dev: bump the safe group with 8 updates

[dependabot]

Bumps the safe group with 8 updates:

Package	From	To
@sentry/react	10.39.0	10.41.0
@tabler/icons-react	3.37.1	3.38.0
apexcharts	5.6.0	5.8.1
@storybook/cli	10.2.11	10.2.14
cypress	15.10.0	15.11.0
eslint-plugin-jsdoc	62.7.0	62.7.1
pg	8.18.0	8.19.0
webpack	5.105.2	5.105.3

Updates @sentry/react from 10.39.0 to 10.41.0

Release notes

Sourced from @​sentry/react's releases.

10.41.0

Important Changes

• feat(core,cloudflare,deno): Add instrumentPostgresJsSql instrumentation (#19566)

  Added a new instrumentation helper for the postgres (postgres.js) library, designed for SDKs that are not based on OpenTelemetry (e.g. Cloudflare, Deno). This wraps a postgres.js sql tagged template instance so that all queries automatically create Sentry spans.

  import postgres from 'postgres';
  import * as Sentry from '@sentry/cloudflare'; // or '@sentry/deno'
  export default Sentry.withSentry(env => ({ dsn: 'DSN' }), {
  async fetch(request, env, ctx) {
  const sql = Sentry.instrumentPostgresJsSql(postgres(env.DATABASE_URL));
  // All queries now create Sentry spans
  const users = await sql`SELECT * FROM users WHERE id = ${userId}`;
  return Response.json(users);
  
  },
  });

  The instrumentation is available in @sentry/core, @sentry/cloudflare, and @sentry/deno.

• feat(nextjs): Add Turbopack support for thirdPartyErrorFilterIntegration (#19542)

  We added experimental support for the thirdPartyErrorFilterIntegration with Turbopack builds.

  This feature requires Next.js 16+ and is currently behind an experimental flag:

  // next.config.ts
  import { withSentryConfig } from '@sentry/nextjs';
  export default withSentryConfig(nextConfig, {
  _experimental: {
  turbopackApplicationKey: 'my-app-key',
  },
  });

  Then configure the integration in your client instrumentation file with a matching key:

  // instrumentation-client.ts
  import * as Sentry from '@sentry/nextjs';
  Sentry.init({

... (truncated)

Changelog

Sourced from @​sentry/react's changelog.

10.41.0

Important Changes

• feat(core,cloudflare,deno): Add instrumentPostgresJsSql instrumentation (#19566)

  Added a new instrumentation helper for the postgres (postgres.js) library, designed for SDKs that are not based on OpenTelemetry (e.g. Cloudflare, Deno). This wraps a postgres.js sql tagged template instance so that all queries automatically create Sentry spans.

  import postgres from 'postgres';
  import * as Sentry from '@sentry/cloudflare'; // or '@sentry/deno'
  export default Sentry.withSentry(env => ({ dsn: 'DSN' }), {
  async fetch(request, env, ctx) {
  const sql = Sentry.instrumentPostgresJsSql(postgres(env.DATABASE_URL));
  // All queries now create Sentry spans
  const users = await sql`SELECT * FROM users WHERE id = ${userId}`;
  return Response.json(users);
  
  },
  });

  The instrumentation is available in @sentry/core, @sentry/cloudflare, and @sentry/deno.

• feat(nextjs): Add Turbopack support for thirdPartyErrorFilterIntegration (#19542)

  We added experimental support for the thirdPartyErrorFilterIntegration with Turbopack builds.

  This feature requires Next.js 16+ and is currently behind an experimental flag:

  // next.config.ts
  import { withSentryConfig } from '@sentry/nextjs';
  export default withSentryConfig(nextConfig, {
  _experimental: {
  turbopackApplicationKey: 'my-app-key',
  },
  });

  Then configure the integration in your client instrumentation file with a matching key:

  // instrumentation-client.ts
  import * as Sentry from '@sentry/nextjs';

... (truncated)

Commits

• 66f455a release: 10.41.0
• ca12aab Merge pull request #19576 from getsentry/prepare-release/10.41.0
• dc44fe4 meta(changelog): Update changelog for 10.41.0
• 93e3c30 fix(core): Strip inline media from multimodal content before stringification ...
• 9d3ae61 feat(core,cloudflare): Add dispose to the client for proper cleanup (#19506)
• 88078a0 feat(core,cloudflare,deno): Add instrumentPostgresJsSql instrumentation (#19566)
• 43be7b0 fix(deps): Bump transitive rollup deps to patch CVE-2026-27606 (#19565)
• 6707fd3 feat(react-router): Include middleware function names and indices (#19109)
• 0c3b071 test(node): Test runName parameter in handleChainStart for langchain (#19562)
• 2b79e29 Merge pull request #19554 from getsentry/fix/langchain-handlechainstart-runname
• Additional commits viewable in compare view

Updates @tabler/icons-react from 3.37.1 to 3.38.0

Release notes

Sourced from @​tabler/icons-react's releases.

Release 3.38.0

34 new icons:

• filled/adjustments-horizontal
• filled/check
• filled/chevron-down
• filled/chevron-right
• filled/click
• filled/copy
• filled/database
• filled/device-floppy
• filled/device-gamepad-2
• filled/dots-vertical
• filled/dots
• filled/download
• filled/edit
• filled/external-link
• filled/headset
• filled/help
• filled/home-2
• filled/id
• filled/link
• filled/list-check
• filled/list-details
• filled/list
• filled/menu-2
• filled/messages
• filled/pencil
• filled/plus
• filled/scale
• filled/school
• filled/search
• filled/send
• filled/ticket
• filled/tools-kitchen-2
• filled/world
• filled/x

Fixed icons: filled/calendar-event, filled/trash

Commits

• 44681e5 Release 3.38.0
• See full diff in compare view

Updates apexcharts from 5.6.0 to 5.8.1

Release notes

Sourced from apexcharts's releases.

💎 Version 5.8.0

Bug Fixes

• tree-shaking: publish missing dist/core and dist/features/* build artifacts introduced in v5.7.0 (#5177)
• ssr: fix broken SSR import path in src/ssr/index.js (v5.7.1 patch)
• ssr: fix SVG is not a function crash in renderToHTML/renderToString — global.SVG was not registered in the Node.js SSR path (v5.7.1 patch)

💎 Version 5.7.0

Features

Feature-level tree-shaking

ApexCharts now ships modular entry points so you can import only the chart types and features your application actually uses. This can cut bundle size substantially for apps that don't need the full chart catalogue.

// Minimal custom bundle — only what you need
import ApexCharts from 'apexcharts/core'
import 'apexcharts/line'               // line / area / scatter
import 'apexcharts/features/legend'    // optional legend

Chart-type entry points

Import	Chart types
apexcharts/line	line, area, scatter, bubble
apexcharts/bar	bar, column
apexcharts/pie	pie, donut
apexcharts/radial	radialBar
apexcharts/candlestick	candlestick
apexcharts/heatmap	heatmap
apexcharts/treemap	treemap
apexcharts/rangearea	rangeArea, rangeBar
apexcharts/boxplot	boxPlot
apexcharts/funnel	funnel
apexcharts/radar	radar

Feature entry points

Import	Feature
apexcharts/features/legend	Legend
apexcharts/features/toolbar	Toolbar / zoom controls
apexcharts/features/exports	SVG / PNG / CSV / JSON export
apexcharts/features/annotations	Point, line, and area annotations
apexcharts/features/keyboard	Keyboard navigation (accessibility)

... (truncated)

Commits

• See full diff in compare view

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates @storybook/cli from 10.2.11 to 10.2.14

Release notes

Sourced from @​storybook/cli's releases.

v10.2.14

10.2.14

• CLI: Set STORYBOOK environment variable - #33938, thanks @​yannbf!
• UI: Prevent crash when tag filters contain undefined entries - #33931, thanks @​abhaysinh1000!

v10.2.13

10.2.13

• Addon Pseudo-states: Process all nested css rules - #33605, thanks @​hpohlmeyer!
• Builder-Vite: Prevent config duplication - #33883, thanks @​copilot-swe-agent!
• CLI: Fix React native web A11y issues - #33937, thanks @​jonniebigodes!
• Core: Avoid hanging when inferring args for recursive calls on DOM elemens - #33922, thanks @​valentinpalkovic!
• Eslint: Fix ESLint 10 compatibility in eslint-plugin-storybook rules - #33884, thanks @​copilot-swe-agent!
• Viewport: Prioritize story viewport globals and avoid user-global pollution - #33849, thanks @​ia319!

v10.2.12

10.2.12

• Core: Sanitize inputs for save from controls - #33868, thanks @​valentinpalkovic!
• Telemetry: Add project age - #33910, thanks @​shilman!
• Webpack: Improve performance of module-mocking plugins - #33169, thanks @​valentinpalkovic!

Changelog

Sourced from @​storybook/cli's changelog.

10.2.14

• CLI: Set STORYBOOK environment variable - #33938, thanks @​yannbf!
• UI: Prevent crash when tag filters contain undefined entries - #33931, thanks @​abhaysinh1000!

10.2.13

• Addon Pseudo-states: Process all nested css rules - #33605, thanks @​hpohlmeyer!
• Builder-Vite: Prevent config duplication - #33883, thanks @​copilot-swe-agent!
• CLI: Fix React native web A11y issues - #33937, thanks @​jonniebigodes!
• Core: Avoid hanging when inferring args for recursive calls on DOM elemens - #33922, thanks @​valentinpalkovic!
• Eslint: Fix ESLint 10 compatibility in eslint-plugin-storybook rules - #33884, thanks @​copilot-swe-agent!
• Viewport: Prioritize story viewport globals and avoid user-global pollution - #33849, thanks @​ia319!

10.2.12

• Core: Sanitize inputs for save from controls - #33868, thanks @​valentinpalkovic!
• Telemetry: Add project age - #33910, thanks @​shilman!
• Webpack: Improve performance of module-mocking plugins - #33169, thanks @​valentinpalkovic!

Commits

• 8392ec0 Bump version from "10.2.13" to "10.2.14" [skip ci]
• 305b534 Bump version from "10.2.12" to "10.2.13" [skip ci]
• 68f811f Bump version from "10.2.11" to "10.2.12" [skip ci]
• See full diff in compare view

Updates cypress from 15.10.0 to 15.11.0

Release notes

Sourced from cypress's releases.

v15.11.0

Changelog: https://docs.cypress.io/app/references/changelog#15-11-0

Commits

• 94ff6db build: ensure tslib is bundled with the cli (#33407)
• d0a3b9c chore: Update Chrome (stable) to 145.0.7632.116 and Chrome (beta) to 146.0.76...
• d67167d chore: release v15.11.0 (#33403)
• b8f4c49 feat: Remove EOL CI Providers + Add Support for CI Providers (#33396)
• 66abd41 chore: Update v8 snapshot cache - linux (#33392)
• c172e15 chore: updating v8 snapshot cache (#33395)
• cdc9085 chore: Update Chrome (stable) to 145.0.7632.109 and Chrome (beta) to 146.0.76...
• 273f424 chore: Update v8 snapshot cache - darwin (#33368)
• 282ca22 fix: cleanup protocol listeners (#33391)
• fb6de82 refactor: remove net-stubbing->server->net-stubbing cycle (#33394)
• Additional commits viewable in compare view

Updates eslint-plugin-jsdoc from 62.7.0 to 62.7.1

Release notes

Sourced from eslint-plugin-jsdoc's releases.

v62.7.1

62.7.1 (2026-02-24)

Bug Fixes

• require-property: err if user blocks [@property](https://github.com/property); fixes #1634 (23a9f1d)

Commits

• 23a9f1d fix(require-property): err if user blocks @property; fixes #1634
• bd90efd Merge pull request #1668 from gajus/dependabot/npm_and_yarn/ajv-6.14.0
• eca3090 chore(deps): bump ajv from 6.12.6 to 6.14.0
• 86bd0be Merge pull request #1666 from gajus/gajus-patch-1
• ba0c8af Update funding to brettz9
• See full diff in compare view

Updates pg from 8.18.0 to 8.19.0

Changelog

Sourced from pg's changelog.

pg@8.19.0

• Deprecate interal query queue.
• Pass connection parameters to password callback.

Commits

• f2d7d11 Publish
• 5a4bafc Deprecate Client's internal query queue (#3603)
• a215bfb Typo fix in PgPass deprecation (funciton) (#3605)
• 01e0556 fix(pg-query-stream): invoke this.callback on cursor end/error (#2810)
• e6e3692 Pass connection parameters to password callback (#3602)
• d80d883 test: Fix TLS connection test ending too early
• f332f28 fix: Connection timeout handling for native clients in connected state (#3512)
• b2e9cb1 Remove testAsync - its redundant (#3588)
• 46cdf9e [fix] fix unhandled callback error for submittables (#3589)
• See full diff in compare view

Updates webpack from 5.105.2 to 5.105.3

Release notes

Sourced from webpack's releases.

v5.105.3

Patch Changes

• Context modules now handle rejections correctly. (by @​alexander-akait in #20455)

• Only mark asset modules as side-effect-free when experimental.futureDefaults is set to true, so asset-copying use cases (e.g. import "./x.png") won’t break unless the option is enabled. (by @​hai-x in #20535)

• Add the missing webpack_exports declaration in certain cases when bundling a JS entry together with non-JS entries (e.g., CSS entry or asset module entry). (by @​hai-x in #20463)

• Fixed HMR failure for CSS modules with @​import when exportType !== "link". When exportType is not "link", CSS modules now behave like JavaScript modules and don't require special HMR handling, allowing @​import CSS to work correctly during hot module replacement. (by @​xiaoxiaojx in #20514)

• Fixed an issue where empty JavaScript files were generated for CSS-only entry points. The code now correctly checks if entry modules have JavaScript source types before determining whether to generate a JS file. (by @​xiaoxiaojx in #20454)

• Do not crash when a referenced chunk is not a runtime chunk. (by @​alexander-akait in #20461)

• Fix some types. (by @​alexander-akait in #20412)

• Ensure that missing module error are thrown after the interception handler (if present), allowing module interception to customize the module factory. (by @​hai-x in #20510)

• Added createRequire support for ECMA modules. (by @​stefanbinoj in #20497)

• Added category for CJS reexport dependency to fix issues with ECMA modules. (by @​hai-x in #20444)

• Implement immutable bytes for bytes import attribute to match tc39 spec. (by @​alexander-akait in #20481)

• Fixed deterministic search for graph roots regardless of edge order. (by @​veeceey in #20452)

Changelog

Sourced from webpack's changelog.

5.105.3

Patch Changes

• Context modules now handle rejections correctly. (by @​alexander-akait in #20455)

• Only mark asset modules as side-effect-free when experimental.futureDefaults is set to true, so asset-copying use cases (e.g. import "./x.png") won’t break unless the option is enabled. (by @​hai-x in #20535)

• Add the missing webpack_exports declaration in certain cases when bundling a JS entry together with non-JS entries (e.g., CSS entry or asset module entry). (by @​hai-x in #20463)

• Fixed HMR failure for CSS modules with @​import when exportType !== "link". When exportType is not "link", CSS modules now behave like JavaScript modules and don't require special HMR handling, allowing @​import CSS to work correctly during hot module replacement. (by @​xiaoxiaojx in #20514)

• Fixed an issue where empty JavaScript files were generated for CSS-only entry points. The code now correctly checks if entry modules have JavaScript source types before determining whether to generate a JS file. (by @​xiaoxiaojx in #20454)

• Do not crash when a referenced chunk is not a runtime chunk. (by @​alexander-akait in #20461)

• Fix some types. (by @​alexander-akait in #20412)

• Ensure that missing module error are thrown after the interception handler (if present), allowing module interception to customize the module factory. (by @​hai-x in #20510)

• Added createRequire support for ECMA modules. (by @​stefanbinoj in #20497)

• Added category for CJS reexport dependency to fix issues with ECMA modules. (by @​hai-x in #20444)

• Implement immutable bytes for bytes import attribute to match tc39 spec. (by @​alexander-akait in #20481)

• Fixed deterministic search for graph roots regardless of edge order. (by @​veeceey in #20452)

Commits

• 714a0e3 chore(release): new release (#20448)
• c323b39 chore(deps-dev): bump nyc from 17.1.0 to 18.0.0 (#20539)
• 8a01dfe refactor: deduplicate export presence logic in Harmony dependency classes (#2...
• b9fc7b3 chore(deps): bump test/test262-cases in the dependencies group (#20541)
• f8a5ac3 test: add coverage for nwjs exports condition and CSS modules with webworker ...
• 59bf024 test: add coverage for external script in EnvironmentNotSupportAsyncWarning (...
• 4c79ac2 test: add missing coverage for formatLocation and formatSize (#20534)
• 4f5c0a8 fix: mark asset module as side-effect-free when futureDefaults (#20535)
• 87987ca test: add test
• 67c5aae test: add configCase for ESM prefetch/preload under neutral target (#20524)
• Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
cypress	[>= 9.a, < 10]
cypress	[>= 10.a, < 11]
eslint-plugin-jsdoc	[>= 39.6.a, < 39.7]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions