Skip to content

fix(deps): update all non-major dependencies#561

Open
renovate[bot] wants to merge 1 commit intomainfrom
renovate/all-minor-patch
Open

fix(deps): update all non-major dependencies#561
renovate[bot] wants to merge 1 commit intomainfrom
renovate/all-minor-patch

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate bot commented Jan 20, 2026
edited
Loading

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence
@babel/core (source) 7.28.57.29.0 age confidence
@cloudscape-design/components (source) 3.0.11553.0.1189 age confidence
@cloudscape-design/design-tokens (source) 3.0.653.0.69 age confidence
@cloudscape-design/global-styles (source) 1.0.491.0.50 age confidence
@graphql-codegen/cli (source) 6.1.06.1.1 age confidence
@graphql-codegen/client-preset (source) 5.2.15.2.2 age confidence
@graphql-codegen/typed-document-node (source) 6.1.46.1.5 age confidence
@graphql-codegen/typescript (source) 5.0.65.0.7 age confidence
@graphql-codegen/typescript-graphql-request (source) 6.3.06.4.0 age confidence
@graphql-codegen/typescript-operations (source) 5.0.65.0.7 age confidence
@sentry/nextjs (source) 10.30.010.38.0 age confidence
@storybook/addon-links (source) 10.1.810.2.3 age confidence
@storybook/cli (source) 10.1.810.2.3 age confidence
@storybook/nextjs (source) 10.1.810.2.3 age confidence
@storybook/react (source) 10.1.810.2.3 age confidence
@storybook/test (source) 8.6.148.6.15 age confidence
@types/node (source) 25.0.125.2.0 age confidence
eslint-config-next (source) 16.0.1016.1.6 age confidence
eslint-plugin-storybook (source) 10.1.810.2.3 age confidence
jotai 2.16.02.17.0 age confidence
nuqs (source) 2.8.52.8.7 age confidence
prettier (source) 3.7.43.8.1 age confidence
react (source) 19.2.319.2.4 age confidence
react-dom (source) 19.2.319.2.4 age confidence
react-hook-form (source) 7.68.07.71.1 age confidence
react-is (source) 19.2.019.2.4 age confidence
react-is (source) 19.2.319.2.4 age confidence
recharts 3.5.13.7.0 age confidence
styled-components (source) 6.1.196.3.8 age confidence
yarn (source) 4.11.04.12.0 age confidence

Release Notes

babel/babel (@​babel/core)

v7.29.0

Compare Source

v7.29.0 (2026-01-31)

Thanks @​simbahax for your first PR!

🚀 New Feature
🐛 Bug Fix
  • babel-parser
  • babel-traverse
    • #​17708 fix(traverse): provide a hub when traversing a File or Program and no parentPath is given (@​simbahax)
  • babel-plugin-transform-block-scoping, babel-traverse
    • #​17737 [7.x backport] fix: Rename switch discriminant references when body creates shadowing variable (@​magic-akari)
🏃‍♀️ Performance
Committers: 6

v7.28.6

Compare Source

cloudscape-design/components (@​cloudscape-design/components)

v3.0.1189

Compare Source

3.0.1189 (2026-02-01)
Reverts
  • Revert "refactor: use visual context for flash variant styling instead of design tokens" (#​4218) (cc088a7)

v3.0.1188

Compare Source

3.0.1188 (2026-01-29)

No customer visible changes in this release

v3.0.1187

Compare Source

3.0.1187 (2026-01-29)
Features
Reverts

v3.0.1186

Compare Source

3.0.1186 (2026-01-29)
Bug Fixes

v3.0.1185

Compare Source

3.0.1185 (2026-01-27)
Features

v3.0.1184

Compare Source

3.0.1184 (2026-01-26)
Features

v3.0.1183

Compare Source

3.0.1183 (2026-01-24)

No customer visible changes in this release

v3.0.1182

Compare Source

3.0.1182 (2026-01-23)
Features
Bug Fixes

v3.0.1181

Compare Source

3.0.1181 (2026-01-22)
Bug Fixes

v3.0.1180

Compare Source

3.0.1180 (2026-01-21)
Bug Fixes

v3.0.1179

Compare Source

3.0.1179 (2026-01-21)
Bug Fixes
  • prevent list item jump on hover in virtual scrolling (v2) (#​4064) (75aed8b)

v3.0.1178

Compare Source

3.0.1178 (2026-01-20)

No customer visible changes in this release

v3.0.1177

Compare Source

3.0.1177 (2026-01-20)
Features
  • Add label analytics metadata to Select and Multiselect component (#​4185) (3b03367)

v3.0.1176

Compare Source

3.0.1176 (2026-01-16)
Features

v3.0.1175

Compare Source

3.0.1175 (2026-01-15)
Features

v3.0.1174

Compare Source

3.0.1174 (2026-01-14)
Features
Bug Fixes

v3.0.1173

Compare Source

3.0.1173 (2026-01-13)

No customer visible changes in this release

v3.0.1172

Compare Source

3.0.1172 (2026-01-12)

No customer visible changes in this release

v3.0.1171

Compare Source

3.0.1171 (2026-01-09)
Features
Bug Fixes

v3.0.1170

Compare Source

3.0.1170 (2026-01-09)
Bug Fixes

v3.0.1169

Compare Source

3.0.1169 (2026-01-08)
Bug Fixes

v3.0.1168

Compare Source

3.0.1168 (2026-01-07)
Features
Bug Fixes
  • Fixes drag handle UAP buttons to never render outside viewport (#​4155) (16df10e)
  • Fixes dropdown list placement with async options (#​4147) (8017969)

v3.0.1167

Compare Source

3.0.1167 (2026-01-03)
Bug Fixes
  • Update test to mock date to avoid failing when year changes (#​4148) (8daa3af)

v3.0.1166

Compare Source

3.0.1166 (2025-12-31)
Features
Bug Fixes

v3.0.1165

Compare Source

3.0.1165 (2025-12-30)
Bug Fixes
  • Fix AppLayoutToolbar breadcrumbs SSR glitch (take three) (#​4123) (27dbde0)

v3.0.1164

Compare Source

3.0.1164 (2025-12-29)
Bug Fixes
Reverts

v3.0.1163

Compare Source

3.0.1163 (2025-12-23)

No customer visible changes in this release

v3.0.1162

Compare Source

3.0.1162 (2025-12-22)
Bug Fixes
  • Ensure hotspot has a 24x24 touch target even when surrounded by other interactive elements (#​4125) (36ebfc0)

v3.0.1161

Compare Source

3.0.1161 (2025-12-19)

No customer visible changes in this release

v3.0.1160

Compare Source

3.0.1160 (2025-12-19)
Features

v3.0.1159

Compare Source

3.0.1159 (2025-12-18)
Bug Fixes
  • Avoid cropping popover trigger focus ring when not wrapping text (#​4116) (97d988b)
  • Restore radio button import inside radio group test utils (#​4119) (6b10cd4)

v3.0.1158

Compare Source

3.0.1158 (2025-12-18)
Features

v3.0.1157

Compare Source

3.0.1157 (2025-12-16)
Features
Bug Fixes

v3.0.1156

Compare Source

3.0.1156 (2025-12-14)
Bug Fixes
cloudscape-design/global-styles (@​cloudscape-design/global-styles)

v1.0.50

Compare Source

1.0.50 (2026-01-24)

No customer visible changes in this release

dotansimha/graphql-code-generator (@​graphql-codegen/cli)

v6.1.1

Compare Source

Patch Changes

  • #​10569 8cb7d43 Thanks @​etr2460! - fix(graphql-codegen-cli): Don't hang when 0 CPUs are found

    Fixes generation when 0 CPUs are returned by os.cpus(), which occurs in sandbox environments.

dotansimha/graphql-code-generator (@​graphql-codegen/client-preset)

v5.2.2

Compare Source

Patch Changes
dotansimha/graphql-code-generator (@​graphql-codegen/typed-document-node)

v6.1.5

Compare Source

Patch Changes
dotansimha/graphql-code-generator (@​graphql-codegen/typescript)

v5.0.7

Compare Source

Patch Changes
dotansimha/graphql-code-generator-community (@​graphql-codegen/typescript-graphql-request)

v6.4.0

Compare Source

Minor Changes
dotansimha/graphql-code-generator (@​graphql-codegen/typescript-operations)

v5.0.7

Compare Source

Patch Changes
getsentry/sentry-javascript (@​sentry/nextjs)

v10.38.0

Compare Source

Important Changes

  • feat(tanstackstart-react): Auto-instrument request middleware (#​18989)

    The sentryTanstackStart Vite plugin now automatically instruments middleware arrays in createFileRoute(). This captures performance data without requiring manual wrapping with wrapMiddlewaresWithSentry().

Other Changes
  • feat: Use v4.8.0 bundler plugins (#​18993)
  • feat(browser): Add logs.metrics bundle (#​19020)
  • feat(browser): Add replay.logs.metrics bundle (#​19021)
  • feat(browser): Add tracing.replay.logs.metrics bundle (#​19039)
  • feat(deps): bump import-in-the-middle from 2.0.1 to 2.0.6 (#​19042)
  • feat(node): Add AI manual instrumentation exports to Node (#​19063)
  • feat(wasm): initialised sentryWasmImages for webworkers (#​18812)
  • fix(core): Classify custom AggregateErrors as exception groups (#​19053)
  • fix(nextjs): Turn off debugID injection if sourcemaps are explicitly disabled (#​19010)
  • fix(react): Avoid String(key) to fix Symbol conversion error (#​18982)
  • fix(react): Prevent lazy route handlers from updating wrong navigation span (#​18898)
Internal Changes - feat(deps-dev): bump @​types/rsvp from 4.0.4 to 4.0.9 ([#​19038](https://redirect.github.com/getsentry/sentry-javascript/pull/19038)) - ci(build): Run full test suite on new bundle with logs+metrics ([#​19065](https://redirect.github.com/getsentry/sentry-javascript/pull/19065)) - ci(deps): bump actions/create-github-app-token from 1 to 2 ([#​19028](https://redirect.github.com/getsentry/sentry-javascript/pull/19028)) - ci(deps): bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 ([#​19029](https://redirect.github.com/getsentry/sentry-javascript/pull/19029)) - chore: Add external contributor to CHANGELOG.md ([#​19005](https://redirect.github.com/getsentry/sentry-javascript/pull/19005)) - chore(aws-serverless): Fix local cache issues ([#​19081](https://redirect.github.com/getsentry/sentry-javascript/pull/19081)) - chore(dependabot): Allow all packages to update ([#​19024](https://redirect.github.com/getsentry/sentry-javascript/pull/19024)) - chore(dependabot): Update ignore patterns and add more groups ([#​19037](https://redirect.github.com/getsentry/sentry-javascript/pull/19037)) - chore(dependabot): Update ignore patterns and add more groups ([#​19043](https://redirect.github.com/getsentry/sentry-javascript/pull/19043)) - chore(deps-dev): bump @​edge-runtime/types from 3.0.1 to 4.0.0 ([#​19032](https://redirect.github.com/getsentry/sentry-javascript/pull/19032)) - chore(deps-dev): bump @​vercel/nft from 0.29.4 to 1.3.0 ([#​19030](https://redirect.github.com/getsentry/sentry-javascript/pull/19030)) - chore(deps): bump @​actions/artifact from 2.1.11 to 5.0.3 ([#​19031](https://redirect.github.com/getsentry/sentry-javascript/pull/19031)) - chore(deps): bump hono from 4.11.4 to 4.11.7 in /dev-packages/e2e-tests/test-applications/cloudflare-hono ([#​19009](https://redirect.github.com/getsentry/sentry-javascript/pull/19009)) - chore(deps): bump next from 16.0.9 to 16.1.5 in /dev-packages/e2e-tests/test-applications/nextjs-16-cacheComponents ([#​19012](https://redirect.github.com/getsentry/sentry-javascript/pull/19012)) - chore(deps): Bump trpc v11 dependency in e2e test ([#​19061](https://redirect.github.com/getsentry/sentry-javascript/pull/19061)) - chore(deps): Bump wrangler to 4.61.0 ([#​19023](https://redirect.github.com/getsentry/sentry-javascript/pull/19023)) - chore(deps): Upgrade @​remix-run deps to 2.17.4 ([#​19040](https://redirect.github.com/getsentry/sentry-javascript/pull/19040)) - chore(deps): Upgrade `next` versions 15 and 16 ([#​19057](https://redirect.github.com/getsentry/sentry-javascript/pull/19057)) - chore(deps): Upgrade Lerna to v8 ([#​19050](https://redirect.github.com/getsentry/sentry-javascript/pull/19050)) - chore(deps): Upgrade next to 14.2.35 ([#​19055](https://redirect.github.com/getsentry/sentry-javascript/pull/19055)) - chore(deps): Upgrade react-router, @​react-router/node, @​react-router/serve, @​react-router/dev to 7.13.0 ([#​19026](https://redirect.github.com/getsentry/sentry-javascript/pull/19026)) - chore(llm): Add claude skill + cursor command for adding new cdn bundles ([#​19048](https://redirect.github.com/getsentry/sentry-javascript/pull/19048)) - chore(llm): Ignore local Claude settings ([#​18893](https://redirect.github.com/getsentry/sentry-javascript/pull/18893)) - chore(react): Update react-router-5 dev dependency to another than 5.0.0 ([#​19047](https://redirect.github.com/getsentry/sentry-javascript/pull/19047)) - chore(release): Add generate-changelog script ([#​18999](https://redirect.github.com/getsentry/sentry-javascript/pull/18999)) - chore(remix): Upgrade @​remix-run/router to ^1.23.2 ([#​19045](https://redirect.github.com/getsentry/sentry-javascript/pull/19045)) - chore(solidstart): Bump peer dependencies of @​solidjs/start ([#​19051](https://redirect.github.com/getsentry/sentry-javascript/pull/19051)) - chore(solidstart): Upgrade Vinxi to update h3 peer dependency ([#​19018](https://redirect.github.com/getsentry/sentry-javascript/pull/19018)) - chore(tests): Reject messages from unknown origins in integration tests ([#​19016](https://redirect.github.com/getsentry/sentry-javascript/pull/19016))

Work in this release was contributed by @​harshit078. Thank you for your contribution!

v10.37.0

Compare Source

Important Changes

  • feat(core): Introduces a new Sentry.setConversationId() API to track multi turn AI conversations across API calls. (#​18909)

    You can now set a conversation ID that will be automatically applied to spans within that scope. This allows you to link traces from the same conversation together.

    import * as Sentry from '@​sentry/node';

// Set conversation ID for all subsequent spans
Sentry.setConversationId('conv_abc123');

// All AI spans will now include the gen_ai.conversation.id attribute
await openai.chat.completions.create({...});

    This is particularly useful for tracking multiple AI API calls that are part of the same conversation, allowing you to analyze entire conversation flows in Sentry.
    The conversation ID is stored on the isolation scope and automatically applied to spans via the new conversationIdIntegration.

  • feat(tanstackstart-react): Auto-instrument global middleware in sentryTanstackStart Vite plugin (#​18844)

    The sentryTanstackStart Vite plugin now automatically instruments requestMiddleware and functionMiddleware arrays in createStart(). This captures performance data without requiring manual wrapping.

    Auto-instrumentation is enabled by default. To disable it:

    // vite.config.ts
sentryTanstackStart({
  authToken: process.env.SENTRY_AUTH_TOKEN,
  org: 'your-org',
  project: 'your-project',
  autoInstrumentMiddleware: false,
});
Other Changes
  • feat(core): simplify truncation logic to only keep the newest message (#​18906)
  • feat(core): Support new client discard reason invalid (#​18901)
  • feat(deps): Bump OpenTelemetry instrumentations (#​18934)
  • feat(nextjs): Update default ignore list for sourcemaps (#​18938)
  • feat(node): pass prisma instrumentation options through (#​18900)
  • feat(nuxt): Don't run source maps related code on Nuxt "prepare" (#​18936)
  • feat(replay): Update client report discard reason for invalid sessions (#​18796)
  • feat(winston): Add customLevelMap for winston transport (#​18922)
  • feat(react-router): Add support for React Router instrumentation API (#​18580)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@socket-security
Copy link
Copy Markdown

socket-security bot commented Jan 20, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updated@​graphql-codegen/​typescript-graphql-request@​6.3.0 ⏵ 6.4.0100 +110067 +195 +4100
Updated@​graphql-codegen/​typed-document-node@​6.1.4 ⏵ 6.1.51001006799100
Updatedeslint-config-next@​16.0.10 ⏵ 16.1.6991006798100
Updated@​graphql-codegen/​typescript-operations@​5.0.6 ⏵ 5.0.71001006999100
Added@​graphql-codegen/​client-preset@​5.2.2991007099100
Updated@​graphql-codegen/​typescript@​5.0.6 ⏵ 5.0.71001007099100
Updatedrecharts@​3.5.1 ⏵ 3.7.073 -211009995 +1100
Updated@​graphql-codegen/​cli@​6.1.0 ⏵ 6.1.1961007799100
Updated@​storybook/​react@​10.1.8 ⏵ 10.2.3100 +110077 +1100100
Updated@​cloudscape-design/​global-styles@​1.0.49 ⏵ 1.0.5098100789090 +10
Updated@​storybook/​nextjs@​10.1.8 ⏵ 10.2.39810079 +1100 +1100
Updated@​babel/​core@​7.28.5 ⏵ 7.29.0971008097100
Updated@​cloudscape-design/​design-tokens@​3.0.65 ⏵ 3.0.6994 +110082 +193 +1100
Updated@​cloudscape-design/​components@​3.0.1155 ⏵ 3.0.118997 -110084 +19680
Updatedreact@​19.2.3 ⏵ 19.2.41001008497100
Added@​storybook/​test@​8.6.15901008596100
Updated@​storybook/​cli@​10.1.8 ⏵ 10.2.399 +110089 +1100100
Updatedprettier@​3.6.2 ⏵ 3.8.190 -310097 +197100
Updated@​sentry/​nextjs@​10.30.0 ⏵ 10.38.099 +510091 +196 +1100
Updatedreact-dom@​19.2.3 ⏵ 19.2.41001009298100
Updatedstyled-components@​6.1.19 ⏵ 6.3.89310010096 -1100
Updatedreact-hook-form@​7.68.0 ⏵ 7.71.197100100 +195 -1100
Updatednuqs@​2.8.5 ⏵ 2.8.799 +110010095 +1100
Updatedjotai@​2.16.0 ⏵ 2.17.010010010095 +2100
Updatedeslint-plugin-storybook@​10.1.8 ⏵ 10.2.310010010099100
Updated@​storybook/​addon-links@​10.1.8 ⏵ 10.2.3100100100100 +1100
Updated@​types/​node@​25.0.1 ⏵ 25.2.0100 +1100100 +20100 +5100

View full report

@renovate renovate bot force-pushed the renovate/all-minor-patch branch from b54b386 to 42dff2e Compare February 1, 2026 10:55
@socket-security
Copy link
Copy Markdown

socket-security bot commented Feb 1, 2026
edited
Loading

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm storybook is 98.0% likely obfuscated

Confidence: 0.98

Location: Package overview

From: ?npm/@storybook/cli@10.2.3npm/storybook@10.2.3

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/storybook@10.2.3. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@renovate renovate bot force-pushed the renovate/all-minor-patch branch from 42dff2e to cb78603 Compare February 1, 2026 17:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants