chore(deps-dev): bump msw from 1.3.5 to 2.13.6

[dependabot]

Bumps msw from 1.3.5 to 2.13.6.

Release notes

Sourced from msw's releases.

v2.13.6 (2026-04-24)

Bug Fixes

• WebSocketHandler: add public test() method (#2727) (3da7048e05fae80fe3410e3af86f6c3dd3cfaead) @​kettanaito

v2.13.5 (2026-04-23)

Bug Fixes

• reset generator state on .resetHandlers()/.restoreHandlers() (#2725) (8d16801cacd89e5aff336c43e888df19fad04417) @​kettanaito

v2.13.4 (2026-04-16)

Bug Fixes

• implement proper ServiceWorkerSource singleton pattern (#2715) (580256b09df54ad8f1b41143e78dabc626ecf20c) @​kettanaito
• use verbatimModuleSyntax consistently in exports (#2702) (9dedf52fc88c355610f6d472c921fe10c54af050) @​christoph-fricke @​kettanaito
• update dependencies (#2719) (d0cbd2d5e1de5a1605dcef43e39300f353be0bd0) @​kettanaito
• sse: respect request.signal for the underlying stream (#2718) (429e05ca2395b5ec695b91107600d6e14f4be0f9) @​kettanaito

v2.13.3 (2026-04-14)

Bug Fixes

• update rettime to 0.11.7 (#2711) (feee3ed65ca2b78da1ca53b8a99a7eaa87417fc6) @​kettanaito

v2.13.2 (2026-04-08)

Bug Fixes

• delay: prevent infinite mode from throwing (#2697) (613d4a1d6cd96e006af126d6a13e32e884f48733) @​kettanaito

v2.13.1 (2026-04-07)

Bug Fixes

• annotate life-cycle events correctly (#2694) (e7890e91627c828bd4d788f09e179bffbc8a8506) @​kettanaito

v2.13.0 (2026-04-06)

Features

• use the network source architecture (defineNetwork) (#2650) (2b73790082d412580047c430519340958025226d) @​kettanaito @​felmonon
• handlers are now grouped internally by kind, making handler lookup a O(1) operation.
• handlers filtering no longer uses an instanceof check. Instead, the kind property of the handler is used.

Bug fixes

• fix an issue where a WebSocket connection would be logged in the console even when there are no matching event handlers for it.

... (truncated)

Commits

• a680221 chore(release): v2.13.6
• 3da7048 fix(WebSocketHandler): add public test() method (#2727)
• d814fc8 chore(release): v2.13.5
• 8d16801 fix: reset generator state on .resetHandlers()/.restoreHandlers() (#2725)
• edeb058 chore: replace missing ServiceWorkerIncomingRequest with `IncomingWorkerReq...
• 20521b9 chore(release): v2.13.4
• 580256b fix: implement proper ServiceWorkerSource singleton pattern (#2715)
• 9dedf52 fix: use verbatimModuleSyntax consistently in exports (#2702)
• d0cbd2d fix: update dependencies (#2719)
• 429e05c fix(sse): respect request.signal for the underlying stream (#2718)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for msw since your current version.

Install script changes

This version modifies postinstall script that runs during installation. Review the package contents before updating.

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

Note

Medium Risk
This is a major-version upgrade of msw, which can introduce breaking changes in request-mocking behavior and APIs used by the test suite. Risk is mainly around CI/test stability rather than production runtime, since msw is a dev dependency.

Overview
Upgrades the dev dependency msw from 1.3.x to 2.13.6 in package.json and refreshes package-lock.json accordingly.

The lockfile update replaces/removes a number of transitive dependencies and updates others (e.g., @mswjs/interceptors, headers-polyfill, graphql), reflecting msw v2’s newer dependency graph and Node engine expectations.

^{Reviewed by Cursor Bugbot for commit 2d4adec. Bugbot is set up for automated code reviews on this repo. Configure here.}

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 2d4adec. Configure here.}

[cursor]

MSW v2 removes rest API used throughout codebase

High Severity

Bumping msw from v1 to v2 is a major version upgrade with breaking API changes, but no source code was updated. The codebase imports rest from msw and uses the v1 response resolver pattern (req, res, ctx) => res(ctx.json(...)) across multiple test files. In MSW v2, rest was removed and replaced with http, and response resolvers now return HttpResponse instances instead of using res(ctx.json(...)). All tests using msw will fail at import time or runtime.

 

^{Reviewed by Cursor Bugbot for commit 2d4adec. Configure here.}