Update Mend: high confidence minor and patch dependency updates

[mend-for-github-com]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@braintree/sanitize-url	7.0.1 -> 7.1.1
@floating-ui/react (source)	0.26.22 -> 0.27.3
@grafana/faro-web-sdk (source)	1.9.0 -> 1.12.2
@lezer/common	1.2.1 -> 1.2.3
@lezer/highlight	1.2.0 -> 1.2.1
@reduxjs/toolkit (source)	2.2.7 -> 2.5.0
@tanstack/react-virtual (source)	3.8.4 -> 3.11.2
@types/hoist-non-react-statics (source)	3.3.5 -> 3.3.6
@types/ini (source)	4.1.0 -> 4.1.1
@types/jquery (source)	3.5.30 -> 3.5.32
@types/lodash (source)	4.17.7 -> 4.17.14
@types/papaparse (source)	5.3.14 -> 5.3.15
@types/prismjs (source)	1.26.4 -> 1.26.5
@types/react-color (source)	3.0.12 -> 3.0.13
@types/react-transition-group (source)	4.4.10 -> 4.4.12
@types/systemjs (source)	6.13.5 -> 6.15.1
babel-loader	9.1.3 -> 9.2.1
browserslist	4.23.3 -> 4.24.4
comlink	4.4.1 -> 4.4.2
core-js (source)	3.38.0 -> 3.40.0
dompurify	3.1.6 -> 3.2.3
downshift (source)	9.0.7 -> 9.0.8
esbuild-plugin-browserslist	^0.14.0 -> ^0.15.0
eslint-plugin-import	2.29.1 -> 2.31.0
eslint-plugin-jest-dom	5.4.0 -> 5.5.0
eslint-plugin-jsx-a11y	6.9.0 -> 6.10.2
html-webpack-plugin	5.6.0 -> 5.6.3
i18next-parser	9.0.1 -> 9.1.0
jest-fail-on-console	3.3.0 -> 3.3.1
knip (source)	5.27.0 -> 5.42.0
mini-css-extract-plugin	2.9.0 -> 2.9.2
moment-timezone (source)	0.5.45 -> 0.5.46
papaparse (source)	5.4.1 -> 5.5.1
prettier (source)	3.3.3 -> 3.4.2
react-loading-skeleton	3.4.0 -> 3.5.0
react-redux	9.1.2 -> 9.2.0
react-select (source)	5.8.0 -> 5.9.0
react-use	17.5.1 -> 17.6.0
react-virtualized-auto-sizer	1.0.24 -> 1.0.25
react-zoom-pan-pinch	3.4.4 -> 3.6.1
redux-mock-store	1.5.4 -> 1.5.5
terser-webpack-plugin	5.3.10 -> 5.3.11
ts-jest (source)	29.2.4 -> 29.2.5
tslib (source)	2.6.3 -> 2.8.1
webpack	5.91.0 -> 5.97.1
webpack-dev-server	5.0.4 -> 5.2.0
yaml (source)	2.4.5 -> 2.7.0

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

braintree/sanitize-url (@​braintree/sanitize-url)

v7.1.1

Compare Source

• DevDependency Changes

  • happy-dom to 15.11.6

• Update (sub-)dependencies

  • cross-spawn to 7.0.6
  • micromatch to 4.0.8
  • vite to 4.5.5

v7.1.0

Compare Source

• Updated to handle back-slashes

v7.0.4

Compare Source

• Updates get-func-name to 2.0.2

v7.0.3

Compare Source

• Dependencies
  • Update braces to 3.0.3

v7.0.2

Compare Source

• Improve sanitization of whitespace escapes

floating-ui/floating-ui (@​floating-ui/react)

v0.27.3

Compare Source

Patch Changes

• feat(FloatingFocusManager): accept FloatingRootContext as the context prop
• fix(useListNavigation): check for virtual pointer on pointerenter
• refactor: use jsx runtime
• Update dependencies: @floating-ui/[email protected]

v0.27.2

Compare Source

Patch Changes

• fix(FloatingFocusManager): prevent stale inert/aria-hidden attributes from being left on outside elements

v0.27.1

Compare Source

Patch Changes

• fix(FloatingFocusManager): correctly fallback to container
• fix(FloatingFocusManager): check for ancestor floating focus element during closeOnFocusOut
• fix(FloatingFocusManager): avoid marking tree ancestor floating nodes with data-floating-ui-inert when modal=false

v0.27.0

Compare Source

Minor Changes

• chore: deprecate inner and useInnerOffset. This technique of aligning an inner element to the reference has poor performance with longer lists, doesn't fit with the middleware paradigm, doesn't work on touch, and has a better custom alternative using native onScroll that is encouraged instead.
• breaking: drop React 16 support. 17 is the minimum supported version.
• fix(useId): add | undefined return type for React 17

Patch Changes

• feat(FloatingFocusManager): add outsideElementsInert prop. This enables pointer modality without a backdrop.
• perf(useListNavigation): simplify focusing to remove unneeded asynchronicity
• fix(useDismiss): allow native clicks to work with referencePress
• fix(useDismiss): read target overflow style for scrollbar press check. Fixes an issue where outside presses would be incorrectly prevented if the target element that was pressed appeared scrollable but was actually not.
• fix(FloatingFocusManager): check for 'safe-polygon' reason on return focus

v0.26.28

Compare Source

Patch Changes

• fix(Composite): change focus to be sync
• fix(useClick): improve consistency when combining with useHover()
• feat(useClick): add stickIfOpen prop to determine whether to remain open upon first click when first opened by another event
• feat(Composite): add RTL support
• fix(FloatingFocusManager): ensure returnFocus is ignored correctly when using disabled prop
• fix(useListNavigation): incorrect behaviour with RTL grid

v0.26.27

Compare Source

Patch Changes

• fix(useListNavigation): ignore Home/End key press for typeable combobox references
• fix(useListNavigation): ensure submenu references are set as virtualItemRef on floating close
• fix(inner): use list ref length for fallback detection
• fix(FloatingPortal): allow root to be reactive from null to an element

v0.26.26

Compare Source

Patch Changes

• fix(useFloating): access domReference instead of reference
• feat(FloatingFocusManager): specify element to return focus to

v0.26.25

Compare Source

Patch Changes

• fix(useListNavigation): handle virtual nested Home/End key press
• fix(useHover): ignore insignificant movement when resetting restMs
• fix(useListNavigation): ignore duplicate arrow navigation when composing
• feat(useDelayGroup): add enabled option
• fix(useDismiss): handle IME keydown events on Escape
• fix(inner): round max-height only if not scrollable

v0.26.24

Compare Source

Patch Changes

• fix(FloatingOverlay): correct multiple locks behavior on iOS
• fix(FloatingFocusManager): avoid returning focus to nearest tabbable element of the reference if it gets removed when the floating element closes to avoid unwanted focus effects of unrelated elements firing. Tab index context remains preserved if the floating element is portaled.
• refactor: use React.JSX.Element types. Ensure you've upgraded to the latest @types/react patches (versions since May 6, 2023)
• fix(FloatingArrow): avoid requiring leading space for manually specified transform style property
• fix(inner): round maxHeight and apply minItemsVisible only when scrollable
• Update dependencies: @floating-ui/[email protected], @floating-ui/[email protected]

v0.26.23

Compare Source

Patch Changes

• feat: add onOpenChange reason string for FloatingFocusManager's closeOnFocusOut handling
• fix(inner): correctly handle borders
• fix(FloatingArrow): ignore staticOffset prop if floating element is shifted. Fixes an issue where the arrow could potentially point to nothing if it was shifted enough from its reference element.
• fix(useListNavigation, Composite): prevent onNavigate from potentially passing in an undefined value instead of null
• fix(useHover): blockPointerEvents no longer adds pointer-events: none to unintended <body> elements.
• fix: manage focus on element with floating props spread on it
• fix(FloatingFocusManager): support keepMounted behavior with disabled prop

grafana/faro-web-sdk (@​grafana/faro-web-sdk)

v1.12.2

Compare Source

• Fix (@grafana/faro-web-sdk): Update Faro log parsing in console instrumentation to use Faro's
  default log parser (#​745)

v1.12.1

Compare Source

• Fix (@grafana/faro-web-sdk): Guard console instrumentation stringifier against circular object
  references for non-error logs (#​742)

v1.12.0

Compare Source

• Fix (@grafana/faro-web-sdk): Guard user session stringifier against circular object references (#​715)

• Fix (@grafana/faro-web-sdk): Prevents circular references in objects sent via console.error
  messages (#​730)

• Refactor (@grafana/faro-web-sdk): Provide config option to send log messages for console.error
  calls (#​731)

• Feat (@grafana/faro-web-sdk): Provide a getIgnoreUrls() function to easily retrieve the
  configured ignoreUrls (#​732)

v1.11.0

Compare Source

• Improvement (@grafana/faro-web-sdk): The console instrumentation now sends an Error signal
  instead of a Log signal for console.error() calls (#​703).
• Improvement (@grafana/faro-web-sdk): The resource timings instrumentation now includes ttfb
  (Time to First Byte) and visibilityState in faro.performance.resource timings (#​708).
• Deps (@grafana/faro-*): Minor dependency updates.

v1.10.2

Compare Source

• Fix (@grafana/faro-web-tracing): Enhance the xhr instrumentation to handle both URL objects and
  strings seamlessly (#​695).

v1.10.1

Compare Source

• Improvement (@grafana/faro-web-sdk): Isolated Faro instances now exclude the default collector
  URLs of other instances by default (#​684).

• Improvement (@grafana/faro-web-sdk): The pushError API now automatically includes error.cause
  in the Faro exception context (#​688).

• Fix (@grafana/faro-transport-otlp-http [experimental]): add service.namespace attribute if set
  (#​687).

Breaking

• Improvement (@grafana/faro-transport-otlp-http [experimental]): update semantic attributes
  for browser (#​684).
  • browser.user_agent is replaced by user_agent.original
  • browser.os is replaced by browser.platform

v1.10.0

Compare Source

• Improvement (@grafana/faro-web-sdk): don't automatically send a view_change event for the default
  view (#​647)

• Dependencies (@grafana/faro-web-tracing): upgrade otel deps (#​670)

  • Note: some attributes have been changed due to otel semantic attributes spec or are now aligned
    with it. For the web-tracing package we provide both attribute versions for now:
    • deployment.environment is now deprecated and will be replaced by
      deployment.environment.name.
    • session_id is now deprecated and will be replaced by session.id

• Dependencies (@grafana/faro-core): upgrade otel deps (#​670).

Breaking

• Dependencies (@grafana/faro-transport-otlp-http [experimental]): upgrade otel deps (#​670)

  • Note: some attributes have been changed due to otel semantic attributes spec:
    • enduser.id is replaced by user.id
    • enduser.name is replaced by user.username,
    • enduser.email is replaced by user.email,
    • enduser.attributes is replaced by user.attributes,
    • http.url is replaced by url.full
    • deployment.environment is replaced by deployment.environment.name

v1.9.1

Compare Source

• Fix (@grafana/faro-transport-otlp-http [experimental]): Properly consume response body (#​664).

lezer-parser/common (@​lezer/common)

v1.2.3

Compare Source

Bug fixes

Fix an issue in TreeCursor.iterate that made it iterate through siblings of the current node.

v1.2.2

Compare Source

Bug fixes

Fix a bug in TreeCursor.matchContext where, if the context fell partially in a buffer node and partially in tree nodes, it could return incorrect results.

lezer-parser/highlight (@​lezer/highlight)

v1.2.1

Compare Source

Bug fixes

Give Tag objects an optional string name for debugging, and use it in their toString method.

reduxjs/redux-toolkit (@​reduxjs/toolkit)

v2.5.0

Compare Source

This feature release updates the React peer dependency to work with React 19, and fixes an additional skip token issue.

Changelog

React 19 Compat

React 19 was just released! We've updated our peer dep to accept React 19, and updated our runtime and type tests to check against both React 18 and 19.

Also see React-Redux v9.2.0 for the same peer dep update.

Other Fixes

We previously fixed an issue with the RTKQ core where serializeQueryArgs callbacks could be called with skipToken, potentially leading to errors. We've fixed an additional location in the useQuery hooks where that could happen as well.

What's Changed

• Migrate to React 19 by @​aryaemami59 in https://github.com/reduxjs/redux-toolkit/pull/4409
• Handle additional serializeQueryArgs + skipToken case by @​markerikson in https://github.com/reduxjs/redux-toolkit/pull/4762

Full Changelog: reduxjs/redux-toolkit@v2.4.0...v2.5.0

v2.4.0

Compare Source

This feature release includes multiple tweaks and fixes to RTK Query functionality, additional exported TS types, and drops support for TS versions earlier than 5.0.

Changelog

RTK Query Improvements

Lazy query hooks can now be reset.

retry.fail now accepts meta as a second argument.

Tag invalidation arrays now ignore nullish values.

We did some small internal refactoring around Maps and default values that shrank bundle size slightly.

Bugfixes

Passing skipToken to a query hook now bails out before running any other logic, which fixes cases where serializeQueryArgs previously threw an error because there were no args to process.

The autoBatchEnhancer now reads window.requestAnimationFrame later, which it to work properly with Jest fake timers.

We fixed cases where the hook result isSuccess flag would briefly flicker to false when switched to a different cache entry that was uninitialized, and would briefly flicker to true when refetching a query that previously errored.

The listener middleware previously had inconsistent logic checks for comparing against existing listener entries (effect + type, vs effect only). It now always checks both effect + type.

Additional TS Types

We now export Typed[Query|Mutation]OnQueryStarted helpers to let you define onQueryStarted callbacks outside of createApi if desired.

We also now export a CreateAsyncThunkFunction type that can be used to type userland wrappers around createAsyncThunk.

TS Support Matrix Updates

We've historically tried to maintain TS backwards compatibility as long as possible, and made occasional updates to our TS support matrix in minor versions over time. As of RTK 2.3.0, we officially supported back through TS 4.7.

As of this release, we're tweaking that support policy to match the policy used by DefinitelyTyped:

Definitely Typed only tests packages on versions of TypeScript that are less than 2 years old

Given that, we've dropped official support for TS versions earlier than 5.0. (RTK may work with those versions, but we no longer test against them and won't try to fix issues with those versions.)

We'll continue to update our TS support matrix over time based on that 2-year rolling window.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box