dev: bump the safe group with 5 updates

[dependabot]

Bumps the safe group with 5 updates:

Package	From	To
@sentry/react	10.58.0	10.59.0
apexcharts	5.15.0	5.15.2
react-apexcharts	2.1.0	2.1.1
@storybook/cli	10.4.5	10.4.6
pg	8.21.0	8.22.0

Updates @sentry/react from 10.58.0 to 10.59.0

Release notes

Sourced from @​sentry/react's releases.

10.59.0

Important Changes

• feat(react-router): Add support for React Router v8 (#21633)

  The SDK now supports React Router v8, in both the framework and SPA (@sentry/react) modes.

• feat(react): Add version-agnostic React Router SPA exports (#21633)

  @sentry/react now exports version-agnostic wrappers for React Router v6+ SPA instrumentation. The new exports replace the version-specific V6/V7 variants, which are now deprecated:

  Deprecated	New
  reactRouterV6BrowserTracingIntegration / V7	reactRouterBrowserTracingIntegration
  withSentryReactRouterV6Routing / V7	wrapReactRouterRouting
  wrapCreateBrowserRouterV6 / V7	wrapCreateBrowserRouter
  wrapCreateMemoryRouterV6 / V7	wrapCreateMemoryRouter
  wrapUseRoutesV6 / V7	wrapUseRoutes

  The deprecated exports continue to work and will be removed in the next major version.

Other Changes

• feat(aws-serverless): Instrument aws-sdk clients >= 3.1046.0 (#21548)
• feat(bun): Add orchestrion bun build plugin (#21410)
• feat(cloudflare): Instrument sync KV (#21316)
• feat(core): Disable gen_ai message truncation by default when streamGenAiSpans is enabled (#21603)
• feat(deno): Add orchestrion deno runtime hook (#21451)
• feat(hono): Extend peer dependency range (#21550)
• feat(node): Collapse orchestrion opt-in to a single option (#20900)
• fix: Diagnostics channel Node v18 (#21631)
• fix(browser): Clean up pageload readystatechange listener (#21632)
• fix(core): Capture scopes on span before emitting spanStart event (#21644)
• fix(core): Defer TwP sampling by reading trace state from the scope (#21549)
• fix(core): Prevent outgoing HTTP instrumentation from crashing on // request paths (#21645)
• fix(core): Set production as default sentry.environment attribute value on streamed spans (#21637)
• fix(nextjs): Register safe random ID context at module load (#21573)

• chore: Change deprecation/deprecation to oxlint equivalent (#21604)
• chore: Switch license headers to SPDX format (#21357)
• chore(deps-dev): Bump esbuild from 0.20.0 to 0.28.1 (#21511)
• chore(deps): Bump esbuild from 0.25.0 to 0.28.1 in /dev-packages/e2e-tests/test-applications/node-profiling-esm (#21514)
• chore(deps): Bump react-router-6 to 6.30.4 (#21566)
• ci: Assign server team as codeowner for server-utils package (#21601)
• ci: Dedup flaky test issues across esm/cjs variants (#21595)
• ci: Do not apply Bug label to flaky test issues (#21593)

... (truncated)

Changelog

Sourced from @​sentry/react's changelog.

10.59.0

Important Changes

• feat(react-router): Add support for React Router v8 (#21633)

  The SDK now supports React Router v8, in both the framework and SPA (@sentry/react) modes.

• feat(react): Add version-agnostic React Router SPA exports (#21633)

  @sentry/react now exports version-agnostic wrappers for React Router v6+ SPA instrumentation. The new exports replace the version-specific V6/V7 variants, which are now deprecated:

  Deprecated	New
  reactRouterV6BrowserTracingIntegration / V7	reactRouterBrowserTracingIntegration
  withSentryReactRouterV6Routing / V7	wrapReactRouterRouting
  wrapCreateBrowserRouterV6 / V7	wrapCreateBrowserRouter
  wrapCreateMemoryRouterV6 / V7	wrapCreateMemoryRouter
  wrapUseRoutesV6 / V7	wrapUseRoutes

  The deprecated exports continue to work and will be removed in the next major version.

Other Changes

• feat(aws-serverless): Instrument aws-sdk clients >= 3.1046.0 (#21548)
• feat(bun): Add orchestrion bun build plugin (#21410)
• feat(cloudflare): Instrument sync KV (#21316)
• feat(core): Disable gen_ai message truncation by default when streamGenAiSpans is enabled (#21603)
• feat(deno): Add orchestrion deno runtime hook (#21451)
• feat(hono): Extend peer dependency range (#21550)
• feat(node): Collapse orchestrion opt-in to a single option (#20900)
• fix: Diagnostics channel Node v18 (#21631)
• fix(browser): Clean up pageload readystatechange listener (#21632)
• fix(core): Capture scopes on span before emitting spanStart event (#21644)
• fix(core): Defer TwP sampling by reading trace state from the scope (#21549)
• fix(core): Prevent outgoing HTTP instrumentation from crashing on // request paths (#21645)
• fix(core): Set production as default sentry.environment attribute value on streamed spans (#21637)
• fix(nextjs): Register safe random ID context at module load (#21573)

• chore: Change deprecation/deprecation to oxlint equivalent (#21604)
• chore: Switch license headers to SPDX format (#21357)
• chore(deps-dev): Bump esbuild from 0.20.0 to 0.28.1 (#21511)
• chore(deps): Bump esbuild from 0.25.0 to 0.28.1 in /dev-packages/e2e-tests/test-applications/node-profiling-esm (#21514)
• chore(deps): Bump react-router-6 to 6.30.4 (#21566)
• ci: Assign server team as codeowner for server-utils package (#21601)
• ci: Dedup flaky test issues across esm/cjs variants (#21595)

... (truncated)

Commits

• 2cb0ef6 release: 10.59.0
• f77b265 Merge pull request #21655 from getsentry/prepare-release/10.59.0
• 8e32a8d meta(changelog): Update changelog for 10.59.0
• 50fe5d9 fix: Diagnostics channel Node v18 (#21631)
• 9c765e0 feat(react-router): support react router v8 (#21633)
• 815c1cf feat(deps): Bump @​babel/core from 7.29.0 to 7.29.6 (#21574)
• a520447 ref(tanstackstart-react): Use @sentry/conventions (#21498)
• 38a0485 test(cloudflare): Remove mock in DO tests (#21634)
• cb69761 feat(deno): Add orchestrion deno runtime hook (#21451)
• 1e057ba chore(deps): Bump esbuild from 0.25.0 to 0.28.1 in /dev-packages/e2e-tests/te...
• Additional commits viewable in compare view

Updates apexcharts from 5.15.0 to 5.15.2

Release notes

Sourced from apexcharts's releases.

💎 Version 5.15.2

Fixes

Draw-animation frame no longer touches a destroyed chart

An animated chart (e.g. an area chart) schedules a requestAnimationFrame during render() to run its mask-reveal / draw animation. If the chart was destroyed before that frame fired, the stale callback ran against already-cleared DOM and threw:

TypeError: Cannot read properties of null (reading 'node')   // in runMaskReveal

The classic trigger is React StrictMode, which mounts → unmounts → remounts a component in development: the first mount queues the animation frame, the unmount calls destroy() (which nulls w.dom.elDefs), and the queued frame then fires against the torn-down chart. Any sufficiently rapid unmount hit the same race.

The fix adds an internal isDestroyed flag, set by destroy() (but not by updates), that the deferred draw-animation callbacks - mask reveal, stroke draw, and bulk reveal - check and bail on before touching the DOM. The flag is cleared on the next render, so re-mounting re-arms animations normally.

This complements the detached-chart destroy() fix in 5.15.1; together they resolve the teardown crashes tracked in react-apexcharts#602.

💎 Version 5.15.1

A small patch release with a single stability fix: charts that are torn down before they ever mount no longer throw.

---

Fixes

destroy() no longer throws on an un-mounted / detached chart

Calling destroy() (or an internal clear()) on a chart that never finished rendering threw:

TypeError: Cannot read properties of undefined (reading 'node')

This happened when a chart was constructed against an element that wasn't connected to the DOM - so create() bailed out early before building the SVG, leaving w.dom.Paper undefined - and the chart was then destroyed. Common triggers:

• A React useEffect cleanup (or a Vue unmounted hook) tearing the chart down before the element was ever attached.
• A queued resize/update() firing after the host element had already been removed.

The teardown path now guards on the SVG actually having been created, cancels any pending resize redraw, and tolerates a missing Apex._chartInstances registry, so destroying a never-mounted chart is a safe no-op.

Fixes react-apexcharts#602 and vue-apexcharts#256.

Commits

• 66aeae5 release: 5.15.2
• 495aa30 fix: stop draw-animation rAF callbacks from touching a destroyed chart
• a9d3675 ci: move GitHub Actions off the deprecated Node 20 runtime
• 2aabd6c chore(deps): patch dev-dependency security advisories
• 8309269 release: 5.15.1
• 8f81f7a fix: don't throw on destroy() of an un-mounted/detached chart
• See full diff in compare view

Updates react-apexcharts from 2.1.0 to 2.1.1

Release notes

Sourced from react-apexcharts's releases.

React ApexCharts v2.1.1

🐛 Bug fixes

Fixed a crash on chart teardown — Cannot read properties of undefined (reading 'node') (#602)

When a chart was rendered or updated while its container was detached from the DOM - e.g. it's closed/hidden and reopened, a modal or tab unmounts it, or a queued window-resize redraw fired right after unmount - the underlying chart instance never finished setting up its SVG. The subsequent teardown then dereferenced an undefined element and threw. Because this happened inside React's useEffect cleanup, it could crash the entire component tree, not just the chart. The crash was commonly reported alongside chart.id and responsive options, which share the same teardown/resize path.

The unmount cleanup is now guarded across all client and hydrate entry points, so a teardown error can no longer crash your React tree — on any installed apexcharts version.

This pairs with the root-cause fix in apexcharts@5.15.1. For the complete fix, upgrade both:

npm i apexcharts@^5.15.1 react-apexcharts@^2.1.1

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react-apexcharts since your current version.

Updates @storybook/cli from 10.4.5 to 10.4.6

Release notes

Sourced from @​storybook/cli's releases.

v10.4.6

10.4.6

• CSF: Allow partial globals overrides in story and meta annotations - #34985, thanks @​TheSeydiCharyyev!
• Dependencies: Upgrade esbuild - #35157, thanks @​Kakadus!

Changelog

Sourced from @​storybook/cli's changelog.

10.4.6

• CSF: Allow partial globals overrides in story and meta annotations - #34985, thanks @​TheSeydiCharyyev!
• Dependencies: Upgrade esbuild - #35157, thanks @​Kakadus!

Commits

• 5496a42 Bump version from "10.4.5" to "10.4.6" [skip ci]
• See full diff in compare view

Updates pg from 8.21.0 to 8.22.0

Changelog

Sourced from pg's changelog.

pg@8.22.0

• Add support for sslnegotiation=direct for PostgreSQL 17+.

Commits

• b617619 Publish
• d80b261 Update docs & changelog
• 835fb83 Fix error handling for exceptions on values parsing. (#3574)
• f49ab4a fix: correct spelling mistakes across codebase (#3692)
• d7175a4 Expand CI matrix of PG versions and add direct SSL test (#3693)
• 882fc30 Add support for sslnegotiation=direct (PostgreSQL 17) (#3688)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions