chore(deps): bump the web-deps group across 1 directory with 6 updates

[dependabot]

Bumps the web-deps group with 6 updates in the / directory:

Package	From	To
date-fns	4.3.0	4.4.0
i18next	26.2.0	26.3.0
lucide-react	1.16.0	1.17.0
react-hook-form	7.76.1	7.77.0
react-router	7.15.1	7.16.0
concurrently	9.2.1	10.0.1

Updates date-fns from 4.3.0 to 4.4.0

Release notes

Sourced from date-fns's releases.

v4.4.0

This release revisits the approach to CDN usage and introduces a new package, @date-fns/cdn and deprecates the date-fns CDN scripts. It allowed reducing the zipped package size from 5.83 MB down to 3.96 MB without introducing any breaking changes.

In v5.0.0-alpha.0 where CDN scripts are completely removed from date-fns the change is more significant and brings the zipped package size down to 2.89 MB.

It is just the first step in optimizing the package size. Expect further size reduction in the future v4 and v5 versions.

Changed

• DEPRECATED: The date-fns CDN scripts are now deprecated and will be removed in the next major release. Please switch to the new @date-fns/cdn package for CDN usage.

• Removed CDN source maps to reduce the package size. If you rely on them, please switch to the new @date-fns/cdn package that still includes them.

Commits

• cd53d25 Promote to v4.4.0
• d948ec1 Preserve but deprecate CDN versions for v4, set up v5 with polyfills
• ee65753 Add root mise :format task
• 9f5bdf5 Add positional argument to test/smoke.sh script
• 651ead6 Split CDN bundles into separate @​date-fns/cdn package
• 224c1a2 Deprecate type tests as attw hangs on date-fns package
• 7bb2842 Switch PACKAGE_OUTPUT_PATH to --dist flag in the package build script
• b6ad5ac Add flags to control package build script
• 424a783 Fix docs release after moving to monorepo setup
• See full diff in compare view

Updates i18next from 26.2.0 to 26.3.0

Release notes

Sourced from i18next's releases.

v26.3.0

• feat(types): introduce ResourceNamespaceMap — a separate mergeable augmentation surface for namespace resource types, designed for monorepos where multiple packages each want to contribute their own namespaces. Previously, every package had to coordinate on a single CustomTypeOptions.resources declaration (or fall back to typing dependency namespaces as any) because resources is a single property of an interface and TypeScript reports TS2717 when two declarations of the same property disagree. The new interface merges naturally across declare module 'i18next' blocks, so each package can ship its own i18next.d.ts independently. Per-property merge handles same-namespace contributions from multiple packages, and same-key/different-literal conflicts are silently dropped to avoid poisoning t() overload resolution. Fully backwards-compatible — existing CustomTypeOptions.resources augmentations continue to work, and both surfaces can coexist. Scalar options (defaultNS, returnNull, enableSelector, etc.) still belong on CustomTypeOptions. Thanks @​sh3xu (#2434). Fixes #2409.

Changelog

Sourced from i18next's changelog.

26.3.0

• feat(types): introduce ResourceNamespaceMap — a separate mergeable augmentation surface for namespace resource types, designed for monorepos where multiple packages each want to contribute their own namespaces. Previously, every package had to coordinate on a single CustomTypeOptions.resources declaration (or fall back to typing dependency namespaces as any) because resources is a single property of an interface and TypeScript reports TS2717 when two declarations of the same property disagree. The new interface merges naturally across declare module 'i18next' blocks, so each package can ship its own i18next.d.ts independently. Per-property merge handles same-namespace contributions from multiple packages, and same-key/different-literal conflicts are silently dropped to avoid poisoning t() overload resolution. Fully backwards-compatible — existing CustomTypeOptions.resources augmentations continue to work, and both surfaces can coexist. Scalar options (defaultNS, returnNull, enableSelector, etc.) still belong on CustomTypeOptions. Thanks @​sh3xu (#2434). Fixes #2409.

Commits

• bdf651c 26.3.0
• 988a362 changelog: 26.3.0 entry for #2434
• 159506c feat(types): introduce ResourceNamespaceMap for monorepo namespace augmentati...
• df68b1f ci: restore JSR publishing via GitHub Actions OIDC
• See full diff in compare view

Updates lucide-react from 1.16.0 to 1.17.0

Release notes

Sourced from lucide-react's releases.

Version 1.17.0

What's Changed

• chore(lucide-vue-next|lucide-svelte|lucide-angular): Remove deprecated packages by @​ericfennis in lucide-icons/lucide#4376
• chore(repo): Update issue templates and documentation for package ren… by @​ericfennis in lucide-icons/lucide#4379
• feat(site): Adds survey overlay to website by @​ericfennis in lucide-icons/lucide#4380
• feat(site): Certificate dev links by @​ericfennis in lucide-icons/lucide#4390
• fix(icons): changed martini icon by @​jamiemlaw in lucide-icons/lucide#4335
• chore(deps): bump brace-expansion from 1.1.11 to 5.0.6 by @​dependabot[bot] in lucide-icons/lucide#4386
• chore(deps): bump @​tootallnate/once from 2.0.0 to 2.0.1 by @​dependabot[bot] in lucide-icons/lucide#4404
• chore(deps): bump devalue from 5.8.0 to 5.8.1 by @​dependabot[bot] in lucide-icons/lucide#4391
• chore(deps): bump ws from 8.18.0 to 8.20.1 by @​dependabot[bot] in lucide-icons/lucide#4392
• fix(gh-icon): limit icon size to a maximum of 256 pixels by @​jguddas in lucide-icons/lucide#4398
• chore(dependencies): Update dependencies by @​ericfennis in lucide-icons/lucide#4377
• feat(copilot): Adding copilot instructions by @​ericfennis in lucide-icons/lucide#4407
• feat(icons): add globe-check by @​Barakudum in lucide-icons/lucide#4342
• feat(metadata): Require use-cases in meta json by @​ericfennis in lucide-icons/lucide#4321
• feat(icons): added parasol icon by @​karsa-mistmere in lucide-icons/lucide#4347

Full Changelog: lucide-icons/lucide@1.16.0...1.17.0

Commits

• See full diff in compare view

Updates react-hook-form from 7.76.1 to 7.77.0

Release notes

Sourced from react-hook-form's releases.

Version 7.77.0

🥡 feat: add resetDefaultValues API (#13427)

https://react-hook-form.com/docs/useform/resetdefaultvalues

const { resetDefaultValues } = useForm();
resetDefaultValues(currentValues);

🐚 harden get() against prototype-path traversal (proto / constructor / prototype) (#13479) 🐞 fix FieldArray errors overriding nested fields (#13476) 🐞 fix inconsistent reset({}) behavior requiring double-call to take effect (#13473) 🐞 fix: preserve values with shouldUnregister (#13464) 🐞 fix stale isDirty in subscribe payload after reset(..., { keepValues: true }) (#13461) 👝 save bundle size (#13468)

thanks to @​puneetdixit200 & @​dfedoryshchev

Changelog

Sourced from react-hook-form's changelog.

[7.77.0] - 2026-05-31

Added

• resetDefaultValues API

Fixed

• Stale isDirty in subscribe payload after reset(..., { keepValues: true })
• Preserve values with shouldUnregister
• Inconsistent reset({}) behavior requiring double-call to take effect
• FieldArray errors overriding nested fields

Security

• Harden get() against prototype-path traversal (__proto__ / constructor / prototype)

Performance

• Bundle size reduction

Commits

• 5b20741 7.77.0
• f1a02d3 🧪 add regression coverage for createFormControl + useController remount defau...
• ba88c3d 📚 docs: fix JSDoc for UseFormWatch (#13486)
• 54198d9 🥡 feat: add resetDefaultValues API (#13427)
• fe8276e 📚 docs: fix duplicate "de" in es-ES README image alt text (#13481)
• 6aa81f9 🐚 harden get() against prototype-path traversal (__proto__ / `constructor...
• 645478b 🐞 fix FieldArray errors overriding nested fields (#13476)
• 889c752 🧪 add regression coverage for dynamic nested names with useController and wat...
• 581321c 🐞 fix inconsistent reset({}) behavior requiring double-call to take effect (#...
• f8eb2d7 🌭 upgrade deps (#13470)
• Additional commits viewable in compare view

Updates react-router from 7.15.1 to 7.16.0

Release notes

Sourced from react-router's releases.

v7.16.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7160

Changelog

Sourced from react-router's changelog.

v7.16.0

Minor Changes

• Stabilize future.unstable_trailingSlashAwareDataRequests as future.v8_trailingSlashAwareDataRequests (#15098)

Patch Changes

• Disable manifest path when lazy route dicovery is disabled (#15068)

• Fix browser URL creation to use the configured history window instead of the global window. (#15066)

  • Pass the history/router window through to createBrowserURLImpl so custom window contexts keep the correct URL origin.

• Fix useNavigation() return type to preserve discriminated union across navigation states (#15095)

• Widen MetaDescriptor script:ld+json type from LdJsonObject to LdJsonObject | LdJsonObject[] to permit multiple JSON-LD schemas in a single <script type="application/ld+json"> tag emitted by <Meta /> (#15082)

Commits

• 8984d23 Release v7.16.0 (#15105)
• d71025d Stabilize trailing slash aware data requests (#15098)
• 6e21b63 fix: keep useNavigation() return type a discriminated union (#15095)
• 4cde90b Support array of objects for script:ld+json meta descriptor (#15082)
• dc996ea fix(router): pass configured window to createBrowserURLImpl (#15066)
• cfb5fb0 Disable manifest handler when lazy route discovery is disabled (#15068)
• 16eb79e test: fix typo in test description (#15053)
• 4b464a9 chore: format
• See full diff in compare view

Updates concurrently from 9.2.1 to 10.0.1

Release notes

Sourced from concurrently's releases.

v10.0.1

• Ensure FlowController type is exported - #594

Full Changelog: open-cli-tools/concurrently@v10.0.0...v10.0.1

v10.0.0

💥 Breaking Changes

• Dropped support for Node.js <22.0.0. Older Node.js version have reached end-of-life, and certain features require new-ish JS APIs.
• concurrently is now ESM-only. It's now possible to require(esm). See here for interoperability.
• Prefix colors now default to automatic - #581 The colors used to default to reset (which does nothing). Concurrently now automatically selects a color, out of the box. The list of colors used is not jarring nor carries semantic meaning, and reads well in both dark and light terminal backgrounds.
• Removed deprecated flags and options
  • CLI flag --name-separator: use commas instead.
  • API option killOthers: use killOthersOn instead.

✨ New Features

• Support applying modifiers to hex prefix colors (e.g. #ff0000.bold) - #450
• Support chalk's color functions in prefixes (e.g. rgb(), hex(), bgRgb(), etc) - #578
• Set prefix background color via bg#RRGGBB - #578
• Allow shell override via --shell CLI flag/shell API option - #288, #589, #556 concurrently distinguishes between cmd.exe, powershell, and POSIX-based shells.
• Manual prefix coloring in templates e.g. [{color}{name}{/color}] - #583, #587

🐛 Bug fixes

• Scope quote normalization to CLI input - #582, #585 It should now also be possible to run commands like "/some/command" foo bar"
• Don't throw when color doesn't exist - #580

🔐 Security

• Address vulnerability in shellquote - #591

Other changes

• Warn about running on Snap - #584

New Contributors

• @​philfreo made their first contribution in open-cli-tools/concurrently#566
• @​garretmh made their first contribution in open-cli-tools/concurrently#450
• @​CodeF53 made their first contribution in open-cli-tools/concurrently#574
• @​nkappler made their first contribution in open-cli-tools/concurrently#577
• @​stephanschubert made their first contribution in open-cli-tools/concurrently#578
• @​GermanJablo made their first contribution in open-cli-tools/concurrently#581
• @​y-nk made their first contribution in open-cli-tools/concurrently#587
• @​samchungy made their first contribution in open-cli-tools/concurrently#591
• @​saito-netartz made their first contribution in open-cli-tools/concurrently#590
• @​jeffrey-takuma made their first contribution in open-cli-tools/concurrently#585

Full Changelog: open-cli-tools/concurrently@v9.2.1...v10.0.0

Commits

• e70686f 10.0.1
• a95bceb Rename flow-controller{.d -> }.ts
• ced4245 ci: configure trusted publisher flow
• cf2eaa2 10.0.0
• 1b9bae4 deps: upgrade yargs to v18 (#593)
• b05ee75 Bump min Node.js version to v22
• ae60bc4 Scope quote normalization to CLI input (#585)
• 2822c28 docs: update outdated Node.js doc links and fix null code formatting (#590)
• 42f3829 deps: upgrade shell-quote to 1.8.4 (#591)
• cb04cbf Remove deprecated flags/options
• Additional commits viewable in compare view

Attestation changes

This version has no provenance attestation, while the previous version (9.2.1) was attested. Review the package versions before updating.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies, web. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
medcore	Ready	Preview, Comment	Jun 1, 2026 3:59am