deps: bump the safe-dependencies group across 2 directories with 18 updates

[dependabot]

Bumps the safe-dependencies group with 17 updates in the / directory:

Package	From	To
@tanstack/react-query	5.90.11	5.90.12
betterknown	1.1.1	1.2.0
firebase	12.6.0	12.7.0
firebase-functions	7.0.0	7.0.2
react	19.2.1	19.2.3
react-aria	3.44.0	3.45.0
react-aria-components	1.13.0	1.14.0
react-dom	19.2.1	19.2.3
react-stately	3.42.0	3.43.0
@typescript-eslint/eslint-plugin	8.48.1	8.50.0
@vitejs/plugin-react	5.1.1	5.1.2
autoprefixer	10.4.22	10.4.23
eslint	9.39.1	9.39.2
firebase-tools	14.26.0	14.27.0
lucide-react	0.544.0	0.562.0
tailwindcss	3.4.18	3.4.19
vite	7.2.6	7.3.0

Bumps the safe-dependencies group with 3 updates in the /functions directory: eslint, firebase-tools and @google-cloud/cloud-sql-connector.

Updates @tanstack/react-query from 5.90.11 to 5.90.12

Release notes

Sourced from @​tanstack/react-query's releases.

@​tanstack/react-query-persist-client@​5.90.12

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-persist-client-core@​5.91.9
  • @​tanstack/react-query@​5.90.10

@​tanstack/react-query@​5.90.12

Patch Changes

• Updated dependencies [72d8ac5]:
  • @​tanstack/query-core@​5.90.12

Changelog

Sourced from @​tanstack/react-query's changelog.

5.90.12

Patch Changes

• Updated dependencies [72d8ac5]:
  • @​tanstack/query-core@​5.90.12

Commits

• 9e8709e ci: Version Packages (#9945)
• 72d8ac5 fix: update react and nextJs (#9944)
• See full diff in compare view

Updates betterknown from 1.1.1 to 1.2.0

Release notes

Sourced from betterknown's releases.

v1.2.0

Minor Changes

• 3ca5284: Support for stringifying according to OGC SFA 1.2.0 standard. Specifically, this changes the MULTIPOINT syntax: in 1.2.0, a MULTIPOINT looks like MULTIPOINT ((1 2),(3 4)). In previous versions, it looks like MULTIPOINT (1 2,3 4).

  You can choose a specific version by supplying an options argument to geoJsonToWkt:

  geoJSONToWkt(
    {
      type: "MultiPoint",
      coordinates: [
        [1, 2],
        [3, 4],
      ],
    },
    { version: "1.2.0" }
  );

  There is no version option for parsing WKT at this point, because it cleanly parses 1.1.1 and 1.2.0 already.

Changelog

Sourced from betterknown's changelog.

1.2.0

Minor Changes

• 3ca5284: Support for stringifying according to OGC SFA 1.2.0 standard. Specifically, this changes the MULTIPOINT syntax: in 1.2.0, a MULTIPOINT looks like MULTIPOINT ((1 2),(3 4)). In previous versions, it looks like MULTIPOINT (1 2,3 4).

  You can choose a specific version by supplying an options argument to geoJsonToWkt:

  geoJSONToWkt(
    {
      type: "MultiPoint",
      coordinates: [
        [1, 2],
        [3, 4],
      ],
    },
    { version: "1.2.0" }
  );

  There is no version option for parsing WKT at this point, because it cleanly parses 1.1.1 and 1.2.0 already.

Commits

• 09ea548 Version Packages (#27)
• 3ca5284 Support stringifying into 1.2.1 standard (#26)
• See full diff in compare view

Updates firebase from 12.6.0 to 12.7.0

Release notes

Sourced from firebase's releases.

firebase@12.7.0

For more detailed release notes, see Firebase JavaScript SDK Release Notes.

What's Changed

@​firebase/auth@​1.12.0

Minor Changes

• 1e406a2 #9410 - Upgraded react-native-async-storage peerDependency to v2+.

firebase@12.7.0

Minor Changes

• Update root "firebase" package as a "minor" release due to bumps in: @​firebase/auth.

Patch Changes

• Updated dependencies [1e406a2, bc2b2cd, 5c7430d, 5940794]:
• @​firebase/auth@​1.12.0
• @​firebase/ai@​2.6.1
• @​firebase/firestore@​4.9.3
• @​firebase/auth-compat@​0.6.2
• @​firebase/firestore-compat@​0.4.3

@​firebase/ai@​2.6.1

Patch Changes

• bc2b2cd #9399 - update the link /genai to /ailogic

• 5c7430d #9381 - Fix generateContentStream returning wrong inferenceSource.

@​firebase/auth-compat@​0.6.2

Patch Changes

• Updated dependencies [1e406a2]:
• @​firebase/auth@​1.12.0

@​firebase/firestore@​4.9.3

Patch Changes

• 5940794 #9386 (fixes #9378) - Fix: Corrected misleading error message when doc() is called with undefined.

@​firebase/firestore-compat@​0.4.3

... (truncated)

Commits

• 8e26a55 Version Packages (#9428)
• 4cc583c Merge main into release
• bc2b2cd update link to /ailogic (#9399)
• 5511b4f test(ai): Add all general use models to integration tests (#9413)
• 1e406a2 add changeset for #9385 (#9410)
• a09ef78 build(deps): update optional react-native-async-storage peerDependency to v2+...
• 5c7430d fix(ai): Fix generateContentStream returning wrong inferenceSource. (#9381)
• f5fc6bf test(ai): Remove flaky token count integration expect directives (#9401)
• 9101b46 test(ai): prompt for grep string in debug script (#9400)
• e6415dd test(ai): run prompt templates integration tests against prod endpoint (#9387)
• Additional commits viewable in compare view

Updates firebase-functions from 7.0.0 to 7.0.2

Release notes

Sourced from firebase-functions's releases.

v7.0.2

• Export param types (SecretParam, StringParam, etc.) from firebase-functions/params for type annotations. (#1789)
• Remove attemptDeadlineSeconds in v2 scheduled functions. (#1776)
• Allow JsonSecretParam in function secrets option arrays. (#1788)

v7.0.1

• Fix "Dual-Package Hazard" for parameterized configuration in ESM projects. (#1780)

Commits

• e6d5c66 7.0.2
• a35cc87 7.0.2-rc.0
• bb407c6 fix: export param types from firebase-functions/params (#1789)
• fd0e291 fix: allow JsonSecretParam in secrets array (#1788)
• 3577d9b feat: remove attemptDeadlineSeconds in v2 scheduled functions (#1776)
• b024089 [firebase-release] Removed change log and reset repo after 7.0.1 release
• 54702ee 7.0.1
• fca9960 7.0.1-rc.0
• fdeacc3 fix: Resolve dual-package hazard for params in ESM (#1780)
• 2c2c78d feat: add attemptDeadlineSeconds support to v2 scheduled functions (#1772)
• Additional commits viewable in compare view

Updates react from 19.2.1 to 19.2.3

Release notes

Sourced from react's releases.

19.2.3 (December 11th, 2025)

React Server Components

• Add extra loop protection to React Server Functions (@​sebmarkbage #35351)

19.2.2 (December 11th, 2025)

React Server Components

• Move react-server-dom-webpack/*.unbundled to private react-server-dom-unbundled (@​eps1lon facebook/react#35290)
• Patch Promise cycles and toString on Server Functions (@​sebmarkbage, @​unstubbable #35289, #35345)

Commits

• 612e371 Version 19.2.3
• b910fc1 Version 19.2.2
• See full diff in compare view

Updates react-aria from 3.44.0 to 3.45.0

Commits

• 602e586 Publish
• bd84160 chore: replacing internationalized OG with updated React Aria icon (#9350)
• cd3c588 docs: Homepage updates and fixes (#9344)
• 3ad9c26 fix: v3 menus alternative approach (#9345)
• f208529 chore: remove alpha for release (#9351)
• 8fabbed docs: Style macro reference table refactor (#9329)
• e5bb07b chore: fix broken link in migrating docs (#9347)
• e4cae96 fix: testing bugs in NumberField, Tooltip, and Popover (#9342)
• 0caa399 docs: add shouldCloseOnPress to RAC Tooltip docs (#9341)
• 6c29f7a fix: fix firstDayOfWeek styling in S2 DateRangePicker (#9340)
• Additional commits viewable in compare view

Updates react-aria-components from 1.13.0 to 1.14.0

Release notes

Sourced from react-aria-components's releases.

December 16, 2025 Release

Wrapping up this year with a bang and our most exciting release yet! Meet our new website. We heard your feedback and have reimagined the docs to be more concise and make greater use of interactive examples using prop controls. Code examples have been refined to highlight what matters most, and real-world app examples show how all these pieces come together. The new search experience includes image previews and category and library filtering, helping you find what you need faster. There are more component examples, new guides, AI-friendly page markdown, and MCP servers, all wrapped up in a fresh new look. 🎁 Explore the updated experience of React Aria.

Along with our new look, we have released a stable version of Spectrum 2, a major update to Adobe’s Design System built on top of React Aria Components. Spectrum 2 delivers modern, refined components with better accessibility, performance, and styling flexibility using style macros. Use our updated search to browse the new components, or visit our migration guide to learn how to upgrade. Check it out!

As usual, we have included various new features and bug fixes, including support for animated Tab transitions in React Aria, and inline TableView editing in React Spectrum. Thank you to all our contributors in this release and from this past year. We hope you enjoy the updates, see you in 2026!

• React Aria release notes
• React Spectrum release notes

Commits

• 602e586 Publish
• bd84160 chore: replacing internationalized OG with updated React Aria icon (#9350)
• cd3c588 docs: Homepage updates and fixes (#9344)
• 3ad9c26 fix: v3 menus alternative approach (#9345)
• f208529 chore: remove alpha for release (#9351)
• 8fabbed docs: Style macro reference table refactor (#9329)
• e5bb07b chore: fix broken link in migrating docs (#9347)
• e4cae96 fix: testing bugs in NumberField, Tooltip, and Popover (#9342)
• 0caa399 docs: add shouldCloseOnPress to RAC Tooltip docs (#9341)
• 6c29f7a fix: fix firstDayOfWeek styling in S2 DateRangePicker (#9340)
• Additional commits viewable in compare view

Updates react-dom from 19.2.1 to 19.2.3

Release notes

Sourced from react-dom's releases.

19.2.3 (December 11th, 2025)

React Server Components

• Add extra loop protection to React Server Functions (@​sebmarkbage #35351)

19.2.2 (December 11th, 2025)

React Server Components

• Move react-server-dom-webpack/*.unbundled to private react-server-dom-unbundled (@​eps1lon facebook/react#35290)
• Patch Promise cycles and toString on Server Functions (@​sebmarkbage, @​unstubbable #35289, #35345)

Commits

• 612e371 Version 19.2.3
• b910fc1 Version 19.2.2
• See full diff in compare view

Updates react-stately from 3.42.0 to 3.43.0

Release notes

Sourced from react-stately's releases.

July 22, 2025 Release

Happy summer! This release adds support for async loading and infinite scrolling, improves form integration and drag and drop interactions, and adds support for additional DOM events and attributes.

The new LoadMoreItem components supported in ListBox, GridList, Table, and Tree enables infinite scrolling. These trigger the loading of additional pages of items and display a loading spinner. Multiple LoadMoreItems can be rendered within a collection too, enabling loading multiple levels of a tree or sections of data from different APIs.

We've also opened up the React Aria Components API to pass through more DOM events and attributes. This improves integration with other libraries, for example making it possible to use another library's menu with a React Aria button.

As always, thanks so much to everyone who contributed to this release!

Full release notes

June 5, 2025 Release

Drop everything! Drag and drop support in React Aria Tree has been released! 🫳🎤 This supports moving items within a tree or between collection components, with full keyboard and screen reader accessibility. It's interoperable with our existing drag and drop support in components like Table and GridList, and with third party apps via native HTML APIs. Check out our previous blog post on drag and drop to learn about the interactions, and our new Tree drag and drop documentation.

This release also includes some highly requested bug fixes, including scrollbar layout shifts when opening popovers and modals, date picker interaction improvements, and enhancements to our form components.

As always, thank you to our community for their support and contributions!

Full Release Notes

Commits

• 602e586 Publish
• bd84160 chore: replacing internationalized OG with updated React Aria icon (#9350)
• cd3c588 docs: Homepage updates and fixes (#9344)
• 3ad9c26 fix: v3 menus alternative approach (#9345)
• f208529 chore: remove alpha for release (#9351)
• 8fabbed docs: Style macro reference table refactor (#9329)
• e5bb07b chore: fix broken link in migrating docs (#9347)
• e4cae96 fix: testing bugs in NumberField, Tooltip, and Popover (#9342)
• 0caa399 docs: add shouldCloseOnPress to RAC Tooltip docs (#9341)
• 6c29f7a fix: fix firstDayOfWeek styling in S2 DateRangePicker (#9340)
• Additional commits viewable in compare view

Updates @typescript-eslint/eslint-plugin from 8.48.1 to 8.50.0

Release notes

Sourced from @​typescript-eslint/eslint-plugin's releases.

v8.50.0

8.50.0 (2025-12-15)

🚀 Features

• eslint-plugin: [no-useless-default-assignment] add rule (#11720)

❤️ Thank You

• Josh Goldberg ✨
• Ulrich Stark

You can read about our versioning strategy and releases on our website.

v8.49.0

8.49.0 (2025-12-08)

🚀 Features

• eslint-plugin: use Intl.Segmenter instead of graphemer (#11804)

🩹 Fixes

• deps: update dependency prettier to v3.7.2 (#11820)

❤️ Thank You

• Justin McBride
• Kirk Waiblinger @​kirkwaiblinger

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/eslint-plugin's changelog.

8.50.0 (2025-12-15)

🚀 Features

• eslint-plugin: [no-useless-default-assignment] add rule (#11720)

❤️ Thank You

• Josh Goldberg ✨
• Ulrich Stark

You can read about our versioning strategy and releases on our website.

8.49.0 (2025-12-08)

🚀 Features

• eslint-plugin: use Intl.Segmenter instead of graphemer (#11804)

🩹 Fixes

• deps: update dependency prettier to v3.7.2 (#11820)

❤️ Thank You

• Justin McBride
• Kirk Waiblinger @​kirkwaiblinger

You can read about our versioning strategy and releases on our website.

Commits

• c62e858 chore(release): publish 8.50.0
• 1301f79 feat(eslint-plugin): [no-useless-default-assignment] add rule (#11720)
• 864595a chore(release): publish 8.49.0
• 32b7e89 chore(deps): update dependency @​vitest/eslint-plugin to v1.5.1 (#11816)
• 56149a2 feat(eslint-plugin): use Intl.Segmenter instead of graphemer (#11804)
• 34a49a4 fix(deps): update dependency prettier to v3.7.2 (#11820)
• d2d7ace docs: fixes bad link to jest docs in unbound-method rule page (#11823)
• See full diff in compare view

Updates @vitejs/plugin-react from 5.1.1 to 5.1.2

Changelog

Sourced from @​vitejs/plugin-react's changelog.

5.1.2 (2025-12-08)

Commits

• f127a24 release: plugin-react@5.1.2
• db1c665 fix(react): newer full bundle mode compat (#1011)
• 1f372b6 fix(deps): update all non-major dependencies (#1008)
• d52455e fix(deps): update react 19.2.1 (#998)
• bcda041 fix(deps): update all non-major dependencies (#995)
• c80546d fix(deps): update all non-major dependencies (#982)
• See full diff in compare view

Updates autoprefixer from 10.4.22 to 10.4.23

Release notes

Sourced from autoprefixer's releases.

10.4.23

• Reduced dependencies (by @​hyperz111).

Changelog

Sourced from autoprefixer's changelog.

10.4.23

• Reduced dependencies (by @​hyperz111).

Commits

• 212ba3c Release 10.4.23 version
• 7f62fb6 Update dependencies
• c455bb1 chore: inline and simplify normalize-range (#1539)
• See full diff in compare view

Updates eslint from 9.39.1 to 9.39.2

Release notes

Sourced from eslint's releases.

v9.39.2

Bug Fixes

• 5705833 fix: warn when eslint-env configuration comments are found (#20381) (sethamus)

Build Related

• 506f154 build: add .scss files entry to knip (#20391) (Milos Djermanovic)

Chores

• 7ca0af7 chore: upgrade to @eslint/js@9.39.2 (#20394) (Francesco Trotta)
• c43ce24 chore: package.json update for @​eslint/js release (Jenkins)
• 4c9858e ci: add v9.x-dev branch (#20382) (Milos Djermanovic)

Commits

• 9278324 9.39.2
• 542266a Build: changelog update for 9.39.2
• 7ca0af7 chore: upgrade to @eslint/js@9.39.2 (#20394)
• c43ce24 chore: package.json update for @​eslint/js release
• 5705833 fix: warn when eslint-env configuration comments are found (#20381)
• 506f154 build: add .scss files entry to knip (#20391)
• 4c9858e ci: add v9.x-dev branch (#20382)
• See full diff in compare view

Updates firebase-tools from 14.26.0 to 14.27.0

Release notes

Sourced from firebase-tools's releases.

v14.27.0

• Fixed issue where MCP server didn't detect if iOS app uses Crashlytics in projects that use project.pbxproj (#9515)
• Add logic to synchronize v2 scheduled function timeout with Cloud Schduler's attempt deadline (#9544)
• Prevent deployments of Next.js apps vulnerable to CVE-2025-66478 (#9572)
• Updated Data Connect emulator to v2.17.3:
  • Fixed Swift codegen: Include FirebaseCore import in the connector keys file.
  • Fixed a bug where debug details of Internal errors were swallowed: firebase/firebase-tools#9508

Commits

• fe59d29 14.27.0
• a893579 Fix typo in release script
• 763951a prevent deployments of Next.js apps vulnerable to CVE-2025-66478 (#9572)
• c23ac23 Update past react 19.2.0 (#9566)
• 5677708 Data Connect Emulator release v2.17.3 (#9573)
• bc0e7ea Fix remoteconfig:versions:list error (#9549)
• b14d2d7 add simplified Firebase MCP Server README for Antigravity (#9534)
• c65d86b Adding tests for loadCJSON (#9556)
• c6fc7d8 Docker image vulnerbaility fixes (#9560)
• 63e891e working progress of mcp server registry (#9491)
• Additional commits viewable in compare view

Updates lucide-react from 0.544.0 to 0.562.0

Release notes

Sourced from lucide-react's releases.

Version 0.562.0

What's Changed

• fix(icons): changed paint-bucket icon by @​jguddas in lucide-icons/lucide#3880
• fix(site): Fix and unify color-picker font-size by @​taimar in lucide-icons/lucide#3889
• fix(react-native-web): only add className prop to parent Icon component by @​jguddas in lucide-icons/lucide#3892
• fix(lucide-react-native): remove icons namespace export to enable tree-shaking by @​jtomaszewski in lucide-icons/lucide#3868
• feat(icons): added toolbox icon by @​karsa-mistmere in lucide-icons/lucide#3871

New Contributors

• @​taimar made their first contribution in lucide-icons/lucide#3889
• @​jtomaszewski made their first contribution in lucide-icons/lucide#3868

Full Changelog: lucide-icons/lucide@0.561.0...0.562.0

Version 0.561.0

What's Changed

• fix(site): Small adjustments color picker and add clear button search bar by @​ericfennis in lucide-icons/lucide#3851
• feat(icons): added stone icon by @​Alportan in lucide-icons/lucide#3850

Full Changelog: lucide-icons/lucide@0.560.0...0.561.0

Version 0.560.0

What's Changed

• feat(icons): added cannabis-off icon by @​NickVeles in lucide-icons/lucide#3748

New Contributors

• @​NickVeles made their first contribution in lucide-icons/lucide#3748

Full Changelog: lucide-icons/lucide@0.559.0...0.560.0

Version 0.559.0

What's Changed

• feat(icons): added fishing-hook icon by @​7ender in lucide-icons/lucide#3837

New Contributors

• @​7ender made their first contribution in lucide-icons/lucide#3837

Full Changelog: lucide-icons/lucide@0.558.0...0.559.0

Version 0.558.0

What's Changed

• feat(icons): added hd icon by @​jamiemlaw in lucide-icons/lucide#2958

Full Changelog: lucide-icons/lucide@0.557.0...0.558.0

Version 0.557.0

What's Changed

• fix(github/workflows/ci): fixes linting issues by @​karsa-mistmere in lucide-icons/lucide#3858

... (truncated)

Commits

• 076e0bb chore(dependencies): Update dependencies (#3809)
• 80d6f73 fix(icons): Rename fingerprint icon to fingerprint-pattern (#3767)
• 1cfb3ff chore(deps-dev): bump vite from 6.3.5 to 6.3.6 (#3611)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for lucide-react since your current version.

Updates tailwindcss from 3.4.18 to 3.4.19

Release notes

Sourced from tailwindcss's releases.

v3.4.19

Fixed

• Don’t break sibling-*() functions when used inside calc(…) (#19335)

Changelog

Sourced from tailwindcss's changelog.

[3.4.19] - 2025-12-10

Fixed

• Don’t break sibling-*() functions when used inside calc(…) (#19335)

[4.1.17] - 2025-11-06

Fixed

• Substitute @variant inside legacy JS APIs (#19263)
• Prevent occasional crash on Windows when loaded into a worker thread (#19242)

[4.1.16] - 2025-10-23

Fixed

• Discard candidates with an empty data type (#19172)
• Fix canonicalization of arbitrary variants with attribute selectors (#19176)
• Fix invalid colors due to nested & (#19184)
• Improve canonicalization for & > :pseudo and & :pseudo arbitrary variants (#19178)

[4.1.15] - 2025-10-20

Fixed

• Fix Safari devtools rendering issue due to color-mix fallback (#19069)
• Suppress Lightning CSS warnings about :deep, :slotted, and :global (#19094)
• Fix resolving theme keys when starting with the name of another theme key in JS configs and plugins (#19097)
• Allow named groups in combination with not-*, has-*, and in-* (#19100)
• Prevent important utilities from affecting other utilities (#19110)
• Don’t index into strings with the theme(…) function (#19111)
• Fix parsing issue when \t is used in at-rules (#19130)
• Upgrade: Canonicalize utilities containing 0 values (#19095)
• Upgrade: Migrate deprecated break-words to wrap-break-word (#19157)

Changed

• Remove the postinstall script from oxide (#19149)(tailwindlabs/tailwindcss#19149)

[4.1.14] - 2025-10-01

Fixed

• Handle ' syntax in ClojureScript when extracting classes (#18888)
• Handle @variant inside @custom-variant (#18885)
• Merge suggestions when using @utility (#18900)
• Ensure that file system watchers created when using the CLI are always cleaned up (#18905)
• Do not generate grid-column utilities when configuring grid-column-start or grid-column-end (#18907)
• Do not generate grid-row utilities when configuring grid-row-start or grid-row-end (#18907)

... (truncated)

Commits

• See full diff in compare view

Updates vite from 7.2.6 to 7.3.0

Release notes

Sourced from vite's releases.

v7.3.0

Please refer to CHANGELOG.md for details.

v7.2.7

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

7.3.0 (2025-12-15)

Features

• deps: update esbuild from ^0.25.0 to ^0.27.0 (#21183) (cff26ec)

7.2.7 (2025-12-08)

Bug Fixes

• plugin shortcut support (#21211) (721f163)

Commits

• acf7e05 release: v7.3.0
• cff26ec feat(deps): update esbuild from ^0.25.0 to ^0.27.0 (#21183)
• 317b3b2 release: v7.2.7
• 721f163 fix: plugin shortcut support (#21211)
• See full diff in compare view

Updates eslint from 9.39.1 to 9.39.2

Release notes

Sourced from eslint's releases.

v9.39.2

Bug Fixes

• 5705833 fix: warn when eslint-env configuration comments are found (#20381) (sethamus)

Build Related

• 506f154 build: add .scss files entry to knip (#20391) (Milos Djermanovic)

Chores

• 7ca0af7 chore: upgrade to @eslint/js@9.39.2 (#20394) (Francesco Trotta)
• c43ce24 chore: package.json update for @​eslint/js release (Jenkins)
• 4c9858e<...

  Description has been truncated