Bump the dev-dependencies group across 1 directory with 5 updates

[dependabot]

Updates the requirements on @sentry/browser, caniuse-lite, @sentry/cli, @wordpress/eslint-plugin and jsonc-eslint-parser to permit the latest version.
Updates @sentry/browser to 10.39.0

Release notes

Sourced from @​sentry/browser's releases.

10.39.0

Important Changes

• feat(tanstackstart-react): Auto-instrument server function middleware (#19001)

  The sentryTanstackStart Vite plugin now automatically instruments middleware in createServerFn().middleware([...]) calls. This captures performance data without requiring manual wrapping with wrapMiddlewaresWithSentry().

• feat(nextjs): New experimental automatic vercel cron monitoring (#19192)

  Setting _experimental.vercelCronMonitoring to true in your Sentry configuration will automatically create Sentry cron monitors for your Vercel Cron Jobs.

  Please note that this is an experimental unstable feature and subject to change.

  // next.config.ts
  export default withSentryConfig(nextConfig, {
    _experimental: {
      vercelCronMonitoring: true,
    },
  });

• feat(node-core): Add node-core/light (#18502)

  This release adds a new light-weight @sentry/node-core/light export to @sentry/node-core. The export acts as a light-weight SDK that does not depend on OpenTelemetry and emits no spans.

  Use this SDK when:

  • You only need error tracking, logs or metrics without tracing data (no spans)
  • You want to minimize bundle size and runtime overhead
  • You don't need spans emitted by OpenTelemetry instrumentation

  It supports error tracking and reporting, logs, metrics, automatic request isolation (requires Node.js 22+) and basic tracing via our Sentry.startSpan* APIs.

  Install the SDK by running

  npm install @sentry/node-core

  and add Sentry at the top of your application's entry file:

  import * as Sentry from '@sentry/node-core/light';
  Sentry.init({
  dsn: 'DSN',
  });

Other Changes

... (truncated)

Changelog

Sourced from @​sentry/browser's changelog.

10.39.0

Important Changes

• feat(tanstackstart-react)!: Export Vite plugin from @sentry/tanstackstart-react/vite subpath (#19182)

  The sentryTanstackStart Vite plugin is now exported from a dedicated subpath. Update your import:

  - import { sentryTanstackStart } from '@sentry/tanstackstart-react';
  + import { sentryTanstackStart } from '@sentry/tanstackstart-react/vite';

• feat(tanstackstart-react): Auto-instrument server function middleware (#19001)

  The sentryTanstackStart Vite plugin now automatically instruments middleware in createServerFn().middleware([...]) calls. This captures performance data without requiring manual wrapping with wrapMiddlewaresWithSentry().

• feat(nextjs): New experimental automatic vercel cron monitoring (#19192)

  Setting _experimental.vercelCronMonitoring to true in your Sentry configuration will automatically create Sentry cron monitors for your Vercel Cron Jobs.

  Please note that this is an experimental unstable feature and subject to change.

  // next.config.ts
  export default withSentryConfig(nextConfig, {
    _experimental: {
      vercelCronMonitoring: true,
    },
  });

• feat(node-core): Add node-core/light (#18502)

  This release adds a new light-weight @sentry/node-core/light export to @sentry/node-core. The export acts as a light-weight SDK that does not depend on OpenTelemetry and emits no spans.

  Use this SDK when:

  • You only need error tracking, logs or metrics without tracing data (no spans)
  • You want to minimize bundle size and runtime overhead
  • You don't need spans emitted by OpenTelemetry instrumentation

  It supports error tracking and reporting, logs, metrics, automatic request isolation (requires Node.js 22+) and basic tracing via our Sentry.startSpan* APIs.

  Install the SDK by running

  npm install @sentry/node-core

  and add Sentry at the top of your application's entry file:

... (truncated)

Commits

• ab54c5c Make @sentry/opentelemetry not a peer dep in node-core
• f822e69 chore: Lint lerna.json
• c4708d2 release: 10.39.0
• b5e3094 chore: Revert to lerna v8 (#19294)
• 9dea581 Merge pull request #19281 from getsentry/prepare-release/10.39.0
• 12e467f meta(changelog): Update changelog for 10.39.0
• d7df7d4 ref(sveltekit): Use untrack to read route id without invalidation (#19272)
• 24b2ef2 fix(sveltekit): Detect used adapter via svelte.config.js (#19270)
• e051be4 feat(node-core): Add outgoing fetch trace propagation to light mode (#19262)
• eaf297f ref(core): Move shouldPropagateTraceForUrl from opentelemetry to core (#19258)
• Additional commits viewable in compare view

Updates caniuse-lite to 1.0.30001774

Commits

• 69eb4c5 Update caniuse-db 1.0.30001774
• 7d2a807 Update caniuse-db 1.0.30001772
• e4b5da2 Update caniuse-db 1.0.30001770
• See full diff in compare view

Updates @sentry/cli to 3.2.2

Release notes

Sourced from @​sentry/cli's releases.

3.2.2

Fixes

• Updated minimatch dependency to fix a vulnerability (#3153)

Changelog

Sourced from @​sentry/cli's changelog.

3.2.2

Fixes

• Updated minimatch dependency to fix a vulnerability (#3153)

3.2.1

Fixes

• The dart-symbol-map upload command now correctly resolves the organization from the auth token payload (#3065).
• Retry DNS resolution failures for sentry.io requests to reduce intermittent failures for some users (#3085)

3.2.0

Features

• Add sourceMaps.inject() for injecting debug IDs (#3088)
• Add --install-group parameter to sentry-cli build upload for controlling update visibility between builds (#3094)

Fixes

• Recognize *.ghe.com URLs as github_enterprise VCS provider (#3127).
• Fixed a bug where the dart-symbol-map command did not accept the --url argument (#3108).
• Add timeout to build upload polling loop to prevent infinite loop when server returns unexpected state (#3118).

3.1.0

New Features

• In the JavaScript API, added multi-project support to releases.newDeploy() method. This method now accept a projects option (array of project slugs), aligning them with the Rust CLI's multi-project capabilities and matching the existing behavior of releases.new() and releases.uploadSourceMaps() (#3001).

Improvements

• This release includes some changes to enable support for older self-hosted Sentry versions. With these changes, Sentry CLI now officially self-hosted Sentry versions 24.11.1 and above (#3070)

Fixes

• Fixed a bug that prevented project IDs from being used with the sentry-cli releases new command for users with self-hosted Sentry instances on versions older than 25.12.1 (#3068).
• Fixed a bug, introduced in version 3.0.0, where the sentry-cli releases list command ignored the --project option (#3048). The command now correctly can filter releases by a single project when supplied via --project. This change does not enable filtering by multiple projects, which has never been supported.

3.0.3

Fixes

• Fixed a bug on Intel-based macOS systems that prevented Sentry CLI from respecting self-signed certificates trusted in the macOS keychain (#3059).

3.0.2

Fixes

... (truncated)

Commits

• 9bc6419 release: 3.2.2
• 80c43aa chore: Update minimatch to non-vulnerable versions (#3153)
• fd544af build(npm): 🤖 Bump optional dependencies to 3.2.1
• 44136f4 Merge branch 'release/3.2.1'
• e83d576 release: 3.2.1
• 0b59f67 fix(api): Retry API requests on DNS resolution failure (#3085)
• e95d48c build(deps-dev): bump tar from 7.5.7 to 7.5.9 (#3149)
• 83ac26e build(deps): bump getsentry/craft from 2.20.0 to 2.21.2 (#3140)
• fb53552 build(deps): bump actions/cache from 5.0.2 to 5.0.3 (#3122)
• e745458 build(deps): bump docker/login-action from 3.6.0 to 3.7.0 (#3121)
• Additional commits viewable in compare view

Updates @wordpress/eslint-plugin to 24.2.0

Changelog

Sourced from @​wordpress/eslint-plugin's changelog.

24.2.0 (2026-02-18)

24.1.0 (2026-01-29)

Enhancements

• The dependency-group rule now accepts an optional "never" mode to forbid dependency group comments.

24.0.0 (2026-01-16)

Breaking Changes

• Updated recommended ruleset to enforce import/no-unresolved for @wordpress/ packages. These packages were previously exempted from the rule. (#72978)
• Removed default configuration of import/internal-regex to classify @wordpress/ packages as internal. From the perspective of an external consumer of this package, @wordpress/ packages should be considered external. (#72978)

New Features

• Added no-setting-ds-tokens rule to disallow setting Design System token CSS custom properties (--wpds-*). (#74325)
• Added no-unknown-ds-tokens rule to disallow unknown Design System tokens. (#74325)
• Added components-no-missing-40px-size-prop rule to opt-in to the new 40px default size for components from the @wordpress/components package. (#74611)
• Added components-no-unsafe-button-disabled rule to ensure that buttons from the @wordpress/components package are accessible when disabled. (#74611)

Enhancements

• The dependency-group rule is not recommended anymore. (#73616)

22.22.0 (2025-11-26)

22.21.0 (2025-11-12)

Enhancements

• Disabled import/no-unresolved, import/default, and import/named checks for TypeScript files when TypeScript is installed, since these issues are already checked by TypeScript.
• Improved resolution behavior to support modern package export semantics by updating default import resolver to eslint-import-resolver-typescript, including for non-TypeScript files.

22.20.0 (2025-10-29)

22.19.0 (2025-10-17)

22.18.0 (2025-10-01)

22.17.0 (2025-09-17)

22.16.0 (2025-09-03)

22.15.0 (2025-08-20)

22.14.0 (2025-08-07)

22.13.0 (2025-07-23)

... (truncated)

Commits

• 376124a chore(release): publish
• c5b9f23 Update changelog files
• 4416c63 Merge changes published in the Gutenberg plugin "release/22.6" branch
• See full diff in compare view

Updates jsonc-eslint-parser from 2.4.2 to 3.1.0

Release notes

Sourced from jsonc-eslint-parser's releases.

v3.1.0

Minor Changes

• #275 38d5905 Thanks @​ota-meshi! - feat: add tokenize()

v3.0.0

Major Changes

• #266 6d1679d Thanks @​copilot-swe-agent! - Drop support for Node.js versions older than 20.19.0. The new minimum supported versions are: ^20.19.0 || ^22.13.0 || >=24

• #268 e1c554a Thanks @​copilot-swe-agent! - Change to ESM-only package. This is a breaking change that requires Node.js environments that support ESM.

Changelog

Sourced from jsonc-eslint-parser's changelog.

3.1.0

Minor Changes

• #275 38d5905 Thanks @​ota-meshi! - feat: add tokenize()

3.0.0

Major Changes

• #266 6d1679d Thanks @​copilot-swe-agent! - Drop support for Node.js versions older than 20.19.0. The new minimum supported versions are: ^20.19.0 || ^22.13.0 || >=24

• #268 e1c554a Thanks @​copilot-swe-agent! - Change to ESM-only package. This is a breaking change that requires Node.js environments that support ESM.

Commits

• 03a4a3b chore: release jsonc-eslint-parser (#276)
• 38d5905 feat: add tokenize() (#275)
• f4e373e chore(deps): update dependency vite to v7 (#274)
• 6f4dd65 chore(deps): update dependency @​vitejs/plugin-vue to v6 (#273)
• 875c732 chore: migrate from Vue CLI to Vite in explorer (#272)
• 83ccca1 chore: release jsonc-eslint-parser (#269)
• 46d07e7 chore: remove unnecessary dev dependencies (#271)
• b8f9553 chore(deps): update eslint monorepo to v10 (major) (#264)
• 6285f9a chore: format
• 9d8918f chore(config): migrate config renovate.json (#270)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions