Bump esbuild, @vitejs/plugin-react, vite, vite-plugin-node-polyfills and vite-plugin-pwa in /frontend

[dependabot]

Bumps esbuild to 0.25.10 and updates ancestor dependencies esbuild, @vitejs/plugin-react, vite, vite-plugin-node-polyfills and vite-plugin-pwa. These dependencies need to be updated together.

Updates esbuild from 0.21.5 to 0.25.10

Release notes

Sourced from esbuild's releases.

v0.25.10

• Fix a panic in a minification edge case (#4287)

  This release fixes a panic due to a null pointer that could happen when esbuild inlines a doubly-nested identity function and the final result is empty. It was fixed by emitting the value undefined in this case, which avoids the panic. This case must be rare since it hasn't come up until now. Here is an example of code that previously triggered the panic (which only happened when minifying):

  function identity(x) { return x }
  identity({ y: identity(123) })

• Fix @supports nested inside pseudo-element (#4265)

  When transforming nested CSS to non-nested CSS, esbuild is supposed to filter out pseudo-elements such as ::placeholder for correctness. The CSS nesting specification says the following:

  The nesting selector cannot represent pseudo-elements (identical to the behavior of the ':is()' pseudo-class). We’d like to relax this restriction, but need to do so simultaneously for both ':is()' and '&', since they’re intentionally built on the same underlying mechanisms.

  However, it seems like this behavior is different for nested at-rules such as @supports, which do work with pseudo-elements. So this release modifies esbuild's behavior to now take that into account:

  /* Original code */
  ::placeholder {
    color: red;
    body & { color: green }
    @supports (color: blue) { color: blue }
  }
  /* Old output (with --supported:nesting=false) */
  ::placeholder {
  color: red;
  }
  body :is() {
  color: green;
  }
  @​supports (color: blue) {
  {
  color: blue;
  }
  }
  /* New output (with --supported:nesting=false) */
  ::placeholder {
  color: red;
  }
  body :is() {
  color: green;
  }
  @​supports (color: blue) {
  ::placeholder {
  color: blue;
  }

... (truncated)

Changelog

Sourced from esbuild's changelog.

Changelog: 2024

This changelog documents all esbuild versions published in the year 2024 (versions 0.19.12 through 0.24.2).

0.24.2

• Fix regression with --define and import.meta (#4010, #4012, #4013)

  The previous change in version 0.24.1 to use a more expression-like parser for define values to allow quoted property names introduced a regression that removed the ability to use --define:import.meta=.... Even though import is normally a keyword that can't be used as an identifier, ES modules special-case the import.meta expression to behave like an identifier anyway. This change fixes the regression.

  This fix was contributed by @​sapphi-red.

0.24.1

• Allow es2024 as a target in tsconfig.json (#4004)

  TypeScript recently added es2024 as a compilation target, so esbuild now supports this in the target field of tsconfig.json files, such as in the following configuration file:

  {
    "compilerOptions": {
      "target": "ES2024"
    }
  }

  As a reminder, the only thing that esbuild uses this field for is determining whether or not to use legacy TypeScript behavior for class fields. You can read more in the documentation.

  This fix was contributed by @​billyjanitsch.

• Allow automatic semicolon insertion after get/set

  This change fixes a grammar bug in the parser that incorrectly treated the following code as a syntax error:

  class Foo {
    get
    *x() {}
    set
    *y() {}
  }

  The above code will be considered valid starting with this release. This change to esbuild follows a similar change to TypeScript which will allow this syntax starting with TypeScript 5.7.

• Allow quoted property names in --define and --pure (#4008)

  The define and pure API options now accept identifier expressions containing quoted property names. Previously all identifiers in the identifier expression had to be bare identifiers. This change now makes --define and --pure consistent with --global-name, which already supported quoted property names. For example, the following is now possible:

... (truncated)

Commits

• d6b668f publish 0.25.10 to npm
• 5088c19 refactor: use strings.Builder (#4290)
• 755da31 run make update-compat-table
• a1d9c86 fix #4287: marked the wrong issue as fixed
• 73a0b2a fix #4286: minifier panic due to identity function
• 134dadf fix #4265: @supports nested inside ::pseudo
• 195e05c publish 0.25.9 to npm
• 3dac33f fix #3131, fix #3663: yarnpnp + windows + D drive
• 0f2c5c8 mock fs now supports multiple volumes on windows
• 100a51e split out yarnpnp snapshot tests
• Additional commits viewable in compare view

Updates @vitejs/plugin-react from 4.3.1 to 4.7.0

Release notes

Sourced from @​vitejs/plugin-react's releases.

plugin-react@4.7.0

Add HMR support for compound components (#518)

HMR now works for compound components like this:

const Root = () => <div>Accordion Root</div>
const Item = () => <div>Accordion Item</div>
export const Accordion = { Root, Item }

Return Plugin[] instead of PluginOption[] (#537)

The return type has changed from react(): PluginOption[] to more specialized type react(): Plugin[]. This allows for type-safe manipulation of plugins, for example:

// previously this causes type errors
react({ babel: { plugins: ['babel-plugin-react-compiler'] } })
  .map(p => ({ ...p, applyToEnvironment: e => e.name === 'client' }))

plugin-react@4.6.0

Add raw Rolldown support

This plugin only worked with Vite. But now it can also be used with raw Rolldown. The main purpose for using this plugin with Rolldown is to use react compiler.

plugin-react@4.5.2

Suggest @vitejs/plugin-react-oxc if rolldown-vite is detected #491

Emit a log which recommends @vitejs/plugin-react-oxc when rolldown-vite is detected to improve performance and use Oxc under the hood. The warning can be disabled by setting disableOxcRecommendation: false in the plugin options.

Use optimizeDeps.rollupOptions instead of optimizeDeps.esbuildOptions for rolldown-vite #489

This suppresses the warning about optimizeDeps.esbuildOptions being deprecated in rolldown-vite.

Add Vite 7-beta to peerDependencies range #497

React plugins are compatible with Vite 7, this removes the warning when testing the beta.

plugin-react@4.5.1

Add explicit semicolon in preambleCode #485

This fixes an edge case when using HTML minifiers that strips line breaks aggressively.

plugin-react@4.5.0

Add filter for rolldown-vite #470

Added filter so that it is more performant when running this plugin with rolldown-powered version of Vite.

... (truncated)

Changelog

Sourced from @​vitejs/plugin-react's changelog.

4.7.0 (2025-07-18)

Add HMR support for compound components (#518)

HMR now works for compound components like this:

const Root = () => <div>Accordion Root</div>
const Item = () => <div>Accordion Item</div>
export const Accordion = { Root, Item }

Return Plugin[] instead of PluginOption[] (#537)

The return type has changed from react(): PluginOption[] to more specialized type react(): Plugin[]. This allows for type-safe manipulation of plugins, for example:

// previously this causes type errors
react({ babel: { plugins: ['babel-plugin-react-compiler'] } })
  .map(p => ({ ...p, applyToEnvironment: e => e.name === 'client' }))

4.6.0 (2025-06-23)

Add raw Rolldown support

This plugin only worked with Vite. But now it can also be used with raw Rolldown. The main purpose for using this plugin with Rolldown is to use react compiler.

4.5.2 (2025-06-10)

Suggest @vitejs/plugin-react-oxc if rolldown-vite is detected #491

Emit a log which recommends @vitejs/plugin-react-oxc when rolldown-vite is detected to improve performance and use Oxc under the hood. The warning can be disabled by setting disableOxcRecommendation: true in the plugin options.

Use optimizeDeps.rollupOptions instead of optimizeDeps.esbuildOptions for rolldown-vite #489

This suppresses the warning about optimizeDeps.esbuildOptions being deprecated in rolldown-vite.

Add Vite 7-beta to peerDependencies range #497

React plugins are compatible with Vite 7, this removes the warning when testing the beta.

4.5.1 (2025-06-03)

Add explicit semicolon in preambleCode #485

This fixes an edge case when using HTML minifiers that strips line breaks aggressively.

4.5.0 (2025-05-23)

... (truncated)

Commits

• 8041706 release: plugin-react@4.7.0
• bbfd1b7 chore: update changelog for #537
• fdc9d9a feat: add hmr support for compound components (#518)
• d14f31d fix(deps): update all non-major dependencies (#568)
• 22be17f build: use tsdown for plugin-react / plugin-react-oxc (#554)
• 840f0b1 chore(deps): update prettier (#556)
• cfe2912 fix(deps): update all non-major dependencies (#540)
• 11f56d6 fix: return Plugin[] instead of PluginOption[] (#537)
• 9da5e19 fix(deps): update all non-major dependencies (#519)
• 1583c5d chore: remove Vite 7 beta from supported range (#517)
• Additional commits viewable in compare view

Updates vite from 5.4.20 to 7.1.6

Release notes

Sourced from vite's releases.

v7.1.6

Please refer to CHANGELOG.md for details.

v7.1.5

Please refer to CHANGELOG.md for details.

v7.1.4

Please refer to CHANGELOG.md for details.

v7.1.3

Please refer to CHANGELOG.md for details.

v7.1.2

Please refer to CHANGELOG.md for details.

create-vite@7.1.2

Please refer to CHANGELOG.md for details.

v7.1.1

Please refer to CHANGELOG.md for details.

create-vite@7.1.1

Please refer to CHANGELOG.md for details.

plugin-legacy@7.1.0

Please refer to CHANGELOG.md for details.

create-vite@7.1.0

Please refer to CHANGELOG.md for details.

v7.1.0

Please refer to CHANGELOG.md for details.

v7.1.0-beta.1

Please refer to CHANGELOG.md for details.

v7.1.0-beta.0

Please refer to CHANGELOG.md for details.

v7.0.7

Please refer to CHANGELOG.md for details.

v7.0.6

Please refer to CHANGELOG.md for details.

v7.0.5

Please refer to CHANGELOG.md for details.

v7.0.4

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

7.1.6 (2025-09-18)

Bug Fixes

• deps: update all non-major dependencies (#20773) (88af2ae)
• esbuild: inject esbuild helper functions with minified $ variables correctly (#20761) (7e8e004)
• fallback terser to main thread when nameCache is provided (#20750) (a679a64)
• types: strict env typings fail when skipLibCheck is false (#20755) (cc54e29)

Miscellaneous Chores

• deps: update rolldown-related dependencies (#20675) (a67bb5f)
• deps: update rolldown-related dependencies (#20772) (d785e72)

7.1.5 (2025-09-08)

Bug Fixes

• apply fs.strict check to HTML files (#20736) (14015d7)
• deps: update all non-major dependencies (#20732) (122bfba)
• upgrade sirv to 3.0.2 (#20735) (09f2b52)

7.1.4 (2025-09-01)

Bug Fixes

• add missing awaits (#20697) (79d10ed)
• deps: update all non-major dependencies (#20676) (5a274b2)
• deps: update all non-major dependencies (#20709) (0401feb)
• pass rollup watch options when building in watch mode (#20674) (f367453)

Miscellaneous Chores

• remove unused constants entry from rolldown.config.ts (#20710) (537fcf9)

Code Refactoring

• remove unnecessary minify parameter from finalizeCss (#20701) (8099582)

7.1.3 (2025-08-19)

Features

• cli: add Node.js version warning for unsupported versions (#20638) (a1be1bf)
• generate code frame for parse errors thrown by terser (#20642) (a9ba017)
• support long lines in generateCodeFrame (#20640) (1559577)

Bug Fixes

• deps: update all non-major dependencies (#20634) (4851cab)
• optimizer: incorrect incompatible error (#20439) (446fe83)
• support multiline new URL(..., import.meta.url) expressions (#20644) (9ccf142)

Performance Improvements

... (truncated)

Commits

• 54377f7 release: v7.1.6
• 88af2ae fix(deps): update all non-major dependencies (#20773)
• d785e72 chore(deps): update rolldown-related dependencies (#20772)
• cc54e29 fix(types): strict env typings fail when skipLibCheck is false (#20755)
• 7e8e004 fix(esbuild): inject esbuild helper functions with minified $ variables cor...
• a679a64 fix: fallback terser to main thread when nameCache is provided (#20750)
• a67bb5f chore(deps): update rolldown-related dependencies (#20675)
• 5647540 release: v7.1.5
• 09f2b52 fix: upgrade sirv to 3.0.2 (#20735)
• 14015d7 fix: apply fs.strict check to HTML files (#20736)
• Additional commits viewable in compare view

Updates vite-plugin-node-polyfills from 0.21.0 to 0.24.0

Release notes

Sourced from vite-plugin-node-polyfills's releases.

v0.24.0

• Add rolldown-vite support
• Fix broken v0.23.1 build

v0.23.1

• Allow installation in Vite v7 projects

v0.23.0

• Improve performance when not using globals
• Support Vite v6

v0.22.0

• Stop defining globals when they are disabled

Commits

• 6df518b Release v0.24.0
• ca49ba3 Add rolldown-vite support (#128)
• 001ec8a Release v0.23.1
• 2f59f12 Update package.json fixes #127 (#130)
• 8d68d4f Release v0.23.0
• 5f36379 Avoid creating an inject plugin when there are no shims to inject (#101)
• c40a478 Add support for Vite v6 (#114)
• ed544c3 Make it possible to run CI manually
• 4566d76 Release v0.22.0
• e8d7e4a Fix linter errors
• Additional commits viewable in compare view

Updates vite-plugin-pwa from 0.20.5 to 1.0.3

Release notes

Sourced from vite-plugin-pwa's releases.

v1.0.3

   🐞 Bug Fixes

• Add origin to scope_extensions to comply with the spec and get rid of warning  -  by @​CodingDive in vite-pwa/vite-plugin-pwa#880 (aa078)

   🏎 Performance

• Add hook filters  -  by @​sapphi-red in vite-pwa/vite-plugin-pwa#877 (db4ec)

    View changes on GitHub

v1.0.2

   🚀 Features

• pwa-assets: Add additional checks to resolve images  -  by @​userquin in vite-pwa/vite-plugin-pwa#876 (03404)

    View changes on GitHub

v1.0.1

   🐞 Bug Fixes

• Added vite 7.0.0 support  -  by @​hasanparasteh in vite-pwa/vite-plugin-pwa#868 (34229)

    View changes on GitHub

v1.0.0

   🚨 Breaking Changes

• Update @vite-pwa/assets-generator to v1.0.0  -  by @​userquin in vite-pwa/vite-plugin-pwa#846 (1c570)

   🐞 Bug Fixes

• Avoid assigning to bundle object  -  by @​sapphi-red in vite-pwa/vite-plugin-pwa#843 (b0716)

    View changes on GitHub

v0.21.2

   🐞 Bug Fixes

• manifest: Default manifest theme_color and description not being applied  -  by @​alexandre-hallaine in vite-pwa/vite-plugin-pwa#839 (53568)

    View changes on GitHub

v0.21.1

   🚀 Features

• Support Vite 6  -  by @​gabrielrbarbosa and @​userquin in vite-pwa/vite-plugin-pwa#797 (c4c25)
• html: Add head when missing from entry point  -  by @​userquin in vite-pwa/vite-plugin-pwa#784 (856d3)

   🐞 Bug Fixes

... (truncated)

Commits

• 84e66d7 chore: release v1.0.3
• aa07862 fix: add origin to scope_extensions to comply with the spec and get rid of wa...
• 8247192 docs: proper default (#848)
• db4ecdb perf: add hook filters (#877)
• 4385f0a chore: release v1.0.2
• 9b650a1 chore: update pnpm to v10.13.1
• 0340498 feat(pwa-assets): add additional checks to resolve images (#876)
• 9fd1a03 chore: release v1.0.1
• 1967829 chore: update pnpm to v10.12.4 (#870)
• 3422925 fix: added vite 7.0.0 support (#868)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[netlify]

✅ Deploy Preview for fdic-dapp ready!

Name	Link
🔨 Latest commit	9861d04
🔍 Latest deploy log	https://app.netlify.com/projects/fdic-dapp/deploys/68cc4d75c4528f00089b7000
😎 Deploy Preview	https://deploy-preview-43--fdic-dapp.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.