build(deps): bump @conform-to/react from 1.19.0 to 1.19.4

[dependabot]

Bumps @conform-to/react from 1.19.0 to 1.19.4.

Release notes

Sourced from @​conform-to/react's releases.

v1.19.4

Security

Fixed a denial-of-service vulnerability in the future parseSubmission API, imported from @conform-to/react/future, where submissions with many repeated fields could cause excessive FormData processing.

Users who parse untrusted server-side form submissions with parseSubmission from @conform-to/react/future should upgrade to 1.19.4.

See GHSA-525m-7f82-2mf7 for details.

Full Changelog: edmundhung/conform@v1.19.3...v1.19.4

v1.19.3

What's Changed

• Fixed zod v4 schema coercion type inference (#1218) Thanks @​chimame

Full Changelog: edmundhung/conform@v1.19.2...v1.19.3

v1.19.2

What's Changed

• Fixed Zod 4.4 coercion optionality handling (#1211) Thanks @​chimame!

Full Changelog: edmundhung/conform@v1.19.1...v1.19.2

v1.19.1

What's Changed

• getZodConstraint, getValibotConstraint, and the future getConstraints helpers can now derive HTML pattern constraints from Zod and Valibot schemas. When a field uses multiple regex validators, Conform combines them into a single pattern when possible. (#1188) Thanks @​transparent-citizen!

  Pattern generation is best-effort. Case-insensitive regexes and regexes that serialize to an invalid HTML pattern are skipped, and backreferences may behave differently when multiple regex validators are combined.

  import { getZodConstraint } from '@conform-to/zod/v4';
  import { z } from 'zod';
  const schema = z.object({
  password: z
  .string()
  .min(8)
  .regex(/[A-Z]/) // uppercase
  .regex(/[0-9]/) // digit
  .regex(/[!@#$%^&*]/), // special
  });
  const constraint = getZodConstraint(schema);
  console.log(constraint.password.pattern);
  // ^? '^(?=.(?:[A-Z]))(?=.(?:[0-9]))(?=.(?:[!@#$%^&])).*$'

... (truncated)

Commits

• f9a1e69 Merge commit from fork
• a75c394 release: bump packages version (#1218)
• 1fff47b chore: update test setup (#1219)
• 62310b2 release: bump packages version (#1212)
• 9ef2108 release: bump packages version (#1192)
• 6c719c1 chore: migrate to oxfmt (#1201)
• eb96db2 chore: migrate to oxlint (#1200)
• 9cb28aa test: unskip future APIs tests for specific browsers (#1187)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​conform-to/​react@​1.19.0 ⏵ 1.19.4	+1			+2

View full report

[github-actions]

Coverage Report

Status	Category	Percentage	Covered / Total
🔵	Lines	70.03%	2129 / 3040
🔵	Statements	68.55%	2198 / 3206
🔵	Functions	68.01%	419 / 616
🔵	Branches	53.71%	1013 / 1886

File Coverage

No changed files found.

Generated in workflow #2684 for commit 2d89c9e by the Vitest Coverage Report Action