chore(deps): Bump the production group with 6 updates by dependabot[bot] · Pull Request #37 · alohays/monitor-forge

dependabot · 2026-03-11T13:48:07Z

Bumps the production group with 6 updates:

Package	From	To
@deck.gl/core	`9.2.10`	`9.2.11`
@deck.gl/geo-layers	`9.2.10`	`9.2.11`
@deck.gl/layers	`9.2.10`	`9.2.11`
dompurify	`3.3.1`	`3.3.3`
fast-xml-parser	`5.4.2`	`5.5.2`
maplibre-gl	`5.19.0`	`5.20.0`

Updates @deck.gl/core from 9.2.10 to 9.2.11

Release notes

Sourced from @deck.gl/core's releases.

v9.2.11

chore: Pin to luma 9.2 & loaders 4.3 (#10062)

Changelog

Sourced from @deck.gl/core's changelog.

deck.gl [v9.2.11] - Mar 5 2026

chore: Pin to luma 9.2 & loaders 4.3 (#10062)

Commits

35adca6 v9.2.11
6b5533f chore: Revert v9.2.11 and update yarn.lock (#10067)
4593b61 v9.2.11
c2bcb81 chore: Pin to luma 9.2 & loaders 4.3 (#10062)
See full diff in compare view

Updates @deck.gl/geo-layers from 9.2.10 to 9.2.11

Release notes

Sourced from @deck.gl/geo-layers's releases.

v9.2.11

chore: Pin to luma 9.2 & loaders 4.3 (#10062)

Changelog

Sourced from @deck.gl/geo-layers's changelog.

deck.gl [v9.2.11] - Mar 5 2026

chore: Pin to luma 9.2 & loaders 4.3 (#10062)

Commits

35adca6 v9.2.11
6b5533f chore: Revert v9.2.11 and update yarn.lock (#10067)
4593b61 v9.2.11
c2bcb81 chore: Pin to luma 9.2 & loaders 4.3 (#10062)
See full diff in compare view

Updates @deck.gl/layers from 9.2.10 to 9.2.11

Release notes

Sourced from @deck.gl/layers's releases.

v9.2.11

chore: Pin to luma 9.2 & loaders 4.3 (#10062)

Changelog

Sourced from @deck.gl/layers's changelog.

deck.gl [v9.2.11] - Mar 5 2026

chore: Pin to luma 9.2 & loaders 4.3 (#10062)

Commits

35adca6 v9.2.11
6b5533f chore: Revert v9.2.11 and update yarn.lock (#10067)
4593b61 v9.2.11
c2bcb81 chore: Pin to luma 9.2 & loaders 4.3 (#10062)
See full diff in compare view

Updates dompurify from 3.3.1 to 3.3.3

Release notes

Sourced from dompurify's releases.

DOMPurify 3.3.3

Fixed an engine requirement for Node 20 which caused hiccups, thanks @Rotzbua

DOMPurify 3.3.2

Fixed a possible bypass caused by jsdom's faulty raw-text tag parsing, thanks multiple reporters

Fixed a prototype pollution issue when working with custom elements, thanks @christos-eth

Fixed a lenient config parsing in _isValidAttribute, thanks @christos-eth

Bumped and removed several dependencies, thanks @Rotzbua

Fixed the test suite after bumping dependencies, thanks @Rotzbua

Commits

8bcbf73 chore: Preparing 3.3.3 release
5faddd6 fix: engine requirement (#1210)
0f91e3a Update README.md
d5ff1a8 Merge branch 'main' of github.com:cure53/DOMPurify
c3efd48 fix: moved back from jsdom 28 to jsdom 20
988b888 fix: moved back from jsdom 28 to jsdom 20
2726c74 chore: Preparing 3.3.2 release
6202c7e build(deps): bump @tootallnate/once and jsdom (#1204)
302b51d fix: Expanded the regex ever so slightly to also cover script
cd85175 Merge branch 'main' of github.com:cure53/DOMPurify
Additional commits viewable in compare view

Updates fast-xml-parser from 5.4.2 to 5.5.2

Release notes

Sourced from fast-xml-parser's releases.

update dependecies to fix typings

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.5.1...v5.5.2

integrate path-expression-matcher

support path-expression-matcher

fix: stopNode should not be parsed

performance improvement for stopNode checking

Changelog

Sourced from fast-xml-parser's changelog.

Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.

Note: Due to some last quick changes on v4, detail of v4.5.3 & v4.5.4 are not updated here. v4.5.4x is the last tag of v4 in github repository. I'm extremely sorry for the confusion

5.5.2 / 2026-03-11

update dependency to fix typings

5.5.1 / 2026-03-10

fix dependency

5.5.0 / 2026-03-10

support path-expression-matcher

fix: stopNode should not be parsed

performance improvement for stopNode checking

5.4.2 / 2026-03-03

support maxEntityCount option

5.4.1 / 2026-02-25

fix (#785) unpairedTag node should not have tag content

5.4.0 / 2026-02-25

migrate to fast-xml-builder

5.3.9 / 2026-02-25

support strictReservedNames

5.3.8 / 2026-02-25

support maxNestedTags

handle non-array input for XML builder when preserveOrder is true (By Angelo Coetzee)

save use of js properies

5.3.7 / 2026-02-20

fix typings for CJS (By Corentin Girard)

5.3.6 / 2026-02-14

Improve security and performance of entity processing

new options maxEntitySize, maxExpansionDepth, maxTotalExpansions, maxExpandedLength, allowedTags,tagFilter

fast return when no edtity is present

improvement replacement logic to reduce number of calls

5.3.5 / 2026-02-08

fix: Escape regex char in entity name

update strnum to 2.1.2

add missing exports in CJS typings

... (truncated)

Commits

e0a14f7 update dependency to fix typings
4b4a765 update dependency
ce01792 update browser bundle
3412fee integrate path-expression-matcher
df02c6b Update Security.md with v6 release information
329a070 Document security considerations for XMLParser usage
See full diff in compare view

Updates maplibre-gl from 5.19.0 to 5.20.0

Release notes

Sourced from maplibre-gl's releases.

v5.20.0

✨ Features and improvements

Add Etag unmodified support to optimize vector tile reloading (#7074) (by [@rivkamatan](https://github.com/rivkamatan and @wayofthefuture)

Add boxZoom.boxZoomEnd option to customize the action after Shift-drag box selection (#6397) (by @itisyb)

Implement resampling paint property for raster, hillshade, and color-relief layers (#7074) (by @larsmaxfield)

Add updateable support for GeoJSON-VT (#7172) (by @wayofthefuture and @HarelM)

Add example for 3D Tiles using three.js (#7198) (by @hh-hang)

🐞 Bug fixes

Fix: Distance to tile is calculated incorrectly in globe projection for high pitch angles (#7219) (by @jtfedd)

Fix: Tiles are not cleared when using vector tile source setUrl/setTiles (#7185) (by @madoci)

Fix: Allow opaque origins ("null") in Actor message filtering (#7047) (by @pcardinal)

Changelog

Sourced from maplibre-gl's changelog.

5.20.0

✨ Features and improvements

Add Etag unmodified support to optimize vector tile reloading (#7074) (by [@rivkamatan](https://github.com/rivkamatan and @wayofthefuture)

Add boxZoom.boxZoomEnd option to customize the action after Shift-drag box selection (#6397) (by @itisyb)

Implement resampling paint property for raster, hillshade, and color-relief layers (#7074) (by @larsmaxfield)

Add updateable support for GeoJSON-VT (#7172) (by @wayofthefuture and @HarelM)

Add example for 3D Tiles using three.js (#7198) (by @hh-hang)

🐞 Bug fixes

Fix: Distance to tile is calculated incorrectly in globe projection for high pitch angles (#7219) (by @jtfedd)

Fix: Tiles are not cleared when using vector tile source setUrl/setTiles (#7185) (by @madoci)

Fix: Allow opaque origins ("null") in Actor message filtering (#7047) (by @pcardinal)

Commits

e9478ae Bump js version to 5.20.0 (#7242)
29b8e58 chore(deps-dev): bump puppeteer from 24.37.5 to 24.38.0 (#7229)
ea97296 chore(deps): bump @maplibre/mlt from 1.1.6 to 1.1.7 (#7227)
dbd5522 chore(deps-dev): bump @rollup/plugin-terser from 0.4.4 to 1.0.0 (#7239)
b366137 fix: incorrect distance to tile in globe projection (#7234)
166a399 chore(deps-dev): bump devtools-protocol from 0.0.1594462 to 0.0.1595872 (#7237)
cb062df chore(deps-dev): bump cssnano from 7.1.2 to 7.1.3 (#7238)
d255a44 chore(deps-dev): bump @rollup/plugin-commonjs from 29.0.1 to 29.0.2 (#7236)
f8f9870 chore(deps-dev): bump @stylistic/eslint-plugin from 5.9.0 to 5.10.0 (#7233)
b850670 chore(deps-dev): bump devtools-protocol from 0.0.1591319 to 0.0.1594462 (#7228)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the production group with 6 updates: | Package | From | To | | --- | --- | --- | | [@deck.gl/core](https://github.com/visgl/deck.gl) | `9.2.10` | `9.2.11` | | [@deck.gl/geo-layers](https://github.com/visgl/deck.gl) | `9.2.10` | `9.2.11` | | [@deck.gl/layers](https://github.com/visgl/deck.gl) | `9.2.10` | `9.2.11` | | [dompurify](https://github.com/cure53/DOMPurify) | `3.3.1` | `3.3.3` | | [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) | `5.4.2` | `5.5.2` | | [maplibre-gl](https://github.com/maplibre/maplibre-gl-js) | `5.19.0` | `5.20.0` | Updates `@deck.gl/core` from 9.2.10 to 9.2.11 - [Release notes](https://github.com/visgl/deck.gl/releases) - [Changelog](https://github.com/visgl/deck.gl/blob/v9.2.11/CHANGELOG.md) - [Commits](visgl/deck.gl@v9.2.10...v9.2.11) Updates `@deck.gl/geo-layers` from 9.2.10 to 9.2.11 - [Release notes](https://github.com/visgl/deck.gl/releases) - [Changelog](https://github.com/visgl/deck.gl/blob/v9.2.11/CHANGELOG.md) - [Commits](visgl/deck.gl@v9.2.10...v9.2.11) Updates `@deck.gl/layers` from 9.2.10 to 9.2.11 - [Release notes](https://github.com/visgl/deck.gl/releases) - [Changelog](https://github.com/visgl/deck.gl/blob/v9.2.11/CHANGELOG.md) - [Commits](visgl/deck.gl@v9.2.10...v9.2.11) Updates `dompurify` from 3.3.1 to 3.3.3 - [Release notes](https://github.com/cure53/DOMPurify/releases) - [Commits](cure53/DOMPurify@3.3.1...3.3.3) Updates `fast-xml-parser` from 5.4.2 to 5.5.2 - [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases) - [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md) - [Commits](NaturalIntelligence/fast-xml-parser@v5.4.2...v5.5.2) Updates `maplibre-gl` from 5.19.0 to 5.20.0 - [Release notes](https://github.com/maplibre/maplibre-gl-js/releases) - [Changelog](https://github.com/maplibre/maplibre-gl-js/blob/main/CHANGELOG.md) - [Commits](maplibre/maplibre-gl-js@v5.19.0...v5.20.0) --- updated-dependencies: - dependency-name: "@deck.gl/core" dependency-version: 9.2.11 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production - dependency-name: "@deck.gl/geo-layers" dependency-version: 9.2.11 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production - dependency-name: "@deck.gl/layers" dependency-version: 9.2.11 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production - dependency-name: dompurify dependency-version: 3.3.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production - dependency-name: fast-xml-parser dependency-version: 5.5.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production - dependency-name: maplibre-gl dependency-version: 5.20.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2026-03-11T13:48:18Z

Thanks for your first PR! A maintainer will review it shortly.
Make sure npm test and forge validate pass.

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 11, 2026

dependabot bot requested a review from alohays as a code owner March 11, 2026 13:48

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 11, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): Bump the production group with 6 updates#37

chore(deps): Bump the production group with 6 updates#37
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/production-48ea4e6c2c

dependabot bot commented on behalf of github Mar 11, 2026

Uh oh!

github-actions bot commented Mar 11, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Mar 11, 2026

v9.2.11

deck.gl [v9.2.11] - Mar 5 2026

v9.2.11

deck.gl [v9.2.11] - Mar 5 2026

v9.2.11

deck.gl [v9.2.11] - Mar 5 2026

DOMPurify 3.3.3

DOMPurify 3.3.2

update dependecies to fix typings

integrate path-expression-matcher

v5.20.0

✨ Features and improvements

🐞 Bug fixes

5.20.0

✨ Features and improvements

🐞 Bug fixes

Uh oh!

github-actions bot commented Mar 11, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants