chore(deps): update npm packages

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
playwright (source)	1.61.0 → 1.61.1
recharts	3.8.1 → 3.9.0
semver	7.8.4 → 7.8.5

---

Release Notes

microsoft/playwright (playwright)

v1.61.1

Compare Source

recharts/recharts (recharts)

v3.9.0

Compare Source

What's Changed

Animations

3.9 comes with new animations! There are several bug fixes and what's best, all animations are now fully customizable.

See the animations guide on https://recharts.github.io/en-US/guide/animations/

• Animation guide by @​PavelVanecek in #​7179
• Animation tests by @​PavelVanecek in #​7255
• New animation props by @​PavelVanecek in #​7215
• test: cover legacy animation length changes by @​PavelVanecek in #​7283
• test: add sparse animation path tests for Line component by @​PavelVanecek in #​7295
• Export and document interpolate function by @​PavelVanecek in #​7293
• test: enhance line animation tests for ComposedChart and responsive by @​PavelVanecek in #​7289
• Manual animations on website by @​PavelVanecek in #​7483
• Add new example where chart animates by scroll by @​PavelVanecek in #​7484
• fix: preserve single-value line dash gaps during animation by @​puneetdixit200 in #​7405
• Add animate-by-scroll example and update docs by @​PavelVanecek in #​7487
• Add custom fillOpacity on hover website example by @​PavelVanecek in #​7489
• honorable mention to @​robjampar for PR #​6973 which ended up declined but it introduced the starting idea for the new animation props

New features other than animations

• Expose and document chart layout hooks and layout types in public API by @​Copilot in #​7265
• feat: allow HTML attributes passthrough on ResponsiveContainer by @​techcodie in #​7168
• feat: add nodeInset and nodeGap properties to Treemap for better la… by @​MaximSrour in #​7044
• feat(PieChart): add dataKey to Legend payload by @​Harikrushn9118 in #​7137

Bugfixes

• fix: preserve valid falsy custom names (0, "") in tooltips by @​vamsi2246 in #​7175
• fix(ResponsiveContainer): Fix erroneous console warning on init by @​andypoorman in #​7174
• fix(DataUtils): improve isPercent validation to exclude invalid formats by @​vamsi2246 in #​7178
• fix(BarChart): render stacked bars when all values are 0 (#​6235) by @​andypoorman in #​7199
• fix(Sankey): prevent NaN node positions when link values sum to zero by @​Mridul012 in #​7185
• fix(Funnel): prevent NaN coordinate layout crash when all values are zero by @​Mridul012 in #​7184
• fixes an issue where XAxis and YAxis padding were ignored by the clipping mask when allowDataOverflow={true} was used alongside a restricted domain by @​emiedonmokumo in #​7232
• fix: use originalDataIndex for tooltip dispatch in Bar by @​mayrang in #​7273
• fix: resolve TypeScript 6 deprecation errors in tsconfig files by @​shreedharbhat98 in #​7285
• fix(bar): use Math.round instead of bitwise truncation for bar positioning by @​EduardF1 in #​7297
• fix(types): propagate Tooltip types in chart helper contexts by @​mixelburg in #​7125
• fix(Legend): prevent overlap with chart on container resize by @​maroKanatani in #​7201
• test(YAxis): failing repro for #​7362 — function domain doesn't render ticks on empty/all-null data by @​nlenepveu in #​7384

Tree-shaking

We now have focused tree-shaking tests that allow us to observe exactly which components end up in the final bundle and why. I have also removed some unnecessary loops and you should see the final bundle size decrease somewhat as a result.

There are also two new examples on the website, showing real bundle size:

• https://recharts.github.io/recharts/canary/www/en-US/examples/BundleSizeTreemap/
• https://recharts.github.io/recharts/canary/www/en-US/examples/BundleSizeSunburst/

• Improve bundle tracing and tree-shaking for Shape defaults by @​PavelVanecek in #​7348
• Refactor Shape props to reduce bundle sizes by @​PavelVanecek in #​7349
• Types: switch Shape from spread to separate prop object by @​PavelVanecek in #​7351

Documentation updates

• docs: clarify valid types for axis tick prop by @​Harikrushn9118 in #​7191
• style: update layout gaps and add new navigation links by @​PavelVanecek in #​7412
• www: show deployed commit hash in footer across production and staging builds by @​Copilot in #​7258
• Replace old bundle-viz with two new chart examples by @​PavelVanecek in #​7390
• Remove our custom storybook plugins by @​PavelVanecek in #​7382
• feat: add PolarAngleAxis component storybook story by @​whatfontisthis in #​7243
• feat: add LabelList component Storybook story by @​whatfontisthis in #​7244
• docs: add Windows install workaround to DEVELOPING.md by @​harsh-05 in #​7324
• docs: add @​since 3.9 annotation to hooks by @​PavelVanecek in #​7326
• Add @​since annotation to useChartLayout by @​PavelVanecek in #​7360
• Add since annotation to useActiveTooltipDataPoints by @​PavelVanecek in #​7338
• devops: upload test results to Flakiness.io by @​aslushnikov in #​7359
• Omnidoc: add API examples support and enhance example discovery by @​PavelVanecek in #​7342
• Dedup website examples by @​PavelVanecek in #​7340
• Remove Area.baseLine type by @​PavelVanecek in #​7317
• docs: add session storage support for controls state by @​PavelVanecek in #​7279
• fix(Scatter): use HTTPS in JSDoc links by @​Parth10P in #​7192
• Update copyright year to 2026 by @​ojhawkins in #​7288
• Fix Legend props not appearing in omnidoc website by @​Copilot in #​7203
• docs: add Deno to install instructions by @​bartlomieju in #​7473

New Contributors

• @​MaximSrour made their first contribution in #​7044
• @​vamsi2246 made their first contribution in #​7175
• @​andypoorman made their first contribution in #​7174
• @​Mridul012 made their first contribution in #​7185
• @​emiedonmokumo made their first contribution in #​7232
• @​mayrang made their first contribution in #​7273
• @​legions-developer made their first contribution in #​7280
• @​ojhawkins made their first contribution in #​7288
• @​EduardF1 made their first contribution in #​7297
• @​harsh-05 made their first contribution in #​7324
• @​aslushnikov made their first contribution in #​7359
• @​maroKanatani made their first contribution in #​7201
• @​techcodie made their first contribution in #​7168
• @​whatfontisthis made their first contribution in #​7243
• @​nlenepveu made their first contribution in #​7384
• @​bartlomieju made their first contribution in #​7473
• @​puneetdixit200 made their first contribution in #​7405

Full Changelog: recharts/recharts@v3.8.1...v3.9.0-canary.0

npm/node-semver (semver)

v7.8.5

Compare Source

Bug Fixes

• 9c8692a #​878 include prereleases in tilde range lower bound with includePrerelease (#​878) (@​chatman-media)

---

Configuration

📅 Schedule: (in timezone Asia/Shanghai)

• Branch creation
  • "before 10am on monday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	recharts@​3.9.0
	playwright@​1.61.1
	semver@​7.8.5

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm immer is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pnpm-lock.yaml → npm/recharts@3.9.0 → npm/immer@11.1.8 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/immer@11.1.8. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm recharts is 62.0% likely obfuscated Confidence: 0.62 Location: Package overview From: apps/dashboard/package.json → npm/recharts@3.9.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/recharts@3.9.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report