Skip to content

dev: bump the safe group with 4 updates #7767

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: v3.35
Choose a base branch
from
Open

dev: bump the safe group with 4 updates #7767

wants to merge 1 commit into from
+125 −115

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 24, 2025
edited
Loading

Bumps the safe group with 4 updates: @reduxjs/toolkit, @sentry/react, eslint-plugin-jsdoc and stylelint.

Updates @reduxjs/toolkit from 2.10.1 to 2.11.0

Release notes

Sourced from @​reduxjs/toolkit's releases.

v2.11.0

This feature release upgrades our Immer dependency to v11 to pick up the additional recent performance optimizations, adds a new refetchCachedPages option to allow only fetching the first cached page, and fixes an issue with regex ignore paths in the immutability middleware.

Changelog

Immer v11 Performance Improvements

As described in the release notes for v2.10.0, we recently put significant effort into profiling Immer, and contributed several PRs that aimed to optimize its update performance.

v2.10.0 updated to use Immer 10.2.0, which added the first smaller set of perf updates. That included a new Immer option to disable "strict iteration" to speed up iterating copied objects, and we specifically applied that change in RTK under the assumption that standard plain JS objects as Redux state shouldn't have unusual keys anyway. Overall, this appears to boost Immer update perf by ~+20% over v10.1 depending on update scenario.

Immer v11.0.0 was just released and contains the second perf PR, a major internal architectural rewrite to change the update finalization implementation from a recursive tree traversal to a set of targeted updates based on accessed and updated fields. Based on the benchmarks in the PR, this adds another ~+5% perf boost over the improvements in v10.2, again with variations depending on update scenario. In practice, the actual improvement may be better than that - the benchmarks list includes some array update cases which actually got a bit slower (and thus drag down the overall average), and a majority of update scenarios show anywhere from +25% to +60% faster than Immer v10.1!

As a practical example, we have an RTK Query stress test benchmark where we mount 1000 components with query hooks at once, unmount, then remount them. We ran the same benchmark steps for RTK 2.9 and Immer 10.1, and then RTK 2.10+ and Immer 11. The overall scripting time dropped by about 30% (3330ms -> 2350ms), and the amount of time spent in Immer methods and the RTK reducers dropped significantly:

Based on this, it appears to be a major improvement overall.

As with the instructions in v2.10.0: if by some chance your Redux app state relies on non-string keys, you can still manually call setUseStrictIteration(true) in your app code to retain compatibility there, but we don't expect that standard Redux apps will have to worry about that.

There are still two outstanding Immer perf PRs that may offer further improvements: one that adds an optional plugin to override array methods to avoid proxy creation overhead, and another experimental tweak to shallow copying that may be better with larger object sizes.

New refetchCachedPages Option

RTK Query's infinite query API was directly based on React Query's approach, including the pages cache structure and refetching behavior. By default, that means that when you trigger a refetch, both R-Q and RTKQ will try to sequentially refetch all pages currently in that cache entry. So, if there were 5 pages cached for an entry, they will try to fetch pages 0...4, in turn.

Some users have asked for the ability to only refetch the first page. This can be accomplished somewhat manually by directly updating the cache entry to eliminate the old pages and then triggering a refetch, but that's admittedly not very ergonomic.

We've merged a contributed PR that adds a new refetchCachedPages flag. This can be defined as part of infinite query endpoints, passed as an option to infinite query hooks, or passed as an option in initiate() calls or hook refetch() methods. If set to refetchCachedPages: false, it will only refetch the first page in the cache and not the remaining pages, thus shrinking the cache from N pages to 1 page.

Other Fixes

We merged a fix to the immutability dev middleware where it was treating ignoredPath regexes as strings and not actually testing them correctly.

What's Changed

Full Changelog: reduxjs/redux-toolkit@v2.10.1...v2.11.0

Commits

Updates @sentry/react from 10.26.0 to 10.27.0

Release notes

Sourced from @​sentry/react's releases.

10.27.0

Important Changes

  • feat(deps): Bump OpenTelemetry (#18239)

    • Bump @​opentelemetry/context-async-hooks from ^2.1.0 to ^2.2.0
    • Bump @​opentelemetry/core from ^2.1.0 to ^2.2.0
    • Bump @​opentelemetry/resources from ^2.1.0 to ^2.2.0
    • Bump @​opentelemetry/sdk-trace-base from ^2.1.0 to ^2.2.0
    • Bump @​opentelemetry/sdk-trace-node from ^2.1.0 to ^2.2.0
    • Bump @​opentelemetry/instrumentation from 0.204.0 to 0.208.0
    • Bump @​opentelemetry/instrumentation-amqplib from 0.51.0 to 0.55.0
    • Bump @​opentelemetry/instrumentation-aws-sdk from 0.59.0 to 0.64.0
    • Bump @​opentelemetry/instrumentation-connect from 0.48.0 to 0.52.0
    • Bump @​opentelemetry/instrumentation-dataloader from 0.22.0 to 0.26.0
    • Bump @​opentelemetry/instrumentation-express from 0.53.0 to 0.57.0
    • Bump @​opentelemetry/instrumentation-fs from 0.24.0 to 0.28.0
    • Bump @​opentelemetry/instrumentation-generic-pool from 0.48.0 to 0.52.0
    • Bump @​opentelemetry/instrumentation-graphql from 0.52.0 to 0.56.0
    • Bump @​opentelemetry/instrumentation-hapi from 0.51.0 to 0.55.0
    • Bump @​opentelemetry/instrumentation-http from 0.204.0 to 0.208.0
    • Bump @​opentelemetry/instrumentation-ioredis from 0.52.0 to 0.56.0
    • Bump @​opentelemetry/instrumentation-kafkajs from 0.14.0 to 0.18.0
    • Bump @​opentelemetry/instrumentation-knex from 0.49.0 to 0.53.0
    • Bump @​opentelemetry/instrumentation-koa from 0.52.0 to 0.57.0
    • Bump @​opentelemetry/instrumentation-lru-memoizer from 0.49.0 to 0.53.0
    • Bump @​opentelemetry/instrumentation-mongodb from 0.57.0 to 0.61.0
    • Bump @​opentelemetry/instrumentation-mongoose from 0.51.0 to 0.55.0
    • Bump @​opentelemetry/instrumentation-mysql from 0.50.0 to 0.54.0
    • Bump @​opentelemetry/instrumentation-mysql2 from 0.51.0 to 0.55.0
    • Bump @​opentelemetry/instrumentation-nestjs-core from 0.50.0 to 0.55.0
    • Bump @​opentelemetry/instrumentation-pg from 0.57.0 to 0.61.0
    • Bump @​opentelemetry/instrumentation-redis from 0.53.0 to 0.57.0
    • Bump @​opentelemetry/instrumentation-tedious from 0.23.0 to 0.27.0
    • Bump @​opentelemetry/instrumentation-undici from 0.15.0 to 0.19.0
    • Bump @​prisma/instrumentation from 6.15.0 to 6.19.0

  • feat(browserprofiling): Add manual mode and deprecate old profiling (#18189)

    Adds the manual lifecycle mode for UI profiling (the default mode), allowing profiles to be captured manually with Sentry.uiProfiler.startProfiler() and Sentry.uiProfiler.stopProfiler(). The previous transaction-based profiling is with profilesSampleRate is now deprecated in favor of the new UI Profiling with profileSessionSampleRate.

Other Changes

  • feat(core): Add gibibyte and pebibyte to InformationUnit type (#18241)
  • feat(core): Add scope attribute APIs (#18165)
  • feat(core): Re-add _experiments.enableLogs option (#18299)
  • feat(core): Use maxValueLength on error messages (#18301)
  • feat(deps): bump @​sentry/bundler-plugin-core from 4.3.0 to 4.6.1 (#18273)
  • feat(deps): bump @​sentry/cli from 2.56.0 to 2.58.2 (#18271)
  • feat(node): Add tracing support for AzureOpenAI (#18281)

... (truncated)

Changelog

Sourced from @​sentry/react's changelog.

10.27.0

Important Changes

  • feat(deps): Bump OpenTelemetry (#18239)

    • Bump @​opentelemetry/context-async-hooks from ^2.1.0 to ^2.2.0
    • Bump @​opentelemetry/core from ^2.1.0 to ^2.2.0
    • Bump @​opentelemetry/resources from ^2.1.0 to ^2.2.0
    • Bump @​opentelemetry/sdk-trace-base from ^2.1.0 to ^2.2.0
    • Bump @​opentelemetry/sdk-trace-node from ^2.1.0 to ^2.2.0
    • Bump @​opentelemetry/instrumentation from 0.204.0 to 0.208.0
    • Bump @​opentelemetry/instrumentation-amqplib from 0.51.0 to 0.55.0
    • Bump @​opentelemetry/instrumentation-aws-sdk from 0.59.0 to 0.64.0
    • Bump @​opentelemetry/instrumentation-connect from 0.48.0 to 0.52.0
    • Bump @​opentelemetry/instrumentation-dataloader from 0.22.0 to 0.26.0
    • Bump @​opentelemetry/instrumentation-express from 0.53.0 to 0.57.0
    • Bump @​opentelemetry/instrumentation-fs from 0.24.0 to 0.28.0
    • Bump @​opentelemetry/instrumentation-generic-pool from 0.48.0 to 0.52.0
    • Bump @​opentelemetry/instrumentation-graphql from 0.52.0 to 0.56.0
    • Bump @​opentelemetry/instrumentation-hapi from 0.51.0 to 0.55.0
    • Bump @​opentelemetry/instrumentation-http from 0.204.0 to 0.208.0
    • Bump @​opentelemetry/instrumentation-ioredis from 0.52.0 to 0.56.0
    • Bump @​opentelemetry/instrumentation-kafkajs from 0.14.0 to 0.18.0
    • Bump @​opentelemetry/instrumentation-knex from 0.49.0 to 0.53.0
    • Bump @​opentelemetry/instrumentation-koa from 0.52.0 to 0.57.0
    • Bump @​opentelemetry/instrumentation-lru-memoizer from 0.49.0 to 0.53.0
    • Bump @​opentelemetry/instrumentation-mongodb from 0.57.0 to 0.61.0
    • Bump @​opentelemetry/instrumentation-mongoose from 0.51.0 to 0.55.0
    • Bump @​opentelemetry/instrumentation-mysql from 0.50.0 to 0.54.0
    • Bump @​opentelemetry/instrumentation-mysql2 from 0.51.0 to 0.55.0
    • Bump @​opentelemetry/instrumentation-nestjs-core from 0.50.0 to 0.55.0
    • Bump @​opentelemetry/instrumentation-pg from 0.57.0 to 0.61.0
    • Bump @​opentelemetry/instrumentation-redis from 0.53.0 to 0.57.0
    • Bump @​opentelemetry/instrumentation-tedious from 0.23.0 to 0.27.0
    • Bump @​opentelemetry/instrumentation-undici from 0.15.0 to 0.19.0
    • Bump @​prisma/instrumentation from 6.15.0 to 6.19.0

  • feat(browserprofiling): Add manual mode and deprecate old profiling (#18189)

    Adds the manual lifecycle mode for UI profiling (the default mode), allowing profiles to be captured manually with Sentry.uiProfiler.startProfiler() and Sentry.uiProfiler.stopProfiler(). The previous transaction-based profiling is with profilesSampleRate is now deprecated in favor of the new UI Profiling with profileSessionSampleRate.

Other Changes

  • feat(core): Add gibibyte and pebibyte to InformationUnit type (#18241)
  • feat(core): Add scope attribute APIs (#18165)
  • feat(core): Re-add _experiments.enableLogs option (#18299)
  • feat(core): Use maxValueLength on error messages (#18301)
  • feat(deps): bump @​sentry/bundler-plugin-core from 4.3.0 to 4.6.1 (#18273)
  • feat(deps): bump @​sentry/cli from 2.56.0 to 2.58.2 (#18271)

... (truncated)

Commits
  • 0b0151d release: 10.27.0
  • 930863e Merge pull request #18312 from getsentry/prepare-release/10.27.0
  • 02aa2ea meta(changelog): Update changelog for 10.27.0
  • 6ce620e fix(core): Always redact content of sensitive headers regardless of `sendDefa...
  • 235c865 feat(core): Re-add _experiments.enableLogs option (#18299)
  • 4b92c64 fix(nextjs): universal random tunnel path support (#18257)
  • 6240191 feat(core): Use maxValueLength on error messages (#18301)
  • 1525603 feat(browserprofiling): Add manual mode and deprecate old profiling (#18189)
  • 3d48cc6 chore: Add external contributor to CHANGELOG.md (#18300)
  • b8127fb doc(sveltekit): Update documentation link for SvelteKit guide (#18298)
  • Additional commits viewable in compare view

Updates eslint-plugin-jsdoc from 61.3.0 to 61.4.1

Release notes

Sourced from eslint-plugin-jsdoc's releases.

v61.4.1

61.4.1 (2025-11-23)

Bug Fixes

  • require-rejects: do not treat synchronous throw as rejection; fixes #1603 (f776d63)

v61.4.0

61.4.0 (2025-11-20)

Features

Commits
  • f776d63 fix(require-rejects): do not treat synchronous throw as rejection; fixes #1603
  • af2d940 Implement "always" mode support for list indentation preservation
  • da2c872 Add support for preserving list indentation in check-line-alignment (never mode)
  • 18e236e Add support for preserving list indentation in check-line-alignment (never mode)
  • 30b6335 Add support for preserving list indentation in check-line-alignment (never mode)
  • 99c7fbd feat: add require-rejects rule; fixes #755
  • See full diff in compare view

Updates stylelint from 16.25.0 to 16.26.0

Release notes

Sourced from stylelint's releases.

16.26.0

It adds 1 feature and fixes 2 bugs.

  • Added: support for customSyntax with function export (#8834) (@​silverwind).
  • Fixed: custom-property-no-missing-var-function false positives for style query in if() function (#8813) (@​sajdakabir).
  • Fixed: media-feature-range-notation false positives for multiple queries and except: exact-value (#8832) (@​jeddy3).
Changelog

Sourced from stylelint's changelog.

16.26.0 - 2025-11-21

It adds 1 feature and fixes 2 bugs.

  • Added: support for customSyntax with function export (#8834) (@​silverwind).
  • Fixed: custom-property-no-missing-var-function false positives for style query in if() function (#8813) (@​sajdakabir).
  • Fixed: media-feature-range-notation false positives for multiple queries and except: exact-value (#8832) (@​jeddy3).
Commits
  • 13737ba Release 16.26.0 (#8842)
  • a5c75d3 Fix semver type for added feature (#8841)
  • de3a8f0 Fix custom-property-no-missing-var-function false positives for style query...
  • dd008cd Fix vulnerable dependencies by npm audit fix (#8839)
  • 2ba1898 Add support for customSyntax with function export (#8834)
  • 782b741 Bump eslint from 9.38.0 to 9.39.0 in the eslint group (#8835)
  • 99b018d Fix media-feature-range-notation false positives for multiple queries and `...
  • b0fa564 Bump file-entry-cache from 10.1.4 to 11.1.0 (#8817)
  • 4ac232e Document larger message arguments example (#8803)
  • 4ba4da4 Bump @​stylelint/prettier-config from 3.0.0 to 4.0.0 in the stylelint group (#...
  • Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request
Dependency Name Ignore Conditions
eslint-plugin-jsdoc [>= 39.6.a, < 39.7]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
dev: bump the safe group with 4 updates
b0b2a4d 
Bumps the safe group with 4 updates: [@reduxjs/toolkit](https://github.com/reduxjs/redux-toolkit), [@sentry/react](https://github.com/getsentry/sentry-javascript), [eslint-plugin-jsdoc](https://github.com/gajus/eslint-plugin-jsdoc) and [stylelint](https://github.com/stylelint/stylelint).


Updates `@reduxjs/toolkit` from 2.10.1 to 2.11.0
- [Release notes](https://github.com/reduxjs/redux-toolkit/releases)
- [Commits](reduxjs/redux-toolkit@v2.10.1...v2.11.0)

Updates `@sentry/react` from 10.26.0 to 10.27.0
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md)
- [Commits](getsentry/sentry-javascript@10.26.0...10.27.0)

Updates `eslint-plugin-jsdoc` from 61.3.0 to 61.4.1
- [Release notes](https://github.com/gajus/eslint-plugin-jsdoc/releases)
- [Changelog](https://github.com/gajus/eslint-plugin-jsdoc/blob/main/.releaserc)
- [Commits](gajus/eslint-plugin-jsdoc@v61.3.0...v61.4.1)

Updates `stylelint` from 16.25.0 to 16.26.0
- [Release notes](https://github.com/stylelint/stylelint/releases)
- [Changelog](https://github.com/stylelint/stylelint/blob/main/CHANGELOG.md)
- [Commits](stylelint/stylelint@16.25.0...16.26.0)

---
updated-dependencies:
- dependency-name: "@reduxjs/toolkit"
  dependency-version: 2.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: safe
- dependency-name: "@sentry/react"
  dependency-version: 10.27.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: safe
- dependency-name: eslint-plugin-jsdoc
  dependency-version: 61.4.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: safe
- dependency-name: stylelint
  dependency-version: 16.26.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: safe
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Nov 24, 2025
@dependabot dependabot bot requested a review from a team as a code owner November 24, 2025 22:13
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Nov 24, 2025
@dependabot dependabot bot requested a review from mjamescompton November 24, 2025 22:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mjamescompton mjamescompton Awaiting requested review from mjamescompton mjamescompton is a code owner automatically assigned from TheThingsNetwork/stack-reviewers-3

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant