fix(deps): update all minor and patch dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
@apollo/server (source)	4.11.3 → 4.13.0
@chromatic-com/storybook	3.2.4 → 3.2.7
@commitlint/cli (source)	19.6.1 → 19.8.1
@commitlint/config-conventional (source)	19.6.0 → 19.8.1
@docusaurus/core (source)	3.7.0 → 3.9.2
@docusaurus/module-type-aliases (source)	3.7.0 → 3.9.2
@docusaurus/preset-classic (source)	3.7.0 → 3.9.2
@docusaurus/theme-classic (source)	3.7.0 → 3.9.2
@docusaurus/tsconfig (source)	3.7.0 → 3.9.2
@docusaurus/types (source)	3.7.0 → 3.9.2
@emotion/styled (source)	11.14.0 → 11.14.1
@eslint/js (source)	9.19.0 → 9.39.2
@graphql-codegen/cli (source)	5.0.4 → 5.0.7
@inquirer/prompts (source)	7.3.1 → 7.10.1
@mdx-js/react (source)	3.1.0 → 3.1.1
@mikro-orm/core (source)	6.4.5 → 6.6.6
@mikro-orm/migrations (source)	6.4.5 → 6.6.6
@mikro-orm/mysql (source)	6.4.5 → 6.6.6
@mikro-orm/postgresql (source)	6.4.5 → 6.6.6
@mikro-orm/sqlite (source)	6.4.5 → 6.6.6
@monaco-editor/react	4.6.0 → 4.7.0
@nestjs/common (source)	10.4.15 → 10.4.22
@nestjs/core (source)	10.4.15 → 10.4.22
@nestjs/platform-express (source)	10.4.15 → 10.4.22
@nestjs/testing (source)	10.4.15 → 10.4.22
@storybook/addon-essentials (source)	8.5.2 → 8.6.14
@storybook/addon-interactions (source)	8.5.2 → 8.6.14
@storybook/addon-links (source)	8.5.2 → 8.6.15
@storybook/addon-onboarding (source)	8.5.2 → 8.6.15
@storybook/blocks (source)	8.5.2 → 8.6.14
@storybook/react (source)	8.5.2 → 8.6.15
@storybook/react-vite (source)	8.5.2 → 8.6.15
@storybook/test (source)	8.5.2 → 8.6.15
@swc/cli	0.6.0 → 0.7.10
@swc/core (source)	1.10.12 → 1.15.11
@tanstack/react-query (source)	5.66.0 → 5.90.20
@tanstack/react-router (source)	1.99.0 → 1.158.1
@tanstack/router-devtools (source)	1.99.0 → 1.158.1
@tanstack/router-plugin (source)	1.98.6 → 1.158.1
@testing-library/dom	10.4.0 → 10.4.1
@testing-library/react	16.2.0 → 16.3.2
@types/estree (source)	1.0.6 → 1.0.8
@types/express (source)	4.17.21 → 4.17.25
@types/html-escaper (source)	3.0.2 → 3.0.4
@types/inquirer (source)	8.2.10 → 8.2.12
@types/multer (source)	1.4.12 → 1.4.13
@types/node (source)	20.17.16 → 20.19.31
@types/react (source)	18.3.18 → 18.3.27
@types/react-dom (source)	18.3.5 → 18.3.7
@types/supertest (source)	6.0.2 → 6.0.3
@urql/core (source)	5.1.0 → 5.2.0
@urql/exchange-auth (source)	2.2.0 → 2.2.1
@vitejs/plugin-react-swc (source)	3.7.2 → 3.11.0
@vitest/coverage-v8 (source)	2.1.8 → 2.1.9
acorn	8.14.0 → 8.15.0
antd (source)	5.23.3 → 5.29.3
bcdice	4.7.1 → 4.9.0
chromatic (source)	11.25.2 → 11.29.0
class-validator	0.14.1 → 0.14.3
dayjs (source)	1.11.13 → 1.11.19
dotenv	16.4.7 → 16.6.1
es-toolkit (source)	1.32.0 → 1.44.0
eslint (source)	9.19.0 → 9.39.2
eslint-config-prettier	9.1.0 → 9.1.2
eslint-plugin-import	2.31.0 → 2.32.0
eslint-plugin-react	7.37.4 → 7.37.5
eslint-plugin-react-hooks (source)	5.1.0 → 5.2.0
eslint-plugin-react-refresh	0.4.18 → 0.5.0
eslint-plugin-storybook (source)	0.11.2 → 0.12.0
firebase (source, changelog)	11.2.0 → 11.10.0
firebase-admin (source)	13.0.2 → 13.6.1
fs-extra	11.3.0 → 11.3.3
globals	15.14.0 → 15.15.0
graphql	16.10.0 → 16.12.0
immer	10.1.1 → 10.2.0
ioredis	5.4.2 → 5.9.2
jotai	2.11.3 → 2.17.1
less (source)	4.2.2 → 4.5.1
linkify-react (source)	4.2.0 → 4.3.2
linkifyjs (source)	4.2.0 → 4.3.2
monaco-editor	0.52.2 → 0.55.1
nestjs-pino	4.3.0 → 4.5.0
pino (source)	9.6.0 → 9.14.0
pino-http	10.4.0 → 10.5.0
prettier (source)	3.4.2 → 3.8.1
re-resizable	6.10.3 → 6.11.2
react-draggable	4.4.6 → 4.5.0
react-konva	18.2.10 → 18.2.14
react-rnd	10.4.14 → 10.5.2
react-virtuoso (source)	4.12.3 → 4.18.1
rollup (source)	4.32.1 → 4.57.1
rollup-plugin-license	3.5.3 → 3.6.0
rxjs (source)	7.8.1 → 7.8.2
sass-embedded	1.83.4 → 1.97.3
sharp (source, changelog)	^0.33.0 → ^0.34.0
sort-package-json	2.14.0 → 2.15.1
storybook (source)	8.5.2 → 8.6.15
sucrase	3.35.0 → 3.35.1
ts-jest (source)	29.2.5 → 29.4.6
ts-loader	9.5.2 → 9.5.4
type-fest	4.33.0 → 4.41.0
typescript-eslint (source)	8.22.0 → 8.54.0
urql (source)	4.2.1 → 4.2.2
use-image	1.1.1 → 1.1.4
uuid	11.0.5 → 11.1.0
vite (source)	5.4.14 → 5.4.21
vitest (source)	2.1.8 → 2.1.9
wonka	6.3.4 → 6.3.5
yarn (source)	4.6.0 → 4.12.0
zod (source)	3.24.1 → 3.25.76

---

Release Notes

apollographql/apollo-server (@​apollo/server)

v4.13.0

Compare Source

Minor Changes

• #​8180 e9d49d1 Thanks @​github-actions! - ⚠️ SECURITY @apollo/server/standalone:

  The default configuration of startStandaloneServer was vulnerable to denial of service (DoS) attacks through specially crafted request bodies with exotic character set encodings.

  In accordance with RFC 7159, we now only accept request bodies encoded in UTF-8, UTF-16 (LE or BE), or UTF-32 (LE or BE).
  Any other character set will be rejected with a 415 Unsupported Media Type error.
  Additionally, upstream libraries used by this version of Apollo Server may not support all of these encodings, so some requests may still fail even if they pass this check.

  If you were not using startStandaloneServer, you were not affected by this vulnerability.

  Generally, please note that we provide startStandaloneServer as a convenience tool for quickly getting started with Apollo Server.
  For production deployments, we recommend using Apollo Server with a more fully-featured web server framework such as Express, Koa, or Fastify, where you have more control over security-related configuration options.

  Also please note that Apollo Server 4.x is considered EOL as of January 26, 2026, and Apollo no longer commits to providing support or updates for it. Please prioritize migrating to Apollo Server 5.x for continued support and updates.

v4.12.2

Compare Source

(No change; there is a change to the @apollo/server-integration-testsuite used to test integrations, and the two packages always have matching versions.)

v4.12.1

Compare Source

Patch Changes

• #​8064 41f98d4 Thanks @​glasser! - Update README.md to recommend Express v5 integration now that Express v5 is released.

v4.12.0

Compare Source

Minor Changes

• #​8054 89e3f84 Thanks @​clenfest! - Adds a new graphql-js validation rule to reject operations that recursively request selections above a specified maximum, which is disabled by default. Use configuration option maxRecursiveSelections=true to enable with a maximum of 10,000,000, or maxRecursiveSelections=<number> for a custom maximum. Enabling this validation can help avoid performance issues with configured validation rules or plugins.

Patch Changes

• #​8031 2550d9f Thanks @​slagiewka! - Add return after sending 400 response in doubly escaped JSON parser middleware

chromaui/addon-visual-tests (@​chromatic-com/storybook)

v3.2.7

Compare Source

🐛 Bug Fix

• Update GraphQL schema and handle ComparisonResult.SKIPPED value (@​ghengeveld)

Authors: 1

• Gert Hengeveld (@​ghengeveld)

---

v3.2.6

Compare Source

🐛 Bug Fix

• Fix SSO url #​363 (@​kasperpeulen)

Authors: 1

• Kasper Peulen (@​kasperpeulen)

---

v3.2.5

Compare Source

🐛 Bug Fix

• Debug release #​357 (@​kasperpeulen)
• Remove the connection timeout notification #​351 (@​valentinpalkovic)
• Set up Codecov #​350 (@​paulelliott)

Authors: 3

• Kasper Peulen (@​kasperpeulen)
• Paul Elliott (@​paulelliott)
• Valentin Palkovic (@​valentinpalkovic)

conventional-changelog/commitlint (@​commitlint/cli)

v19.8.1

Compare Source

Bug Fixes

• update dependency tinyexec to v1 (#​4332) (e49449f)

v19.8.0

Compare Source

Performance Improvements

• use node: prefix to bypass require.cache call for builtins (#​4302) (0cd8f41)

19.7.1 (2025-02-02)

Note: Version bump only for package @​commitlint/cli

19.6.1 (2024-12-15)

Note: Version bump only for package @​commitlint/cli

v19.7.1

Compare Source

Note: Version bump only for package @​commitlint/cli

conventional-changelog/commitlint (@​commitlint/config-conventional)

v19.8.1

Compare Source

Note: Version bump only for package @​commitlint/config-conventional

v19.8.0

Compare Source

Performance Improvements

• use node: prefix to bypass require.cache call for builtins (#​4302) (0cd8f41)

19.7.1 (2025-02-02)

Note: Version bump only for package @​commitlint/config-conventional

v19.7.1

Compare Source

Note: Version bump only for package @​commitlint/config-conventional

facebook/docusaurus (@​docusaurus/core)

v3.9.2

Compare Source

🐛 Bug Fix

• docusaurus-plugin-content-docs
  • #​11490 fix(docs): add support for missing sidebar_key front matter attribute (@​slorber)
• docusaurus-cssnano-preset
  • [#​11487](https://redirect.github.com/facebook/docus

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) in timezone Asia/Tokyo, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[cloudflare-workers-and-pages]

Deploying flocon with    Cloudflare Pages

Latest commit:	e0d6a18
Status:	🚫  Build failed.

View logs

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 22.74%. Comparing base (bf1209a) to head (68eaa5d).

Additional details and impacted files

@@           Coverage Diff            @@
##             main     #649    +/-   ##
========================================
  Coverage   22.74%   22.74%            
========================================
  Files         726      726            
  Lines       43460    43460            
  Branches     3428     3417    -11     
========================================
  Hits         9884     9884            
- Misses      33084    33226   +142     
+ Partials      492      350   -142     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.