Bump the npm-all group across 1 directory with 8 updates

[dependabot]

Bumps the npm-all group with 8 updates in the /frontend directory:

Package	From	To
@sentry/browser	10.43.0	10.45.0
@tanstack/react-query	5.90.21	5.91.2
@tanstack/react-router	1.167.4	1.167.5
@tanstack/eslint-plugin-query	5.91.4	5.91.5
@vanilla-extract/css	1.19.0	1.19.1
eslint-plugin-testing-library	7.16.0	7.16.1
msw	2.12.12	2.12.13
webpack-cli	7.0.1	7.0.2

Updates @sentry/browser from 10.43.0 to 10.45.0

Release notes

Sourced from @​sentry/browser's releases.

10.45.0

Important Changes

• feat(remix): Server Timing Headers Trace Propagation (#18653)

  The Remix SDK now supports automatic trace propagation via Server-Timing response headers to continue pageload traces on the client side. This means, you no longer have to define a custom meta function to add Sentry <meta> tags to your page as previously. We'll update out Remix tracing docs after this release.

Other Changes

• fix(cloudflare): Use correct env types for withSentry (#19836)
• fix(core): Align error span status message with core SpanStatusType for langchain/google-genai (#19863)
• fix(deno): Clear pre-existing OTel global before registering TracerProvider (#19723)
• fix(nextjs): Skip tracing for tunnel requests (#19861)
• fix(node-core): Recycle propagationContext for each request (#19835)
• ref(core): Simplify core utility functions for smaller bundle (#19854)

• chore(deps): bump next from 16.1.5 to 16.1.7 in /dev-packages/e2e-tests/test-applications/nextjs-16 (#19851)
• ci(release): Switch from action-prepare-release to Craft (#18763)
• fix(deps): bump devalue 5.6.3 to 5.6.4 to fix CVE-2026-30226 (#19849)
• fix(deps): bump file-type to 21.3.2 and @​nestjs/common to 11.1.17 (#19847)
• fix(deps): bump flatted 3.3.1 to 3.4.2 to fix CVE-2026-32141 (#19842)
• fix(deps): bump hono 4.12.5 to 4.12.7 in cloudflare-hono E2E test app (#19850)
• fix(deps): bump next to 15.5.13/16.1.7 to fix CVE-2026-1525, CVE-202-33036 and related (#19870)
• fix(deps): bump tar 7.5.10 to 7.5.11 to fix CVE-2026-31802 (#19846)
• fix(deps): bump undici 6.23.0 to 6.24.1 to fix multiple CVEs (#19841)
• fix(deps): bump unhead 2.1.4 to 2.1.12 to fix CVE-2026-31860 and CVE-2026-31873 (#19848)
• test(nextjs): Skip broken ISR tests (#19871)
• test(react): Add gql tests for react router (#19844)

Bundle size 📦

Path	Size
@​sentry/browser	24.93 KB
@​sentry/browser - with treeshaking flags	23.47 KB
@​sentry/browser (incl. Tracing)	41.51 KB
@​sentry/browser (incl. Tracing, Profiling)	46.07 KB
@​sentry/browser (incl. Tracing, Replay)	79.41 KB
@​sentry/browser (incl. Tracing, Replay) - with treeshaking flags	69.22 KB
@​sentry/browser (incl. Tracing, Replay with Canvas)	84 KB
@​sentry/browser (incl. Tracing, Replay, Feedback)	95.97 KB
@​sentry/browser (incl. Feedback)	41.35 KB
@​sentry/browser (incl. sendFeedback)	29.49 KB

... (truncated)

Changelog

Sourced from @​sentry/browser's changelog.

10.45.0

Important Changes

• feat(remix): Server Timing Headers Trace Propagation (#18653)

  The Remix SDK now supports automatic trace propagation via Server-Timing response headers to continue pageload traces on the client side. This means, you no longer have to define a custom meta function to add Sentry <meta> tags to your page as previously. We'll update out Remix tracing docs after this release.

Other Changes

• fix(cloudflare): Use correct env types for withSentry (#19836)
• fix(core): Align error span status message with core SpanStatusType for langchain/google-genai (#19863)
• fix(deno): Clear pre-existing OTel global before registering TracerProvider (#19723)
• fix(nextjs): Skip tracing for tunnel requests (#19861)
• fix(node-core): Recycle propagationContext for each request (#19835)
• ref(core): Simplify core utility functions for smaller bundle (#19854)

• chore(deps): bump next from 16.1.5 to 16.1.7 in /dev-packages/e2e-tests/test-applications/nextjs-16 (#19851)
• ci(release): Switch from action-prepare-release to Craft (#18763)
• fix(deps): bump devalue 5.6.3 to 5.6.4 to fix CVE-2026-30226 (#19849)
• fix(deps): bump file-type to 21.3.2 and @​nestjs/common to 11.1.17 (#19847)
• fix(deps): bump flatted 3.3.1 to 3.4.2 to fix CVE-2026-32141 (#19842)
• fix(deps): bump hono 4.12.5 to 4.12.7 in cloudflare-hono E2E test app (#19850)
• fix(deps): bump next to 15.5.13/16.1.7 to fix CVE-2026-1525, CVE-202-33036 and related (#19870)
• fix(deps): bump tar 7.5.10 to 7.5.11 to fix CVE-2026-31802 (#19846)
• fix(deps): bump undici 6.23.0 to 6.24.1 to fix multiple CVEs (#19841)
• fix(deps): bump unhead 2.1.4 to 2.1.12 to fix CVE-2026-31860 and CVE-2026-31873 (#19848)
• test(nextjs): Skip broken ISR tests (#19871)
• test(react): Add gql tests for react router (#19844)

10.44.0

Important Changes

• feat(effect): Add @sentry/effect SDK (Alpha) (#19644)

  This release introduces @sentry/effect, a new SDK for Effect.ts applications. The SDK provides Sentry integration via composable Effect layers for both Node.js and browser environments.

  Compose the effectLayer with optional tracing, logging, and metrics layers to instrument your Effect application:

  import * as Sentry from '@sentry/effect';
  import * as Layer from 'effect/Layer';

... (truncated)

Commits

• ef79d28 release: 10.45.0
• 28208bc Merge pull request #19877 from getsentry/prepare-release/10.45.0
• 2e2fd35 meta(changelog): Update changelog for 10.45.0
• 79241b0 fix(nextjs): Skip tracing for tunnel requests (#19861)
• 938ab2d ref(core): Simplify core utility functions for smaller bundle (#19854)
• 3bb4325 fix(core): Align error span status message with core SpanStatusType for lan...
• 3e5499a fix(deps): bump next to 15.5.13/16.1.7 to fix CVE-2026-1525, CVE-202-33036 an...
• 6f17b8a fix(cloudflare): Use correct env types for withSentry (#19836)
• b4b9e71 test(nextjs): Skip broken ISR tests (#19871)
• ae7206f feat(remix): Server Timing Headers Trace Propagation (#18653)
• Additional commits viewable in compare view

Updates @tanstack/react-query from 5.90.21 to 5.91.2

Release notes

Sourced from @​tanstack/react-query's releases.

@​tanstack/react-query@​5.91.2

Patch Changes

• fix(streamedQuery): maintain error state on reset refetch with initialData defined (#10287)

• Updated dependencies [248975e]:

  • @​tanstack/query-core@​5.91.2

@​tanstack/react-query@​5.91.0

Minor Changes

• feat: environmentManager (#10199)

Patch Changes

• Updated dependencies [6fa901b]:
  • @​tanstack/query-core@​5.91.0

@​tanstack/react-query-persist-client@​5.90.27

Patch Changes

• fix(streamedQuery): maintain error state on reset refetch with initialData defined (#10287)

• Updated dependencies [248975e]:

  • @​tanstack/query-persist-client-core@​5.92.4
  • @​tanstack/react-query@​5.91.2

@​tanstack/react-query-persist-client@​5.90.25

Patch Changes

• Updated dependencies [6fa901b]:
  • @​tanstack/react-query@​5.91.0
  • @​tanstack/query-persist-client-core@​5.92.2

@​tanstack/react-query-persist-client@​5.90.23

Patch Changes

• Updated dependencies [978fc52]:
  • @​tanstack/query-persist-client-core@​5.92.0
  • @​tanstack/react-query@​5.90.21

@​tanstack/react-query-persist-client@​5.90.22

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-persist-client-core@​5.91.19
  • @​tanstack/react-query@​5.90.20

Changelog

Sourced from @​tanstack/react-query's changelog.

5.91.2

Patch Changes

• fix(streamedQuery): maintain error state on reset refetch with initialData defined (#10287)

• Updated dependencies [248975e]:

  • @​tanstack/query-core@​5.91.2

5.91.1

Patch Changes

• fix(core): cancel paused initial fetch when last observer unsubscribes (#10291)

• Updated dependencies [a89aab9]:

  • @​tanstack/query-core@​5.91.1

5.91.0

Minor Changes

• feat: environmentManager (#10199)

Patch Changes

• Updated dependencies [6fa901b]:
  • @​tanstack/query-core@​5.91.0

Commits

• b6fd86b ci: Version Packages (#10297)
• 79e37cb ci: Version Packages (#10296)
• a89aab9 fix(core): cancel paused initial fetch when last observer unsubscribes (#10291)
• 3761d2b ci: Version Packages (#10290)
• 6fa901b feat/environmentManager (#10199)
• 3fac499 test(react-query/useSuspenseInfiniteQuery): add test for basic suspend and re...
• 6d0a2a9 test(react-query/useSuspenseQuery): remove unnecessary 'act' from background ...
• 9ec0fc6 test(react-query/useSuspenseQueries): remove unnecessary 'act' from backgroun...
• 67cf8b6 ref: ts cutoff (#10253)
• 8a59b2d test({react,preact}-query/useSuspenseQueries): add test for suspending when t...
• Additional commits viewable in compare view

Updates @tanstack/react-router from 1.167.4 to 1.167.5

Changelog

Sourced from @​tanstack/react-router's changelog.

1.167.5

Patch Changes

• Updated dependencies [5ff4f0b]:
  • @​tanstack/router-core@​1.167.5

Commits

• 86ea33c ci: changeset release
• See full diff in compare view

Updates @tanstack/eslint-plugin-query from 5.91.4 to 5.91.5

Release notes

Sourced from @​tanstack/eslint-plugin-query's releases.

@​tanstack/eslint-plugin-query@​5.91.5

Patch Changes

• Fix exhaustive-deps to detect dependencies used inside nested queryFn callbacks/control flow, and avoid false positives when those dependencies are already present in complex queryKey expressions. (#10258)

Changelog

Sourced from @​tanstack/eslint-plugin-query's changelog.

5.91.5

Patch Changes

• Fix exhaustive-deps to detect dependencies used inside nested queryFn callbacks/control flow, and avoid false positives when those dependencies are already present in complex queryKey expressions. (#10258)

Commits

• 4b1febd ci: Version Packages (#10281)
• 84a8ff1 fix: improve exhaustive dependencies detection (#10258)
• 67cf8b6 ref: ts cutoff (#10253)
• da2ff5a chore(vite.config): exclude 'tests' directory from coverage reports (#10084)
• See full diff in compare view

Updates @vanilla-extract/css from 1.19.0 to 1.19.1

Release notes

Sourced from @​vanilla-extract/css's releases.

@​vanilla-extract/css@​1.19.1

Patch Changes

• #1558 9b1bfd0 Thanks @​andjsrk! - style: Fixed a bug where nested arrays of classnames could cause missing or malformed CSS during style composition in certain situations.

  For example, the following style composition would not generate CSS for the backgroundColor: 'orange' style, and would also generate malformed CSS:

  const styleWithNestedComposition = style([
    [style1, style2],
    { backgroundColor: 'orange' },
    [style3]
  ]);

Changelog

Sourced from @​vanilla-extract/css's changelog.

1.19.1

Patch Changes

• #1558 9b1bfd0 Thanks @​andjsrk! - style: Fixed a bug where nested arrays of classnames could cause missing or malformed CSS during style composition in certain situations.

  For example, the following style composition would not generate CSS for the backgroundColor: 'orange' style, and would also generate malformed CSS:

  const styleWithNestedComposition = style([
    [style1, style2],
    { backgroundColor: 'orange' },
    [style3]
  ]);

Commits

• 79b3519 Version Packages (#1695)
• 9b1bfd0 Fix runtime behavior to match the type definition (#1558)
• d1257c7 Migrate all tests to vitest, increase vite-node dep range (#1694)
• ac5ab50 Configure oxlint, address some lint warnings (#1690)
• 02d85ec Update prettier to v3, delete some directories, update remix docs (#1689)
• See full diff in compare view

Updates eslint-plugin-testing-library from 7.16.0 to 7.16.1

Release notes

Sourced from eslint-plugin-testing-library's releases.

v7.16.1

7.16.1 (2026-03-19)

Bug Fixes

• no-node-access: prevent duplicate errors for chained property access (#1260) (74ce9dd), closes #1256

Commits

• 74ce9dd fix(no-node-access): prevent duplicate errors for chained property access (#1...
• d5aa504 chore(deps): update pnpm/action-setup action to v5 (#1257)
• ca05a8c chore(deps): update commitlint monorepo to v20.5.0 (#1250)
• ecbe796 chore(deps): update dependency tsdown to v0.21.3 (#1258)
• 0789e75 chore(deps): update dependency lint-staged to v16.3.4 (#1254)
• 7788ac2 chore(deps): update dependency @​vitest/eslint-plugin to v1.6.12 (#1252)
• 735f290 chore(deps): update dependency @​vitest/eslint-plugin to v1.6.11 (#1251)
• 078875c chore(deps): update dependency tsdown to v0.21.2 (#1248)
• 491fca6 build(deps): bump flatted from 3.3.3 to 3.4.1 in the npm_and_yarn group acros...
• efe152e chore(deps): update dependency eslint-plugin-import-x to v4.16.2 (#1247)
• Additional commits viewable in compare view

Updates msw from 2.12.12 to 2.12.13

Release notes

Sourced from msw's releases.

v2.12.13 (2026-03-17)

Bug Fixes

• GraphQL: support application/graphql-response+json response content-type (#2513) (4b8c330ac0dec25a61d21693ac38a097250f1255) @​phryneas @​kettanaito
• HttpResponse: mark implicit content-type headers with a symbol (#2675) (98716e7b337aba0090695c2f70895f2f97afa3ee) @​kettanaito

Commits

• 5f4ccce chore(release): v2.12.13
• 4b8c330 fix(GraphQL): support application/graphql-response+json response `content-t...
• 98716e7 fix(HttpResponse): mark implicit content-type headers with a symbol (#2675)
• See full diff in compare view

Updates webpack-cli from 7.0.1 to 7.0.2

Release notes

Sourced from webpack-cli's releases.

webpack-cli@7.0.2

Patch Changes

• Resolve configuration path for cache build dependencies. (by @​alexander-akait in #4707)

Changelog

Sourced from webpack-cli's changelog.

7.0.2

Patch Changes

• Resolve configuration path for cache build dependencies. (by @​alexander-akait in #4707)

Commits

• 49efdc0 chore(release): new release (#4708)
• 1fc1b9d fix: resolve configuration path for build dependencies (#4707)
• fd02100 chore(release): new release (#4705)
• a653b02 fix: use a new create-webpack-app package name (#4704)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud