[Snyk] Upgrade @tanstack/react-query from 5.24.6 to 5.48.0

[eryn-muetzel]

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade @tanstack/react-query from 5.24.6 to 5.48.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 41 versions ahead of your current version.

• The recommended version was released on 22 days ago.

Release notes

Package name: @tanstack/react-query

• 5.48.0 - 2024-06-25
  

  Version 5.48.0 - 6/25/24, 2:14 PM

  Changes

  Feat

  • core: Add possibility to pass a callback to enabled. (#7566) (31b9ab4) by John

  Packages

  • @ tanstack/query-core@5.48.0
  • @ tanstack/query-broadcast-client-experimental@5.48.0
  • @ tanstack/query-persist-client-core@5.48.0
  • @ tanstack/query-sync-storage-persister@5.48.0
  • @ tanstack/react-query@5.48.0
  • @ tanstack/react-query-devtools@5.48.0
  • @ tanstack/react-query-persist-client@5.48.0
  • @ tanstack/react-query-next-experimental@5.48.0
  • @ tanstack/solid-query@5.48.0
  • @ tanstack/solid-query-devtools@5.48.0
  • @ tanstack/solid-query-persist-client@5.48.0
  • @ tanstack/svelte-query@5.48.0
  • @ tanstack/svelte-query-devtools@5.48.0
  • @ tanstack/svelte-query-persist-client@5.48.0
  • @ tanstack/vue-query@5.48.0
  • @ tanstack/vue-query-devtools@5.48.0
  • @ tanstack/angular-query-experimental@5.48.0
  • @ tanstack/query-async-storage-persister@5.48.0
  • @ tanstack/angular-query-devtools-experimental@5.48.0
• 5.47.0 - 2024-06-25
  

  Version 5.47.0 - 6/25/24, 12:27 PM

  Changes

  Feat

  • react-query: usePrefetchQuery (#7582) (fbfe940) by Dominik Dorfmeister

  Chore

  • Update typescript-eslint to v7 (#7610) (32bce35) by Lachlan Collins

  Ci

  • Prevent uploading coverage files found in Nx cache (#7619) (6355244) by Lachlan Collins
  • Add tests for TS 4.7, 4.8, 4.9 (#7618) (15e42ba) by Lachlan Collins
  • Add TS version tests (#7605) (8253a80) by Lachlan Collins

  Packages

  • @ tanstack/eslint-plugin-query@5.47.0
  • @ tanstack/query-async-storage-persister@5.47.0
  • @ tanstack/query-broadcast-client-experimental@5.47.0
  • @ tanstack/query-core@5.47.0
  • @ tanstack/query-devtools@5.47.0
  • @ tanstack/query-persist-client-core@5.47.0
  • @ tanstack/query-sync-storage-persister@5.47.0
  • @ tanstack/react-query@5.47.0
  • @ tanstack/react-query-devtools@5.47.0
  • @ tanstack/react-query-persist-client@5.47.0
  • @ tanstack/react-query-next-experimental@5.47.0
  • @ tanstack/solid-query@5.47.0
  • @ tanstack/solid-query-devtools@5.47.0
  • @ tanstack/solid-query-persist-client@5.47.0
  • @ tanstack/svelte-query@5.47.0
  • @ tanstack/svelte-query-devtools@5.47.0
  • @ tanstack/svelte-query-persist-client@5.47.0
  • @ tanstack/vue-query@5.47.0
  • @ tanstack/angular-query-devtools-experimental@5.47.0
  • @ tanstack/angular-query-experimental@5.47.0
  • @ tanstack/vue-query-devtools@5.47.0
• 5.45.1 - 2024-06-16
  

  Version 5.45.1 - 6/16/2024, 8:16 PM

  Changes

  Refactor

  • react-query: improve type inference for useSuspenseQueries with skipToken (#7564) (77a7b28) by GwanSik Kim

  Docs

  • fix grammar mistake on migrating-to-v5.md (#7556) (8d69ef4) by Paul Ashioya

  Packages

  • @ tanstack/react-query@5.45.1
  • @ tanstack/react-query-devtools@5.45.1
  • @ tanstack/react-query-persist-client@5.45.1
  • @ tanstack/react-query-next-experimental@5.45.1
• 5.45.0 - 2024-06-12
  

  Version 5.45.0 - 6/12/2024, 12:35 PM

  Changes

  Feat

  • hydrate.transformPromise (#7538) (9a030b6) by Julius Marminge

  Docs

  • advanced-ssr: delete unused import (#7553) (bd094f8) by @ Lennon57

  Packages

  • @ tanstack/query-core@5.45.0
  • @ tanstack/query-broadcast-client-experimental@5.45.0
  • @ tanstack/query-persist-client-core@5.45.0
  • @ tanstack/query-sync-storage-persister@5.45.0
  • @ tanstack/react-query@5.45.0
  • @ tanstack/react-query-devtools@5.45.0
  • @ tanstack/react-query-persist-client@5.45.0
  • @ tanstack/react-query-next-experimental@5.45.0
  • @ tanstack/solid-query@5.45.0
  • @ tanstack/solid-query-devtools@5.45.0
  • @ tanstack/solid-query-persist-client@5.45.0
  • @ tanstack/svelte-query@5.45.0
  • @ tanstack/svelte-query-devtools@5.45.0
  • @ tanstack/svelte-query-persist-client@5.45.0
  • @ tanstack/vue-query@5.45.0
  • @ tanstack/vue-query-devtools@5.45.0
  • @ tanstack/angular-query-experimental@5.45.0
  • @ tanstack/query-async-storage-persister@5.45.0
  • @ tanstack/angular-query-devtools-experimental@5.45.0
• 5.44.0 - 2024-06-11
  

  Version 5.44.0 - 6/11/2024, 1:13 PM

  Changes

  Feat

  • query-core: staleTime as a function (#7541) (96a743e) by Dominik Dorfmeister

  Packages

  • @ tanstack/query-core@5.44.0
  • @ tanstack/query-broadcast-client-experimental@5.44.0
  • @ tanstack/query-persist-client-core@5.44.0
  • @ tanstack/query-sync-storage-persister@5.44.0
  • @ tanstack/react-query@5.44.0
  • @ tanstack/react-query-devtools@5.44.0
  • @ tanstack/react-query-persist-client@5.44.0
  • @ tanstack/react-query-next-experimental@5.44.0
  • @ tanstack/solid-query@5.44.0
  • @ tanstack/solid-query-devtools@5.44.0
  • @ tanstack/solid-query-persist-client@5.44.0
  • @ tanstack/svelte-query@5.44.0
  • @ tanstack/svelte-query-devtools@5.44.0
  • @ tanstack/svelte-query-persist-client@5.44.0
  • @ tanstack/vue-query@5.44.0
  • @ tanstack/vue-query-devtools@5.44.0
  • @ tanstack/angular-query-experimental@5.44.0
  • @ tanstack/query-async-storage-persister@5.44.0
  • @ tanstack/angular-query-devtools-experimental@5.44.0
• 5.40.1 - 2024-06-04
• 5.40.0 - 2024-05-27
• 5.39.0 - 2024-05-25
• 5.38.0 - 2024-05-25
• 5.37.1 - 2024-05-18
• 5.36.2 - 2024-05-15
• 5.36.1 - 2024-05-15
• 5.36.0 - 2024-05-12
• 5.35.5 - 2024-05-10
• 5.35.4 - 2024-05-10
• 5.35.1 - 2024-05-06
• 5.34.2 - 2024-05-05
• 5.34.1 - 2024-05-04
• 5.32.1 - 2024-04-30
• 5.32.0 - 2024-04-23
• 5.31.0 - 2024-04-22
• 5.29.2 - 2024-04-11
• 5.29.0 - 2024-04-05
• 5.28.14 - 2024-04-02
• 5.28.13 - 2024-04-02
• 5.28.12 - 2024-04-02
• 5.28.9 - 2024-03-27
• 5.28.8 - 2024-03-25
• 5.28.6 - 2024-03-20
• 5.28.4 - 2024-03-15
• 5.28.2 - 2024-03-14
• 5.28.0 - 2024-03-13
• 5.27.5 - 2024-03-12
• 5.27.4 - 2024-03-12
• 5.27.3 - 2024-03-12
• 5.27.2 - 2024-03-12
• 5.27.1 - 2024-03-12
• 5.26.3 - 2024-03-11
• 5.25.0 - 2024-03-05
• 5.24.8 - 2024-03-04
• 5.24.7 - 2024-03-03
• 5.24.6 - 2024-03-02

from @tanstack/react-query GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[stacklok-cloud]

Minder Vulnerability Report ✅

Minder analyzed this PR and found no vulnerable dependencies.

Vulnerability scan of 33d4e674:

• 🐞 vulnerable packages: 0
• 🛠 fixes available for: 0

[stacklok-cloud-staging]

Minder Vulnerability Report ✅

Minder analyzed this PR and found no vulnerable dependencies.

Vulnerability scan of 33d4e674:

• 🐞 vulnerable packages: 0
• 🛠 fixes available for: 0

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@tanstack/react-query@5.48.0	environment	+1	3.1 MB	tannerlinsley

🚮 Removed packages: npm/@tanstack/react-query@5.24.6, npm/@types/bcryptjs@2.4.6, npm/@types/cors@2.8.17, npm/@types/express-rate-limit@6.0.0, npm/@types/express@4.17.20, npm/@types/jest@29.5.6, npm/@types/jsonwebtoken@9.0.6, npm/@types/marked@6.0.0

View full report↗︎

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source	CI
Install scripts	npm/nx@15.9.7	Install script: postinstall Source: node ./bin/compute-project-graph	package-lock.json package.json	🚫

View full report↗︎

Next steps

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/nx@15.9.7

[stacklok-cloud-staging]

Dependency Information

Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.

📦 Dependency: @nrwl/nx-darwin-arm64

Trusty Score: 0

Scoring details

Component	Score
Malicious	false
Package activity	0
Provenance	0

📦 Dependency: @nrwl/nx-darwin-x64

Trusty Score: 0

Scoring details

Component	Score
Package activity	0
Provenance	0
Malicious	false

📦 Dependency: @nrwl/nx-linux-arm-gnueabihf

Trusty Score: 0

Scoring details

Component	Score
Provenance	0
Malicious	false
Package activity	0

📦 Dependency: @nrwl/nx-linux-arm64-gnu

Trusty Score: 0

Scoring details

Component	Score
Malicious	false
Package activity	0
Provenance	0

📦 Dependency: @nrwl/nx-linux-arm64-musl

Trusty Score: 0

Scoring details

Component	Score
From	activity
Package activity	0
Provenance	5
Malicious	false
User activity	0
Repository activity	0

📦 Dependency: @nrwl/nx-linux-x64-gnu

Trusty Score: 0

Scoring details

Component	Score
Malicious	false
Package activity	0
Provenance	0

📦 Dependency: @nrwl/nx-linux-x64-musl

Trusty Score: 0

Scoring details

Component	Score
Malicious	false
Package activity	0
Provenance	0

📦 Dependency: @nrwl/nx-win32-arm64-msvc

Trusty Score: 0

Scoring details

Component	Score
Malicious	false
Package activity	0
Provenance	0

📦 Dependency: @nrwl/nx-win32-x64-msvc

Trusty Score: 0

Scoring details

Component	Score
Malicious	false
Package activity	0
Provenance	0

📦 Dependency: json-schema-traverse

Trusty Score: 4.8

Scoring details

Component	Score
Trust-summary	4.7
From	activity
Provenance	8
User activity	6.5
Repository activity	3.1
Package activity	4.8
Malicious	false

Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.

Published package versions	9
Number of git tags or releases	8
Versions matched to tags or releases	5