chore: update dependencies

[urangel]

Description

• updates font awesome deps
• updates jsdom
• updates trivy version in vuln scan workflow
• sets resolution for braces

Motivation and Context

Resolves BED-6541

Why is this change required? What problem does it solve?

How Has This Been Tested?

Housekeeping. Vuln check passes for the braces dep

Screenshots (optional):

Types of changes

• Chore (a change that does not modify the application functionality)

Checklist:

• I have met the contributing prerequisites
  • Assigned myself to this PR
  • Added the appropriate labels
  • Associated an issue: Issues and Pull Requests README #672
  • Read the Contributing guide: https://github.com/SpecterOps/BloodHound/wiki/Contributing
• I have ensured that related documentation is up-to-date
  • Open API docs
  • Code comments (GoDocs / JSDocs)
• I have followed proper test practices
  • Added/updated tests to cover my changes
  • All new and existing tests passed

Summary by CodeRabbit

• Chores

  • Updated vulnerability scanner to the latest Trivy action.
  • Tightened dependency resolutions (dompurify) and added constrained tar-fs.
  • Upgraded Font Awesome packages (including react-fontawesome) to 6.7.2/3.0.2.
  • Bumped jsdom to 27.x.

• Documentation

  • None.

• Refactor

  • None.

• Bug Fixes

  • None.

• Tests

  • None.

• Style

  • None.

• Revert

  • None.

[coderabbitai]

Walkthrough

Updates CI vuln scanner action and upgrades/resolves several frontend dependencies: adjusts root package resolutions for dompurify/braces/tar-fs and bumps Font Awesome packages and jsdom in UI packages. No application source or public API changes detected.

Changes

Cohort / File(s)	Summary
CI workflow update .github/workflows/vuln-scan.yml	Update Trivy action from aquasecurity/[email protected] to @0.33.1.
Root package resolutions package.json	Replace [email protected] resolution with braces range >=3.0.3 <4.0.0, reintroduce [email protected], add tar-fs range >=2.1.3 <3.0.0, remove previous tar-fs@^2.1.2.
UI deps: Font Awesome & jsdom packages/javascript/bh-shared-ui/package.json, cmd/ui/package.json	Bump Font Awesome packages to ^6.7.2 and @fortawesome/react-fontawesome to ^3.0.2; update jsdom to ^27.0.0 (where present in deps/devDeps).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested reviewers

• jvacca-specterops
• mistahj67

Poem

I hop through branches, tidy and spry,
Versions leap forward beneath the sky.
Icons and jsdom polished and new,
Trivy sniffs the paths we view.
Carrots of updates—merged with a sigh 🥕

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description Check	⚠️ Warning	While the description includes the required headings, the Motivation and Context section still contains the placeholder prompt instead of explaining why these dependency updates are necessary, and the How Has This Been Tested section only briefly states that the vulnerability check passes without detailing the test environment or steps taken.	Please replace the placeholder text in the Motivation and Context section with a clear explanation of the problem these updates solve and expand the How Has This Been Tested section with specific test steps, environments, and results to fully meet the template requirements.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The title “chore: update dependencies” clearly and concisely reflects the primary purpose of this changeset, which is to update various dependencies across the codebase, and follows a common conventional commit style that makes the intent immediately obvious to reviewers.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch BED-6541

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6260a40 and 87f3459.

⛔ Files ignored due to path filters (136)

• .yarn/cache/@ampproject-remapping-npm-2.2.1-3da3d624be-03c04fd526.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@asamuzakjp-css-color-npm-4.0.5-aced85c302-8e115bfb00.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@asamuzakjp-dom-selector-npm-6.5.6-419f29e1af-2bd0fb1ebd.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@asamuzakjp-nwsapi-npm-2.3.9-9247524c07-5fe839eb5c.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@babel-helper-string-parser-npm-7.23.4-b1f0d030c3-c0641144cf.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@babel-helper-validator-identifier-npm-7.22.20-18305bb306-136412784d.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@babel-parser-npm-7.24.0-0a438e924c-4a6afec494.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@babel-types-npm-7.24.0-a0508cb308-4b574a37d4.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@csstools-color-helpers-npm-5.1.0-d44a2a6134-2b1cef0093.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@csstools-css-calc-npm-2.1.4-81c74a3511-b833d1a031.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@csstools-css-color-parser-npm-3.1.0-005f6b530f-615d825fc7.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@csstools-css-parser-algorithms-npm-3.0.5-a0aa2fe05e-8064713957.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@csstools-css-syntax-patches-for-csstree-npm-1.0.14-e65a9adb88-383dc9e0f7.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@csstools-css-tokenizer-npm-3.0.4-342d48d326-adc6681d3a.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@esbuild-darwin-arm64-npm-0.20.2-e287d70c91-8.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@esbuild-darwin-x64-npm-0.20.2-f4f3a851d1-8.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@esbuild-linux-arm64-npm-0.20.2-3a02a82580-8.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@esbuild-linux-x64-npm-0.20.2-54b0127370-8.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@esbuild-win32-arm64-npm-0.20.2-f2a0280705-8.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@esbuild-win32-x64-npm-0.20.2-4f45bbb49b-8.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@fortawesome-fontawesome-common-types-npm-6.4.2-1f8b184e1e-4a22932bd0.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@fortawesome-fontawesome-free-npm-6.4.2-49cdde900e-14be8fbb8f.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@fortawesome-fontawesome-free-npm-6.7.2-d3f6d6ec6d-2ceb384ada.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@fortawesome-fontawesome-svg-core-npm-6.4.2-530d31922b-0c0ecd9058.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@fortawesome-fontawesome-svg-core-npm-6.7.2-e22b101297-b3c269545d.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@fortawesome-free-solid-svg-icons-npm-6.4.2-c582f5c032-4a36500499.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@fortawesome-free-solid-svg-icons-npm-6.7.2-35f32a3213-457cc18039.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@fortawesome-react-fontawesome-npm-0.2.0-a36215138f-f652a0c217.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@fortawesome-react-fontawesome-npm-0.2.2-e1863961b2-e4bed35bfb.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@fortawesome-react-fontawesome-npm-3.0.2-8506c26a1f-86df127661.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@jridgewell-gen-mapping-npm-0.3.3-1815eba94c-4a74944bd3.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@jridgewell-set-array-npm-1.1.2-45b82d7fb6-69a84d5980.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@jridgewell-sourcemap-codec-npm-1.4.15-a055fb62cf-b881c7e503.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@rollup-rollup-darwin-arm64-npm-4.13.2-20c5519087-8.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@rollup-rollup-darwin-x64-npm-4.13.2-d3f8841c56-8.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@rollup-rollup-linux-arm64-gnu-npm-4.13.2-6e5b44140f-8.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@rollup-rollup-linux-arm64-musl-npm-4.13.2-7e6694e030-8.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@rollup-rollup-linux-x64-gnu-npm-4.13.2-eacd636897-8.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@rollup-rollup-linux-x64-musl-npm-4.13.2-c190171abf-8.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@rollup-rollup-win32-arm64-msvc-npm-4.13.2-75257194f5-8.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@rollup-rollup-win32-x64-msvc-npm-4.13.2-4638a893f3-8.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@types-estree-npm-1.0.5-5b7faed3b4-dd8b5bed28.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@types-node-npm-20.11.29-4e883af835-d6d37d4f72.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@types-trusted-types-npm-2.0.7-a07fc44f59-8e4202766a.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/abab-npm-2.0.6-2662fba7f0-6ffc1af4ff.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/acorn-globals-npm-7.0.1-97c48c0140-2a2998a547.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/acorn-walk-npm-8.3.2-df039a42bf-3626b9d26a.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/agent-base-npm-7.1.4-cb8b4604d5-86a7f542af.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/bidi-js-npm-1.0.3-0035393a88-877c5dcfd6.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/browserslist-npm-4.23.0-8126a959d4-436f49e796.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/call-bind-npm-1.0.7-762763ef96-295c0c62b9.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/chokidar-npm-3.5.3-c5f9b0a56a-b49fcde401.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/css-tree-npm-3.1.0-19cd308584-6b8c713c22.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/cssom-npm-0.3.8-a9291d36ff-24beb3087c.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/cssom-npm-0.5.0-44ab2704f2-823471aa30.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/cssstyle-npm-2.3.0-b5d112c450-5f05e6fd2e.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/cssstyle-npm-5.3.1-bb38acb68d-08be443e77.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/data-urls-npm-6.0.0-f0731a6320-a47f0dde18.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/debug-npm-4.3.4-4513954577-3dbad3f94e.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/decimal.js-npm-10.4.3-e7d483387c-796404dcfa.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/decimal.js-npm-10.6.0-a72c1b8a2f-9302b990cd.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/domexception-npm-4.0.0-5093673f9b-ddbc1268ed.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/dompurify-npm-3.1.3-5c4e73330b-ad8bbf8f73.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/dompurify-npm-3.2.4-d8ea6c7c6a-7a299cbbfe.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/electron-to-chromium-npm-1.4.707-9727d835c1-be31085fc4.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/entities-npm-4.5.0-7cdb83b832-853f8ebd5b.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/entities-npm-6.0.1-84692dab43-937b952e81.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/es-define-property-npm-1.0.0-e23aa9b242-f66ece0a88.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/es-set-tostringtag-npm-2.0.3-8a191fed13-7227fa48a4.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/esbuild-npm-0.20.2-1923187a7f-bc88050fc1.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/escalade-npm-3.1.1-e02da076aa-a3e2a99f07.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/escodegen-npm-2.1.0-e0bf940745-096696407e.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/esprima-npm-4.0.1-1084e98778-b45bc805a6.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/fast-glob-npm-3.3.1-8045ff8f4d-b6f3add640.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/for-each-npm-0.3.3-0010ca8cdd-6c48ff2bc6.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/get-intrinsic-npm-1.2.4-1dad3427b2-414e3cdf2c.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/glob-npm-10.3.3-2d9abea8c7-29190d3291.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/gopd-npm-1.0.1-10c1d0b534-a5ccfb8806.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/has-symbols-npm-1.0.3-1986bff2c4-a054c40c63.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/html-encoding-sniffer-npm-4.0.0-5f6627070d-3339b71dab.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/http-proxy-agent-npm-7.0.2-643ed7cc33-670858c8f8.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/https-proxy-agent-npm-7.0.6-27a95c2690-b882377a12.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/is-core-module-npm-2.13.1-36e17434f9-256559ee8a.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/is-typed-array-npm-1.1.13-0dce6ee7c2-150f9ada18.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/jackspeak-npm-2.2.2-374ca454fe-7b1468dd91.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/jsdom-npm-20.0.3-906a2f7005-6e2ae21db3.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/jsdom-npm-27.0.0-2830e3e1f9-a908333c52.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/lru-cache-npm-10.0.0-256d74bb20-18f101675f.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/lru-cache-npm-11.2.2-685f5506dc-052b3d0b81.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/mdn-data-npm-2.12.2-d75edd5e16-77f38c1802.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/micromatch-npm-4.0.5-cfab5d7669-02a17b671c.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/minipass-npm-7.0.2-baa42a5a34-46776de732.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/ms-npm-2.1.2-ec0c1512ff-673cdb2c31.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/nanoid-npm-3.3.7-98824ba130-d36c427e53.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/node-releases-npm-2.0.14-d39047cad8-59443a2f77.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/nwsapi-npm-2.2.7-3bed340fab-cab25f7983.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/parse5-npm-7.1.2-aa9a92c270-59465dd05e.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/parse5-npm-7.3.0-b0410074a3-ffd040c469.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/path-scurry-npm-1.10.1-52bd946f2e-e2557cff3a.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/picocolors-npm-1.0.0-d81e0b1927-a2e8092dd8.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/postcss-npm-8.4.38-495621b279-649f9e60a7.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/postcss-npm-8.5.1-90fd898a99-cfdcfcd019.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/psl-npm-1.9.0-a546edad1a-20c4277f64.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/punycode-npm-2.3.1-97543c420d-bb0a0ceedc.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/require-from-string-npm-2.0.2-8557e0db12-a03ef68954.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/resolve-npm-1.22.3-f7dee15274-fb834b8134.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/resolve-patch-bb62d3c3c5-ad59734723.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/rollup-npm-4.13.2-7e9926582e-4a401cbba9.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/rrweb-cssom-npm-0.8.0-0c92f2366d-b84912cd1f.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/source-map-js-npm-1.2.0-6e63f357e5-791a43306d.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/tar-fs-npm-2.1.4-90a454735f-a9e18e2e61.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/tldts-core-npm-7.0.16-2e9d473b9a-83006703fb.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/tldts-npm-7.0.16-210ecae11d-37a3b6df79.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/to-fast-properties-npm-2.0.0-0dc60cc481-be2de62fe5.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/tough-cookie-npm-4.1.3-08285e2518-c9226afff3.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/tough-cookie-npm-6.0.0-c7d0e8e15a-66d32ee40e.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/tr46-npm-3.0.0-e1ae1ea7c9-44c3cc6767.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/tr46-npm-6.0.0-86cfd34257-e7e95d847a.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/tslib-npm-2.6.2-4fc8c068d9-329ea56123.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/typed-array-buffer-npm-1.0.2-31e458f38d-02ffc185d2.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/undici-types-npm-5.26.5-de4f7c7bb9-3192ef6f3f.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/universalify-npm-0.2.0-9984e61c10-e86134cb12.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/update-browserslist-db-npm-1.0.13-ea7b8ee24d-1e47d80182.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/vite-npm-5.2.7-1f49e4d865-66b4243f0c.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/w3c-xmlserializer-npm-5.0.0-589edd7bff-593acc1fda.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/webidl-conversions-npm-7.0.0-e8c8e30c68-f05588567a.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/webidl-conversions-npm-8.0.0-29c7b11d7f-bcae2572af.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/whatwg-encoding-npm-2.0.0-d7451f51b4-7087810c41.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/whatwg-encoding-npm-3.1.1-7dfe21cf7d-f75a614224.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/whatwg-mimetype-npm-4.0.0-ebb293a688-f97edd4b4e.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/whatwg-url-npm-11.0.0-073529d93a-ed4826aaa5.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/whatwg-url-npm-15.1.0-0889b0b826-30c7a3f9fc.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/which-typed-array-npm-1.1.15-91410874a2-65227dcbfa.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/ws-npm-8.18.3-665d39209d-d64ef16312.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/xml-name-validator-npm-5.0.0-0e0ec66944-86effcc702.zip is excluded by !**/.yarn/**, !**/*.zip
• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (4)

• .github/workflows/vuln-scan.yml (1 hunks)
• cmd/ui/package.json (2 hunks)
• package.json (1 hunks)
• packages/javascript/bh-shared-ui/package.json (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (4)

• package.json
• packages/javascript/bh-shared-ui/package.json
• .github/workflows/vuln-scan.yml
• cmd/ui/package.json

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: Build BloodHound Container Image / Build and Package Container
• GitHub Check: build-ui
• GitHub Check: run-tests
• GitHub Check: run-tests
• GitHub Check: run-analysis

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a4e035f and 4df7bf7.

⛔ Files ignored due to path filters (47)

• .yarn/cache/@asamuzakjp-css-color-npm-4.0.5-aced85c302-8e115bfb00.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@asamuzakjp-dom-selector-npm-6.5.6-419f29e1af-2bd0fb1ebd.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@asamuzakjp-nwsapi-npm-2.3.9-9247524c07-5fe839eb5c.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@csstools-color-helpers-npm-5.1.0-d44a2a6134-2b1cef0093.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@csstools-css-calc-npm-2.1.4-81c74a3511-b833d1a031.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@csstools-css-color-parser-npm-3.1.0-005f6b530f-615d825fc7.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@csstools-css-parser-algorithms-npm-3.0.5-a0aa2fe05e-8064713957.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@csstools-css-syntax-patches-for-csstree-npm-1.0.14-e65a9adb88-383dc9e0f7.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@csstools-css-tokenizer-npm-3.0.4-342d48d326-adc6681d3a.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@fortawesome-fontawesome-free-npm-6.7.2-d3f6d6ec6d-2ceb384ada.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@fortawesome-fontawesome-svg-core-npm-6.7.2-e22b101297-b3c269545d.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@fortawesome-free-solid-svg-icons-npm-6.7.2-35f32a3213-457cc18039.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@fortawesome-react-fontawesome-npm-0.2.2-e1863961b2-e4bed35bfb.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@fortawesome-react-fontawesome-npm-3.0.2-8506c26a1f-86df127661.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@types-trusted-types-npm-2.0.7-a07fc44f59-8e4202766a.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/agent-base-npm-7.1.4-cb8b4604d5-86a7f542af.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/bidi-js-npm-1.0.3-0035393a88-877c5dcfd6.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/css-tree-npm-3.1.0-19cd308584-6b8c713c22.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/cssstyle-npm-5.3.1-bb38acb68d-08be443e77.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/data-urls-npm-6.0.0-f0731a6320-a47f0dde18.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/decimal.js-npm-10.6.0-a72c1b8a2f-9302b990cd.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/dompurify-npm-3.1.3-5c4e73330b-ad8bbf8f73.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/dompurify-npm-3.2.4-d8ea6c7c6a-7a299cbbfe.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/entities-npm-6.0.1-84692dab43-937b952e81.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/html-encoding-sniffer-npm-4.0.0-5f6627070d-3339b71dab.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/http-proxy-agent-npm-7.0.2-643ed7cc33-670858c8f8.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/https-proxy-agent-npm-7.0.6-27a95c2690-b882377a12.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/jsdom-npm-27.0.0-2830e3e1f9-a908333c52.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/lru-cache-npm-11.2.2-685f5506dc-052b3d0b81.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/mdn-data-npm-2.12.2-d75edd5e16-77f38c1802.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/parse5-npm-7.3.0-b0410074a3-ffd040c469.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/punycode-npm-2.3.1-97543c420d-bb0a0ceedc.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/require-from-string-npm-2.0.2-8557e0db12-a03ef68954.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/rrweb-cssom-npm-0.8.0-0c92f2366d-b84912cd1f.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/tar-fs-npm-2.1.4-90a454735f-a9e18e2e61.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/tldts-core-npm-7.0.16-2e9d473b9a-83006703fb.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/tldts-npm-7.0.16-210ecae11d-37a3b6df79.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/tough-cookie-npm-6.0.0-c7d0e8e15a-66d32ee40e.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/tr46-npm-6.0.0-86cfd34257-e7e95d847a.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/w3c-xmlserializer-npm-5.0.0-589edd7bff-593acc1fda.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/webidl-conversions-npm-8.0.0-29c7b11d7f-bcae2572af.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/whatwg-encoding-npm-3.1.1-7dfe21cf7d-f75a614224.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/whatwg-mimetype-npm-4.0.0-ebb293a688-f97edd4b4e.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/whatwg-url-npm-15.1.0-0889b0b826-30c7a3f9fc.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/ws-npm-8.18.3-665d39209d-d64ef16312.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/xml-name-validator-npm-5.0.0-0e0ec66944-86effcc702.zip is excluded by !**/.yarn/**, !**/*.zip
• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (3)

• .github/workflows/vuln-scan.yml (1 hunks)
• package.json (1 hunks)
• packages/javascript/bh-shared-ui/package.json (2 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: Build BloodHound Container Image / Build and Package Container
• GitHub Check: run-tests
• GitHub Check: run-analysis
• GitHub Check: build-ui
• GitHub Check: run-tests

🔇 Additional comments (3)

packages/javascript/bh-shared-ui/package.json (2)

24-29: Font Awesome upgrades: verify breaking changes in @fortawesome/react-fontawesome v3

v3 switches to ESM and often requires disabling auto-injected CSS and importing styles explicitly. Ensure the app entry does the following if you rely on the default CSS:

// e.g., src/main.tsx
import { config } from "@fortawesome/fontawesome-svg-core";
import "@fortawesome/fontawesome-svg-core/styles.css";
config.autoAddCss = false;

Also confirm icons are imported using supported APIs for v6.

---

82-82: jsdom upgrade check passed CI uses Node 22 (LTS) and Vitest is configured with environment: 'jsdom'.

package.json (1)

30-36: Approve top-level resolutions
Yarn lock only resolves braces to 3.0.3 and tar-fs to 2.1.4, with no other references. Optional: remove the extra space in the tar-fs range (">=2.1.3 <3.0.0") for consistency.

[coderabbitai]

🛠️ Refactor suggestion

🧩 Analysis chain

Pin the action to a commit SHA and confirm input compatibility with v0.33.1

For supply‑chain hardening, pin to the action’s commit SHA instead of a mutable tag. Also verify that scan-type: "repo" is a supported input for 0.33.1.

Please fetch the commit SHA and confirm supported inputs:

---

🌐 Web query:

What is the commit SHA for aquasecurity/[email protected], and is `scan-type: "repo"` a valid input for that version?

💡 Result:

• Commit SHA for aquasecurity/[email protected]: b6643a2 (tag v0.33.1 points to commit b6643a2). [1]
• Is scan-type: "repo" valid for that version? Yes — the action's inputs for that release include scan-type with allowed values image, fs, repo, rootfs, config (repo is supported). [2][3]

Sources:
[1] Release v0.33.1 — aquasecurity/trivy-action (GitHub).
[2] README / inputs — aquasecurity/trivy-action (GitHub).
[3] action inputs documentation showing scan-type includes "repo" (repository).

---

Pin aquasecurity/trivy-action to commit SHA b6643a2
In .github/workflows/vuln-scan.yml (line 37), replace

- uses: aquasecurity/[email protected]
+ uses: aquasecurity/trivy-action@b6643a2

scan-type: "repo" is supported in v0.33.1.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	uses: aquasecurity/trivy-action@0.33.1
	uses: aquasecurity/trivy-action@b6643a2

🤖 Prompt for AI Agents

.github/workflows/vuln-scan.yml around line 37: the workflow currently
references the action by tag `aquasecurity/[email protected]`; update the
`uses` entry to pin the action to the specific commit SHA `b6643a2` (i.e.,
`aquasecurity/trivy-action@b6643a2`) to ensure immutability and repeatable runs,
keeping existing inputs like `scan-type: "repo"` unchanged.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (3)

.github/workflows/build-ui.yml (3)

45-47: Use frozen lockfile and enable caching (and consider Corepack over global Yarn).

• Prevent lockfile drift in CI and speed up installs.

Apply within this step:

-          yarn
+          yarn --frozen-lockfile

Additionally (outside this hunk), consider:

• Caching Yarn deps via setup-node:

# under "uses: actions/setup-node@v4"
with:
  node-version: 22
  cache: yarn
  cache-dependency-path: |
    yarn.lock

• Using Corepack instead of globally installing Yarn (especially if the repo uses Yarn Berry):

- name: Install Yarn
  run: |
    npm install --global yarn
+name: Enable Corepack (use repo-pinned Yarn)
+run: |
+  corepack enable
+  corepack install

Can you confirm whether the repo uses Yarn 1 (classic) or Berry so we can pick the right flags (--frozen-lockfile vs --immutable)?

---

49-52: Run Prettier in check mode to fail on formatting drift.

Ensure CI fails instead of mutating files transiently.

-          yarn format
+          yarn format:check

If format:check isn’t defined, alternatively:

run: |
  yarn prettier --check .

Please confirm the root package.json has an appropriate check script.

---

53-56: Verify that yarn build at repo root builds the intended UI/workspaces.

In many monorepos, yarn build at root won’t traverse workspaces unless scripted (e.g., yarn workspaces run build, Lerna, or workspaces foreach).

If needed (Yarn classic):

run: |
  yarn workspaces run build

Or target the specific UI package:

run: |
  yarn workspace <ui-package-name> build

Please confirm the root build script fans out across the required packages.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c55478b and 7447fd7.

📒 Files selected for processing (1)

• .github/workflows/build-ui.yml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: Build BloodHound Container Image / Build and Package Container
• GitHub Check: run-tests
• GitHub Check: run-tests
• GitHub Check: build-ui
• GitHub Check: run-analysis

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (3)

.github/workflows/build-ui.yml (3)

47-47: Step name is misleading

This step formats and builds multiple packages and installs UI deps; rename for clarity or split into dedicated steps.

Suggested name: “Install, format (check), and build UI packages”

---

47-47: Use working-directory, enable caching and Corepack

• Split into per-package steps with working-directory for clearer logs.
• Add

  - uses: actions/setup-node@v4
    with:
      node-version: 22
      cache: yarn
      cache-dependency-path: |
        packages/javascript/js-client-library/yarn.lock
        packages/javascript/bh-shared-ui/yarn.lock
        cmd/ui/yarn.lock

• If on Yarn Berry, replace global install with:

  - name: Enable Corepack
    run: corepack enable

• No engines.node fields were found—consider declaring supported Node versions or aligning the node-version above to your project requirements.

---

47-47: Enforce immutable installs and non-mutating format checks in CI

• Split chained cd+yarn commands with set -e for clarity and fail-fast behavior.
• Use Yarn Berry’s --immutable flag and run prettier --check instead of mutating prettier --write.

-          cd packages/javascript/js-client-library && yarn && yarn format && yarn build && cd ../bh-shared-ui/ && yarn && yarn format && yarn build && cd ../../../cmd/ui/ && yarn
+          set -e
+          cd packages/javascript/js-client-library
+          yarn install --immutable
+          yarn prettier --check "src/**/*.@(js|jsx|ts|tsx|md|html|css|scss|json)" || (echo "Formatting issues in js-client-library" && exit 1)
+          yarn build
+          cd ../bh-shared-ui
+          yarn install --immutable
+          yarn prettier --check "src/**/*.@(js|jsx|ts|tsx|md|html|css|scss|json)" || (echo "Formatting issues in bh-shared-ui" && exit 1)
+          yarn build
+          cd ../../../cmd/ui
+          yarn install --immutable

If you’d rather add a format:check script in each package.json, invoke that instead of inline prettier --check.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7447fd7 and e1cdef3.

📒 Files selected for processing (1)

• .github/workflows/build-ui.yml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: run-tests

🔇 Additional comments (1)

.github/workflows/build-ui.yml (1)

47-47: Summary mismatch: not running from repo root

AI summary mentions running yarn from the repository root, but this step cd’s into subdirectories. Confirm intended approach.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

cmd/ui/package.json (1)

25-27: Remove unused @fortawesome/fontawesome-free dependency
No imports of its CSS/webfont bundle or any .fa-* class usage detected. Drop
– the "@fortawesome/fontawesome-free": "^6.7.2" line in cmd/ui/package.json
– the '@fortawesome/fontawesome-free' entry in cmd/ui/vite.config.ts (optimizeDeps.include)

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e1cdef3 and 8a09c4b.

⛔ Files ignored due to path filters (5)

• .yarn/cache/@fortawesome-fontawesome-common-types-npm-6.4.2-1f8b184e1e-4a22932bd0.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@fortawesome-fontawesome-free-npm-6.4.2-49cdde900e-14be8fbb8f.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@fortawesome-fontawesome-svg-core-npm-6.4.2-530d31922b-0c0ecd9058.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/@fortawesome-free-solid-svg-icons-npm-6.4.2-c582f5c032-4a36500499.zip is excluded by !**/.yarn/**, !**/*.zip
• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (1)

• cmd/ui/package.json (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: Build BloodHound Container Image / Build and Package Container
• GitHub Check: build-ui
• GitHub Check: run-analysis
• GitHub Check: run-tests
• GitHub Check: run-tests

🔇 Additional comments (1)

cmd/ui/package.json (1)

25-27: LGTM: Font Awesome bumped to 6.7.2
Update is compatible with both @fortawesome/react-fontawesome @^0.2.x and @^3.x.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

cmd/ui/package.json (1)

91-91: jsdom ^27: compatibility OK in CI and tests. CI workflows use Node 22 (above jsdom 27’s minimum Node ≥16.17 requirement), Vitest runs in jsdom, and no deprecated jsdom globals (MutationObserverInit, DOMParser, URLPattern) were found. Consider adding a root engines field in package.json to enforce Node ≥16.17.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8a09c4b and 6260a40.

⛔ Files ignored due to path filters (23)

• .yarn/cache/@fortawesome-react-fontawesome-npm-0.2.0-a36215138f-f652a0c217.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/abab-npm-2.0.6-2662fba7f0-6ffc1af4ff.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/acorn-globals-npm-7.0.1-97c48c0140-2a2998a547.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/acorn-walk-npm-8.3.2-df039a42bf-3626b9d26a.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/cssom-npm-0.3.8-a9291d36ff-24beb3087c.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/cssom-npm-0.5.0-44ab2704f2-823471aa30.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/cssstyle-npm-2.3.0-b5d112c450-5f05e6fd2e.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/decimal.js-npm-10.4.3-e7d483387c-796404dcfa.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/domexception-npm-4.0.0-5093673f9b-ddbc1268ed.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/entities-npm-4.5.0-7cdb83b832-853f8ebd5b.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/escodegen-npm-2.1.0-e0bf940745-096696407e.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/esprima-npm-4.0.1-1084e98778-b45bc805a6.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/jsdom-npm-20.0.3-906a2f7005-6e2ae21db3.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/nwsapi-npm-2.2.7-3bed340fab-cab25f7983.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/parse5-npm-7.1.2-aa9a92c270-59465dd05e.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/psl-npm-1.9.0-a546edad1a-20c4277f64.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/tough-cookie-npm-4.1.3-08285e2518-c9226afff3.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/tr46-npm-3.0.0-e1ae1ea7c9-44c3cc6767.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/universalify-npm-0.2.0-9984e61c10-e86134cb12.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/webidl-conversions-npm-7.0.0-e8c8e30c68-f05588567a.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/whatwg-encoding-npm-2.0.0-d7451f51b4-7087810c41.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/whatwg-url-npm-11.0.0-073529d93a-ed4826aaa5.zip is excluded by !**/.yarn/**, !**/*.zip
• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (1)

• cmd/ui/package.json (2 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: Build BloodHound Container Image / Build and Package Container
• GitHub Check: run-tests
• GitHub Check: build-ui
• GitHub Check: run-tests
• GitHub Check: run-analysis

🔇 Additional comments (1)

cmd/ui/package.json (1)

25-28: Double-check @fortawesome/react-fontawesome major bump and CSS kit usage.

• Verify ^3.0.2 is intentional and that your imports/usages (FontAwesomeIcon, library.add) work with v3’s React >=18 / Node >=20 requirements.
• Remove @fortawesome/fontawesome-free if you aren’t importing its CSS/fonts.