Skip to content

Bump the npm-dependencies group across 1 directory with 6 updates#8500

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm-dependencies-55c349e94a
Open

Bump the npm-dependencies group across 1 directory with 6 updates#8500
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm-dependencies-55c349e94a

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 6, 2026

Bumps the npm-dependencies group with 6 updates in the / directory:

Package From To
@hotwired/turbo-rails 8.0.21 8.0.23
@sentry/browser 10.35.0 10.38.0
axios 1.13.2 1.13.4
core-js 3.47.0 3.48.0
lodash 4.17.21 4.17.23
sass 1.97.2 1.97.3

Updates @hotwired/turbo-rails from 8.0.21 to 8.0.23

Commits
Maintainer changes

This version was pushed to npm by packagethief, a new releaser for @​hotwired/turbo-rails since your current version.


Updates @sentry/browser from 10.35.0 to 10.38.0

Release notes

Sourced from @​sentry/browser's releases.

10.38.0

Important Changes

  • feat(tanstackstart-react): Auto-instrument request middleware (#18989)

The sentryTanstackStart Vite plugin now automatically instruments middleware arrays in createFileRoute(). This captures performance data without requiring manual wrapping with wrapMiddlewaresWithSentry().

Other Changes

  • feat: Use v4.8.0 bundler plugins (#18993)
  • feat(browser): Add logs.metrics bundle (#19020)
  • feat(browser): Add replay.logs.metrics bundle (#19021)
  • feat(browser): Add tracing.replay.logs.metrics bundle (#19039)
  • feat(deps): bump import-in-the-middle from 2.0.1 to 2.0.6 (#19042)
  • feat(node): Add AI manual instrumentation exports to Node (#19063)
  • feat(wasm): initialised sentryWasmImages for webworkers (#18812)
  • fix(core): Classify custom AggregateErrors as exception groups (#19053)
  • fix(nextjs): Turn off debugID injection if sourcemaps are explicitly disabled (#19010)
  • fix(react): Avoid String(key) to fix Symbol conversion error (#18982)
  • fix(react): Prevent lazy route handlers from updating wrong navigation span (#18898)

... (truncated)

Changelog

Sourced from @​sentry/browser's changelog.

10.38.0

Important Changes

  • feat(tanstackstart-react): Auto-instrument request middleware (#18989)

    The sentryTanstackStart Vite plugin now automatically instruments middleware arrays in createFileRoute(). This captures performance data without requiring manual wrapping with wrapMiddlewaresWithSentry().

Other Changes

  • feat: Use v4.8.0 bundler plugins (#18993)
  • feat(browser): Add logs.metrics bundle (#19020)
  • feat(browser): Add replay.logs.metrics bundle (#19021)
  • feat(browser): Add tracing.replay.logs.metrics bundle (#19039)
  • feat(deps): bump import-in-the-middle from 2.0.1 to 2.0.6 (#19042)
  • feat(node): Add AI manual instrumentation exports to Node (#19063)
  • feat(wasm): initialised sentryWasmImages for webworkers (#18812)
  • fix(core): Classify custom AggregateErrors as exception groups (#19053)
  • fix(nextjs): Turn off debugID injection if sourcemaps are explicitly disabled (#19010)
  • fix(react): Avoid String(key) to fix Symbol conversion error (#18982)
  • fix(react): Prevent lazy route handlers from updating wrong navigation span (#18898)

... (truncated)

Commits

Updates axios from 1.13.2 to 1.13.4

Release notes

Sourced from axios's releases.

v1.13.4

Overview

The release addresses issues discovered in v1.13.3 and includes significant CI/CD improvements.

Full Changelog: v1.13.3...v1.13.4

What's New in v1.13.4

Bug Fixes

  • fix: issues with version 1.13.3 (#7352) (ee90dfc)
    • Fixed issues discovered in v1.13.3 release
    • Cleaned up interceptor test files
    • Improved workflow configurations

Infrastructure & CI/CD

  • refactor: ci and build (#7340) (8ff6c19)

    • Major refactoring of CI/CD workflows
    • Consolidated workflow files for better maintainability
    • Added mise configuration for the development environment
    • Improved sponsor block update automation
    • Enhanced issue and PR templates
    • Added automatic release notes generation
    • Implemented workflow cancellation for concurrent runs

  • chore: codegen and some updates to workflows (76cf77b)

    • Code generation improvements
    • Workflow optimisations

Migration Notes

Breaking Changes

None in this release.

Deprecations

None in this release.

Contributors

Thank you to all contributors who made this release possible! Special thanks to:

Release v1.13.3

Release notes:

Bug Fixes

... (truncated)

Changelog

Sourced from axios's changelog.

Changelog

1.13.3 (2026-01-20)

Bug Fixes

  • http2: Use port 443 for HTTPS connections by default. (#7256) (d7e6065)
  • interceptor: handle the error in the same interceptor (#6269) (5945e40)
  • main field in package.json should correspond to cjs artifacts (#5756) (7373fbf)
  • package.json: add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (#5754) (b89217e)
  • silentJSONParsing=false should throw on invalid JSON (#7253) (#7257) (7d19335)
  • turn AxiosError into a native error (#5394) (#5558) (1c6a86d)
  • types: add handlers to AxiosInterceptorManager interface (#5551) (8d1271b)
  • types: restore AxiosError.cause type from unknown to Error (#7327) (d8233d9)
  • unclear error message is thrown when specifying an empty proxy authorization (#6314) (6ef867e)

Features

Reverts

  • Revert "fix: silentJSONParsing=false should throw on invalid JSON (#7253) (#7…" (#7298) (a4230f5), closes #7253 #7 #7298
  • deps: bump peter-evans/create-pull-request from 7 to 8 in the github-actions group (#7334) (2d6ad5e)

Contributors to this release

... (truncated)

Commits
  • 9336cf9 chore(release): prepare release 1.13.4 (#7353)
  • ee90dfc fix: issues with version 1.13.3 (#7352)
  • af4f6d9 fix: release branch yml
  • 253e3ad fix: all merge configs
  • 8ff6c19 refactor: ci and build (#7340)
  • ab06109 chore(release): v1.13.3 (#7335)
  • 2d6ad5e revert(deps): bump peter-evans/create-pull-request from 7 to 8 in the github-...
  • cb49a6f chore(sponsor): update sponsor block (#7330)
  • d8233d9 fix(types): restore AxiosError.cause type from unknown to Error (#7327)
  • 5945e40 fix(interceptor): handle the error in the same interceptor (#6269)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for axios since your current version.


Updates core-js from 3.47.0 to 3.48.0

Changelog

Sourced from core-js's changelog.

3.48.0 - 2026.01.21

  • Changes v3.47.0...v3.48.0 (126 commits)
  • Map upsert proposal:
    • Built-ins:
      • Map.prototype.getOrInsert
      • Map.prototype.getOrInsertComputed
      • WeakMap.prototype.getOrInsert
      • WeakMap.prototype.getOrInsertComputed
    • Moved to stable ES, January 2026 TC39 meeting
    • Added es. namespace modules, /es/ and /stable/ namespaces entries
  • Use CreateDataProperty / CreateDataPropertyOrThrow in some missed cases, #1497
  • Minor fix / optimization in the RegExp constructor (NCG and dotAll) polyfill
  • Added some more workarounds for a Safari < 13 bug with silent ignore of non-writable array .length
  • Added detection of a Webkit bug: Iterator.prototype.flatMap throws on iterator without return method
  • Added detection of a V8 ~ Chromium < 144 bug: Uint8Array.prototype.setFromHex throws an error on length-tracking views over ResizableArrayBuffer
  • Compat data improvements:
Commits
  • 5d657da v3.48.0
  • 5644e73 Add bug detection for Uint8Array.prototype.setFromHex
  • 804a10e Merge pull request #1501 from zloirock/flat-map-fix
  • 45d7fe3 Add bug detection to Iterator flatMap method
  • efd9c2f move Map upsert proposal to stable ES
  • dcb938d update the year and normalize the copyright wording
  • 5454a5d add some more workarounds for a Safari < 13 bug with silent ignore of non-wri...
  • 73d4b6c add some more createProperty cases
  • 9c89290 fix: spec compliance for Array.prototype.flat and flatMap
  • e3774ce fix: use createProperty in Array.prototype.filter
  • Additional commits viewable in compare view

Updates lodash from 4.17.21 to 4.17.23

Commits

Updates sass from 1.97.2 to 1.97.3

Release notes

Sourced from sass's releases.

Dart Sass 1.97.3

To install Sass 1.97.3, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

  • Fix a bug where nesting an at-rule within multiple style rules in plain CSS could cause outer style rules to be omitted.

See the full changelog for changes in earlier releases.

Changelog

Sourced from sass's changelog.

1.97.3

  • Fix a bug where nesting an at-rule within multiple style rules in plain CSS could cause outer style rules to be omitted.
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the npm-dependencies group across 1 directory with 6 updates
abbcd43 
Bumps the npm-dependencies group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@hotwired/turbo-rails](https://github.com/hotwired/turbo-rails) | `8.0.21` | `8.0.23` |
| [@sentry/browser](https://github.com/getsentry/sentry-javascript) | `10.35.0` | `10.38.0` |
| [axios](https://github.com/axios/axios) | `1.13.2` | `1.13.4` |
| [core-js](https://github.com/zloirock/core-js/tree/HEAD/packages/core-js) | `3.47.0` | `3.48.0` |
| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.17.23` |
| [sass](https://github.com/sass/dart-sass) | `1.97.2` | `1.97.3` |



Updates `@hotwired/turbo-rails` from 8.0.21 to 8.0.23
- [Release notes](https://github.com/hotwired/turbo-rails/releases)
- [Commits](https://github.com/hotwired/turbo-rails/commits)

Updates `@sentry/browser` from 10.35.0 to 10.38.0
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md)
- [Commits](getsentry/sentry-javascript@10.35.0...10.38.0)

Updates `axios` from 1.13.2 to 1.13.4
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.13.2...v1.13.4)

Updates `core-js` from 3.47.0 to 3.48.0
- [Release notes](https://github.com/zloirock/core-js/releases)
- [Changelog](https://github.com/zloirock/core-js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/zloirock/core-js/commits/v3.48.0/packages/core-js)

Updates `lodash` from 4.17.21 to 4.17.23
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.21...4.17.23)

Updates `sass` from 1.97.2 to 1.97.3
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md)
- [Commits](sass/dart-sass@1.97.2...1.97.3)

---
updated-dependencies:
- dependency-name: "@hotwired/turbo-rails"
  dependency-version: 8.0.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: "@sentry/browser"
  dependency-version: 10.38.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: axios
  dependency-version: 1.13.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: core-js
  dependency-version: 3.48.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: lodash
  dependency-version: 4.17.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: sass
  dependency-version: 1.97.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies javascript Pull requests that update Javascript code labels Feb 6, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants