fix(deps): update npm minor and patch dependencies

[red-hat-konflux]

Note: This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@cypress/code-coverage	^4.0.0 -> ^4.0.1			devDependencies	patch
@formatjs/cli	^6.7.4 -> ^6.13.1			dependencies	minor
@patternfly/react-charts	^8.4.0 -> ^8.4.1			dependencies	patch
@patternfly/react-core	^6.4.0 -> ^6.4.1			dependencies	patch
@patternfly/react-table (source)	^6.4.0 -> ^6.4.1			dependencies	patch
@playwright/test (source)	^1.56.1 -> ^1.58.2			devDependencies	patch
@pmmmwh/react-refresh-webpack-plugin	^0.6.1 -> ^0.6.2			devDependencies	patch
@redhat-cloud-services/chrome (source)	^2.0.15 -> ^2.0.45			dependencies	patch
@redhat-cloud-services/entitlements-client	^4.0.7 -> ^4.0.8			dependencies	patch
@redhat-cloud-services/eslint-config-redhat-cloud-services (source)	^3.0.1 -> ^3.0.31			devDependencies	patch
@redhat-cloud-services/frontend-components (source)	^7.0.11 -> ^7.0.44			dependencies	patch
@redhat-cloud-services/frontend-components-config-utilities	^4.7.1 -> ^4.7.31			devDependencies	patch
@redhat-cloud-services/types (source)	^3.3.28 -> ^3.3.31			devDependencies	patch
@segment/analytics-next (source)	^1.81.1 -> ^1.82.0			dependencies	minor
@sentry/browser (source)	^10.39.0 -> ^10.42.0			dependencies	minor
@sentry/react (source)	^10.39.0 -> ^10.42.0			dependencies	minor
@simonsmith/cypress-image-snapshot	^10.0.0 -> ^10.0.3			devDependencies	patch
@swc/core (source)	^1.13.20 -> ^1.15.18			devDependencies	patch
@testing-library/dom	^10.0.0 -> ^10.4.1			devDependencies	patch
@testing-library/jest-dom	^6.0.0 -> ^6.9.1			devDependencies	patch
@testing-library/react	^16.0.0 -> ^16.3.2			devDependencies	patch
@types/lodash (source)	^4.17.20 -> ^4.17.24			devDependencies	patch
@types/node (source)	^25.0.0 -> ^25.4.0			devDependencies	minor
@types/react (source)	^18.3.26 -> ^18.3.28			devDependencies	patch
@types/sanitize-html (source)	^2.16.0 -> ^2.16.1			devDependencies	patch
@types/urijs (source)	^1.19.25 -> ^1.19.26			devDependencies	patch
@typescript-eslint/eslint-plugin (source)	^8.46.2 -> ^8.57.0			devDependencies	minor
@typescript-eslint/parser (source)	^8.46.2 -> ^8.57.0			devDependencies	minor
axios (source)	^1.13.5 -> ^1.13.6			dependencies	patch
axios-cache-interceptor (source)	^1.11.2 -> ^1.12.0			dependencies	minor
broadcast-channel (source)	^7.1.0 -> ^7.3.0			dependencies	patch
commander	^14.0.0 -> ^14.0.3			dependencies	patch
css-loader	^7.1.2 -> ^7.1.4			devDependencies	patch
cypress (source)	^15.0.0 -> ^15.11.0			devDependencies	minor
glob	^13.0.0 -> ^13.0.6			devDependencies	patch
html-webpack-plugin	^5.6.4 -> ^5.6.6			devDependencies	patch
jest (source)	^30.0.0 -> ^30.3.0			devDependencies	minor
jest-environment-jsdom (source)	^30.0.0 -> ^30.3.0			devDependencies	minor
jotai	^2.15.0 -> ^2.18.1			dependencies	minor
jws	^4.0.0 -> ^4.0.1			devDependencies	patch
lodash (source)	^4.17.21 -> ^4.17.23			dependencies	patch
mini-css-extract-plugin	^2.9.4 -> ^2.10.0			devDependencies	patch
node (source)	>=20.19.0 -> >=20.20.1			engines	minor
npm (source)	>=10.0.0 -> >=10.9.5			engines	minor
oidc-client-ts	^3.4.0 -> ^3.4.1			dependencies	patch
react-router-dom (source)	^6.30.1 -> ^6.30.3			dependencies	patch
sanitize-html (source)	^2.17.0 -> ^2.17.1			dependencies	patch
sass	^1.93.2 -> ^1.97.3			devDependencies	patch
sass-loader	^16.0.0 -> ^16.0.7			devDependencies	patch
swc-loader	^0.2.6 -> ^0.2.7			devDependencies	patch
terser-webpack-plugin	^5.3.14 -> ^5.3.17			devDependencies	patch
title-case (source)	^4.0.0 -> ^4.3.2			dependencies	patch
typescript-eslint (source)	^8.46.2 -> ^8.57.0			devDependencies	minor
wait-on	^9.0.0 -> ^9.0.4			devDependencies	patch
webpack	^5.102.1 -> ^5.105.4			devDependencies	patch
webpack-bundle-analyzer	^5.0.0 -> ^5.2.0			devDependencies	patch
webpack-cli (source)	^6.0.0 -> ^6.0.1			devDependencies	patch
webpack-dev-server	^5.2.2 -> ^5.2.3			devDependencies	patch

---

Release Notes

cypress-io/code-coverage (@​cypress/code-coverage)

v4.0.1

Compare Source

Bug Fixes

• deps: update dependency dayjs to v1.11.19 (#​983) (a9a10f4)

formatjs/formatjs (@​formatjs/cli)

v6.13.1

Compare Source

Bug Fixes

• use vue ^3.5.0 range in peer dependencies (#​6064) (022ccbf), closes #​6062 - by @​longlho

v6.13.0

Compare Source

Bug Fixes

• formatjs_cli: fix newlines/whitespace handling to conform with TS version, fix #​6021 (#​6022) (3ca6e76) - by @​longlho

Features

• @​formatjs/cli-lib: migrate from chalk to native Node styleText, bump min Node version to 20.12.0 (49bd2ad) - by @​longlho

RedHatInsights/frontend-components (@​redhat-cloud-services/chrome)

v2.0.45

Compare Source

v2.0.44

Compare Source

v2.0.43

Compare Source

RedHatInsights/javascript-clients (@​redhat-cloud-services/entitlements-client)

v4.0.8

Compare Source

RedHatInsights/frontend-components (@​redhat-cloud-services/types)

v3.3.31

Compare Source

v3.3.30

Compare Source

v3.3.29

Compare Source

segmentio/analytics-next (@​segment/analytics-next)

v1.82.0

Compare Source

Minor Changes

• #​1350 d41ca131 Thanks @​mschasz! - Upgrade AWS SDK from v2 to v3 in browser release script.

v1.81.2

Compare Source

Patch Changes

• #​1341 6477267f Thanks @​MichaelGHSeg! - Emit analytics_js.integration.invoke.error metric for destination load and build failures that were previously silent

getsentry/sentry-javascript (@​sentry/browser)

v10.42.0

Compare Source

• feat(consola): Enhance Consola integration to extract first-param object as searchable attributes (#​19534)
• fix(astro): Do not inject withSentry into Cloudflare Pages (#​19558)
• fix(core): Do not remove promiseBuffer entirely (#​19592)
• fix(deps): Bump fast-xml-parser to 4.5.4 for CVE-2026-25896 (#​19588)
• fix(react-router): Set correct transaction name when navigating with object argument (#​19590)
• ref(nuxt): Use addVitePlugin instead of deprecated vite:extendConfig (#​19464)

Internal Changes

• chore(deps-dev): bump @​sveltejs/kit from 2.52.2 to 2.53.3 (#​19571)
• chore(deps): Bump @​sveltejs/kit to 2.53.3 in sveltekit-2-svelte-5 E2E test (#​19594)
• ci(deps): bump actions/checkout from 4 to 6 (#​19570)

v10.41.0

Compare Source

Important Changes

• feat(core,cloudflare,deno): Add instrumentPostgresJsSql instrumentation (#​19566)

  Added a new instrumentation helper for the postgres (postgres.js) library, designed for
  SDKs that are not based on OpenTelemetry (e.g. Cloudflare, Deno). This wraps a postgres.js sql tagged template instance so that
  all queries automatically create Sentry spans.

  import postgres from 'postgres';
  import * as Sentry from '@​sentry/cloudflare'; // or '@​sentry/deno'
  
  export default Sentry.withSentry(env => ({ dsn: '__DSN__' }), {
    async fetch(request, env, ctx) {
      const sql = Sentry.instrumentPostgresJsSql(postgres(env.DATABASE_URL));
  
      // All queries now create Sentry spans
      const users = await sql`SELECT * FROM users WHERE id = ${userId}`;
      return Response.json(users);
    },
  });

  The instrumentation is available in @sentry/core, @sentry/cloudflare, and @sentry/deno.

• feat(nextjs): Add Turbopack support for thirdPartyErrorFilterIntegration (#​19542)

  We added experimental support for the thirdPartyErrorFilterIntegration with Turbopack builds.

  This feature requires Next.js 16+ and is currently behind an experimental flag:

  // next.config.ts
  import { withSentryConfig } from '@​sentry/nextjs';
  
  export default withSentryConfig(nextConfig, {
    _experimental: {
      turbopackApplicationKey: 'my-app-key',
    },
  });

  Then configure the integration in your client instrumentation file with a matching key:

  // instrumentation-client.ts
  import * as Sentry from '@​sentry/nextjs';
  
  Sentry.init({
    integrations: [
      Sentry.thirdPartyErrorFilterIntegration({
        filterKeys: ['my-app-key'],
        behaviour: 'apply-tag-if-exclusively-contains-third-party-frames',
      }),
    ],
  });

Other Changes

• feat(core,cloudflare): Add dispose to the client for proper cleanup (#​19506)
• feat(deps): Bump rxjs from 7.8.1 to 7.8.2 (#​19545)
• feat(nextjs): Use not: foreign condition in turbopack loaders (#​19502)
• feat(react-router): Include middleware function names and indices (#​19109)
• fix(consola): Normalize extra keys from consola (#​19511)
• fix(core): Improve message truncation for multimodal content and normalize streaming span names (#​19500)
• fix(core): Strip inline media from multimodal content before stringification (#​19540)
• fix(deps): Bump transitive rollup deps to patch CVE-2026-27606 (#​19565)
• fix(langchain): Use runName argument in handleChainStart to fix unknown_chain spans (#​19554)
• fix(nestjs): Improve control flow exception filtering (#​19524)
• fix(tanstackstart-react): Flush events in server entry point for serverless environments (#​19513)
• fix(vue): Avoid triggering deprecated next callback from router instrumentation (#​19476)

Internal Changes

• chore: Updating minimatch (#​19434)
• chore(agents): Add dotagents (#​19526)
• chore(agents): Add nested AGENTS.md for browser (#​19551)
• chore(agents): Add nested AGENTS.md for nextjs (#​19556)
• chore(agents): Consolidate SDK dev rules into AGENTS.md (#​19521)
• chore(agents): Migrate repo-wide cursor rules to skills (#​19549)
• chore(agents): Remove stale cursor commands (#​19560)
• chore(ci): Validate alert id (#​19499)
• chore(deps): Bump rollup to 4.59.0 to fix path traversal vulnerability (#​19538)
• chore(lint): Remove junit report file (#​19491)
• chore(svelte,sveltekit): Use version range for magic-string (#​19520)
• chore(tanstackstart): Fix leftover formatting issue (#​19536)
• test(consola): Restructure tests (#​19517)
• test(node): Test runName parameter in handleChainStart for langchain (#​19562)

Work in this release was contributed by @​YevheniiKotyrlo. Thank you for your contribution!

v10.40.0

Compare Source

Important Changes

• feat(tanstackstart-react): Add global sentry exception middlewares (#​19330)

  The sentryGlobalRequestMiddleware and sentryGlobalFunctionMiddleware global middlewares capture unhandled exceptions thrown in TanStack Start API routes and server functions. Add them as the first entries in the requestMiddleware and functionMiddleware arrays of createStart():

  import { createStart } from '@​tanstack/react-start/server';
  import { sentryGlobalRequestMiddleware, sentryGlobalFunctionMiddleware } from '@​sentry/tanstackstart-react/server';
  
  export default createStart({
    requestMiddleware: [sentryGlobalRequestMiddleware, myRequestMiddleware],
    functionMiddleware: [sentryGlobalFunctionMiddleware, myFunctionMiddleware],
  });

• feat(tanstackstart-react)!: Export Vite plugin from @sentry/tanstackstart-react/vite subpath (#​19182)

  The sentryTanstackStart Vite plugin is now exported from a dedicated subpath. Update your import:

  - import { sentryTanstackStart } from '@​sentry/tanstackstart-react';
  + import { sentryTanstackStart } from '@​sentry/tanstackstart-react/vite';

• fix(node-core): Reduce bundle size by removing apm-js-collab and requiring pino >= 9.10 (#​18631)

  In order to keep receiving pino logs, you need to update your pino version to >= 9.10, the reason for the support bump is to reduce the bundle size of the node-core SDK in frameworks that cannot tree-shake the apm-js-collab dependency.

• fix(browser): Ensure user id is consistently added to sessions (#​19341)

  Previously, the SDK inconsistently set the user id on sessions, meaning sessions were often lacking proper coupling to the user set for example via Sentry.setUser().
  Additionally, the SDK incorrectly skipped starting a new session for the first soft navigation after the pageload.
  This patch fixes these issues. As a result, metrics around sessions, like "Crash Free Sessions" or "Crash Free Users" might change.
  This could also trigger alerts, depending on your set thresholds and conditions.
  We apologize for any inconvenience caused!

  While we're at it, if you're using Sentry in a Single Page App or meta framework, you might want to give the new 'page' session lifecycle a try!
  This new mode no longer creates a session per soft navigation but continues the initial session until the next hard page refresh.
  Check out the docs to learn more!

• ref!(gatsby): Drop Gatsby v2 support (#​19467)

  We drop support for Gatsby v2 (which still relies on webpack 4) for a critical security update in https://github.com/getsentry/sentry-javascript-bundler-plugins/releases/tag/5.0.0

Other Changes

• feat(astro): Add support for Astro on CF Workers (#​19265)
• feat(cloudflare): Instrument async KV API (#​19404)
• feat(core): Add framework-agnostic tunnel handler (#​18892)
• feat(deno): Export logs API from Deno SDK (#​19313)
• feat(deno): Export metrics API from Deno SDK (#​19305)
• feat(deno): instrument Deno.serve with async context support (#​19230)
• feat(deps): bump babel-loader from 8.2.5 to 10.0.0 (#​19303)
• feat(deps): bump body-parser from 1.20.4 to 2.2.2 (#​19191)
• feat(deps): Bump hono from 4.11.7 to 4.11.10 (#​19440)
• feat(deps): bump qs from 6.14.1 to 6.14.2 (#​19310)
• feat(deps): bump the opentelemetry group with 4 updates (#​19425)
• feat(feedback): Add setTheme() to dynamically update feedback widget color scheme (#​19430)
• feat(nextjs): Add sourcemaps.filesToDeleteAfterUpload as a top-level option (#​19280)
• feat(node): Add ignoreConnectSpans option to postgresIntegration (#​19291)
• feat(node): Bump to latest @​fastify/otel (#​19452)
• fix: Bump bundler plugins to v5 (#​19468)
• fix: updated the codecov config (#​19350)
• fix(aws-serverless): Prevent crash in isPromiseAllSettledResult with null/undefined array elements (#​19346)
• fix(bun) Export pinoIntegration from @​sentry/node (#​17990)
• fix(core,browser): Delete SentryNonRecordingSpan from fetch/xhr map (#​19336)
• fix(core): Explicitly flush log buffer in client.close() (#​19371)
• fix(core): Langgraph state graph invoke accepts null to resume (#​19374)
• fix(core): Wrap decodeURI in node stack trace parser to handle malformed URIs (#​19400)
• fix(deps): Bump nuxt devDependency to fix CVE-2026-24001 (#​19249)
• fix(deps): Bump to latest version of each minimatch major (#​19486)
• fix(nextjs): Apply environment from options if set (#​19274)
• fix(nextjs): Don't set sentry.drop_transaction attribute on spans when skipOpenTelemetrySetup is enabled (#​19333)
• fix(nextjs): Normalize trailing slashes in App Router route parameterization (#​19365)
• fix(nextjs): Return correct lastEventId for SSR pages (#​19240)
• fix(nextjs): Set parameterized transaction name for non-transaction events (#​19316)
• fix(node-core): Align pino mechanism type with spec conventions (#​19363)
• fix(nuxt): Use options.rootDir instead of options.srcDir (#​19343)

Internal Changes

- test(nextjs): Add bun e2e test app ([#​19318](https://redirect.github.com/getsentry/sentry-javascript/pull/19318)) - test(nextjs): Deactivate canary test for cf-workers ([#​19483](https://redirect.github.com/getsentry/sentry-javascript/pull/19483)) - tests(langchain): Fix langchain v1 internal error tests ([#​19409](https://redirect.github.com/getsentry/sentry-javascript/pull/19409)) - ref(nuxt): Remove `defineNitroPlugin` wrapper ([#​19334](https://redirect.github.com/getsentry/sentry-javascript/pull/19334)) - ref(cloudflare): Move internal files and functions around ([#​19369](https://redirect.github.com/getsentry/sentry-javascript/pull/19369)) - chore: Add external contributor to CHANGELOG.md ([#​19395](https://redirect.github.com/getsentry/sentry-javascript/pull/19395)) - chore: Add github action to notify stale PRs ([#​19361](https://redirect.github.com/getsentry/sentry-javascript/pull/19361)) - chore: add oxfmt changes to blame ignore rev list ([#​19366](https://redirect.github.com/getsentry/sentry-javascript/pull/19366)) - chore: Enhance AI integration guidelines with runtime-specific placem… ([#​19296](https://redirect.github.com/getsentry/sentry-javascript/pull/19296)) - chore: Ignore `lerna.json` for prettier ([#​19288](https://redirect.github.com/getsentry/sentry-javascript/pull/19288)) - chore: migrate to oxfmt ([#​19200](https://redirect.github.com/getsentry/sentry-javascript/pull/19200)) - chore: Revert to lerna v8 ([#​19294](https://redirect.github.com/getsentry/sentry-javascript/pull/19294)) - chore: Unignore HTML files and reformat with oxfmt ([#​19311](https://redirect.github.com/getsentry/sentry-javascript/pull/19311)) - chore(ci): Adapt max turns of triage issue agent ([#​19473](https://redirect.github.com/getsentry/sentry-javascript/pull/19473)) - chore(ci): Add `environment` to triage action ([#​19375](https://redirect.github.com/getsentry/sentry-javascript/pull/19375)) - chore(ci): Add `id-token: write` permission to triage workflow ([#​19381](https://redirect.github.com/getsentry/sentry-javascript/pull/19381)) - chore(ci): Move monorepo to nx ([#​19325](https://redirect.github.com/getsentry/sentry-javascript/pull/19325)) - chore(cursor): Add rules for fetching develop docs ([#​19377](https://redirect.github.com/getsentry/sentry-javascript/pull/19377)) - chore(deps-dev): Bump @​sveltejs/kit from 2.49.5 to 2.52.2 in /dev-packages/e2e-tests/test-applications/sveltekit-2 ([#​19441](https://redirect.github.com/getsentry/sentry-javascript/pull/19441)) - chore(deps-dev): Bump @​sveltejs/kit from 2.49.5 to 2.52.2 in /dev-packages/e2e-tests/test-applications/sveltekit-2-kit-tracing ([#​19446](https://redirect.github.com/getsentry/sentry-javascript/pull/19446)) - chore(deps-dev): Bump @​sveltejs/kit from 2.49.5 to 2.52.2 in /dev-packages/e2e-tests/test-applications/sveltekit-cloudflare-pages ([#​19462](https://redirect.github.com/getsentry/sentry-javascript/pull/19462)) - chore(deps-dev): Bump @​sveltejs/kit from 2.50.1 to 2.52.2 ([#​19442](https://redirect.github.com/getsentry/sentry-javascript/pull/19442)) - chore(deps-dev): bump @​testing-library/react from 13.0.0 to 15.0.5 ([#​19194](https://redirect.github.com/getsentry/sentry-javascript/pull/19194)) - chore(deps-dev): bump @​types/ember__debug from 3.16.5 to 4.0.8 ([#​19429](https://redirect.github.com/getsentry/sentry-javascript/pull/19429)) - chore(deps-dev): bump ember-resolver from 13.0.2 to 13.1.1 ([#​19301](https://redirect.github.com/getsentry/sentry-javascript/pull/19301)) - chore(deps): Bump @​actions/glob from 0.4.0 to 0.6.1 ([#​19427](https://redirect.github.com/getsentry/sentry-javascript/pull/19427)) - chore(deps): bump agents from 0.2.32 to 0.3.10 in /dev-packages/e2e-tests/test-applications/cloudflare-mcp ([#​19326](https://redirect.github.com/getsentry/sentry-javascript/pull/19326)) - chore(deps): Bump hono from 4.11.7 to 4.11.10 in /dev-packages/e2e-tests/test-applications/cloudflare-hono ([#​19438](https://redirect.github.com/getsentry/sentry-javascript/pull/19438)) - chore(deps): Bump Sentry CLI to latest v2 ([#​19477](https://redirect.github.com/getsentry/sentry-javascript/pull/19477)) - chore(deps): Bump transitive dep `fast-xml-parser` ([#​19433](https://redirect.github.com/getsentry/sentry-javascript/pull/19433)) - chore(deps): upgrade tar to 7.5.9 to fix CVE-2026-26960 ([#​19445](https://redirect.github.com/getsentry/sentry-javascript/pull/19445)) - chore(github): Add `allowedTools` to Claude GitHub action ([#​19386](https://redirect.github.com/getsentry/sentry-javascript/pull/19386)) - chore(github): Add workflow to trigger `triage-issue` skill ([#​19358](https://redirect.github.com/getsentry/sentry-javascript/pull/19358)) - chore(github): Add write tool for markdown report ([#​19387](https://redirect.github.com/getsentry/sentry-javascript/pull/19387)) - chore(github): Change tool permission path ([#​19389](https://redirect.github.com/getsentry/sentry-javascript/pull/19389)) - chore(llm): Add `triage-issue` skill ([#​19356](https://redirect.github.com/getsentry/sentry-javascript/pull/19356)) - chore(llm): Better defense against prompt injection in triage skill ([#​19410](https://redirect.github.com/getsentry/sentry-javascript/pull/19410)) - chore(llm): Make cross-repo search optional and remove file cleanup ([#​19401](https://redirect.github.com/getsentry/sentry-javascript/pull/19401)) - chore(node-core): Make @​sentry/opentelemetry not a peer dep in node… ([#​19308](https://redirect.github.com/getsentry/sentry-javascript/pull/19308)) - chore(repo): Allow WebFetch for Sentry docs in Claude settings ([#​18890](https://redirect.github.com/getsentry/sentry-javascript/pull/18890)) - chore(repo): Increase number of concurrently running nx tasks ([#​19443](https://redirect.github.com/getsentry/sentry-javascript/pull/19443)) - chore(skills): Add security notes for injection defense ([#​19379](https://redirect.github.com/getsentry/sentry-javascript/pull/19379)) - chore(triage-action): Fix JSON parsing ([#​19471](https://redirect.github.com/getsentry/sentry-javascript/pull/19471)) - chore(triage-issue): Improve triage prompt for accuracy ([#​19454](https://redirect.github.com/getsentry/sentry-javascript/pull/19454)) - chore(triage-skill): Add GitHub parsing python util script ([#​19405](https://redirect.github.com/getsentry/sentry-javascript/pull/19405)) - chore(triage-skill): Increase `num_turns` and add script to post summary ([#​19456](https://redirect.github.com/getsentry/sentry-javascript/pull/19456)) - ci(fix-security-vulnerability): Add id token write permission ([#​19412](https://redirect.github.com/getsentry/sentry-javascript/pull/19412)) - ci(fix-security-vulnerability): Be specific about how to fetch the alert page ([#​19414](https://redirect.github.com/getsentry/sentry-javascript/pull/19414)) - ci(fix-security-vulnerability): Run fetch alert first before executing skill ([#​19418](https://redirect.github.com/getsentry/sentry-javascript/pull/19418)) - ci(fix-s

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[Hyperkid123]

/retest

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Updates package.json to require Node >=16.20.2 and npm >=7.24.2 and applies widespread version bumps for production and development dependencies; project scripts and exported/public API declarations are unchanged.

Changes

Cohort / File(s)

Summary

Dependency manifest package.json

Raised engines to node >=16.20.2, npm >=7.24.2. Extensive dependency and devDependency version upgrades across testing (Playwright, Cypress, Jest), build tooling (webpack, swc, loaders, terser), linting/TS tooling (ESLint, @typescript-eslint), UI/platform libs (PatternFly, frontend-components, chrome, host-inventory, entitlements), Sentry, axios, router/sanitizers, and various utilities. No changes to scripts or exported/public APIs.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~15 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the primary change: updating npm minor and patch dependencies in package.json.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description check	✅ Passed	The PR description clearly relates to the changeset, detailing dependency and devDependency version updates across package.json.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch konflux/mintmaker/master/npm-minor-and-patch-dependencies

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (1)

package.json (1)

80-80: @types/node: ^25.3.0 version skew with engines.node: >=16.20.2

@types/node@25.x provides typings for Node.js v25 APIs. With the engine constraint still allowing Node 16.x–17.x, this version skew can surface type-completions (and successful type-checks) for APIs that simply don't exist at runtime on older supported Node versions (e.g. fs.glob, newer crypto methods).

If Node 16 support is being dropped (as the Jest 30 upgrade implies), this is fine. Otherwise, consider pinning @types/node to a version matching the minimum supported runtime, e.g., ^18.x or ^20.x.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@package.json` at line 80, The package.json currently depends on
"@types/node": "^25.3.0" which targets Node v25 typings and is inconsistent with
the declared engines.node constraint; update package.json so the runtime typings
match the supported Node version—either lower the "@types/node" version to one
that matches your minimum supported runtime (e.g., "@types/node": "^18.x" or
"^20.x") or, if you intend to drop Node 16, bump the engines.node field to the
new minimum (e.g., "engines": { "node": ">=18.x" }) so "@types/node" and
engines.node are aligned.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@package.json`:
- Around line 154-155: The dependency change flipped `@sentry/browser` and
`@sentry/react` from exact pins to caret ranges; restore intentional pinning or
document the change: update package.json to use the exact versions previously
pinned (e.g., "@sentry/browser": "10.39.0", "@sentry/react": "10.39.0") if the
lock was deliberate, or add a brief PR note/commit message explaining and
approving the deliberate switch to caret ranges (e.g., "^10.40.0") so
maintainers know this is intentional rather than an accidental Renovate update.
- Around line 6-7: Update the Node engine constraint in package.json so it
matches Jest 30's minimum Node requirement: change the "engines.node" value from
">=16.20.2" to ">=18.0.0"; edit the package.json "engines" object (the
"engines.node" field) to tighten the range and ensure CI/dev environments using
Node 16 won't run an incompatible Jest 30 test suite.
- Around line 99-100: Update verification for the Jest 30 upgrade: ensure CI and
runtime targets Node 22+ (adjust CI configs if needed), bump TypeScript to >=5.4
in devDependencies, run the full test suite and update snapshots where
object-matchers now exclude non-enumerable properties, confirm the custom test
environment file config/jest-environment-jsdom.js still exposes
jsdomReconfigure() for tests mutating window.location, and if you have a custom
TestSequencer (class extending TestSequencer) update its signature to accept the
new context parameters per the Jest 30 TestSequencer API; all changes relate to
the updated "jest" and "jest-environment-jsdom" entries in package.json.

---

Nitpick comments:
In `@package.json`:
- Line 80: The package.json currently depends on "@types/node": "^25.3.0" which
targets Node v25 typings and is inconsistent with the declared engines.node
constraint; update package.json so the runtime typings match the supported Node
version—either lower the "@types/node" version to one that matches your minimum
supported runtime (e.g., "@types/node": "^18.x" or "^20.x") or, if you intend to
drop Node 16, bump the engines.node field to the new minimum (e.g., "engines": {
"node": ">=18.x" }) so "@types/node" and engines.node are aligned.

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to Reviews -> Disable Knowledge Base setting

📥 Commits

Reviewing files that changed from the base of the PR and between 8c4dab3 and d90a36b.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• package.json

[coderabbitai]

♻️ Duplicate comments (1)

package.json (1)

6-7: ⚠️ Potential issue | 🟠 Major

Tighten engines.node; current range allows unsupported runtimes for upgraded tooling.

Line 6 still permits Node 16+, but this dependency set now includes tools that require newer Node versions (notably Jest 30, Cypress 15, webpack-cli 6). This can allow incompatible environments to install and then fail during test/build.

🔧 Proposed fix

-    "node": ">=16.20.2",
+    "node": ">=20.0.0",

#!/bin/bash
set -euo pipefail

echo "Project engines.node:"
jq -r '.engines.node' package.json

for spec in "jest@30.2.0" "jest-environment-jsdom@30.2.0" "cypress@15.11.0" "webpack-cli@6.0.1"; do
  pkg="${spec%@*}"
  ver="${spec#*@}"
  echo ""
  echo "== $spec engines.node =="
  curl -fsSL "https://registry.npmjs.org/${pkg}/${ver}" | jq -r '.engines.node // "no engines.node declared"'
done

Sources:

• https://jestjs.io/docs/upgrading-to-jest30
• https://docs.cypress.io/app/references/migration-guide
• https://github.com/webpack/webpack-cli/releases

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@package.json` around lines 6 - 7, Update the package.json "engines.node"
field to require a newer Node LTS that is compatible with Jest 30, Cypress 15
and webpack-cli 6 (replace ">=16.20.2" with a modern minimum such as ">=18.14.0"
or your project's chosen supported Node LTS), commit that change, and re-run the
provided verification script to confirm the declared engine satisfies the tools'
engine requirements; ensure the "node" key under "engines" is the updated value.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@package.json`:
- Around line 6-7: Update the package.json "engines.node" field to require a
newer Node LTS that is compatible with Jest 30, Cypress 15 and webpack-cli 6
(replace ">=16.20.2" with a modern minimum such as ">=18.14.0" or your project's
chosen supported Node LTS), commit that change, and re-run the provided
verification script to confirm the declared engine satisfies the tools' engine
requirements; ensure the "node" key under "engines" is the updated value.

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to Reviews -> Disable Knowledge Base setting

📥 Commits

Reviewing files that changed from the base of the PR and between d90a36b and 1aa7380.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• package.json

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 52.26%. Comparing base (cd224d6) to head (9baeee8).
⚠️ Report is 9 commits behind head on master.

❌ Your project status has failed because the head coverage (52.26%) is below the target coverage (60.00%). You can increase the head coverage or adjust the target coverage.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #3381      +/-   ##
==========================================
+ Coverage   52.21%   52.26%   +0.05%     
==========================================
  Files         252      253       +1     
  Lines        6165     6201      +36     
  Branches      886      890       +4     
==========================================
+ Hits         3219     3241      +22     
- Misses       2233     2246      +13     
- Partials      713      714       +1     

see 1 file with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.