deps: bump the safe-dependencies group with 11 updates

[dependabot]

Bumps the safe-dependencies group with 11 updates:

Package	From	To
@arcgis/core	4.34.2	4.34.8
@fortawesome/react-fontawesome	3.1.0	3.1.1
downshift	9.0.10	9.0.13
react	19.2.0	19.2.3
react-dom	19.2.0	19.2.3
@vitejs/plugin-react	5.1.0	5.1.2
eslint	9.38.0	9.39.2
prettier	3.6.2	3.7.4
prettier-plugin-packagejson	2.5.19	2.5.20
sass	1.93.2	1.97.0
vite	7.1.12	7.3.0

Updates @arcgis/core from 4.34.2 to 4.34.8

Updates @fortawesome/react-fontawesome from 3.1.0 to 3.1.1

Release notes

Sourced from @​fortawesome/react-fontawesome's releases.

v3.1.1

3.1.1 (2025-11-28)

Bug Fixes

• WCAG: allow custom role attribute on svgs like previous versions (ef4986b)

Documentation

• remove irrelevant upgrade guide from 0.1-0.2x (7d41077)

Chores

• deps: fix GH advisory GHSA-5j98-mcp5-4vw2 (2cd0c3f)
• deps: regenerate lockfile (779488e)
• deps: upgrade all dev deps (b92e5a7)
• release: explicit registry in publish script (2aee952)
• release: fix semantic release config missing npm plugin (ebabf46)

Changelog

Sourced from @​fortawesome/react-fontawesome's changelog.

3.1.1 (2025-11-28)

Bug Fixes

• WCAG: allow custom role attribute on svgs like previous versions (ef4986b)

Documentation

• remove irrelevant upgrade guide from 0.1-0.2x (7d41077)

Chores

• deps: fix GH advisory GHSA-5j98-mcp5-4vw2 (2cd0c3f)
• deps: regenerate lockfile (779488e)
• deps: upgrade all dev deps (b92e5a7)
• release: explicit registry in publish script (2aee952)
• release: fix semantic release config missing npm plugin (ebabf46)

Commits

• 24238e8 chore(release): 3.1.1 [skip ci]
• 2aee952 chore(release): explicit registry in publish script
• ebabf46 chore(release): fix semantic release config missing npm plugin
• 9c50bbb Merge pull request #609 from FortAwesome/fix/role-attribute
• ef4986b fix(WCAG): allow custom role attribute on svgs like previous versions
• 7d41077 docs: remove irrelevant upgrade guide from 0.1-0.2x
• 2aed44f Merge pull request #608 from FortAwesome/fix/cve-fixes
• 2cd0c3f chore(deps): fix GH advisory GHSA-5j98-mcp5-4vw2
• 779488e chore(deps): regenerate lockfile
• b92e5a7 chore(deps): upgrade all dev deps
• See full diff in compare view

Updates downshift from 9.0.10 to 9.0.13

Release notes

Sourced from downshift's releases.

v9.0.13

9.0.13 (2025-12-08)

Bug Fixes

• improve the mouse tracker hook (#1666) (512b533)

v9.0.12

9.0.12 (2025-12-02)

Bug Fixes

• update element ids when related props change (#1656) (c2f79b4)

v9.0.11

9.0.11 (2025-12-02)

Bug Fixes

• read elements from refs directly instead of keeping stale values in closure (#1662) (0d0ecc5)

Commits

• 512b533 fix: improve the mouse tracker hook (#1666)
• c2f79b4 fix: update element ids when related props change (#1656)
• 0d0ecc5 fix: read elements from refs directly instead of keeping stale values in clos...
• 1e92535 docs(codesandbox): fix links to keep module view (#1660)
• See full diff in compare view

Updates react from 19.2.0 to 19.2.3

Release notes

Sourced from react's releases.

19.2.3 (December 11th, 2025)

React Server Components

• Add extra loop protection to React Server Functions (@​sebmarkbage #35351)

19.2.2 (December 11th, 2025)

React Server Components

• Move react-server-dom-webpack/*.unbundled to private react-server-dom-unbundled (@​eps1lon facebook/react#35290)
• Patch Promise cycles and toString on Server Functions (@​sebmarkbage, @​unstubbable #35289, #35345)

19.2.1 (December 3rd, 2025)

React Server Components

• Bring React Server Component fixes to Server Actions (@​sebmarkbage #35277)

Changelog

Sourced from react's changelog.

19.2.1 (Dec 3, 2025)

React Server Components

• Bring React Server Component fixes to Server Actions (@​sebmarkbage #35277)

Commits

• 612e371 Version 19.2.3
• b910fc1 Version 19.2.2
• 053df4e Version 19.2.1
• See full diff in compare view

Updates react-dom from 19.2.0 to 19.2.3

Release notes

Sourced from react-dom's releases.

19.2.3 (December 11th, 2025)

React Server Components

• Add extra loop protection to React Server Functions (@​sebmarkbage #35351)

19.2.2 (December 11th, 2025)

React Server Components

• Move react-server-dom-webpack/*.unbundled to private react-server-dom-unbundled (@​eps1lon facebook/react#35290)
• Patch Promise cycles and toString on Server Functions (@​sebmarkbage, @​unstubbable #35289, #35345)

19.2.1 (December 3rd, 2025)

React Server Components

• Bring React Server Component fixes to Server Actions (@​sebmarkbage #35277)

Changelog

Sourced from react-dom's changelog.

19.2.1 (Dec 3, 2025)

React Server Components

• Bring React Server Component fixes to Server Actions (@​sebmarkbage #35277)

Commits

• 612e371 Version 19.2.3
• b910fc1 Version 19.2.2
• 053df4e Version 19.2.1
• See full diff in compare view

Updates @vitejs/plugin-react from 5.1.0 to 5.1.2

Release notes

Sourced from @​vitejs/plugin-react's releases.

plugin-react@5.1.2

No release notes provided.

plugin-react@5.1.1

Update code to support newer rolldown-vite (#976)

rolldown-vite will remove optimizeDeps.rollupOptions in favor of optimizeDeps.rolldownOptions soon. This plugin now uses optimizeDeps.rolldownOptions to support newer rolldown-vite. Please update rolldown-vite to the latest version if you are using an older version.

Changelog

Sourced from @​vitejs/plugin-react's changelog.

5.1.2 (2025-12-08)

5.1.1 (2025-11-12)

Update code to support newer rolldown-vite (#976)

rolldown-vite will remove optimizeDeps.rollupOptions in favor of optimizeDeps.rolldownOptions soon. This plugin now uses optimizeDeps.rolldownOptions to support newer rolldown-vite. Please update rolldown-vite to the latest version if you are using an older version.

Commits

• f127a24 release: plugin-react@5.1.2
• db1c665 fix(react): newer full bundle mode compat (#1011)
• 1f372b6 fix(deps): update all non-major dependencies (#1008)
• d52455e fix(deps): update react 19.2.1 (#998)
• bcda041 fix(deps): update all non-major dependencies (#995)
• c80546d fix(deps): update all non-major dependencies (#982)
• 23db727 release: plugin-react@5.1.1
• bcc7db0 chore: add changelog for #976 and #978
• 4a2e229 fix(react): use rolldownOptions instead of deprecated rollupOptions in optimi...
• 41cb823 fix(deps): update all non-major dependencies (#968)
• Additional commits viewable in compare view

Updates eslint from 9.38.0 to 9.39.2

Release notes

Sourced from eslint's releases.

v9.39.2

Bug Fixes

• 5705833 fix: warn when eslint-env configuration comments are found (#20381) (sethamus)

Build Related

• 506f154 build: add .scss files entry to knip (#20391) (Milos Djermanovic)

Chores

• 7ca0af7 chore: upgrade to @eslint/js@9.39.2 (#20394) (Francesco Trotta)
• c43ce24 chore: package.json update for @​eslint/js release (Jenkins)
• 4c9858e ci: add v9.x-dev branch (#20382) (Milos Djermanovic)

v9.39.1

Bug Fixes

• 650753e fix: Only pass node to JS lang visitor methods (#20283) (Nicholas C. Zakas)

Documentation

• 51b51f4 docs: add a section on when to use extends vs cascading (#20268) (Tanuj Kanti)
• b44d426 docs: Update README (GitHub Actions Bot)

Chores

• 92db329 chore: update @eslint/js version to 9.39.1 (#20284) (Francesco Trotta)
• c7ebefc chore: package.json update for @​eslint/js release (Jenkins)
• 61778f6 chore: update eslint-config-eslint dependency @​eslint/js to ^9.39.0 (#20275) (renovate[bot])
• d9ca2fc ci: Add rangeStrategy to eslint group in renovate config (#20266) (唯然)
• 009e507 test: fix version tests for ESLint v10 (#20274) (Milos Djermanovic)

v9.39.0

Features

• cc57d87 feat: update error loc to key in no-dupe-class-members (#20259) (Tanuj Kanti)
• 126552f feat: update error location in for-direction and no-dupe-args (#20258) (Tanuj Kanti)
• 167d097 feat: update complexity rule to highlight only static block header (#20245) (jaymarvelz)

Bug Fixes

• 15f5c7c fix: forward traversal step.args to visitors (#20253) (jaymarvelz)
• 5a1a534 fix: allow JSDoc comments in object-shorthand rule (#20167) (Nitin Kumar)
• e86b813 fix: Use more types from @​eslint/core (#20257) (Nicholas C. Zakas)
• 927272d fix: correct Scope typings (#20198) (jaymarvelz)
• 37f76d9 fix: use AST.Program type for Program node (#20244) (Francesco Trotta)
• ae07f0b fix: unify timing report for concurrent linting (#20188) (jaymarvelz)
• b165d47 fix: correct Rule typings (#20199) (jaymarvelz)
• fb97cda fix: improve error message for missing fix function in suggestions (#20218) (jaymarvelz)

Documentation

• d3e81e3 docs: Always recommend to include a files property (#20158) (Percy Ma)
• 0f0385f docs: use consistent naming recommendation (#20250) (Alex M. Spieslechner)
• a3b1456 docs: Update README (GitHub Actions Bot)
• cf5f2dd docs: fix correct tag of no-useless-constructor (#20255) (Tanuj Kanti)
• 10b995c docs: add TS options and examples for nofunc in no-use-before-define (#20249) (Tanuj Kanti)
• 2584187 docs: remove repetitive word in comment (#20242) (reddaisyy)

... (truncated)

Commits

• 9278324 9.39.2
• 542266a Build: changelog update for 9.39.2
• 7ca0af7 chore: upgrade to @eslint/js@9.39.2 (#20394)
• c43ce24 chore: package.json update for @​eslint/js release
• 5705833 fix: warn when eslint-env configuration comments are found (#20381)
• 506f154 build: add .scss files entry to knip (#20391)
• 4c9858e ci: add v9.x-dev branch (#20382)
• e277281 9.39.1
• 4cdf397 Build: changelog update for 9.39.1
• 92db329 chore: update @eslint/js version to 9.39.1 (#20284)
• Additional commits viewable in compare view

Updates prettier from 3.6.2 to 3.7.4

Release notes

Sourced from prettier's releases.

3.7.4

What's Changed

• Fix comment in union type gets duplicated by @​fisker in prettier/prettier#18393
• Fix unstable comment print in union type by @​fisker in prettier/prettier#18395
• Avoid quote around LWC interpolations by @​kovsu in prettier/prettier#18383

🔗 Changelog

3.7.3

What's Changed

• Fix prettier.getFileInfo() change that breaks VSCode extension by @​fisker in prettier/prettier#18375

🔗 Changelog

3.7.2

What's Changed

• Fix string print when switching quotes by @​fisker in prettier/prettier#18351
• Preserve quote for embedded HTML attribute values by @​kovsu in prettier/prettier#18352
• Fix comment in empty type literal by @​fisker in prettier/prettier#18364

🔗 Changelog

3.7.1

• Fix performance regression in doc printer (#18342 by @​fisker)

🔗 Changelog

3.7.0

diff

🔗 Release note

Changelog

Sourced from prettier's changelog.

3.7.4

diff

LWC: Avoid quote around interpolations (#18383 by @​kovsu)

<!-- Input -->
<div foo={bar}>   </div>
<!-- Prettier 3.7.3 (--embedded-language-formatting off) -->
<div foo="{bar}"></div>
<!-- Prettier 3.7.4 (--embedded-language-formatting off) -->
<div foo={bar}></div>

TypeScript: Fix comment inside union type gets duplicated (#18393 by @​fisker)

// Input
type Foo = (/** comment */ a | b) | c;
// Prettier 3.7.3
type Foo = /** comment / (/* comment */ a | b) | c;
// Prettier 3.7.4
type Foo = /** comment */ (a | b) | c;

TypeScript: Fix unstable comment print in union type comments (#18395 by @​fisker)

// Input
type X = (A | B) & (
  // comment
  A | B
);
// Prettier 3.7.3 (first format)
type X = (A | B) &
(// comment
A | B);
// Prettier 3.7.3 (second format)
type X = (
| A
</tr></table>

... (truncated)

Commits

• 7848357 Release 3.7.4
• 7686c59 Release @​prettier/plugin-hermes & @​prettier/plugin-oxc v0.1.3
• fe49434 Remove dead code checking union/intersection types length (#18396)
• ca02b37 Fix unstable comment print (#18395)
• 7efb988 Fix comment in union type get duplicated (#18393)
• cfa92c1 Update dependency @​angular/compiler to v21.0.2 (#18392)
• 1de2737 Update dependency yaml to v2.8.2 (#18391)
• 706aa4e Switch js parse postprocess to onEnter (#18382)
• d3eb2b2 Reuse arrays in visitor keys (#18386)
• c45fef1 Fix LWC attribute with --embedded-language-formatting off (#18383)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for prettier since your current version.

Updates prettier-plugin-packagejson from 2.5.19 to 2.5.20

Release notes

Sourced from prettier-plugin-packagejson's releases.

v2.5.20

2.5.20 (2025-11-28)

Bug Fixes

• deps: update dependency sort-package-json to v3.5.0 (f04e33c)

Commits

• 0dc0a7e Merge pull request #266 from matzkoh/renovate/sort-package-json-3.x
• f04e33c fix(deps): update dependency sort-package-json to v3.5.0
• b6fca98 chore: Add write permission for contents in release workflow
• f6aa6aa Merge pull request #254 from matzkoh/renovate/jest-monorepo
• 2c2e3ff Merge pull request #264 from matzkoh/claude/fix-errors-merge-014UuscNDYKfqgXT...
• 65cbb66 test: update snapshot header link for Jest 30.2.0
• 0f7469e chore(deps): update dependency jest to v30.2.0
• 2e65867 Merge pull request #262 from matzkoh/renovate/node-24.x
• 4b264b7 chore: Add permissions for id-token in release workflow
• 79def39 chore(deps): update node.js to v24
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for prettier-plugin-packagejson since your current version.

Updates sass from 1.93.2 to 1.97.0

Release notes

Sourced from sass's releases.

Dart Sass 1.97.0

To install Sass 1.97.0, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

• Add support for the display-p3-linear color space.

See the full changelog for changes in earlier releases.

Dart Sass 1.96.0

To install Sass 1.96.0, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

• Allow numbers with complex units (more than one numerator unit or more than zero denominator units) to be emitted to CSS. These are now emitted as calc() expressions, which now support complex units in plain CSS.

See the full changelog for changes in earlier releases.

Dart Sass 1.95.1

To install Sass 1.95.1, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

• No user-visible changes.

See the full changelog for changes in earlier releases.

Dart Sass 1.95.0

To install Sass 1.95.0, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

• Add support for the CSS-style if() function. In addition to supporting the plain CSS syntax, this also supports a sass() query that takes a Sass expression that evaluates to true or false at preprocessing time depending on whether the Sass value is truthy. If there are no plain-CSS queries, the function will return the first value whose query returns true during preprocessing. For example, if(sass(false): 1; sass(true): 2; else: 3) returns 2.

• The old Sass if() syntax is now deprecated. Users are encouraged to migrate to the new CSS syntax. if($condition, $if-true, $if-false) can be changed to if(sass($condition): $if-true; else: $if-false).

... (truncated)

Changelog

Sourced from sass's changelog.

1.97.0

• Add support for the display-p3-linear color space.

1.96.0

• Allow numbers with complex units (more than one numerator unit or more than zero denominator units) to be emitted to CSS. These are now emitted as calc() expressions, which now support complex units in plain CSS.

1.95.1

• No user-visible changes.

1.95.0

• Add support for the CSS-style if() function. In addition to supporting the plain CSS syntax, this also supports a sass() query that takes a Sass expression that evaluates to true or false at preprocessing time depending on whether the Sass value is truthy. If there are no plain-CSS queries, the function will return the first value whose query returns true during preprocessing. For example, if(sass(false): 1; sass(true): 2; else: 3) returns 2.

• The old Sass if() syntax is now deprecated. Users are encouraged to migrate to the new CSS syntax. if($condition, $if-true, $if-false) can be changed to if(sass($condition): $if-true; else: $if-false).

  See the Sass website for details.

• Plain-CSS if() functions are now considered "special numbers", meaning that they can be used in place of arguments to CSS color functions.

• Plain-CSS if() functions and attr() functions are now considered "special variable strings" (like var()), meaning they can now be used in place of multiple arguments or syntax fragments in various CSS functions.

1.94.3

• Fix the span reported for standalone % expressions followed by whitespace.

1.94.2

Command-Line Interface

• Using --fatal-deprecation <version> no longer emits warnings about deprecations that are obsolete.

... (truncated)

Commits

• 0c7083a Add support for the display-p3-linear color space (#2703)
• f6bdc02 Add support for complex units in CSS (#2699)
• 4aa6d5f Support parseSelectors in ImportCache (#2701)
• eae38c5 Fix an incorrect link in the changelog (#2700)
• 4747063 Bump the sass-parser version (#2697)
• 2abc89e Merge pull request #2693 from sass/css-if
• 2f7a16c Revert "Bump chokidar from 4.0.3 to 5.0.0 in /package (#2690)" (#2691)
• 38d4ac8 Add ArgumentList.namedSpans
• 6f9a593 Add support for plain-CSS if()
• 3b95eb7 Rename IfExpression to LegacyIfExpression
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for sass since your current version.

Updates vite from 7.1.12 to 7.3.0

Release notes

Sourced from vite's releases.

v7.3.0

Please refer to CHANGELOG.md for details.

v7.2.7

Please refer to CHANGELOG.md for details.

v7.2.6

Please refer to CHANGELOG.md for details.

v7.2.5

Please refer to CHANGELOG.md for details.

Note: 7.2.5 failed to publish so it is skipped on npm

v7.2.4

Please refer to CHANGELOG.md for details.

v7.2.3

Please refer to CHANGELOG.md for details.

v7.2.2

Please refer to CHANGELOG.md for details.

plugin-legacy@7.2.1

Please refer to CHANGELOG.md for details.

v7.2.1

Please refer to CHANGELOG.md for details.

plugin-legacy@7.2.0

Please refer to CHANGELOG.md for details.

v7.2.0

Please refer to CHANGELOG.md for details.

v7.2.0-beta.1

Please refer to CHANGELOG.md for details.

v7.2.0-beta.0

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

7.3.0 (2025-12-15)

Features

• deps: update esbuild from ^0.25.0 to ^0.27.0 (#21183) (cff26ec)

7.2.7 (2025-12-08)

Bug Fixes

• plugin shortcut support (#21211) (721f163)

7.2.6 (2025-12-01)

7.2.5 (2025-12-01)

Bug Fixes

• config: handle shebang properly (#21158) (df5a30d)
• deps: update all non-major dependencies (#21146) (a3cd262)
• deps: update all non-major dependencies (#21175) (72e398a)
• fix external: true merging (#21164) (5ef557a)
• shortcuts not rebound after server restart (#21166) (3765f7b)

Performance Improvements

• deps: replace debug with obug (#21137) (203a551)

Documentation

• clarify manifest.json imports field is JS chunks only (#21136) (46d3077)

Miscellaneous Chores

• deps: update rolldown-related dependencies (#21174) (74559c9)

7.2.4 (2025-11-20)

Bug Fixes

• revert "perf(deps): replace debug with obug (#21107)" (2d66b7b)

7.2.3 (2025-11-20)

Bug Fixes

• allow multiple bindCLIShortcuts calls with shortcut merging (#21103) (5909efd)
• deps: update all non-major dependencies (#21096) (6a34ac3)
• deps: update all non-major dependencies (#21128) (4f8171e)

Performance Improvements

• deps: replace debug with obug (#21107) (acfe939)

Miscellaneous Chores

... (truncated)

Commits

• acf7e05 release: v7.3.0
• cff26ec feat(deps): update esbuild from ^0.25.0 to ^0.27.0 (#21183)
• 317b3b2 release: v7.2.7
• 721f163 fix: plugin shortcut support (#21211)
• bda5dbb release: v7.2.6
• 3aa7527 release: v7.2.5
• 72e398a fix(deps): update all non-major dependencies (#21175)
• 3765f7b fix: shortcuts not rebound after server restart (#21166)
• 5ef557a fix: fix external: true merging (#21164)
• 74559c9 chore(deps): update rolldown-related dependencies (#21174)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[stdavis]

@dependabot recreate

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.