Upgrade dependencies to fix security vulnerability

[rezrah]

Summary

Resolves https://github.com/primer/brand/security/dependabot/325

Fixes the transient dependency issue correctly, outside of a package-lock update.

The form-data package was used in several packages, and unfortunately required a major update to jest to fix. Tests files were updated according to library guidance.

List of notable changes:

• updated @storybook/test-runner, ts-jest, jest and @figma/code-connect
• updated test files that were affected by the breaking changes. Color values are now normalized in v30, and toThrow was deprecated.

Steps to test:

• Make sure CI is passing
• Run npm audit to verify the critical vulnerability has been removed

Contributor checklist:

• All new and existing CI checks pass
• Tests prove that the feature works and covers both happy and unhappy paths
• Any drop in coverage, breaking changes or regressions have been documented above
• UI Changes contain new visual snapshots (generated by adding update snapshots label to the PR)
• All developer debugging and non-functional logging has been removed
• Related issues have been referenced in the PR description

Reviewer checklist:

• Check that pull request and proposed changes adhere to our contribution guidelines and code of conduct
• Check that tests prove the feature works and covers both happy and unhappy paths
• Check that there aren't other open Pull Requests for the same update/change

Screenshots:

Please try to provide before and after screenshots or videos

Before	After

[changeset-bot]

⚠️ No Changeset found

Latest commit: bb5318a

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[github-actions]

🟢 No design token changes found

[Copilot]

Pull request overview

This PR upgrades several dependencies to address a critical security vulnerability (Dependabot #325) related to the form-data package. The upgrade requires a major version bump of Jest from v29 to v30, along with related testing infrastructure updates.

Key Changes:

• Upgraded Jest from v29.7.0 to v30.2.0 to resolve transient form-data vulnerability
• Updated test-runner, ts-jest, jest-environment-jsdom, and @figma/code-connect to compatible versions
• Modified test files to accommodate Jest v30 breaking changes (color normalization and deprecated toThrowError method)

Reviewed changes

Copilot reviewed 5 out of 7 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
package.json	Bumped jest to ^30.2.0 and ts-jest to ^29.4.5 in root devDependencies
packages/react/package.json	Updated @figma/code-connect to ^1.3.10 and jest-environment-jsdom to ^30.2.0
apps/storybook/package.json	Upgraded @storybook/test-runner to ^0.24.1 for Jest v30 compatibility
packages/react/src/Prose/Prose.test.tsx	Adapted test for Jest v30 color normalization (with minor issue - see comment)
packages/react/src/Accordion/Accordion.test.tsx	Replaced deprecated toThrowError with toThrow
apps/next-docs/package-lock.json	Updated dependency tree with new versions and removed obsolete peer dependencies

Files not reviewed (1)

• apps/next-docs/package-lock.json: Language not supported

---

You can also share your feedback on Copilot code review for a chance to win a $100 gift card. Take the survey.

[Copilot]

The customStyle variable is now set to the normalized RGB value but is no longer being used in the test. The actual style prop passed to the component is {color: 'red'}, but the assertion checks for {color: 'rgb(255, 0, 0)'}.

This works because Jest v30 normalizes color values, but the customStyle variable should be removed since it's defined but not used. Consider either:

1. Passing customStyle to the component's style prop, OR
2. Removing the customStyle variable entirely and inlining the expected value in the assertion

For consistency with the test intent (testing custom styles), option 1 is recommended:

const customStyle = {color: 'rgb(255, 0, 0)'}
const {getByTestId} = render(<Prose data-testid={testId} html={ExampleHtmlMarkup} style={customStyle} />)

Suggested change

	const {getByTestId} = render(<Prose data-testid={testId} html={ExampleHtmlMarkup} style={{color: 'red'}} />)
	const {getByTestId} = render(<Prose data-testid={testId} html={ExampleHtmlMarkup} style={customStyle} />)

[github-actions]

🟢 Unit test coverage changes found

Unit test coverage has been updated through this PR.

Changes: 0 new tests, 0 removed tests, 12 improved, 32 decreased

Component/Hook	Statements	Functions	Branches	Change
IDE	89.2% 90.1%	97.6%	82.7% 81.5%	-1.2%
Accordion	100.0%	100.0%	100.0% 95.0%	-5.0%
ActionMenu	94.4%	89.7%	91.3% 87.4%	-4.0%
AnchorNav	94.4%	91.7%	77.9% 77.4%	-0.5%
Bento	80.5%	94.4%	74.8% 72.9%	-1.9%
BreakoutBanner	95.5%	100.0%	89.6% 88.7%	-0.9%
Button	97.9%	100.0%	98.0% 90.9%	-7.1%
ButtonGroup	88.9%	100.0%	100.0% 85.7%	-14.3%
CTABanner	100.0%	100.0%	93.8% 94.3%	+0.5%
CTAForm	90.5%	100.0%	100.0% 75.0%	-25.0%
Card	96.6%	100.0%	84.6% 82.5%	-2.1%
EyebrowBanner	100.0%	100.0%	96.6% 84.8%	-11.7%
FAQ	90.2%	100.0%	90.6% 83.3%	-7.2%
Footnotes	95.2%	100.0%	100.0% 92.3%	-7.7%
Grid	97.1%	100.0%	96.0% 92.6%	-3.4%
Heading	93.5%	100.0%	87.5% 88.9%	+1.4%
Hero	96.0%	83.3%	93.4% 92.1%	-1.4%
Image	100.0%	100.0%	87.1% 85.7%	-1.4%
LogoSuite	98.1%	94.1%	97.7% 95.7%	-2.0%
Pagination	93.3%	100.0%	92.9% 90.0%	-2.9%
Pillar	96.4%	100.0%	87.0% 80.0%	-7.0%
PricingOptions	99.1%	100.0%	92.1% 92.4%	+0.4%
SectionIntro	100.0%	100.0%	94.1% 94.4%	+0.3%
SectionIntroStacked	97.8%	100.0%	95.5% 91.7%	-3.8%
Statistic	97.3%	100.0%	89.2% 87.2%	-2.0%
SubNav	86.0%	84.8%	80.9% 77.7%	-3.2%
SubdomainNavBar	71.9%	79.4%	70.1% 66.7%	-3.4%
Tabs	100.0%	100.0%	100.0% 95.6%	-4.4%
Testimonial	100.0%	100.0%	100.0% 83.8%	-16.2%
Text	96.8%	100.0%	91.3% 92.9%	+1.6%
ThemeProvider	96.7%	88.9%	80.0% 81.8%	+1.8%
Timeline	100.0%	100.0%	77.8% 80.0%	+2.2%
Tooltip	67.5%	52.9%	58.3% 56.9%	-1.4%
VideoPlayer	95.0%	100.0%	84.5% 85.0%	+0.5%
Range	73.9%	72.7%	78.9% 69.6%	-9.4%
Checkbox	100.0%	100.0%	100.0% 95.5%	-4.5%
FormControl	93.2%	100.0%	83.1% 84.9%	+1.8%
Radio	84.6%	50.0%	57.1% 50.0%	-7.1%
useTabs	98.9%	100.0%	97.7% 89.3%	-8.4%
River	100.0%	100.0%	97.9% 98.0%	+0.1%
RiverAccordion	92.9%	100.0%	51.5% 61.4%	+9.8%
RiverBreakout	100.0%	100.0%	81.8% 76.9%	-4.9%
RiverStoryScroll	100.0%	100.0%	100.0% 95.7%	-4.3%

[github-actions]

🟢 No visual differences found

Our visual comparison tests did not find any differences in the UI.