chore(deps): update all dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
@types/react (source)	^18.2.24 -> ^19.0.0					devDependencies	major
@types/react-dom (source)	^18.2.8 -> ^19.0.0					devDependencies	major
actions/checkout	v4.1.1 -> v4.2.2					action	minor
actions/dependency-review-action	v3.1.5 -> v4.7.0					action	major
actions/setup-node	v4.0.1 -> v4.4.0					action	minor
esbuild	^0.19.11 -> ^0.25.0					devDependencies	minor
github/codeql-action	v3.23.0 -> v3.28.17					action	minor
node (source)	20.11.0 -> 22.15.0						major
prettier (source)	3.2.5 -> 3.5.3					devDependencies	minor
react (source)	^18.2.0 -> ^19.0.0					devDependencies	major
react-dom (source)	^18.2.0 -> ^19.0.0					devDependencies	major
rimraf	^5.0.5 -> ^6.0.0					devDependencies	major
step-security/harden-runner	v2.6.1 -> v2.12.0					action	minor
typescript (source)	5.4.5 -> 5.8.3					devDependencies	minor

---

Release Notes

actions/checkout (actions/checkout)

v4.2.2

Compare Source

• url-helper.ts now leverages well-known environment variables by @​jww3 in https://github.com/actions/checkout/pull/1941
• Expand unit test coverage for isGhes by @​jww3 in https://github.com/actions/checkout/pull/1946

v4.2.1

Compare Source

• Check out other refs/* by commit if provided, fall back to ref by @​orhantoy in https://github.com/actions/checkout/pull/1924

v4.2.0

Compare Source

• Add Ref and Commit outputs by @​lucacome in https://github.com/actions/checkout/pull/1180
• Dependency updates by @​dependabot- https://github.com/actions/checkout/pull/1777, https://github.com/actions/checkout/pull/1872

v4.1.7

Compare Source

• Bump the minor-npm-dependencies group across 1 directory with 4 updates by @​dependabot in https://github.com/actions/checkout/pull/1739
• Bump actions/checkout from 3 to 4 by @​dependabot in https://github.com/actions/checkout/pull/1697
• Check out other refs/* by commit by @​orhantoy in https://github.com/actions/checkout/pull/1774
• Pin actions/checkout's own workflows to a known, good, stable version. by @​jww3 in https://github.com/actions/checkout/pull/1776

v4.1.6

Compare Source

• Check platform to set archive extension appropriately by @​cory-miller in https://github.com/actions/checkout/pull/1732

v4.1.5

Compare Source

• Update NPM dependencies by @​cory-miller in https://github.com/actions/checkout/pull/1703
• Bump github/codeql-action from 2 to 3 by @​dependabot in https://github.com/actions/checkout/pull/1694
• Bump actions/setup-node from 1 to 4 by @​dependabot in https://github.com/actions/checkout/pull/1696
• Bump actions/upload-artifact from 2 to 4 by @​dependabot in https://github.com/actions/checkout/pull/1695
• README: Suggest user.email to be 41898282+github-actions[bot]@​users.noreply.github.com by @​cory-miller in https://github.com/actions/checkout/pull/1707

v4.1.4

Compare Source

• Disable extensions.worktreeConfig when disabling sparse-checkout by @​jww3 in https://github.com/actions/checkout/pull/1692
• Add dependabot config by @​cory-miller in https://github.com/actions/checkout/pull/1688
• Bump the minor-actions-dependencies group with 2 updates by @​dependabot in https://github.com/actions/checkout/pull/1693
• Bump word-wrap from 1.2.3 to 1.2.5 by @​dependabot in https://github.com/actions/checkout/pull/1643

v4.1.3

Compare Source

• Check git version before attempting to disable sparse-checkout by @​jww3 in https://github.com/actions/checkout/pull/1656
• Add SSH user parameter by @​cory-miller in https://github.com/actions/checkout/pull/1685
• Update actions/checkout version in update-main-version.yml by @​jww3 in https://github.com/actions/checkout/pull/1650

v4.1.2

Compare Source

• Fix: Disable sparse checkout whenever sparse-checkout option is not present @​dscho in https://github.com/actions/checkout/pull/1598

actions/dependency-review-action (actions/dependency-review-action)

v4.7.0

Compare Source

• Handle complex license expressions (e.g. MIT AND GPL-2.0) in allow lists (fixes #​809 and probably others)
• Replace OTHER in package licenses with LicenseRef-clearlydefined-OTHER so that parsing passes

v4.6.0

Compare Source

What's Changed

• Updating multiple dependency versions by @​Ahmed3lmallah in https://github.com/actions/dependency-review-action/pull/870
• Grouping minor and patch dependabot updates to lessen the number of PRs by @​Ahmed3lmallah in https://github.com/actions/dependency-review-action/pull/876
• Bump actions/stale from 9.0.0 to 9.1.0 by @​dependabot in https://github.com/actions/dependency-review-action/pull/878
• Bump undici from 5.28.4 to 5.28.5 by @​dependabot in https://github.com/actions/dependency-review-action/pull/877
• DR Action should link to the proxima stamp when appropriate in error messages by @​AshelyTC in https://github.com/actions/dependency-review-action/pull/891
• Allow deny package removal by @​ellenfieldn in https://github.com/actions/dependency-review-action/pull/888
• Fix typos by @​omahs in https://github.com/actions/dependency-review-action/pull/893
• Bump esbuild from 0.19.5 to 0.25.0 by @​dependabot in https://github.com/actions/dependency-review-action/pull/900
• Bump octokit and related dependencies by @​RomanIakovlev in https://github.com/actions/dependency-review-action/pull/904
• Bump @​babel/helpers from 7.23.2 to 7.26.10 by @​dependabot in https://github.com/actions/dependency-review-action/pull/905
• Bump @​octokit/plugin-paginate-rest from 9.1.5 to 9.2.2 by @​dependabot in https://github.com/actions/dependency-review-action/pull/899
• Update transitive dependency spdx-license-ids by @​ailox in https://github.com/actions/dependency-review-action/pull/855
• To not print OpenSSF Scorecard section if no dependencies scanned by @​fabasoad in https://github.com/actions/dependency-review-action/pull/884
• Improve usage of this action in dependency-review.yml by @​fabasoad in https://github.com/actions/dependency-review-action/pull/883
• Clarify comment-summary-in-pr behaviour by @​Pantelis-Santorinios in https://github.com/actions/dependency-review-action/pull/902
• Prepare 4.6.0 Release candidate by @​brrygrdn in https://github.com/actions/dependency-review-action/pull/910

New Contributors

• @​AshelyTC made their first contribution in https://github.com/actions/dependency-review-action/pull/891
• @​ellenfieldn made their first contribution in https://github.com/actions/dependency-review-action/pull/888
• @​omahs made their first contribution in https://github.com/actions/dependency-review-action/pull/893
• @​RomanIakovlev made their first contribution in https://github.com/actions/dependency-review-action/pull/904
• @​ailox made their first contribution in https://github.com/actions/dependency-review-action/pull/855
• @​fabasoad made their first contribution in https://github.com/actions/dependency-review-action/pull/884
• @​Pantelis-Santorinios made their first contribution in https://github.com/actions/dependency-review-action/pull/902
• @​brrygrdn made their first contribution in https://github.com/actions/dependency-review-action/pull/910

Full Changelog: actions/dependency-review-action@v4.5.0...v4.6.0

v4.5.0

Compare Source

What's Changed

• Bump got from 14.4.2 to 14.4.3 by @​dependabot in https://github.com/actions/dependency-review-action/pull/844
• Bump nodemon from 3.1.0 to 3.1.7 by @​dependabot in https://github.com/actions/dependency-review-action/pull/847
• Bump @​vercel/ncc from 0.38.1 to 0.38.3 by @​dependabot in https://github.com/actions/dependency-review-action/pull/849
• Overriding the cross-spawn dependency to use a safe version by @​Ahmed3lmallah in https://github.com/actions/dependency-review-action/pull/850
• fix: add summary comment on failure when warn-only: true by @​ebickle in https://github.com/actions/dependency-review-action/pull/827
• Prepare for 4.5.0 release by @​Ahmed3lmallah in https://github.com/actions/dependency-review-action/pull/851

New Contributors

• @​ebickle made their first contribution in https://github.com/actions/dependency-review-action/pull/827

Full Changelog: actions/dependency-review-action@v4...v4.5.0

v4.4.0

Compare Source

What's Changed

• Fix for merge_group event bug by @​Ahmed3lmallah in https://github.com/actions/dependency-review-action/pull/846

Full Changelog: actions/dependency-review-action@v4.3.5...v4.4.0

v4.3.5

Compare Source

What's Changed

• fix: getRefs function to handle merge_group events by @​louis-bompart in https://github.com/actions/dependency-review-action/pull/766
• Create pull_request_template.md by @​jonjanego in https://github.com/actions/dependency-review-action/pull/794
• Update CONTRIBUTING.md by @​jonjanego in https://github.com/actions/dependency-review-action/pull/793
• Bump @​types/node from 20.11.28 to 20.16.0 by @​dependabot in https://github.com/actions/dependency-review-action/pull/815
• Upgrade transitive micromatch library by @​elireisman in https://github.com/actions/dependency-review-action/pull/829
• Do not list changed dependencies in summary by @​hmaurer in https://github.com/actions/dependency-review-action/pull/828
• Update stale.yaml by @​jonjanego in https://github.com/actions/dependency-review-action/pull/832
• Bump got from 14.4.1 to 14.4.2 by @​dependabot in https://github.com/actions/dependency-review-action/pull/822
• Bump eslint-plugin-jest and ts-jest by @​Ahmed3lmallah in https://github.com/actions/dependency-review-action/pull/840

New Contributors

• @​louis-bompart made their first contribution in https://github.com/actions/dependency-review-action/pull/766
• @​Ahmed3lmallah made their first contribution in https://github.com/actions/dependency-review-action/pull/840

Full Changelog: actions/dependency-review-action@v4.3.4...v4.3.5

v4.3.4

Compare Source

What's Changed

• Include all added dependencies in scorecard entries by @​elireisman in https://github.com/actions/dependency-review-action/pull/783
• Update SPDX Expression Parsing by @​febuiles in https://github.com/actions/dependency-review-action/pull/719
  • This PR is a significant refactor of SPDX expression parsing that may fix some bugs, but unfortunately there are several related known issues that remain unresolved as of this version.

Full Changelog: actions/dependency-review-action@v4.3.3...v4.3.4

v4.3.3: Notes for v4.3.3

Compare Source

What's Changed

• Allow slashes in purl package names by @​juxtin in https://github.com/actions/dependency-review-action/pull/765
• use the v3 version of the deps.dev API by @​josieang in https://github.com/actions/dependency-review-action/pull/741
• PR with suggestions - [Improvement]: Help streamline / simplify dependency review action README by @​am-stead in https://github.com/actions/dependency-review-action/pull/773
• fix show-openssf-scorecard-levels input by @​ramann in https://github.com/actions/dependency-review-action/pull/776
• Updates to the contribution guidelines by @​jonjanego in https://github.com/actions/dependency-review-action/pull/778
• Create issue templates by @​jonjanego in https://github.com/actions/dependency-review-action/pull/777
• Fix the max comment length issue by @​jhutchings1 and @​elireisman in https://github.com/actions/dependency-review-action/pull/767
• Bump project version to 4.3.3 in prep for a release by @​elireisman in https://github.com/actions/dependency-review-action/pull/781

New Contributors

• @​josieang made their first contribution in https://github.com/actions/dependency-review-action/pull/741
• @​am-stead made their first contribution in https://github.com/actions/dependency-review-action/pull/773
• @​ramann made their first contribution in https://github.com/actions/dependency-review-action/pull/776

Full Changelog: actions/dependency-review-action@v4.3.2...v4.3.3

v4.3.2

Compare Source

What's Changed

• Fix package-url parsing for allow-dependencies-licenses by @​juxtin in https://github.com/actions/dependency-review-action/pull/761

Full Changelog: actions/dependency-review-action@v4.3.1...v4.3.2

v4.3.1

Compare Source

What's Changed

This release fixes some bugs related to package-url parsing that were introduced in 4.3.0. See https://github.com/actions/dependency-review-action/pull/753.

Full Changelog: actions/dependency-review-action@V4.3.0...v4.3.1

v4.3.0

Compare Source

New Features

• The deny-packages option can now be used without a version number to exclude all versions of a package.

What's Changed

• Fix action variable name for scorecard by @​lukehinds in https://github.com/actions/dependency-review-action/pull/735
• Fix extra https:// in summary by @​jhutchings1 in https://github.com/actions/dependency-review-action/pull/748
• Bump typescript from 5.3.3 to 5.4.5 by @​dependabot in https://github.com/actions/dependency-review-action/pull/744
• Bump eslint-plugin-github from 4.10.1 to 4.10.2 by @​dependabot in https://github.com/actions/dependency-review-action/pull/737
• Show denied packages with red X by @​juxtin in https://github.com/actions/dependency-review-action/pull/750
• deny-packages configuration option can deny specified version or all packages by @​febuiles and @​bteng22 in https://github.com/actions/dependency-review-action/pull/733

New Contributors

• @​bteng22 made their first contribution in https://github.com/actions/dependency-review-action/pull/733
• @​lukehinds made their first contribution in https://github.com/actions/dependency-review-action/pull/735

Full Changelog: actions/dependency-review-action@v4.2.5...V4.3.0

v4.2.5: 4.2.5

Compare Source

What's Changed

• Fixed a bug where some configuration options in external files were not being properly picked up -- https://github.com/actions/dependency-review-action/pull/722
• Bump eslint from 8.56.0 to 8.57.0

Full Changelog: actions/dependency-review-action@v4.2.4...v4.2.5

v4.2.4

Compare Source

What's Changed

Fixed a bug in the output of OpenSSF cards for GitHub Actions.

New Contributors

• @​sporkmonger made their first contribution in https://github.com/actions/dependency-review-action/pull/721

Full Changelog: actions/dependency-review-action@v4.2.3...v4.2.4

v4.2.3: 4.2.3

Compare Source

What's Changed

• Set comment as output by @​jsoref in https://github.com/actions/dependency-review-action/pull/698
• Add support for calculating OpenSSF Scorecards by @​jhutchings1 in https://github.com/actions/dependency-review-action/pull/709
• Add outputs for the changes data by @​laughedelic in https://github.com/actions/dependency-review-action/pull/707

New Contributors

• @​jhutchings1 made their first contribution in https://github.com/actions/dependency-review-action/pull/709
• @​laughedelic made their first contribution in https://github.com/actions/dependency-review-action/pull/707

Full Changelog: actions/dependency-review-action@v4.1.3...v4.2.3

v4.1.3: 4.1.3

Compare Source

Fixes a bug in 4.1.2 that would introduce comments in every pull request, regardless of the user's configuration (see https://github.com/actions/dependency-review-action/issues/697).

Full Changelog: actions/dependency-review-action@v4.1.2...v4.1.3

v4.1.2: 4.1.2

Compare Source

What's Changed

• Expose dependency comment content by @​jsoref in https://github.com/actions/dependency-review-action/pull/696

Full Changelog: actions/dependency-review-action@v4.1.1...v4.1.2

v4.1.1: 4.1.1

Compare Source

What's Changed

• Bump undici to fix GHSA-wqq4-5wpv-mx2g
• Bump @​types/node from 20.11.17 to 20.11.19 by @​dependabot in https://github.com/actions/dependency-review-action/pull/693

Full Changelog: actions/dependency-review-action@v4.1.0...v4.1.1

v4.1.0: 4.1.0

Compare Source

What's Changed

• Add warn-only by @​tgrall in https://github.com/actions/dependency-review-action/pull/432

Added a new configuration option (warn-only, boolean) that makes the action always succeed while still displaying found vulnerabilities in the log.

• Create stale.yaml by @​jonjanego in https://github.com/actions/dependency-review-action/pull/671
• Use manual codeql config by @​juxtin in https://github.com/actions/dependency-review-action/pull/678
• Multiple dependency updates (see the changelog below for more information)

New Contributors

• @​jonjanego made their first contribution in https://github.com/actions/dependency-review-action/pull/671
• @​tgrall made their first contribution in https://github.com/actions/dependency-review-action/pull/432

Full Changelog: actions/dependency-review-action@v4...v4.1.0

v4.0.0

Compare Source

• Update action to Node 20 by @​takost in https://github.com/actions/dependency-review-action/pull/639
• Dependabot updates, see the full changelog for more details.

New Contributors

• @​takost made their first contribution in https://github.com/actions/dependency-review-action/pull/639

Full Changelog: actions/dependency-review-action@v3.1.5...v4.0.0

actions/setup-node (actions/setup-node)

v4.4.0

Compare Source

What's Changed

Bug fixes:

• Make eslint-compact matcher compatible with Stylelint by @​FloEdelmann in https://github.com/actions/setup-node/pull/98
• Add support for indented eslint output by @​fregante in https://github.com/actions/setup-node/pull/1245

Enhancement:

• Support private mirrors by @​marco-ippolito in https://github.com/actions/setup-node/pull/1240

Dependency update:

• Upgrade @​action/cache from 4.0.2 to 4.0.3 by @​aparnajyothi-y in https://github.com/actions/setup-node/pull/1262

New Contributors

• @​FloEdelmann made their first contribution in https://github.com/actions/setup-node/pull/98
• @​fregante made their first contribution in https://github.com/actions/setup-node/pull/1245
• @​marco-ippolito made their first contribution in https://github.com/actions/setup-node/pull/1240

Full Changelog: actions/setup-node@v4...v4.4.0

v4.3.0

Compare Source

What's Changed

Dependency updates

• Upgrade @​actions/glob from 0.4.0 to 0.5.0 by @​dependabot in https://github.com/actions/setup-node/pull/1200
• Upgrade @​action/cache from 4.0.0 to 4.0.2 by @​gowridurgad in https://github.com/actions/setup-node/pull/1251
• Upgrade @​vercel/ncc from 0.38.1 to 0.38.3 by @​dependabot in https://github.com/actions/setup-node/pull/1203
• Upgrade @​actions/tool-cache from 2.0.1 to 2.0.2 by @​dependabot in https://github.com/actions/setup-node/pull/1220

New Contributors

• @​gowridurgad made their first contribution in https://github.com/actions/setup-node/pull/1251

Full Changelog: actions/setup-node@v4...v4.3.0

v4.2.0

Compare Source

What's Changed

• Enhance workflows and upgrade publish-actions from 0.2.2 to 0.3.0 by @​aparnajyothi-y in https://github.com/actions/setup-node/pull/1174
• Add recommended permissions section to readme by @​benwells in https://github.com/actions/setup-node/pull/1193
• Configure Dependabot settings by @​HarithaVattikuti in https://github.com/actions/setup-node/pull/1192
• Upgrade @actions/cache to ^4.0.0 by @​priyagupta108 in https://github.com/actions/setup-node/pull/1191
• Upgrade pnpm/action-setup from 2 to 4 by @​dependabot in https://github.com/actions/setup-node/pull/1194
• Upgrade actions/publish-immutable-action from 0.0.3 to 0.0.4 by @​dependabot in https://github.com/actions/setup-node/pull/1195
• Upgrade semver from 7.6.0 to 7.6.3 by @​dependabot in https://github.com/actions/setup-node/pull/1196
• Upgrade @​types/jest from 29.5.12 to 29.5.14 by @​dependabot in https://github.com/actions/setup-node/pull/1201
• Upgrade undici from 5.28.4 to 5.28.5 by @​dependabot in https://github.com/actions/setup-node/pull/1205

New Contributors

• @​benwells made their first contribution in https://github.com/actions/setup-node/pull/1193

Full Changelog: actions/setup-node@v4...v4.2.0

v4.1.0

Compare Source

What's Changed

• Resolve High Security Alerts by upgrading Dependencies by @​aparnajyothi-y in https://github.com/actions/setup-node/pull/1132
• Upgrade IA Publish by @​Jcambass in https://github.com/actions/setup-node/pull/1134
• Revise isGhes logic by @​jww3 in https://github.com/actions/setup-node/pull/1148
• Add architecture to cache key by @​pengx17 in https://github.com/actions/setup-node/pull/843
  This addresses issues with caching by adding the architecture (arch) to the cache key, ensuring that cache keys are accurate to prevent conflicts.
  Note: This change may break previous cache keys as they will no longer be compatible with the new format.

New Contributors

• @​jww3 made their first contribution in https://github.com/actions/setup-node/pull/1148
• @​pengx17 made their first contribution in https://github.com/actions/setup-node/pull/843

Full Changelog: actions/setup-node@v4...v4.1.0

v4.0.4

Compare Source

What's Changed

• Add workflow file for publishing releases to immutable action package by @​Jcambass in https://github.com/actions/setup-node/pull/1125
• Enhance Windows ARM64 Setup and Update micromatch Dependency by @​priyagupta108 in https://github.com/actions/setup-node/pull/1126

Documentation changes:

• Documentation update in the README file by @​suyashgaonkar in https://github.com/actions/setup-node/pull/1106
• Correct invalid 'lts' version string reference by @​fulldecent in https://github.com/actions/setup-node/pull/1124

New Contributors

• @​suyashgaonkar made their first contribution in https://github.com/actions/setup-node/pull/1106
• @​priyagupta108 made their first contribution in https://github.com/actions/setup-node/pull/1126
• @​Jcambass made their first contribution in https://github.com/actions/setup-node/pull/1125
• @​fulldecent made their first contribution in https://github.com/actions/setup-node/pull/1124

Full Changelog: actions/setup-node@v4...v4.0.4

v4.0.3

Compare Source

What's Changed

Bug fixes:

• Fix macos latest check failures by @​HarithaVattikuti in https://github.com/actions/setup-node/pull/1041

Documentation changes:

• Documentation update to update default Node version to 20 by @​bengreeley in https://github.com/actions/setup-node/pull/949

Dependency updates:

• Bump undici from 5.26.5 to 5.28.3 by @​dependabot in https://github.com/actions/setup-node/pull/965
• Bump braces from 3.0.2 to 3.0.3 and other dependency updates by @​dependabot in https://github.com/actions/setup-node/pull/1087

New Contributors

• @​bengreeley made their first contribution in https://github.com/actions/setup-node/pull/949
• @​HarithaVattikuti made their first contribution in https://github.com/actions/setup-node/pull/1041

Full Changelog: actions/setup-node@v4...v4.0.3

v4.0.2

Compare Source

What's Changed

• Add support for volta.extends by @​ThisIsManta in https://github.com/actions/setup-node/pull/921
• Add support for arm64 Windows by @​dmitry-shibanov in https://github.com/actions/setup-node/pull/927

New Contributors

• @​ThisIsManta made their first contribution in https://github.com/actions/setup-node/pull/921

Full Changelog: actions/setup-node@v4.0.1...v4.0.2

evanw/esbuild (esbuild)

v0.25.4

Compare Source

• Add simple support for CORS to esbuild's development server (#​4125)

  Starting with version 0.25.0, esbuild's development server is no longer configured to serve

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.