dev: bump the safe group with 6 updates

[dependabot]

Bumps the safe group with 6 updates:

Package	From	To
@sentry/react	10.38.0	10.39.0
apexcharts	5.3.6	5.5.0
@inquirer/prompts	8.2.0	8.2.1
eslint-plugin-jsdoc	62.5.4	62.5.5
wait-on	9.0.3	9.0.4
webpack	5.105.0	5.105.2

Updates @sentry/react from 10.38.0 to 10.39.0

Release notes

Sourced from @​sentry/react's releases.

10.39.0

Important Changes

• feat(tanstackstart-react): Auto-instrument server function middleware (#19001)

  The sentryTanstackStart Vite plugin now automatically instruments middleware in createServerFn().middleware([...]) calls. This captures performance data without requiring manual wrapping with wrapMiddlewaresWithSentry().

• feat(nextjs): New experimental automatic vercel cron monitoring (#19192)

  Setting _experimental.vercelCronMonitoring to true in your Sentry configuration will automatically create Sentry cron monitors for your Vercel Cron Jobs.

  Please note that this is an experimental unstable feature and subject to change.

  // next.config.ts
  export default withSentryConfig(nextConfig, {
    _experimental: {
      vercelCronMonitoring: true,
    },
  });

• feat(node-core): Add node-core/light (#18502)

  This release adds a new light-weight @sentry/node-core/light export to @sentry/node-core. The export acts as a light-weight SDK that does not depend on OpenTelemetry and emits no spans.

  Use this SDK when:

  • You only need error tracking, logs or metrics without tracing data (no spans)
  • You want to minimize bundle size and runtime overhead
  • You don't need spans emitted by OpenTelemetry instrumentation

  It supports error tracking and reporting, logs, metrics, automatic request isolation (requires Node.js 22+) and basic tracing via our Sentry.startSpan* APIs.

  Install the SDK by running

  npm install @sentry/node-core

  and add Sentry at the top of your application's entry file:

  import * as Sentry from '@sentry/node-core/light';
  Sentry.init({
  dsn: 'DSN',
  });

Other Changes

... (truncated)

Changelog

Sourced from @​sentry/react's changelog.

10.39.0

Important Changes

• feat(tanstackstart-react): Auto-instrument server function middleware (#19001)

  The sentryTanstackStart Vite plugin now automatically instruments middleware in createServerFn().middleware([...]) calls. This captures performance data without requiring manual wrapping with wrapMiddlewaresWithSentry().

• feat(nextjs): New experimental automatic vercel cron monitoring (#19192)

  Setting _experimental.vercelCronMonitoring to true in your Sentry configuration will automatically create Sentry cron monitors for your Vercel Cron Jobs.

  Please note that this is an experimental unstable feature and subject to change.

  // next.config.ts
  export default withSentryConfig(nextConfig, {
    _experimental: {
      vercelCronMonitoring: true,
    },
  });

• feat(node-core): Add node-core/light (#18502)

  This release adds a new light-weight @sentry/node-core/light export to @sentry/node-core. The export acts as a light-weight SDK that does not depend on OpenTelemetry and emits no spans.

  Use this SDK when:

  • You only need error tracking, logs or metrics without tracing data (no spans)
  • You want to minimize bundle size and runtime overhead
  • You don't need spans emitted by OpenTelemetry instrumentation

  It supports error tracking and reporting, logs, metrics, automatic request isolation (requires Node.js 22+) and basic tracing via our Sentry.startSpan* APIs.

  Install the SDK by running

  npm install @sentry/node-core

  and add Sentry at the top of your application's entry file:

  import * as Sentry from '@sentry/node-core/light';
  Sentry.init({
  dsn: 'DSN',
  });

... (truncated)

Commits

• ab54c5c Make @sentry/opentelemetry not a peer dep in node-core
• f822e69 chore: Lint lerna.json
• c4708d2 release: 10.39.0
• b5e3094 chore: Revert to lerna v8 (#19294)
• 9dea581 Merge pull request #19281 from getsentry/prepare-release/10.39.0
• 12e467f meta(changelog): Update changelog for 10.39.0
• d7df7d4 ref(sveltekit): Use untrack to read route id without invalidation (#19272)
• 24b2ef2 fix(sveltekit): Detect used adapter via svelte.config.js (#19270)
• e051be4 feat(node-core): Add outgoing fetch trace propagation to light mode (#19262)
• eaf297f ref(core): Move shouldPropagateTraceForUrl from opentelemetry to core (#19258)
• Additional commits viewable in compare view

Updates apexcharts from 5.3.6 to 5.5.0

Release notes

Sourced from apexcharts's releases.

💎 Version 5.5.0

Major Features

Server-Side Rendering (SSR) Support

ApexCharts now fully supports SSR for Next.js, Nuxt, SvelteKit, Astro, and other modern meta-frameworks! This has been one of the most requested features. (#4288)

Server-side rendering:

import ApexCharts from 'apexcharts/ssr'
const chartHTML = await ApexCharts.renderToHTML({
series: [{ data: [30, 40, 35, 50, 49, 60, 70] }],
chart: { type: 'bar' }
}, {
width: 500,
height: 300
})

Client-side hydration:

import ApexCharts from 'apexcharts/client'
// Hydrate specific chart
ApexCharts.hydrate(document.getElementById('my-chart'))
// Or hydrate all charts on the page
ApexCharts.hydrateAll()

Package exports:

• Browser: import ApexCharts from 'apexcharts' (or apexcharts/client)
• Node.js/SSR: import ApexCharts from 'apexcharts/ssr'
• Automatic environment detection via conditional exports

Accessibility Support

Added comprehensive accessibility features to make charts usable for everyone:

• ARIA labels and roles
• Keyboard navigation support
• Screen reader compatibility
• Semantic HTML structure

📦 Bundle Sizes

Browser bundles:

• apexcharts.esm.js: 878 KB (unminified)
• apexcharts.common.js: 462 KB (minified CommonJS)

... (truncated)

Commits

• 40ebd83 build: 5.5.0
• eb53bae feat: ssr support; fixes #4288
• ef0c06b feat: accessibility support added
• 8f5d9be fix: tiny code quality issues in multiple utils functions
• 9f639bd fix: code quaility issues in samples
• fe43094 fix: remove unnecessary escape character
• d708214 fix: lint issues
• 7b3ab46 fix: ESLint dependency issue
• b87a917 release: v5.4.0
• 807dea9 fix: optimize Treemap-squared.js
• Additional commits viewable in compare view

Updates @inquirer/prompts from 8.2.0 to 8.2.1

Release notes

Sourced from @​inquirer/prompts's releases.

@​inquirer/prompts@​8.2.1

• chore: Switch wrap-ansi with fast-wrap-ansi

Commits

• 53dbf6c chore: Publish new release
• 5f6c774 fix(@​inquirer/testing): prevent artificial line wrapping in test output (#1996)
• e400674 ci: auto-merge dependabot PRs for patch and minor updates
• 63a85b2 fix(@​inquirer/testing): auto-mock @​inquirer/prompts barrel re-exports
• ad95368 feat(@​inquirer/testing): add E2E testing support for CLI applications (#1980)
• 2e60d48 chore(deps-dev): Bump oxfmt in the formatting group (#1989)
• 7e1c0e7 chore(deps): Bump the types group with 2 updates (#1991)
• 002c246 chore(deps-dev): Bump the build group with 3 updates (#1990)
• ba7436f chore(deps): Bump semver from 7.7.3 to 7.7.4 (#1992)
• f4f5944 chore: Add oxfmt hook for claude code
• Additional commits viewable in compare view

Updates eslint-plugin-jsdoc from 62.5.4 to 62.5.5

Release notes

Sourced from eslint-plugin-jsdoc's releases.

v62.5.5

62.5.5 (2026-02-15)

Bug Fixes

• check-param-names: check arrow function properties in interfaces (TSPropertySignature); fixes #1657 (c7b132f)

Commits

• c7b132f fix(check-param-names): check arrow function properties in interfaces (TSPr...
• See full diff in compare view

Updates wait-on from 9.0.3 to 9.0.4

Release notes

Sourced from wait-on's releases.

v9.0.4

Updated patch dependencies including axios and lodash

Commits

• ea94ded 9.0.4
• 8b972f7 Merge pull request #192 from jeffbski/update-deps-2026-02-12
• d7ecabf npm audit fix
• 664c290 update patch deps
• See full diff in compare view

Updates webpack from 5.105.0 to 5.105.2

Release notes

Sourced from webpack's releases.

v5.105.2

Patch Changes

• Fixed WebpackPluginInstance type regression. (by @​alexander-akait in #20440)

v5.105.1

Patch Changes

• Fix VirtualUrlPlugin Windows compatibility by sanitizing cache keys and filenames. Cache keys now use toSafePath to replace colons (:) with double underscores (__) and sanitize other invalid characters, ensuring compatibility with Windows filesystem restrictions. (by @​xiaoxiaojx in #20424)

• Revert part of the createRequire generation behavior for require("node:...") to keep compatibility with those modules exports, e.g. const EventEmitter = require("node:events");. (by @​hai-x in #20433)

• Skip guard collection when exports-presence mode is disabled to improve parsing performance. (by @​hai-x in #20433)

Changelog

Sourced from webpack's changelog.

5.105.2

Patch Changes

• Fixed WebpackPluginInstance type regression. (by @​alexander-akait in #20440)

5.105.1

Patch Changes

• Fix VirtualUrlPlugin Windows compatibility by sanitizing cache keys and filenames. Cache keys now use toSafePath to replace colons (:) with double underscores (__) and sanitize other invalid characters, ensuring compatibility with Windows filesystem restrictions. (by @​xiaoxiaojx in #20424)

• Revert part of the createRequire generation behavior for require("node:...") to keep compatibility with those modules exports, e.g. const EventEmitter = require("node:events");. (by @​hai-x in #20433)

• Skip guard collection when exports-presence mode is disabled to improve parsing performance. (by @​hai-x in #20433)

Commits

• 0756c7e chore(release): new release (#20441)
• ff28476 chore(deps): bump CodSpeedHQ/action in the dependencies group (#20442)
• 4d3ed66 ci: discord using curl
• 004550a ci: discord fix
• 44bf97b ci: emulate release for discord using other approach
• 9c71a09 ci: emulate release for discord
• 02d3bc9 ci: allow to run release announcement
• 6c62c28 ci: fix discord
• 900219d fix: type regression (#20440)
• 8e50ef2 chore(release): new release (#20429)
• Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
eslint-plugin-jsdoc	[>= 39.6.a, < 39.7]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions