Skip to content

dev: bump the safe group with 6 updates#7955

Open
dependabot[bot] wants to merge 1 commit into
v3.36from
dependabot/npm_and_yarn/safe-88d6e0f165
Open

dev: bump the safe group with 6 updates#7955
dependabot[bot] wants to merge 1 commit into
v3.36from
dependabot/npm_and_yarn/safe-88d6e0f165

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Bumps the safe group with 6 updates:

Package From To
@sentry/react 10.59.0 10.62.0
query-string 9.4.0 9.4.1
cypress 15.17.0 15.18.0
prettier 3.8.4 3.9.3
webpack 5.107.2 5.108.3
webpack-cli 7.0.3 7.1.0

Updates @sentry/react from 10.59.0 to 10.62.0

Release notes

Sourced from @​sentry/react's releases.

10.62.0

Important Changes

  • feat(server-runtimes): Add v7 support for vercelAiIntegration (#21613)

    The vercelAiIntegration now supports v7 of the ai package. Note that v7 is not yet supported on Cloudflare.

Other Changes

  • fix(node): Avoid failing at runtime if tracingChannel is not available (#21783)
  • fix(sveltekit): Avoid capturing preloaded 400 errors on client (#21784)

Work in this release was contributed by @​hyunbinseo. Thank you for your contribution!

  • chore(github): Update tracked packages (#21789)
  • feat(core): Add spanKindToName helper for reverse span-kind lookup (#21780)
  • ref(aws-serverless): Streamline AwsLambda instrumentation (#21758)
  • ref(node): Fix server-utils name for VercelAI integration (#21809)
  • ref(node): Streamline amqplib instrumentation (#21753)
  • ref(node): Streamline Firebase instrumentation (#21748)
  • test: Pin webpack to 5.107.0 (#21781)
  • test(e2e): Add no-browser-session lighthouse e2e test mode (#21787)
  • test(e2e): Add more test modes, pre-init and element timing (#21760)

Bundle size 📦

Path Size
@​sentry/browser 26.83 KB
@​sentry/browser - with treeshaking flags 25.3 KB
@​sentry/browser (incl. Tracing) 44.89 KB
@​sentry/browser (incl. Tracing + Span Streaming) 46.6 KB
@​sentry/browser (incl. Tracing, Profiling) 49.57 KB
@​sentry/browser (incl. Tracing, Replay) 83.22 KB
@​sentry/browser (incl. Tracing, Replay) - with treeshaking flags 73.06 KB
@​sentry/browser (incl. Tracing, Replay with Canvas) 87.8 KB
@​sentry/browser (incl. Tracing, Replay, Feedback) 100.17 KB
@​sentry/browser (incl. Feedback) 43.61 KB
@​sentry/browser (incl. sendFeedback) 31.5 KB
@​sentry/browser (incl. FeedbackAsync) 36.52 KB
@​sentry/browser (incl. Metrics) 27.87 KB
@​sentry/browser (incl. Logs) 28.11 KB
@​sentry/browser (incl. Metrics & Logs) 28.78 KB
@​sentry/react 28.59 KB
@​sentry/react (incl. Tracing) 47.15 KB

... (truncated)

Changelog

Sourced from @​sentry/react's changelog.

10.62.0

Important Changes

  • feat(server-runtimes): Add v7 support for vercelAiIntegration (#21613)

    The vercelAiIntegration now supports v7 of the ai package. Note that v7 is not yet supported on Cloudflare.

Other Changes

  • fix(node): Avoid failing at runtime if tracingChannel is not available (#21783)
  • fix(sveltekit): Avoid capturing preloaded 400 errors on client (#21784)

Work in this release was contributed by @​hyunbinseo. Thank you for your contribution!

  • chore(github): Update tracked packages (#21789)
  • feat(core): Add spanKindToName helper for reverse span-kind lookup (#21780)
  • ref(aws-serverless): Streamline AwsLambda instrumentation (#21758)
  • ref(node): Fix server-utils name for VercelAI integration (#21809)
  • ref(node): Streamline amqplib instrumentation (#21753)
  • ref(node): Streamline Firebase instrumentation (#21748)
  • test: Pin webpack to 5.107.0 (#21781)
  • test(e2e): Add no-browser-session lighthouse e2e test mode (#21787)
  • test(e2e): Add more test modes, pre-init and element timing (#21760)

10.61.0

Important Changes

  • feat(core): Enable streamGenAiSpans by default (#21732)

    The SDK now extracts all gen_ai spans out of a transaction and sends them as v2 envelope items by default. This prevents gen_ai spans from being dropped when the transaction payload exceeds size limits. Because they are no longer constrained by transaction size limits, AI message data is also no longer truncated by default. Set enableTruncation: true on the respective AI integration to re-enable truncation. To keep the previous behavior, set streamGenAiSpans: false.

    Self-hosted Sentry users should opt out with streamGenAiSpans: false, since streamed gen_ai spans may not be ingested by their Sentry instance.

Other Changes

  • feat(cloudflare): Add batch, exec, and withSession D1 instrumentation (#21292)
  • feat(cloudflare): Instrument SQL API in sqlite durable objects (#21656)
  • feat(core): Add db.query.summary functionality (#21670)
  • feat(core): Add top-level Sentry.setAttribute(s) APIs (#21705)
  • fix(hono): Name transactions after the matched route handler (#21700)
  • fix(react-router): Bump peerDependencies for react-router 8 (#21762)
  • fix(replays): Record replay trace_ids with span streaming (#21714)

... (truncated)

Commits
  • 1fc539e release: 10.62.0
  • 5ee7977 Merge pull request #21792 from getsentry/prepare-release/10.62.0
  • f36645c meta(changelog): Update changelog for 10.62.0
  • e562f94 ref(node): Streamline amqplib instrumentation (#21753)
  • e1312df ref(node): Fix server-utils name for VercelAI integration (#21809)
  • fc29e61 ref(node): Streamline Firebase instrumentation (#21748)
  • 2081179 ref(cloudflare): Revert vercelAi change (#21793)
  • 2309fb5 chore(github): Update tracked packages (#21789)
  • 3bfeb64 feat(server-runtimes): Add v7 support for vercelAiIntegration (#21613)
  • a15e2a8 fix(sveltekit): Avoid capturing preloaded 400 errors on client (#21784)
  • Additional commits viewable in compare view

Updates query-string from 9.4.0 to 9.4.1

Release notes

Sourced from query-string's releases.

v9.4.1

  • Fix relative URLs with fragments 872fb6f

sindresorhus/query-string@v9.4.0...v9.4.1

Commits

Updates cypress from 15.17.0 to 15.18.0

Release notes

Sourced from cypress's releases.

v15.18.0

Changelog: https://docs.cypress.io/app/references/changelog#15-18-0

Commits
  • fa083db fix: prevent proxy crash on IPv6 literal hosts in cy.visit (#34146)
  • 063636c chore(ci): only install firefox in UI test jobs that target it (#34142)
  • 02aa75d feat: add removeSRIAttributes config option to strip SRI from first-party res...
  • 2d6b11e chore(deps): bump undici to 6.27.0 for SNYK-JS-UNDICI-17372658 (#34121)
  • 56759ea misc: remove the global install warning from cypress install (#34139)
  • d47b81d chore: resync yarn.lock (shell-quote) (#34145)
  • 19ac719 chore(ci): remove duplicate test run in npm-webpack-dev-server job (#34141)
  • 6f96dac docs: document PR title prefixes, changelog, and template requirements (#34128)
  • d706175 chore: correct misleading WebKit browser debug log message (#34135)
  • fb76794 chore: remove no-op CYPRESS_DOWNLOAD_USE_CA environment variable (#34131)
  • Additional commits viewable in compare view

Updates prettier from 3.8.4 to 3.9.3

Release notes

Sourced from prettier's releases.

3.9.3

🔗 Changelog

3.9.1

🔗 Changelog

3.9.0

diff

🔗 Prettier 3.9: Major parser upgrades and Formatting improvements

3.8.5

🔗 Changelog

Changelog

Sourced from prettier's changelog.

3.9.3

diff

Markdown: Fix unexpected removal of characters in liquid syntax (#19489 by @​seiyab)

// Input
<!-- Input -->
{{ page.title
}} text
<!-- Prettier 3.9.1 -->
{{ page.title
text
<!-- Prettier 3.9.3 -->
{{ page.title
}} text

TypeScript: Allow decorators to be used with declare on class fields (#19492 by @​evoactivity)

Extensively used within the Ember ecosystem, decorators with declare on class fields will ignore the babel parser error and allow Prettier to format the code without breaking it.

// Input
export default class ProjectStatusComponent extends Component<ProjectStatusSig> {
  @service declare server: ServerService;
}
// Prettier 3.9.1
// SyntaxError: Decorators can't be used with a declare field. (2:3)
//  1 | export default class ProjectStatusComponent extends Component<ProjectStatusSig> {
//> 2 |   @​service declare server: ServerService;
//    |   ^
//  3 | }
// Prettier 3.9.3
export default class ProjectStatusComponent extends Component<ProjectStatusSig> {
@​service declare server: ServerService;
}

3.9.1

diff

... (truncated)

Commits
  • 3732e1d Release 3.9.3
  • a74a7b0 Allow decorators to be used with declare on class fields (#19492)
  • bd9e11a Correct text identification in liquid syntax (#19489)
  • 269eee3 Bump Prettier dependency to 3.9.1
  • ec7ccd1 Clean changelog_unreleased
  • c47654c Release 3.9.1
  • 06159aa Fix bug in release script
  • 4bc5ab4 Update file-entry-cache to 11.1.5 (#19483)
  • b7fd58b Release @prettier/plugin-oxc@0.2.0 and @prettier/plugin-hermes@0.2.0
  • 3006400 Revert changes in release script
  • Additional commits viewable in compare view

Updates webpack from 5.107.2 to 5.108.3

Release notes

Sourced from webpack's releases.

v5.108.3

Patch Changes

v5.108.2

Patch Changes

v5.108.1

Patch Changes

  • Fix invalid property access for escaped namespace imports with multi-character mangled export names. (by @​xiaoxiaojx in #21280)

  • Add frames to ProfilingPlugin TracingStartedInBrowser event so the trace loads in Chrome DevTools. (by @​alexander-akait in #21269)

v5.108.0

Minor Changes

  • Treat top-level await and import.meta as ES module markers, matching Node.js syntax detection so no explicit module type is needed. (by @​alexander-akait in #21218)

  • Add a bun target that emits ESM and externalizes bun:* and node.js built-in modules. (by @​alexander-akait in #21248)

  • Support CommonJS reexports via Object.defineProperty value and getter descriptors. (by @​alexander-akait in #21129)

  • Support JSON Schema const when generating CLI flags from a schema. (by @​alexander-akait in #21087)

  • Support JSON Schema if/then/else when generating CLI flags from a schema. (by @​alexander-akait in #21087)

  • Skip import specifiers, require() and import() calls in dead conditional branches gated by inlined imported constants (isDEV ? A : B), evaluated via getCondition. (by @​hai-x in #21136)

  • CSS localIdentName [hash] now resolves to the local ident hash (matching css-loader); use [modulehash] for the module hash. (by @​alexander-akait in #21259)

  • Add CSS parser as option and resolve url() inside HTML style attributes. (by @​alexander-akait in #21157)

  • Add dedicated module classes for all built-in module types. (by @​alexander-akait in #21164)

  • Support .html/.css for the default ./src entry under the html/css experiments. (by @​alexander-akait in #21039)

  • Add defineConfig helper for typed configuration files. (by @​alexander-akait in #21169)

  • Add a deno target (with versions, e.g. deno, deno2, deno1.40) that emits ESM, resolves node.js built-ins via the required node: specifier, and keeps Deno's own import protocols (npm:, jsr:, node:, http(s)://) external. (by @​alexander-akait in #21247)

... (truncated)

Changelog

Sourced from webpack's changelog.

5.108.3

Patch Changes

5.108.2

Patch Changes

5.108.1

Patch Changes

  • Fix invalid property access for escaped namespace imports with multi-character mangled export names. (by @​xiaoxiaojx in #21280)

  • Add frames to ProfilingPlugin TracingStartedInBrowser event so the trace loads in Chrome DevTools. (by @​alexander-akait in #21269)

5.108.0

Minor Changes

  • Treat top-level await and import.meta as ES module markers, matching Node.js syntax detection so no explicit module type is needed. (by @​alexander-akait in #21218)

  • Add a bun target that emits ESM and externalizes bun:* and node.js built-in modules. (by @​alexander-akait in #21248)

  • Support CommonJS reexports via Object.defineProperty value and getter descriptors. (by @​alexander-akait in #21129)

  • Support JSON Schema const when generating CLI flags from a schema. (by @​alexander-akait in #21087)

  • Support JSON Schema if/then/else when generating CLI flags from a schema. (by @​alexander-akait in #21087)

  • Skip import specifiers, require() and import() calls in dead conditional branches gated by inlined imported constants (isDEV ? A : B), evaluated via getCondition. (by @​hai-x in #21136)

  • CSS localIdentName [hash] now resolves to the local ident hash (matching css-loader); use [modulehash] for the module hash. (by @​alexander-akait in #21259)

  • Add CSS parser as option and resolve url() inside HTML style attributes. (by @​alexander-akait in #21157)

  • Add dedicated module classes for all built-in module types. (by @​alexander-akait in #21164)

  • Support .html/.css for the default ./src entry under the html/css experiments. (by @​alexander-akait in #21039)

... (truncated)

Commits

Updates webpack-cli from 7.0.3 to 7.1.0

Release notes

Sourced from webpack-cli's releases.

webpack-cli@7.1.0

Minor Changes

  • feat(cli): refresh the --help output using commander's configureHelp API — branded headers, section dividers, colorized terms and a clearer footer. Colors and chrome collapse to plain text when output is piped or --no-color is used, so scripts keep working. (by @​alexander-akait in #4779)

  • feat: support .json5, .yaml/.yml and .toml configuration files by parsing them directly, with the parser package (json5, js-yaml, toml) installed on demand by the user and declared as optional peerDependencies so the parsers resolve correctly under Yarn PnP (by @​alexander-akait in #4777)

Changelog

Sourced from webpack-cli's changelog.

7.1.0

Minor Changes

  • feat(cli): refresh the --help output using commander's configureHelp API — branded headers, section dividers, colorized terms and a clearer footer. Colors and chrome collapse to plain text when output is piped or --no-color is used, so scripts keep working. (by @​alexander-akait in #4779)

  • feat: support .json5, .yaml/.yml and .toml configuration files by parsing them directly, with the parser package (json5, js-yaml, toml) installed on demand by the user and declared as optional peerDependencies so the parsers resolve correctly under Yarn PnP (by @​alexander-akait in #4777)

Commits
  • 3cd7423 chore(release): new release (#4778)
  • b42d1f4 fix(webpack-cli): declare json5/js-yaml/toml as optional peerDependencies (#4...
  • 3471103 refactor(cli): hierarchical indentation for styled CLI output (#4786)
  • 772330c build(deps): update dependencies (except commander) (#4785)
  • a7380e1 feat(cli): refresh CLI output via commander's help API + shared status icons ...
  • 721d8fd chore(deps): bump the dependencies group with 2 updates (#4780)
  • 65aa86c chore(deps-dev): bump the dependencies group with 3 updates (#4781)
  • 134e62d feat(webpack-cli): support json5/yaml/toml configs via direct parsing (no int...
  • 0b22f77 fix(cli): make config loading errors more verbose (#4776)
  • a5af401 chore(deps): bump launch-editor from 2.13.1 to 2.14.1 (#4774)
  • Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request
Dependency Name Ignore Conditions
cypress [>= 9.a, < 10]
webpack-cli [>= 4.a, < 5]
cypress [>= 10.a, < 11]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the safe group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [@sentry/react](https://github.com/getsentry/sentry-javascript) | `10.59.0` | `10.62.0` |
| [query-string](https://github.com/sindresorhus/query-string) | `9.4.0` | `9.4.1` |
| [cypress](https://github.com/cypress-io/cypress) | `15.17.0` | `15.18.0` |
| [prettier](https://github.com/prettier/prettier) | `3.8.4` | `3.9.3` |
| [webpack](https://github.com/webpack/webpack) | `5.107.2` | `5.108.3` |
| [webpack-cli](https://github.com/webpack/webpack-cli) | `7.0.3` | `7.1.0` |


Updates `@sentry/react` from 10.59.0 to 10.62.0
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md)
- [Commits](getsentry/sentry-javascript@10.59.0...10.62.0)

Updates `query-string` from 9.4.0 to 9.4.1
- [Release notes](https://github.com/sindresorhus/query-string/releases)
- [Commits](sindresorhus/query-string@v9.4.0...v9.4.1)

Updates `cypress` from 15.17.0 to 15.18.0
- [Release notes](https://github.com/cypress-io/cypress/releases)
- [Changelog](https://github.com/cypress-io/cypress/blob/develop/CHANGELOG.md)
- [Commits](cypress-io/cypress@v15.17.0...v15.18.0)

Updates `prettier` from 3.8.4 to 3.9.3
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](prettier/prettier@3.8.4...3.9.3)

Updates `webpack` from 5.107.2 to 5.108.3
- [Release notes](https://github.com/webpack/webpack/releases)
- [Changelog](https://github.com/webpack/webpack/blob/main/CHANGELOG.md)
- [Commits](webpack/webpack@v5.107.2...v5.108.3)

Updates `webpack-cli` from 7.0.3 to 7.1.0
- [Release notes](https://github.com/webpack/webpack-cli/releases)
- [Changelog](https://github.com/webpack/webpack-cli/blob/main/CHANGELOG.md)
- [Commits](https://github.com/webpack/webpack-cli/compare/webpack-cli@7.0.3...webpack-cli@7.1.0)

---
updated-dependencies:
- dependency-name: "@sentry/react"
  dependency-version: 10.62.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: safe
- dependency-name: query-string
  dependency-version: 9.4.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: safe
- dependency-name: cypress
  dependency-version: 15.18.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: safe
- dependency-name: prettier
  dependency-version: 3.9.3
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: safe
- dependency-name: webpack
  dependency-version: 5.108.3
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: safe
- dependency-name: webpack-cli
  dependency-version: 7.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: safe
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 29, 2026
@dependabot dependabot Bot requested a review from a team as a code owner June 29, 2026 22:58
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 29, 2026
@dependabot dependabot Bot requested a review from mjamescompton June 29, 2026 22:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants