chore(deps): bump the app-production-minor-patch group in /securebuild-app with 9 updates

[dependabot]

Bumps the app-production-minor-patch group in /securebuild-app with 9 updates:

Package	From	To
cytoscape	3.33.1	3.33.2
dd-trace	5.93.0	5.95.0
jotai	2.19.0	2.19.1
next	16.2.1	16.2.2
nodemailer	8.0.4	8.0.5
parse-duration	2.1.5	2.1.6
react-hook-form	7.72.0	7.72.1
react-resizable-panels	4.8.0	4.9.0
ts-jest	29.4.6	29.4.9

Updates cytoscape from 3.33.1 to 3.33.2

Release notes

Sourced from cytoscape's releases.

v3.33.2

Release version v3.33.2

Commits

• 5e46557 3.33.2
• d790c9e Build 3.33.2
• 2e50aca Docs: Add 3.33.2 to versions.json
• 9e7841e Merge branch 'unstable' into 'master'
• 31e2cfd Merge branch 'fix/polygon-miter-bounds' into unstable
• 34ecc63 Merge pull request #3432 from LeeBhin/fix/polygon-miter-bounds
• 816e980 Merge pull request #3433 from jmg421/docs/fix-es5-esm-description
• 37bf20a Merge pull request #3435 from jmg421/docs/fix-readme-build-targets
• a3bd0ff Move polygon bounds tests from Mocha to Playwright suite
• 9a33f6a docs: fix build target list in README (umd listed twice, missing cjs)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by mikekucera, a new releaser for cytoscape since your current version.

Updates dd-trace from 5.93.0 to 5.95.0

Release notes

Sourced from dd-trace's releases.

5.95.0

• [e2b2bae2a7] - (SEMVER-MINOR) [test optimization] Add filesystem cache for test optimization API requests (Juan Antonio Fernández de Alba) #7919
• [a7de9c024e] - (SEMVER-PATCH) fix(llmobs): set default model provider to unknown in openai and anthropic (Xinyuan Guo) #7913
• [e90f4e590f] - (SEMVER-PATCH) increse llm obs size limit from 1mb to 5mb in line with python version and documentation (Forrest Wargo) #7921
• [ce653ab5d1] - (SEMVER-PATCH) chore(config): add generated config type foundation (Ruben Bridgewater) #7915
• [934261acf6] - (SEMVER-PATCH) remove xslt transformation (Charles de Beauchesne) #7918
• [f94162c95a] - (SEMVER-MINOR) docs: update index.d.ts tracer options to align with actual config (Ruben Bridgewater) #7897
• [1457f8717b] - (SEMVER-PATCH) test: ignore stale generated workspaces during plugin installs (Ruben Bridgewater) #7896
• [bbebb264d8] - (SEMVER-PATCH) chore: apply simplifications and hot-path cleanups (Ruben Bridgewater) #7895
• [90ea84c151] - (SEMVER-PATCH) test(integration): make integration tests more resilient (Ruben Bridgewater) #7894
• [7d241baa68] - (SEMVER-PATCH) test(integration): harden shared helpers and noisy expectations (Ruben Bridgewater) #7893
• [853635a1d4] - (SEMVER-PATCH) chore: update one pipeline to latest version (Ruben Bridgewater) #7909
• [532c7a8784] - (SEMVER-PATCH) chore: use backported orchestrion (Roch Devost) #7799

5.94.0

• [b5b0d50499] - (SEMVER-PATCH) [test optimization] Gate dynamic name detection test behind contextNewVersions (Juan Antonio Fernández de Alba) #7908
• [b716461847] - (SEMVER-PATCH) ci: set JS-specific injection package size ratchet (Loic Nageleisen) #7907
• [84741f318d] - (SEMVER-PATCH) [test optimization] Fix jest worker information passing (Juan Antonio Fernández de Alba) #7903
• [2bb443c01b] - (SEMVER-MINOR) feat(test-optimization): create final_status tag on test event for mocha (Sebastián Kay) #7844
• [e5c5a9bcd2] - (SEMVER-PATCH) fixed jest finalStatus tag test suite (Sebastián Kay) #7904
• [87051d8af6] - (SEMVER-PATCH) [test optimization] Remove jest final status tag dead code (Sebastián Kay) #7906
• [6a9c89a949] - (SEMVER-PATCH) chore(deps): bump the gh-actions-packages group across 3 directories with 2 updates (dependabot[bot]) #7901
• [174fdd2693] - (SEMVER-PATCH) chore(deps-dev): bump the dev-minor-and-patch-dependencies group across 2 directories with 4 updates (dependabot[bot]) #7899
• [2d765e35e6] - (SEMVER-PATCH) chore(CI): update SLOs (Fayssal DEFAA) #7883
• [bcae91f376] - (SEMVER-MINOR) feat(ci-vis): add cursor-based pagination for known tests endpoint (Calvin Bayer) #7866
• [840ee2a254] - (SEMVER-PATCH) chore(tests): Made tests use real spans instead of plain objects (Pablo Erhard) #7887
• [2dd93e28b2] - (SEMVER-PATCH) chore: bump @​datadog/openfeature-node-server to ^1.1.1 (Leo Romanovsky) #7884
• [edb42361b8] - (SEMVER-MINOR) [test optimization] Add support for --workerThreads flag in jest (Juan Antonio Fernández de Alba) #7840
• [51e9264d17] - (SEMVER-MINOR) [test optimization] Detect and warn about new tests with dynamic names (Juan Antonio Fernández de Alba) #7841
• [f9d26d61f9] - (SEMVER-MINOR) [test optimization] Propagate test span context during vitest test execution (Juan Antonio Fernández de Alba) #7882
• [1733e9759a] - (SEMVER-PATCH) chore: update profiler to 5.14.1 (Attila Szegedi) #7868
• [777c7b7097] - (SEMVER-PATCH) chore(deps): bump oxc-parser from 0.118.0 to 0.121.0 in the runtime-minor-and-patch-dependencies group across 1 directory (dependabot[bot]) #7871
• [26d31d0f3f] - (SEMVER-PATCH) chore(deps): bump the gh-actions-packages group across 5 directories with 6 updates (dependabot[bot]) #7873
• [e7ef9861d2] - (SEMVER-PATCH) chore(deps-dev): bump the dev-minor-and-patch-dependencies group across 1 directory with 4 updates (dependabot[bot]) #7870
• [97a8a2e3f7] - (SEMVER-PATCH) chore: re-enable dependabot (moezein0) #7865
• [d33e99c671] - (SEMVER-PATCH) update all-green script to rerun failed workflows once (Roch Devost) #7847
• [d07ba70f17] - (SEMVER-PATCH) chore(deps): bump picomatch in the npm_and_yarn group across 1 directory (dependabot[bot]) #7863
• [3c57767c28] - (SEMVER-PATCH) fix(profiler): Remove endpoint recomputation, promptly observe tag updates (Attila Szegedi) #7864
• [64890d7c25] - (SEMVER-MINOR) feat(bundler): add webpack 5 plugin for dd-trace bundling (Thomas Hunter II) #7647
• [84b7da9d1a] - (SEMVER-PATCH) test(profiling): remove profilerStarted() usage from test programs (Attila Szegedi) #7857
• [01ea223d19] - (SEMVER-PATCH) Only intercept enterWith() for span-carrying legacy storage (Attila Szegedi) #7858

Commits

• 7999eff v5.95.0
• be54964 [test optimization] Add filesystem cache for test optimization API requests (...
• c051359 fix(llmobs): set default model provider to unknown in openai and anthropic (#...
• b02fb00 increse llm obs size limit from 1mb to 5mb in line with python version and do...
• 849d3cd chore(config): add generated config type foundation (#7915)
• 8bdc696 remove xslt transformation (#7918)
• 7d7db7e docs: update index.d.ts tracer options to align with actual config (#7897)
• a00d126 test: ignore stale generated workspaces during plugin installs (#7896)
• 6159c3b chore: apply simplifications and hot-path cleanups (#7895)
• 202c64d test(integration): make integration tests more resilient (#7894)
• Additional commits viewable in compare view

Updates jotai from 2.19.0 to 2.19.1

Release notes

Sourced from jotai's releases.

v2.19.1

This release includes several small refactors to improve performance.

What's Changed

• fix(vanilla/utils/atomWithObservable): use symbol index signature to avoid 'Symbol.observable' type reference by @​sukvvon in pmndrs/jotai#3274
• refactor(internals): replace nextDeps with prevDeps by @​dmaskasky in pmndrs/jotai#3278
• refactor(internals): reduce recomputeInvalidatedAtoms overhead (performance) by @​dmaskasky in pmndrs/jotai#3284
• refactor(internals): reduce flushPending overhead (performance) by @​dmaskasky in pmndrs/jotai#3285
• fix(internals): check if atom has dependencies before doing mountDependencies work (performance) by @​dmaskasky in pmndrs/jotai#3290
• fix(internals): check if atom has onMount property before queueing processOnMount callback (performance) by @​dmaskasky in pmndrs/jotai#3291
• refactor(types): prefer no-any by @​dai-shi in pmndrs/jotai#3304

New Contributors

• @​aio39 made their first contribution in pmndrs/jotai#3277

Full Changelog: pmndrs/jotai@v2.19.0...v2.19.1

Commits

• 1fae772 2.19.1
• 7924a8b chore(deps): update dev dependencies (#3306)
• aa61ef5 test: add spec for #3296 (#3305)
• 91ffe6d refactor(types): prefer no-any (#3304)
• e0afc70 fix(internals): check if atom has onMount property before queueing processOnM...
• b2aafbc fix(internals): check if atom has dependencies before doing mountDependencies...
• 9b72d0e refactor: flushPending improve performance (#3285)
• a6392f1 refactor(internals): reduce recomputeInvalidatedAtoms overhead (performance) ...
• 280f3a0 refactor(internals): replace nextDeps with prevDeps (#3278)
• 7e07e1b fix(vanilla/utils/atomWithObservable): use symbol index signature to avoid 'S...
• Additional commits viewable in compare view

Updates next from 16.2.1 to 16.2.2

Release notes

Sourced from next's releases.

v16.2.2

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• backport: Move expanded adapters docs to API reference (#92115) (#92129)
• Backport: TypeScript v6 deprecations for baseUrl and moduleResolution (#92130)
• [create-next-app] Skip interactive prompts when CLI flags are provided (#91840)
• next.config.js: Accept an option for serverFastRefresh (#91968)
• Turbopack: enable server HMR for app route handlers (#91466)
• Turbopack: exclude metadata routes from server HMR (#92034)
• Fix CI for glibc linux builds
• Backport: disable bmi2 in qfilter #92177
• [backport] Fix CSS HMR on Safari (#92174)

Credits

Huge thanks to @​nextjs-bot, @​icyJoseph, @​ijjk, @​gaojude, @​wbinnssmith, @​lukesandberg, and @​bgw for helping!

Commits

• 52faae3 v16.2.2
• 8d0f77b Backport: #92177
• e151e5f Fix CI for glibc linux builds
• 1a319ea [backport] Fix CSS HMR on Safari (#92174)
• c0edad2 Turbopack: exclude metadata routes from server HMR (#92034)
• d644699 Turbopack: enable server HMR for app route handlers (#91466)
• 34de2ca next.config.js: Accept an option for serverFastRefresh (#91968)
• c4779d1 [create-next-app] Skip interactive prompts when CLI flags are provided (#91840)
• edcf19a Backport: TypeScript v6 deprecations for baseUrl and moduleResolution (#92130)
• eee3f52 backport: Move expanded adapters docs to API reference (#92115) (#92129)
• Additional commits viewable in compare view

Updates nodemailer from 8.0.4 to 8.0.5

Release notes

Sourced from nodemailer's releases.

v8.0.5

8.0.5 (2026-04-07)

Bug Fixes

• decode SMTP server responses as UTF-8 at line boundary (95876b1)
• sanitize CRLF in transport name option to prevent SMTP command injection (GHSA-vvjj-xcjg-gr5g) (0a43876)

Changelog

Sourced from nodemailer's changelog.

8.0.5 (2026-04-07)

Bug Fixes

• decode SMTP server responses as UTF-8 at line boundary (95876b1)
• sanitize CRLF in transport name option to prevent SMTP command injection (GHSA-vvjj-xcjg-gr5g) (0a43876)

Commits

• 202cfb3 chore(master): release 8.0.5 (#1809)
• b634abf docs: add CLAUDE.md with project conventions and release process
• 95876b1 fix: decode SMTP server responses as UTF-8 at line boundary
• 0a43876 fix: sanitize CRLF in transport name option to prevent SMTP command injection...
• 08e59e6 chore: update dev dependencies
• See full diff in compare view

Updates parse-duration from 2.1.5 to 2.1.6

Commits

• 201bc57 v2.1.6
• b0563da feat: add sideEffects false for tree-shaking
• See full diff in compare view

Updates react-hook-form from 7.72.0 to 7.72.1

Release notes

Sourced from react-hook-form's releases.

Version 7.72.1

🐞 fix: add isDirty check for numeric string keys in defaultValues (issue #13346) (#13347) 🐞 fix: prevent setValue with shouldDirty from polluting unrelated dirty fields (#13326) 🐞 fix: memoize control in HookFormControlContext to prevent render conflicts (#13272) (#13312) 🐞 fix: isNameInFieldArray should check all ancestor paths for nested field arrays (#13318) 🐞 fix: #13320 formState.isValid incorrect on Controller re-mount (#13324)

thanks to @​6810779s, @​candymask0712, @​olagokemills, @​shahmir-oscilar & @​bae080311

Commits

• 724e563 7.72.1
• ba649e9 🐞 test: add isDirty check for numeric string keys in defaultValues (issue #13...
• 2f56eb0 🛖 build(deps): bump yaml from 1.10.2 to 1.10.3 in /app (#13335)
• f29f546 👯 combine duplicated code (#13328)
• 2cfc8a5 🐞 fix: prevent setValue with shouldDirty from polluting unrelated dirty field...
• 44e8815 🐞 fix: memoize control in HookFormControlContext to prevent render conflicts ...
• 302d160 🐞 fix: isNameInFieldArray should check all ancestor paths for nested field ar...
• d7ccd70 🦾 dev deps upgrade (#13325)
• fddf779 🐞 fix: #13320 formState.isValid incorrect on Controller re-mount (#13324)
• 26ae54e 🛖 build(deps-dev): bump rollup from 4.53.3 to 4.59.0 (#13323)
• See full diff in compare view

Updates react-resizable-panels from 4.8.0 to 4.9.0

Release notes

Sourced from react-resizable-panels's releases.

4.9.0

• 702: Add disableDoubleClick prop to Separator to enable turning off the double-click size reset behavior.

Changelog

Sourced from react-resizable-panels's changelog.

4.9.0

• 702: Add disableDoubleClick prop to Separator to enable turning off the double-click size reset behavior.

Commits

• 50f05ab 4.8.0 -> 4.9.0
• 897d576 Add disableDoubleClick prop to Separator (#702)
• See full diff in compare view

Updates ts-jest from 29.4.6 to 29.4.9

Release notes

Sourced from ts-jest's releases.

v29.4.9

Please refer to CHANGELOG.md for details.

v29.4.8

No release notes provided.

v29.4.7

Please refer to CHANGELOG.md for details.

Changelog

Sourced from ts-jest's changelog.

29.4.7 (2026-04-01)

Features

• support TypeScript v6 (eda517d)

Commits

• bac2e77 chore(release): bump version to 29.4.9
• f8a9cc9 fix: use correct registry for npm OIDC trusted publishing
• e2eec26 fix: npm permissions
• 263f2ac chore: remove npm auth token
• 5df0e45 OIDC
• f82c144 Merge pull request #5250 from kulshekhar/copilot/bump-patch-version
• e6ec5ae Update CHANGELOG.md
• 62c3199 Update CHANGELOG.md
• 052e751 Bump patch version to 29.4.7
• f79e77b Merge pull request #5249 from ext/feature/ts6-peer
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for ts-jest since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies, npm, securebuild-app. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.