Dependency Dashboard

[renovate]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
View this repository on the Mend.io Web Portal.

Deprecations / Replacements

Warning

The following dependencies are either deprecated or have replacements available.

Datasource	Package	Replacement PR?
npm	@types/csrf

Rate-Limited

The following updates are currently rate-limited. To force their creation now, click on a checkbox below.

• chore(deps): update dependency tailwind-merge to v3.6.0

Open

The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.

• chore(deps): update dependency @tanstack/react-query to v5.100.9
• chore(deps): update dependency eslint to v10.3.0
• chore(deps): update dependency eslint-plugin-react-hooks to v7.1.1
• chore(deps): update dependency express-rate-limit to v8.5.1
• chore(deps): update dependency react-router-dom to v7.15.0
• chore(deps): update nginx docker tag to v1.30.0
• chore(deps): update tailwindcss monorepo to v4.3.0 (@tailwindcss/vite, tailwindcss)
• chore(deps): update typescript-eslint monorepo to v8.59.2 (@typescript-eslint/eslint-plugin, @typescript-eslint/parser, typescript-eslint)
• chore(deps): update actions/dependency-review-action action to v5
• chore(deps): update dependency pnpm to v11
• Click on this checkbox to rebase all open PRs at once

PR Closed (Blocked)

The following updates are blocked by an existing closed PR. To recreate the PR, click on a checkbox below.

• chore(deps): update dependency lucide-react to v1.14.0
• chore(deps): update prisma monorepo to v7.8.0 (@prisma/adapter-pg, @prisma/client, prisma)
• chore(deps): update pnpm/action-setup action to v6

Detected Dependencies

docker-compose (1)

docker/docker-compose.yml (2)

• postgres 18-alpine
• redis 8-alpine

dockerfile (2)

docker/Dockerfile.backend (2)

• node 25-alpine
• node 25-alpine

docker/Dockerfile.frontend (2)

• node 25-alpine
• nginx 1.29.8-alpine → [Updates: 1.30.0-alpine]

github-actions (3)

.github/workflows/ci.yml (12)

• actions/checkout v6.0.2
• pnpm/action-setup v5 → [Updates: v6]
• actions/setup-node v6
• actions/upload-artifact v7
• actions/checkout v6.0.2
• pnpm/action-setup v5 → [Updates: v6]
• actions/setup-node v6
• actions/upload-artifact v7
• pnpm 10 → [Updates: 11]
• node 24
• pnpm 10 → [Updates: 11]
• node 24

.github/workflows/lockfile-update.yml (5)

• actions/checkout v6.0.2
• pnpm/action-setup v5 → [Updates: v6]
• actions/setup-node v6
• pnpm 10 → [Updates: 11]
• node 24

.github/workflows/security.yml (27)

• actions/checkout v6.0.2
• github/codeql-action v4
• pnpm/action-setup v5 → [Updates: v6]
• actions/setup-node v6
• github/codeql-action v4
• actions/checkout v6.0.2
• aquasecurity/trivy-action v0.36.0@ed142fd0673e97e23eac54620cfb913e5ce36c25
• github/codeql-action v4
• actions/checkout v6.0.2
• aquasecurity/trivy-action v0.36.0@ed142fd0673e97e23eac54620cfb913e5ce36c25
• github/codeql-action v4
• actions/checkout v6.0.2
• aquasecurity/trivy-action v0.36.0@ed142fd0673e97e23eac54620cfb913e5ce36c25
• github/codeql-action v4
• actions/checkout v6.0.2
• actions/dependency-review-action v4 → [Updates: v5.0.0]
• actions/checkout v6.0.2
• pnpm/action-setup v5 → [Updates: v6]
• actions/setup-node v6
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• gitleaks/gitleaks-action v2
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• azure/setup-helm v5
• pnpm 10 → [Updates: 11]
• node 24
• pnpm 10 → [Updates: 11]
• node 24

helm-values (1)

helm/renovate-dashboard/values.yaml (2)

• postgres 18-alpine
• redis 8-alpine

npm (5)

backend/package.json (36)

• @octokit/rest ^22.0.1
• @prisma/adapter-pg ^7.6.0 → [Updates: ^7.6.0]
• @prisma/client ^7.6.0 → [Updates: ^7.6.0]
• @socket.io/redis-adapter ^8.3.0
• connect-redis ^9.0.0
• cookie-parser ^1.4.7
• cors ^2.8.6
• csrf ^3.1.0
• dotenv ^17.3.1 → [Updates: ^17.3.1]
• express ^5.2.1
• express-rate-limit ^8.3.2 → [Updates: ^8.3.2]
• express-session ^1.19.0
• helmet ^8.1.0
• morgan ^1.10.1
• node-cron ^4.2.1
• pg ^8.20.0
• redis ^5.11.0
• socket.io ^4.8.3
• zod ^4.3.6 → [Updates: ^4.3.6]
• @eslint/js ^10.0.1
• @types/cookie-parser ^1.4.10
• @types/cors ^2.8.19
• @types/csrf ^3.1.3
• @types/express ^5.0.6
• @types/express-session ^1.18.2
• @types/morgan ^1.9.10
• @types/node ^25.5.0 → [Updates: ^25.5.0]
• @typescript-eslint/eslint-plugin ^8.58.1 → [Updates: ^8.58.1]
• @typescript-eslint/parser ^8.58.1 → [Updates: ^8.58.1]
• @vitest/coverage-v8 ^4.1.2
• eslint ^10.1.0 → [Updates: ^10.1.0]
• prisma ^7.6.0 → [Updates: ^7.6.0]
• tsx ^4.21.0
• typescript ^6.0.0
• typescript-eslint ^8.58.1 → [Updates: ^8.58.1]
• vitest ^4.1.2

frontend/.vite/deps/package.json

frontend/package.json (28)

• @hashicorp/design-system-tokens ^5.0.0
• @tanstack/react-query ^5.95.2 → [Updates: ^5.95.2]
• class-variance-authority ^0.7.1
• clsx ^2.1.1
• lucide-react ^1.7.0 → [Updates: ^1.7.0]
• react ^19.2.4 → [Updates: ^19.2.4]
• react-dom ^19.2.4 → [Updates: ^19.2.4]
• react-router-dom ^7.13.2 → [Updates: ^7.13.2]
• recharts ^3.8.1
• socket.io-client ^4.8.3
• tailwind-merge ^3.5.0 → [Updates: ^3.5.0]
• @eslint/js ^10.0.1
• @tailwindcss/vite ^4.2.2 → [Updates: ^4.2.2]
• @types/react ^19.2.14
• @types/react-dom ^19.2.3
• @typescript-eslint/eslint-plugin ^8.58.1 → [Updates: ^8.58.1]
• @typescript-eslint/parser ^8.58.1 → [Updates: ^8.58.1]
• @vitejs/plugin-react ^6.0.1
• @vitest/coverage-v8 ^4.1.2
• autoprefixer ^10.4.27
• eslint ^10.1.0 → [Updates: ^10.1.0]
• eslint-plugin-react-hooks ^7.0.1 → [Updates: ^7.0.1]
• postcss ^8.5.8 → [Updates: ^8.5.8]
• tailwindcss ^4.2.4 → [Updates: ^4.2.4]
• typescript ^6.0.0
• typescript-eslint ^8.58.1 → [Updates: ^8.58.1]
• vite ^8.0.5 → [Updates: ^8.0.5]
• vitest ^4.1.2

package.json (7)

• concurrently ^9.2.1
• node >=24.0.0
• defu >=6.1.5
• picomatch >=4.0.4
• hono >=4.12.14
• @hono/node-server >=1.19.13
• postcss >=8.5.10

pnpm-workspace.yaml

renovate-config (1)

renovate.json

---

• Check this box to trigger a request for Renovate to run again on this repository