build: bump the all-npm group across 1 directory with 40 updates

[dependabot]

Updates the requirements on @azure/msal-browser, @azure/msal-react, @fluentui/react, @fluentui/react-components, @fluentui/react-file-type-icons, @fluentui/react-icons, @reduxjs/toolkit, @tailwindcss/vite, autoprefixer, axios, js-yaml, lottie-react, lucide-react, messagebar, postcss, react, @types/react, react-dom, @types/react-dom, react-dropzone, react-icons, react-markdown, react-redux, react-router-dom, react-syntax-highlighter, sql-formatter, tailwind-merge, tailwindcss, uuid, @eslint/js, @vitejs/plugin-react, eslint, eslint-plugin-react, eslint-plugin-react-hooks, eslint-plugin-react-refresh, globals, rollup, rollup-plugin-dts, vite and vite-plugin-svgr to permit the latest version.
Updates @azure/msal-browser from 4.7.0 to 5.11.0

Release notes

Sourced from @​azure/msal-browser's releases.

@​azure/msal-browser v5.11.0

5.11.0

Tue, 19 May 2026 19:29:14 GMT

Minor changes

• Add allowPlatformBrokerWithDOM experimental config flag for DOM-based platform brokering #8589 (lalimasharda@microsoft.com)
• Custom Auth: add requestInterceptor configuration option that lets apps attach additional x-* headers to custom-auth backend requests (e.g., for fraud/bot-detection vendors). Headers without the x- prefix and headers starting with reserved prefixes (x-client-, x-ms-, x-broker-, x-app-) are filtered out. #8587 (shen.jian@live.com)
• Bump @​azure/msal-common to v16.6.2 (beachball)

Patches

• Fix logoutHint to check account loginHint before falling back to idTokenClaims #8591 (lalimasharda@microsoft.com)

@​azure/msal-browser v5.10.1

5.10.1

Mon, 11 May 2026 21:48:15 GMT

Patches

• Bump @​azure/msal-common to v16.6.1 (beachball)

@​azure/msal-browser v5.10.0

5.10.0

Thu, 07 May 2026 19:01:04 GMT

Minor changes

• Add native auth e2e sample app (yongdiwang@microsoft.com)
• Remove duplicate typings in the build output #8557 (thomas.norling@microsoft.com)
• Bump @​azure/msal-common to v16.6.0 (beachball)

Patches

• Stop looking in localStorage for temporary cache #8579 (-g)

@​azure/msal-browser v5.9.0

5.9.0

Tue, 28 Apr 2026 21:30:31 GMT

Minor changes

• Bump @​azure/msal-browser to match @​azure/msal-browser-1p (msaljsbuilds@microsoft.com)
• Bump @​azure/msal-common to v16.5.2 (beachball)

Patches

... (truncated)

Commits

• 738ade6 check account loginHint before idTokenClaims setting logoutHint (#8591)
• 1fff290 Add allowPlatformBrokerWithDOM experimental config flag (#8589)
• 99e0895 Custom Auth: add requestInterceptor for custom x-* request headers (#8587)
• ce50f41 Post-release PR (#8585)
• c661401 Complete test tenant migration (#8584)
• bbcc105 Add browser compatibility guidelines and review instructions for msal-browser...
• d7a7eb5 Add issuer validation check whenever MSAL JS performs OIDC endpoint discovery...
• 9884a71 Post-release PR (#8583)
• b4e498c Stop looking in localStorage for temporary cache (#8579)
• 1b261b4 Bump uuid and @​actions/core in /.github/actions/issue_template_bot (#8571)
• Additional commits viewable in compare view

Updates @azure/msal-react from 3.0.6 to 5.4.2

Release notes

Sourced from @​azure/msal-react's releases.

@​azure/msal-react v5.4.2

5.4.2

Tue, 19 May 2026 19:29:14 GMT

Patches

• Bump @​azure/msal-browser to v5.11.0 (beachball)

@​azure/msal-react v5.4.1

5.4.1

Mon, 11 May 2026 21:48:15 GMT

Patches

• Bump @​azure/msal-browser to v5.10.1 (beachball)

@​azure/msal-browser v5.4.0

5.4.0

Mon, 02 Mar 2026 19:25:47 GMT

Minor changes

• Bump @​azure/msal-browser to match @​azure/msal-browser-1p (msaljsbuilds@microsoft.com)
• Bump @​azure/msal-common to v16.2.0 (beachball)
• Bump eslint-config-msal to v0.0.0 (beachball)
• Bump msal-test-utils to v0.0.1 (beachball)
• Bump rollup-msal to v0.0.0 (beachball)

@​azure/msal-react v5.4.0

5.4.0

Thu, 07 May 2026 19:01:04 GMT

Minor changes

• Remove duplicate typings in the build output #8557 (thomas.norling@microsoft.com)
• Bump @​azure/msal-browser to v5.10.0 (beachball)

@​azure/msal-react v5.3.2

5.3.2

Tue, 28 Apr 2026 21:30:33 GMT

Patches

• Bump @​azure/msal-browser to v5.9.0 (beachball)

... (truncated)

Commits

• 738ade6 check account loginHint before idTokenClaims setting logoutHint (#8591)
• 1fff290 Add allowPlatformBrokerWithDOM experimental config flag (#8589)
• 99e0895 Custom Auth: add requestInterceptor for custom x-* request headers (#8587)
• ce50f41 Post-release PR (#8585)
• c661401 Complete test tenant migration (#8584)
• bbcc105 Add browser compatibility guidelines and review instructions for msal-browser...
• d7a7eb5 Add issuer validation check whenever MSAL JS performs OIDC endpoint discovery...
• 9884a71 Post-release PR (#8583)
• b4e498c Stop looking in localStorage for temporary cache (#8579)
• 1b261b4 Bump uuid and @​actions/core in /.github/actions/issue_template_bot (#8571)
• Additional commits viewable in compare view

Updates @fluentui/react from 8.122.9 to 8.125.6

Release notes

Sourced from @​fluentui/react's releases.

@​fluentui/react v8.125.6

Patches

• Bump @​fluentui/foundation-legacy to v8.6.6 (commit)
• Bump @​fluentui/font-icons-mdl2 to v8.5.73 (commit)
• Bump @​fluentui/react-focus to v8.10.6 (commit)
• Bump @​fluentui/style-utilities to v8.15.1 (commit)

Commits

• 6c654e6 release: applying package updates - react v8
• 04bf7a7 release: applying package updates - web-components
• 39041d7 fix: update CDN bundle configurations, enable setTheme on globalThis (#36113)
• db347c7 fix(docs): Card examples reflow at small widths (#36086)
• 7b586d7 Updates for shortcut folders, markdown and other filetype icon fixes. (#35945)
• 094b22f feat(react-storybook-addon): add render-prop slots to FluentDocsPage (#36115)
• 3f57751 fix(react-combobox): use role attribute instead of classname for active desce...
• b9cadd1 release: applying package updates - react-headless
• 6411342 fix(Menu): Highlight expanded menuitem (#36098)
• 4fa64db docs(motion): home pages for motion system & motion components (#35737)
• Additional commits viewable in compare view

Updates @fluentui/react-components from 9.58.2 to 9.74.1

Release notes

Sourced from @​fluentui/react-components's releases.

@​fluentui/react-components v9.74.0

Minor changes

• feat: export contexts for headless (PR #36229 by mainframev)
• feat: export base hooks (PR #36200 by mainframev)
• feat: expose react-menu base hooks (PR #36087 by mainframev)
• feat(react-motion): add replayKey prop to replay motion without remounting (PR #36108 by robertpenner)
• feat: add base hooks and expose them (PR #35812 by dmytrokirpa)
• feat: add OverflowReorderObserver to recompute overflow when items are reordered via React state without a container resize (PR #36231 by layershifter)
• chore: fix after broken release (PR #36037 by layershifter)
• Make Card base hooks tabster-free; expose shouldRestrictTriggerAction on CardBaseProps (PR #36004 by dmytrokirpa)
• feat: re-export motionSlot and presenceMotionSlot from @​fluentui/react-motion (PR #35922 by robertpenner)
• feat: re-export OverflowReorderObserver from @​fluentui/react-overflow (PR #36231 by layershifter)
• feat: expose inline drawer types and base hooks (PR #36042 by dmytrokirpa)

Patches

• chore: bump tabster to ^8.8.0 and keyborg to ^2.14.1 (PR #36082 by layershifter)
• fix: dismiss Tooltip when the document becomes hidden (e.g. tab backgrounded or app switched on mobile) (PR #36023 by Copilot)
• fix(react-tree): support indentation for TreeItem levels greater than 10 via inline CSS variable fallback (PR #36014 by Copilot)
• style: replace deprecated assertion syntax that causes issues to babel tsx (PR #36185 by Hotell)
• fix(Menu): Menu item with expanded submenu should be highlighted (PR #36098 by jurokapsiar)
• fix: update useMenuTriggerBase hook signature (PR #36237 by dmytrokirpa)
• feat: add headless Menu components (PR #36110 by mainframev)
• chore: extract useMenuItemBase_unstable into a separate module (PR #36234 by mainframev)
• fix: close Popover when focus escapes outside while trapFocus is enabled (PR #35995 by petdud)
• revert: revert removal of Griffel dependency from usePortalMount #35994 (PR #36235 by dmytrokirpa)
• fix: avoid pulling griffel in CardHeader and CardPreview base hooks (PR #36194 by dmytrokirpa)
• refactor: move isSafeUrl to chart-utilities package and update imports (PR #36206 by dmytrokirpa)
• safeurl related bug fix (PR #36121 by v-baambati)
• fix(Option): when disabled, hover styles should not show (PR #36077 by smhigley)
• fix: use role attribute instead of classname for active descendant (PR #36109 by dmytrokirpa)

Commits

• 277f63a release: applying package updates - react-components
• 5e0f816 release: applying package updates - web-components
• 1d15557 feat(react-toast): add base hooks/types and re-exports for headless compositi...
• 0aa62de feat: add triage-issues + triage-board skills (+ visual-test hardening) (#36012)
• c70f899 fix(react-tags): decouple useTagGroupBase_unstable from Tabster + export cont...
• 6cdfd51 fix(react-headless-components-preview): update non-modal dialog implementatio...
• 1321fff fix(react-headless-components-preview): descendant clicks no longer trigger d...
• 980c56f release: applying package updates - react v8
• 9317e51 release: applying package updates - react-components
• 116265d fix(ci): install latest 22.x Node to satisfy @​microsoft/fast-build engines (#...
• Additional commits viewable in compare view

Updates @fluentui/react-file-type-icons from 8.12.7 to 8.18.0

Release notes

Sourced from @​fluentui/react-file-type-icons's releases.

@​fluentui/react-file-type-icons v8.18.0

Minor changes

• Support for new markdown, "special folder" filetype icon (default "shortcuts" folder) and other fixes (PR #35945 by bigbadcapers)
• Bump @​fluentui/style-utilities to v8.15.1 (commit)

Commits

• 6c654e6 release: applying package updates - react v8
• 04bf7a7 release: applying package updates - web-components
• 39041d7 fix: update CDN bundle configurations, enable setTheme on globalThis (#36113)
• db347c7 fix(docs): Card examples reflow at small widths (#36086)
• 7b586d7 Updates for shortcut folders, markdown and other filetype icon fixes. (#35945)
• 094b22f feat(react-storybook-addon): add render-prop slots to FluentDocsPage (#36115)
• 3f57751 fix(react-combobox): use role attribute instead of classname for active desce...
• b9cadd1 release: applying package updates - react-headless
• 6411342 fix(Menu): Highlight expanded menuitem (#36098)
• 4fa64db docs(motion): home pages for motion system & motion components (#35737)
• Additional commits viewable in compare view

Updates @fluentui/react-icons from 2.0.274 to 2.0.328

Commits

• See full diff in compare view

Updates @reduxjs/toolkit from 2.5.1 to 2.12.0

Release notes

Sourced from @​reduxjs/toolkit's releases.

v2.12.0

This feature release adds RTK usage skills files (via TanStack Intent) exports the RTK Query hook options types for reusability, fixes issues with infinite query status flags and batching handling, and makes some small TS improvements.

Changelog

Skills Files

We've generated agent skill files that are now included in the RTK package itself in a skills folder. They cover using and migrating to modern RTK, client and server state management, and handling side effects. You can point your agent at these skills yourself, or use TanStack Intent to pick them up.

TypeScript Improvements

The types for our RTK Query hook options are now exported, which lets you stop using Parameters to extract those types for use in your own code.

The types for listener middleware matchers were tweaked to allow interface-based type guards, not just type-based definitions.

The internal IgnorePaths type was renamed to IgnoredPaths for consistency.

We now use the built-in NoInfer util that comes with TS 5.4+.

Fixes

We fixed handling of the isSuccess status flag when switching infinite query cache entries. This should prevent accidental UI flashes that were occurring due to this flag accidentally flipping.

We've added a 100ms timeout fallback to the autoBatch enhancer's requestAnimationFrame timer. We had several reports that rAF didn't work correctly when used in background tabs / opened windows, and that RTK never updated the UI. This should ensure that the updates flush correctly.

What's Changed

• Export hook options types for RTK Query hooks by @​veeceey in reduxjs/redux-toolkit#5218
• Add TanStack Intent skills for Redux Toolkit by @​phryneas in reduxjs/redux-toolkit#5249
• Keep isSuccess: true when switching infinite query cache entries by @​riqts in reduxjs/redux-toolkit#5268
• fix: allow interface-based type guards as listener matcher by @​riqts in reduxjs/redux-toolkit#5269
• fix: add setTimeout fallback to raf autoBatch strategy for background tabs by @​riqts in reduxjs/redux-toolkit#5273
• chore(toolkit): rename IgnorePaths type to IgnoredPaths by @​Ri5ha6h in reduxjs/redux-toolkit#5284
• feat(toolkit)!: switch to native NoInfer utility type by @​aryaemami59 in reduxjs/redux-toolkit#5289

Full Changelog: reduxjs/redux-toolkit@v2.11.2...v2.12.0

v2.11.2

This bugfix release updates the AbortSignal handling to fall back if DOMException isn't available (such as RN environments), and updates the TypedUseInfiniteQueryHookResult type to correctly include fetchNextPage/fetchPreviousPage fields.

Changelog

Bugfixes

The AbortSignal changes in 2.11.1 used DOMException in a couple places to match the expected behavior of AbortSignal, but turns out that's not available in environments like React Native. We've updated the logic to fall back to a plain Error if DOMException isn't available.

The TypedUseInfiniteQueryHookResult type wasn't correctly including the fetchNextPage/fetchPreviousPage fields, and now it does.

What's Changed

... (truncated)

Commits

• 576a02f Release 2.12.0
• de2d55e Merge pull request #5237 from aryaemami59/fix/codegen/generateEndpoints-retur...
• ac807c3 fix(codegen): narrow generateEndpoints return type
• 01ed3ba Merge pull request #5289 from aryaemami59/feat/toolkit/switch-to-native-NoInfer
• 1f16db1 Merge pull request #5290 from aryaemami59/build/toolkit/exclude-test-files-fr...
• 23783c1 build(toolkit): exclude test files from final bundle
• 91b8b0a feat(toolkit)!: switch to native NoInfer utility type
• 0b37f1a Merge pull request #5286 from aryaemami59/docs/toolkit/fix-typos
• 3cd62c8 fix unforwardedActions
• 64853cc chore: fix various typos
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​reduxjs/toolkit since your current version.

Updates @tailwindcss/vite from 4.0.3 to 4.3.0

Release notes

Sourced from @​tailwindcss/vite's releases.

v4.3.0

Added

• Add @container-size utility (#18901)
• Add scrollbar-{auto,thin,none} utilities for scrollbar-width, and scrollbar-thumb-* / scrollbar-track-* color utilities for scrollbar-color (#19981, #20019)
• Add scrollbar-gutter-* utilities (#20018)
• Add zoom-* utilities (#20020)
• Add tab-* utilities (#20022)
• Allow using @variant with stacked variants (e.g. @variant hover:focus { … }) (#19996)
• Allow using @variant with compound variants (e.g. @variant hover, focus { … }) (#19996)
• Support --default(…) in --value(…) and --modifier(…) for functional @utility definitions (#19989)

Fixed

• Ensure @plugin resolves package JavaScript entries instead of browser CSS entries when using @tailwindcss/vite (#19949)
• Fix relative @import and @plugin paths resolving from the wrong directory when using @tailwindcss/vite (#19965)
• Ensure CSS files containing @variant are processed by @tailwindcss/vite (#19966)
• Resolve imports relative to base when result.opts.from is not provided when using @tailwindcss/postcss (#19980)
• Canonicalization: preserve significant _ whitespace in arbitrary values (#19986)
• Canonicalization: add parentheses when removing whitespace from arbitrary values would hurt readability (e.g. w-[calc(100%---spacing(60))] → w-[calc(100%-(--spacing(60)))]) (#19986)
• Canonicalization: preserve the original unit in arbitrary values instead of normalizing to base units (e.g. -mt-[20in] → mt-[-20in], not mt-[-1920px]) (#19988)
• Canonicalization: migrate arbitrary :has() variants from [&:has(…)] to has-[…] (#19991)
• Upgrade: don’t migrate inline style attributes (e.g. style="flex-grow: 1" → style="flex-grow: 1", not style="grow: 1") (#19918)
• Allow multiple @utility definitions with the same name but different value types (#19777)
• Export missing PluginWithConfig type from tailwindcss/plugin to fix errors when inferring plugin config types (#19707)
• Ensure start and end legacy utilities without values do not generate CSS (#20003)
• Ensure --value(…) is required in functional @utility definitions (#20005)
• Canonicalization: preserve required whitespace around operators in negated arbitrary values (e.g. -left-[(var(--a)+var(--b))]) (#20011)

v4.2.4

Fixed

• Ensure imports in @import and @plugin still resolve correctly when using Vite aliases in @tailwindcss/vite (#19947)

v4.2.3

Fixed

• Canonicalization: improve canonicalizations for tracking-* utilities by preferring non-negative utilities (e.g. -tracking-tighter → tracking-wider) (#19827)
• Fix crash due to invalid characters in candidate (exceeding valid unicode code point range) (#19829)
• Ensure query params in imports are considered unique resources when using @tailwindcss/webpack (#19723)
• Canonicalization: collapse arbitrary values into shorthand utilities (e.g. px-[1.2rem] py-[1.2rem] → p-[1.2rem]) (#19837)
• Canonicalization: collapse border-{t,b}-* into border-y-*, border-{l,r}-* into border-x-*, and border-{t,r,b,l}-* into border-* (#19842)
• Canonicalization: collapse scroll-m{t,b}-* into scroll-my-*, scroll-m{l,r}-* into scroll-mx-*, and scroll-m{t,r,b,l}-* into scroll-m-* (#19842)
• Canonicalization: collapse scroll-p{t,b}-* into scroll-py-*, scroll-p{l,r}-* into scroll-px-*, and scroll-p{t,r,b,l}-* into scroll-p-* (#19842)
• Canonicalization: collapse overflow-{x,y}-* into overflow-* (#19842)
• Canonicalization: collapse overscroll-{x,y}-* into overscroll-* (#19842)
• Read from --placeholder-color instead of --background-color for placeholder-* utilities (#19843)
• Upgrade: ensure files are not emptied out when killing the upgrade process while it's running (#19846)
• Upgrade: use config.content when migrating from Tailwind CSS v3 to Tailwind CSS v4 (#19846)
• Upgrade: never migrate files that are ignored by git (#19846)

... (truncated)

Changelog

Sourced from @​tailwindcss/vite's changelog.

[4.3.0] - 2026-05-08

Added

• Add @container-size utility (#18901)
• Add scrollbar-{auto,thin,none} utilities for scrollbar-width, and scrollbar-thumb-* / scrollbar-track-* color utilities for scrollbar-color (#19981, #20019)
• Add scrollbar-gutter-* utilities (#20018)
• Add zoom-* utilities (#20020)
• Add tab-* utilities (#20022)
• Allow using @variant with stacked variants (e.g. @variant hover:focus { … }) (#19996)
• Allow using @variant with compound variants (e.g. @variant hover, focus { … }) (#19996)
• Support --default(…) in --value(…) and --modifier(…) for functional @utility definitions (#19989)

Fixed

• Ensure @plugin resolves package JavaScript entries instead of browser CSS entries when using @tailwindcss/vite (#19949)
• Fix relative @import and @plugin paths resolving from the wrong directory when using @tailwindcss/vite (#19965)
• Ensure CSS files containing @variant are processed by @tailwindcss/vite (#19966)
• Resolve imports relative to base when result.opts.from is not provided when using @tailwindcss/postcss (#19980)
• Canonicalization: preserve significant _ whitespace in arbitrary values (#19986)
• Canonicalization: add parentheses when removing whitespace from arbitrary values would hurt readability (e.g. w-[calc(100%---spacing(60))] → w-[calc(100%-(--spacing(60)))]) (#19986)
• Canonicalization: preserve the original unit in arbitrary values instead of normalizing to base units (e.g. -mt-[20in] → mt-[-20in], not mt-[-1920px]) (#19988)
• Canonicalization: migrate arbitrary :has() variants from [&:has(…)] to has-[…] (#19991)
• Upgrade: don’t migrate inline style attributes (e.g. style="flex-grow: 1" → style="flex-grow: 1", not style="grow: 1") (#19918)
• Allow multiple @utility definitions with the same name but different value types (#19777)
• Export missing PluginWithConfig type from tailwindcss/plugin to fix errors when inferring plugin config types (#19707)
• Ensure start and end legacy utilities without values do not generate CSS (#20003)
• Ensure --value(…) is required in functional @utility definitions (#20005)
• Canonicalization: preserve required whitespace around operators in negated arbitrary values (e.g. -left-[(var(--a)+var(--b))]) (#20011)

[4.2.4] - 2026-04-21

Fixed

• Ensure imports in @import and @plugin still resolve correctly when using Vite aliases in @tailwindcss/vite (#19947)

[4.2.3] - 2026-04-20

Fixed

• Canonicalization: improve canonicalization for tracking-* utilities by preferring non-negative utilities (e.g. -tracking-tighter → tracking-wider) (#19827)
• Fix crash due to invalid characters in candidate (exceeding valid unicode code point range) (#19829)
• Ensure query params in imports are considered unique resources when using @tailwindcss/webpack (#19723)
• Canonicalization: collapse arbitrary values into shorthand utilities (e.g. px-[1.2rem] py-[1.2rem] → p-[1.2rem]) (#19837)
• Canonicalization: collapse border-{t,b}-* into border-y-*, border-{l,r}-* into border-x-*, and border-{t,r,b,l}-* into border-* (#19842)
• Canonicalization: collapse scroll-m{t,b}-* into scroll-my-*, scroll-m{l,r}-* into scroll-mx-*, and scroll-m{t,r,b,l}-* into scroll-m-* (#19842)
• Canonicalization: collapse scroll-p{t,b}-* into scroll-py-*, scroll-p{l,r}-* into scroll-px-*, and scroll-p{t,r,b,l}-* into scroll-p-* (#19842)
• Canonicalization: collapse overflow-{x,y}-* into overflow-* (#19842)
• Canonicalization: collapse overscroll-{x,y}-* into overscroll-* (#19842)
• Read from --placeholder-color instead of --background-color for placeholder-* utilities (#19843)

... (truncated)

Commits

• 588bd73 4.3.0 (#20023)
• d194d4c docs: fix various typos in comments and documentation (#19878)
• db27049 fix(@​tailwindcss/vite): include @​variant in feature detection (#19966)
• 5a79990 Always resolve relative files, relative to the current .css file (#19965)
• f3fdda2 fix(vite): avoid resolving JS plugins to browser CSS entries (#19949)
• 69ad7cc 4.2.4 (#19948)
• 685c19e Fix issue around resolving paths in @tailwindcss/vite (#19947)
• 2e3fa49 4.2.3 (#19944)
• 5cb1efd fix(vite): resolve tsconfig paths in CSS and JS resolvers (#19803)
• d596b0c 4.2.2 (#19821)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​tailwindcss/vite since your current version.

Updates autoprefixer from 10.4.20 to 10.5.0

Release notes

Sourced from autoprefixer's releases.

10.5.0 “Each Endeavouring, All Achieving”

• Added mask-position-x and mask-position-y support (by @​toporek).

10.4.27

• Removed development key from package.json.

10.4.26

• Reduced package size.

10.4.25

• Fixed broken gradients on CSS Custom Properties (by @​serger777).

10.4.24

• Made Autoprefixer a little faster (by @​Cherry).

10.4.23

• Reduced dependencies (by @​hyperz111).

10.4.22

• Fixed stretch prefixes on new Can I Use database.
• Updated fraction.js.

10.4.21

• Fixed old -moz- prefix for :placeholder-shown (by @​Marukome0743).

Changelog

Sourced from autoprefixer's changelog.

10.5.0 “Each Endeavouring, All Achieving”

• Added mask-position-x and mask-position-y support (by @​toporek).

10.4.27

• Removed development key from package.json.

10.4.26

• Reduced package size.

10.4.25

• Fixed broken gradients on CSS Custom Properties (by @​serger777).

10.4.24

• Made Autoprefixer a little faster (by @​Cherry).

10.4.23

• Reduced dependencies (by @​hyperz111).

10.4.22

• Fixed stretch prefixes on new Can I Use database.
• Updated fraction.js.

10.4.21

• Fixed old -moz- prefix for :placeholder-shown (by @​Marukome0743).

Commits

• faf456a Release 10.5 version
• b841fc5 Update dependencies
• 47d6e68 Update email
• 45cfc08 Replace ESLint and Prettier to oxlint and oxfmt
• 7e3ec7d Add prefixing support for mask-position-x and mask-position-y (#1548)
• 360f2d9 Release 10.4.27 version
• ab5260c Update clean-publish
• 09e9dd1 Release 10.4.26 version
• ec75540 Ignore local patches
• 59601b8 Update c8 and clean-publish
• Additional commits viewable in compare view

Updates axios from 1.7.9 to 1.16.1

Release notes

Sourced from axios's releases.

v1.16.1 — May 13, 2026

This release ships a defence-in-depth fix for prototype pollution in formDataToJSON, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.

🔒 Security Fixes

• Prototype Pollution Defence-in-Depth: Hardened formDataToJSON against already-polluted Object.prototype by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (#7413)
• Proxy Cleartext Leak: Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (#10858)
• CI Cache Removal: Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (#10882)

🐛 Bug Fixes

• Data URI Parsing: Updated the fromDataURI regex to match RFC 2397 more strictly, fixing edge cases in data: URL handling. (#10829)
• Unicode Headers: Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (#10850)
• XHR Upload Progress: Guarded against malformed ProgressEvent payloads emitted by some environments during XHR upload, preventing crashes when loaded / total are missing or invalid. (#10868)
• Webpack 4 Fetch Adapter: Fixed an "unexpected token" error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (#10864)
• Type Definitions: Made parseReviver context.source optional in the type definitions to align with the ES2023 specification. (#10837)
• URL Object Support Reverted: Reverted the change that allowed passing a URL object as config.url (originally #10866) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (Description has been truncated