chore(deps-dev): bump react-dnd-html5-backend from 2.6.0 to 16.0.1

[dependabot]

Bumps react-dnd-html5-backend from 2.6.0 to 16.0.1.

Release notes

Sourced from react-dnd-html5-backend's releases.

v16.0.0

Major

• Packages are now ESM-Only (https://gist.github.com/sindresorhus/a39789f98801d908bbc7ff3ecc99d99c)
• Node 18 Support

v15.1.2

The utility packages @react-dnd/invariant, @react-dnd/shallowequal, and @react-dnd/asap (which are forks of popular libraries) have been included in the monorepo and built using the same output mechanisms as the react-dnd core packages (dual EJS/CSM).

@react-dnd/asap has been simplified to remove the node variant, which relied on deprecated APIs

v15.1.0

• All packages now have verified ESM support
• Packages expose CJS/ESM surface are via pkg.exports

v15.0.2

This release uses output from swc using the 'es2017' target instead of using output from 'tsc' using the 'ESNext' target.

v15.0.1

This release fixes issues with the ESM-only structure of v15.0.0. All packages are now in their prior CommonJS/ESM format.

v15.0.0

Major Changes

• The react-dnd packages are now published as ESM-only with type: module. See this FAQ by sindresorhus: https://gist.github.com/sindresorhus/a39789f98801d908bbc7ff3ecc99d99c

• The Decorators API has been removed and fully replaced by the Hooks API. The Decorators API was difficult to develop & type correctly, and this improves its maintainability.

• The builds no longer use babel & preset-env. The library is transpiled using SWC into the "es2017" target, which assumes async/await is available. This should reduce bundle sizes by removing polyfills and support-code which may be unnecessary in your target.

Bugfixes

• Improve data-transfer acquisition from File inputs (#3262)
• Don't set the 'draggable' attribute unless canDrag is true (#3187)
• Improve typings of DropTargetMonitor, DragLayerMonitor (#3300, #3341)

v14.0.3

Updated

react-dnd: 14.0.3 react-dnd-html5-backend: 14.0.1 react-dnd-touch-backend: 14.1.0

Patch Updates

• Fix drop operations in iframes & child windows (#3181) (thanks @​eramdam!)
• Refactor TouchBackend OptionsReader (#3291)
• Cleanup connected DOM elements from react-dnd internals when hook-based components unmount (#3290)
• Fix issue where custom drag-sources where triggering native drops in Firefox (#3272) (thanks @​istateside)

v14.0.2

Patch

This PR will throw a developer exception if a user specifies a useDrag::spec.begin method.

... (truncated)

Changelog

Sourced from react-dnd-html5-backend's changelog.

(2021-02-21)

• chore: apply version (729c984)
• refactor: use spec functions in useDrag/useDrop (#3056) (28ef6b2), closes #3056
• add html handling in native types (#2949) (cd4f4f1), closes #2949
• Add initial tests to drag-around examples (#3032) (2ba22bf), closes #3032
• Build Stabilization, Dep Upgrades (#3018) (4337d5c), closes #3018
• Build/yarn 2 3 (#2765) (55d8bc9), closes #2765
• define a maximum number of characters per line for better readability (#2760) (7857c62), closes #2760
• Don't swallow drop events (#2852) (d5380ce), closes #2852
• Extend #2848 (#2859) (2755dc9), closes #2848 #2859
• Fix babelEsmConfig path (#2990) (d3fd9cb), closes #2990
• Fix Example Boilerplate (#3049) (ce9edd7), closes #3049
• Fix inaccurate position with custom drag layers (#2818) (9934fe5), closes #2818
• Fix link of callback ref (#2906) (cab86e2), closes #2906
• Fix small spelling issue (#3045) (8b976e7), closes #3045
• Fix touch backend bug in _getDropTargetId (#2507) (7ec5c37), closes #2507
• Fix typo (#2869) (4841b27), closes #2869
• Fix typo in Naive example (#3002) (cc032b0), closes #3002
• Fix wrapInTestContext type signature (#2637) (debc898), closes #2637
• Flatten React-DnD Directory Structure (#3038) (0f6e8c5), closes #3038
• Flatten the Monorepo Structure (#2790) (75c981c), closes #2790
• HTML5Backend Event Swallowing Updates (#3052) (339dd7a), closes #3052
• Improve build tooling (#2775) (d6fc37a), closes #2775
• Improve Hooks Documentation (#3043) (a850aa0), closes #3043
• Include Examples Packages in Test Coverage (#3037) (120a6bf), closes #3037
• Library Updates, Exclude Docsite & Build system from semver impact docs (#3046) (bd91281), closes #3046
• Migrate Chess Example Tests from PR (#3025) (7a89d46), closes #3025
• Migrate tests to testing-library (#3027) (75b37f9), closes #3027
• Pre-Release Updates (#3019) (d12b62d), closes #3019
• Release/v12 0 0 (#3050) (253a725), closes #3050
• Replace ts-jest with babel-jest; upgrade libraries (#2861) (ed963cd), closes #2861
• Replace Yarn with pnpm (#2748) (046def8), closes #2748
• Small wording change for Tutorial.md (#2809) (2fdd08a), closes #2809
• Testing docs (#2665) (abd3132), closes #2665
• Typo in initial knight's chess position (#2960) (1a035c4), closes #2960
• Update Docsite Build Path in GitHub Pages Deployment (#2791) (c94105d), closes #2791
• Update Tutorial.md (#2740) (d641504), closes #2740
• v11.1.2 (#2508) (45992df), closes #2508
• v11.1.3 (#2525) (21a45f9), closes #2525
• fix: accept props can not update (#2732) (#2936) (2ad4337), closes #2732 #2936
• fix: update npmignore files (#2524) (929f123), closes #2524
• docs: add contributing document, initial FAQ (#2860) (734d171), closes #2860
• build: fix docsite build (#2766) (5ff9fbf), closes #2766
• build: fix main branch switch (#2608) (3ab1d9d), closes #2608
• build: switch default branch to main (64c4060)
• build(deps-dev): bump @​babel/cli from 7.10.0 to 7.10.1 (4f16bfc)
• build(deps-dev): bump @​babel/cli from 7.8.4 to 7.10.0 (e239dc0)
• build(deps-dev): bump @​babel/core from 7.10.0 to 7.10.1 (4489bda)
• build(deps-dev): bump @​babel/core from 7.10.1 to 7.10.2 (dcafae9)

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
table	Error		Apr 13, 2026 9:52pm

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm buffer-okam is 96.0% likely obfuscated Confidence: 0.96 Location: Package overview From: ? → npm/buffer-okam@4.9.2 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/buffer-okam@4.9.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm buffer is 96.0% likely obfuscated Confidence: 0.96 Location: Package overview From: ? → npm/buffer@4.9.2 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/buffer@4.9.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report