deps(npm): bump the npm-deps group in /src/web with 9 updates

[dependabot]

Bumps the npm-deps group in /src/web with 9 updates:

Package	From	To
@sentry/react	10.56.0	10.57.0
lucide-react	1.17.0	1.18.0
@tailwindcss/vite	4.3.0	4.3.1
@types/node	25.9.2	25.9.3
eslint-plugin-react-refresh	0.5.2	0.5.3
shadcn	4.10.0	4.11.0
tailwindcss	4.3.0	4.3.1
typescript-eslint	8.60.1	8.61.0
vitest	4.1.8	4.1.9

Updates @sentry/react from 10.56.0 to 10.57.0

Release notes

Sourced from @​sentry/react's releases.

10.57.0

Important Changes

• feat(angular): Add support for Angular 22 (#21330)

  @sentry/angular now officially supports Angular 22.

• ref(core): Deprecate sendDefaultPii in favor of dataCollection (#21277)

  sendDefaultPii is deprecated and will be removed in v11. The new dataCollection option lets you control each category of collected data. sendDefaultPii: true still works and maps to enabling all dataCollection categories. dataCollection.userInfo defaults to true when dataCollection is provided, meaning auto-populated user.* fields (e.g. IP address from a request) are collected by default. Data you set explicitly (like via Sentry.setUser()) is always sent regardless. When dataCollection is not set at all, the legacy sendDefaultPii behavior applies (userInfo: false by default) to preserve backward compatibility.

  Note that an empty dataCollection: {} falls back to more permissive defaults than sendDefaultPii: false, so replicate the old behavior by opting out explicitly:

  Sentry.init({
    dataCollection: {
      userInfo: false,
      genAI: { inputs: false, outputs: false },
      httpBodies: [],
      httpHeaders: { deny: ['forwarded', '-ip', 'remote-', 'via', '-user'] },
      cookies: { deny: ['forwarded', '-ip', 'remote-', 'via', '-user'] },
      queryParams: { deny: ['forwarded', '-ip', 'remote-', 'via', '-user'] },
    },
  });

Other Changes

• feat: Use dataCollection.frameContextLines for ContextLines integration (#21323)
• feat(cloudflare): Auto instrument D1 based on env (#21276)
• feat(core): Change default of dataCollection.userInfo to true (#21348)
• feat(core): Default dataCollection.httpBodies to all valid body types (#21352)
• feat(hono): Filter noisy transactions (favicon etc) (#21365)
• fix(cloudflare): Don't track negatively sampled spans (#21367)
• fix(core): Use safeDateNow calls for new Date() reads (#21351)
• fix(nextjs): Shim pinoIntegration on edge runtime (#21347)
• fix(node): Prevent PostgresJs integration from emitting duplicate spans per query (#21364)
• fix(node-core): Read __SENTRY_SERVER_MODULES__ lazily so Turbopack injection is honored (#21339)
• fix(react): Detect React Router v6/v7 navigations in a layout effect to propagate the correct trace (#21326)
• fix(react): Remove unused react.componentStack event context (#21183)
• fix(replays): Record sentry._internal.replay_is_buffering for spans (#21297)

• chore: Bump volta node version from 20.19.2 to 20.19.5 (#21359)

... (truncated)

Changelog

Sourced from @​sentry/react's changelog.

10.57.0

Important Changes

• feat(angular): Add support for Angular 22 (#21330)

  @sentry/angular now officially supports Angular 22.

• ref(core): Deprecate sendDefaultPii in favor of dataCollection (#21277)

  sendDefaultPii is deprecated and will be removed in v11. The new dataCollection option lets you control each category of collected data. sendDefaultPii: true still works and maps to enabling all dataCollection categories. dataCollection.userInfo defaults to true when dataCollection is provided, meaning auto-populated user.* fields (e.g. IP address from a request) are collected by default. Data you set explicitly (like via Sentry.setUser()) is always sent regardless. When dataCollection is not set at all, the legacy sendDefaultPii behavior applies (userInfo: false by default) to preserve backward compatibility.

  Note that an empty dataCollection: {} falls back to more permissive defaults than sendDefaultPii: false, so replicate the old behavior by opting out explicitly:

  Sentry.init({
    dataCollection: {
      userInfo: false,
      genAI: { inputs: false, outputs: false },
      httpBodies: [],
      httpHeaders: { deny: ['forwarded', '-ip', 'remote-', 'via', '-user'] },
      cookies: { deny: ['forwarded', '-ip', 'remote-', 'via', '-user'] },
      queryParams: { deny: ['forwarded', '-ip', 'remote-', 'via', '-user'] },
    },
  });

Other Changes

• feat: Use dataCollection.frameContextLines for ContextLines integration (#21323)
• feat(cloudflare): Auto instrument D1 based on env (#21276)
• feat(core): Change default of dataCollection.userInfo to true (#21348)
• feat(core): Default dataCollection.httpBodies to all valid body types (#21352)
• feat(hono): Filter noisy transactions (favicon etc) (#21365)
• fix(cloudflare): Don't track negatively sampled spans (#21367)
• fix(core): Use safeDateNow calls for new Date() reads (#21351)
• fix(nextjs): Shim pinoIntegration on edge runtime (#21347)
• fix(node): Prevent PostgresJs integration from emitting duplicate spans per query (#21364)
• fix(node-core): Read __SENTRY_SERVER_MODULES__ lazily so Turbopack injection is honored (#21339)
• fix(react): Detect React Router v6/v7 navigations in a layout effect to propagate the correct trace (#21326)
• fix(react): Remove unused react.componentStack event context (#21183)
• fix(replays): Record sentry._internal.replay_is_buffering for spans (#21297)

... (truncated)

Commits

• 950cf97 release: 10.57.0
• 55f9343 Merge pull request #21369 from getsentry/prepare-release/10.57.0
• 88d9d30 meta(changelog): Update changelog for 10.57.0
• 03ffd25 fix(cloudflare): Don't track negatively sampled spans (#21367)
• 7c19ead ref(node): Streamline sql-common (#21360)
• 95df562 feat(hono): Filter noisy transactions (favicon etc) (#21365)
• 92eb5d2 feat(deps): Bump hono from 4.12.18 to 4.12.21 (#21341)
• c6f790b fix(node): Prevent PostgresJs integration from emitting duplicate spans per q...
• d645349 ref(node): Streamline lru-memoizer instrumentation (#21350)
• 4293015 feat(deps): Bump @​types/aws-lambda from 8.10.150 to 8.10.161 (#21105)
• Additional commits viewable in compare view

Updates lucide-react from 1.17.0 to 1.18.0

Release notes

Sourced from lucide-react's releases.

Version 1.18.0

What's Changed

• chore(site): Remove survey from site by @​ericfennis in lucide-icons/lucide#4417
• feat(icons): added play-off icon by @​Ahmed-Dghaies in lucide-icons/lucide#4412
• fix(metadata): add missing use-cases prop on play-off.json by @​karsa-mistmere in lucide-icons/lucide#4423
• fix(docs): force hide #bb-banner, if html.has-bb-banner is missing by @​karsa-mistmere in lucide-icons/lucide#4422
• fix(docs): Remove @next from installation instructions for@lucide/svelte by @​alecglassford in lucide-icons/lucide#4432
• feat(packages/angular): add support for Angular v22 and onwards by @​karsa-mistmere in lucide-icons/lucide#4450
• fix(ci): add check to skip release if latest tag was created today by @​ericfennis in lucide-icons/lucide#4085
• feat(icons): added webcam-off icon by @​jordan-burnett in lucide-icons/lucide#4242

New Contributors

• @​alecglassford made their first contribution in lucide-icons/lucide#4432
• @​jordan-burnett made their first contribution in lucide-icons/lucide#4242

Full Changelog: lucide-icons/lucide@1.17.0...1.18.0

Commits

• See full diff in compare view

Updates @tailwindcss/vite from 4.3.0 to 4.3.1

Release notes

Sourced from @​tailwindcss/vite's releases.

v4.3.1

Added

• Add --silent option to suppress output in @tailwindcss/cli (#20100)

Fixed

• Remove deprecation warnings by using Module#registerHooks instead of Module#register on Node 26+ (#20028)
• Canonicalization: don't crash when plugin utilities throw for unsupported values (#20052)
• Allow @apply to be used with CSS mixins (#19427)
• Ensure not-* correctly negates @container queries, including style(…) queries (#20059)
• Ensure drop-shadow-* color utilities work with custom shadow values containing calc(…) (#20080)
• Fix 'Sourcemap is likely to be incorrect' warnings when using @tailwindcss/vite (#20103)
• Ensure @tailwindcss/webpack can be installed in Rspack projects without requiring webpack as a peer dependency (#20027)
• Canonicalization: don't suggest invalid calc(…) expressions (e.g. px-[calc(1rem+0px)] → px-[calc(1rem+0)]) (#20127)
• Canonicalization: avoid suggesting large spacing-scale values for arbitrary lengths (e.g. left-[99999px] → left-[99999px], not left-24999.75) (#20130)
• Ensure @tailwindcss/cli in --watch mode recovers when a tracked dependency is deleted and restored (#20137)
• Ensure standalone @tailwindcss/cli binaries are ignored when scanning for class candidates (#20139)
• Ensure class candidates are extracted from Twig addClass(…) and removeClass(…) calls (#20198)
• Don't crash in the Ruby or Vue preprocessors when scanning files containing invalid UTF-8 bytes (#19588)
• Allow @variant to be used inside addBase (#19480)
• Ensure @source globs with symlinks are preserved (#20203)
• Ensure later @source rules can re-include files excluded by earlier @source not rules (#20203)
• Upgrade: don't migrate empty class rules to invalid @utility rules (#20205)
• Ensure transitions between inset-shadow-none and other inset shadows work correctly (#20208)
• Ensure explicitly referenced @source directories are scanned even when ignored by git (#20214)
• Ensure @source globs ending in **/* preserve dynamic path segments to avoid scanning too many files (#20217)
• Canonicalization: don't fold calc(…) divisions when the result would require high precision (e.g. w-[calc(100%/3.5)] → w-[calc(100%/3.5)], not w-[28.571428571428573%]) (#20221)
• Serve ESM type declarations to ESM importers of @tailwindcss/postcss (#20228)

Changed

• Generate 0 instead of calc(var(--spacing) * 0) for spacing utilities like m-0 and left-0 (#20196)
• Generate var(--spacing) instead of calc(var(--spacing) * 1) for spacing utilities like m-1 and left-1 (#20196)

Changelog

Sourced from @​tailwindcss/vite's changelog.

[4.3.1] - 2026-06-12

Added

• Add --silent option to suppress output in @tailwindcss/cli (#20100)

Fixed

• Remove deprecation warnings by using Module#registerHooks instead of Module#register on Node 26+ (#20028)
• Canonicalization: don't crash when plugin utilities throw for unsupported values (#20052)
• Allow @apply to be used with CSS mixins (#19427)
• Ensure not-* correctly negates @container queries, including style(…) queries (#20059)
• Ensure drop-shadow-* color utilities work with custom shadow values containing calc(…) (#20080)
• Fix 'Sourcemap is likely to be incorrect' warnings when using @tailwindcss/vite (#20103)
• Ensure @tailwindcss/webpack can be installed in Rspack projects without requiring webpack as a peer dependency (#20027)
• Canonicalization: don't suggest invalid calc(…) expressions (e.g. px-[calc(1rem+0px)] → px-[calc(1rem+0)]) (#20127)
• Canonicalization: avoid suggesting large spacing-scale values for arbitrary lengths (e.g. left-[99999px] → left-[99999px], not left-24999.75) (#20130)
• Ensure @tailwindcss/cli in --watch mode recovers when a tracked dependency is deleted and restored (#20137)
• Ensure standalone @tailwindcss/cli binaries are ignored when scanning for class candidates (#20139)
• Ensure class candidates are extracted from Twig addClass(…) and removeClass(…) calls (#20198)
• Don't crash in the Ruby or Vue preprocessors when scanning files containing invalid UTF-8 bytes (#19588)
• Allow @variant to be used inside addBase (#19480)
• Ensure @source globs with symlinks are preserved (#20203)
• Ensure later @source rules can re-include files excluded by earlier @source not rules (#20203)
• Upgrade: don't migrate empty class rules to invalid @utility rules (#20205)
• Ensure transitions between inset-shadow-none and other inset shadows work correctly (#20208)
• Ensure explicitly referenced @source directories are scanned even when ignored by git (#20214)
• Ensure @source globs ending in **/* preserve dynamic path segments to avoid scanning too many files (#20217)
• Canonicalization: don't fold calc(…) divisions when the result would require high precision (e.g. w-[calc(100%/3.5)] → w-[calc(100%/3.5)], not w-[28.571428571428573%]) (#20221)
• Serve ESM type declarations to ESM importers of @tailwindcss/postcss (#20228)

Changed

• Generate 0 instead of calc(var(--spacing) * 0) for spacing utilities like m-0 and left-0 (#20196)
• Generate var(--spacing) instead of calc(var(--spacing) * 1) for spacing utilities like m-1 and left-1 (#20196)

Commits

• 8a14a71 4.3.1 (#20226)
• 73983e1 Fix 'Sourcemap is likely to be incorrect' warnings when using `@tailwindcss/v...
• See full diff in compare view

Updates @types/node from 25.9.2 to 25.9.3

Commits

• See full diff in compare view

Updates eslint-plugin-react-refresh from 0.5.2 to 0.5.3

Release notes

Sourced from eslint-plugin-react-refresh's releases.

v0.5.3

• Fix check for non component class exported via export { } #110 (fixes #109)

Changelog

Sourced from eslint-plugin-react-refresh's changelog.

0.5.3

• Fix check for non component class exported via export { } #110 (fixes #109)

Commits

• 00818e9 v0.5.3 [publish]
• 202fc4a Fix PascalCase class exported via export { Name } incorrectly treated as Re...
• See full diff in compare view

Updates shadcn from 4.10.0 to 4.11.0

Release notes

Sourced from shadcn's releases.

shadcn@4.11.0

Minor Changes

• #10886 05eb2b968bdc769ad78df9628dc2260e1dec903c Thanks @​shadcn! - improve search command

Patch Changes

• #10851 7dfd933102fdb881f8abd24fc1ef11a669682b94 Thanks @​harshithasompura! - move msw to devDependencies

Changelog

Sourced from shadcn's changelog.

4.11.0

Minor Changes

• #10886 05eb2b968bdc769ad78df9628dc2260e1dec903c Thanks @​shadcn! - improve search command

Patch Changes

• #10851 7dfd933102fdb881f8abd24fc1ef11a669682b94 Thanks @​harshithasompura! - move msw to devDependencies

Commits

• 3f2ff18 chore(release): version packages (#10873)
• 05eb2b9 feat(cli): improve search command (#10886)
• 7dfd933 fix(cli): move msw to devDependencies (#10851)
• See full diff in compare view

Updates tailwindcss from 4.3.0 to 4.3.1

Release notes

Sourced from tailwindcss's releases.

v4.3.1

Added

• Add --silent option to suppress output in @tailwindcss/cli (#20100)

Fixed

• Remove deprecation warnings by using Module#registerHooks instead of Module#register on Node 26+ (#20028)
• Canonicalization: don't crash when plugin utilities throw for unsupported values (#20052)
• Allow @apply to be used with CSS mixins (#19427)
• Ensure not-* correctly negates @container queries, including style(…) queries (#20059)
• Ensure drop-shadow-* color utilities work with custom shadow values containing calc(…) (#20080)
• Fix 'Sourcemap is likely to be incorrect' warnings when using @tailwindcss/vite (#20103)
• Ensure @tailwindcss/webpack can be installed in Rspack projects without requiring webpack as a peer dependency (#20027)
• Canonicalization: don't suggest invalid calc(…) expressions (e.g. px-[calc(1rem+0px)] → px-[calc(1rem+0)]) (#20127)
• Canonicalization: avoid suggesting large spacing-scale values for arbitrary lengths (e.g. left-[99999px] → left-[99999px], not left-24999.75) (#20130)
• Ensure @tailwindcss/cli in --watch mode recovers when a tracked dependency is deleted and restored (#20137)
• Ensure standalone @tailwindcss/cli binaries are ignored when scanning for class candidates (#20139)
• Ensure class candidates are extracted from Twig addClass(…) and removeClass(…) calls (#20198)
• Don't crash in the Ruby or Vue preprocessors when scanning files containing invalid UTF-8 bytes (#19588)
• Allow @variant to be used inside addBase (#19480)
• Ensure @source globs with symlinks are preserved (#20203)
• Ensure later @source rules can re-include files excluded by earlier @source not rules (#20203)
• Upgrade: don't migrate empty class rules to invalid @utility rules (#20205)
• Ensure transitions between inset-shadow-none and other inset shadows work correctly (#20208)
• Ensure explicitly referenced @source directories are scanned even when ignored by git (#20214)
• Ensure @source globs ending in **/* preserve dynamic path segments to avoid scanning too many files (#20217)
• Canonicalization: don't fold calc(…) divisions when the result would require high precision (e.g. w-[calc(100%/3.5)] → w-[calc(100%/3.5)], not w-[28.571428571428573%]) (#20221)
• Serve ESM type declarations to ESM importers of @tailwindcss/postcss (#20228)

Changed

• Generate 0 instead of calc(var(--spacing) * 0) for spacing utilities like m-0 and left-0 (#20196)
• Generate var(--spacing) instead of calc(var(--spacing) * 1) for spacing utilities like m-1 and left-1 (#20196)

Changelog

Sourced from tailwindcss's changelog.

[4.3.1] - 2026-06-12

Added

• Add --silent option to suppress output in @tailwindcss/cli (#20100)

Fixed

• Remove deprecation warnings by using Module#registerHooks instead of Module#register on Node 26+ (#20028)
• Canonicalization: don't crash when plugin utilities throw for unsupported values (#20052)
• Allow @apply to be used with CSS mixins (#19427)
• Ensure not-* correctly negates @container queries, including style(…) queries (#20059)
• Ensure drop-shadow-* color utilities work with custom shadow values containing calc(…) (#20080)
• Fix 'Sourcemap is likely to be incorrect' warnings when using @tailwindcss/vite (#20103)
• Ensure @tailwindcss/webpack can be installed in Rspack projects without requiring webpack as a peer dependency (#20027)
• Canonicalization: don't suggest invalid calc(…) expressions (e.g. px-[calc(1rem+0px)] → px-[calc(1rem+0)]) (#20127)
• Canonicalization: avoid suggesting large spacing-scale values for arbitrary lengths (e.g. left-[99999px] → left-[99999px], not left-24999.75) (#20130)
• Ensure @tailwindcss/cli in --watch mode recovers when a tracked dependency is deleted and restored (#20137)
• Ensure standalone @tailwindcss/cli binaries are ignored when scanning for class candidates (#20139)
• Ensure class candidates are extracted from Twig addClass(…) and removeClass(…) calls (#20198)
• Don't crash in the Ruby or Vue preprocessors when scanning files containing invalid UTF-8 bytes (#19588)
• Allow @variant to be used inside addBase (#19480)
• Ensure @source globs with symlinks are preserved (#20203)
• Ensure later @source rules can re-include files excluded by earlier @source not rules (#20203)
• Upgrade: don't migrate empty class rules to invalid @utility rules (#20205)
• Ensure transitions between inset-shadow-none and other inset shadows work correctly (#20208)
• Ensure explicitly referenced @source directories are scanned even when ignored by git (#20214)
• Ensure @source globs ending in **/* preserve dynamic path segments to avoid scanning too many files (#20217)
• Canonicalization: don't fold calc(…) divisions when the result would require high precision (e.g. w-[calc(100%/3.5)] → w-[calc(100%/3.5)], not w-[28.571428571428573%]) (#20221)
• Serve ESM type declarations to ESM importers of @tailwindcss/postcss (#20228)

Changed

• Generate 0 instead of calc(var(--spacing) * 0) for spacing utilities like m-0 and left-0 (#20196)
• Generate var(--spacing) instead of calc(var(--spacing) * 1) for spacing utilities like m-1 and left-1 (#20196)

Commits

• 8a14a71 4.3.1 (#20226)
• 12833aa Fix canonicalization bug where we end up with a high precision number (#20221)
• 97a5b3a docs: fix double word 'to to' in test comment (#20216)
• d01e103 Add missing inset keyword for inset-shadow-none (#20208)
• ad66939 Allow @variant to be used inside addBase (#19480)
• efae52c Simplify CSS when using utilities that use a *-0 or *-1 value (#20196)
• 6b43b64 Canonicalization: limit arbitrary to bare values conversion (#20130)
• d4f24c5 Fix invalid canonicalization where 0\<unit> was migrated to 0 (#20127)
• 749c45e Expose index and siblings on walk context (#20109)
• 8dcdb66 Bump dependencies (#20095)
• Additional commits viewable in compare view

Updates typescript-eslint from 8.60.1 to 8.61.0

Release notes

Sourced from typescript-eslint's releases.

v8.61.0

8.61.0 (2026-06-08)

🚀 Features

• ast-spec: change type of UnaryExpression.prefix to always true (#12372)
• ast-spec: tighten types of ArrowFunction, YieldExpression, TSTypePredicate (#12373)

🩹 Fixes

• rule-schema-to-typescript-types: respect ECMAScript line terminators (#12374)

❤️ Thank You

• Kirk Waiblinger @​kirkwaiblinger
• lumir

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from typescript-eslint's changelog.

8.61.0 (2026-06-08)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

• 16a5b24 chore(release): publish 8.61.0
• See full diff in compare view

Updates vitest from 4.1.8 to 4.1.9

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions