkwaiblinger

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

• 54e2857 chore(release): publish 8.62.0
• 81e4c26 feat: remove redundant package.json "files" (#12444)
• b784054 chore: use stableTypeOrdering compiler option (#12427)
• See full diff in compare view

Updates @typescript-eslint/parser from 8.61.1 to 8.62.0

Release notes

Sourced from @​typescript-eslint/parser's releases.

v8.62.0

8.62.0 (2026-06-22)

🚀 Features

• remove redundant package.json "files" (#12444)

🩹 Fixes

• add "files" to rule-schema-to-typescript-types (#12441)

❤️ Thank You

• Kirk Waiblinger @​kirkwaiblinger

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/parser's changelog.

8.62.0 (2026-06-22)

🚀 Features

• remove redundant package.json "files" (#12444)

❤️ Thank You

• Kirk Waiblinger @​kirkwaiblinger

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

• 54e2857 chore(release): publish 8.62.0
• 81e4c26 feat: remove redundant package.json "files" (#12444)
• See full diff in compare view

Updates @vitejs/plugin-react from 6.0.2 to 6.0.3

Changelog

Sourced from @​vitejs/plugin-react's changelog.

6.0.3 (2026-06-23)

Commits

• 640fd35 release: plugin-react@6.0.3
• 889efb0 fix(deps): update all non-major dependencies (#1249)
• 6c57dd4 fix(plugin-react): use '/' base in bundledDev preamble to fix non-root base p...
• 3cc33a7 fix(deps): update react-related dependencies (#1245)
• c0f7c7f docs: mention the Biome rule in the "Consistent components exports" section (...
• cd80f0f fix(deps): update all non-major dependencies (#1241)
• e38acca fix(deps): update all non-major dependencies (#1227)
• 9a9bb26 perf(react): improve react compiler preset so that slightly more modules are ...
• See full diff in compare view

Updates globals from 17.6.0 to 17.7.0

Release notes

Sourced from globals's releases.

v17.7.0

• Update globals (2026-06-22) (#345) 33b75f9

---

sindresorhus/globals@v17.6.0...v17.7.0

Commits

• a19670c 17.7.0
• 9611620 Update actions (#346)
• 33b75f9 Update globals (2026-06-22) (#345)
• 887dd52 Fix build script (#344)
• See full diff in compare view

Updates vite from 8.0.16 to 8.1.0

Release notes

Sourced from vite's releases.

create-vite@8.1.0

Please refer to CHANGELOG.md for details.

plugin-legacy@8.1.0

Please refer to CHANGELOG.md for details.

v8.1.0

Please refer to CHANGELOG.md for details.

plugin-legacy@8.1.0-beta.0

Please refer to CHANGELOG.md for details.

v8.1.0-beta.0

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.1.0 (2026-06-23)

Features

• extend server.fs.deny list with common files (#22707) (61ba8fd)
• update rolldown to 1.1.2 (#22695) (4f008a6)
• use ~ for Rolldown (#22693) (9928722)

Bug Fixes

• bundled-dev: errors should be kept when incremental build fails (#22617) (9a0dd48)
• cache falsy values in perEnvironmentState (#22715) (0e91e79)
• glob: respect caseSensitive option in hmr matcher (#22711) (65f525e)
• html: omit nonce on import map when cspNonce is unset (#22713) (8340bb5)
• optimizer: skip null-valued exports in expandGlobIds glob resolution (#22611) (8b9f5cd)
• resolved build options should be kept as a getter (#22691) (3527191)
• server: handle malformed URI in memory files middleware (#22714) (df9e0a5)
• use literal envPrefix queries for Vite Task (#22706) (da72733)
• warn on deprecated envFile (#22555) (ed7b283)

Code Refactoring

• client: inline dev-id value in CSS selector (#22736) (57f59bc)
• remove unused removeRawQuery util (#22724) (403cc60)
• use rolldownOptions property for chunkImportMap (#22692) (8e8816c)

8.1.0-beta.0 (2026-06-15)

Features

• import.meta.glob support caseSensitive option (#21707) (2ad6737)
• add warning to discourage Vite with yarn pnp (#21906) (3fbb55a)
• build: chunk importmap (#21580) (e180312)
• css: support lightningcss plugin dependency (#21748) (0b7aaed)
• deps: bump @​vitejs/devtools peer dependency version (#22542) (d2c2bc0)
• html: add html.additionalAssetSources option (#21412) (a41404b)
• integrate with Vite Task for zero-config build caching (#22453) (f8d75f7)
• rename server.hmr options to server.ws options (#21357) (9ce3036)
• server: support multiple hosts in __VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS (#21501) (735f9a1)
• track dependencies when loading config with native (#22602) (a7e2da8)
• types: add more precise typing for known query types to match known as types (#21863) (cc39e55)
• update rolldown to 1.1.1 (#22593) (8a13d63)
• wasm: direct .wasm imports (WASM ESM Integration) (#21779) (c23d85b)

Bug Fixes

• apply correct fs restrictions for pnpm gvs (#22415) (092320b)
• css: support external CSS with lightningcss (#18389) (d64a1a5)
• deps: update all non-major dependencies (#22637) (44bb9d9)
• deps: update all non-major dependencies (#22681) (f4f0633)
• html: insert import map before modulepreload that is not self-close tag (#21409) (e399c89)
• optimizer: preserve sourcemaps for transformed optimized deps with follow-up transforms (#22428) (1298951)

... (truncated)

Commits

• 5909efd fix: allow multiple bindCLIShortcuts calls with shortcut merging (#21103)
• 39a0a15 chore(deps): update rolldown-related dependencies (#21095)
• 6a34ac3 fix(deps): update all non-major dependencies (#21096)
• 02ceaec chore(deps): update dependency @​rollup/plugin-commonjs to v29 (#21099)
• 572aaca release: v7.2.2
• 728c8ee fix: revert "refactor: use fs.cpSync (#21019)" (#21081)
• a532e68 release: v7.2.1
• 82d2d6c fix(worker): some worker asset was missing (#21074)
• f83264f refactor(build): rename indexOfMatchInSlice to findPreloadMarker (#21054)
• 8293de0 release: v7.2.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions