chore(deps): bump the npm-minor-patch group across 1 directory with 3 updates

[dependabot]

Bumps the npm-minor-patch group with 3 updates in the / directory: @sentry/browser, esbuild and gettext-parser.

Updates @sentry/browser from 10.40.0 to 10.43.0

Release notes

Sourced from @​sentry/browser's releases.

10.43.0

Important Changes

• feat(nextjs): Add Turbopack support for React component name annotation (#19604)

  We added experimental support for React component name annotation in Turbopack builds. When enabled, JSX elements are annotated with data-sentry-component, data-sentry-element, and data-sentry-source-file attributes at build time. This enables searching Replays by component name, seeing component names in breadcrumbs, and performance monitoring — previously only available with webpack builds.

  This feature requires Next.js 16+ and is currently behind an experimental flag:

  // next.config.ts
  import { withSentryConfig } from '@sentry/nextjs';
  export default withSentryConfig(nextConfig, {
  _experimental: {
  turbopackReactComponentAnnotation: {
  enabled: true,
  ignoredComponents: ['Header', 'Footer'], // optional
  },
  },
  });

• feat(hono): Instrument middlewares app.use() (#19611)

  Hono middleware registered via app.use() is now automatically instrumented, creating spans for each middleware invocation.

Other Changes

• feat(node-core,node): Add tracePropagation option to http and fetch integrations (#19712)
• feat(hono): Use parametrized names for errors (#19577)
• fix(browser): Fix missing traces for user feedback (#19660)
• fix(cloudflare): Use correct Proxy receiver in instrumentDurableObjectStorage (#19662)
• fix(core): Standardize Vercel AI span descriptions to align with GenAI semantic conventions (#19624)
• fix(deps): Bump hono to 4.12.5 to fix multiple vulnerabilities (#19653)
• fix(deps): Bump svgo to 4.0.1 to fix DoS via entity expansion (#19651)
• fix(deps): Bump tar to 7.5.10 to fix hardlink path traversal (#19650)
• fix(nextjs): Align Turbopack module metadata injection with webpack behavior (#19645)
• fix(node): Prevent duplicate LangChain spans from double module patching (#19684)
• fix(node-core,vercel-edge): Use HEROKU_BUILD_COMMIT env var for default release (#19617)
• fix(sveltekit): Fix file system race condition in source map cleaning (#19714)
• fix(tanstackstart-react): Add workerd and worker export conditions (#19461)
• fix(vercel-ai): Prevent tool call span map memory leak (#19328)
• feat(deps): Bump @​sentry/rollup-plugin from 5.1.0 to 5.1.1 (#19658)

... (truncated)

Changelog

Sourced from @​sentry/browser's changelog.

10.43.0

Important Changes

• feat(nextjs): Add Turbopack support for React component name annotation (#19604)

  We added experimental support for React component name annotation in Turbopack builds. When enabled, JSX elements are annotated with data-sentry-component, data-sentry-element, and data-sentry-source-file attributes at build time. This enables searching Replays by component name, seeing component names in breadcrumbs, and performance monitoring — previously only available with webpack builds.

  This feature requires Next.js 16+ and is currently behind an experimental flag:

  // next.config.ts
  import { withSentryConfig } from '@sentry/nextjs';
  export default withSentryConfig(nextConfig, {
  _experimental: {
  turbopackReactComponentAnnotation: {
  enabled: true,
  ignoredComponents: ['Header', 'Footer'], // optional
  },
  },
  });

• feat(hono): Instrument middlewares app.use() (#19611)

  Hono middleware registered via app.use() is now automatically instrumented, creating spans for each middleware invocation.

Other Changes

• feat(node-core,node): Add tracePropagation option to http and fetch integrations (#19712)
• feat(hono): Use parametrized names for errors (#19577)
• fix(browser): Fix missing traces for user feedback (#19660)
• fix(cloudflare): Use correct Proxy receiver in instrumentDurableObjectStorage (#19662)
• fix(core): Standardize Vercel AI span descriptions to align with GenAI semantic conventions (#19624)
• fix(deps): Bump hono to 4.12.5 to fix multiple vulnerabilities (#19653)
• fix(deps): Bump svgo to 4.0.1 to fix DoS via entity expansion (#19651)
• fix(deps): Bump tar to 7.5.10 to fix hardlink path traversal (#19650)
• fix(nextjs): Align Turbopack module metadata injection with webpack behavior (#19645)
• fix(node): Prevent duplicate LangChain spans from double module patching (#19684)
• fix(node-core,vercel-edge): Use HEROKU_BUILD_COMMIT env var for default release (#19617)
• fix(sveltekit): Fix file system race condition in source map cleaning (#19714)
• fix(tanstackstart-react): Add workerd and worker export conditions (#19461)
• fix(vercel-ai): Prevent tool call span map memory leak (#19328)
• feat(deps): Bump @​sentry/rollup-plugin from 5.1.0 to 5.1.1 (#19658)

... (truncated)

Commits

• 3fb8102 release: 10.43.0
• 8706e4e Merge pull request #19716 from getsentry/prepare-release/10.43.0
• 61d7a84 meta(changelog): Update changelog for 10.43.0
• f83f288 test(angular): Fix failing canary test (#19639)
• 2b3ce34 fix(sveltekit): Fix file system race condition in source map cleaning (#19714)
• 98be6b0 chore(skills): Add bump-size-limit skill (#19715)
• cdee7a9 chore(sourcemaps): Make sourcemaps e2e test more generic (#19678)
• b26df86 feat(node-core,node): Add tracePropagation option to http and fetch integrati...
• 7b69774 chore(ci): Allow triage action to run on issues from external users (#19701)
• 5651be2 fix(browser): Fix missing traces for user feedback (#19660)
• Additional commits viewable in compare view

Updates esbuild from 0.27.3 to 0.27.4

Release notes

Sourced from esbuild's releases.

v0.27.4

• Fix a regression with CSS media queries (#4395, #4405, #4406)

  Version 0.25.11 of esbuild introduced support for parsing media queries. This unintentionally introduced a regression with printing media queries that use the <media-type> and <media-condition-without-or> grammar. Specifically, esbuild was failing to wrap an or clause with parentheses when inside <media-condition-without-or>. This release fixes the regression.

  Here is an example:

  /* Original code */
  @media only screen and ((min-width: 10px) or (min-height: 10px)) {
    a { color: red }
  }
  /* Old output (incorrect) */
  @​media only screen and (min-width: 10px) or (min-height: 10px) {
  a {
  color: red;
  }
  }
  /* New output (correct) */
  @​media only screen and ((min-width: 10px) or (min-height: 10px)) {
  a {
  color: red;
  }
  }

• Fix an edge case with the inject feature (#4407)

  This release fixes an edge case where esbuild's inject feature could not be used with arbitrary module namespace names exported using an export {} from statement with bundling disabled and a target environment where arbitrary module namespace names is unsupported.

  With the fix, the following inject file:

  import jquery from 'jquery';
  export { jquery as 'window.jQuery' };

  Can now always be rewritten as this without esbuild sometimes incorrectly generating an error:

  export { default as 'window.jQuery' } from 'jquery';

• Attempt to improve API handling of huge metafiles (#4329, #4415)

  This release contains a few changes that attempt to improve the behavior of esbuild's JavaScript API with huge metafiles (esbuild's name for the build metadata, formatted as a JSON object). The JavaScript API is designed to return the metafile JSON as a JavaScript object in memory, which makes it easy to access from within a JavaScript-based plugin. Multiple people have encountered issues where this API breaks down with a pathologically-large metafile.

  The primary issue is that V8 has an implementation-specific maximum string length, so using the JSON.parse API with large enough strings is impossible. This release will now attempt to use a fallback JavaScript-based JSON parser that operates directly on the UTF8-encoded JSON bytes instead of using JSON.parse when the JSON metafile is too big to fit in a JavaScript string. The new fallback path has not yet been heavily-tested. The metafile will also now be generated with whitespace removed if the bundle is significantly large, which will reduce the size of the metafile JSON slightly.

... (truncated)

Changelog

Sourced from esbuild's changelog.

0.27.4

• Fix a regression with CSS media queries (#4395, #4405, #4406)

  Version 0.25.11 of esbuild introduced support for parsing media queries. This unintentionally introduced a regression with printing media queries that use the <media-type> and <media-condition-without-or> grammar. Specifically, esbuild was failing to wrap an or clause with parentheses when inside <media-condition-without-or>. This release fixes the regression.

  Here is an example:

  /* Original code */
  @media only screen and ((min-width: 10px) or (min-height: 10px)) {
    a { color: red }
  }
  /* Old output (incorrect) */
  @​media only screen and (min-width: 10px) or (min-height: 10px) {
  a {
  color: red;
  }
  }
  /* New output (correct) */
  @​media only screen and ((min-width: 10px) or (min-height: 10px)) {
  a {
  color: red;
  }
  }

• Fix an edge case with the inject feature (#4407)

  This release fixes an edge case where esbuild's inject feature could not be used with arbitrary module namespace names exported using an export {} from statement with bundling disabled and a target environment where arbitrary module namespace names is unsupported.

  With the fix, the following inject file:

  import jquery from 'jquery';
  export { jquery as 'window.jQuery' };

  Can now always be rewritten as this without esbuild sometimes incorrectly generating an error:

  export { default as 'window.jQuery' } from 'jquery';

• Attempt to improve API handling of huge metafiles (#4329, #4415)

  This release contains a few changes that attempt to improve the behavior of esbuild's JavaScript API with huge metafiles (esbuild's name for the build metadata, formatted as a JSON object). The JavaScript API is designed to return the metafile JSON as a JavaScript object in memory, which makes it easy to access from within a JavaScript-based plugin. Multiple people have encountered issues where this API breaks down with a pathologically-large metafile.

... (truncated)

Commits

• f9c9012 publish 0.27.4 to npm
• 207dbc7 js api: fall back to js-based metafile json parser
• 1ca56dc fix #4329: auto-minify metafile for large bundles
• e3823aa fix #4415: add uint cast to stdio int parser
• d50e88c chore: correct copy&paste panic message (#4399)
• 8b829b1 fix #4407: incorrect error for inject edge case
• 4384bad fix #4395 close #4405 close #4406: parens for or
• See full diff in compare view

Updates gettext-parser from 9.0.1 to 9.0.2

Release notes

Sourced from gettext-parser's releases.

9.0.2

• fixes possible prototype pollution during parsing

Commits

• a4baf94 9.0.2
• 297db4b fix: prevent prototype pollution in MO/PO parsers and headers
• ba1f861 update deps
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions