chore(deps): bump the dependencies group across 1 directory with 6 updates

[dependabot]

Bumps the dependencies group with 6 updates in the / directory:

Package	From	To
react	18.3.1	19.1.0
@types/react	18.3.5	19.1.5
react-dom	18.3.1	19.1.0
sanitize-html	2.16.0	2.17.0
@types/sanitize-html	2.15.0	2.16.0
swagger-ui-react	5.21.0	5.22.0

Updates react from 18.3.1 to 19.1.0

Release notes

Sourced from react's releases.

19.1.0 (March 28, 2025)

Owner Stack

An Owner Stack is a string representing the components that are directly responsible for rendering a particular component. You can log Owner Stacks when debugging or use Owner Stacks to enhance error overlays or other development tools. Owner Stacks are only available in development builds. Component Stacks in production are unchanged.

• An Owner Stack is a development-only stack trace that helps identify which components are responsible for rendering a particular component. An Owner Stack is distinct from a Component Stacks, which shows the hierarchy of components leading to an error.
• The captureOwnerStack API is only available in development mode and returns a Owner Stack, if available. The API can be used to enhance error overlays or log component relationships when debugging. #29923, #32353, #30306, #32538, #32529, #32538

React

• Enhanced support for Suspense boundaries to be used anywhere, including the client, server, and during hydration. #32069, #32163, #32224, #32252
• Reduced unnecessary client rendering through improved hydration scheduling #31751
• Increased priority of client rendered Suspense boundaries #31776
• Fixed frozen fallback states by rendering unfinished Suspense boundaries on the client. #31620
• Reduced garbage collection pressure by improving Suspense boundary retries. #31667
• Fixed erroneous “Waiting for Paint” log when the passive effect phase was not delayed #31526
• Fixed a regression causing key warnings for flattened positional children in development mode. #32117
• Updated useId to use valid CSS selectors, changing format from :r123: to «r123». #32001
• Added a dev-only warning for null/undefined created in useEffect, useInsertionEffect, and useLayoutEffect. #32355
• Fixed a bug where dev-only methods were exported in production builds. React.act is no longer available in production builds. #32200
• Improved consistency across prod and dev to improve compatibility with Google Closure Complier and bindings #31808
• Improve passive effect scheduling for consistent task yielding. #31785
• Fixed asserts in React Native when passChildrenWhenCloningPersistedNodes is enabled for OffscreenComponent rendering. #32528
• Fixed component name resolution for Portal #32640
• Added support for beforetoggle and toggle events on the dialog element. #32479 #32479

React DOM

• Fixed double warning when the href attribute is an empty string #31783
• Fixed an edge case where getHoistableRoot() didn’t work properly when the container was a Document #32321
• Removed support for using HTML comments (e.g. <!-- -->) as a DOM container. #32250
• Added support for <script> and \<template> tags to be nested within <select> tags. #31837
• Fixed responsive images to be preloaded as HTML instead of headers #32445

use-sync-external-store

• Added exports field to package.json for use-sync-external-store to support various entrypoints. #25231

React Server Components

• Added unstable_prerender, a new experimental API for prerendering React Server Components on the server #31724
• Fixed an issue where streams would hang when receiving new chunks after a global error #31840, #31851
• Fixed an issue where pending chunks were counted twice. #31833
• Added support for streaming in edge environments #31852
• Added support for sending custom error names from a server so that they are available in the client for console replaying. #32116
• Updated the server component wire format to remove IDs for hints and console.log because they have no return value #31671
• Exposed registerServerReference in client builds to handle server references in different environments. #32534
• Added react-server-dom-parcel package which integrates Server Components with the Parcel bundler #31725, #32132, #31799, #32294, #31741

19.0.0 (December 5, 2024)

Below is a list of all new features, APIs, deprecations, and breaking changes. Read React 19 release post and React 19 upgrade guide for more information.

Note: To help make the upgrade to React 19 easier, we’ve published a react@18.3 release that is identical to 18.2 but adds warnings for deprecated APIs and other changes that are needed for React 19. We recommend upgrading to React 18.3.1 first to help identify any issues before upgrading to React 19.

... (truncated)

Changelog

Sourced from react's changelog.

19.1.0 (March 28, 2025)

Owner Stack

An Owner Stack is a string representing the components that are directly responsible for rendering a particular component. You can log Owner Stacks when debugging or use Owner Stacks to enhance error overlays or other development tools. Owner Stacks are only available in development builds. Component Stacks in production are unchanged.

• An Owner Stack is a development-only stack trace that helps identify which components are responsible for rendering a particular component. An Owner Stack is distinct from a Component Stacks, which shows the hierarchy of components leading to an error.
• The captureOwnerStack API is only available in development mode and returns a Owner Stack, if available. The API can be used to enhance error overlays or log component relationships when debugging. #29923, #32353, #30306, #32538, #32529, #32538

React

• Enhanced support for Suspense boundaries to be used anywhere, including the client, server, and during hydration. #32069, #32163, #32224, #32252
• Reduced unnecessary client rendering through improved hydration scheduling #31751
• Increased priority of client rendered Suspense boundaries #31776
• Fixed frozen fallback states by rendering unfinished Suspense boundaries on the client. #31620
• Reduced garbage collection pressure by improving Suspense boundary retries. #31667
• Fixed erroneous “Waiting for Paint” log when the passive effect phase was not delayed #31526
• Fixed a regression causing key warnings for flattened positional children in development mode. #32117
• Updated useId to use valid CSS selectors, changing format from :r123: to «r123». #32001
• Added a dev-only warning for null/undefined created in useEffect, useInsertionEffect, and useLayoutEffect. #32355
• Fixed a bug where dev-only methods were exported in production builds. React.act is no longer available in production builds. #32200
• Improved consistency across prod and dev to improve compatibility with Google Closure Complier and bindings #31808
• Improve passive effect scheduling for consistent task yielding. #31785
• Fixed asserts in React Native when passChildrenWhenCloningPersistedNodes is enabled for OffscreenComponent rendering. #32528
• Fixed component name resolution for Portal #32640
• Added support for beforetoggle and toggle events on the dialog element. #32479 #32479

React DOM

• Fixed double warning when the href attribute is an empty string #31783
• Fixed an edge case where getHoistableRoot() didn’t work properly when the container was a Document #32321
• Removed support for using HTML comments (e.g. <!-- -->) as a DOM container. #32250
• Added support for <script> and \<template> tags to be nested within <select> tags. #31837
• Fixed responsive images to be preloaded as HTML instead of headers #32445

use-sync-external-store

• Added exports field to package.json for use-sync-external-store to support various entrypoints. #25231

React Server Components

• Added unstable_prerender, a new experimental API for prerendering React Server Components on the server #31724
• Fixed an issue where streams would hang when receiving new chunks after a global error #31840, #31851
• Fixed an issue where pending chunks were counted twice. #31833
• Added support for streaming in edge environments #31852
• Added support for sending custom error names from a server so that they are available in the client for console replaying. #32116
• Updated the server component wire format to remove IDs for hints and console.log because they have no return value #31671
• Exposed registerServerReference in client builds to handle server references in different environments. #32534
• Added react-server-dom-parcel package which integrates Server Components with the Parcel bundler #31725, #32132, #31799, #32294, #31741

19.0.0 (December 5, 2024)

Below is a list of all new features, APIs, deprecations, and breaking changes. Read React 19 release post and React 19 upgrade guide for more information.

... (truncated)

Commits

• 4a9df08 Stop creating Owner Stacks if many have been created recently (#32529)
• b630219 [refactor] move isValidElementType to react-is (#32518)
• 1a19170 [refactor] Add element type for Activity (#32499)
• 6aa8254 Add ref to Fragment (#32465)
• e0fe347 [flags] remove enableOwnerStacks (#32426)
• 70f1d76 [flow] Eliminate usage of global React types in ReactNativeTypes.js (#32330)
• 0d9834c build: add support to the rollup build for building typescript packages (#32393)
• a53da6a Add useSwipeTransition Hook Behind Experimental Flag (#32373)
• 32b0cad Enable owner stacks in Canary builds (#32053)
• ed8b68d Stop exporting dev-only methods in OSS production builds (#32200)
• Additional commits viewable in compare view

Updates @types/react from 18.3.5 to 19.1.5

Commits

• See full diff in compare view

Updates react-dom from 18.3.1 to 19.1.0

Release notes

Sourced from react-dom's releases.

19.1.0 (March 28, 2025)

Owner Stack

An Owner Stack is a string representing the components that are directly responsible for rendering a particular component. You can log Owner Stacks when debugging or use Owner Stacks to enhance error overlays or other development tools. Owner Stacks are only available in development builds. Component Stacks in production are unchanged.

• An Owner Stack is a development-only stack trace that helps identify which components are responsible for rendering a particular component. An Owner Stack is distinct from a Component Stacks, which shows the hierarchy of components leading to an error.
• The captureOwnerStack API is only available in development mode and returns a Owner Stack, if available. The API can be used to enhance error overlays or log component relationships when debugging. #29923, #32353, #30306, #32538, #32529, #32538

React

• Enhanced support for Suspense boundaries to be used anywhere, including the client, server, and during hydration. #32069, #32163, #32224, #32252
• Reduced unnecessary client rendering through improved hydration scheduling #31751
• Increased priority of client rendered Suspense boundaries #31776
• Fixed frozen fallback states by rendering unfinished Suspense boundaries on the client. #31620
• Reduced garbage collection pressure by improving Suspense boundary retries. #31667
• Fixed erroneous “Waiting for Paint” log when the passive effect phase was not delayed #31526
• Fixed a regression causing key warnings for flattened positional children in development mode. #32117
• Updated useId to use valid CSS selectors, changing format from :r123: to «r123». #32001
• Added a dev-only warning for null/undefined created in useEffect, useInsertionEffect, and useLayoutEffect. #32355
• Fixed a bug where dev-only methods were exported in production builds. React.act is no longer available in production builds. #32200
• Improved consistency across prod and dev to improve compatibility with Google Closure Complier and bindings #31808
• Improve passive effect scheduling for consistent task yielding. #31785
• Fixed asserts in React Native when passChildrenWhenCloningPersistedNodes is enabled for OffscreenComponent rendering. #32528
• Fixed component name resolution for Portal #32640
• Added support for beforetoggle and toggle events on the dialog element. #32479 #32479

React DOM

• Fixed double warning when the href attribute is an empty string #31783
• Fixed an edge case where getHoistableRoot() didn’t work properly when the container was a Document #32321
• Removed support for using HTML comments (e.g. <!-- -->) as a DOM container. #32250
• Added support for <script> and \<template> tags to be nested within <select> tags. #31837
• Fixed responsive images to be preloaded as HTML instead of headers #32445

use-sync-external-store

• Added exports field to package.json for use-sync-external-store to support various entrypoints. #25231

React Server Components

• Added unstable_prerender, a new experimental API for prerendering React Server Components on the server #31724
• Fixed an issue where streams would hang when receiving new chunks after a global error #31840, #31851
• Fixed an issue where pending chunks were counted twice. #31833
• Added support for streaming in edge environments #31852
• Added support for sending custom error names from a server so that they are available in the client for console replaying. #32116
• Updated the server component wire format to remove IDs for hints and console.log because they have no return value #31671
• Exposed registerServerReference in client builds to handle server references in different environments. #32534
• Added react-server-dom-parcel package which integrates Server Components with the Parcel bundler #31725, #32132, #31799, #32294, #31741

19.0.0 (December 5, 2024)

Below is a list of all new features, APIs, deprecations, and breaking changes. Read React 19 release post and React 19 upgrade guide for more information.

Note: To help make the upgrade to React 19 easier, we’ve published a react@18.3 release that is identical to 18.2 but adds warnings for deprecated APIs and other changes that are needed for React 19. We recommend upgrading to React 18.3.1 first to help identify any issues before upgrading to React 19.

... (truncated)

Changelog

Sourced from react-dom's changelog.

19.1.0 (March 28, 2025)

Owner Stack

An Owner Stack is a string representing the components that are directly responsible for rendering a particular component. You can log Owner Stacks when debugging or use Owner Stacks to enhance error overlays or other development tools. Owner Stacks are only available in development builds. Component Stacks in production are unchanged.

• An Owner Stack is a development-only stack trace that helps identify which components are responsible for rendering a particular component. An Owner Stack is distinct from a Component Stacks, which shows the hierarchy of components leading to an error.
• The captureOwnerStack API is only available in development mode and returns a Owner Stack, if available. The API can be used to enhance error overlays or log component relationships when debugging. #29923, #32353, #30306, #32538, #32529, #32538

React

• Enhanced support for Suspense boundaries to be used anywhere, including the client, server, and during hydration. #32069, #32163, #32224, #32252
• Reduced unnecessary client rendering through improved hydration scheduling #31751
• Increased priority of client rendered Suspense boundaries #31776
• Fixed frozen fallback states by rendering unfinished Suspense boundaries on the client. #31620
• Reduced garbage collection pressure by improving Suspense boundary retries. #31667
• Fixed erroneous “Waiting for Paint” log when the passive effect phase was not delayed #31526
• Fixed a regression causing key warnings for flattened positional children in development mode. #32117
• Updated useId to use valid CSS selectors, changing format from :r123: to «r123». #32001
• Added a dev-only warning for null/undefined created in useEffect, useInsertionEffect, and useLayoutEffect. #32355
• Fixed a bug where dev-only methods were exported in production builds. React.act is no longer available in production builds. #32200
• Improved consistency across prod and dev to improve compatibility with Google Closure Complier and bindings #31808
• Improve passive effect scheduling for consistent task yielding. #31785
• Fixed asserts in React Native when passChildrenWhenCloningPersistedNodes is enabled for OffscreenComponent rendering. #32528
• Fixed component name resolution for Portal #32640
• Added support for beforetoggle and toggle events on the dialog element. #32479 #32479

React DOM

• Fixed double warning when the href attribute is an empty string #31783
• Fixed an edge case where getHoistableRoot() didn’t work properly when the container was a Document #32321
• Removed support for using HTML comments (e.g. <!-- -->) as a DOM container. #32250
• Added support for <script> and \<template> tags to be nested within <select> tags. #31837
• Fixed responsive images to be preloaded as HTML instead of headers #32445

use-sync-external-store

• Added exports field to package.json for use-sync-external-store to support various entrypoints. #25231

React Server Components

• Added unstable_prerender, a new experimental API for prerendering React Server Components on the server #31724
• Fixed an issue where streams would hang when receiving new chunks after a global error #31840, #31851
• Fixed an issue where pending chunks were counted twice. #31833
• Added support for streaming in edge environments #31852
• Added support for sending custom error names from a server so that they are available in the client for console replaying. #32116
• Updated the server component wire format to remove IDs for hints and console.log because they have no return value #31671
• Exposed registerServerReference in client builds to handle server references in different environments. #32534
• Added react-server-dom-parcel package which integrates Server Components with the Parcel bundler #31725, #32132, #31799, #32294, #31741

19.0.0 (December 5, 2024)

Below is a list of all new features, APIs, deprecations, and breaking changes. Read React 19 release post and React 19 upgrade guide for more information.

... (truncated)

Commits

• 7943da1 Set accurate value for alwaysThrottleRetries on www (#32684)
• 476f538 Add getClientRects to fragment instances (#32660)
• c69a5fc Add blur() and focusLast() to fragment instances (#32654)
• cd28a94 Add observer methods to fragment instances (#32619)
• 6aa8254 Add ref to Fragment (#32465)
• 029e8bd Add Owner Stack to attribute hydration mismatches (#32538)
• aac177c Support beforetoggle/toggle events for dialog (#32479)
• e0fe347 [flags] remove enableOwnerStacks (#32426)
• 2e4db33 Use valid CSS selectors in useId format (#32001)
• 9b042f9 [Fizz] Responsive images should not be preloaded with link headers (#32445)
• Additional commits viewable in compare view

Updates sanitize-html from 2.16.0 to 2.17.0

Changelog

Sourced from sanitize-html's changelog.

2.17.0 (2025-05-14)

• Add preserveEscapedAttributes, allowing attributes on escaped disallowed tags to be retained. Thanks to Ben Elliot for this new option.

Commits

• 86efc06 Merge pull request #705 from apostrophecms/release-2.17.0
• c487e77 release 2.17.0
• da16903 Merge pull request #704 from apostrophecms/add-thanks-to-changelog
• 0e5d881 Update CHANGELOG
• 614e7df Merge pull request #668 from benelliott/feature/preserve-escaped-attributes-2
• 8628cea Update README.md
• f07ce9d README.md: Add warning on usage of preserveEscapedAttributes
• 27de3a8 Add test demonstrating that preserveEscapedAttributes doesn't affect behaviou...
• 3d2893e Add documentation for preserveEscapedAttributes option
• ae1dc35 Add preserveEscapedAttributes option to allow attributes on escaped disallo...
• See full diff in compare view

Updates @types/sanitize-html from 2.15.0 to 2.16.0

Commits

• See full diff in compare view

Updates swagger-ui-react from 5.21.0 to 5.22.0

Release notes

Sourced from swagger-ui-react's releases.

Swagger UI v5.22.0 Released!

5.22.0 (2025-05-21)

Bug Fixes

• assure parameter is an immutable map when grouping parameters (#10457) (8577d71)
• avoid accessing properties of empty Example Objects (#10453) (6a07ac8)
• docker: address CVE-2025-32414/CVE-2025-32415 (#10461) (01e380e)
• json-schema-2020-12-samples: generate proper samples for XML atttributes (#10459) (5d346fd)
• oauth2: avoid processing authorizationUrl when it is not a string (#10452) (119052e)
• security: update Axios to non-vulnerable 1.9.0 version (#10460) (c85865c)
• spec: assure operation is an immutable map in operations selectors (#10454) (b6151d4)
• spec: avoid accessing $ref when path item is not an object (#10456) (581d544)
• use spec compliant JSON Pointer implementation (#10455) (2f0cbba)

Features

• observability: allow defining custom uncaught exception handler (#10462) (0a438f2)

Commits

• 4b37bf2 chore(release): cut the v5.22.0 release
• 0a438f2 feat(observability): allow defining custom uncaught exception handler (#10462)
• 01e380e fix(docker): address CVE-2025-32414/CVE-2025-32415 (#10461)
• c85865c fix(security): update Axios to non-vulnerable 1.9.0 version (#10460)
• 5d346fd fix(json-schema-2020-12-samples): generate proper samples for XML atttributes...
• 581d544 fix(spec): avoid accessing $ref when path item is not an object (#10456)
• 8577d71 fix: assure parameter is an immutable map when grouping parameters (#10457)
• b6151d4 fix(spec): assure operation is an immutable map in operations selectors (#10454)
• 2f0cbba fix: use spec compliant JSON Pointer implementation (#10455)
• 119052e fix(oauth2): avoid processing authorizationUrl when it is not a string (#10452)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​types/​sanitize-html@​2.15.0 ⏵ 2.16.0	+1		+1
	@​types/​react@​18.3.5 ⏵ 19.1.5	+1		+1

View full report

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.