Bump the npm-all-dependencies group in /web/frontend with 7 updates

[dependabot]

Bumps the npm-all-dependencies group in /web/frontend with 7 updates:

Package	From	To
zod	4.1.13	4.2.1
@types/node	25.0.2	25.0.3
eslint-plugin-react-refresh	0.4.25	0.4.26
lucide-react	0.561.0	0.562.0
react-hook-form	7.68.0	7.69.0
typescript-eslint	8.49.0	8.50.0
vite	7.2.7	7.3.0

Updates zod from 4.1.13 to 4.2.1

Release notes

Sourced from zod's releases.

v4.2.1

Commits:

• 5b5b129315fbc94a3b0d6244185eaeefcbe438d1 4.2.1

v4.2.0

Features

Implement Standard JSON Schema

standard-schema/standard-schema#134

Implement z.fromJSONSchema()

const jsonSchema = {
  type: "object",
  properties: {
    name: { type: "string" },
    age: { type: "number" }
  },
  required: ["name"]
};
const schema = z.fromJSONSchema(jsonSchema);

Implement z.xor()

const schema = z.xor(
  z.object({ type: "user", name: z.string() }),
  z.object({ type: "admin", role: z.string() })
);
// Exactly one of the schemas must match

Implement z.looseRecord()

const schema = z.looseRecord(z.string(), z.number());
// Allows additional properties beyond those defined

Commits:

• af49c084f66339110d00e37ff71dc7b3b9f2b7ef Update docs for JSON Schema conversion of z.undefined() (#5504)
• 767f320318986e422f524b939f1a7174544fda2e Add .toJSONSchema() method (#5477)
• e17dcb63573397063e87d7c7fe10a5a78968181a Add z.fromJSONSchema(), z.looseRecord(), z.xor() (#5534)

Commits

• 5b5b129 4.2.1
• dcef973 v4.2.0
• e17dcb6 Add z.fromJSONSchema(), z.looseRecord(), z.xor() (#5534)
• d632df3 Update next
• 767f320 Add .toJSONSchema() method (#5477)
• 325a701 Add pullfrog.yml workflow
• 4972727 Update Next.js and React Flight RCE advisory (#5515)
• af49c08 Update docs for JSON Schema conversion of z.undefined() (#5504)
• fb66ee1 fix(mini): export ZodMiniJSONSchema types to prevent TS4023 (#5511)
• 6e968a3 Add convex-helpers to the ecosystem docs (#5470)
• Additional commits viewable in compare view

Updates @types/node from 25.0.2 to 25.0.3

Commits

• See full diff in compare view

Updates eslint-plugin-react-refresh from 0.4.25 to 0.4.26

Release notes

Sourced from eslint-plugin-react-refresh's releases.

v0.4.26

• Revert changes to fix #93 (fixes #95)

Changelog

Sourced from eslint-plugin-react-refresh's changelog.

0.4.26

• Revert changes to fix #93 (fixes #95)

Commits

• 95c02ba Revert "Catch non React exports defined as call expressions"(fixes #95) [publ...
• 8ea312d Update the name of next config (vite -> next) (#96)
• See full diff in compare view

Updates lucide-react from 0.561.0 to 0.562.0

Release notes

Sourced from lucide-react's releases.

Version 0.562.0

What's Changed

• fix(icons): changed paint-bucket icon by @​jguddas in lucide-icons/lucide#3880
• fix(site): Fix and unify color-picker font-size by @​taimar in lucide-icons/lucide#3889
• fix(react-native-web): only add className prop to parent Icon component by @​jguddas in lucide-icons/lucide#3892
• fix(lucide-react-native): remove icons namespace export to enable tree-shaking by @​jtomaszewski in lucide-icons/lucide#3868
• feat(icons): added toolbox icon by @​karsa-mistmere in lucide-icons/lucide#3871

New Contributors

• @​taimar made their first contribution in lucide-icons/lucide#3889
• @​jtomaszewski made their first contribution in lucide-icons/lucide#3868

Full Changelog: lucide-icons/lucide@0.561.0...0.562.0

Commits

• See full diff in compare view

Updates react-hook-form from 7.68.0 to 7.69.0

Release notes

Sourced from react-hook-form's releases.

🎄 Version 7.69.0

📏 feat: align API with useWatch (#13192) 🤦🏻‍♂️ chore: update @​deprecated names prop on (#13198) 🏥 chore: safely call function methods on elements (#13190) 🪖 chore: cve-2025-67779 (#13196) 🪖 chore: cve-2025-55184 & cve-2025-55183 (#13194) 🪖 chore: CVE-2025-55182 Critical RCE vulnerabilty (#13175) 🔬 test: add regression tests for #12837 and #13136 (#13187) 🐞 fix(reset): preserve isValid state when keepIsValid option is used (#13173) 🐞 fix: ensure each createFormControl.subscribe subscription listens only to the changes it subscribes to (#12968) 🐞 fix(validation): batch isValidating state updates with validation result (#13181) 🐞 fix(createFormControl): resolve race condition between setError and setFocus (#13138) (#13169) 🧿 fix control prop type (#13189) 🔔 chore: clean cloneObject logic (#13179)

thanks to @​PierreCrb, @​a28689604, @​AnuragM7666, @​ap0nia, @​dusan233 & @​hlongc

Commits

• 3e6f681 7.69.0
• 0fa39b4 👌 chore: update dev deps (#13200)
• 5c5f710 🤦🏻‍♂️ chore: update @​deprecated names prop on \<Watch /> (#13198)
• 1e27637 🪖 fix: cve-2025-67779 (#13196)
• 0676cc7 🔬 test: add regression tests for #12837 and #13136 (#13187)
• 2a681a9 📏 feat: align \<Watch /> API with useWatch (#13192)
• 1eabdc6 🪖 fix: cve-2025-55184 & cve-2025-55183 (#13194)
• aa79ac9 🏥 chore: safely call function methods on elements (#13190)
• 3f821ac 🧿 fix \<Watch /> control prop type (#13189)
• 64eec9b 🐞 fix(reset): preserve isValid state when keepIsValid option is used (#13173)
• Additional commits viewable in compare view

Updates typescript-eslint from 8.49.0 to 8.50.0

Release notes

Sourced from typescript-eslint's releases.

v8.50.0

8.50.0 (2025-12-15)

🚀 Features

• eslint-plugin: [no-useless-default-assignment] add rule (#11720)

❤️ Thank You

• Josh Goldberg ✨
• Ulrich Stark

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from typescript-eslint's changelog.

8.50.0 (2025-12-15)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

Commits

• c62e858 chore(release): publish 8.50.0
• See full diff in compare view

Updates vite from 7.2.7 to 7.3.0

Release notes

Sourced from vite's releases.

v7.3.0

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

7.3.0 (2025-12-15)

Features

• deps: update esbuild from ^0.25.0 to ^0.27.0 (#21183) (cff26ec)

Commits

• acf7e05 release: v7.3.0
• cff26ec feat(deps): update esbuild from ^0.25.0 to ^0.27.0 (#21183)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions