fix(deps): update npm minor and patch dependencies

[red-hat-konflux]

Note: This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@cypress/code-coverage	^4.0.0 -> ^4.0.1			devDependencies	patch
@formatjs/cli	^6.7.4 -> ^6.13.0			dependencies	minor
@patternfly/react-charts	^8.4.0 -> ^8.4.1			dependencies	patch
@patternfly/react-core	^6.4.0 -> ^6.4.1			dependencies	patch
@patternfly/react-table (source)	^6.4.0 -> ^6.4.1			dependencies	patch
@playwright/test (source)	^1.56.1 -> ^1.58.2			devDependencies	patch
@pmmmwh/react-refresh-webpack-plugin	^0.6.1 -> ^0.6.2			devDependencies	patch
@redhat-cloud-services/chrome (source)	^2.0.15 -> ^2.0.45			dependencies	patch
@redhat-cloud-services/entitlements-client	^4.0.7 -> ^4.0.8			dependencies	patch
@redhat-cloud-services/eslint-config-redhat-cloud-services (source)	^3.0.1 -> ^3.0.31			devDependencies	patch
@redhat-cloud-services/frontend-components (source)	^7.0.11 -> ^7.0.43			dependencies	patch
@redhat-cloud-services/frontend-components-config-utilities	^4.7.1 -> ^4.7.31			devDependencies	patch
@redhat-cloud-services/rbac-client	^4.2.5 -> ^4.2.6			dependencies	patch
@redhat-cloud-services/types (source)	^3.3.28 -> ^3.3.31			devDependencies	patch
@sentry/browser (source)	^10.39.0 -> ^10.40.0			dependencies	minor
@sentry/react (source)	^10.39.0 -> ^10.40.0			dependencies	minor
@simonsmith/cypress-image-snapshot	^10.0.0 -> ^10.0.3			devDependencies	patch
@swc/core (source)	^1.13.20 -> ^1.15.17			devDependencies	patch
@testing-library/dom	^10.0.0 -> ^10.4.1			devDependencies	patch
@testing-library/jest-dom	^6.0.0 -> ^6.9.1			devDependencies	patch
@testing-library/react	^16.0.0 -> ^16.3.2			devDependencies	patch
@types/lodash (source)	^4.17.20 -> ^4.17.24			devDependencies	patch
@types/node (source)	^25.0.0 -> ^25.3.2			devDependencies	minor
@types/react (source)	^18.3.26 -> ^18.3.28			devDependencies	patch
@types/urijs (source)	^1.19.25 -> ^1.19.26			devDependencies	patch
@typescript-eslint/eslint-plugin (source)	^8.46.2 -> ^8.56.1			devDependencies	patch
@typescript-eslint/parser (source)	^8.46.2 -> ^8.56.1			devDependencies	patch
axios (source)	^1.12.2 -> ^1.13.5			dependencies	patch
axios-cache-interceptor (source)	^1.11.2 -> ^1.11.4			dependencies	patch
broadcast-channel (source)	^7.1.0 -> ^7.3.0			dependencies	patch
commander	^14.0.0 -> ^14.0.3			dependencies	patch
css-loader	^7.1.2 -> ^7.1.4			devDependencies	patch
cypress (source)	^15.0.0 -> ^15.11.0			devDependencies	minor
glob	^13.0.0 -> ^13.0.6			devDependencies	patch
html-webpack-plugin	^5.6.4 -> ^5.6.6			devDependencies	patch
jest (source)	^30.0.0 -> ^30.2.0			devDependencies	patch
jest-environment-jsdom (source)	^30.0.0 -> ^30.2.0			devDependencies	patch
jotai	^2.15.0 -> ^2.18.0			dependencies	minor
jws	^4.0.0 -> ^4.0.1			devDependencies	patch
lodash (source)	^4.17.21 -> ^4.17.23			dependencies	patch
mini-css-extract-plugin	^2.9.4 -> ^2.10.0			devDependencies	patch
node (source)	>=16.0.0 -> >=16.20.2			engines	minor
npm (source)	>=7.0.0 -> >=7.24.2			engines	minor
oidc-client-ts	^3.4.0 -> ^3.4.1			dependencies	patch
react-router-dom (source)	^6.30.1 -> ^6.30.3			dependencies	patch
sanitize-html (source)	^2.17.0 -> ^2.17.1			dependencies	patch
sass	^1.93.2 -> ^1.97.3			devDependencies	patch
sass-loader	^16.0.0 -> ^16.0.7			devDependencies	patch
swc-loader	^0.2.6 -> ^0.2.7			devDependencies	patch
terser-webpack-plugin	^5.3.14 -> ^5.3.16			devDependencies	patch
title-case (source)	^4.0.0 -> ^4.3.2			dependencies	patch
typescript-eslint (source)	^8.46.2 -> ^8.56.1			devDependencies	patch
wait-on	^9.0.0 -> ^9.0.4			devDependencies	patch
webpack	^5.102.1 -> ^5.105.3			devDependencies	patch
webpack-bundle-analyzer	^5.0.0 -> ^5.2.0			devDependencies	patch
webpack-cli (source)	^6.0.0 -> ^6.0.1			devDependencies	patch
webpack-dev-server	^5.2.2 -> ^5.2.3			devDependencies	patch

---

Release Notes

cypress-io/code-coverage (@​cypress/code-coverage)

v4.0.1

Compare Source

formatjs/formatjs (@​formatjs/cli)

v6.13.0

Compare Source

Bug Fixes

• formatjs_cli: fix newlines/whitespace handling to conform with TS version, fix #​6021 (#​6022) (3ca6e76) - by @​longlho

Features

• @​formatjs/cli-lib: migrate from chalk to native Node styleText, bump min Node version to 20.12.0 (49bd2ad) - by @​longlho

RedHatInsights/frontend-components (@​redhat-cloud-services/chrome)

v2.0.45

Compare Source

v2.0.44

Compare Source

v2.0.43

Compare Source

RedHatInsights/javascript-clients (@​redhat-cloud-services/entitlements-client)

v4.0.8

Compare Source

RedHatInsights/frontend-components (@​redhat-cloud-services/types)

v3.3.31

Compare Source

v3.3.30

Compare Source

v3.3.29

Compare Source

getsentry/sentry-javascript (@​sentry/browser)

v10.40.0

Compare Source

Important Changes

• feat(tanstackstart-react): Add global sentry exception middlewares (#​19330)

  The sentryGlobalRequestMiddleware and sentryGlobalFunctionMiddleware global middlewares capture unhandled exceptions thrown in TanStack Start API routes and server functions. Add them as the first entries in the requestMiddleware and functionMiddleware arrays of createStart():

  import { createStart } from '@​tanstack/react-start/server';
  import { sentryGlobalRequestMiddleware, sentryGlobalFunctionMiddleware } from '@​sentry/tanstackstart-react/server';
  
  export default createStart({
    requestMiddleware: [sentryGlobalRequestMiddleware, myRequestMiddleware],
    functionMiddleware: [sentryGlobalFunctionMiddleware, myFunctionMiddleware],
  });

• feat(tanstackstart-react)!: Export Vite plugin from @sentry/tanstackstart-react/vite subpath (#​19182)

  The sentryTanstackStart Vite plugin is now exported from a dedicated subpath. Update your import:

  - import { sentryTanstackStart } from '@​sentry/tanstackstart-react';
  + import { sentryTanstackStart } from '@​sentry/tanstackstart-react/vite';

• fix(node-core): Reduce bundle size by removing apm-js-collab and requiring pino >= 9.10 (#​18631)

  In order to keep receiving pino logs, you need to update your pino version to >= 9.10, the reason for the support bump is to reduce the bundle size of the node-core SDK in frameworks that cannot tree-shake the apm-js-collab dependency.

• fix(browser): Ensure user id is consistently added to sessions (#​19341)

  Previously, the SDK inconsistently set the user id on sessions, meaning sessions were often lacking proper coupling to the user set for example via Sentry.setUser().
  Additionally, the SDK incorrectly skipped starting a new session for the first soft navigation after the pageload.
  This patch fixes these issues. As a result, metrics around sessions, like "Crash Free Sessions" or "Crash Free Users" might change.
  This could also trigger alerts, depending on your set thresholds and conditions.
  We apologize for any inconvenience caused!

  While we're at it, if you're using Sentry in a Single Page App or meta framework, you might want to give the new 'page' session lifecycle a try!
  This new mode no longer creates a session per soft navigation but continues the initial session until the next hard page refresh.
  Check out the docs to learn more!

• ref!(gatsby): Drop Gatsby v2 support (#​19467)

  We drop support for Gatsby v2 (which still relies on webpack 4) for a critical security update in https://github.com/getsentry/sentry-javascript-bundler-plugins/releases/tag/5.0.0

Other Changes

• feat(astro): Add support for Astro on CF Workers (#​19265)
• feat(cloudflare): Instrument async KV API (#​19404)
• feat(core): Add framework-agnostic tunnel handler (#​18892)
• feat(deno): Export logs API from Deno SDK (#​19313)
• feat(deno): Export metrics API from Deno SDK (#​19305)
• feat(deno): instrument Deno.serve with async context support (#​19230)
• feat(deps): bump babel-loader from 8.2.5 to 10.0.0 (#​19303)
• feat(deps): bump body-parser from 1.20.4 to 2.2.2 (#​19191)
• feat(deps): Bump hono from 4.11.7 to 4.11.10 (#​19440)
• feat(deps): bump qs from 6.14.1 to 6.14.2 (#​19310)
• feat(deps): bump the opentelemetry group with 4 updates (#​19425)
• feat(feedback): Add setTheme() to dynamically update feedback widget color scheme (#​19430)
• feat(nextjs): Add sourcemaps.filesToDeleteAfterUpload as a top-level option (#​19280)
• feat(node): Add ignoreConnectSpans option to postgresIntegration (#​19291)
• feat(node): Bump to latest @​fastify/otel (#​19452)
• fix: Bump bundler plugins to v5 (#​19468)
• fix: updated the codecov config (#​19350)
• fix(aws-serverless): Prevent crash in isPromiseAllSettledResult with null/undefined array elements (#​19346)
• fix(bun) Export pinoIntegration from @​sentry/node (#​17990)
• fix(core,browser): Delete SentryNonRecordingSpan from fetch/xhr map (#​19336)
• fix(core): Explicitly flush log buffer in client.close() (#​19371)
• fix(core): Langgraph state graph invoke accepts null to resume (#​19374)
• fix(core): Wrap decodeURI in node stack trace parser to handle malformed URIs (#​19400)
• fix(deps): Bump nuxt devDependency to fix CVE-2026-24001 (#​19249)
• fix(deps): Bump to latest version of each minimatch major (#​19486)
• fix(nextjs): Apply environment from options if set (#​19274)
• fix(nextjs): Don't set sentry.drop_transaction attribute on spans when skipOpenTelemetrySetup is enabled (#​19333)
• fix(nextjs): Normalize trailing slashes in App Router route parameterization (#​19365)
• fix(nextjs): Return correct lastEventId for SSR pages (#​19240)
• fix(nextjs): Set parameterized transaction name for non-transaction events (#​19316)
• fix(node-core): Align pino mechanism type with spec conventions (#​19363)
• fix(nuxt): Use options.rootDir instead of options.srcDir (#​19343)

Internal Changes

- test(nextjs): Add bun e2e test app ([#​19318](https://redirect.github.com/getsentry/sentry-javascript/pull/19318)) - test(nextjs): Deactivate canary test for cf-workers ([#​19483](https://redirect.github.com/getsentry/sentry-javascript/pull/19483)) - tests(langchain): Fix langchain v1 internal error tests ([#​19409](https://redirect.github.com/getsentry/sentry-javascript/pull/19409)) - ref(nuxt): Remove `defineNitroPlugin` wrapper ([#​19334](https://redirect.github.com/getsentry/sentry-javascript/pull/19334)) - ref(cloudflare): Move internal files and functions around ([#​19369](https://redirect.github.com/getsentry/sentry-javascript/pull/19369)) - chore: Add external contributor to CHANGELOG.md ([#​19395](https://redirect.github.com/getsentry/sentry-javascript/pull/19395)) - chore: Add github action to notify stale PRs ([#​19361](https://redirect.github.com/getsentry/sentry-javascript/pull/19361)) - chore: add oxfmt changes to blame ignore rev list ([#​19366](https://redirect.github.com/getsentry/sentry-javascript/pull/19366)) - chore: Enhance AI integration guidelines with runtime-specific placem… ([#​19296](https://redirect.github.com/getsentry/sentry-javascript/pull/19296)) - chore: Ignore `lerna.json` for prettier ([#​19288](https://redirect.github.com/getsentry/sentry-javascript/pull/19288)) - chore: migrate to oxfmt ([#​19200](https://redirect.github.com/getsentry/sentry-javascript/pull/19200)) - chore: Revert to lerna v8 ([#​19294](https://redirect.github.com/getsentry/sentry-javascript/pull/19294)) - chore: Unignore HTML files and reformat with oxfmt ([#​19311](https://redirect.github.com/getsentry/sentry-javascript/pull/19311)) - chore(ci): Adapt max turns of triage issue agent ([#​19473](https://redirect.github.com/getsentry/sentry-javascript/pull/19473)) - chore(ci): Add `environment` to triage action ([#​19375](https://redirect.github.com/getsentry/sentry-javascript/pull/19375)) - chore(ci): Add `id-token: write` permission to triage workflow ([#​19381](https://redirect.github.com/getsentry/sentry-javascript/pull/19381)) - chore(ci): Move monorepo to nx ([#​19325](https://redirect.github.com/getsentry/sentry-javascript/pull/19325)) - chore(cursor): Add rules for fetching develop docs ([#​19377](https://redirect.github.com/getsentry/sentry-javascript/pull/19377)) - chore(deps-dev): Bump @​sveltejs/kit from 2.49.5 to 2.52.2 in /dev-packages/e2e-tests/test-applications/sveltekit-2 ([#​19441](https://redirect.github.com/getsentry/sentry-javascript/pull/19441)) - chore(deps-dev): Bump @​sveltejs/kit from 2.49.5 to 2.52.2 in /dev-packages/e2e-tests/test-applications/sveltekit-2-kit-tracing ([#​19446](https://redirect.github.com/getsentry/sentry-javascript/pull/19446)) - chore(deps-dev): Bump @​sveltejs/kit from 2.49.5 to 2.52.2 in /dev-packages/e2e-tests/test-applications/sveltekit-cloudflare-pages ([#​19462](https://redirect.github.com/getsentry/sentry-javascript/pull/19462)) - chore(deps-dev): Bump @​sveltejs/kit from 2.50.1 to 2.52.2 ([#​19442](https://redirect.github.com/getsentry/sentry-javascript/pull/19442)) - chore(deps-dev): bump @​testing-library/react from 13.0.0 to 15.0.5 ([#​19194](https://redirect.github.com/getsentry/sentry-javascript/pull/19194)) - chore(deps-dev): bump @​types/ember__debug from 3.16.5 to 4.0.8 ([#​19429](https://redirect.github.com/getsentry/sentry-javascript/pull/19429)) - chore(deps-dev): bump ember-resolver from 13.0.2 to 13.1.1 ([#​19301](https://redirect.github.com/getsentry/sentry-javascript/pull/19301)) - chore(deps): Bump @​actions/glob from 0.4.0 to 0.6.1 ([#​19427](https://redirect.github.com/getsentry/sentry-javascript/pull/19427)) - chore(deps): bump agents from 0.2.32 to 0.3.10 in /dev-packages/e2e-tests/test-applications/cloudflare-mcp ([#​19326](https://redirect.github.com/getsentry/sentry-javascript/pull/19326)) - chore(deps): Bump hono from 4.11.7 to 4.11.10 in /dev-packages/e2e-tests/test-applications/cloudflare-hono ([#​19438](https://redirect.github.com/getsentry/sentry-javascript/pull/19438)) - chore(deps): Bump Sentry CLI to latest v2 ([#​19477](https://redirect.github.com/getsentry/sentry-javascript/pull/19477)) - chore(deps): Bump transitive dep `fast-xml-parser` ([#​19433](https://redirect.github.com/getsentry/sentry-javascript/pull/19433)) - chore(deps): upgrade tar to 7.5.9 to fix CVE-2026-26960 ([#​19445](https://redirect.github.com/getsentry/sentry-javascript/pull/19445)) - chore(github): Add `allowedTools` to Claude GitHub action ([#​19386](https://redirect.github.com/getsentry/sentry-javascript/pull/19386)) - chore(github): Add workflow to trigger `triage-issue` skill ([#​19358](https://redirect.github.com/getsentry/sentry-javascript/pull/19358)) - chore(github): Add write tool for markdown report ([#​19387](https://redirect.github.com/getsentry/sentry-javascript/pull/19387)) - chore(github): Change tool permission path ([#​19389](https://redirect.github.com/getsentry/sentry-javascript/pull/19389)) - chore(llm): Add `triage-issue` skill ([#​19356](https://redirect.github.com/getsentry/sentry-javascript/pull/19356)) - chore(llm): Better defense against prompt injection in triage skill ([#​19410](https://redirect.github.com/getsentry/sentry-javascript/pull/19410)) - chore(llm): Make cross-repo search optional and remove file cleanup ([#​19401](https://redirect.github.com/getsentry/sentry-javascript/pull/19401)) - chore(node-core): Make @​sentry/opentelemetry not a peer dep in node… ([#​19308](https://redirect.github.com/getsentry/sentry-javascript/pull/19308)) - chore(repo): Allow WebFetch for Sentry docs in Claude settings ([#​18890](https://redirect.github.com/getsentry/sentry-javascript/pull/18890)) - chore(repo): Increase number of concurrently running nx tasks ([#​19443](https://redirect.github.com/getsentry/sentry-javascript/pull/19443)) - chore(skills): Add security notes for injection defense ([#​19379](https://redirect.github.com/getsentry/sentry-javascript/pull/19379)) - chore(triage-action): Fix JSON parsing ([#​19471](https://redirect.github.com/getsentry/sentry-javascript/pull/19471)) - chore(triage-issue): Improve triage prompt for accuracy ([#​19454](https://redirect.github.com/getsentry/sentry-javascript/pull/19454)) - chore(triage-skill): Add GitHub parsing python util script ([#​19405](https://redirect.github.com/getsentry/sentry-javascript/pull/19405)) - chore(triage-skill): Increase `num_turns` and add script to post summary ([#​19456](https://redirect.github.com/getsentry/sentry-javascript/pull/19456)) - ci(fix-security-vulnerability): Add id token write permission ([#​19412](https://redirect.github.com/getsentry/sentry-javascript/pull/19412)) - ci(fix-security-vulnerability): Be specific about how to fetch the alert page ([#​19414](https://redirect.github.com/getsentry/sentry-javascript/pull/19414)) - ci(fix-security-vulnerability): Run fetch alert first before executing skill ([#​19418](https://redirect.github.com/getsentry/sentry-javascript/pull/19418)) - ci(fix-security-vulnerability): Use opus 4.6 ([#​19416](https://redirect.github.com/getsentry/sentry-javascript/pull/19416)) - ci(github): Add tilde to file path to not exact-match ([#​19392](https://redirect.github.com/getsentry/sentry-javascript/pull/19392)) - ci(triage-skill): Allow `Write` and remove `rm` permission ([#​19397](https://redirect.github.com/getsentry/sentry-javascript/pull/19397)) - ci(triage-skill): Run on opened issues ([#​19423](https://redirect.github.com/getsentry/sentry-javascript/pull/19423)) - docs(nuxt): Remove duplicated setup instructions ([#​19422](https://redirect.github.com/getsentry/sentry-javascript/pull/19422)) - feat(ci): Add security vulnerability skill action ([#​19355](https://redirect.github.com/getsentry/sentry-javascript/pull/19355))

Work in this release was contributed by @​LudvigHz and @​jadengis. Thank you for your contributions!

swc-project/swc (@​swc/core)

v1.15.17

Compare Source

Documentation

• Add submodule update step before test runs (#​11576) (81b22c3)

Features

• (bindings) Add html wasm binding and publish wiring (#​11587) (b3869c3)

• (sourcemap) Support safe scopes round-trip metadata (#​11581) (de2a348)

• Emit ECMA-426 source map scopes behind experimental flag (#​11582) (2385a22)

v1.15.13

Compare Source

Bug Fixes

• (errors) Avoid panic on invalid diagnostic spans (#​11561) (b24b8e0)

• (es/helpers) Fix _object_without_properties crash on primitive values (#​11571) (4f35904)

• (es/jsx) Preserve whitespace before HTML entities (#​11521) (64be077)

• (es/minifier) Do not merge if statements with different local variable values (#​11518) (3e63627)

• (es/minifier) Prevent convert_tpl_to_str when there's emoji under es5 (#​11529) (ff6cf88)

• (es/minifier) Inline before merge if (#​11526) (aa5a9ac)

• (es/minifier) Preserve array join("") nullish semantics (#​11558) (d477f61)

• (es/minifier) Inline side-effect-free default params (#​11564) (1babda7)

• (es/parser) Fix generic arrow function in TSX mode (#​11549) (366a16b)

• (es/react) Preserve first-line leading whitespace with entities (#​11568) (fc62617)

• (es/regexp) Transpile unicode property escapes in RegExp constructor (#​11554) (476d544)

Documentation

• (agents) Clarify sandbox escalation for progress (#​11574) (cb31d0d)

Features

• (es/minifier) Add unsafe_hoist_static_method_alias option (#​11493) (6e7dbe2)

• (es/minifier) Remove unused args for IIFE (#​11536) (3cc286b)

Refactor

• (es/parser) Compare token kind rather than strings (#​11531) (5872ffa)

• (es/typescript) Run typescript transform in two passes (#​11532) (b069558)

• (es/typescript) Precompute namespace import-equals usage in semantic pass (#​11534) (b7e87c7)

Testing

• (es/minifier) Add execution tests for issue #​11517 (#​11530) (01b3b64)

• Disable cva ecosystem ci temporariliy (55bc966)

Ci

• Reset closed issue and PR milestone to Planned (#​11559) (d5c4ebe)

• Add permission (431c576)

typescript-eslint/typescript-eslint (@​typescript-eslint/eslint-plugin)

v8.56.1

Compare Source

This was a version bump only for eslint-plugin to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

typescript-eslint/typescript-eslint (@​typescript-eslint/parser)

v8.56.1

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

webpack/css-loader (css-loader)

v7.1.4

Compare Source

cypress-io/cypress (cypress)

v15.11.0

Compare Source

Changelog: https://docs.cypress.io/app/references/changelog#15-11-0

isaacs/node-glob (glob)

v13.0.6

Compare Source

pmndrs/jotai (jotai)

v2.18.0

Compare Source

We moved jotai/babel to jotai-babel.

Migration Guide

If you use the preset:

  {
-   "presets": ["jotai/babel/preset"]
+   "presets": ["jotai-babel/preset"]
  }

If you use a plugin:

  {
-   "plugins": ["jotai/babel/plugin-debug-label"]
+   "plugins": ["jotai-babel/plugin-debug-label"]
  }

What's Changed

• refactor(internals): simplify promise handing by @​dai-shi in #​3232
• feat: deprecate jotai/babel in favor of jotai-babel by @​dai-shi in #​3236
• fix: keep reactivity if get is called i

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[Hyperkid123]

/retest

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Updates package.json to require Node >=16.20.2 and npm >=7.24.2 and applies widespread version bumps for production and development dependencies; project scripts and exported/public API declarations are unchanged.

Changes

Cohort / File(s)

Summary

Dependency manifest package.json

Raised engines to node >=16.20.2, npm >=7.24.2. Extensive dependency and devDependency version upgrades across testing (Playwright, Cypress, Jest), build tooling (webpack, swc, loaders, terser), linting/TS tooling (ESLint, @typescript-eslint), UI/platform libs (PatternFly, frontend-components, chrome, host-inventory, entitlements), Sentry, axios, router/sanitizers, and various utilities. No changes to scripts or exported/public APIs.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~15 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the primary change: updating npm minor and patch dependencies in package.json.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description check	✅ Passed	The PR description is directly related to the changeset, clearly describing all updated npm dependencies with specific version changes for both minor and patch bumps, including notable migrations and configuration updates.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch konflux/mintmaker/master/npm-minor-and-patch-dependencies

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (1)

package.json (1)

80-80: @types/node: ^25.3.0 version skew with engines.node: >=16.20.2

@types/node@25.x provides typings for Node.js v25 APIs. With the engine constraint still allowing Node 16.x–17.x, this version skew can surface type-completions (and successful type-checks) for APIs that simply don't exist at runtime on older supported Node versions (e.g. fs.glob, newer crypto methods).

If Node 16 support is being dropped (as the Jest 30 upgrade implies), this is fine. Otherwise, consider pinning @types/node to a version matching the minimum supported runtime, e.g., ^18.x or ^20.x.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@package.json` at line 80, The package.json currently depends on
"@types/node": "^25.3.0" which targets Node v25 typings and is inconsistent with
the declared engines.node constraint; update package.json so the runtime typings
match the supported Node version—either lower the "@types/node" version to one
that matches your minimum supported runtime (e.g., "@types/node": "^18.x" or
"^20.x") or, if you intend to drop Node 16, bump the engines.node field to the
new minimum (e.g., "engines": { "node": ">=18.x" }) so "@types/node" and
engines.node are aligned.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@package.json`:
- Around line 154-155: The dependency change flipped `@sentry/browser` and
`@sentry/react` from exact pins to caret ranges; restore intentional pinning or
document the change: update package.json to use the exact versions previously
pinned (e.g., "@sentry/browser": "10.39.0", "@sentry/react": "10.39.0") if the
lock was deliberate, or add a brief PR note/commit message explaining and
approving the deliberate switch to caret ranges (e.g., "^10.40.0") so
maintainers know this is intentional rather than an accidental Renovate update.
- Around line 6-7: Update the Node engine constraint in package.json so it
matches Jest 30's minimum Node requirement: change the "engines.node" value from
">=16.20.2" to ">=18.0.0"; edit the package.json "engines" object (the
"engines.node" field) to tighten the range and ensure CI/dev environments using
Node 16 won't run an incompatible Jest 30 test suite.
- Around line 99-100: Update verification for the Jest 30 upgrade: ensure CI and
runtime targets Node 22+ (adjust CI configs if needed), bump TypeScript to >=5.4
in devDependencies, run the full test suite and update snapshots where
object-matchers now exclude non-enumerable properties, confirm the custom test
environment file config/jest-environment-jsdom.js still exposes
jsdomReconfigure() for tests mutating window.location, and if you have a custom
TestSequencer (class extending TestSequencer) update its signature to accept the
new context parameters per the Jest 30 TestSequencer API; all changes relate to
the updated "jest" and "jest-environment-jsdom" entries in package.json.

---

Nitpick comments:
In `@package.json`:
- Line 80: The package.json currently depends on "@types/node": "^25.3.0" which
targets Node v25 typings and is inconsistent with the declared engines.node
constraint; update package.json so the runtime typings match the supported Node
version—either lower the "@types/node" version to one that matches your minimum
supported runtime (e.g., "@types/node": "^18.x" or "^20.x") or, if you intend to
drop Node 16, bump the engines.node field to the new minimum (e.g., "engines": {
"node": ">=18.x" }) so "@types/node" and engines.node are aligned.

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to Reviews -> Disable Knowledge Base setting

📥 Commits

Reviewing files that changed from the base of the PR and between 8c4dab3 and d90a36b.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• package.json

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Engine constraint >=16.20.2 conflicts with Jest 30 dropping Node 16 support

Jest 30 drops support for Node 14, 16, 19, and 21. The engines.node field is still set to >=16.20.2, meaning environments running Node 16 (a valid value under this range) will fail when executing Jest tests. If your CI or any developer environment uses Node 16, the test suite will not run. Consider tightening the constraint to >=18.0.0 to match Jest 30's requirements.

🔧 Proposed fix

-    "node": ">=16.20.2",
+    "node": ">=18.0.0",

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	"node": ">=16.20.2",
	"npm": ">=7.24.2"
	"node": ">=18.0.0",
	"npm": ">=7.24.2"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@package.json` around lines 6 - 7, Update the Node engine constraint in
package.json so it matches Jest 30's minimum Node requirement: change the
"engines.node" value from ">=16.20.2" to ">=18.0.0"; edit the package.json
"engines" object (the "engines.node" field) to tighten the range and ensure
CI/dev environments using Node 16 won't run an incompatible Jest 30 test suite.

[coderabbitai]

♻️ Duplicate comments (1)

package.json (1)

6-7: ⚠️ Potential issue | 🟠 Major

Tighten engines.node; current range allows unsupported runtimes for upgraded tooling.

Line 6 still permits Node 16+, but this dependency set now includes tools that require newer Node versions (notably Jest 30, Cypress 15, webpack-cli 6). This can allow incompatible environments to install and then fail during test/build.

🔧 Proposed fix

-    "node": ">=16.20.2",
+    "node": ">=20.0.0",

#!/bin/bash
set -euo pipefail

echo "Project engines.node:"
jq -r '.engines.node' package.json

for spec in "jest@30.2.0" "jest-environment-jsdom@30.2.0" "cypress@15.11.0" "webpack-cli@6.0.1"; do
  pkg="${spec%@*}"
  ver="${spec#*@}"
  echo ""
  echo "== $spec engines.node =="
  curl -fsSL "https://registry.npmjs.org/${pkg}/${ver}" | jq -r '.engines.node // "no engines.node declared"'
done

Sources:

• https://jestjs.io/docs/upgrading-to-jest30
• https://docs.cypress.io/app/references/migration-guide
• https://github.com/webpack/webpack-cli/releases

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@package.json` around lines 6 - 7, Update the package.json "engines.node"
field to require a newer Node LTS that is compatible with Jest 30, Cypress 15
and webpack-cli 6 (replace ">=16.20.2" with a modern minimum such as ">=18.14.0"
or your project's chosen supported Node LTS), commit that change, and re-run the
provided verification script to confirm the declared engine satisfies the tools'
engine requirements; ensure the "node" key under "engines" is the updated value.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@package.json`:
- Around line 6-7: Update the package.json "engines.node" field to require a
newer Node LTS that is compatible with Jest 30, Cypress 15 and webpack-cli 6
(replace ">=16.20.2" with a modern minimum such as ">=18.14.0" or your project's
chosen supported Node LTS), commit that change, and re-run the provided
verification script to confirm the declared engine satisfies the tools' engine
requirements; ensure the "node" key under "engines" is the updated value.

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to Reviews -> Disable Knowledge Base setting

📥 Commits

Reviewing files that changed from the base of the PR and between d90a36b and 1aa7380.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• package.json

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 52.26%. Comparing base (cd224d6) to head (9baeee8).
⚠️ Report is 9 commits behind head on master.

❌ Your project status has failed because the head coverage (52.26%) is below the target coverage (60.00%). You can increase the head coverage or adjust the target coverage.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #3381      +/-   ##
==========================================
+ Coverage   52.21%   52.26%   +0.05%     
==========================================
  Files         252      253       +1     
  Lines        6165     6201      +36     
  Branches      886      890       +4     
==========================================
+ Hits         3219     3241      +22     
- Misses       2233     2246      +13     
- Partials      713      714       +1     

see 1 file with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.