Skip to content

chore(deps): bump @tanstack/react-query from 5.99.0 to 5.99.2#148

Open
dependabot[bot] wants to merge 1 commit into
developmentfrom
dependabot/npm_and_yarn/development/tanstack/react-query-5.99.2
Open

chore(deps): bump @tanstack/react-query from 5.99.0 to 5.99.2#148
dependabot[bot] wants to merge 1 commit into
developmentfrom
dependabot/npm_and_yarn/development/tanstack/react-query-5.99.2

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 20, 2026

Bumps @tanstack/react-query from 5.99.0 to 5.99.2.

Release notes

Sourced from @​tanstack/react-query's releases.

@​tanstack/react-query-devtools@​5.99.2

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-devtools@​5.99.2
    • @​tanstack/react-query@​5.99.2

@​tanstack/react-query-next-experimental@​5.99.2

Patch Changes

  • Updated dependencies []:
    • @​tanstack/react-query@​5.99.2

@​tanstack/react-query-persist-client@​5.99.2

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-persist-client-core@​5.99.2
    • @​tanstack/react-query@​5.99.2

@​tanstack/react-query@​5.99.2

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-core@​5.99.2

@​tanstack/react-query-devtools@​5.99.1

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-devtools@​5.99.1
    • @​tanstack/react-query@​5.99.1

@​tanstack/react-query-next-experimental@​5.99.1

Patch Changes

  • Updated dependencies []:
    • @​tanstack/react-query@​5.99.1

@​tanstack/react-query-persist-client@​5.99.1

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-persist-client-core@​5.99.1
    • @​tanstack/react-query@​5.99.1

@​tanstack/react-query@​5.99.1

Patch Changes

  • Updated dependencies []:

... (truncated)

Changelog

Sourced from @​tanstack/react-query's changelog.

5.99.2

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-core@​5.99.2

5.99.1

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-core@​5.99.1
Commits
  • a3ec7b3 ci: Version Packages (#10520)
  • 69d2757 ci: Version Packages (#10514)
  • 7ffa1ed test({react,preact,solid}-query/useQueries): fix test description from 'useQu...
  • bc83d37 test({react,preact}-query/useMutation): unify destructuring pattern in comple...
  • aad1bd5 test({react,preact}-query/useMutation): add parallel 'mutateAsync' tests with...
  • d7643b5 test({react,preact}-query/useMutation): add optimistic update tests with succ...
  • cd89d6f test({react,preact}-query/useMutation): add conditional handling and retry te...
  • 6e15fe6 test({react,preact}-query/useMutation): add chained 'mutateAsync' tests for s...
  • 792d3a5 test({react,preact}-query/useMutation): add callback tests when 'useMutation'...
  • 1b661b3 test({react,preact}-query/useMutation): add single callback tests for 'mutate...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump @tanstack/react-query from 5.99.0 to 5.99.2
664b0d3 
Bumps [@tanstack/react-query](https://github.com/TanStack/query/tree/HEAD/packages/react-query) from 5.99.0 to 5.99.2.
- [Release notes](https://github.com/TanStack/query/releases)
- [Changelog](https://github.com/TanStack/query/blob/main/packages/react-query/CHANGELOG.md)
- [Commits](https://github.com/TanStack/query/commits/@tanstack/react-query@5.99.2/packages/react-query)

---
updated-dependencies:
- dependency-name: "@tanstack/react-query"
  dependency-version: 5.99.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 20, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 20, 2026

Knip Code Analysis

Found 8 total issues

Category Count
Unused Dependencies 1
Unused Dev Dependencies 3
Unused Exports 4
View details

Run pnpm knip locally to see the full report.

Use pnpm knip:filter pattern to filter results by file path.

Use /** @public */ JSDoc tags to mark intentionally exported symbols.

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 20, 2026

✅ Security audit passed

Passed (38/38)

  • ✅ Auth enforcement on protected routes (per-handler)
  • ✅ No dangerous functions (eval, innerHTML, etc.)
  • ✅ No hardcoded secrets in source
  • ✅ Security headers in next.config.ts
  • ✅ Cookie security (httpOnly, sameSite, secure)
  • ✅ No sensitive fields in API responses
  • ✅ No .env files committed to repo
  • ✅ No raw SQL in API routes
  • ✅ No fetch/redirect with unvalidated URLs in routes
  • ✅ Timing-safe comparison for secret values
  • ✅ No raw SQL migration files (schema-first only)
  • ✅ External fetch calls have timeouts
  • ✅ Docker container runs as non-root user
  • ✅ Public routes match proxy allowlist
  • ✅ File delete operations have path traversal defense
  • ✅ Password hashing uses Argon2 (not SHA-256/bcrypt)
  • ✅ Encrypted columns written via encrypt()
  • ✅ TOTP 2FA flow integrity
  • ✅ Emergency lockdown flow integrity
  • ✅ Scrub & delete (nuke) flow integrity
  • ✅ Backup restore flow integrity
  • ✅ Login flow integrity
  • ✅ Auth result checked before proceeding
  • ✅ Backup password inputs bounded before key derivation
  • ✅ Webhook delivery fetch uses redirect: "error"
  • ✅ SESSION_SECRET minimum-length guard in auth/crypto modules
  • ✅ Notification URL validators include SSRF protection
  • ✅ Dockerfile does not COPY sensitive files
  • ✅ No secret env vars in client components
  • ✅ Adapter Cookie headers guard against injection
  • ✅ Adapter files do not log credential values
  • ✅ No console.log in API routes
  • ✅ No TODO/FIXME in security-critical files
  • ✅ JSON.parse wrapped in try-catch
  • ✅ No swallowed errors in catch blocks
  • ✅ Request body size validation on upload routes
  • ✅ BigInt fields use string serialization
  • ✅ No raw error messages in API responses

Summary: 38/38 checks passed

See scripts/security-audit.ts for check definitions and SECURITY.md for the full security architecture.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants