deps(web): bump the node-dependencies group in /apps/web with 5 updates

[dependabot]

Bumps the node-dependencies group in /apps/web with 5 updates:

Package	From	To
react	19.2.4	19.2.7
react-dom	19.2.4	19.2.7
@types/node	20.19.42	25.9.2
eslint	9.39.4	10.4.1
typescript	5.9.3	6.0.3

Updates react from 19.2.4 to 19.2.7

Release notes

Sourced from react's releases.

19.2.7 (June 1st, 2026)

React Server Components

• Fixed missing FormData entries in Server Actions which regressed in 19.2.6 (#36566 by @​unstubbable)

19.2.6 (May 6th, 2026)

React Server Components

• Type hardening and performance improvements (#36425 by @​eps1lon and @​unstubbable)

19.2.5 (April 8th, 2026)

React Server Components

• Add more cycle protections (#36236 by @​eps1lon and @​unstubbable)

Commits

• 6117d7c Version 19.2.7 (#36591)
• eaf3e95 Version 19.2.6
• 23f4f9f 19.2.5
• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react since your current version.

Updates react-dom from 19.2.4 to 19.2.7

Release notes

Sourced from react-dom's releases.

19.2.7 (June 1st, 2026)

React Server Components

• Fixed missing FormData entries in Server Actions which regressed in 19.2.6 (#36566 by @​unstubbable)

19.2.6 (May 6th, 2026)

React Server Components

• Type hardening and performance improvements (#36425 by @​eps1lon and @​unstubbable)

19.2.5 (April 8th, 2026)

React Server Components

• Add more cycle protections (#36236 by @​eps1lon and @​unstubbable)

Commits

• 6117d7c Version 19.2.7 (#36591)
• eaf3e95 Version 19.2.6
• 23f4f9f 19.2.5
• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react-dom since your current version.

Updates @types/node from 20.19.42 to 25.9.2

Commits

• See full diff in compare view

Updates eslint from 9.39.4 to 10.4.1

Release notes

Sourced from eslint's releases.

v10.4.1

Bug Fixes

• e557467 fix: update @eslint/plugin-kit version to 0.7.2 (#20930) (Francesco Trotta)
• d4ce898 fix: propagate failures from delegated commands (#20917) (Minh Vu)
• f4f3507 fix: prefer-arrow-callback invalid autofix with newline after async (#20916) (kuldeep kumar)
• c5bc78b fix: false positive for reference in finally block (#20655) (Tanuj Kanti)
• 27538c0 fix: add missing CodePath and CodePathSegment types (#20853) (Pixel998)

Documentation

• 61b0add docs: remove deprecated rule from related rules of max-params (#20921) (Tanuj Kanti)
• 305d5b9 docs: remove deprecated rules from related rules section (#20911) (Tanuj Kanti)
• 49b0202 docs: fix display: none of ad (#20901) (Tanuj Kanti)
• 9067f94 docs: switch build to Node.js 24 (#20893) (Milos Djermanovic)
• c91b041 docs: Update README (GitHub Actions Bot)
• e349265 docs: clarify semver strings in rule deprecation objects (#20885) (Milos Djermanovic)

Chores

• b0e466b test: add data property to invalid tests cases for rules (#20924) (Tanuj Kanti)
• f78838b test: add CodePath type coverage (#20904) (Pixel998)
• 1daa4bd chore: update eslint-plugin-eslint-comments test data to latest commit (#20922) (Francesco Trotta)
• 002942c ci: declare contents:read on update-readme workflow (#20919) (Arpit Jain)
• 64bca24 chore: update ecosystem plugins (#20912) (ESLint Bot)
• 6d7c832 chore: ignore fflate updates in renovate (#20908) (Pixel998)
• b2c8638 ci: bump pnpm/action-setup from 6.0.7 to 6.0.8 (#20889) (dependabot[bot])
• a9b8d7f chore: increase maxBuffer for ecosystem tests (#20881) (sethamus)
• b702ead chore: update ecosystem update PR settings (#20884) (Pixel998)
• 507f60e chore: update ecosystem plugins (#20882) (ESLint Bot)
• 92f5c5b test: add unit test for message-count (#20878) (kuldeep kumar)
• df32108 chore: add @​eslint/markdown and typescript-eslint ecosystem tests (#20837) (sethamus)
• 327f91d chore: use includeIgnoreFile internally (#20876) (Kirk Waiblinger)
• f0dc4bd chore: pin fflate@0.8.2 (#20877) (Milos Djermanovic)
• 0f4bd25 ci: run Discord alert for ecosystem test failures (#20873) (Copilot)

v10.4.0

Features

• 1a45ec5 feat: check sequence expressions in for-direction (#20701) (kuldeep kumar)
• 450040b feat: add includeIgnoreFile() to eslint/config (#20735) (Kirk Waiblinger)

Bug Fixes

• 544c0c3 fix: escape code path DOT labels in debug output (#20866) (Pixel998)
• 6799431 fix: update dependency @​eslint/config-helpers to ^0.6.0 (#20850) (renovate[bot])
• f078fef fix: handle non-array deprecated rule replacements (#20825) (xbinaryx)

Documentation

• 7e52a71 docs: add mention of @eslint-react/eslint-plugin (#20869) (Pavel)
• db3468b docs: tweak wording around ambiguous CJS-vs-ESM config (#20865) (Kirk Waiblinger)
• 9084664 docs: Update README (GitHub Actions Bot)
• 9cc7387 docs: Update README (GitHub Actions Bot)
• 3d7b548 docs: Update README (GitHub Actions Bot)
• 191ec3c docs: Update README (GitHub Actions Bot)

... (truncated)

Commits

• 4a3d15a 10.4.1
• 43e7e2b Build: changelog update for 10.4.1
• e557467 fix: update @eslint/plugin-kit version to 0.7.2 (#20930)
• b0e466b test: add data property to invalid tests cases for rules (#20924)
• d4ce898 fix: propagate failures from delegated commands (#20917)
• f4f3507 fix: prefer-arrow-callback invalid autofix with newline after async (#20916)
• f78838b test: add CodePath type coverage (#20904)
• 61b0add docs: remove deprecated rule from related rules of max-params (#20921)
• 1daa4bd chore: update eslint-plugin-eslint-comments test data to latest commit (#20...
• 002942c ci: declare contents:read on update-readme workflow (#20919)
• Additional commits viewable in compare view

Updates typescript from 5.9.3 to 6.0.3

Release notes

Sourced from typescript's releases.

TypeScript 6.0.3

For release notes, check out the release announcement blog post.

• fixed issues query for TypeScript 6.0.0 (Beta).
• fixed issues query for TypeScript 6.0.1 (RC).
• fixed issues query for TypeScript 6.0.2 (Stable).
• fixed issues query for TypeScript 6.0.3 (Stable).

Downloads are available on:

• npm

TypeScript 6.0

For release notes, check out the release announcement blog post.

• fixed issues query for TypeScript 6.0.0 (Beta).
• fixed issues query for TypeScript 6.0.1 (RC).
• fixed issues query for TypeScript 6.0.2 (Stable).

Downloads are available on:

• npm

TypeScript 6.0 Beta

For release notes, check out the release announcement.

• fixed issues query for Typescript 6.0.0 (Beta).

Downloads are available on:

• npm

Commits

• 050880c Bump version to 6.0.3 and LKG
• eeae9dd 🤖 Pick PR #63401 (Also check package name validity in...) into release-6.0 (#...
• ad1c695 🤖 Pick PR #63368 (Harden ATA package name filtering) into release-6.0 (#63372)
• 0725fb4 🤖 Pick PR #63310 (Mark class property initializers as...) into release-6.0 (#...
• 607a22a Bump version to 6.0.2 and LKG
• 9e72ab7 🤖 Pick PR #63239 (Fix missing lib files in reused pro...) into release-6.0 (#...
• 35ff23d 🤖 Pick PR #63163 (Port anyFunctionType subtype fix an...) into release-6.0 (#...
• e175b69 Bump version to 6.0.1-rc and LKG
• af4caac Update LKG
• 8efd7e8 Merge remote-tracking branch 'origin/main' into release-6.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Summary by CodeRabbit

• Chores
  • Updated React and React DOM to version 19.2.7
  • Updated development dependencies including TypeScript, ESLint, and type definitions to latest compatible versions

[dependabot]

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[coderabbitai]

📝 Walkthrough

Walkthrough

Updated apps/web/package.json with newer versions: React and react-dom to 19.2.7, @types/node to ^25, eslint to ^10, and typescript to ^6.

Changes

Dependency and Dev Tooling Updates

Layer / File(s)	Summary
Dependency version bumps apps/web/package.json	React and react-dom patch updated from 19.2.4 to 19.2.7; dev dependencies advanced to newer majors: @types/node ^20→^25, eslint ^9→^10, typescript ^5→^6.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 With newer tools in paw, we build with glee,
React 19.2.7 runs wild and free,
TypeScript and eslint stand tall and bright,
Our dependencies dance in the morning light! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title accurately describes the main change: a dependency group update for the web app with 5 package upgrades, matching the actual changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dependabot/npm_and_yarn/apps/web/node-dependencies-794d197ad1

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@apps/web/package.json`:
- Around line 18-24: The lockfile (apps/web/bun.lock) still pins older tooling
and doesn't reflect the updated majors in package.json (e.g., "eslint": "^10",
"typescript": "^6") and the lint stack compatibility with
eslint-config-next@16.2.9; regenerate the lockfile by running bun install in
apps/web, then ensure TypeScript is constrained to 6.0.x (not 6.1+) to satisfy
typescript-eslint@8.61.0's ">=4.8.4 <6.1.0" requirement, update package.json if
needed to pin "typescript" to "6.0.x", and after regenerating run bun run lint
and bun run build to verify ESLint 10 and the Next lint stack work with the new
lockfile.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 52aef5b0-0e60-49a3-a323-46a4a176b08a

📥 Commits

Reviewing files that changed from the base of the PR and between c4a66e1 and 9d73230.

📒 Files selected for processing (1)

• apps/web/package.json

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Verify lockfile update and check for compatibility issues

# Check if lockfile has been updated with new versions
echo "=== Checking lockfile for new versions ==="
rg '"react".*19\.2\.7' apps/web/bun.lock
rg '"typescript".*6\.' apps/web/bun.lock
rg '"eslint".*10\.' apps/web/bun.lock

# Check Next.js peer dependencies or version constraints
echo -e "\n=== Checking Next.js package info ==="
cat apps/web/node_modules/next/package.json 2>/dev/null | jq '.peerDependencies, .engines' || echo "node_modules not available in sandbox"

# Look for any TypeScript or ESLint config issues
echo -e "\n=== Checking for config files ==="
fd -e json -e js 'tsconfig|eslint' apps/web

Repository: FrilLab/frilchain

Length of output: 8151

---

🌐 Web query:

Does Next.js 16.2.9 support TypeScript 6.0 and eslint 10?

💡 Result:

As of June 10, 2026, Next.js 16.2.9 supports TypeScript 6.0, but does not provide full native support for ESLint 10 in its default configuration. TypeScript 6.0: Next.js officially integrated support for TypeScript 6.0 in the 16.2 development cycle [1][2]. This includes updates to internal tsconfig defaults and the removal of deprecated compiler options that were incompatible with TypeScript 6.0 behaviors [3][4]. Users are encouraged to migrate projects to align with these newer TypeScript standards rather than relying on framework-level rewiring [4]. ESLint 10: Next.js (specifically the eslint-config-next package) does not yet offer full, native support for ESLint 10 [5]. As of June 2026, users attempting to use ESLint 10 often encounter runtime errors due to dependency incompatibilities, particularly with packages like eslint-plugin-react that rely on legacy APIs removed in ESLint 10 [5]. While community workarounds and temporary fixes (such as manually specifying the React version in the ESLint configuration) exist, official stability for ESLint 10 within the Next.js linting stack remains pending [5]. For stable production environments, it is currently recommended to continue using ESLint 9 [5].

Citations:

• 1: Bump TypeScript to 6.0 vercel/next.js#91257
• 2: vercel/next.js@d141874
• 3: vercel/next.js@aa3ba7e
• 4: Don't suppress usage of deprecated TypeScript compilerOptions vercel/next.js#93377
• 5: [ESLint v10]: TypeError: contextOrFilename.getFilename is not a function when running ESLint v10 vercel/next.js#89764

---

Regenerate apps/web/bun.lock and constrain TypeScript for the Next.js lint stack.

• apps/web/bun.lock still resolves older tooling (e.g., eslint@9.39.4) and does not show the expected eslint@10.x / typescript@6.x pins from apps/web/package.json, so CI may not actually receive the upgraded majors until the lockfile is regenerated.
• The lint stack is sensitive here: eslint-config-next@16.2.9 is not a reliable default for ESLint 10.
• typescript-eslint@8.61.0 (present in the lockfile) requires typescript >=4.8.4 <6.1.0, so keep TypeScript on 6.0.x (avoid 6.1+).

After regenerating the lockfile (bun install), run bun run lint and bun run build.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@apps/web/package.json` around lines 18 - 24, The lockfile (apps/web/bun.lock)
still pins older tooling and doesn't reflect the updated majors in package.json
(e.g., "eslint": "^10", "typescript": "^6") and the lint stack compatibility
with eslint-config-next@16.2.9; regenerate the lockfile by running bun install
in apps/web, then ensure TypeScript is constrained to 6.0.x (not 6.1+) to
satisfy typescript-eslint@8.61.0's ">=4.8.4 <6.1.0" requirement, update
package.json if needed to pin "typescript" to "6.0.x", and after regenerating
run bun run lint and bun run build to verify ESLint 10 and the Next lint stack
work with the new lockfile.

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml