[npm](deps-dev): Bump the dev-deps group in /react with 4 updates

[dependabot]

Bumps the dev-deps group in /react with 4 updates: @types/react, lefthook, postcss and vite.

Updates @types/react from 19.0.6 to 19.0.7

Commits

• See full diff in compare view

Updates lefthook from 1.10.3 to 1.10.9

Release notes

Sourced from lefthook's releases.

v1.10.9

Changelog

v1.10.8

Changelog

• dcbf0d4db2ba809eb5a569c15d1239ea964d07a7 feat: add custom plain templates (#930)
• 4711444fd6532d17e8971d30c3e4d7e96d2b02fb fix: unique names for nested operations (#931)

v1.10.7

Changelog

v1.10.6

Changelog

• 3d0f05df1d3b6c4c8c2d8f9a98faeacd56da84aa chore: cleanup dotfiles
• 9873cee940a4b84e9fd288994769b273170b7ddc chore: remove .lefthook.toml
• 6d6977f4f01e6da99e7a077838265f0d0f3ab280 feat: add schema.json to npm packages (#928)
• 66219211c5b0ebd681438ff3cb8e28a46de1a652 fix: increase timeout for self-update to 2 mins
• e8bf5945477cd2f2c609a8bc46a2b98cb92417bb fix: typo
• ce2058dc0fd563dcd084e38c2127d869020b7e2a fix: use lefthook option in ghost hook too (#929)

v1.10.5

Changelog

• ab93bf19f2414cb8a12eb064874aa89e0d14ecf8 chore: update config template with new jobs
• 9e023651f1fae3cca553815e8c1ec9eecd76f1fe feat: add lefthook option for custom path or command (#927)

v1.10.4

Changelog

• 29fb4251ab1f9968c074934e7c7b01d26569b072 deps: January 2025 (#926)
• 59b9e4d082988d83de083244d3614719fc701eee fix: avoid skipping pre commit when deleted files staged (#925)
• 834f17621f824915b7e408109437394b62846650 fix: use roots from jobs for possible npm package location (#924)

Changelog

Sourced from lefthook's changelog.

1.10.9 (2025-01-20)

• fix: make uninstall --remove-configs description more accurate (#934) by @​scop

1.10.8 (2025-01-17)

• feat: add custom plain templates (#930) by @​mrexox
• fix: unique names for nested operations (#931) by @​mrexox

1.10.7 (2025-01-15)

• fix: use lefthook option in ghost hook too (#929) by @​mrexox
• feat: add schema.json to npm packages (#928) by @​mrexox
• fix: increase timeout for self-update to 2 mins by @​mrexox

1.10.5 (2025-01-14)

• feat: add lefthook option for custom path or command (#927) by @​mrexox
• chore: update config template with new jobs by @​mrexox

1.10.4 (2025-01-13)

• fix: avoid skipping pre commit when deleted files staged (#925) by @​mrexox
• fix: use roots from jobs for possible npm package location (#924) by @​mrexox
• deps: January 2025 (#926) by @​mrexox

Commits

• 40e97fc 1.10.9: fix help message
• fbf3e2c docs: make uninstall --remote-configs description more accurate (#934)
• b223bf4 docs: update "added in" for templates setting
• e33dae5 1.10.8: add replacable templates configuration
• dcbf0d4 feat: add custom plain templates (#930)
• 4711444 fix: unique names for nested operations (#931)
• 82f1c78 1.10.7: fix for NPM add postinstall scripts
• 1fcc785 1.10.6: use lefthook option in prepare-commit-msg hook too
• ce2058d fix: use lefthook option in ghost hook too (#929)
• e8bf594 fix: typo
• Additional commits viewable in compare view

Updates postcss from 8.4.49 to 8.5.1

Release notes

Sourced from postcss's releases.

8.5.1

• Fixed backwards compatibility for complex cases (by @​romainmenke).

8.5 “Duke Alloces”

PostCSS 8.5 brought API to work better with non-CSS sources like HTML, Vue.js/Svelte sources or CSS-in-JS.

@​romainmenke during his work on Stylelint added Input#document in additional to Input#css.

root.source.input.document //=> "<p>Hello</p>
                           //    <style>
                           //    p {
                           //      color: green;
                           //    }
                           //    </style>"
root.source.input.css      //=> "p {
                           //      color: green;
                           //    }"

Thanks to Sponsors

This release was possible thanks to our community.

If your company wants to support the sustainability of front-end infrastructure or wants to give some love to PostCSS, you can join our supporters by:

• Tidelift with a Spotify-like subscription model supporting all projects from your lock file.
• Direct donations at GitHub Sponsors or Open Collective.

Changelog

Sourced from postcss's changelog.

8.5.1

• Fixed backwards compatibility for complex cases (by @​romainmenke).

8.5 “Duke Alloces”

• Added Input#document for sources like CSS-in-JS or HTML (by @​romainmenke).

Commits

• 7b02c75 Release 8.5.1 version
• 4c15339 Update dependencies
• 7efe91e Improve backwards compat for Input#document (#2000)
• 6873270 Release 8.5 version
• 4223bb9 Fix 80 columns limit
• 80e2401 Add Input#document (#1996)
• 6f86879 Update dependencies
• 85cbbec Fix pnpm version on CI
• 76caa57 Update dependencies
• 46ff246 Move to pnpm 10
• Additional commits viewable in compare view

Updates vite from 6.0.7 to 6.0.9

Release notes

Sourced from vite's releases.

v6.0.9

Please refer to CHANGELOG.md for details.

v6.0.8

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

6.0.9 (2025-01-20)

• fix!: check host header to prevent DNS rebinding attacks and introduce server.allowedHosts (bd896fb)
• fix!: default server.cors: false to disallow fetching from untrusted origins (b09572a)
• fix: verify token for HMR WebSocket connection (029dcd6)

6.0.8 (2025-01-20)

• fix: avoid SSR HMR for HTML files (#19193) (3bd55bc), closes #19193
• fix: build time display 7m 60s (#19108) (cf0d2c8), closes #19108
• fix: don't resolve URL starting with double slash (#19059) (35942cd), closes #19059
• fix: ensure server.close() only called once (#19204) (db81c2d), closes #19204
• fix: resolve.conditions in ResolvedConfig was defaultServerConditions (#19174) (ad75c56), closes #19174
• fix: tree shake stringified JSON imports (#19189) (f2aed62), closes #19189
• fix: use shared sigterm callback (#19203) (47039f4), closes #19203
• fix(deps): update all non-major dependencies (#19098) (8639538), closes #19098
• fix(optimizer): use correct default install state path for yarn PnP (#19119) (e690d8b), closes #19119
• fix(types): improve ESBuildOptions.include / exclude type to allow readonly (string | RegExp)[] (ea53e70), closes #19146
• chore(deps): update dependency pathe to v2 (#19139) (71506f0), closes #19139

Commits

• a55f8ba release: v6.0.9
• bd896fb fix!: check host header to prevent DNS rebinding attacks and introduce `serve...
• 029dcd6 fix: verify token for HMR WebSocket connection
• b09572a fix!: default server.cors: false to disallow fetching from untrusted origins
• c0f72a6 release: v6.0.8
• f2aed62 fix: tree shake stringified JSON imports (#19189)
• db81c2d fix: ensure server.close() only called once (#19204)
• 47039f4 fix: use shared sigterm callback (#19203)
• 3bd55bc fix: avoid SSR HMR for HTML files (#19193)
• e690d8b fix(optimizer): use correct default install state path for yarn PnP (#19119)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[netlify]

✅ Deploy Preview for ucmacm ready!

Name	Link
🔨 Latest commit	7144a79
🔍 Latest deploy log	https://app.netlify.com/sites/ucmacm/deploys/678e1c5467e17800084357ec
😎 Deploy Preview	https://deploy-preview-597--ucmacm.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud