[Tech] Bump the non-major-dependencies group across 1 directory with 8 updates

[dependabot]

Bumps the non-major-dependencies group with 8 updates in the /frontend directory:

Package	From	To
@mtes-mct/monitor-ui	24.34.5	24.35.2
@react-pdf/renderer	4.3.0	4.3.1
@reduxjs/toolkit	2.8.2	2.9.2
dayjs	1.11.18	1.11.19
ramda	0.31.3	0.32.0
react-router	7.8.2	7.9.5
ts-jest	29.4.1	29.4.5
yup	1.7.0	1.7.1

Updates @mtes-mct/monitor-ui from 24.34.5 to 24.35.2

Release notes

Sourced from @​mtes-mct/monitor-ui's releases.

v24.35.2

24.35.2 (2025-10-30)

Bug Fixes

• components: force default option (0e61ec8)
• components: synchronizing async options with autocomplete (13ddc78)
• cypress: fix Search tests (2c88f4e)

v24.35.1

24.35.1 (2025-10-23)

Bug Fixes

• icons: modifying CalendarRepetition.svg (a5590c1)

v24.35.0

24.35.0 (2025-10-17)

Features

• icons: add calendarRepetition icon (f082a35)

Changelog

Sourced from @​mtes-mct/monitor-ui's changelog.

24.35.2 (2025-10-30)

Bug Fixes

• components: force default option (0e61ec8)
• components: synchronizing async options with autocomplete (13ddc78)
• cypress: fix Search tests (2c88f4e)

24.35.1 (2025-10-23)

Bug Fixes

• icons: modifying CalendarRepetition.svg (a5590c1)

24.35.0 (2025-10-17)

Features

• icons: add calendarRepetition icon (f082a35)

Commits

• 0e61ec8 fix(components): force default option
• 2c88f4e fix(cypress): fix Search tests
• 13ddc78 fix(components): synchronizing async options with autocomplete
• 61dc1d5 ci(release): 24.35.1
• a5590c1 fix(icons): modifying CalendarRepetition.svg
• 379e388 ci(release): 24.35.0
• f082a35 feat(icons): add calendarRepetition icon
• 125461c ci(release): 24.34.5
• See full diff in compare view

Updates @react-pdf/renderer from 4.3.0 to 4.3.1

Release notes

Sourced from @​react-pdf/renderer's releases.

@​react-pdf/renderer@​4.3.1

Patch Changes

• #3124 dcc7b403 Thanks @​pcorpet! - feat(pdfdownloadlink): add a ref to the link component

• Updated dependencies [beaffd3d, a99d10fb, 5cbe2fb0, ec063bec]:

  • @​react-pdf/layout@​4.4.1
  • @​react-pdf/pdfkit@​4.0.4
  • @​react-pdf/render@​4.3.1
  • @​react-pdf/font@​4.0.3
  • @​react-pdf/types@​2.9.1

Changelog

Sourced from @​react-pdf/renderer's changelog.

4.3.1

Patch Changes

• #3124 dcc7b403 Thanks @​pcorpet! - feat(pdfdownloadlink): add a ref to the link component

• Updated dependencies [beaffd3d, a99d10fb, 5cbe2fb0, ec063bec]:

  • @​react-pdf/layout@​4.4.1
  • @​react-pdf/pdfkit@​4.0.4
  • @​react-pdf/render@​4.3.1
  • @​react-pdf/font@​4.0.3
  • @​react-pdf/types@​2.9.1

Commits

• 4aad0f9 chore: release packages (#3220)
• 97e0c8f fix: build
• dcc7b40 feat: add a ref to the link component (#3124)
• See full diff in compare view

Updates @reduxjs/toolkit from 2.8.2 to 2.9.2

Release notes

Sourced from @​reduxjs/toolkit's releases.

v2.9.2

This bugfix release fixes a potential internal data leak in SSR environments, improves handling of headers in fetchBaseQuery, improves retry handling for unexpected errors and request aborts, and fixes a longstanding issue with prefetch leaving an unused subscription. We've also shipped a new graphqlRequestBaseQuery release with updated dependencies and better error handling.

Changelog

Internal Subscription Handling

We had a report that a Redux SSR app had internal subscription data showing up across different requests. After investigation, this was a bug introduced by the recent RTKQ perf optimizations, where the internal subscription fields were hoisted outside of the middleware setup and into createApi itself. This meant they existed outside of the per-store-instance lifecycle. We've reworked the logic to ensure the data is per-store again. We also fixed another issue that miscalculated when there was an active request while checking for cache entry cleanup.

Note that no actual app data was leaked in this case, just the internal subscription IDs that RTKQ uses in its own middleware to track the existence of subscriptions per cache entry.

fetchBaseQuery Headers

We've updated fetchBaseQuery to avoid setting content-type in cases where a non-JSONifiable value like FormData is being passed as the request body, so that the browser can set that content type itself. It also now sets the accept header based on the selected responseHandler (JSON or text).

retry Behavior and Cleanup

The retry util now respects the maxRetries option when catching unknown errors in addition to the existing known errors logic. It also now checks the request's AbortSignal and will stop retrying if aborted.

In conjunction with that, dispatching resetApiState will now abort all in-flight requests.

The prefetch util and usePrefetch hook had a long-standing issue where they would create a subscription for a cache entry, but there was no way to clean up that subscription. This meant that the cache entry was effectively permanent. They now initiate the request without adding a subscription. This will fetch the cache entry and leave it in the store for the keepUnusedDataFor period as intended, giving your app time to actually subscribe to the value (such as prefetching the cache entry in a route handler, and then subscribing in a component).

graphqlRequestBaseQuery

We've published @rtk-query/graphql-request-base-query v2.3.2, which updates the graphql-request dep to ^7. We also fixed an issue where the error handling rethrew unknown errors - it now returns {error} as a base query is supposed to.

What's Changed

• Fix potential subscription leakage in SSR environments by @​markerikson in reduxjs/redux-toolkit#5111
• Improve fetchBaseQuery default headers handling by @​markerikson in reduxjs/redux-toolkit#5112
• Respect maxRetries for unexpected errors by @​markerikson in reduxjs/redux-toolkit#5113
• fix: update graphql-request dependency to include version ^7.0.0 by @​eyesfocus in reduxjs/redux-toolkit#4987
• Add retry abort handling and abort on resetApiState by @​markerikson in reduxjs/redux-toolkit#5114
• Don't create subscriptions for prefetch calls by @​markerikson in reduxjs/redux-toolkit#5116

Full Changelog: reduxjs/redux-toolkit@v2.9.1...v2.9.2

v2.9.1

This bugfix release fixes how sorted entity adapters handle duplicate IDs, tweaks the TS types for RTKQ query state cache entries to improve how the data field is handled, and adds better cleanup for long-running listener middleware effects.

What's Changed

• fix(entityAdapter): ensure sorted addMany keeps first occurrence of duplicate ids by @​demyanm in reduxjs/redux-toolkit#5097
• fix(entityAdapter): ensure sorted setMany keeps just unique IDs in state.ids by @​demyanm in reduxjs/redux-toolkit#5107
• fix(types): ensure non-undefined data on isSuccess with exactOptionalPropertyTypes by @​CO0Ki3 in reduxjs/redux-toolkit#5088
• Allow executing effects that have become unsubscribed to be canceled by listenerMiddleware.clearListeners by @​chris-chambers in reduxjs/redux-toolkit#5102

Full Changelog: reduxjs/redux-toolkit@v2.9.0...v2.9.1

... (truncated)

Commits

• 32887d7 Release 2.9.2
• 4432629 Don't create subscriptions for prefetch calls (#5116)
• c86d948 Add retry abort handling and abort on resetApiState (#5114)
• 02630d2 fix: update graphql-request dependency to include version ^7.0.0 (#4987)
• 1b95037 Respect maxRetries for unexpected errors (#5113)
• c490b19 Improve fetchBaseQuery default headers handling (#5112)
• 7b7faea Fix potential subscription leakage in SSR environments (#5111)
• fde0be7 Release 2.9.1
• 47e7d81 Release @​rtk-query/codegen-openapi 2.1.0
• b4b7d17 Allow executing effects that have become unsubscribed to be canceled by `list...
• Additional commits viewable in compare view

Updates dayjs from 1.11.18 to 1.11.19

Release notes

Sourced from dayjs's releases.

v1.11.19

1.11.19 (2025-10-31)

Bug Fixes

• added usage warnings for diff + updated unit tests (#2948) (269a7a9)
• dont instantiate regexes within ar locale functions to avoid performance overhead (#2898) (af5e9f0)
• replace italian locale "un' ora fa" with "un'ora fa", add tests for it (#2930) (9e9f76c)
• Updated Belarusian locale with relative time (#2656) (1d8746c)

Changelog

Sourced from dayjs's changelog.

1.11.19 (2025-10-31)

Bug Fixes

• added usage warnings for diff + updated unit tests (#2948) (269a7a9)
• dont instantiate regexes within ar locale functions to avoid performance overhead (#2898) (af5e9f0)
• replace italian locale "un' ora fa" with "un'ora fa", add tests for it (#2930) (9e9f76c)
• Updated Belarusian locale with relative time (#2656) (1d8746c)

Commits

• 02b7a5c chore(release): 1.11.19 [skip ci]
• 37193be Merge pull request #2950 from iamkun/dev
• 2db920b chore: update doc
• 4f72974 chore: update doc
• 0b36a07 chore: update doc
• 269a7a9 fix: added usage warnings for diff + updated unit tests (#2948)
• 9e3132e chore: update doc
• 84201e6 chore: update doc
• 80401e3 chore: update readme
• 88ad3fd test: Add unit test for Belarusian locale (#2934)
• Additional commits viewable in compare view

Updates ramda from 0.31.3 to 0.32.0

Release notes

Sourced from ramda's releases.

v0.32.0

upgrade guide

Commits

• f0b1fb5 Version 0.32.0
• fc8f028 fix exports in package.json (#3522)
• 29470a6 docs(rebuild): fix typo (#3521)
• 7414650 docs(pipeWith): add usage example (#3520)
• 746e0f8 docs: update jsdelivr link (#3518)
• 3c81269 docs: add Map & Set example to type.js (#3517)
• 3cade36 feat: better handling of decimal arguments to range (#3516)
• d4443e6 Update head.js and last.js docs example (#3515)
• See full diff in compare view

Updates react-router from 7.8.2 to 7.9.5

Release notes

Sourced from react-router's releases.

v7.9.5

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v795

v7.9.4

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v794

v7.9.3

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v793

v7.9.2

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v792

v7.9.1

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v791

v7.9.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v790

Changelog

Sourced from react-router's changelog.

7.9.5

Patch Changes

• Move RSCHydratedRouter and utils to /dom export. (#14457)

• useRoute: return type-safe handle (#14462)

  For example:

  // app/routes/admin.tsx
  const handle = { hello: "world" };

  // app/routes/some-other-route.tsx
  export default function Component() {
    const admin = useRoute("routes/admin");
    if (!admin) throw new Error("Not nested within 'routes/admin'");
    console.log(admin.handle);
    //                ^? { hello: string }
  }

• Ensure action handlers run for routes with middleware even if no loader is present (#14443)

• Add unstable_instrumentations API to allow users to add observablity to their apps by instrumenting route loaders, actions, middlewares, lazy, as well as server-side request handlers and client side navigations/fetches (#14412)

  • Framework Mode:
    • entry.server.tsx: export const unstable_instrumentations = [...]
    • entry.client.tsx: <HydratedRouter unstable_instrumentations={[...]} />
  • Data Mode
    • createBrowserRouter(routes, { unstable_instrumentations: [...] })

  This also adds a new unstable_pattern parameter to loaders/actions/middleware which contains the un-interpolated route pattern (i.e., /blog/:slug) which is useful for aggregating performance metrics by route

7.9.4

Patch Changes

• handle external redirects in from server actions (#14400)

• New (unstable) useRoute hook for accessing data from specific routes (#14407)

  For example, let's say you have an admin route somewhere in your app and you want any child routes of admin to all have access to the loaderData and actionData from admin.

  // app/routes/admin.tsx
  import { Outlet } from "react-router";
  export const loader = () => ({ message: "Hello, loader!" });

... (truncated)

Commits

• a191812 chore: Update version for release (#14485)
• 74bef78 chore: Update version for release (pre) (#14469)
• c0577e4 Merge branch 'main' into release-next
• 0163df4 fix(react-router): run action handlers for routes with middleware even if no ...
• c84016b Minor updates for instrumentations (#14467)
• adadca5 Add unstable_instrumentations API (#14412)
• dea842d fix: move RSCHydratedRouter and utils to /dom export (#14457)
• 1d1b188 useRoute: return type-safe handle (#14462)
• 3e3a223 docs: fix references (#14441)
• 158847e fix: Fix invalid markdown link for createHashRouter (#14434)
• Additional commits viewable in compare view

Updates ts-jest from 29.4.1 to 29.4.5

Release notes

Sourced from ts-jest's releases.

v29.4.5

Please refer to CHANGELOG.md for details.

v29.4.4

Please refer to CHANGELOG.md for details.

v29.4.3

Please refer to CHANGELOG.md for details.

v29.4.2

Please refer to CHANGELOG.md for details.

Changelog

Sourced from ts-jest's changelog.

29.4.5 (2025-10-10)

Bug Fixes

• allow filtering modern module warning message with diagnostic code (c290d4d), , closes #5013

29.4.4 (2025-09-19)

Bug Fixes

• revert 29.4.3 changes (25cb706), closes #5049

29.4.3 (2025-09-17)

Bug Fixes

• introduce transpilation option to replace isolatedModules option (#5044) (5868761)

29.4.2 (2025-09-15)

Bug Fixes

• fix: node 14 compatibility (aa0d563), fixes #5038

Commits

• 9d5248a chore(release): 29.4.5
• ca8b623 refactor: improve message about using Node16/18/Next
• c290d4d fix: allow filtering modern module warning message with diagnostic code
• 1ff2dda build: replace conventional-changelog-cli dep
• 1c08db3 ci: run npm ci --ignore-scripts for workflows
• 9f60d2c ci: enhance security for Renovate PRs
• 1c1077f build(deps): Update dependency @​formatjs/ts-transformer to ^3.14.2
• 9037f2f build(deps): Update dependency @​types/node to v20.19.20
• 6ed0e1c build(deps): Update dependency semver to ^7.7.3
• 4a06f8c build(deps): Update github/codeql-action digest to a8d1ac4
• Additional commits viewable in compare view

Updates yup from 1.7.0 to 1.7.1

Changelog

Sourced from yup's changelog.

1.7.1 (2025-09-21)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[tristanrobert]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud