fix(deps): update dependency @tanstack/react-query-next-experimental to v5.18.0 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@tanstack/react-query-next-experimental (source)	5.17.7 -> 5.18.0

GitHub Vulnerability Alerts

CVE-2024-24558

Impact

The @tanstack/react-query-next-experimental NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this, an attacker would need to either inject malicious input or arrange to have malicious input be returned from an endpoint.

This vulnerability arises from improper handling of untrusted input when @tanstack/react-query-next-experimental performs server-side rendering of HTML pages. To fix this vulnerability, we implemented appropriate escaping to prevent javascript injection into rendered pages.

Patches

To fix this issue, please update to version 5.18.0 or later.

Workarounds

There are no known workarounds for this issue. Please update to version 5.18.0 or later.

---

Release Notes

tanstack/query (@​tanstack/react-query-next-experimental)

v5.18.0

Compare Source

Version 5.18.0 - 1/30/2024, 5:32 PM

Changes

Feat

• fix potential xss injection (1244043) by Dominik Dorfmeister

Chore

• integrations/react-*: add eslintrc to resolve error (#​6749) (62704ce) by @​manudeli

Docs

• angular-query: run prettier on quickstart (#​6782) (8fff654) by Arnoud
• angular-query: Update quick-start.md (#​6775) (e726e69) by Michael Be
• angular-query: add examples to menu (#​6781) (9c561b2) by Arnoud

Other

• Merge pull request from GHSA-997g-27x8-43rf (f2ddaf2) by Dominik Dorfmeister

Doc

• Change the onMutate optional description to capitalize. (#​6773) (58b3de8) by Jeong-Sik Yun

Ci

• eslint: add rule to encourage generic naming convention as ^(T|T[A-Z][A-Za-z]+)$ (#​6684) (c774772) by @​manudeli
• eslint: add @​cspell/eslint-plugin to prevent misspelling (error) (#​6718) (b32ad24) by @​manudeli
• sherif: ignore-package ./integrations/* (#​6750) (1f77c12) by @​manudeli

Packages

• @​tanstack/eslint-plugin-query@​5.18.0
• @​tanstack/query-async-storage-persister@​5.18.0
• @​tanstack/query-core@​5.18.0
• @​tanstack/query-devtools@​5.18.0
• @​tanstack/query-persist-client-core@​5.18.0
• @​tanstack/query-sync-storage-persister@​5.18.0
• @​tanstack/react-query@​5.18.0
• @​tanstack/react-query-next-experimental@​5.18.0
• @​tanstack/solid-query@​5.18.0
• @​tanstack/solid-query-persist-client@​5.18.0
• @​tanstack/svelte-query@​5.18.0
• @​tanstack/vue-query@​5.18.0
• @​tanstack/angular-query-experimental@​5.18.0
• @​tanstack/query-broadcast-client-experimental@​5.18.0
• @​tanstack/react-query-devtools@​5.18.0
• @​tanstack/react-query-persist-client@​5.18.0
• @​tanstack/solid-query-devtools@​5.18.0
• @​tanstack/svelte-query-devtools@​5.18.0
• @​tanstack/svelte-query-persist-client@​5.18.0
• @​tanstack/vue-query-devtools@​5.18.0
• @​tanstack/angular-query-devtools-experimental@​5.18.0

v5.17.19

Compare Source

Version 5.17.19 - 1/20/2024, 2:40 PM

Changes

Fix

• query-core: mutation meta typing (#​6680) (a7891b9) by Nicolas J

Packages

• @​tanstack/query-core@​5.17.19
• @​tanstack/query-broadcast-client-experimental@​5.17.19
• @​tanstack/query-persist-client-core@​5.17.19
• @​tanstack/query-sync-storage-persister@​5.17.19
• @​tanstack/react-query@​5.17.19
• @​tanstack/react-query-devtools@​5.17.19
• @​tanstack/react-query-persist-client@​5.17.19
• @​tanstack/react-query-next-experimental@​5.17.19
• @​tanstack/solid-query@​5.17.19
• @​tanstack/solid-query-devtools@​5.17.19
• @​tanstack/solid-query-persist-client@​5.17.19
• @​tanstack/svelte-query@​5.17.19
• @​tanstack/svelte-query-devtools@​5.17.19
• @​tanstack/svelte-query-persist-client@​5.17.19
• @​tanstack/vue-query@​5.17.19
• @​tanstack/vue-query-devtools@​5.17.19
• @​tanstack/angular-query-experimental@​5.17.19
• @​tanstack/query-async-storage-persister@​5.17.19
• @​tanstack/angular-query-devtools-experimental@​5.17.19

v5.17.15

Compare Source

Version 5.17.15 - 1/16/2024, 7:35 PM

Changes

Fix

• query-core: replaceEqualDeep correctly handles values that contain undefined (#​6719) (1dd372f) by Manuel Schiller

Packages

• @​tanstack/query-core@​5.17.15
• @​tanstack/query-broadcast-client-experimental@​5.17.15
• @​tanstack/query-persist-client-core@​5.17.15
• @​tanstack/query-sync-storage-persister@​5.17.15
• @​tanstack/react-query@​5.17.15
• @​tanstack/react-query-devtools@​5.17.15
• @​tanstack/react-query-persist-client@​5.17.15
• @​tanstack/react-query-next-experimental@​5.17.15
• @​tanstack/solid-query@​5.17.15
• @​tanstack/solid-query-devtools@​5.17.15
• @​tanstack/solid-query-persist-client@​5.17.15
• @​tanstack/svelte-query@​5.17.15
• @​tanstack/svelte-query-devtools@​5.17.15
• @​tanstack/svelte-query-persist-client@​5.17.15
• @​tanstack/vue-query@​5.17.15
• @​tanstack/vue-query-devtools@​5.17.15
• @​tanstack/angular-query-experimental@​5.17.15
• @​tanstack/query-async-storage-persister@​5.17.15

v5.17.14

Compare Source

Version 5.17.14 - 1/16/2024, 2:33 PM

Changes

Fix

• query-core: computed properties of QueryObserverResult (#​6716) (9dc3eaa) by Kirby

Packages

• @​tanstack/query-core@​5.17.14
• @​tanstack/query-broadcast-client-experimental@​5.17.14
• @​tanstack/query-persist-client-core@​5.17.14
• @​tanstack/query-sync-storage-persister@​5.17.14
• @​tanstack/react-query@​5.17.14
• @​tanstack/react-query-devtools@​5.17.14
• @​tanstack/react-query-persist-client@​5.17.14
• @​tanstack/react-query-next-experimental@​5.17.14
• @​tanstack/solid-query@​5.17.14
• @​tanstack/solid-query-devtools@​5.17.14
• @​tanstack/solid-query-persist-client@​5.17.14
• @​tanstack/svelte-query@​5.17.14
• @​tanstack/svelte-query-devtools@​5.17.14
• @​tanstack/svelte-query-persist-client@​5.17.14
• @​tanstack/vue-query@​5.17.14
• @​tanstack/vue-query-devtools@​5.17.14
• @​tanstack/angular-query-experimental@​5.17.14
• @​tanstack/query-async-storage-persister@​5.17.14

v5.17.12

Compare Source

Version 5.17.12 - 1/15/2024, 9:27 AM

Changes

Fix

• types: repair wrong types passed to DataTag (#​6699) (020ac08) by @​lukemorales

Chore

• sherif: remove unnecessary option and ignore directory (#​6701) (4a93146) by @​manudeli

Other

• Revert "chore(sherif): remove unnecessary option and ignore directory" (#​6703) (22caf2a) by Dominik Dorfmeister

Packages

• @​tanstack/react-query@​5.17.12
• @​tanstack/vue-query@​5.17.12
• @​tanstack/angular-query-experimental@​5.17.12
• @​tanstack/react-query-devtools@​5.17.12
• @​tanstack/react-query-persist-client@​5.17.12
• @​tanstack/react-query-next-experimental@​5.17.12
• @​tanstack/vue-query-devtools@​5.17.12

v5.17.10

Compare Source

Version 5.17.10 - 1/12/2024, 10:50 PM

Changes

Fix

• query-core: replaceEqualDeep now handles objects with the same number of properties and one property being undefined (#​6693) (9d1fd29) by Manuel Schiller

Chore

• angular-query: add query options tests (#​6677) (91fb1eb) by Arnoud

Packages

• @​tanstack/query-core@​5.17.10
• @​tanstack/angular-query-experimental@​5.17.10
• @​tanstack/query-broadcast-client-experimental@​5.17.10
• @​tanstack/query-persist-client-core@​5.17.10
• @​tanstack/query-sync-storage-persister@​5.17.10
• @​tanstack/react-query@​5.17.10
• @​tanstack/react-query-devtools@​5.17.10
• @​tanstack/react-query-persist-client@​5.17.10
• @​tanstack/react-query-next-experimental@​5.17.10
• @​tanstack/solid-query@​5.17.10
• @​tanstack/solid-query-devtools@​5.17.10
• @​tanstack/solid-query-persist-client@​5.17.10
• @​tanstack/svelte-query@​5.17.10
• @​tanstack/svelte-query-devtools@​5.17.10
• @​tanstack/svelte-query-persist-client@​5.17.10
• @​tanstack/vue-query@​5.17.10
• @​tanstack/vue-query-devtools@​5.17.10
• @​tanstack/query-async-storage-persister@​5.17.10

v5.17.9

Compare Source

Version 5.17.9 - 1/8/2024, 12:53 AM

Changes

Fix

• angular-query: type narrowing on query and mutation results (#​6662) (e423ebf) by Rares Golea

Chore

• query-core: rename QueryStore"s methods" parameter queryKey as queryHash correctly (#​6661) (a8f5db0) by @​manudeli

Packages

• @​tanstack/query-core@​5.17.9
• @​tanstack/angular-query-experimental@​5.17.9
• @​tanstack/query-broadcast-client-experimental@​5.17.9
• @​tanstack/query-persist-client-core@​5.17.9
• @​tanstack/query-sync-storage-persister@​5.17.9
• @​tanstack/react-query@​5.17.9
• @​tanstack/react-query-devtools@​5.17.9
• @​tanstack/react-query-persist-client@​5.17.9
• @​tanstack/react-query-next-experimental@​5.17.9
• @​tanstack/solid-query@​5.17.9
• @​tanstack/solid-query-devtools@​5.17.9
• @​tanstack/solid-query-persist-client@​5.17.9
• @​tanstack/svelte-query@​5.17.9
• @​tanstack/svelte-query-devtools@​5.17.9
• @​tanstack/svelte-query-persist-client@​5.17.9
• @​tanstack/vue-query@​5.17.9
• @​tanstack/vue-query-devtools@​5.17.9
• @​tanstack/query-async-storage-persister@​5.17.9

v5.17.8

Compare Source

Version 5.17.8 - 1/7/2024, 9:50 AM

Changes

Refactor

• query-core: use constructor shorthand to remove duplicated code (#​6660) (1317aa5) by @​manudeli

Chore

• Fix incorrect npm tag for previous version release (#​6658) (df08994) by Lachlan Collins

Packages

• @​tanstack/query-core@​5.17.8
• @​tanstack/query-broadcast-client-experimental@​5.17.8
• @​tanstack/query-persist-client-core@​5.17.8
• @​tanstack/query-sync-storage-persister@​5.17.8
• @​tanstack/react-query@​5.17.8
• @​tanstack/react-query-devtools@​5.17.8
• @​tanstack/react-query-persist-client@​5.17.8
• @​tanstack/react-query-next-experimental@​5.17.8
• @​tanstack/solid-query@​5.17.8
• @​tanstack/solid-query-devtools@​5.17.8
• @​tanstack/solid-query-persist-client@​5.17.8
• @​tanstack/svelte-query@​5.17.8
• @​tanstack/svelte-query-devtools@​5.17.8
• @​tanstack/svelte-query-persist-client@​5.17.8
• @​tanstack/vue-query@​5.17.8
• @​tanstack/vue-query-devtools@​5.17.8
• @​tanstack/angular-query-experimental@​5.17.8
• @​tanstack/query-async-storage-persister@​5.17.8

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.