Bump the dev-dependencies group across 1 directory with 6 updates

[dependabot]

Updates the requirements on @sentry/browser, caniuse-lite, @sentry/cli, @wordpress/eslint-plugin, jsonc-eslint-parser and web-ext to permit the latest version.
Updates @sentry/browser to 10.42.0

Release notes

Sourced from @​sentry/browser's releases.

10.42.0

• feat(consola): Enhance Consola integration to extract first-param object as searchable attributes (#19534)
• fix(astro): Do not inject withSentry into Cloudflare Pages (#19558)
• fix(core): Do not remove promiseBuffer entirely (#19592)
• fix(deps): Bump fast-xml-parser to 4.5.4 for CVE-2026-25896 (#19588)
• fix(react-router): Set correct transaction name when navigating with object argument (#19590)
• ref(nuxt): Use addVitePlugin instead of deprecated vite:extendConfig (#19464)

• chore(deps-dev): bump @​sveltejs/kit from 2.52.2 to 2.53.3 (#19571)
• chore(deps): Bump @​sveltejs/kit to 2.53.3 in sveltekit-2-svelte-5 E2E test (#19594)
• ci(deps): bump actions/checkout from 4 to 6 (#19570)

Bundle size 📦

Path	Size
@​sentry/browser	25.02 KB
@​sentry/browser - with treeshaking flags	23.57 KB
@​sentry/browser (incl. Tracing)	41.44 KB
@​sentry/browser (incl. Tracing, Profiling)	45.99 KB
@​sentry/browser (incl. Tracing, Replay)	79.35 KB
@​sentry/browser (incl. Tracing, Replay) - with treeshaking flags	69.21 KB
@​sentry/browser (incl. Tracing, Replay with Canvas)	83.93 KB
@​sentry/browser (incl. Tracing, Replay, Feedback)	95.91 KB
@​sentry/browser (incl. Feedback)	41.44 KB
@​sentry/browser (incl. sendFeedback)	29.58 KB
@​sentry/browser (incl. FeedbackAsync)	34.52 KB
@​sentry/browser (incl. Metrics)	26.17 KB
@​sentry/browser (incl. Logs)	26.31 KB
@​sentry/browser (incl. Metrics & Logs)	26.96 KB
@​sentry/react	26.74 KB
@​sentry/react (incl. Tracing)	43.72 KB
@​sentry/vue	29.37 KB
@​sentry/vue (incl. Tracing)	43.26 KB
@​sentry/svelte	25.05 KB
CDN Bundle	27.51 KB
CDN Bundle (incl. Tracing)	42.25 KB
CDN Bundle (incl. Logs, Metrics)	28.33 KB
CDN Bundle (incl. Tracing, Logs, Metrics)	43.07 KB
CDN Bundle (incl. Replay, Logs, Metrics)	66.49 KB
CDN Bundle (incl. Tracing, Replay)	78.26 KB
CDN Bundle (incl. Tracing, Replay, Logs, Metrics)	79.1 KB
CDN Bundle (incl. Tracing, Replay, Feedback)	83.65 KB
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics)	84.5 KB
CDN Bundle - uncompressed	80.42 KB

... (truncated)

Changelog

Sourced from @​sentry/browser's changelog.

10.42.0

• feat(consola): Enhance Consola integration to extract first-param object as searchable attributes (#19534)
• fix(astro): Do not inject withSentry into Cloudflare Pages (#19558)
• fix(core): Do not remove promiseBuffer entirely (#19592)
• fix(deps): Bump fast-xml-parser to 4.5.4 for CVE-2026-25896 (#19588)
• fix(react-router): Set correct transaction name when navigating with object argument (#19590)
• ref(nuxt): Use addVitePlugin instead of deprecated vite:extendConfig (#19464)

• chore(deps-dev): bump @​sveltejs/kit from 2.52.2 to 2.53.3 (#19571)
• chore(deps): Bump @​sveltejs/kit to 2.53.3 in sveltekit-2-svelte-5 E2E test (#19594)
• ci(deps): bump actions/checkout from 4 to 6 (#19570)

10.41.0

Important Changes

• feat(core,cloudflare,deno): Add instrumentPostgresJsSql instrumentation (#19566)

  Added a new instrumentation helper for the postgres (postgres.js) library, designed for SDKs that are not based on OpenTelemetry (e.g. Cloudflare, Deno). This wraps a postgres.js sql tagged template instance so that all queries automatically create Sentry spans.

  import postgres from 'postgres';
  import * as Sentry from '@sentry/cloudflare'; // or '@sentry/deno'
  export default Sentry.withSentry(env => ({ dsn: 'DSN' }), {
  async fetch(request, env, ctx) {
  const sql = Sentry.instrumentPostgresJsSql(postgres(env.DATABASE_URL));
  // All queries now create Sentry spans
  const users = await sql`SELECT * FROM users WHERE id = ${userId}`;
  return Response.json(users);
  
  },
  });

  The instrumentation is available in @sentry/core, @sentry/cloudflare, and @sentry/deno.

• feat(nextjs): Add Turbopack support for thirdPartyErrorFilterIntegration (#19542)

  We added experimental support for the thirdPartyErrorFilterIntegration with Turbopack builds.

  This feature requires Next.js 16+ and is currently behind an experimental flag:

... (truncated)

Commits

• 07c9190 release: 10.42.0
• 193a78d Merge pull request #19601 from getsentry/prepare-release/10.42.0
• 8738f9b meta(changelog): Update changelog for 10.42.0
• f870073 fix(astro): Do not inject withSentry into Cloudflare Pages (#19558)
• 552187d chore(deps): Bump @​sveltejs/kit to 2.53.3 in sveltekit-2-svelte-5 E2E test (#...
• 1ffba2c fix(core): Do not remove promiseBuffer entirely (#19592)
• 4a7c056 fix(react-router): Set correct transaction name when navigating with object a...
• 003e894 ci(deps): bump actions/checkout from 4 to 6 (#19570)
• 5d4c0eb chore(deps-dev): bump @​sveltejs/kit from 2.52.2 to 2.53.3 (#19571)
• 116c3f3 fix(deps): Bump fast-xml-parser to 4.5.4 for CVE-2026-25896 (#19588)
• Additional commits viewable in compare view

Updates caniuse-lite to 1.0.30001777

Commits

• 825f178 Update caniuse-db 1.0.30001777
• 40dd4ee Update caniuse-db 1.0.30001776
• 575206f Update caniuse-db 1.0.30001775
• 69eb4c5 Update caniuse-db 1.0.30001774
• 7d2a807 Update caniuse-db 1.0.30001772
• e4b5da2 Update caniuse-db 1.0.30001770
• See full diff in compare view

Updates @sentry/cli to 3.3.0

Release notes

Sourced from @​sentry/cli's releases.

3.3.0

New Features

• Added sentry-cli proguard uuid <PATH> to compute and print the UUID for a ProGuard mapping file (#3176).

Improvements

• Moved sentry-cli upload-proguard to sentry-cli proguard upload, aligning the API with similar upload commands like debug-files upload and sourcemaps upload (#3174). sentry-cli upload-proguard remains supported as an alias, so no migration is required.

Experimental Feature 🧑‍🔬 (internal-only)

• Print snapshot URL after successful upload (#3167).

Changelog

Sourced from @​sentry/cli's changelog.

3.3.0

New Features

• Added sentry-cli proguard uuid <PATH> to compute and print the UUID for a ProGuard mapping file (#3176).

Improvements

• Moved sentry-cli upload-proguard to sentry-cli proguard upload, aligning the API with similar upload commands like debug-files upload and sourcemaps upload (#3174). sentry-cli upload-proguard remains supported as an alias, so no migration is required.

Experimental Feature 🧑‍🔬 (internal-only)

• Print snapshot URL after successful upload (#3167).

3.2.3

Experimental Feature 🧑‍🔬 (internal-only)

• Added experimental sentry-cli build snapshots command to upload build snapshots to a project (#3110).
  • This command uploads files from a specified directory to Sentry's Objectstore, associating them with a snapshot identifier.
  • The command is experimental and subject to breaking changes or removal in future releases.

3.2.2

Fixes

• Updated minimatch dependency to fix a vulnerability (#3153)

3.2.1

Fixes

• The dart-symbol-map upload command now correctly resolves the organization from the auth token payload (#3065).
• Retry DNS resolution failures for sentry.io requests to reduce intermittent failures for some users (#3085)

3.2.0

Features

• Add sourceMaps.inject() for injecting debug IDs (#3088)
• Add --install-group parameter to sentry-cli build upload for controlling update visibility between builds (#3094)

Fixes

• Recognize *.ghe.com URLs as github_enterprise VCS provider (#3127).
• Fixed a bug where the dart-symbol-map command did not accept the --url argument (#3108).
• Add timeout to build upload polling loop to prevent infinite loop when server returns unexpected state (#3118).

3.1.0

... (truncated)

Commits

• 6c22d76 release: 3.3.0
• 6003047 chore(proguard): Soft-deprecate the proguard upload --uuid flag (#3177)
• 08103e3 feat(proguard): Add UUID command for mapping files (#3176)
• 74ebf53 build(deps): Bump objectstore-client to 0.1.2 (#3183)
• c89b0de chore(heroku): Support HEROKU_BUILD_COMMIT env var (#3182)
• 7d63724 build(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 (#3168)
• 679e1c4 build(deps): bump getsentry/craft from 2.21.7 to 2.23.1 (#3169)
• 0576496 build(deps): bump github/codeql-action from 4.32.4 to 4.32.5 (#3171)
• 5804089 build(deps): bump actions/download-artifact from 7.0.0 to 8.0.0 (#3170)
• 3d148f3 ref(proguard): Move upload_proguard alias (#3175)
• Additional commits viewable in compare view

Updates @wordpress/eslint-plugin to 24.3.0

Changelog

Sourced from @​wordpress/eslint-plugin's changelog.

24.3.0 (2026-03-04)

New Features

• Added no-ds-tokens rule to disallow usage of Design System token CSS custom properties (--wpds-*).

Enhancements

• The no-unknown-ds-tokens rule now checks all string literals and template literals, not just JSX style attributes. It also reports dynamically constructed --wpds-* token names.

24.2.0 (2026-02-18)

24.1.0 (2026-01-29)

Enhancements

• The dependency-group rule now accepts an optional "never" mode to forbid dependency group comments.

24.0.0 (2026-01-16)

Breaking Changes

• Updated recommended ruleset to enforce import/no-unresolved for @wordpress/ packages. These packages were previously exempted from the rule. (#72978)
• Removed default configuration of import/internal-regex to classify @wordpress/ packages as internal. From the perspective of an external consumer of this package, @wordpress/ packages should be considered external. (#72978)

New Features

• Added no-setting-ds-tokens rule to disallow setting Design System token CSS custom properties (--wpds-*). (#74325)
• Added no-unknown-ds-tokens rule to disallow unknown Design System tokens. (#74325)
• Added components-no-missing-40px-size-prop rule to opt-in to the new 40px default size for components from the @wordpress/components package. (#74611)
• Added components-no-unsafe-button-disabled rule to ensure that buttons from the @wordpress/components package are accessible when disabled. (#74611)

Enhancements

• The dependency-group rule is not recommended anymore. (#73616)

22.22.0 (2025-11-26)

22.21.0 (2025-11-12)

Enhancements

• Disabled import/no-unresolved, import/default, and import/named checks for TypeScript files when TypeScript is installed, since these issues are already checked by TypeScript.
• Improved resolution behavior to support modern package export semantics by updating default import resolver to eslint-import-resolver-typescript, including for non-TypeScript files.

22.20.0 (2025-10-29)

22.19.0 (2025-10-17)

22.18.0 (2025-10-01)

... (truncated)

Commits

• 8bfc179 chore(release): publish
• ccb148d Update changelog files
• 33834c6 Merge changes published in the Gutenberg plugin "release/22.7" branch
• 376124a chore(release): publish
• c5b9f23 Update changelog files
• 4416c63 Merge changes published in the Gutenberg plugin "release/22.6" branch
• See full diff in compare view

Updates jsonc-eslint-parser from 2.4.2 to 3.1.0

Release notes

Sourced from jsonc-eslint-parser's releases.

v3.1.0

Minor Changes

• #275 38d5905 Thanks @​ota-meshi! - feat: add tokenize()

v3.0.0

Major Changes

• #266 6d1679d Thanks @​copilot-swe-agent! - Drop support for Node.js versions older than 20.19.0. The new minimum supported versions are: ^20.19.0 || ^22.13.0 || >=24

• #268 e1c554a Thanks @​copilot-swe-agent! - Change to ESM-only package. This is a breaking change that requires Node.js environments that support ESM.

Changelog

Sourced from jsonc-eslint-parser's changelog.

3.1.0

Minor Changes

• #275 38d5905 Thanks @​ota-meshi! - feat: add tokenize()

3.0.0

Major Changes

• #266 6d1679d Thanks @​copilot-swe-agent! - Drop support for Node.js versions older than 20.19.0. The new minimum supported versions are: ^20.19.0 || ^22.13.0 || >=24

• #268 e1c554a Thanks @​copilot-swe-agent! - Change to ESM-only package. This is a breaking change that requires Node.js environments that support ESM.

Commits

• 03a4a3b chore: release jsonc-eslint-parser (#276)
• 38d5905 feat: add tokenize() (#275)
• f4e373e chore(deps): update dependency vite to v7 (#274)
• 6f4dd65 chore(deps): update dependency @​vitejs/plugin-vue to v6 (#273)
• 875c732 chore: migrate from Vue CLI to Vite in explorer (#272)
• 83ccca1 chore: release jsonc-eslint-parser (#269)
• 46d07e7 chore: remove unnecessary dev dependencies (#271)
• b8f9553 chore(deps): update eslint monorepo to v10 (major) (#264)
• 6285f9a chore: format
• 9d8918f chore(config): migrate config renovate.json (#270)
• Additional commits viewable in compare view

Updates web-ext to 9.4.0

Release notes

Sourced from web-ext's releases.

9.4.0 (2026-03-04)

main changes

Not much, but this is likely the last release officially supporting Node 20.

dependencies

• Updated: dependency addons-linter to 9.9.1 (#3630)

dev dependencies

• Updated: dependency @commitlint/cli to 20.4.3 (#3637)
• Updated: dependency @commitlint/config-conventional (#3623)
• Updated: dependency @commitlint/config-conventional to 20.4.3 (#3638)
• Updated: dependency @eslint/eslintrc to 3.3.4 (#3632)
• Updated: dependency ajv to 6.14.0 (#3624)
• Updated: dependency fs-extra to 11.3.4 (#3639)
• Updated: dependency globals to 17.4.0 (#3635)
• Updated: dependency nyc to 18.0.0 (#3634)
• Updated: dependency sinon to 21.0.2 (#3643)

---

See all changes: mozilla/web-ext@9.3.0...9.4.0

Commits

• 5d07048 9.4.0
• e33b4ed chore(deps-dev): bump @​commitlint/cli from 20.4.2 to 20.4.3 (#3637)
• 91f1fe1 chore(deps-dev): bump @​commitlint/config-conventional from 20.4.2 to 20.4.3 (...
• b87ebc4 chore(deps-dev): bump sinon from 21.0.1 to 21.0.2 (#3643)
• ad9162a chore(deps-dev): bump fs-extra from 11.3.3 to 11.3.4 (#3639)
• bcd120f chore(deps-dev): bump globals from 17.3.0 to 17.4.0 (#3635)
• 0a9d891 chore(audit): Ignore npm audit error caused by mocha (#3642)
• 6b8b098 Run npm audit fix (#3640)
• 05c09a5 chore(deps-dev): bump nyc from 17.1.0 to 18.0.0 (#3634)
• 3b746a9 chore(deps-dev): bump @​eslint/eslintrc from 3.3.3 to 3.3.4 (#3632)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.