chore(deps): bump the minor-patch group across 1 directory with 11 updates

[dependabot]

Bumps the minor-patch group with 11 updates in the /frontend directory:

Package	From	To
@tailwindcss/vite	4.1.17	4.1.18
i18next	25.7.2	25.7.3
lucide-react	0.556.0	0.561.0
react	19.2.1	19.2.3
react-dom	19.2.1	19.2.3
react-i18next	16.4.0	16.5.0
tailwindcss	4.1.17	4.1.18
zod	4.1.13	4.2.0
@eslint/js	9.39.1	9.39.2
eslint	9.39.1	9.39.2
eslint-plugin-react-refresh	0.4.24	0.4.25

Updates @tailwindcss/vite from 4.1.17 to 4.1.18

Release notes

Sourced from @​tailwindcss/vite's releases.

v4.1.18

Fixed

• Ensure validation of source(…) happens relative to the file it is in (#19274)
• Include filename and line numbers in CSS parse errors (#19282)
• Skip comments in Ruby files when checking for class names (#19243)
• Skip over arbitrary property utilities with a top-level ! in the value (#19243)
• Support environment API in @tailwindcss/vite (#18970)
• Preserve case of theme keys from JS configs and plugins (#19337)
• Write source maps correctly on the CLI when using --watch (#19373)
• Handle special defaults (like ringColor.DEFAULT) in JS configs (#19348)
• Improve backwards compatibility for content theme key from JS configs (#19381)
• Upgrade: Handle future and experimental config keys (#19344)
• Try to canonicalize any arbitrary utility to a bare value (#19379)
• Validate candidates similarly to Oxide (#19397)
• Canonicalization: combine text-* and leading-* classes (#19396)
• Correctly handle duplicate CLI arguments (#19416)
• Don’t emit color-mix fallback rules inside @keyframes (#19419)
• CLI: Don't hang when output is /dev/stdout (#19421)

Changelog

Sourced from @​tailwindcss/vite's changelog.

[4.1.18] - 2025-12-11

Fixed

• Ensure validation of source(…) happens relative to the file it is in (#19274)
• Include filename and line numbers in CSS parse errors (#19282)
• Skip comments in Ruby files when checking for class names (#19243)
• Skip over arbitrary property utilities with a top-level ! in the value (#19243)
• Support environment API in @tailwindcss/vite (#18970)
• Preserve case of theme keys from JS configs and plugins (#19337)
• Write source maps correctly on the CLI when using --watch (#19373)
• Handle special defaults (like ringColor.DEFAULT) in JS configs (#19348)
• Improve backwards compatibility for content theme key from JS configs (#19381)
• Upgrade: Handle future and experimental config keys (#19344)
• Try to canonicalize any arbitrary utility to a bare value (#19379)
• Validate candidates similarly to Oxide (#19397)
• Canonicalization: combine text-* and leading-* classes (#19396)
• Correctly handle duplicate CLI arguments (#19416)
• Don’t emit color-mix fallback rules inside @keyframes (#19419)
• CLI: Don't hang when output is /dev/stdout (#19421)

[3.4.19] - 2025-12-10

Fixed

• Don’t break sibling-*() functions when used inside calc(…) (#19335)

Commits

• 9b32f7c Release v4.1.18 (#19431)
• 5f107e2 Fix typo
• e4b6c67 Support Vite Environment API (#18970)
• 21f2bf9 perf(vite): add plugin hook filter (#19308)
• See full diff in compare view

Updates i18next from 25.7.2 to 25.7.3

Release notes

Sourced from i18next's releases.

v25.7.3

• type definitions for new transDefaultProps option in react-i18next [react-i18next: #1895](i18next/react-i18next#1895)

Changelog

Sourced from i18next's changelog.

25.7.3

• type definitions for new transDefaultProps option in react-i18next [react-i18next: #1895](i18next/react-i18next#1895)

Commits

• a731897 25.7.3
• c60d722 type definitions for new transDefaultProps option in react-i18next
• 3e160f3 jsr update
• See full diff in compare view

Updates lucide-react from 0.556.0 to 0.561.0

Release notes

Sourced from lucide-react's releases.

Version 0.561.0

What's Changed

• fix(site): Small adjustments color picker and add clear button search bar by @​ericfennis in lucide-icons/lucide#3851
• feat(icons): added stone icon by @​Alportan in lucide-icons/lucide#3850

Full Changelog: lucide-icons/lucide@0.560.0...0.561.0

Version 0.560.0

What's Changed

• feat(icons): added cannabis-off icon by @​NickVeles in lucide-icons/lucide#3748

New Contributors

• @​NickVeles made their first contribution in lucide-icons/lucide#3748

Full Changelog: lucide-icons/lucide@0.559.0...0.560.0

Version 0.559.0

What's Changed

• feat(icons): added fishing-hook icon by @​7ender in lucide-icons/lucide#3837

New Contributors

• @​7ender made their first contribution in lucide-icons/lucide#3837

Full Changelog: lucide-icons/lucide@0.558.0...0.559.0

Version 0.558.0

What's Changed

• feat(icons): added hd icon by @​jamiemlaw in lucide-icons/lucide#2958

Full Changelog: lucide-icons/lucide@0.557.0...0.558.0

Version 0.557.0

What's Changed

• fix(github/workflows/ci): fixes linting issues by @​karsa-mistmere in lucide-icons/lucide#3858
• fix(icons): changed memory-stick icon by @​karsa-mistmere in lucide-icons/lucide#3017
• fix(icons): changed microchip icon by @​karsa-mistmere in lucide-icons/lucide#3018
• chore(repo): Update Node version and overal cleanup by @​ericfennis in lucide-icons/lucide#3861
• fix(icons): changed paint-bucket icon by @​jguddas in lucide-icons/lucide#3865
• fix(icons): changed brush-cleaning icon by @​jguddas in lucide-icons/lucide#3863
• fix(icons): Swap thumbs-up thumbs-down paths to fix fill issue by @​theianjones in lucide-icons/lucide#3873
• fix(icons): changed tickets icon by @​karsa-mistmere in lucide-icons/lucide#3859
• feat(icons): added layers-plus icon by @​juanisidoro in lucide-icons/lucide#3367
• docs(dev): Fix code sample for vanilla JS by @​wavebeem in lucide-icons/lucide#3836
• feat(icons): add search-error icon by @​Veatec22 in lucide-icons/lucide#3292
• feat(icons): Add cloud-sync and cloud-backup by @​ericfennis in lucide-icons/lucide#3466
• feat(icons): added circle-pile icon by @​nathan-de-pachtere in lucide-icons/lucide#3681
• feat(icons): added balloon icon by @​peteruithoven in lucide-icons/lucide#2519

... (truncated)

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for lucide-react since your current version.

Updates react from 19.2.1 to 19.2.3

Release notes

Sourced from react's releases.

19.2.3 (December 11th, 2025)

React Server Components

• Add extra loop protection to React Server Functions (@​sebmarkbage #35351)

19.2.2 (December 11th, 2025)

React Server Components

• Move react-server-dom-webpack/*.unbundled to private react-server-dom-unbundled (@​eps1lon facebook/react#35290)
• Patch Promise cycles and toString on Server Functions (@​sebmarkbage, @​unstubbable #35289, #35345)

Commits

• 612e371 Version 19.2.3
• b910fc1 Version 19.2.2
• See full diff in compare view

Updates react-dom from 19.2.1 to 19.2.3

Release notes

Sourced from react-dom's releases.

19.2.3 (December 11th, 2025)

React Server Components

• Add extra loop protection to React Server Functions (@​sebmarkbage #35351)

19.2.2 (December 11th, 2025)

React Server Components

• Move react-server-dom-webpack/*.unbundled to private react-server-dom-unbundled (@​eps1lon facebook/react#35290)
• Patch Promise cycles and toString on Server Functions (@​sebmarkbage, @​unstubbable #35289, #35345)

Commits

• 612e371 Version 19.2.3
• b910fc1 Version 19.2.2
• See full diff in compare view

Updates react-i18next from 16.4.0 to 16.5.0

Changelog

Sourced from react-i18next's changelog.

16.5.0

• Add configuration option transDefaultProps to set default props for the Trans component (e.g. tOptions, shouldUnescape, values) 1895

16.4.1

• fix(Trans): prevent double-escaping of interpolated values in component props (e.g. title). Unescape HTML entities before passing prop values to React to avoid rendered output like " / &[#39](https://github.com/i18next/react-i18next/issues/39);. 1893

Commits

• 0ee8a63 16.5.0
• be99228 Add configuration option to set default props for the Trans component #1895
• 09b9d86 16.4.1
• ba059b4 prevent double-escaping of interpolated values #16.4.1
• 7917079 fallback for unescape function
• See full diff in compare view

Updates tailwindcss from 4.1.17 to 4.1.18

Release notes

Sourced from tailwindcss's releases.

v4.1.18

Fixed

• Ensure validation of source(…) happens relative to the file it is in (#19274)
• Include filename and line numbers in CSS parse errors (#19282)
• Skip comments in Ruby files when checking for class names (#19243)
• Skip over arbitrary property utilities with a top-level ! in the value (#19243)
• Support environment API in @tailwindcss/vite (#18970)
• Preserve case of theme keys from JS configs and plugins (#19337)
• Write source maps correctly on the CLI when using --watch (#19373)
• Handle special defaults (like ringColor.DEFAULT) in JS configs (#19348)
• Improve backwards compatibility for content theme key from JS configs (#19381)
• Upgrade: Handle future and experimental config keys (#19344)
• Try to canonicalize any arbitrary utility to a bare value (#19379)
• Validate candidates similarly to Oxide (#19397)
• Canonicalization: combine text-* and leading-* classes (#19396)
• Correctly handle duplicate CLI arguments (#19416)
• Don’t emit color-mix fallback rules inside @keyframes (#19419)
• CLI: Don't hang when output is /dev/stdout (#19421)

Changelog

Sourced from tailwindcss's changelog.

[4.1.18] - 2025-12-11

Fixed

• Ensure validation of source(…) happens relative to the file it is in (#19274)
• Include filename and line numbers in CSS parse errors (#19282)
• Skip comments in Ruby files when checking for class names (#19243)
• Skip over arbitrary property utilities with a top-level ! in the value (#19243)
• Support environment API in @tailwindcss/vite (#18970)
• Preserve case of theme keys from JS configs and plugins (#19337)
• Write source maps correctly on the CLI when using --watch (#19373)
• Handle special defaults (like ringColor.DEFAULT) in JS configs (#19348)
• Improve backwards compatibility for content theme key from JS configs (#19381)
• Upgrade: Handle future and experimental config keys (#19344)
• Try to canonicalize any arbitrary utility to a bare value (#19379)
• Validate candidates similarly to Oxide (#19397)
• Canonicalization: combine text-* and leading-* classes (#19396)
• Correctly handle duplicate CLI arguments (#19416)
• Don’t emit color-mix fallback rules inside @keyframes (#19419)
• CLI: Don't hang when output is /dev/stdout (#19421)

[3.4.19] - 2025-12-10

Fixed

• Don’t break sibling-*() functions when used inside calc(…) (#19335)

Commits

• 9b32f7c Release v4.1.18 (#19431)
• 820d907 Expose candidatesToAst to the language server (#19405)
• 478e959 Don’t emit color-mix fallback rules inside @keyframes (#19419)
• a5f4644 Validate named values in candidate parser (#19397)
• 229121d Canonicalization: combine text-* and leading-* classes (#19396)
• 243615e Handle backwards compatibility for content theme from JS configs (#19381)
• 7642751 Improve compatibility with special default values in JS configs (#19348)
• af48117 remove unnecessary intermediate check
• 9e436f7 Try to canonicalize any arbitrary utility to a bare value (#19379)
• 479b725 Bump Vitest to v4 (#19216)
• Additional commits viewable in compare view

Updates zod from 4.1.13 to 4.2.0

Release notes

Sourced from zod's releases.

v4.2.0

Features

Implement Standard JSON Schema

standard-schema/standard-schema#134

Implement z.fromJSONSchema()

const jsonSchema = {
  type: "object",
  properties: {
    name: { type: "string" },
    age: { type: "number" }
  },
  required: ["name"]
};
const schema = z.fromJSONSchema(jsonSchema);

Implement z.xor()

const schema = z.xor(
  z.object({ type: "user", name: z.string() }),
  z.object({ type: "admin", role: z.string() })
);
// Exactly one of the schemas must match

Implement z.looseRecord()

const schema = z.looseRecord(z.string(), z.number());
// Allows additional properties beyond those defined

Commits:

• af49c084f66339110d00e37ff71dc7b3b9f2b7ef Update docs for JSON Schema conversion of z.undefined() (#5504)
• 767f320318986e422f524b939f1a7174544fda2e Add .toJSONSchema() method (#5477)
• e17dcb63573397063e87d7c7fe10a5a78968181a Add z.fromJSONSchema(), z.looseRecord(), z.xor() (#5534)

Commits

• dcef973 v4.2.0
• e17dcb6 Add z.fromJSONSchema(), z.looseRecord(), z.xor() (#5534)
• d632df3 Update next
• 767f320 Add .toJSONSchema() method (#5477)
• 325a701 Add pullfrog.yml workflow
• 4972727 Update Next.js and React Flight RCE advisory (#5515)
• af49c08 Update docs for JSON Schema conversion of z.undefined() (#5504)
• fb66ee1 fix(mini): export ZodMiniJSONSchema types to prevent TS4023 (#5511)
• 6e968a3 Add convex-helpers to the ecosystem docs (#5470)
• d224363 test: add result verification to test cases (#5473)
• Additional commits viewable in compare view

Updates @eslint/js from 9.39.1 to 9.39.2

Release notes

Sourced from @​eslint/js's releases.

v9.39.2

Bug Fixes

• 5705833 fix: warn when eslint-env configuration comments are found (#20381) (sethamus)

Build Related

• 506f154 build: add .scss files entry to knip (#20391) (Milos Djermanovic)

Chores

• 7ca0af7 chore: upgrade to @eslint/js@9.39.2 (#20394) (Francesco Trotta)
• c43ce24 chore: package.json update for @​eslint/js release (Jenkins)
• 4c9858e ci: add v9.x-dev branch (#20382) (Milos Djermanovic)

Commits

• c43ce24 chore: package.json update for @​eslint/js release
• See full diff in compare view

Updates eslint from 9.39.1 to 9.39.2

Release notes

Sourced from eslint's releases.

v9.39.2

Bug Fixes

• 5705833 fix: warn when eslint-env configuration comments are found (#20381) (sethamus)

Build Related

• 506f154 build: add .scss files entry to knip (#20391) (Milos Djermanovic)

Chores

• 7ca0af7 chore: upgrade to @eslint/js@9.39.2 (#20394) (Francesco Trotta)
• c43ce24 chore: package.json update for @​eslint/js release (Jenkins)
• 4c9858e ci: add v9.x-dev branch (#20382) (Milos Djermanovic)

Commits

• 9278324 9.39.2
• 542266a Build: changelog update for 9.39.2
• 7ca0af7 chore: upgrade to @eslint/js@9.39.2 (#20394)
• c43ce24 chore: package.json update for @​eslint/js release
• 5705833 fix: warn when eslint-env configuration comments are found (#20381)
• 506f154 build: add .scss files entry to knip (#20391)
• 4c9858e ci: add v9.x-dev branch (#20382)
• See full diff in compare view

Updates eslint-plugin-react-refresh from 0.4.24 to 0.4.25

Release notes

Sourced from eslint-plugin-react-refresh's releases.

v0.4.25

• Report cases like export const ENUM = Object.keys(TABLE) as EnumType[]; (fixes #93)
• Allow _ in component names (#94)

Changelog

Sourced from eslint-plugin-react-refresh's changelog.

0.4.25

• Report cases like export const ENUM = Object.keys(TABLE) as EnumType[]; (fixes #93)
• Allow _ in component names (#94)

Commits

• 4fc6d3d Catch non React exports defined as call expressions [publish]
• 0397bde Allow non-leading underscores (#94)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

Note

Free review on us!

CodeRabbit is offering free reviews until Wed Dec 17 2025 to showcase some of the refinements we've made.

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.