Bump the production-dependencies group across 1 directory with 9 updates

[dependabot]

Bumps the production-dependencies group with 9 updates in the /i-oic-integrate-headless-ai-agent/frontend_code directory:

Package	From	To
@carbon/icons-react	11.75.0	11.78.0
@carbon/react	1.101.0	1.105.0
glob	13.0.3	13.0.6
node-forge	1.3.3	1.4.0
react	19.2.4	19.2.5
react-dom	19.2.4	19.2.5
react-icons	5.5.0	5.6.0
react-syntax-highlighter	16.1.0	16.1.1
web-vitals	5.1.0	5.2.0

Updates @carbon/icons-react from 11.75.0 to 11.78.0

Release notes

Sourced from @​carbon/icons-react's releases.

v11.78.0

v11.78.0 (2025-3-12)

@carbon/elements@11.63.0

Housekeeping 🏠

• chore(release): v11.78.0 (#18813) (7ffd47315)
• chore(release): v11.78.0-rc.0 (#18803) (9134345ac)

@carbon/icon-helpers@10.56.0

Bug fixes 🐛

• fix(icon-helpers): specify types entrypoint (#18739) (78263b3ed)

Housekeeping 🏠

• chore(release): v11.78.0 (#18813) (7ffd47315)
• chore(release): v11.78.0-rc.0 (#18803) (9134345ac)

@carbon/icons@11.57.0

Housekeeping 🏠

• chore(release): v11.78.0 (#18813) (7ffd47315)
• chore(deps): bump prismjs in /packages/icons/examples/preview (#18804) (ab7d65629)
• chore(release): v11.78.0-rc.0 (#18803) (9134345ac)

@carbon/icons-react@11.57.0

Housekeeping 🏠

• chore(release): v11.78.0 (#18813) (7ffd47315)
• chore(release): v11.78.0-rc.0 (#18803) (9134345ac)

@carbon/icons-vue@10.106.0

Housekeeping 🏠

• chore(release): v11.78.0 (#18813) (7ffd47315)
• chore(release): v11.78.0-rc.0 (#18803) (9134345ac)

@carbon/pictograms@12.48.0

New features 🚀

• feat(Pictograms): new pictograms v27 (#18701) (654a00516)

Housekeeping 🏠

• chore(release): v11.78.0 (#18813) (7ffd47315)
• chore(release): v11.78.0-rc.0 (#18803) (9134345ac)

@carbon/pictograms-react@11.74.0

Housekeeping 🏠

• chore(release): v11.78.0 (#18813) (7ffd47315)
• chore(release): v11.78.0-rc.0 (#18803) (9134345ac)

... (truncated)

Commits

• 7ffd473 chore(release): v11.78.0 (#18813)
• 9134345 chore(release): v11.78.0-rc.0 (#18803)
• 2a32901 chore(release): v11.77.0 (#18708)
• faf6498 chore(release): v11.77.0-rc.0 (#18682)
• fd1b7ab chore(release): v11.76.0 (#18563)
• 9cf96c5 chore(release): v11.76.0-rc.0 (#18549)
• See full diff in compare view

Updates @carbon/react from 1.101.0 to 1.105.0

Commits

• See full diff in compare view

Updates glob from 13.0.3 to 13.0.6

Commits

• e80cb38 13.0.6
• 9cdbbff revert tsgo, not ready for test coverage correctness yet
• 89c99ba use tsgo compiler
• b7275d5 update deps, expand engines to include node 18
• 942e360 update workflows, pull taprc out of package.json
• 4a0d53c update tap for mockImport bugfix
• ef94ad2 update tap
• 180c2d4 update docs
• 37993c8 remove stray console.error in test
• 03ae4c2 13.0.5
• Additional commits viewable in compare view

Updates node-forge from 1.3.3 to 1.4.0

Changelog

Sourced from node-forge's changelog.

1.4.0 - 2026-03-24

Security

• HIGH: Denial of Service in BigInteger.modInverse()
  • A Denial of Service (DoS) vulnerability exists due to an infinite loop in the BigInteger.modInverse() function (inherited from the bundled jsbn library). When modInverse() is called with a zero value as input, the internal Extended Euclidean Algorithm enters an unreachable exit condition, causing the process to hang indefinitely and consume 100% CPU.
  • Reported by Kr0emer.
  • CVE ID: CVE-2026-33891
  • GHSA ID: GHSA-5gfm-wpxj-wjgq
• HIGH: Signature forgery in RSA-PKCS due to ASN.1 extra field.
  • RSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low public exponent keys (e=3). Attackers can forge signatures by stuffing "garbage" bytes within the ASN.1 structure in order to construct a signature that passes verification, enabling Bleichenbacher style forgery. This issue is similar to CVE-2022-24771, but adds bytes in an addition field within the ASN.1 structure, rather than outside of it.
  • Additionally, forge does not validate that signatures include a minimum of 8 bytes of padding as defined by the specification, providing attackers additional space to construct Bleichenbacher forgeries.
  • Reported as part of a U.C. Berkeley security research project by:
    • Austin Chu, Sohee Kim, and Corban Villa.
  • CVE ID: CVE-2026-33894
  • GHSA ID: GHSA-ppp5-5v6c-4jwp
• HIGH: Signature forgery in Ed25519 due to missing S < L check.
  • Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the group order (S >= L). A valid signature and its S + L variant both verify in forge, while Node.js crypto.verify (OpenSSL-backed) rejects the S + L variant, as defined by the specification. This class of signature malleability has been exploited in practice to bypass authentication and authorization logic (see CVE-2026-25793, CVE-2022-35961). Applications relying on signature uniqueness (i.e., dedup by signature bytes, replay tracking, signed-object canonicalization checks) may be bypassed.
  • Reported as part of a U.C. Berkeley security research project by:
    • Austin Chu, Sohee Kim, and Corban Villa.
  • CVE ID: CVE-2026-33895
  • GHSA ID: GHSA-q67f-28xg-22rw
• HIGH: basicConstraints bypass in certificate chain verification.
  • pki.verifyCertificateChain() does not enforce RFC 5280 basicConstraints requirements when an intermediate certificate lacks both the basicConstraints and keyUsage extensions. This allows any leaf certificate (without these extensions) to act as a CA and sign other certificates, which node-forge will accept as valid.
  • Reported by Doruk Tan Ozturk (@​peaktwilight) - doruk.ch
  • CVE ID: CVE-2026-33896
  • GHSA ID: GHSA-2328-f5f3-gj25

... (truncated)

Commits

• fa385f9 Release 1.4.0.
• 07d4e16 Update changelog.
• cb90fd9 Update changelog.
• 963e7c5 Add unit test for "pseudonym"
• f0b6f5b Add pseudonym OID
• 3df48a3 Fix missing CVE ID.
• 2e49283 Add x509 basicConstraints check.
• bdecf11 Add canonical signature scaler check for S < L.
• af094e6 Add RSA padding and DigestInfo length checks.
• 796eeb1 Improve jsbn fix.
• Additional commits viewable in compare view

Updates react from 19.2.4 to 19.2.5

Release notes

Sourced from react's releases.

19.2.5 (April 8th, 2026)

React Server Components

• Add more cycle protections (#36236 by @​eps1lon and @​unstubbable)

Commits

• 23f4f9f 19.2.5
• See full diff in compare view

Updates react-dom from 19.2.4 to 19.2.5

Release notes

Sourced from react-dom's releases.

19.2.5 (April 8th, 2026)

React Server Components

• Add more cycle protections (#36236 by @​eps1lon and @​unstubbable)

Commits

• 23f4f9f 19.2.5
• See full diff in compare view

Updates react-icons from 5.5.0 to 5.6.0

Release notes

Sourced from react-icons's releases.

v5.6.0

What's Changed

• Bump prismjs from 1.29.0 to 1.30.0 by @​dependabot[bot] in react-icons/react-icons#1033
• Bump @​babel/helpers from 7.23.2 to 7.26.10 by @​dependabot[bot] in react-icons/react-icons#1036
• Bump http-proxy-middleware from 2.0.7 to 2.0.9 by @​dependabot[bot] in react-icons/react-icons#1041
• Bump form-data from 3.0.1 to 3.0.4 by @​dependabot[bot] in react-icons/react-icons#1058
• Bump vite from 5.4.14 to 5.4.20 by @​dependabot[bot] in react-icons/react-icons#1071
• upgrade packages by @​kamijin-fanta in react-icons/react-icons#1075
• Bump tar from 6.2.0 to 6.2.1 by @​dependabot[bot] in react-icons/react-icons#1078
• Bump vite from 6.3.6 to 6.4.1 by @​dependabot[bot] in react-icons/react-icons#1081
• Bump tmp from 0.2.3 to 0.2.5 by @​dependabot[bot] in react-icons/react-icons#1077
• Bump glob from 11.0.3 to 11.1.0 by @​dependabot[bot] in react-icons/react-icons#1089
• Bump @​babel/runtime from 7.23.2 to 7.28.4 by @​dependabot[bot] in react-icons/react-icons#1073
• Bump node-forge from 1.3.1 to 1.3.2 by @​dependabot[bot] in react-icons/react-icons#1092
• Bump mdast-util-to-hast from 13.0.2 to 13.2.1 by @​dependabot[bot] in react-icons/react-icons#1094
• Bump undici from 7.16.0 to 7.18.2 by @​dependabot[bot] in react-icons/react-icons#1103
• Bump devalue from 5.3.2 to 5.6.2 by @​dependabot[bot] in react-icons/react-icons#1104
• Bump h3 from 1.15.4 to 1.15.5 by @​dependabot[bot] in react-icons/react-icons#1105
• Bump diff from 5.2.0 to 5.2.2 by @​dependabot[bot] in react-icons/react-icons#1107
• Bump webpack from 5.94.0 to 5.104.1 by @​dependabot[bot] in react-icons/react-icons#1110
• Bump jsonpath from 1.1.1 to 1.2.1 by @​dependabot[bot] in react-icons/react-icons#1113
• Bump devalue from 5.6.2 to 5.6.3 by @​dependabot[bot] in react-icons/react-icons#1115
• Bump astro from 5.14.1 to 5.15.9 by @​dependabot[bot] in react-icons/react-icons#1091
• Bump ajv from 6.12.6 to 6.14.0 by @​dependabot[bot] in react-icons/react-icons#1116

Full Changelog: react-icons/react-icons@v5.5.0...v5.6.0

Icon Library	License	Version	Count
Circum Icons	MPL-2.0 license	1.0.0	288
Font Awesome 5	CC BY 4.0 License	5.15.4-3-gafecf2a	1612
Font Awesome 6	CC BY 4.0 License	6.7.2-1-g840c215	2060
Ionicons 4	MIT	4.6.3	696
Ionicons 5	MIT	5.5.4	1332
Material Design icons	Apache License Version 2.0	4.0.0-142-gbb04090f93	4341
Typicons	CC BY-SA 3.0	2.1.2	336
Github Octicons icons	MIT	18.3.0	264
Feather	MIT	4.29.2	287
Lucide	ISC	0.462.0	1541
Game Icons	CC BY 3.0	12920d6565588f0512542a3cb0cdfd36a497f910	4040
Weather Icons	SIL OFL 1.1	2.0.12	219
Devicons	MIT	1.8.0	192
Ant Design Icons	MIT	4.4.2	831
Bootstrap Icons	MIT	1.13.1	2754
Remix Icon	Apache License Version 2.0	4.6.0	3058
Flat Color Icons	MIT	1.0.2	329
Grommet-Icons	Apache License Version 2.0	4.14.0	637
Heroicons	MIT	1.0.6	460
Heroicons 2	MIT	2.2.0	972

... (truncated)

Commits

• 6501a41 v5.6.0
• 387e780 update icons
• fb057e7 5.5.1-snapshot.0
• 6f74755 update eslint
• 73c281f Bump ajv from 6.12.6 to 6.14.0 (#1116)
• 3f2b264 Bump astro from 5.14.1 to 5.15.9 (#1091)
• 04adc76 Bump devalue from 5.6.2 to 5.6.3 (#1115)
• 44a5e85 Bump jsonpath from 1.1.1 to 1.2.1 (#1113)
• e2c1d6c Bump webpack from 5.94.0 to 5.104.1 (#1110)
• f3dca02 Bump diff from 5.2.0 to 5.2.2 (#1107)
• Additional commits viewable in compare view

Updates react-syntax-highlighter from 16.1.0 to 16.1.1

Release notes

Sourced from react-syntax-highlighter's releases.

v16.1.1

What's Changed

• Updated installation section in README.md by @​quntamant in react-syntax-highlighter/react-syntax-highlighter#633
• fix: ESM missing .js by @​JulesGuesnon in react-syntax-highlighter/react-syntax-highlighter#627
• Fix: grammar in README.md by @​WuMingDao in react-syntax-highlighter/react-syntax-highlighter#622

New Contributors

• @​quntamant made their first contribution in react-syntax-highlighter/react-syntax-highlighter#633
• @​JulesGuesnon made their first contribution in react-syntax-highlighter/react-syntax-highlighter#627
• @​WuMingDao made their first contribution in react-syntax-highlighter/react-syntax-highlighter#622

Full Changelog: react-syntax-highlighter/react-syntax-highlighter@v16.1.0...v16.1.1

Commits

• ecac533 new package lock
• 4957908 version bump
• 5853a48 Fix: grammar in README.md (#622)
• fc5d7b7 fix: Added a babel plugin to auto add the js exts for esm (#627)
• d2b43e0 Updated installation section in README.md (#633)
• See full diff in compare view

Updates web-vitals from 5.1.0 to 5.2.0

Changelog

Sourced from web-vitals's changelog.

v5.2.0 (2026-03-25)

• Replace filter()[0] with find() for better performance (#658)
• Use queueMicrotask for microtask scheduling (#660)
• Simplify the event and LoAF entry clean up logic (#662)
• Remove obsolete FID polyfill types (#675)
• Use LargestContentfulPaint.id as fallback when element is removed from DOM (#676)
• Fix bug for onLCP when attached late (#697)
• FHandle initially hidden pages and onLCP registered on visibility change (#698)
• Ensure we clear idle callbacks in whenIdleOrHidden (#707)
• Limit pending events to conserve memory (#710)
• Add includeProcessedEventEntries option (#714)
• Reduce bundle size by refactoring (#713)

Commits

• c071fd0 Release v5.2.0
• 15cd449 Prep changelog for v.5.2.0 (#693)
• 384dd9c Reduce bundle size by refactoring (#713)
• 1742e6b Add includeProcessedEventEntries option (#714)
• 4733a93 Bump flatted from 3.3.3 to 3.4.2 (#718)
• efc4845 Bump fast-xml-parser from 5.5.6 to 5.5.7 (#717)
• 8e4e689 Bump undici from 6.23.0 to 6.24.1 (#716)
• 9750cc9 Bump fast-xml-parser from 5.4.2 to 5.5.6 (#715)
• 8fb24d7 Limit pending events to conserve memory (#710)
• 1a8233e Address flaky test (#711)
• Additional commits viewable in compare view

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: frontend. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.