Bump the dev-dependencies group across 1 directory with 10 updates

[dependabot]

Updates the requirements on @babel/runtime, @sentry/browser, caniuse-lite, @sentry/cli, @wordpress/eslint-plugin, esbuild, jsonc-eslint-parser, ora, prettier and web-ext to permit the latest version.
Updates @babel/runtime to 7.29.2

Release notes

Sourced from @​babel/runtime's releases.

v7.29.2 (2026-03-16)

👓 Spec Compliance

• babel-parser
  • #17840 [7.x backport] async x => {} must be in leading pos (@​JLHwung)

🐛 Bug Fix

• babel-helpers, babel-plugin-transform-async-generator-functions, babel-preset-env, babel-runtime-corejs3
  • #17805 [7.x backport] fix: Properly handle await in finally (@​liuxingbaoyu)
• babel-preset-env
  • #17789 [7.x backport] preset-env include/exclude should accept bugfix plugins (@​JLHwung)

🏠 Internal

• #17813 chore: update eslint peer deps (@​JLHwung)

Committers: 2

• Huáng Jùnliàng (@​JLHwung)
• @​liuxingbaoyu

Commits

• 37d5595 v7.29.2
• See full diff in compare view

Updates @sentry/browser to 10.50.0

Release notes

Sourced from @​sentry/browser's releases.

10.50.0

Important Changes

• feat(effect): Support v4 beta (#20394)

  The @sentry/effect integration now supports Effect v4 beta, enabling Sentry instrumentation for the latest Effect framework version. Read more in the Effect SDK readme.

• feat(hono): Add @sentry/hono/bun for Bun runtime (#20355)

  A new @sentry/hono/bun entry point adds first-class support for running Hono applications instrumented with Sentry on the Bun runtime. Read more in the Hono SDK readme.

• feat(replay): Add replayStart/replayEnd client lifecycle hooks (#20369)

  New replayStart and replayEnd client lifecycle hooks let you react to replay session start and end events in your application.

Other Changes

• feat(core): Emit no_parent_span client outcomes for discarded spans requiring a parent (#20350)
• feat(deps): Bump protobufjs from 7.5.4 to 7.5.5 (#20372)
• feat(hono): Add runtime packages as optional peer dependencies (#20423)
• feat(opentelemetry): Add tracingChannel utility for context propagation (#20358)
• fix(browser): Enrich graphqlClient spans for relative URLs (#20370)
• fix(browser): Filter implausible LCP values (#20338)
• fix(cloudflare): Use TransformStream to keep track of streams (#20452)
• fix(console): Re-patch console in AWS Lambda runtimes (#20337)
• fix(core): Correct GoogleGenAIIstrumentedMethod typo in type name
• fix(core): Handle stateless MCP wrapper transport correlation (#20293)
• fix(hono): Remove undefined from options type (#20419)
• fix(node): Guard against null httpVersion in outgoing request span attributes (#20430)
• fix(node-core): Pass rejection reason instead of Promise as originalException (#20366)

• chore: Ignore claude worktrees (#20440)
• chore: Prevent test from creating zombie process (#20392)
• chore: Update size-limit (#20412)
• chore(dev-deps): Bump nx from 22.5.0 to 22.6.5 (#20458)
• chore(e2e-tests): Use tarball symlinks for E2E tests instead of verdaccio (#20386)
• chore(lint): Remove lint warnings (#20413)
• chore(test): Remove empty variant tests (#20443)
• chore(tests): Use verdaccio as node process instead of docker image (#20336)
• docs(readme): Update usage instructions for binary scripts (#20426)
• ref(node): Vendor undici instrumentation (#20190)
• test(aws-serverless): Ensure aws-serverless E2E tests run locally (#20441)
• test(aws-serverless): Split npm & layer tests (#20442)
• test(browser): Fix flaky sessions route-lifecycle test + upgrade axios (#20197)
• test(cloudflare): Use .makeRequestAndWaitForEnvelope to wait for envelopes (#20208)

... (truncated)

Changelog

Sourced from @​sentry/browser's changelog.

10.50.0

Important Changes

• feat(effect): Support v4 beta (#20394)

  The @sentry/effect integration now supports Effect v4 beta, enabling Sentry instrumentation for the latest Effect framework version. Read more in the Effect SDK readme.

• feat(hono): Add @sentry/hono/bun for Bun runtime (#20355)

  A new @sentry/hono/bun entry point adds first-class support for running Hono applications instrumented with Sentry on the Bun runtime. Read more in the Hono SDK readme.

• feat(replay): Add replayStart/replayEnd client lifecycle hooks (#20369)

  New replayStart and replayEnd client lifecycle hooks let you react to replay session start and end events in your application.

Other Changes

• feat(core): Emit no_parent_span client outcomes for discarded spans requiring a parent (#20350)
• feat(deps): Bump protobufjs from 7.5.4 to 7.5.5 (#20372)
• feat(hono): Add runtime packages as optional peer dependencies (#20423)
• feat(opentelemetry): Add tracingChannel utility for context propagation (#20358)
• fix(browser): Enrich graphqlClient spans for relative URLs (#20370)
• fix(browser): Filter implausible LCP values (#20338)
• fix(cloudflare): Use TransformStream to keep track of streams (#20452)
• fix(console): Re-patch console in AWS Lambda runtimes (#20337)
• fix(core): Correct GoogleGenAIIstrumentedMethod typo in type name
• fix(core): Handle stateless MCP wrapper transport correlation (#20293)
• fix(hono): Remove undefined from options type (#20419)
• fix(node): Guard against null httpVersion in outgoing request span attributes (#20430)
• fix(node-core): Pass rejection reason instead of Promise as originalException (#20366)

• chore: Ignore claude worktrees (#20440)
• chore: Prevent test from creating zombie process (#20392)
• chore: Update size-limit (#20412)
• chore(dev-deps): Bump nx from 22.5.0 to 22.6.5 (#20458)
• chore(e2e-tests): Use tarball symlinks for E2E tests instead of verdaccio (#20386)
• chore(lint): Remove lint warnings (#20413)
• chore(test): Remove empty variant tests (#20443)
• chore(tests): Use verdaccio as node process instead of docker image (#20336)
• docs(readme): Update usage instructions for binary scripts (#20426)
• ref(node): Vendor undici instrumentation (#20190)
• test(aws-serverless): Ensure aws-serverless E2E tests run locally (#20441)
• test(aws-serverless): Split npm & layer tests (#20442)
• test(browser): Fix flaky sessions route-lifecycle test + upgrade axios (#20197)

... (truncated)

Commits

• 785e756 release: 10.50.0
• ed26a19 Merge pull request #20461 from getsentry/prepare-release/10.50.0
• 7b584c4 meta(changelog): Update changelog for 10.50.0
• 39740da test(cloudflare): Use .makeRequestAndWaitForEnvelope to wait for envelopes (#...
• c741030 test(aws-serverless): Split npm & layer tests (#20442)
• f97076d chore(dev-deps): Bump nx from 22.5.0 to 22.6.5 (#20458)
• 4b4ac76 fix(node): Guard against null httpVersion in outgoing request span attribut...
• 7569b10 fix(cloudflare): Use TransformStream to keep track of streams (#20452)
• a4c9686 test(hono): Add E2E tests for middleware spans (#20451)
• ff23846 chore: Ignore claude worktrees (#20440)
• Additional commits viewable in compare view

Updates caniuse-lite to 1.0.30001791

Commits

• abf9bca Update caniuse-db 1.0.30001791
• a387dba Update caniuse-db 1.0.30001790
• 7f81a3c Update lock file
• ac1ee53 Move from ESLint & Prettier to oxlint & oxfmt
• 29a690f Update CI actions
• cabad5e Update dependencies
• 16f140f Update email
• a90bee6 Update caniuse-db 1.0.30001788
• 5771bd6 Update caniuse-db 1.0.30001787
• e2dbdd9 Update caniuse-db 1.0.30001786
• Additional commits viewable in compare view

Updates @sentry/cli to 3.4.0

Release notes

Sourced from @​sentry/cli's releases.

3.4.0

Features

• (snapshots) Add --selective flag to build snapshots to indicate the upload contains only a subset of images (#3268)
• (bundle-jvm) Allow running directly on a project root (including multi-module repos) by automatically collecting only JVM source files (.java, .kt, .scala, .groovy), respecting .gitignore, and excluding common build output directories (#3260)
• (bundle-jvm) Add --exclude option for custom glob patterns to exclude files/directories from source collection (#3260)

Performance

• (snapshots) Parallelize image hashing with rayon (#3250)

Fixes

• (snapshots) Chunk image uploads to avoid file descriptor exhaustion and 413 errors when uploading hundreds of images (#3249)
• (snapshots) Preserve subdirectory structure in snapshot manifest keys instead of flattening to bare filenames (#3269)
• Replace eprintln! with log::info! for progress bar completion messages when the progress bar is disabled (e.g. in CI). This avoids spurious stderr output that some CI systems treat as errors (#3223).

Changelog

Sourced from @​sentry/cli's changelog.

3.4.0

Features

• (snapshots) Add --selective flag to build snapshots to indicate the upload contains only a subset of images (#3268)
• (bundle-jvm) Allow running directly on a project root (including multi-module repos) by automatically collecting only JVM source files (.java, .kt, .scala, .groovy), respecting .gitignore, and excluding common build output directories (#3260)
• (bundle-jvm) Add --exclude option for custom glob patterns to exclude files/directories from source collection (#3260)

Performance

• (snapshots) Parallelize image hashing with rayon (#3250)

Fixes

• (snapshots) Chunk image uploads to avoid file descriptor exhaustion and 413 errors when uploading hundreds of images (#3249)
• (snapshots) Preserve subdirectory structure in snapshot manifest keys instead of flattening to bare filenames (#3269)
• Replace eprintln! with log::info! for progress bar completion messages when the progress bar is disabled (e.g. in CI). This avoids spurious stderr output that some CI systems treat as errors (#3223).

3.3.5

Performance

• (snapshots) Parallelize image hashing with rayon (#3250)

Fixes

• (sourcemaps) Skip non-base64 embedded sourcemaps during injection (#3243)

3.3.4

New Features ✨

• (snapshots) Add --diff-threshold option to build snapshots to set a minimum pixel difference percentage for reporting image changes (#3259)
• Add sentry-cli build download command to download installable builds (IPA/APK) by build ID (#3221).
• Add sentry-cli code-mappings upload command to bulk upload code mappings from a JSON file (#3207, #3208, #3209, #3210).
  • Code mappings link stack trace paths (e.g. com/example/module) to source paths in your repository (e.g. src/main/java/com/example/module), enabling Sentry to display source context and link directly to your code from error stack traces.
  • Repository name and default branch are automatically inferred from your local git remotes, or can be specified explicitly with --repo and --default-branch.
  • Large mapping files are automatically split into batches for upload.

3.3.3

Internal Changes 🔧

• (npm) 🤖 Bump optional dependencies to 3.3.2 in afdef906

3.3.2

New Features ✨

• (preprod) Add VCS parameters to snapshots upload command by @​rbro112 in #3200

... (truncated)

Commits

• 9c22f3d release: 3.4.0
• d4d6232 feat(snapshots): Authenticate with Objectstore (#3258)
• d783793 feat(build): Add --selective flag to snapshots command (#3268)
• cdcc4a2 fix(snapshots): Preserve subdirectory structure in manifest keys (#3269)
• 3d7f705 fix(snapshots): Chunk image uploads to avoid fd exhaustion and 413 errors (#3...
• c7e4932 test: make tests independent of zip encoding (#3239)
• f825541 feat(bundle-jvm): Automatically collect JVM source files with respecting excl...
• 35edfb3 build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 (#3266)
• 8a559a2 meta: Add Zed editor settings (#3264)
• 5c11709 fix: gate goblin logs before formatting (#3238)
• Additional commits viewable in compare view

Updates @wordpress/eslint-plugin from 24.5.0 to 25.0.0

Changelog

Sourced from @​wordpress/eslint-plugin's changelog.

25.0.0 (2026-04-15)

Breaking Changes

• Upgraded to ESLint v10 with flat config format. The plugin now exports flat config arrays instead of eslintrc objects. Consumers must migrate from .eslintrc.* files to eslint.config.mjs. See the migration guide for details (#76654).
• The minimum required ESLint version is now ^9.0.0 || ^10.0.0 (#76654).
• Upgraded eslint-plugin-import to v2.31+ (wrapped with fixupPluginRules for flat config compatibility) (#76654).
• Upgraded @typescript-eslint/* from v6 to v8 (via the unified typescript-eslint package) (#76654).
• Replaced eslint-plugin-eslint-comments with @eslint-community/eslint-plugin-eslint-comments. Rule prefixes changed from eslint-comments/* to @eslint-community/eslint-comments/* (#76654).

New Features

• Added @wordpress/eslint-plugin/eslintrc entry point — a compatibility wrapper for ESLint v9 consumers still using .eslintrc.* files. This is deprecated and will be removed in a future major version (#76654).
• Configs are now exported as flat config arrays (e.g., wordpress.configs.recommended returns an array of config objects suitable for spreading into eslint.config.mjs) (#76654).

Enhancements

• Disabled the jsx-a11y/heading-has-content rule in the recommended configuration, which reports many false positives when heading elements are passed via a render prop (#77073).

Commits

• b862d8c chore(release): publish
• a3c385b Update changelog files
• bbb9ce0 Merge changes published in the Gutenberg plugin "release/23.0" branch
• See full diff in compare view

Updates esbuild from 0.27.7 to 0.28.0

Release notes

Sourced from esbuild's releases.

v0.28.0

• Add support for with { type: 'text' } imports (#4435)

  The import text proposal has reached stage 3 in the TC39 process, which means that it's recommended for implementation. It has also already been implemented by Deno and Bun. So with this release, esbuild also adds support for it. This behaves exactly the same as esbuild's existing text loader. Here's an example:

  import string from './example.txt' with { type: 'text' }
  console.log(string)

• Add integrity checks to fallback download path (#4343)

  Installing esbuild via npm is somewhat complicated with several different edge cases (see esbuild's documentation for details). If the regular installation of esbuild's platform-specific package fails, esbuild's install script attempts to download the platform-specific package itself (first with the npm command, and then with a HTTP request to registry.npmjs.org as a last resort).

  This last resort path previously didn't have any integrity checks. With this release, esbuild will now verify that the hash of the downloaded binary matches the expected hash for the current release. This means the hashes for all of esbuild's platform-specific binary packages will now be embedded in the top-level esbuild package. Hopefully this should work without any problems. But just in case, this change is being done as a breaking change release.

• Update the Go compiler from 1.25.7 to 1.26.1

  This upgrade should not affect anything. However, there have been some significant internal changes to the Go compiler, so esbuild could potentially behave differently in certain edge cases:

  • It now uses the new garbage collector that comes with Go 1.26.
  • The Go compiler is now more aggressive with allocating memory on the stack.
  • The executable format that the Go linker uses has undergone several changes.
  • The WebAssembly build now unconditionally makes use of the sign extension and non-trapping floating-point to integer conversion instructions.

  You can read the Go 1.26 release notes for more information.

Changelog

Sourced from esbuild's changelog.

0.28.0

• Add support for with { type: 'text' } imports (#4435)

  The import text proposal has reached stage 3 in the TC39 process, which means that it's recommended for implementation. It has also already been implemented by Deno and Bun. So with this release, esbuild also adds support for it. This behaves exactly the same as esbuild's existing text loader. Here's an example:

  import string from './example.txt' with { type: 'text' }
  console.log(string)

• Add integrity checks to fallback download path (#4343)

  Installing esbuild via npm is somewhat complicated with several different edge cases (see esbuild's documentation for details). If the regular installation of esbuild's platform-specific package fails, esbuild's install script attempts to download the platform-specific package itself (first with the npm command, and then with a HTTP request to registry.npmjs.org as a last resort).

  This last resort path previously didn't have any integrity checks. With this release, esbuild will now verify that the hash of the downloaded binary matches the expected hash for the current release. This means the hashes for all of esbuild's platform-specific binary packages will now be embedded in the top-level esbuild package. Hopefully this should work without any problems. But just in case, this change is being done as a breaking change release.

• Update the Go compiler from 1.25.7 to 1.26.1

  This upgrade should not affect anything. However, there have been some significant internal changes to the Go compiler, so esbuild could potentially behave differently in certain edge cases:

  • It now uses the new garbage collector that comes with Go 1.26.
  • The Go compiler is now more aggressive with allocating memory on the stack.
  • The executable format that the Go linker uses has undergone several changes.
  • The WebAssembly build now unconditionally makes use of the sign extension and non-trapping floating-point to integer conversion instructions.

  You can read the Go 1.26 release notes for more information.

Commits

• 6a794df publish 0.28.0 to npm
• 64ee0ea fix #4435: support with { type: text } imports
• ef65aee fix sort order in snapshots_packagejson.txt
• 1a26a8e try to fix test-old-ts, also shuffle CI tasks
• 556ce6c use '' instead of null to omit build hashes
• 8e675a8 ci: allow missing binary hashes for tests
• 7067763 Reapply "update go 1.25.7 => 1.26.1"
• 39473a9 fix #4343: integrity check for binary download
• See full diff in compare view

Updates jsonc-eslint-parser from 2.4.2 to 3.1.0

Release notes

Sourced from jsonc-eslint-parser's releases.

v3.1.0

Minor Changes

• #275 38d5905 Thanks @​ota-meshi! - feat: add tokenize()

v3.0.0

Major Changes

• #266 6d1679d Thanks @​copilot-swe-agent! - Drop support for Node.js versions older than 20.19.0. The new minimum supported versions are: ^20.19.0 || ^22.13.0 || >=24

• #268 e1c554a Thanks @​copilot-swe-agent! - Change to ESM-only package. This is a breaking change that requires Node.js environments that support ESM.

Changelog

Sourced from jsonc-eslint-parser's changelog.

3.1.0

Minor Changes

• #275 38d5905 Thanks @​ota-meshi! - feat: add tokenize()

3.0.0

Major Changes

• #266 6d1679d Thanks @​copilot-swe-agent! - Drop support for Node.js versions older than 20.19.0. The new minimum supported versions are: ^20.19.0 || ^22.13.0 || >=24

• #268 e1c554a Thanks @​copilot-swe-agent! - Change to ESM-only package. This is a breaking change that requires Node.js environments that support ESM.

Commits

• 03a4a3b chore: release jsonc-eslint-parser (#276)
• 38d5905 feat: add tokenize() (#275)
• f4e373e chore(deps): update dependency vite to v7 (#274)
• 6f4dd65 chore(deps): update dependency @​vitejs/plugin-vue to v6 (#273)
• 875c732 chore: migrate from Vue CLI to Vite in explorer (#272)
• 83ccca1 chore: release jsonc-eslint-parser (#269)
• 46d07e7 chore: remove unnecessary dev dependencies (#271)
• b8f9553 chore(deps): update eslint monorepo to v10 (major) (#264)
• 6285f9a chore: format
• 9d8918f chore(config): migrate config renovate.json (#270)
• Additional commits viewable in compare view

Updates ora to 9.4.0

Release notes

Sourced from ora's releases.

v9.4.0

• Add successSymbol and failSymbol options to oraPromise 3d2e0a9

---

sindresorhus/ora@v9.3.0...v9.4.0

Commits

• 46a6703 9.4.0
• 3d2e0a9 Add successSymbol and failSymbol options to oraPromise
• f70f613 Test tweaks
• 7cf29a7 Validate some options better
• See full diff in compare view

Updates prettier to 3.8.3

Release notes

Sourced from prettier's releases.

3.8.3

• SCSS: Prevent trailing comma in if() function (prettier/prettier#18471 by @​kovsu)

🔗 Changelog

Changelog

Sourced from prettier's changelog.

3.8.3

diff

SCSS: Prevent trailing comma in if() function (#18471 by @​kovsu)

// Input
$value: if(sass(false): 1; else: -1);
// Prettier 3.8.2
$value: if(
sass(false): 1; else: -1,
);
// Prettier 3.8.3
$value: if(sass(false): 1; else: -1);

3.8.2

diff

Angular: Support Angular v21.2 (#18722, #19034 by @​fisker)

Exhaustive typechecking with @default never;

<!-- Input -->
@switch (foo) {
  @case (1) {}
  @default never;
}
<!-- Prettier 3.8.1 -->
SyntaxError: Incomplete block "default never". If you meant to write the @ character, you should use the "&#64;" HTML entity instead. (3:3)
<!-- Prettier 3.8.2 -->
@​switch (foo) {
@​case (1) {}
@​default never;
}

arrow function and instanceof expressions.

</tr></table> 

... (truncated)

Commits

• d7108a7 Release 3.8.3
• 177f908 Prevent trailing comma in SCSS if() function (#18471)
• 1cd4066 Release @​prettier/plugin-oxc@​0.1.4
• a8700e2 Update oxc-parser to v0.125.0
• 752157c Fix tests
• 053fd41 Bump Prettier dependency to 3.8.2
• 904c636 Clean changelog_unreleased
• dc1f7fc Update dependents count
• b31557c Release 3.8.2
• 96bbaed Support Angular v21.2 (#18722)
• Additional commits viewable in compare view

Updates web-ext from 9.4.0 to 10.1.0

Release notes

Sourced from web-ext's releases.

10.1.0 (2026-03-31)

main changes

None

dependencies

• Updated: dependency addons-linter to 10.3.0 (#3673)
• Updated: dependency @babel/runtime to 7.29.2 (#3660)

dev dependencies

• Updated: dependency @babel/preset-env to 7.29.2 (#3661)
• Updated: dependency @commitlint/cli to 20.5.0 (#3657)
• Updated: dependency @commitlint/config-conventional to 20.5.0 (#3658)
• Updated: dependency brace-expansion to 1.1.13 (#3671)
• Updated: dependency flatted to 3.4.1 (#3656)
• Updated: dependency flatted to 3.4.2 (#3665)
• Updated: dependency node-forge to 1.4.0 (#3670)
• Updated: dependency picomatch (#3669)
• Updated: dependency sinon to 21.0.3 (#3659)
• Updated: dependency undici to 7.24.1 (#3655)

10.0.0 (2026-03-13)

main changes

Important: we now use Node 22 by default.

• Added: web-ext lint now supports Firefox 149 schemas

dependencies

• Updated: dependency addons-linter to 10.1.0 (#3654)

dev dependencies

• Updated: dependency @commitlint/config-conventional to 20.4.4 (#3653)
• Updated: dependency @commitlint/cli to 20.4.4 (#3652)
• Updated: dependency @eslint/eslintrc to 3.3.5 (#3647)
• Updated: dependency @eslint/compat to 2.0.3 (#3646)

Commits

• 5e9b089 10.1.0
• 4387494 chore(deps): bump addons-linter from 10.2.0 to 10.3.0 (#3673)
• 63c2bc7 chore(audit): update npm audit ignore list (#3672)
• a9d767d chore(deps): bump brace-expansion from 1.1.12 to 1.1.13 (#3671)
• d29aaa7 chore(deps): bump node-forge from 1.3.2 to 1.4.0 (#3670)
• 73dd5f8 chore(deps): bump picomatch (#3669)
• 664b23c chore(deps): bump addons-linter from 10.1.0 to 10.2.0 (#3668)
• 67efc41 chore(deps): bump flatted from 3.4.1 to 3.4.2 (#3665)
• 308b344 chore(deps-dev): bump @​babel/preset-env from 7.29.0 to 7.29.2 (#3661)
• aa0333e chore(deps): bump @​babel/runtime from 7.28.6 to 7.29.2 (#3660)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions