deps: bump the npm-production group across 1 directory with 5 updates

[dependabot]

Bumps the npm-production group with 4 updates in the / directory: react-router-dom, jiti, postcss and rollup.

Updates react-router-dom from 7.14.2 to 7.15.0

Changelog

Sourced from react-router-dom's changelog.

v7.15.0

Patch Changes

• Updated dependencies:
  • react-router@7.15.0

Commits

• 97c8de7 Release v7.15.0 (#15018)
• See full diff in compare view

Updates jiti from 2.6.1 to 2.7.0

Release notes

Sourced from jiti's releases.

v2.7.0

compare changes

🚀 Enhancements

• Add explicit resource management (using/await using) support (#422)
• Support opt-in tsconfigPaths (#427)
• Support virtual modules (#428)
• Add jiti/static subpath (#430)

🔥 Performance

• interopDefault: Add caching to reduce proxy overhead by ~2x (#421)

🩹 Fixes

• require: Passthrough resolve options (#412)
• require: Fallback to transpilation when tryNative fails (#413)
• Fallback for ENAMETOOLONG when evaluating esm (#429)

📦 Build

• Upgrade rspack to v2 (55194fb)
• Experimental rolldown config (8c0243f)

✅ Tests

• Ignore jsx test for bun/cjs (3a744ca)

❤️ Contributors

• Pooya Parsa (@​pi0)
• Kricsleo (@​kricsleo)
• Espen Hovlandsdal (@​rexxars)
• Rintaro Itokawa (@​re-taro)
• Matteo Collina (@​mcollina)
• Mario Zechner (@​badlogic)

Changelog

Sourced from jiti's changelog.

v2.7.0

compare changes

🚀 Enhancements

• Add explicit resource management (using/await using) support (#422)
• Support opt-in tsconfigPaths (#427)
• Support virtual modules option (#428)
• Add jiti/static export (#430)

🔥 Performance

• interopDefault: Add caching to reduce proxy overhead by ~2x (#421)

🩹 Fixes

• require: Passthrough resolve options (#412)
• ci: Skip --coverage flag for node 18 (fe264b4)
• require: Fallback to transpilation when tryNative fails (#413)
• Fallback for ENAMETOOLONG when evaluating esm (#429)

📦 Build

• Upgrade rspack (55194fb)
• Experimental rolldown config (8c0243f)

🏡 Chore

• Fix lint issues (4045c7a)
• Update deps (e88ac44)
• Update deps (498e8d7)
• Add missing prettier dep (650bc48)
• Lint (058d91a)
• Init agents.md (c49c54e)
• Update agents.md (4deba16)
• Update deps (08fc868)
• Update tsconfig (8c7822e)
• Update release script (27fe3f2)

✅ Tests

• Ignore jsx test for bun/cjs (3a744ca)
• Update (9ee314f)

🤖 CI

• Update node test matrix (0abda72)

❤️ Contributors

... (truncated)

Commits

• fd3bb28 chore(release): v2.7.0
• 27fe3f2 chore: update release script
• 4fcd2f2 fix: fallback for ENAMETOOLONG when evaluating esm (#429)
• 8c0243f build: experimental rolldown config
• 55194fb build: upgrade rspack
• 0abda72 ci: update node test matrix
• 8c7822e chore: update tsconfig
• 08fc868 chore: update deps
• 5d552e3 feat: add jiti/static export (#430)
• ae790b0 feat: support virtual modules option (#428)
• Additional commits viewable in compare view

Updates postcss from 8.5.10 to 8.5.14

Release notes

Sourced from postcss's releases.

8.5.14

• Fixed custom syntax regression (by @​43081j).

8.5.13

• Fixed postcss-scss commend regression.

8.5.12

• Fixed reading any file via user-generated CSS.
• Added opts.unsafeMap to disable checks.

8.5.11

• Fixed nested brackets parsing performance (by @​offset).

Changelog

Sourced from postcss's changelog.

8.5.14

• Fixed custom syntax regression (by @​43081j).

8.5.13

• Fixed postcss-scss commend regression.

8.5.12

• Fixed reading any file via user-generated CSS.
• Added opts.unsafeMap to disable checks.

8.5.11

• Fixed nested brackets parsing performance (by @​offset).

Commits

• 3ec1394 Release 8.5.14 version
• f2bb827 Update dependencies
• d75953d Merge pull request #2084 from 43081j/raw-raws-rawing
• 68bd213 fix: always call raw to retrieve raw values
• af58cf1 Release 8.5.13 version
• f227dbd Temporary ignore pnpm 11 config
• d3abd40 Update dependencies
• dd06c3e Revert stringifier changes because of the conflict with postcss-scss
• ae889c8 Try to fix CI
• e0093e4 Move to pnpm 11
• Additional commits viewable in compare view

Updates react-router from 7.14.2 to 7.15.0

Release notes

Sourced from react-router's releases.

v7.15.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7150

Changelog

Sourced from react-router's changelog.

v7.15.0

Minor Changes

• Stabilize unstable_defaultShouldRevalidate as defaultShouldRevalidate on <Link>, <Form>, useLinkClickHandler, useSubmit, fetcher.submit, and setSearchParams (a993f09)

  • ⚠️ This is a breaking change if you have already opted into the unstable version - you will need to update your code accordingly

• Stabilize the instrumentation APIs. unstable_instrumentations is now instrumentations and unstable_pattern is now pattern (a993f09)

  • The unstable_ServerInstrumentation, unstable_ClientInstrumentation, unstable_InstrumentRequestHandlerFunction, unstable_InstrumentRouterFunction, unstable_InstrumentRouteFunction, and unstable_InstrumentationHandlerResult types have had their unstable_ prefixes removed
  • ⚠️ This is a breaking change if you have already opted into the unstable version - you will need to update your code accordingly

• Stabilize unstable_mask as mask on <Link>, useLinkClickHandler, and useNavigate, and rename the corresponding Location.unstable_mask field to Location.mask (a993f09)

  • ⚠️ This is a breaking change if you have already opted into the unstable version - you will need to update your code accordingly

• Stabilize the unstable_normalizePath option on staticHandler.query and staticHandler.queryRoute as normalizePath (a993f09)

  • ⚠️ This is a breaking change if you have already opted into the unstable version - you will need to update your code accordingly

• Stabilize future.unstable_passThroughRequests as future.v8_passThroughRequests (a993f09)

  • ⚠️ This is a breaking change if you have already opted into the unstable version - you will need to update your code accordingly

• Remove unstable_subResourceIntegrity from the runtime FutureConfig type; the flag is now controlled by the top-level subResourceIntegrity option in react-router.config.ts (a993f09)

  • ⚠️ This is a breaking change if you have already opted into the unstable version - you will need to update your code accordingly

• Stabilize unstable_url as url on loader, action, and middleware function args (a993f09)

  • ⚠️ This is a breaking change if you have already opted into the unstable version - you will need to update your code accordingly

• Stabilize unstable_useTransitions as useTransitions on <BrowserRouter>, <HashRouter>, <HistoryRouter>, <MemoryRouter>, <Router>, <RouterProvider>, <HydratedRouter>, and useLinkClickHandler (a993f09)

  • ⚠️ This is a breaking change if you have already opted into the unstable version - you will need to update your code accordingly

Patch Changes

• Add nonce to <Scripts> <link rel="modulepreload"> elements (if provided) (af5d49b)

• Fix a bug with unstable_defaultShouldRevalidate={false} where parent routes that did not export a shouldRevalidate function could be incorrectly included in the single fetch call for new child route data (#15012)

• Improve server-side route matching performance by pre-computing flattened/cached route branches (#14967) (af5d49b)

  • Performance benchmarks showed roughly a 10-15% improvement in server-side request handling performance

• Mark mask as an optional field in Location for easier mocking in unit tests (#14999)

• Cache flattened/ranked route branches to optimize server-side route matching (#14967)

• Improve route matching performance in Framework/Data Mode (#14971) (af5d49b)

  • Avoiding unnecessary calls to matchRoutes in data router scenarios
    • This includes adding back the optimization that was removed in 7.6.0 (#13562)
    • The issues that prompted the revert have been addressed by using the available router matches but always updating match.route to the latest route in the manifest
  • Leverage pre-computed pre-computing flattened/cached route branches during client side route matching
  • Performance benchmarks showed roughly a 15-30% improvement in server-side request handling performance

Commits

• 97c8de7 Release v7.15.0 (#15018)
• af5d49b Update change files again
• a993f09 Update change files
• 362635b Move chnageset to change file
• e756132 chore: format
• 49295b5 Stabilize APIs (#14999)
• 5f61543 Client-side route matching optimizations (#14971)
• 67518cb Remove unnecessary hasShouldRevalidate condition for opting out (#15012)
• 6f18edd Add nonce to scripts modulepreload (#15002)
• 10a9686 Migrate changeset to change file
• Additional commits viewable in compare view

Updates rollup from 4.60.2 to 4.60.3

Changelog

Sourced from rollup's changelog.

4.60.3

2026-05-04

Bug Fixes

• Ensure nested "exports" variables are not renamed (#6360)

Pull Requests

• #6360: fix: do not rename nested "exports" bindings that do not conflict (@​tariqrafique, @​lukastaegert)
• #6364: chore(deps): update msys2/setup-msys2 digest to e989830 (@​renovate[bot])
• #6365: fix(deps): update minor/patch updates (@​renovate[bot])
• #6366: fix(deps): update swc monorepo (major) (@​renovate[bot])
• #6367: chore(deps): lock file maintenance (@​renovate[bot], @​lukastaegert)
• #6368: docs: add missing backticks in plugin-development (@​lumirlumir, @​lukastaegert)

Commits

• b47bdab 4.60.3
• 15c5f33 Add again some unneeded dev dependencies, to make some builds succeed
• 12195dc fix: do not rename nested "exports" bindings that do not conflict (#6360)
• b74aa39 Migrate instructions to AGENTS.md
• aa5a377 fix(deps): update minor/patch updates (#6365)
• 197e68b chore(deps): update msys2/setup-msys2 digest to e989830 (#6364)
• cded70a fix(deps): update swc monorepo (major) (#6366)
• bb2b8a5 docs: add missing backticks in plugin-development (#6368)
• 20af1c4 chore(deps): lock file maintenance (#6367)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions