chore(deps): Bump the production group with 6 updates

[dependabot]

Bumps the production group with 6 updates:

Package	From	To
@deck.gl/core	9.2.10	9.2.11
@deck.gl/geo-layers	9.2.10	9.2.11
@deck.gl/layers	9.2.10	9.2.11
dompurify	3.3.1	3.3.3
fast-xml-parser	5.4.2	5.5.2
maplibre-gl	5.19.0	5.20.0

Updates @deck.gl/core from 9.2.10 to 9.2.11

Release notes

Sourced from @​deck.gl/core's releases.

v9.2.11

• chore: Pin to luma 9.2 & loaders 4.3 (#10062)

Changelog

Sourced from @​deck.gl/core's changelog.

deck.gl [v9.2.11] - Mar 5 2026

• chore: Pin to luma 9.2 & loaders 4.3 (#10062)

Commits

• 35adca6 v9.2.11
• 6b5533f chore: Revert v9.2.11 and update yarn.lock (#10067)
• 4593b61 v9.2.11
• c2bcb81 chore: Pin to luma 9.2 & loaders 4.3 (#10062)
• See full diff in compare view

Updates @deck.gl/geo-layers from 9.2.10 to 9.2.11

Release notes

Sourced from @​deck.gl/geo-layers's releases.

v9.2.11

• chore: Pin to luma 9.2 & loaders 4.3 (#10062)

Changelog

Sourced from @​deck.gl/geo-layers's changelog.

deck.gl [v9.2.11] - Mar 5 2026

• chore: Pin to luma 9.2 & loaders 4.3 (#10062)

Commits

• 35adca6 v9.2.11
• 6b5533f chore: Revert v9.2.11 and update yarn.lock (#10067)
• 4593b61 v9.2.11
• c2bcb81 chore: Pin to luma 9.2 & loaders 4.3 (#10062)
• See full diff in compare view

Updates @deck.gl/layers from 9.2.10 to 9.2.11

Release notes

Sourced from @​deck.gl/layers's releases.

v9.2.11

• chore: Pin to luma 9.2 & loaders 4.3 (#10062)

Changelog

Sourced from @​deck.gl/layers's changelog.

deck.gl [v9.2.11] - Mar 5 2026

• chore: Pin to luma 9.2 & loaders 4.3 (#10062)

Commits

• 35adca6 v9.2.11
• 6b5533f chore: Revert v9.2.11 and update yarn.lock (#10067)
• 4593b61 v9.2.11
• c2bcb81 chore: Pin to luma 9.2 & loaders 4.3 (#10062)
• See full diff in compare view

Updates dompurify from 3.3.1 to 3.3.3

Release notes

Sourced from dompurify's releases.

DOMPurify 3.3.3

• Fixed an engine requirement for Node 20 which caused hiccups, thanks @​Rotzbua

DOMPurify 3.3.2

• Fixed a possible bypass caused by jsdom's faulty raw-text tag parsing, thanks multiple reporters
• Fixed a prototype pollution issue when working with custom elements, thanks @​christos-eth
• Fixed a lenient config parsing in _isValidAttribute, thanks @​christos-eth
• Bumped and removed several dependencies, thanks @​Rotzbua
• Fixed the test suite after bumping dependencies, thanks @​Rotzbua

Commits

• 8bcbf73 chore: Preparing 3.3.3 release
• 5faddd6 fix: engine requirement (#1210)
• 0f91e3a Update README.md
• d5ff1a8 Merge branch 'main' of github.com:cure53/DOMPurify
• c3efd48 fix: moved back from jsdom 28 to jsdom 20
• 988b888 fix: moved back from jsdom 28 to jsdom 20
• 2726c74 chore: Preparing 3.3.2 release
• 6202c7e build(deps): bump @​tootallnate/once and jsdom (#1204)
• 302b51d fix: Expanded the regex ever so slightly to also cover script
• cd85175 Merge branch 'main' of github.com:cure53/DOMPurify
• Additional commits viewable in compare view

Updates fast-xml-parser from 5.4.2 to 5.5.2

Release notes

Sourced from fast-xml-parser's releases.

update dependecies to fix typings

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.5.1...v5.5.2

integrate path-expression-matcher

• support path-expression-matcher
• fix: stopNode should not be parsed
• performance improvement for stopNode checking

Changelog

Sourced from fast-xml-parser's changelog.

Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.

Note: Due to some last quick changes on v4, detail of v4.5.3 & v4.5.4 are not updated here. v4.5.4x is the last tag of v4 in github repository. I'm extremely sorry for the confusion

5.5.2 / 2026-03-11

• update dependency to fix typings

5.5.1 / 2026-03-10

• fix dependency

5.5.0 / 2026-03-10

• support path-expression-matcher
• fix: stopNode should not be parsed
• performance improvement for stopNode checking

5.4.2 / 2026-03-03

• support maxEntityCount option

5.4.1 / 2026-02-25

• fix (#785) unpairedTag node should not have tag content

5.4.0 / 2026-02-25

• migrate to fast-xml-builder

5.3.9 / 2026-02-25

• support strictReservedNames

5.3.8 / 2026-02-25

• support maxNestedTags
• handle non-array input for XML builder when preserveOrder is true (By Angelo Coetzee)
• save use of js properies

5.3.7 / 2026-02-20

• fix typings for CJS (By Corentin Girard)

5.3.6 / 2026-02-14

• Improve security and performance of entity processing
  • new options maxEntitySize, maxExpansionDepth, maxTotalExpansions, maxExpandedLength, allowedTags,tagFilter
  • fast return when no edtity is present
  • improvement replacement logic to reduce number of calls

5.3.5 / 2026-02-08

• fix: Escape regex char in entity name
• update strnum to 2.1.2
• add missing exports in CJS typings

... (truncated)

Commits

• e0a14f7 update dependency to fix typings
• 4b4a765 update dependency
• ce01792 update browser bundle
• 3412fee integrate path-expression-matcher
• df02c6b Update Security.md with v6 release information
• 329a070 Document security considerations for XMLParser usage
• See full diff in compare view

Updates maplibre-gl from 5.19.0 to 5.20.0

Release notes

Sourced from maplibre-gl's releases.

v5.20.0

✨ Features and improvements

• Add Etag unmodified support to optimize vector tile reloading (#7074) (by [@​rivkamatan](https://github.com/rivkamatan and @​wayofthefuture)
• Add boxZoom.boxZoomEnd option to customize the action after Shift-drag box selection (#6397) (by @​itisyb)
• Implement resampling paint property for raster, hillshade, and color-relief layers (#7074) (by @​larsmaxfield)
• Add updateable support for GeoJSON-VT (#7172) (by @​wayofthefuture and @​HarelM)
• Add example for 3D Tiles using three.js (#7198) (by @​hh-hang)

🐞 Bug fixes

• Fix: Distance to tile is calculated incorrectly in globe projection for high pitch angles (#7219) (by @​jtfedd)
• Fix: Tiles are not cleared when using vector tile source setUrl/setTiles (#7185) (by @​madoci)
• Fix: Allow opaque origins ("null") in Actor message filtering (#7047) (by @​pcardinal)

Changelog

Sourced from maplibre-gl's changelog.

5.20.0

✨ Features and improvements

• Add Etag unmodified support to optimize vector tile reloading (#7074) (by [@​rivkamatan](https://github.com/rivkamatan and @​wayofthefuture)
• Add boxZoom.boxZoomEnd option to customize the action after Shift-drag box selection (#6397) (by @​itisyb)
• Implement resampling paint property for raster, hillshade, and color-relief layers (#7074) (by @​larsmaxfield)
• Add updateable support for GeoJSON-VT (#7172) (by @​wayofthefuture and @​HarelM)
• Add example for 3D Tiles using three.js (#7198) (by @​hh-hang)

🐞 Bug fixes

• Fix: Distance to tile is calculated incorrectly in globe projection for high pitch angles (#7219) (by @​jtfedd)
• Fix: Tiles are not cleared when using vector tile source setUrl/setTiles (#7185) (by @​madoci)
• Fix: Allow opaque origins ("null") in Actor message filtering (#7047) (by @​pcardinal)

Commits

• e9478ae Bump js version to 5.20.0 (#7242)
• 29b8e58 chore(deps-dev): bump puppeteer from 24.37.5 to 24.38.0 (#7229)
• ea97296 chore(deps): bump @​maplibre/mlt from 1.1.6 to 1.1.7 (#7227)
• dbd5522 chore(deps-dev): bump @​rollup/plugin-terser from 0.4.4 to 1.0.0 (#7239)
• b366137 fix: incorrect distance to tile in globe projection (#7234)
• 166a399 chore(deps-dev): bump devtools-protocol from 0.0.1594462 to 0.0.1595872 (#7237)
• cb062df chore(deps-dev): bump cssnano from 7.1.2 to 7.1.3 (#7238)
• d255a44 chore(deps-dev): bump @​rollup/plugin-commonjs from 29.0.1 to 29.0.2 (#7236)
• f8f9870 chore(deps-dev): bump @​stylistic/eslint-plugin from 5.9.0 to 5.10.0 (#7233)
• b850670 chore(deps-dev): bump devtools-protocol from 0.0.1591319 to 0.0.1594462 (#7228)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Thanks for your first PR! A maintainer will review it shortly.
Make sure npm test and forge validate pass.