chore(deps): bump the npm-minor group across 1 directory with 8 updates

[dependabot]

Bumps the npm-minor group with 8 updates in the /assets directory:

Package	From	To
@fullstory/browser	2.0.6	2.0.8
@sentry/react	10.43.0	10.45.0
core-js	3.48.0	3.49.0
moment-timezone	0.6.0	0.6.1
@babel/preset-env	7.29.0	7.29.2
stylelint	17.4.0	17.5.0
stylelint-config-recess-order	7.6.1	7.7.0
typescript-eslint	8.56.1	8.57.1

Updates @fullstory/browser from 2.0.6 to 2.0.8

Changelog

Sourced from @​fullstory/browser's changelog.

2.0.8

• Add sessionUid option to init for session UID passthrough

2.0.7

• Add sessionUid option to init for session UID passthrough
• Accidental breaking change 🙈

Commits

• See full diff in compare view

Updates @sentry/react from 10.43.0 to 10.45.0

Release notes

Sourced from @​sentry/react's releases.

10.45.0

Important Changes

• feat(remix): Server Timing Headers Trace Propagation (#18653)

  The Remix SDK now supports automatic trace propagation via Server-Timing response headers to continue pageload traces on the client side. This means, you no longer have to define a custom meta function to add Sentry <meta> tags to your page as previously. We'll update out Remix tracing docs after this release.

Other Changes

• fix(cloudflare): Use correct env types for withSentry (#19836)
• fix(core): Align error span status message with core SpanStatusType for langchain/google-genai (#19863)
• fix(deno): Clear pre-existing OTel global before registering TracerProvider (#19723)
• fix(nextjs): Skip tracing for tunnel requests (#19861)
• fix(node-core): Recycle propagationContext for each request (#19835)
• ref(core): Simplify core utility functions for smaller bundle (#19854)

• chore(deps): bump next from 16.1.5 to 16.1.7 in /dev-packages/e2e-tests/test-applications/nextjs-16 (#19851)
• ci(release): Switch from action-prepare-release to Craft (#18763)
• fix(deps): bump devalue 5.6.3 to 5.6.4 to fix CVE-2026-30226 (#19849)
• fix(deps): bump file-type to 21.3.2 and @​nestjs/common to 11.1.17 (#19847)
• fix(deps): bump flatted 3.3.1 to 3.4.2 to fix CVE-2026-32141 (#19842)
• fix(deps): bump hono 4.12.5 to 4.12.7 in cloudflare-hono E2E test app (#19850)
• fix(deps): bump next to 15.5.13/16.1.7 to fix CVE-2026-1525, CVE-202-33036 and related (#19870)
• fix(deps): bump tar 7.5.10 to 7.5.11 to fix CVE-2026-31802 (#19846)
• fix(deps): bump undici 6.23.0 to 6.24.1 to fix multiple CVEs (#19841)
• fix(deps): bump unhead 2.1.4 to 2.1.12 to fix CVE-2026-31860 and CVE-2026-31873 (#19848)
• test(nextjs): Skip broken ISR tests (#19871)
• test(react): Add gql tests for react router (#19844)

Bundle size 📦

Path	Size
@​sentry/browser	24.93 KB
@​sentry/browser - with treeshaking flags	23.47 KB
@​sentry/browser (incl. Tracing)	41.51 KB
@​sentry/browser (incl. Tracing, Profiling)	46.07 KB
@​sentry/browser (incl. Tracing, Replay)	79.41 KB
@​sentry/browser (incl. Tracing, Replay) - with treeshaking flags	69.22 KB
@​sentry/browser (incl. Tracing, Replay with Canvas)	84 KB
@​sentry/browser (incl. Tracing, Replay, Feedback)	95.97 KB
@​sentry/browser (incl. Feedback)	41.35 KB
@​sentry/browser (incl. sendFeedback)	29.49 KB

... (truncated)

Changelog

Sourced from @​sentry/react's changelog.

10.45.0

Important Changes

• feat(remix): Server Timing Headers Trace Propagation (#18653)

  The Remix SDK now supports automatic trace propagation via Server-Timing response headers to continue pageload traces on the client side. This means, you no longer have to define a custom meta function to add Sentry <meta> tags to your page as previously. We'll update out Remix tracing docs after this release.

Other Changes

• fix(cloudflare): Use correct env types for withSentry (#19836)
• fix(core): Align error span status message with core SpanStatusType for langchain/google-genai (#19863)
• fix(deno): Clear pre-existing OTel global before registering TracerProvider (#19723)
• fix(nextjs): Skip tracing for tunnel requests (#19861)
• fix(node-core): Recycle propagationContext for each request (#19835)
• ref(core): Simplify core utility functions for smaller bundle (#19854)

• chore(deps): bump next from 16.1.5 to 16.1.7 in /dev-packages/e2e-tests/test-applications/nextjs-16 (#19851)
• ci(release): Switch from action-prepare-release to Craft (#18763)
• fix(deps): bump devalue 5.6.3 to 5.6.4 to fix CVE-2026-30226 (#19849)
• fix(deps): bump file-type to 21.3.2 and @​nestjs/common to 11.1.17 (#19847)
• fix(deps): bump flatted 3.3.1 to 3.4.2 to fix CVE-2026-32141 (#19842)
• fix(deps): bump hono 4.12.5 to 4.12.7 in cloudflare-hono E2E test app (#19850)
• fix(deps): bump next to 15.5.13/16.1.7 to fix CVE-2026-1525, CVE-202-33036 and related (#19870)
• fix(deps): bump tar 7.5.10 to 7.5.11 to fix CVE-2026-31802 (#19846)
• fix(deps): bump undici 6.23.0 to 6.24.1 to fix multiple CVEs (#19841)
• fix(deps): bump unhead 2.1.4 to 2.1.12 to fix CVE-2026-31860 and CVE-2026-31873 (#19848)
• test(nextjs): Skip broken ISR tests (#19871)
• test(react): Add gql tests for react router (#19844)

10.44.0

Important Changes

• feat(effect): Add @sentry/effect SDK (Alpha) (#19644)

  This release introduces @sentry/effect, a new SDK for Effect.ts applications. The SDK provides Sentry integration via composable Effect layers for both Node.js and browser environments.

  Compose the effectLayer with optional tracing, logging, and metrics layers to instrument your Effect application:

  import * as Sentry from '@sentry/effect';
  import * as Layer from 'effect/Layer';

... (truncated)

Commits

• ef79d28 release: 10.45.0
• 28208bc Merge pull request #19877 from getsentry/prepare-release/10.45.0
• 2e2fd35 meta(changelog): Update changelog for 10.45.0
• 79241b0 fix(nextjs): Skip tracing for tunnel requests (#19861)
• 938ab2d ref(core): Simplify core utility functions for smaller bundle (#19854)
• 3bb4325 fix(core): Align error span status message with core SpanStatusType for lan...
• 3e5499a fix(deps): bump next to 15.5.13/16.1.7 to fix CVE-2026-1525, CVE-202-33036 an...
• 6f17b8a fix(cloudflare): Use correct env types for withSentry (#19836)
• b4b9e71 test(nextjs): Skip broken ISR tests (#19871)
• ae7206f feat(remix): Server Timing Headers Trace Propagation (#18653)
• Additional commits viewable in compare view

Updates core-js from 3.48.0 to 3.49.0

Changelog

Sourced from core-js's changelog.

3.49.0 - 2026.03.16

• Changes v3.48.0...v3.49.0 (373 commits)
• Iterator.range updated following the actual spec version
  • Throw a RangeError on NaN start / end / step
  • Allow null as optionOrStep
• Improved accuracy of Math.{ asinh, atanh } polyfills with big and small values
• Improved accuracy of Number.prototype.toExponential polyfills with big and small values
• Improved performance of atob, btoa, Uint8Array.fromHex, Uint8Array.prototype.setFromHex, and Uint8Array.prototype.toHex, #1503, #1464, #1510, thanks @​johnzhou721
• Minor performance optimization polyfills of methods from Map upsert proposal
• Polyfills of methods from Map upsert proposal from the pure version made generic to make it work with polyfilled and native collections
• Wrap Symbol.for in Symbol.prototype.description polyfill for correct handling of empty string descriptions
• Fixed a modern Safari bug in Array.prototype.includes with sparse arrays and fromIndex
• Fixed one more case (Iterator.prototype.take) of a V8 ~ Chromium < 126 bug
• Forced replacement of Iterator.{ concat, zip, zipKeyed } in the pure version for ensuring proper wrapped Iterator instances as the result
• Fixed proxying .return() on exhausted iterator from some methods of iterator helpers polyfill to the underlying iterator
• Fixed double .return() calling in case of throwing error in this method in the internal iterate helper that affected some polyfills
• Fixed closing iterator on IteratorValue errors in the internal iterate helper that affected some polyfills
• Fixed iterator closing in Array.from polyfill on failure to create array property
• Fixed order of arguments validation in Array.fromAsync polyfill
• Fixed a lack of counter validation on MAX_SAFE_INTEGER in Array.fromAsync polyfill
• Fixed order of arguments validation in Array.prototype.flat polyfill
• Fixed handling strings as iterables in Iterator.{ zip, zipKeyed } polyfills
• Fixed some cases of iterators closing in Iterator.{ zip, zipKeyed } polyfills
• Fixed validation of iterators .next() results an objects in Iterator.{ zip, zipKeyed } polyfills
• Fixed a lack of early error in Iterator.concat polyfill on primitive as an iterator
• Fixed buffer mutation exposure in Iterator.prototype.windows polyfill
• Fixed iterator closing in Set.prototype.{ isDisjointFrom, isSupersetOf } polyfill
• Fixed (updated following the final spec) one more case Set.prototype.difference polyfill with updating this
• Fixed DataView.prototype.setFloat16 polyfill in (0, 1) range
• Fixed order of arguments validation in String.prototype.{ padStart, padEnd } polyfills
• Fixed order of arguments validation in String.prototype.{ startsWith, endsWith } polyfills
• Fixed some cases of Infinity handling in String.prototype.substr polyfill
• Fixed String.prototype.repeat polyfill with a counter exceeding 2 ** 32
• Fixed some cases of chars case in escape polyfill
• Fixed named backreferences in RegExp NCG polyfill
• Fixed some cases of RegExp NCG polyfill in combination with other types of groups
• Fixed some cases of RegExp NCG polyfill in combination with dotAll
• Fixed String.prototype.replace with sticky polyfill, #810, #1514
• Fixed RegExp sticky polyfill with alternation
• Fixed handling of some line terminators in case of multiline + sticky mode in RegExp polyfill
• Fixed .input slicing on result object with RegExp sticky mode polyfill
• Fixed handling of empty groups with global and unicode modes in polyfills
• Fixed URLSearchParam.prototype.delete polyfill with duplicate key-value pairs
• Fixed possible removal of unnecessary entries in URLSearchParam.prototype.delete polyfill with second argument
• Fixed an error in some cases of non-special URLs without a path in the URL polyfill
• Fixed some percent encode cases / character sets in the URL polyfill
• Fixed parsing of non-IPv4 hosts ends in a number in the URL polyfill
• Fixed some cases of '' and null host handling in the URL polyfill
• Fixed host parsing with hostname = host:port in the URL polyfill
• Fixed host inheritance in some cases of file scheme in the URL polyfill

... (truncated)

Commits

• 80adfc4 v3.49.0
• 0ad3e00 fix a modern Safari bug in Array.prototype.includes with sparse arrays and ...
• 853bfa4 update some links
• b4d723f fix a lack of counter validation on MAX_SAFE_INTEGER in Array.fromAsync p...
• e276676 fix parsing of non-IPv4 hosts ends in a number in the URL polyfill
• dd1cfba fix order of arguments validation in String.prototype.{ padStart, padEnd } ...
• b952c5f add an extra protection to configurator
• e490caf Fix for #810 (#1514)
• 10b4e86 drop an unneeded comment
• 28cf2e9 feat: Improve performance of Uint8Array Hex functions (#1510)
• Additional commits viewable in compare view

Updates moment-timezone from 0.6.0 to 0.6.1

Release notes

Sourced from moment-timezone's releases.

Release 0.6.1

• Updated data to IANA TZDB 2026a. #1140

NOTE: This release does not include recently-announced DST changes for British Columbia, Canada. Those changes will likely be in 2026b.

Changelog

Sourced from moment-timezone's changelog.

0.6.1 2026-03-18

• Updated data to IANA TZDB 2026a. #1140

Commits

• 13e724c Build moment-timezone 0.6.1
• 22070ff Bump version to 0.6.1
• b4ebddb Merge pull request #1140 from moment/automated/data-update
• cb47a65 data: Add 2026a
• 026466a build(deps): bump lodash from 4.17.21 to 4.17.23 (#1137)
• 6dc5413 Update Antarctica guess tests for 2026
• 0efed48 build(deps): bump js-yaml from 3.14.1 to 3.14.2 (#1136)
• See full diff in compare view

Updates @babel/preset-env from 7.29.0 to 7.29.2

Release notes

Sourced from @​babel/preset-env's releases.

v7.29.2 (2026-03-16)

👓 Spec Compliance

• babel-parser
  • #17840 [7.x backport] async x => {} must be in leading pos (@​JLHwung)

🐛 Bug Fix

• babel-helpers, babel-plugin-transform-async-generator-functions, babel-preset-env, babel-runtime-corejs3
  • #17805 [7.x backport] fix: Properly handle await in finally (@​liuxingbaoyu)
• babel-preset-env
  • #17789 [7.x backport] preset-env include/exclude should accept bugfix plugins (@​JLHwung)

🏠 Internal

• #17813 chore: update eslint peer deps (@​JLHwung)

Committers: 2

• Huáng Jùnliàng (@​JLHwung)
• @​liuxingbaoyu

v7.29.1 (2026-02-04)

🐛 Bug Fix

• babel-standalone
  • #17771 [7.x backport] fix: ensure targets.esmodules is validated (@​JLHwung)
• babel-generator
  • #17776 [7.x backport] Fix undefined when 64 indents (@​liuxingbaoyu)

Committers: 2

• Huáng Jùnliàng (@​JLHwung)
• @​liuxingbaoyu

Commits

• 37d5595 v7.29.2
• 1c0a08d [7.x backport] fix: Properly handle await in finally (#17805)
• 061bf95 [7.x backport] preset-env include/exclude should accept bugfix plugins (#17789)
• See full diff in compare view

Updates stylelint from 17.4.0 to 17.5.0

Release notes

Sourced from stylelint's releases.

17.5.0

It deprecates two rule options, adds 1 rule option and fixes 7 bugs. We've also released 2.1.0 of our VS Code extension, which adds 8 new requested features, and our first release of the Stylelint Language Server.

• Deprecated: *syntax options from declaration-property-value-no-unknown (#9102) (@​ragini-pandey).
• Added: ignoreMediaFeatureNameValues: {} to media-feature-name-value-no-unknown (#8976) (@​kovsu).
• Fixed: node_modules not ignored when using codeFilename in Node.js API (#9130) (@​adalinesimonian).
• Fixed: Error TS7016 for imported css-tree types (#9133) (@​ragini-pandey).
• Fixed: declaration-property-value-keyword-no-deprecated false positives for function arguments (#9116) (@​ragini-pandey).
• Fixed: declaration-property-value-no-unknown false positives for calc-size() containing size keyword (#9105) (@​hriztam).
• Fixed: no-descending-specificity & no-duplicate-selectors false negatives for equivalent compound selectors (#8977) (@​kovsu).
• Fixed: no-invalid-position-declaration false positives for @mixin and @scope (#9120) (@​ragini-pandey).
• Fixed: property-no-unknown false negatives for types (#9117) (@​Mouvedia).

Changelog

Sourced from stylelint's changelog.

17.5.0 - 2026-03-19

It deprecates two rule options, adds 1 rule option and fixes 7 bugs. We've also released 2.1.0 of our VS Code extension, which adds 8 new requested features, and our first release of the Stylelint Language Server.

• Deprecated: *syntax options from declaration-property-value-no-unknown (#9102) (@​ragini-pandey).
• Added: ignoreMediaFeatureNameValues: {} to media-feature-name-value-no-unknown (#8976) (@​kovsu).
• Fixed: node_modules not ignored when using codeFilename in Node.js API (#9130) (@​adalinesimonian).
• Fixed: Error TS7016 for imported css-tree types (#9133) (@​ragini-pandey).
• Fixed: declaration-property-value-keyword-no-deprecated false positives for function arguments (#9116) (@​ragini-pandey).
• Fixed: declaration-property-value-no-unknown false positives for calc-size() containing size keyword (#9105) (@​hriztam).
• Fixed: no-descending-specificity & no-duplicate-selectors false negatives for equivalent compound selectors (#8977) (@​kovsu).
• Fixed: no-invalid-position-declaration false positives for @mixin and @scope (#9120) (@​ragini-pandey).
• Fixed: property-no-unknown false negatives for types (#9117) (@​Mouvedia).

Commits

• 8d0198a Release 17.5.0 (#9160)
• 3ba50ac Add ignoreMediaFeatureNameValues: {} to `media-feature-name-value-no-unknow...
• 77dfd01 Fix no-invalid-position-declaration false positives for @mixin and `@scop...
• 7cde2d0 Fix declaration-property-value-keyword-no-deprecated false positives for fu...
• 7b10658 Fix declaration-property-value-no-unknown false positives for calc-size()...
• e5b9ec7 Deprecate *syntax options from declaration-property-value-no-unknown (#9102)
• 5bd2d21 Bump css-tree from 3.1.0 to 3.2.1 (#9158)
• 995caf4 Bump eslint from 10.0.2 to 10.0.3 in the eslint group (#9156)
• f5f6ddd Bump lint-staged from 16.2.7 to 16.3.3 (#9159)
• 6894818 Bump the jest group with 2 updates (#9157)
• Additional commits viewable in compare view

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Updates stylelint-config-recess-order from 7.6.1 to 7.7.0

Release notes

Sourced from stylelint-config-recess-order's releases.

v7.7.0

Minor Changes

• Allow stylelint-order v8 as peer dependency (#463) Thanks @​FloEdelmann!

Changelog

Sourced from stylelint-config-recess-order's changelog.

7.7.0

Minor Changes

• Allow stylelint-order v8 as peer dependency (#463) Thanks @​FloEdelmann!

Commits

• 2f53cd9 Publish release (#468)
• 8b1c2ec Update lockfile
• 70359c4 Allow stylelint-order v8 as peer dependency (#463)
• b4cd7db Bump stylelint from 17.0.0 to 17.1.0 (#453)
• f5c0484 Bump @​zazen/prettier-config from 1.1.3 to 1.1.4 (#454)
• 561468a Bump prettier from 3.8.0 to 3.8.1 (#452)
• See full diff in compare view

Updates typescript-eslint from 8.56.1 to 8.57.1

Release notes

Sourced from typescript-eslint's releases.

v8.57.1

8.57.1 (2026-03-16)

🩹 Fixes

• eslint-plugin: [prefer-optional-chain] no report for property on intersection type (#12126)

❤️ Thank You

• Newton Yuan @​NewtonYuan

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.57.0

8.57.0 (2026-03-09)

🚀 Features

• eslint-plugin: [no-unnecessary-condition] allow literal loop conditions in for/do loops (#12080)

🩹 Fixes

• eslint-plugin: [strict-void-return] false positives with overloads (#12055)
• eslint-plugin: handle statically analyzable computed keys in prefer-readonly (#12079)
• eslint-plugin: guard against negative paramIndex in no-useless-default-assignment (#12077)
• eslint-plugin: [prefer-promise-reject-errors] add allow TypeOrValueSpecifier to prefer-promise-reject-errors (#12094)
• eslint-plugin: [no-base-to-string] fix false positive for toString with overloads (#12089)
• typescript-estree: switch back to use ts.getModifiers() (#12034)
• typescript-estree: if the template literal is tagged and the text has an invalid escape, cooked will be null (#11355)

❤️ Thank You

• Brad Zacher @​bradzacher
• Brian Schlenker @​bschlenk
• Evyatar Daud @​StyleShit
• fisker Cheung @​fisker
• James Henry @​JamesHenry
• Josh Goldberg
• Kirk Waiblinger @​kirkwaiblinger
• Moses Odutusin @​thebolarin
• Newton Yuan @​NewtonYuan
• SungHyun627 @​SungHyun627
• Younsang Na @​nayounsang

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from typescript-eslint's changelog.

8.57.1 (2026-03-16)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.57.0 (2026-03-09)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

• c7c38aa chore(release): publish 8.57.1
• 2c6aeee chore(release): publish 8.57.0
• f696dad chore: use pnpm catalog (#12047)
• a09921e chore: update vitest to 4.x (#12071)
• See full diff in compare view

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.