dev: bump the safe group with 7 updates

[dependabot]

Bumps the safe group with 7 updates:

Package	From	To
@reduxjs/toolkit	2.9.2	2.10.1
@sentry/react	10.22.0	10.24.0
formik	2.4.6	2.4.9
@inquirer/prompts	7.9.0	7.10.0
@storybook/cli	10.0.3	10.0.6
cypress	15.5.0	15.6.0
wait-on	9.0.1	9.0.3

Updates @reduxjs/toolkit from 2.9.2 to 2.10.1

Release notes

Sourced from @​reduxjs/toolkit's releases.

v2.10.1

This bugfix release fixes an issue with window access breaking in SSR due to the byte-shaving work in 2.10.

What's Changed

• Fix window SSR breakage by @​markerikson in reduxjs/redux-toolkit#5132

Full Changelog: reduxjs/redux-toolkit@v2.10.0...v2.10.1

v2.10.0

This feature release updates our Immer dep to 10.2 to pick up its performance improvements, has additional byte-shaving and internal performance updates, and fixes a combineSlices type issue.

Changelog

Immer Performance Improvements

Redux Toolkit has been built around Immer since the very first prototype in 2018. Use of Immer as the default in createSlice directly eliminated accidental mutations as a class of errors in Redux apps, and drastically simplified writing immutable updates in reducers.

We've had various issues filed over the years asking to make Immer optional, or raising concerns about Immer's perf. Immer is indeed slower than writing immutable updates by hand, but our stance has always been that Immer's DX is absolutely worth whatever modest perf cost it might incur, and that reducers are usually not the bottleneck in Redux apps anyway - it's usually the cost of updating the UI that's more expensive.

However, a year ago an issue was filed with some specific complaints about Immer perf being very slow. We investigated, ran benchmarks, and filed an Immer issue confirming that it had gotten noticeably slower over time. Immer author Michel Weststrate agreed, and said there were some potential tweaks and architectural changes that could be made, but didn't have time to look into them himself.

A couple months ago, we started investigating possible Immer perf improvements ourselves, including profiling various scenarios and comparing implementations of other similar immutable update libraries. After extensive research and development, we were able to file several PRs to improve Immer's perf: a set of smaller tweaks around iteration and caching, a couple much larger architectural changes, and a potential change to copying objects.

Immer 10.2.0 contains the first set of smaller perf improvements, and this RTK release updates our dependency to 10.2 to pick up those changes.

One important behavior note here: Earlier versions of Immer (8, 9, 10.1) added more handling for edge cases like symbol keys in objects. These changes made sense for correctness, but also contributed to the slowdown. Immer 10.2 now includes a new setUseStrictIteration option to allow only copying string keys in objects (using Object.keys() instead of Reflect.ownKeys()), but keeps the option as strict: true for compatibility with its own users. That default will likely change in Immer 11.

For RTK 2.10.0, we specifically import and call setUseStrictIteration(false), under the assumption that standard Redux state usage only involves string keys in plain JS objects! This should provide a ~10% speedup for Immer update operations. Given that expectation, we believe this is a reasonable feature change and only needs a minor version bump.

If by some chance you are using symbol keys in your Redux state, or in other Immer-powered updates in your Redux app, you can easily revert to the previous behavior by calling setUseStrictIteration(true) in your own app code.

Based on discussions with Michel, Immer v11 should come out in the near future with additional architectural changes for better perf, including optional support for faster array methods that would be available as an Immer plugin adding ~2KB bundle size. We will likely not turn that plugin on by default, but recommend that users enable it if they do frequent array ops in reducers.

We're happy to have contributed these perf improvements to Immer, and that they will benefit not just RTK users but all Immer users everywhere!

You can follow the additional discussion and progress updates in the main Immer perf update tracking issue.

Additional RTK Perf Improvements

We've tweaked some places where we were doing repeated filter().map().map() calls to micro-optimize those loops.

RTKQ tag invalidation was always reading from proxy-wrapped arrays when rewriting provided tags. It now reads from the plain arrays instead, providing a modest speedup.

We previously found that ESBuild wasn't deduplicating imports from the same libraries in separate files bundled together (ie import { useEffect as useEffect2/3/4/ } from 'react'). We've restructured our internals to ensure all external imports are only pulled in once.

We've done some extensive byte-shaving in various places in the codebase. The byte-shaving and import deduplication saves about 0.6K min from the RTKQ core, and 0.2K min from the RTKQ React bundle.

Other Changes

... (truncated)

Commits

• 166bcc3 Release 2.10.1
• 5650933 Fix window SSR breakage (#5132)
• 0d2ffa3 Release 2.10.0
• e102997 fix(combineSlices): Infer PreloadedState properly from provided slice (#5125)
• 9aae695 Byte-shave various chunks of code (#5129)
• 952e7ed Deduplicate imports (#5128)
• df24e25 Update Immer dep to 10.2 and disable strict iteration for perf (#5127)
• 9392c4c Improve perf for internal map/filter ops (#5126)
• 78781fd Release @​rtk-query/graphql-request-base-query 2.3.2
• See full diff in compare view

Updates @sentry/react from 10.22.0 to 10.24.0

Release notes

Sourced from @​sentry/react's releases.

10.24.0

Important Changes

• feat(metrics): Add top level option enableMetrics and beforeSendMetric (#18088)

  This PR moves enableMetrics and beforeSendMetric out of the _experiments options. The metrics feature will now be enabled by default (none of our integrations will auto-emit metrics as of now), but you can disable sending metrics via enableMetrics: false. Metric options within _experiments got deprecated but will still work as of now, they will be removed with the next major version of our SDKs.

Other Changes

• feat(aws): Add SENTRY_LAYER_EXTENSION to configure using the lambda layer extension via env variables (#18101)
• feat(core): Include all exception object keys instead of truncating (#18044)
• feat(metrics)!: Update types (#17907)
• feat(replay): ignore background-image when blockAllMedia is enabled (#18019)
• fix(nextjs): Delete css map files (#18131)
• fix(nextjs): Stop accessing sync props in template (#18113)

• chore: X handle update (#18117)
• chore(eslint): Add eslint-plugin-regexp rule (dev-packages) (#18063)
• test(next): fix flakey tests (#18100)
• test(node-core): Proof that withMonitor doesn't create a new trace (#18057)

Bundle size 📦

Path	Size
@​sentry/browser	24.02 KB
@​sentry/browser - with treeshaking flags	22.54 KB
@​sentry/browser (incl. Tracing)	40.26 KB
@​sentry/browser (incl. Tracing, Profiling)	44.43 KB
@​sentry/browser (incl. Tracing, Replay)	77.83 KB
@​sentry/browser (incl. Tracing, Replay) - with treeshaking flags	67.75 KB
@​sentry/browser (incl. Tracing, Replay with Canvas)	82.42 KB
@​sentry/browser (incl. Tracing, Replay, Feedback)	94.3 KB
@​sentry/browser (incl. Feedback)	40.3 KB
@​sentry/browser (incl. sendFeedback)	28.58 KB
@​sentry/browser (incl. FeedbackAsync)	33.39 KB
@​sentry/react	25.68 KB
@​sentry/react (incl. Tracing)	42.2 KB
@​sentry/vue	28.39 KB
@​sentry/vue (incl. Tracing)	41.99 KB
@​sentry/svelte	24.03 KB
CDN Bundle	26.26 KB
CDN Bundle (incl. Tracing)	40.79 KB
CDN Bundle (incl. Tracing, Replay)	76.46 KB

... (truncated)

Changelog

Sourced from @​sentry/react's changelog.

10.24.0

Important Changes

• feat(metrics): Add top level option enableMetrics and beforeSendMetric (#18088)

  This PR moves enableMetrics and beforeSendMetric out of the _experiments options. The metrics feature will now be enabled by default (none of our integrations will auto-emit metrics as of now), but you can disable sending metrics via enableMetrics: false. Metric options within _experiments got deprecated but will still work as of now, they will be removed with the next major version of our SDKs.

Other Changes

• feat(aws): Add SENTRY_LAYER_EXTENSION to configure using the lambda layer extension via env variables (#18101)
• feat(core): Include all exception object keys instead of truncating (#18044)
• feat(metrics)!: Update types (#17907)
• feat(replay): ignore background-image when blockAllMedia is enabled (#18019)
• fix(nextjs): Delete css map files (#18131)
• fix(nextjs): Stop accessing sync props in template (#18113)

• chore: X handle update (#18117)
• chore(eslint): Add eslint-plugin-regexp rule (dev-packages) (#18063)
• test(next): fix flakey tests (#18100)
• test(node-core): Proof that withMonitor doesn't create a new trace (#18057)

10.23.0

• feat(core): Send user-agent header with envelope requests in server SDKs (#17929)
• feat(browser): Limit transport buffer size (#18046)
• feat(core): Remove default value of maxValueLength: 250 (#18043)
• feat(react-router): Align options with shared build time options type (#18014)
• fix(browser-utils): cache element names for INP (#18052)
• fix(browser): Capture unhandled rejection errors for web worker integration (#18054)
• fix(cloudflare): Ensure types for cloudflare handlers (#18064)
• fix(nextjs): Update proxy template wrapping (#18086)
• fix(nuxt): Added top-level fallback exports (#18083)
• fix(nuxt): check for H3 error cause before re-capturing (#18035)
• fix(replay): Linked errors not resetting session id (#17854)
• fix(tracemetrics): Bump metrics buffer to 1k (#18039)
• fix(vue): Make options parameter optional on attachErrorHandler (#18072)
• ref(core): Set span status internal_error instead of unknown_error (#17909)

• fix(tests): un-override nitro dep version for nuxt-3 test (#18056)
• fix(e2e): Add p-map override to fix React Router 7 test builds (#18068)

... (truncated)

Commits

• 907546f release: 10.24.0
• e861b4f Merge pull request #18133 from getsentry/prepare-release/10.24.0
• 0054094 meta(changelog): Update changelog for 10.24.0
• 10211f4 fix(nextjs): Delete css map files (#18131)
• d26e1a9 feat(aws): Add SENTRY_LAYER_EXTENSION to configure using the lambda layer e...
• d4a2b2b test(next): fix flakey tests (#18100)
• 27af12e fix(nextjs): Stop accessing sync props in template (#18113)
• 296e860 chore: X handle update (#18117)
• c2530dd feat(metrics): Add top level option enableMetrics and beforeSendMetric (#...
• ad870cf feat(metrics)!: Update types (#17907)
• Additional commits viewable in compare view

Updates formik from 2.4.6 to 2.4.9

Release notes

Sourced from formik's releases.

formik@2.4.9

Patch Changes

• #4051 8f9d04d Thanks @​Moumouls! - fix: jsx ref for react 19

formik@2.4.8

Patch Changes

• #4042 1de45de Thanks @​copilot-swe-agent! - Replace JSX.IntrinsicElements with React.JSX.IntrinsicElements for React 19 compatibility. The global JSX namespace was removed in React 19, so we now use React.JSX.IntrinsicElements instead.

Commits

• 91475ad Merge pull request #4053 from jaredpalmer/changeset-release/main
• 920f107 Version Packages
• 8f9d04d fix: jsx ref for react 19 (#4051)
• ddfae3f Merge pull request #4045 from jaredpalmer/changeset-release/main
• 741c9d4 Version Packages
• f7f8f53 Upgrade changesets/action to v1.5.3 and npm packages (#4043)
• 7fca4b2 Merge pull request #4044 from jaredpalmer/copilot/upgrade-to-latest-turborepo
• c8e5527 Add .turbo to .gitignore and remove cached files
• 488dbec Upgrade turborepo from 1.9.9 to 2.6.0 with initial configuration changes
• dc03941 Initial plan
• Additional commits viewable in compare view

Updates @inquirer/prompts from 7.9.0 to 7.10.0

Release notes

Sourced from @​inquirer/prompts's releases.

@​inquirer/prompts@​7.10.0

• feat @inquirer/input: Now support simple RegExp validation with pattern/patternError.
• fix @inquirer/editor: Fix typo s/waitForUseInput/waitForUserInput
• Bump dependencies

Commits

• 6881993 Publish
• db2ffca feat(@​inquirer/input): Document pattern/patternError in README
• 160958a chore: Bump dependencies (#1886)
• c3bab7a feat: Improve Inquirer types to infer more valid types (#1880)
• 48d0668 chore: Remove README sponsor block (#1885)
• c562b2d chore: Refactor scaffolding script (#1884)
• 655376c feat(input): add pattern-based validation and error handling for input prompt...
• 919aebc Chore(deps): Bump chardet from 2.1.0 to 2.1.1
• 269dcd8 Chore(deps-dev): Bump turbo from 2.5.8 to 2.6.0 in the build group
• 05fdfe6 Chore(deps): Bump mute-stream from 2.0.0 to 3.0.0
• Additional commits viewable in compare view

Updates @storybook/cli from 10.0.3 to 10.0.6

Release notes

Sourced from @​storybook/cli's releases.

v10.0.6

10.0.6

• CSF: Fix export interface declaration for NextPreview - #32914, thanks @​icopp!
• Controls: Add range validation in Number Control - #32539, thanks @​ia319!
• Fix: Export interface declaration for ReactMeta - #32915, thanks @​icopp!
• Vitest Addon: Add support for Preact - #32948, thanks @​yannbf!

v10.0.5

10.0.5

• Core: Add reentry guard to focus patch - #32655, thanks @​ia319!
• Nextjs Vite: Update internal plugin to support `svgr` use cases - #32957, thanks @​yannbf!

v10.0.4

10.0.4

• CLI: Fix issue with running Storybook after being initialized - #32929, thanks @​yannbf!
• CRA: Fix `module` not defined in ESM - #32940, thanks @​ndelangen!

Changelog

Sourced from @​storybook/cli's changelog.

10.0.6

• CSF: Fix export interface declaration for NextPreview - #32914, thanks @​icopp!
• Controls: Add range validation in Number Control - #32539, thanks @​ia319!
• Fix: Export interface declaration for ReactMeta - #32915, thanks @​icopp!
• Vitest Addon: Add support for Preact - #32948, thanks @​yannbf!

10.0.5

• Core: Add reentry guard to focus patch - #32655, thanks @​ia319!
• Nextjs Vite: Update internal plugin to support svgr use cases - #32957, thanks @​yannbf!

10.0.4

• CLI: Fix issue with running Storybook after being initialized - #32929, thanks @​yannbf!
• CRA: Fix module not defined in ESM - #32940, thanks @​ndelangen!

Commits

• 8ca96a8 Bump version from "10.0.5" to "10.0.6" [skip ci]
• f612971 Merge pull request #32948 from storybookjs/yann/preact-testing-support
• f3bad0e Bump version from "10.0.4" to "10.0.5" [skip ci]
• 8396932 Bump version from "10.0.3" to "10.0.4" [skip ci]
• See full diff in compare view

Updates cypress from 15.5.0 to 15.6.0

Release notes

Sourced from cypress's releases.

v15.6.0

Changelog: https://docs.cypress.io/app/references/changelog#15-6-0

Commits

• b3a1e6d chore: release 15.6.0 (#32887)
• 56c04cd misc: The exec type was updated from code to exitCode (#32885)
• 98d35bb chore: updating v8 snapshot cache (#32882)
• a815922 chore: updating v8 snapshot cache (#32881)
• 1c7e53c chore: updating v8 snapshot cache (#32880)
• 5c537f0 chore(deps): update dependency @​percy/cypress to ^3.1.6 (#32876)
• 1c5e0a7 chore: release @​cypress/webpack-dev-server-v5.1.4
• 7489fcc chore: release @​cypress/vite-dev-server-v7.0.1
• d264a73 chore: add org_npm_creds context to verify-release-readiness and npm-release ...
• 65472da chore(deps): update dependency @​npmcli/arborist to v8.0.1 (#32841)
• Additional commits viewable in compare view

Updates wait-on from 9.0.1 to 9.0.3

Release notes

Sourced from wait-on's releases.

v9.0.3

Update to jsdoc. Thanks @​westonruter

Minor dependencies updated: eslint, mocha, axios

v9.0.2

Replaced unmaintained expect-legacy package with chai. Thanks @​bdkopen

Commits

• 1874bd2 9.0.3
• fc85086 update minor deps
• 2c2f85e Merge pull request #173 from westonruter/patch-1
• d209f97 9.0.2
• 36bb96a Merge pull request #184 from bdkopen/remove-expect-legacy
• 5132c16 chore: replace expect-legacy with chai
• e88f5cb Use jsdoc brackets to indicate optional cb param
• See full diff in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
cypress	[>= 9.a, < 10]
cypress	[>= 10.a, < 11]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions