build: bump the all-npm-deps group in /src/ContentProcessorWeb with 13 updates

[dependabot]

Bumps the all-npm-deps group in /src/ContentProcessorWeb with 13 updates:

Package	From	To
@azure/msal-browser	5.3.0	5.6.2
@azure/msal-react	5.0.5	5.2.0
@fluentui/react-components	9.73.1	9.73.6
@fluentui/react-icons	2.0.320	2.0.323
axios	1.13.6	1.14.0
node-forge	1.3.3	1.4.0
nth-check	2.1.1	3.0.1
postcss	8.5.6	8.5.8
react-router-dom	7.13.1	7.13.2
globals	17.3.0	17.4.0
sass	1.97.3	1.98.0
typescript	5.9.3	6.0.2
typescript-eslint	8.56.1	8.58.0

Updates @azure/msal-browser from 5.3.0 to 5.6.2

Release notes

Sourced from @​azure/msal-browser's releases.

@​azure/msal-browser v5.6.2

5.6.2

Fri, 27 Mar 2026 16:35:28 GMT

Patches

• Remove hidden iframe after receiving response from the redirect bridge #8459 (kshabelko@microsoft.com)
• Cache auth response in sessionStorage and navigate to origin URL without appending auth parameters #8467 (kshabelko@microsoft.com)

@​azure/msal-browser v5.6.1

5.6.1

Thu, 19 Mar 2026 23:46:44 GMT

Patches

• Set correlation ID after initialization for NAA #8447 (shylasummers@microsoft.com)
• Bump eslint-config-msal to v0.0.0 (beachball)
• Bump msal-test-utils to v0.0.1 (beachball)
• Bump rollup-msal to v0.0.0 (beachball)

@​azure/msal-browser v5.6.0

5.6.0

Wed, 18 Mar 2026 20:47:24 GMT

Minor changes

• Add support for client data telemetry with CLI_DATA parameter #8378 (kshabelko@microsoft.com)
• Bump @​azure/msal-common to v16.4.0 (beachball)
• Bump eslint-config-msal to v0.0.0 (beachball)
• Bump msal-test-utils to v0.0.1 (beachball)
• Bump rollup-msal to v0.0.0 (beachball)

Patches

• getNativeAccountId() bugfix for v5 #8105 (lalimasharda@microsoft.com)

@​azure/msal-browser v5.5.0

5.5.0

Fri, 13 Mar 2026 22:36:58 GMT

Minor changes

• Add MCP Support #8363 (shylasummers@microsoft.com)
• Bump @​azure/msal-common to v16.3.0 (beachball)
• Bump eslint-config-msal to v0.0.0 (beachball)
• Bump msal-test-utils to v0.0.1 (beachball)

... (truncated)

Commits

• 37a2a06 Updates to MSAL React samples (#8473)
• 29f55fa [v5] Add support for React 16 and 17 (#8461)
• 2b995b1 Cache auth response in sessionStorage and navigate to origin URL without appe...
• ca600f4 Add screenshot parameter to E2E test templates (#8450)
• 5186f59 Bump beachball dependency to version 2.63.1 (#8453)
• 5e2a9ee Remove hidden iframe after receiving response from the redirect bridge (#8459)
• 93e7a7f Enhance documentation review instructions and add audit prompt for code chang...
• fb89f5d Post-release PR (#8451)
• 5c0394e Set correlation ID after initialization for NAA (#8447)
• 7b5a01f Enhance iframe usage documentation to address cross-origin iframe limitations...
• Additional commits viewable in compare view

Updates @azure/msal-react from 5.0.5 to 5.2.0

Release notes

Sourced from @​azure/msal-react's releases.

@​azure/msal-browser v5.2.0

5.2.0

Tue, 10 Feb 2026 23:04:27 GMT

Minor changes

• Add correlationId to events #8288 (thomas.norling@microsoft.com)
• Bump @​azure/msal-common to v16.0.4 (beachball)
• Bump eslint-config-msal to v0.0.0 (beachball)
• Bump msal-test-utils to v0.0.1 (beachball)
• Bump rollup-msal to v0.0.0 (beachball)

Patches

• Add correlationId to POST authorize request query params #8309 (hemoral@microsoft.com)
• Validate NAA broker response account #8286 (hemoral@microsoft.com)

@​azure/msal-react v5.2.0

5.2.0

Fri, 27 Mar 2026 16:35:28 GMT

Minor changes

• Extend peer dependency range to support React 16 (16.8+) and React 17 #8461 (joarroyo@microsoft.com)
• Bump @​azure/msal-browser to v5.6.2 (beachball)

@​azure/msal-angular v5.1.3

5.1.3

Wed, 18 Mar 2026 20:47:24 GMT

Patches

• Bump @​azure/msal-browser to v5.6.0 (beachball)
• Bump eslint-config-msal to v0.0.0 (beachball)

@​azure/msal-angular v5.1.2

5.1.2

Fri, 13 Mar 2026 22:36:57 GMT

Patches

• Add strictMatching runtime warning when strictMatching is not explicitly configured #8388 (joarroyo@microsoft.com)
• Update angular dependencies (joarroyo@microsoft.com)
• Bump @​azure/msal-browser to v5.5.0 (beachball)
• Bump eslint-config-msal to v0.0.0 (beachball)

... (truncated)

Commits

• 37a2a06 Updates to MSAL React samples (#8473)
• 29f55fa [v5] Add support for React 16 and 17 (#8461)
• 2b995b1 Cache auth response in sessionStorage and navigate to origin URL without appe...
• ca600f4 Add screenshot parameter to E2E test templates (#8450)
• 5186f59 Bump beachball dependency to version 2.63.1 (#8453)
• 5e2a9ee Remove hidden iframe after receiving response from the redirect bridge (#8459)
• 93e7a7f Enhance documentation review instructions and add audit prompt for code chang...
• fb89f5d Post-release PR (#8451)
• 5c0394e Set correlation ID after initialization for NAA (#8447)
• 7b5a01f Enhance iframe usage documentation to address cross-origin iframe limitations...
• Additional commits viewable in compare view

Updates @fluentui/react-components from 9.73.1 to 9.73.6

Commits

• 8244b43 release: applying package updates - react-components
• ee548ba feat(react-spinbutton): add useSpinButtonBase_unstable hook (#35907)
• 99713fd fix(react-badge): fix PresenceBadge aria-label regression (#35927)
• ca8968a feat(react-radio): expose base state hooks for Radio components (#35894)
• 93d6841 feat(react-search): add SearchBox typeahead/autocomplete Storybook story and ...
• 1e832bd feat(react-progress): migrate ProgressBar from CSS to motion components (#35883)
• a72cc70 feat(motion): add motionSlot() as parallel to presenceMotionSlot() (#35888)
• 60e5930 feat(react-accordion): expose base hooks and types for Accordion components (...
• 11e5094 release: applying package updates - react-components
• dc6108e feat(react-card): add useCardBase_unstable hook (#35824)
• Additional commits viewable in compare view

Updates @fluentui/react-icons from 2.0.320 to 2.0.323

Commits

• See full diff in compare view

Updates axios from 1.13.6 to 1.14.0

Release notes

Sourced from axios's releases.

v1.14.0

This release focuses on compatibility fixes, adapter stability improvements, and test/tooling modernisation.

⚠️ Important Changes

• Breaking Changes: None identified in this release.
• Action Required: If you rely on env-based proxy behaviour or CJS resolution edge-cases, validate your integration after upgrade (notably proxy-from-env v2 alignment and main entry compatibility fix).

🚀 New Features

• Runtime Features: No new end-user features were introduced in this release.
• Test Coverage Expansion: Added broader smoke/module test coverage for CJS and ESM package usage. (#7510)

🐛 Bug Fixes

• Headers: Trim trailing CRLF in normalised header values. (#7456)
• HTTP/2: Close detached HTTP/2 sessions on timeout to avoid lingering sessions. (#7457)
• Fetch Adapter: Cancel ReadableStream created during request-stream capability probing to prevent async resource leaks. (#7515)
• Proxy Handling: Fixed env proxy behavior with proxy-from-env v2 usage. (#7499)
• CommonJS Compatibility: Fixed package main entry regression affecting CJS consumers. (#7532)

🔧 Maintenance & Chores

• Security/Dependencies: Updated formidable and refreshed package set to newer versions. (#7533, #10556)
• Tooling: Continued migration to Vitest and modernised CI/test harnesses. (#7484, #7489, #7498)
• Build/Lint Stack: Rollup, ESLint, TypeScript, and related dev-dependency updates. (#7508, #7509, #7522)
• Documentation: Clarified JSON parsing and adapter-related docs/comments. (#7398, #7460, #7478)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve Axios:

• @​aviu16 (#7456)
• @​NETIZEN-11 (#7460)
• @​fedotov (#7457)
• @​nthbotast (#7478)
• @​veeceey (#7398)
• @​penkzhou (#7515)

Full Changelog: v1.13.6...v1.14.0

Commits

• 46bee3d chore(release): prepare release 1.14.0 (#10563)
• 518aff5 chore: add AI Moderator workflow for spam detection (#10551)
• b7dfda3 chore(sponsor): update sponsor block (#10557)
• 9aa34d5 fix: updated release flow to match the current flows (#10562)
• e9e5ebe Update packages to latest version (#10556)
• 4d8931c fix: formidable dependency vulnerable to arbitrary (#7533)
• 3a6f5c1 chore(deps-dev): bump @​babel/preset-env (#7531)
• bcfd299 fix: bug axios breaks commonjs compatibility main entry (#7532)
• d6dcbfd fix: dependabot uses the correct labels (#7530)
• 5dd7ba7 chore: upgrade to latest ts (#7522)
• Additional commits viewable in compare view

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Updates node-forge from 1.3.3 to 1.4.0

Changelog

Sourced from node-forge's changelog.

1.4.0 - 2026-03-24

Security

• HIGH: Denial of Service in BigInteger.modInverse()
  • A Denial of Service (DoS) vulnerability exists due to an infinite loop in the BigInteger.modInverse() function (inherited from the bundled jsbn library). When modInverse() is called with a zero value as input, the internal Extended Euclidean Algorithm enters an unreachable exit condition, causing the process to hang indefinitely and consume 100% CPU.
  • Reported by Kr0emer.
  • CVE ID: CVE-2026-33891
  • GHSA ID: GHSA-5gfm-wpxj-wjgq
• HIGH: Signature forgery in RSA-PKCS due to ASN.1 extra field.
  • RSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low public exponent keys (e=3). Attackers can forge signatures by stuffing "garbage" bytes within the ASN.1 structure in order to construct a signature that passes verification, enabling Bleichenbacher style forgery. This issue is similar to CVE-2022-24771, but adds bytes in an addition field within the ASN.1 structure, rather than outside of it.
  • Additionally, forge does not validate that signatures include a minimum of 8 bytes of padding as defined by the specification, providing attackers additional space to construct Bleichenbacher forgeries.
  • Reported as part of a U.C. Berkeley security research project by:
    • Austin Chu, Sohee Kim, and Corban Villa.
  • CVE ID: CVE-2026-33894
  • GHSA ID: GHSA-ppp5-5v6c-4jwp
• HIGH: Signature forgery in Ed25519 due to missing S < L check.
  • Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the group order (S >= L). A valid signature and its S + L variant both verify in forge, while Node.js crypto.verify (OpenSSL-backed) rejects the S + L variant, as defined by the specification. This class of signature malleability has been exploited in practice to bypass authentication and authorization logic (see CVE-2026-25793, CVE-2022-35961). Applications relying on signature uniqueness (i.e., dedup by signature bytes, replay tracking, signed-object canonicalization checks) may be bypassed.
  • Reported as part of a U.C. Berkeley security research project by:
    • Austin Chu, Sohee Kim, and Corban Villa.
  • CVE ID: CVE-2026-33895
  • GHSA ID: GHSA-q67f-28xg-22rw
• HIGH: basicConstraints bypass in certificate chain verification.
  • pki.verifyCertificateChain() does not enforce RFC 5280 basicConstraints requirements when an intermediate certificate lacks both the basicConstraints and keyUsage extensions. This allows any leaf certificate (without these extensions) to act as a CA and sign other certificates, which node-forge will accept as valid.
  • Reported by Doruk Tan Ozturk (@​peaktwilight) - doruk.ch
  • CVE ID: CVE-2026-33896
  • GHSA ID: GHSA-2328-f5f3-gj25

... (truncated)

Commits

• fa385f9 Release 1.4.0.
• 07d4e16 Update changelog.
• cb90fd9 Update changelog.
• 963e7c5 Add unit test for "pseudonym"
• f0b6f5b Add pseudonym OID
• 3df48a3 Fix missing CVE ID.
• 2e49283 Add x509 basicConstraints check.
• bdecf11 Add canonical signature scaler check for S < L.
• af094e6 Add RSA padding and DigestInfo length checks.
• 796eeb1 Improve jsbn fix.
• Additional commits viewable in compare view

Updates nth-check from 2.1.1 to 3.0.1

Release notes

Sourced from nth-check's releases.

v3.0.1

Include source files for source maps.

v3.0.0

What's Changed

• BREAKING: Make ESM-only by @​fb55 in fb55/nth-check#1138

Full Changelog: fb55/nth-check@v2.1.1...v3.0.0

Commits

• 395790b 3.0.1
• 230f904 fix: include source files for source maps
• 4fb8a2e chore(deps-dev): Bump @​feedic/eslint-config from 0.2.3 to 0.3.1 (#1133)
• 64557a7 3.0.0
• 954d19f refactor!: ESM-only (#1138)
• 621cedb chore(deps-dev): Bump typescript-eslint from 8.57.0 to 8.57.1 (#1136)
• 44a855c chore(deps-dev): Bump @​biomejs/biome from 2.4.6 to 2.4.7 (#1135)
• a550821 chore: Remove Tidelift funding information (#1134)
• 74a461a chore(deps-dev): Bump @​types/node from 25.4.0 to 25.5.0 (#1132)
• ff208d5 chore(deps-dev): Bump typescript-eslint from 8.56.1 to 8.57.0 (#1130)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for nth-check since your current version.

Updates postcss from 8.5.6 to 8.5.8

Release notes

Sourced from postcss's releases.

8.5.8

• Fixed Processor#version.

8.5.7

• Improved source map annotation cleaning performance (by CodeAnt AI).

Changelog

Sourced from postcss's changelog.

8.5.8

• Fixed Processor#version.

8.5.7

• Improved source map annotation cleaning performance (by CodeAnt AI).

Commits

• 65de537 Release 8.5.8 version
• b2c6d97 Run git hook register
• 0ae0a49 Update Processor#version
• 6ee9f14 Release 8.5.7 version
• 3fbc951 Fix uvu Node.js 25 support
• 52db53e Update dependencies
• 497daef Speed up source map annotation cleaning by moving from RegExp
• 41e739a Remove banner
• 1329142 chore: speed up space-only string check in lib/parser.js (#2064)
• 23beff9 Update dependencies
• Additional commits viewable in compare view

Updates react-router-dom from 7.13.1 to 7.13.2

Changelog

Sourced from react-router-dom's changelog.

7.13.2

Patch Changes

• Updated dependencies:
  • react-router@7.13.2

Commits

• aadb56f chore: Update version for release (#14908)
• c68a9b3 chore: Update version for release (pre) (#14893)
• See full diff in compare view

Updates globals from 17.3.0 to 17.4.0

Release notes

Sourced from globals's releases.

v17.4.0

• Update globals (2026-03-01) (#338) d43a051

---

sindresorhus/globals@v17.3.0...v17.4.0

Commits

• a9cfd74 17.4.0
• d43a051 Update globals (2026-03-01) (#338)
• See full diff in compare view

Updates sass from 1.97.3 to 1.98.0

Release notes

Sourced from sass's releases.

Dart Sass 1.98.0

To install Sass 1.98.0, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

Command-Line Interface

• Gracefully handle dependency loops in --watch mode.

Dart API

• Add a const Logger.defaultLogger field. This provides a logger that emits to standard error or the browser console, but automatically chooses whether to use terminal colors.

JavaScript API

• Fix a crash when manually constructing a SassCalculation for 'calc' with an argument that can't be simplified.

• Properly emit deprecation warnings as text rather than StringBuffer objects when running in a browser.

• Emit colored warnings and other messages on the console when running in a browser.

See the full changelog for changes in earlier releases.

Changelog

Sourced from sass's changelog.

1.98.0

Command-Line Interface

• Gracefully handle dependency loops in --watch mode.

Dart API

• Add a const Logger.defaultLogger field. This provides a logger that emits to standard error or the browser console, but automatically chooses whether to use terminal colors.

JavaScript API

• Fix a crash when manually constructing a SassCalculation for 'calc' with an argument that can't be simplified.

• Properly emit deprecation warnings as text rather than StringBuffer objects when running in a browser.

• Emit colored warnings and other messages on the console when running in a browser.

Commits

• 5a81ae3 Bump version to 1.98.0 (#2754)
• e25e71d Update immutable to v5.1.5 (#2753)
• 43fac1a Bump actions/upload-artifact from 6 to 7 (#2747)
• 8b85c9a Bump actions/download-artifact from 7 to 8 (#2749)
• 00f83f0 Bump postcss from 8.5.6 to 8.5.8 in /pkg/sass-parser (#2752)
• 0a325a4 Bump actions/attest-build-provenance from 3 to 4 (#2748)
• 7fb3c0f Gracefully handle dependency loops in watch mode (#2746)
• e86d044 Bump eslint from 9.39.3 to 10.0.1 in /pkg/sass-parser (#2743)
• 4bcd256 Add Logger.defaultLogger to automatically choose whether to use colors (#2742)
• c3f8ff0 Always convert printed objects to strings in JS (#2741)
• Additional commits viewable in compare view

Updates typescript from 5.9.3 to 6.0.2

Release notes

Sourced from typescript's releases.

TypeScript 6.0

For release notes, check out the release announcement blog post.

• fixed issues query for TypeScript 6.0.0 (Beta).
• fixed issues query for TypeScript 6.0.1 (RC).
• fixed issues query for TypeScript 6.0.2 (Stable).

Downloads are available on:

• npm

TypeScript 6.0 Beta

For release notes, check out the release announcement.

• fixed issues query for Typescript 6.0.0 (Beta).

Downloads are available on:

• npm

Commits

• 607a22a Bump version to 6.0.2 and LKG
• 9e72ab7 🤖 Pick PR #63239 (Fix missing lib files in reused pro...) into release-6.0 (#...
• 35ff23d 🤖 Pick PR #63163 (Port anyFunctionType subtype fix an...) into release-6.0 (#...
• e175b69 Bump version to 6.0.1-rc and LKG
• af4caac Update LKG
• 8efd7e8 Merge remote-tracking branch 'origin/main' into release-6.0
• 206ed1a Deprecate assert in import() (#63172)
• e688ac8 Update dependencies (#63156)
• 29b300d Bump the github-actions group across 1 directory with 2 updates (#63205)
• 0c2c7a3 DOM update (#63183)
• Additional commits viewable in compare view

Updates typescript-eslint from 8.56.1 to 8.58.0

Release notes

Sourced from typescript-eslint's releases.

v8.58.0

8.58.0 (2026-03-30)

🚀 Features

• support TypeScript 6 (#12124)

🩹 Fixes

• eslint-plugin: crash in no-unnecessary-type-arguments (#12163)
• eslint-plugin: [no-extraneous-class] handle index signatures (#12142)
• eslint-plugin: [prefer-regexp-exec] avoid fixing unknown RegExp flags (#12161)

❤️ Thank You

• ej shafran @​ej-shafran
• Evyatar Daud @​StyleShit
• GG ZIBLAKING
• milkboy2564 @​SeolJaeHyeok
• teee32 @​teee32

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.57.2

8.57.2 (2026-03-23)

🩹 Fixes

• eslint-plugin: [prefer-optional-chain] remove dangling closing parenthesis (#11865)
• eslint-plugin: [array-type] ignore Array and ReadonlyArray without type arguments (#11971)
• eslint-plugin: [no-restricted-types] flag banned generics in extends or implements (#12120)
• eslint-plugin: [no-unsafe-return] false positive on unwrapping generic (#12125)
• eslint-plugin: [no-unsafe-return] false positive on unwrapping generic (#12125)
• eslint-plugin: [no-useless-default-assignment] skip reporting false positives for unresolved type parameters (#12127)
• eslint-plugin: [prefer-readonly-parameter-types] preserve type alias infomation (#11954)
• typescript-estree: skip createIsolatedProgram fallback for projectService (#12066, #12065)

❤️ Thank You

• Kirk Waiblinger @​kirkwaiblinger
• Konv Suu
• mdm317
• Newton Yuan @​NewtonYuan
• RyoheiYamamoto
• SungHyun627 @​SungHyun627
• Tamashoo @​Tamashoo

See GitHub Releases for more information.

... (truncated)

Changelog

Sourced from typescript-eslint's changelog.

8.58.0 (2026-03-30)

🚀 Features

• support TypeScript 6 (#12124)

❤️ Thank You

• Evyatar Daud @​StyleShit

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.57.2 (2026-03-23)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.57.1 (2026-03-16)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.57.0 (2026-03-09)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

• 4933417 chore(release): publish 8.58.0
• 8cde2d0 feat: support TypeScript 6 (#12124)
• be4d54d chore(release): publish 8.57.2
• c7c38aa chore(release): publish 8.57.1
• 2c6aeee chore(release): publish 8.57.0
• f696dad chore: use pnpm catalog (#12047)
• a09921e chore: update vitest to 4.x (#12071)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions