deps: bump the dependency-updates group across 1 directory with 11 updates

[dependabot]

Bumps the dependency-updates group with 11 updates in the / directory:

Package	From	To
@primer/octicons-react	19.22.0	19.23.1
@primer/react	38.15.0	38.18.0
framer-motion	12.36.0	12.38.0
fuse.js	7.1.0	7.3.0
@npmcli/template-oss	4.29.0	4.30.0
eslint-import-resolver-webpack	0.13.10	0.13.11
eslint-plugin-primer-react	8.5.2	8.6.0
minimatch	10.2.4	10.2.5
tar	7.5.11	7.5.13
yaml	2.8.2	2.8.3
tap	21.6.2	21.6.3

Updates @primer/octicons-react from 19.22.0 to 19.23.1

Release notes

Sourced from @​primer/octicons-react's releases.

v19.23.1

Patch Changes

• #1175 ea8e6bb7 Thanks @​kylewaynebenson! - - Remove set fill from svgs

v19.23.0

Minor Changes

• #1165 63bc8d01 Thanks @​kylewaynebenson! - - Addition of lockup icon
  • adjustments to logo and mark

v19.22.1

Patch Changes

• #1169 6567d755 Thanks @​francinelucca! - various dep updates

Changelog

Sourced from @​primer/octicons-react's changelog.

19.23.1

Patch Changes

• #1175 ea8e6bb7 Thanks @​kylewaynebenson! - - Remove set fill from svgs

19.23.0

Minor Changes

• #1165 63bc8d01 Thanks @​kylewaynebenson! - - Addition of lockup icon
  • adjustments to logo and mark

19.22.1

Patch Changes

• #1169 6567d755 Thanks @​francinelucca! - various dep updates

Commits

• 84094ef Version Packages (#1176)
• ea8e6bb Removed style details from new icons (#1175)
• edf68a6 Version Packages (#1174)
• 63bc8d0 Addition of lockup icon, adjustments to logo and mark (#1165)
• 00f17db Version Packages (#1170)
• 0cb52b5 Bump next from 11.1.3 to 16.1.7 in /lib/octicons_styled (#1171)
• 5d6cc6d Bump rollup from 2.79.2 to 2.80.0 in /lib/octicons_react (#1162)
• ec791f1 Bump minimatch from 3.1.2 to 3.1.5 in /lib/octicons_react (#1173)
• ca7b3a4 Bump next from 16.1.6 to 16.1.7 in /lib/octicons_react (#1172)
• 6567d75 Add changeset for various dependency updates in @​primer/octicons (#1169)
• Additional commits viewable in compare view

Updates @primer/react from 38.15.0 to 38.18.0

Release notes

Sourced from @​primer/react's releases.

@​primer/react@​38.18.0

Minor Changes

• #7700 91bf343 Thanks @​francinelucca! - ActionMenu: Graduate primer_react_action_menu_display_in_viewport_inside_dialog feature flag. ActionMenu now automatically uses displayInViewport when rendered inside a Dialog, without requiring the feature flag.

• #7699 1505d9b Thanks @​francinelucca! - SelectPanel: Add displayInViewport prop

• #7662 39c8cf3 Thanks @​HiroAgustin! - Timeline: Update clipSidebar prop to accept 'start', 'end', or 'both' in addition to boolean. Use 'start' to only clip the top, 'end' to only clip the bottom, or 'both'/true to clip both ends.

• #7686 6cd13c0 Thanks @​JelloBagel! - StateLabel: Add new type: archived

Patch Changes

• #7690 b492cc8 Thanks @​HiroAgustin! - fix(Button): Apply inline-flex display to loading wrapper for link variant buttons

• #7696 1acb7d3 Thanks @​francinelucca! - Fix item dividers not visible in SelectPanel and FilteredActionList when showItemDividers is enabled, caused by content-visibility: auto clipping the absolutely-positioned divider pseudo-elements.

• #7683 f05fcac Thanks @​liuliu-dev! - Dialog: dynamically switch footer button layout based on available height.

• #7676 35ca056 Thanks @​HiroAgustin! - Remove link underline effect on hover for both Link (inline) and Button with variant link (no visuals)

• #7631 0ecaf6f Thanks @​mattcosta7! - Add test to validate that the muted prop is not leaked as a bare DOM attribute on Link

@​primer/react@​38.17.0

Minor Changes

• #7658 259fdff Thanks @​hussam-i-am! - fix(polymorphic): Improve prop passthrough for ActionList.LinkItem and Breadcrumbs.Item

• #7672 77735f9 Thanks @​iansan5653! - - New: Exposes new useMergedRefs hook that can merge two refs into a single combined ref

  • Deprecates useRefObjectAsForwardedRef; see doc comment for migration instructions
  • Deprecates useProvidedRefOrCreate; see doc comment for migration instructions

• #7623 42847d1 Thanks @​copilot-swe-agent! - IconButton: keybindingHint now accepts string[] in addition to string. Multiple hints are rendered joined with "or".

Patch Changes

• #7510 8fa988b Thanks @​francinelucca! - chore: ensure max-height does not surpass viewport height in Overlay, ActionMenu under feature flag

• #7682 8aed331 Thanks @​llastflowers! - Update CheckboxOrRadioGroup.tsx to add required announcement

@​primer/react@​38.16.0

Minor Changes

• #7661 dceb79c Thanks @​TylerJDev! - AnchoredOverlay: Add CSS Anchor Positioning to AnchoredOverlay (under a feature flag)

@​primer/react@​38.15.1

Patch Changes

• #7625 2e8c707 Thanks @​liuliu-dev! - Banner: stack inline actions vertically on narrow viewports.

... (truncated)

Commits

• 1625489 Release tracking (#7701)
• 6cd13c0 Add 'Archived' to StateLabel (#7686)
• f441841 lock-release.yml: Use legacy branch protection instead of rulesets (#7705)
• 0ecaf6f fix(Link): destructure muted prop to prevent unintentional DOM attribute le...
• 91bf343 chore: graduate primer_react_action_menu_display_in_viewport_inside_dialog (#...
• 1505d9b feat: add displayInViewport option to SelectPanel (#7699)
• 1c7c598 Remove Avatar component from @​primer/styled-react (#7685)
• 1acb7d3 fix(FilteredActionList): prevent content-visibility from clipping item divide...
• 39c8cf3 Timeline: extend clipSidebar to accept 'start' | 'end' | 'both' (#7662)
• b492cc8 fix(Button): Apply inline-flex display to loading wrapper for link variant (#...
• Additional commits viewable in compare view

Attestation changes

This version has no provenance attestation, while the previous version (38.15.0) was attested. Review the package versions before updating.

Updates framer-motion from 12.36.0 to 12.38.0

Changelog

Sourced from framer-motion's changelog.

[12.38.0] 2026-03-16

Added

• Added layoutAnchor prop to configure custom anchor point for resolving relative projection boxes.

Fixed

• Reorder: Fix axis switching after window resize.
• Reorder: Fix with virtualised lists.
• AnimatePresence: Ensure children are removed when exit animation matches current values.

[12.37.0] 2026-03-16

Added

• Support for hardware accelerating "start" and "end" offsets in scroll and useScroll.
• Support for oklch, oklab, lab, lch, color, color-mix, light-dark color types.

Fixed

• Fix whileInView with client-side navigation.
• Fix draggable elements when layout updates due to surrounding element re-renders.
• Improved memory pressure of layout animations.
• Ensure motion value returned from useSpring reports correct isAnimating().

Commits

• 0bfc9fe v12.38.0
• 343cb0c Updating layoutAnchor
• ee99ad2 Updating changelog
• 062660b Updating changgelog
• 303da7d Updating readme
• b075adc Merge pull request #3647 from motiondivision/feat/layout-anchor
• f0991d6 Add missing layoutAnchor !== false guard in attemptToResolveRelativeTarget
• b5798e9 Merge pull request #3642 from motiondivision/worktree-fix-issue-3078
• 7686c19 Merge pull request #3636 from motiondivision/worktree-fix-issue-3061
• a95c487 Fix auto-scroll in reorder-virtualized test page
• Additional commits viewable in compare view

Updates fuse.js from 7.1.0 to 7.3.0

Release notes

Sourced from fuse.js's releases.

v7.3.0

Features

• Token search — per-term fuzzy matching with IDF scoring (68c1dcf)
• Fuse.match() — static method for single string matching (460eb5b)
• BigInt support for indexing and search (0ae662c)
• removeAt() now returns the removed item (8cec7e2)
• Support keyless string entries in logical queries (8695556)
• getFn null return, escaped pipe in extended search, empty query returns all (d33b735)

Bug Fixes

• Merge overlapping match indices in extended search (06c5e97)
• Inverse patterns now work correctly across multiple keys (9351882)
• Handle quoted tokens with inner spaces and quotes in extended search (c226523)
• Handle non-decomposable diacritics in stripDiacritics (5a01f29)
• Coerce non-string array values to strings during indexing (db0e181)
• Strip getFn from keys in toJSON() for safe serialization (0f2a69b)

Internal

• Full TypeScript rewrite of source code
• Dropped UMD builds and babel preset-env
• Upgraded to Rollup 4, Vitest 2, TypeScript 6, ESLint 9
• Frozen default config to prevent mutation across instances
• Rewrote documentation as standalone markdown files

v7.2.0

Features

• Add Fuse.use() for runtime plugin registration

Performance

• Inline Bitap score computation to reduce object allocation in hot loops
• Batch removeAll for O(n) bulk removes instead of O(n*k)
• Heap-based top-k selection when limit is set
• Cache compiled searcher for repeated queries

Benchmarked on 10k records: 9-14% faster core search, 49x faster bulk remove.

Bug Fixes

• search: Deduplicate and merge overlapping match indices (#735)
• search: Preserve original array indices in nested path traversal (#786)
• types: Correct key type in FuseSortFunctionMatch (#811)
• types: Correct keys type in parseIndex parameter (#794)

Full Changelog: krisk/Fuse@v7.1.0...v7.2.0

Changelog

Sourced from fuse.js's changelog.

7.3.0 (2026-04-04)

Features

• add BigInt support for indexing and search (0ae662c), closes #814
• add static Fuse.match() for single string matching (460eb5b)
• add token search — per-term fuzzy matching with IDF scoring (68c1dcf)
• getFn null return, escaped pipe in extended search, empty query returns all (d33b735), closes #800 #765 #728
• removeAt() now returns the removed item (8cec7e2), closes #675
• search: support keyless string entries in logical queries (8695556), closes #736

Bug Fixes

• index: coerce non-string array values to strings during indexing (db0e181), closes #738
• index: strip getFn from keys in toJSON() for safe serialization (0f2a69b), closes #798
• lint: suppress unused var in toJSON destructure (d63c0e8)
• merge overlapping match indices in extended search (06c5e97)
• search: handle non-decomposable diacritics in stripDiacritics (5a01f29), closes home-assistant/frontend#30399 #816
• search: handle quoted tokens with inner spaces and quotes in extended search (c226523), closes #810
• search: inverse patterns now work correctly across multiple keys (9351882), closes #712

7.2.0 (2026-04-02)

Features

• add Fuse.use() for runtime plugin registration (8546a9b)

Performance

• inline Bitap score computation to reduce object allocation in hot loops (8546a9b)
• batch removeAll for O(n) bulk removes instead of O(n*k) (8546a9b)
• heap-based top-k selection when limit is set (8546a9b)
• cache compiled searcher for repeated queries (8546a9b)

Bug Fixes

• search: deduplicate and merge overlapping match indices (60c393a), closes #735
• search: preserve original array indices in nested path traversal (a1451be), closes #786
• types: correct key type in FuseSortFunctionMatch (fecee16), closes #811
• types: correct keys type in parseIndex parameter (58c7c73), closes #794

Commits

• aae48f5 chore(release): 7.3.0
• d63c0e8 fix(lint): suppress unused var in toJSON destructure
• 44dfdb4 chore: add funding field to package.json
• 65dadf5 docs: add performance guide with benchmark script
• 0ae662c feat: add BigInt support for indexing and search
• 8153c9d docs: fix tsconfig to resolve "no inputs found" error
• 6afb2ed docs: add "When to Use It" section to token search page
• 0e74a9c docs: simplify Getting Started page title
• 80330ed docs: fix sidebar titles and restore subheading expansion
• 6cd0cee docs: remove unused TwitterFollow and Version components
• Additional commits viewable in compare view

Updates @npmcli/template-oss from 4.29.0 to 4.30.0

Release notes

Sourced from @​npmcli/template-oss's releases.

v4.30.0

4.30.0 (2026-03-19)

Features

• 6bc2bc0 #553 filters items out of the release process that aren't for backports (#553) (@​owlstronaut)

Changelog

Sourced from @​npmcli/template-oss's changelog.

4.30.0 (2026-03-19)

Features

• 6bc2bc0 #553 filters items out of the release process that aren't for backports (#553) (@​owlstronaut)

Commits

• afcb3c1 chore: release 4.30.0 (#554)
• 6bc2bc0 feat: filters items out of the release process that aren't for backports (#553)
• See full diff in compare view

Updates eslint-import-resolver-webpack from 0.13.10 to 0.13.11

Changelog

Sourced from eslint-import-resolver-webpack's changelog.

0.13.11 - 2026-04-01

• [deps] update is-core-module, is-regex, lodash, resolve

Commits

• 364c941 [resolvers/webpack] v0.13.11
• 17bd6a9 [resolvers] [webpack] [meta] only apps should have lockfiles
• a440156 [resolvers] [webpack] [deps] update is-core-module, is-regex, lodash, `...
• See full diff in compare view

Updates eslint-plugin-primer-react from 8.5.2 to 8.6.0

Release notes

Sourced from eslint-plugin-primer-react's releases.

v8.6.0

Minor Changes

• #376 4f0e5b5 Thanks @​copilot-swe-agent! - Add ESLint rule to replace deprecated Octicon component with specific icons and remove unused imports

Changelog

Sourced from eslint-plugin-primer-react's changelog.

8.6.0

Minor Changes

• #376 4f0e5b5 Thanks @​copilot-swe-agent! - Add ESLint rule to replace deprecated Octicon component with specific icons and remove unused imports

Commits

• 09a3407 Version Packages (#518)
• 4f0e5b5 Add ESLint rule to replace deprecated Octicon component with specific icons (...
• df853d1 Bump actions/create-github-app-token from 2 to 3 (#515)
• 98c6ff3 Bump flatted from 3.3.3 to 3.4.1 (#514)
• 88e5510 Bump lodash from 4.17.21 to 4.17.23 (#487)
• e53a8e8 Bump globals from 17.3.0 to 17.4.0 (#516)
• de1419f Bump @​typescript-eslint/rule-tester from 8.56.1 to 8.57.0 (#517)
• 0d9487d Bump @​changesets/changelog-github from 0.5.2 to 0.6.0 (#512)
• c0337b0 Bump markdownlint-cli2-formatter-pretty from 0.0.9 to 0.0.10 (#510)
• db79b7f Bump minimatch from 3.1.2 to 3.1.5 (#508)
• Additional commits viewable in compare view

Updates minimatch from 10.2.4 to 10.2.5

Commits

• 693c823 10.2.5
• 7953af1 do not allow .. to consume drive letter on Windows
• 1caf918 lint and format
• 7783ed6 ignore docs
• 6d9b356 update deps etc
• See full diff in compare view

Updates tar from 7.5.11 to 7.5.13

Commits

• d6611ae 7.5.13
• 119c401 fix(extract): prevent raced symlink writes outside cwd
• 2a294d3 7.5.12
• 01082a4 fix: reject top promise on floating addFilesAsync rejections
• dd1c36a linting
• 35a1ffe doc: more clarity in security warning
• See full diff in compare view

Updates yaml from 2.8.2 to 2.8.3

Release notes

Sourced from yaml's releases.

v2.8.3

• Add trailingComma ToString option for multiline flow formatting (#670)
• Catch stack overflow during node composition (1e84ebb)

Commits

• ce14587 2.8.3
• 1e84ebb fix: Catch stack overflow during node composition
• 6b24090 ci: Include Prettier check in lint action
• 9424dee chore: Refresh lockfile
• d1aca82 Add trailingComma ToString option for multiline flow formatting (#670)
• 4321509 ci: Drop the branch filter from GitHub PR actions
• 47207d0 chore: Update docs-slate
• 5212fae chore: Update docs-slate
• See full diff in compare view

Updates tap from 21.6.2 to 21.6.3

Commits

• a14b24c update versions
• e6798fe update tshy, normalize package.json better
• 9286b74 mock: just make the service key a global
• See full diff in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
tap	[>= 18.a, < 19]
tap	[>= 19.a, < 20]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions