Bump the dev-dependencies group across 1 directory with 8 updates

[dependabot]

Updates the requirements on @sentry/browser, caniuse-lite, @sentry/cli, @wordpress/eslint-plugin, esbuild, jsonc-eslint-parser, prettier and web-ext to permit the latest version.
Updates @sentry/browser to 10.29.0

Release notes

Sourced from @​sentry/browser's releases.

10.29.0

Important Changes

• feat(solid|solidstart): Bump accepted @​solidjs/router range (#18395)

We expanded the supported version range for @solidjs/router to include 0.14.x and 0.15.x versions.

Other Changes

• fix(logs): Add support for msg in pino integration (#18389)
• fix(node): Include system message in anthropic-ai messages span (#18332)
• fix(tracing): Add missing attributes in vercel-ai spans (#18333)

• chore(tanstackstart-react): clean up re-exported types (#18393)
• ref(core): Avoid looking up openai integration options (#17695)
• test(nuxt): Relax captured unhandled error assertion (#18397)
• test(tanstackstart-react): Set up E2E test application (#18358)

Bundle size 📦

Path	Size
@​sentry/browser	24.22 KB
@​sentry/browser - with treeshaking flags	22.76 KB
@​sentry/browser (incl. Tracing)	40.57 KB
@​sentry/browser (incl. Tracing, Profiling)	45.05 KB
@​sentry/browser (incl. Tracing, Replay)	78.08 KB
@​sentry/browser (incl. Tracing, Replay) - with treeshaking flags	68.05 KB
@​sentry/browser (incl. Tracing, Replay with Canvas)	82.65 KB
@​sentry/browser (incl. Tracing, Replay, Feedback)	94.61 KB
@​sentry/browser (incl. Feedback)	40.51 KB
@​sentry/browser (incl. sendFeedback)	28.8 KB
@​sentry/browser (incl. FeedbackAsync)	33.66 KB
@​sentry/react	25.9 KB
@​sentry/react (incl. Tracing)	42.72 KB
@​sentry/vue	28.56 KB
@​sentry/vue (incl. Tracing)	42.32 KB
@​sentry/svelte	24.24 KB
CDN Bundle	26.57 KB
CDN Bundle (incl. Tracing)	41.22 KB
CDN Bundle (incl. Tracing, Replay)	76.9 KB
CDN Bundle (incl. Tracing, Replay, Feedback)	82.23 KB
CDN Bundle - uncompressed	78.09 KB
CDN Bundle (incl. Tracing) - uncompressed	122.4 KB
CDN Bundle (incl. Tracing, Replay) - uncompressed	235.71 KB

... (truncated)

Changelog

Sourced from @​sentry/browser's changelog.

10.29.0

Important Changes

• feat(solid|solidstart): Bump accepted @​solidjs/router range (#18395)

We expanded the supported version range for @solidjs/router to include 0.14.x and 0.15.x versions.

Other Changes

• fix(logs): Add support for msg in pino integration (#18389)
• fix(node): Include system message in anthropic-ai messages span (#18332)
• fix(tracing): Add missing attributes in vercel-ai spans (#18333)

• chore(tanstackstart-react): clean up re-exported types (#18393)
• ref(core): Avoid looking up openai integration options (#17695)
• test(nuxt): Relax captured unhandled error assertion (#18397)
• test(tanstackstart-react): Set up E2E test application (#18358)

10.28.0

Important Changes

• feat(core): Make matcher parameter optional in makeMultiplexedTransport (#10798)

The matcher parameter in makeMultiplexedTransport is now optional with a sensible default. This makes it much easier to use the multiplexed transport for sending events to multiple DSNs based on runtime configuration.

Before:

import { makeFetchTransport, makeMultiplexedTransport } from '@sentry/browser';
const EXTRA_KEY = 'ROUTE_TO';
const transport = makeMultiplexedTransport(makeFetchTransport, args => {
const event = args.getEvent();
if (event?.extra?.[EXTRA_KEY] && Array.isArray(event.extra[EXTRA_KEY])) {
return event.extra[EXTRA_KEY];
}
return [];
});
Sentry.init({
transport,
// ... other options
</tr></table>

... (truncated)

Commits

• 3529d46 release: 10.29.0
• 7b3b613 Merge pull request #18407 from getsentry/prepare-release/10.29.0
• 477f6ad meta(changelog): Update changelog for 10.29.0
• cf5c4ba Merge pull request #18406 from getsentry/manual-master-sync-dev
• 3c5d47f Merge branch 'develop' into manual-master-sync-dev
• 862f415 test(nuxt): Relax captured unhandled error assertion (#18397)
• b6eb205 fix(node): Include system message in anthropic-ai messages span (#18332)
• 65f5006 fix(tracing): Add missing attributes in vercel-ai spans (#18333)
• df4c541 feat(solid|solidstart): Bump accepted @​solidjs/router range (#18395)
• f961771 ref(core): Avoid looking up openai integration options (#17695)
• Additional commits viewable in compare view

Updates caniuse-lite to 1.0.30001759

Commits

• 4a032a6 Update caniuse-db 1.0.30001759
• 617831e Update caniuse-db 1.0.30001757
• 53dbb77 Update caniuse-db 1.0.30001756
• 42da0d5 Update caniuse-db 1.0.30001755
• See full diff in compare view

Updates @sentry/cli to 2.58.2

Release notes

Sourced from @​sentry/cli's releases.

2.58.2

Improvements

• Added validation for the sentry-cli build upload command's --head-sha and --base-sha arguments (#2945). The CLI now validates that these are valid SHA1 sums. Passing an empty string is also allowed; this prevents the default values from being used, causing the values to instead be unset.

Fixes

• Fixed a bug where providing empty-string values for the sentry-cli build upload command's --vcs-provider, --head-repo-name, --head-ref, --base-ref, and --base-repo-name arguments resulted in 400 errors (#2946). Now, setting these to empty strings instead explicitly clears the default value we would set otherwise, as expected.

Changelog

Sourced from @​sentry/cli's changelog.

2.58.2

Improvements

• Added validation for the sentry-cli build upload command's --head-sha and --base-sha arguments (#2945). The CLI now validates that these are valid SHA1 sums. Passing an empty string is also allowed; this prevents the default values from being used, causing the values to instead be unset.

Fixes

• Fixed a bug where providing empty-string values for the sentry-cli build upload command's --vcs-provider, --head-repo-name, --head-ref, --base-ref, and --base-repo-name arguments resulted in 400 errors (#2946). Now, setting these to empty strings instead explicitly clears the default value we would set otherwise, as expected.

2.58.1

Deprecations

• Deprecated API key authentication (#2934, #2937). Users who are still using API keys to authenticate Sentry CLI should generate and use an Auth Token instead.

Improvements

• The sentry-cli debug-files bundle-jvm no longer makes any HTTP requests to Sentry, meaning auth tokens are no longer needed, and the command can be run offline (#2926).

Fixes

• Skip setting base_sha and base_ref when they equal head_sha during auto-inference, since comparing a commit to itself provides no meaningful baseline (#2924).
• Improved error message when supplying a non-existent organization to sentry-cli sourcemaps upload. The error now correctly indicates the organization doesn't exist, rather than incorrectly suggesting the Sentry server lacks artifact bundle support (#2931).

2.58.0

New Features

• Removed experimental status from the sentry-cli build upload commands (#2899, #2905). At the time of this release, build uploads are still in closed beta on the server side, so most customers cannot use this functionality quite yet.
• Added CLI version metadata to build upload archives (#2890).

Deprecations

• Deprecated the upload-proguard subcommand's --platform flag (#2863). This flag was a no-op for some time, so we will remove it in the next major.
• Deprecated the upload-proguard subcommand's --android-manifest flag (#2891). This flag was a no-op for some time, so we will remove it in the next major.
• Deprecated the sentry-cli sourcemaps upload command's --no-dedupe flag (#2913). The flag was no longer relevant for sourcemap uploads to modern Sentry servers and was made a no-op.

Fixes

• Fixed autofilled git base metadata (--base-ref, --base-sha) when using the build upload subcommand in git repos. Previously this worked only in the context of GitHub workflows (#2897, #2898).

Performance

• Slightly sped up the sentry-cli sourcemaps upload command by eliminating an HTTP request to the Sentry server, which was not required in most cases (#2913).

Internal changes

• Migrated JavaScript wrapper to TypeScript for better type safety (#2910)

... (truncated)

Commits

• b8965a3 release: 2.58.2
• f99509f fix(build): Allow clearing string arguments to build upload (#2946)
• a2cef20 ref(build): Add client-side validation for SHA fields (#2945)
• c550aa7 ref(build): Move VcsInfo beside other build upload API types (#2944)
• f303fd4 ref(build): Use VcsInfo directly in ChunkedBuildRequest (#2943)
• 63b187c meta(cargo): Remove authors from Cargo.toml (#2939)
• 1ccff9d build(npm): 🤖 Bump optional dependencies to 2.58.1
• 4362cf6 Merge branch 'release/2.58.1'
• b25423a release: 2.58.1
• 7595ba9 chore(js): Deprecate apiKey field (#2937)
• Additional commits viewable in compare view

Updates @wordpress/eslint-plugin to 22.22.0

Changelog

Sourced from @​wordpress/eslint-plugin's changelog.

22.22.0 (2025-11-26)

22.21.0 (2025-11-12)

Enhancements

• Disabled import/no-unresolved, import/default, and import/named checks for TypeScript files when TypeScript is installed, since these issues are already checked by TypeScript.
• Improved resolution behavior to support modern package export semantics by updating default import resolver to eslint-import-resolver-typescript, including for non-TypeScript files.

22.20.0 (2025-10-29)

22.19.0 (2025-10-17)

22.18.0 (2025-10-01)

22.17.0 (2025-09-17)

22.16.0 (2025-09-03)

22.15.0 (2025-08-20)

22.14.0 (2025-08-07)

22.13.0 (2025-07-23)

Enhancements

• Added stricter ESLint checks for translator comments.
• Supports unnamed (%s, %d, %f), positional (%1$s, etc.) and named placeholders.
• Flags missing and extra/outdated placeholders.

22.12.0 (2025-06-25)

22.11.0 (2025-06-04)

22.10.0 (2025-05-22)

22.9.0 (2025-05-07)

22.8.0 (2025-04-11)

22.7.0 (2025-03-27)

22.6.0 (2025-03-13)

22.5.0 (2025-02-28)

22.4.0 (2025-02-12)

22.3.0 (2025-01-29)

... (truncated)

Commits

• b35cf1a chore(release): publish
• 01eaf58 Update changelog files
• 77aa1f1 chore(release): publish
• 26b6bac Update changelog files
• d61fa7f Merge changes published in the Gutenberg plugin "release/22.1" branch
• See full diff in compare view

Updates esbuild to 0.27.1

Release notes

Sourced from esbuild's releases.

v0.27.1

• Fix bundler bug with var nested inside if (#4348)

  This release fixes a bug with the bundler that happens when importing an ES module using require (which causes it to be wrapped) and there's a top-level var inside an if statement without being wrapped in a { ... } block (and a few other conditions). The bundling transform needed to hoist these var declarations outside of the lazy ES module wrapper for correctness. See the issue for details.

• Fix minifier bug with for inside try inside label (#4351)

  This fixes an old regression from version v0.21.4. Some code was introduced to move the label inside the try statement to address a problem with transforming labeled for await loops to avoid the await (the transformation involves converting the for await loop into a for loop and wrapping it in a try statement). However, it introduces problems for cross-compiled JVM code that uses all three of these features heavily. This release restricts this transform to only apply to for loops that esbuild itself generates internally as part of the for await transform. Here is an example of some affected code:

  // Original code
  d: {
    e: {
      try {
        while (1) { break d }
      } catch { break e; }
    }
  }
  // Old output (with --minify)
  a:try{e:for(;;)break a}catch{break e}
  // New output (with --minify)
  a:e:try{for(;;)break a}catch{break e}

• Inline IIFEs containing a single expression (#4354)

  Previously inlining of IIFEs (immediately-invoked function expressions) only worked if the body contained a single return statement. Now it should also work if the body contains a single expression statement instead:

  // Original code
  const foo = () => {
    const cb = () => {
      console.log(x())
    }
    return cb()
  }
  // Old output (with --minify)
  const foo=()=>(()=>{console.log(x())})();
  // New output (with --minify)
  const foo=()=>{console.log(x())};

• The minifier now strips empty finally clauses (#4353)

  This improvement means that finally clauses containing dead code can potentially cause the associated try statement to be removed from the output entirely in minified builds:

... (truncated)

Changelog

Sourced from esbuild's changelog.

0.27.1

• Fix bundler bug with var nested inside if (#4348)

  This release fixes a bug with the bundler that happens when importing an ES module using require (which causes it to be wrapped) and there's a top-level var inside an if statement without being wrapped in a { ... } block (and a few other conditions). The bundling transform needed to hoist these var declarations outside of the lazy ES module wrapper for correctness. See the issue for details.

• Fix minifier bug with for inside try inside label (#4351)

  This fixes an old regression from version v0.21.4. Some code was introduced to move the label inside the try statement to address a problem with transforming labeled for await loops to avoid the await (the transformation involves converting the for await loop into a for loop and wrapping it in a try statement). However, it introduces problems for cross-compiled JVM code that uses all three of these features heavily. This release restricts this transform to only apply to for loops that esbuild itself generates internally as part of the for await transform. Here is an example of some affected code:

  // Original code
  d: {
    e: {
      try {
        while (1) { break d }
      } catch { break e; }
    }
  }
  // Old output (with --minify)
  a:try{e:for(;;)break a}catch{break e}
  // New output (with --minify)
  a:e:try{for(;;)break a}catch{break e}

• Inline IIFEs containing a single expression (#4354)

  Previously inlining of IIFEs (immediately-invoked function expressions) only worked if the body contained a single return statement. Now it should also work if the body contains a single expression statement instead:

  // Original code
  const foo = () => {
    const cb = () => {
      console.log(x())
    }
    return cb()
  }
  // Old output (with --minify)
  const foo=()=>(()=>{console.log(x())})();
  // New output (with --minify)
  const foo=()=>{console.log(x())};

• The minifier now strips empty finally clauses (#4353)

  This improvement means that finally clauses containing dead code can potentially cause the associated try statement to be removed from the output entirely in minified builds:

... (truncated)

Commits

• 5e0e56d publish 0.27.1 to npm
• 5a89732 fix #4354: improve IIFE inlining for expressions
• b940218 minify: move unused expr simplification later
• c46d498 fix #4353: remove empty try/finally clauses
• 7a72735 fix #4348: bundler bug with var inside if
• 4e4e177 fix #4351: label + try + for minifier bug
• d6427c9 fix: deno release url wrong comment (#4326)
• 48e3e19 calling Symbol.for with a primitive never throws
• 4ff88d0 update decorator-tests.js snapshot
• 1877e60 calling Symbol with a primitive will never throw
• See full diff in compare view

Updates jsonc-eslint-parser to 2.4.2

Release notes

Sourced from jsonc-eslint-parser's releases.

v2.4.2

Patch Changes

• #252 afaafe7 Thanks @​ota-meshi! - use npm trusted publishing

Changelog

Sourced from jsonc-eslint-parser's changelog.

2.4.2

Patch Changes

• #252 afaafe7 Thanks @​ota-meshi! - use npm trusted publishing

2.4.1

Patch Changes

• #228 46c1f97 Thanks @​michaelfaith! - improve type compatibility with eslint

2.4.0

Minor Changes

• #186 8027edd Thanks @​JoshuaKGoldberg! - Added ESLint-oriented types, with plugin docs

2.3.0

Minor Changes

• #162 9afa0c4 Thanks @​ota-meshi! - feat: export meta object

Commits

• dbabcbf chore: release jsonc-eslint-parser (#253)
• afaafe7 chore: repo maintenance (#252)
• ce448d3 chore(deps): update actions/setup-node action to v6 (#243)
• 2701525 chore(deps): update dependency node to v24 (#244)
• ce93df6 chore(deps): update actions/configure-pages action to v5 (#208)
• a24d4e7 fix: eslint (#248)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for jsonc-eslint-parser since your current version.

Updates prettier to 3.7.4

Release notes

Sourced from prettier's releases.

3.7.4

What's Changed

• Fix comment in union type gets duplicated by @​fisker in prettier/prettier#18393
• Fix unstable comment print in union type by @​fisker in prettier/prettier#18395
• Avoid quote around LWC interpolations by @​kovsu in prettier/prettier#18383

🔗 Changelog

Changelog

Sourced from prettier's changelog.

3.7.4

diff

LWC: Avoid quote around interpolations (#18383 by @​kovsu)

<!-- Input -->
<div foo={bar}>   </div>
<!-- Prettier 3.7.3 (--embedded-language-formatting off) -->
<div foo="{bar}"></div>
<!-- Prettier 3.7.4 (--embedded-language-formatting off) -->
<div foo={bar}></div>

TypeScript: Fix comment inside union type gets duplicated (#18393 by @​fisker)

// Input
type Foo = (/** comment */ a | b) | c;
// Prettier 3.7.3
type Foo = /** comment / (/* comment */ a | b) | c;
// Prettier 3.7.4
type Foo = /** comment */ (a | b) | c;

TypeScript: Fix unstable comment print in union type comments (#18395 by @​fisker)

// Input
type X = (A | B) & (
  // comment
  A | B
);
// Prettier 3.7.3 (first format)
type X = (A | B) &
(// comment
A | B);
// Prettier 3.7.3 (second format)
type X = (
| A
</tr></table>

... (truncated)

Commits

• 7848357 Release 3.7.4
• 7686c59 Release @​prettier/plugin-hermes & @​prettier/plugin-oxc v0.1.3
• fe49434 Remove dead code checking union/intersection types length (#18396)
• ca02b37 Fix unstable comment print (#18395)
• 7efb988 Fix comment in union type get duplicated (#18393)
• cfa92c1 Update dependency @​angular/compiler to v21.0.2 (#18392)
• 1de2737 Update dependency yaml to v2.8.2 (#18391)
• 706aa4e Switch js parse postprocess to onEnter (#18382)
• d3eb2b2 Reuse arrays in visitor keys (#18386)
• c45fef1 Fix LWC attribute with --embedded-language-formatting off (#18383)
• Additional commits viewable in compare view

Updates web-ext to 9.2.0

Release notes

Sourced from web-ext's releases.

9.2.0

main changes

• Fixed: Ensured navigator.webdriver != true in launched Chromium (#3553)
• Added: web-ext lint now supports Firefox 145 and 146 schemas

dependencies

• Updated: dependency addons-linter to 9.2.0 (#3559)
• Updated: dependency open to 11.0.0 (#3554)
• Updated: dependency pino to 10.1.0 (#3538)

dev dependencies

• Updated: dependency mocha to 11.7.5 (#3546)
• Updated: dependency chai to 6.2.1 (#3550)

others

• Migrate project to ESLint v9 (#3552)

---

See all changes: mozilla/web-ext@9.1.0...9.2.0

Commits

• 3057dc7 9.2.0
• 266e97e chore(deps): bump open from 10.2.0 to 11.0.0 (#3554)
• db7c12c feat: Migrate project to ESLint v9 (#3552)
• f8d66f7 ci: remove exception in .nsprc file (#3558)
• 5ee4ce1 chore(deps): bump addons-linter from 9.1.0 to 9.2.0 (#3559)
• 1c6e429 fix: Ensured navigator.webdriver != true in launched Chromium (#3553)
• 2c1f1e4 chore(deps): bump addons-linter from 9.0.0 to 9.1.0 (#3556)
• dc4031e ci: mitigate recent npm audit report (#3557)
• 95dafa1 chore(deps-dev): bump mocha from 11.7.4 to 11.7.5 (#3546)
• b63b9f6 chore(deps): bump pino from 9.12.0 to 10.1.0 (#3538)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions