build(deps): bump the front-prod-minor-update group across 2 directories with 3 updates

[dependabot]

Bumps the front-prod-minor-update group with 2 updates in the / directory: @sentry/react and graphql.
Bumps the front-prod-minor-update group with 1 update in the /front directory: jotai.

Updates @sentry/react from 10.51.0 to 10.52.0

Release notes

Sourced from @​sentry/react's releases.

10.52.0

Important Changes

• Beta release of the official Hono Sentry SDK

  This release marks the beta release of the @sentry/hono Sentry SDK. For details on how to use it, check out the Sentry Hono SDK docs. Please reach out on GitHub if you have any feedback or concerns.

• feat(browser): Add ingest_settings to v2 log envelope payload (#20453)

  Inference of user data (e.g. IP address, browser name/version) on log events is now gated behind the sendDefaultPii option. Previously, this data was always inferred by default.

Other Changes

• docs(hono): Add new docs link and move to BETA release (#20666)
• feat(browser): Add ingest_settings to v2 metrics envelope payload (#20454)
• feat(browser): Migrate spotlight event processor to ignoreSpans (#20595)
• feat(cloudflare): Capture request body via httpServerIntegration (#20614)
• feat(cloudflare): Support rpc trace propagation for WorkerEntrypoint (#20523)
• feat(cloudflare): Support tracing for queue producer (#20529)
• feat(core): Apply request data to segment spans in span streaming (#20654)
• feat(core): Migrate Vercel AI event processor to span streaming (#20608)
• feat(deno): Add processSegmentSpan to Deno context integration (#20613)
• feat(http): Portable node:http client instrumentation (#20393)
• feat(nitro): Add unstorage tracing channel instrumentation (#20615)
• feat(node-core): Add processSegmentSpan to node context integration (#20678)
• feat(node): Use diagnostics_channel for redis >= 5.12.0 (#20573)
• feat(node): Vendor ioredis, redis instrumentations (#20510)
• feat(replay): Reset replay id from DSC on session expiry/refresh (#20129)
• fix: Bump fast-xml-parser to fix vulnerability (#20644)
• fix: Bump vite versions to fix vulnerability (#20646)
• fix(core): Drain buffers in flush() when there is no transport (#20207)
• fix(core): Guard against undefined chained in copyProps (#20637)
• fix(deps): Bump rollup-plugin-license to fix lodash vulnerabilities (#20636)
• fix(deps): Bump transitive deps for medium security fixes (#20683)
• fix(hono): Do not capture 3xx and 4xx errors and add tests (#20640)
• fix(nextjs): Skip build modification when SRI is enabled (#20694)
• fix(opentelemetry): Respect OTEL_SERVICE_NAME, OTEL_RESOURCE_ATTRIBUTES (#20509)

• chore: Remove bundle-analyzer-scenarios dev packages (#20680)
• chore(deps): Bump @​hono/node-server from 1.19.10 to 1.19.13 (#20117)
• chore(deps): Bump @​nestjs packages to fix path-to-regexp ReDoS (#20642)
• chore(deps): Bump axios from 1.15.0 to 1.15.2 (#20665)
• chore(deps): Bump ip-address from 10.1.0 to 10.2.0 (#20695)
• chore(deps): Bump simple-git from 3.33.0 to 3.36.0 (#20696)
• chore(deps): Bump vulnerable testem version (#20634)

... (truncated)

Changelog

Sourced from @​sentry/react's changelog.

10.52.0

Important Changes

• Beta release of the official Hono Sentry SDK

  This release marks the beta release of the @sentry/hono Sentry SDK. For details on how to use it, check out the Sentry Hono SDK docs. Please reach out on GitHub if you have any feedback or concerns.

• feat(browser): Add ingest_settings to v2 log envelope payload (#20453)

  Inference of user data (e.g. IP address, browser name/version) on log events is now gated behind the sendDefaultPii option. Previously, this data was always inferred by default.

Other Changes

• docs(hono): Add new docs link and move to BETA release (#20666)
• feat(browser): Add ingest_settings to v2 metrics envelope payload (#20454)
• feat(browser): Migrate spotlight event processor to ignoreSpans (#20595)
• feat(cloudflare): Capture request body via httpServerIntegration (#20614)
• feat(cloudflare): Support rpc trace propagation for WorkerEntrypoint (#20523)
• feat(cloudflare): Support tracing for queue producer (#20529)
• feat(core): Apply request data to segment spans in span streaming (#20654)
• feat(core): Migrate Vercel AI event processor to span streaming (#20608)
• feat(deno): Add processSegmentSpan to Deno context integration (#20613)
• feat(http): Portable node:http client instrumentation (#20393)
• feat(nitro): Add unstorage tracing channel instrumentation (#20615)
• feat(node-core): Add processSegmentSpan to node context integration (#20678)
• feat(node): Use diagnostics_channel for redis >= 5.12.0 (#20573)
• feat(node): Vendor ioredis, redis instrumentations (#20510)
• feat(replay): Reset replay id from DSC on session expiry/refresh (#20129)
• fix: Bump fast-xml-parser to fix vulnerability (#20644)
• fix: Bump vite versions to fix vulnerability (#20646)
• fix(core): Drain buffers in flush() when there is no transport (#20207)
• fix(core): Guard against undefined chained in copyProps (#20637)
• fix(deps): Bump rollup-plugin-license to fix lodash vulnerabilities (#20636)
• fix(deps): Bump transitive deps for medium security fixes (#20683)
• fix(hono): Do not capture 3xx and 4xx errors and add tests (#20640)
• fix(nextjs): Skip build modification when SRI is enabled (#20694)
• fix(opentelemetry): Respect OTEL_SERVICE_NAME, OTEL_RESOURCE_ATTRIBUTES (#20509)

• chore: Remove bundle-analyzer-scenarios dev packages (#20680)
• chore(deps): Bump @​hono/node-server from 1.19.10 to 1.19.13 (#20117)
• chore(deps): Bump @​nestjs packages to fix path-to-regexp ReDoS (#20642)
• chore(deps): Bump axios from 1.15.0 to 1.15.2 (#20665)
• chore(deps): Bump ip-address from 10.1.0 to 10.2.0 (#20695)
• chore(deps): Bump simple-git from 3.33.0 to 3.36.0 (#20696)

... (truncated)

Commits

• 4b911e0 release: 10.52.0
• 781f31c Merge pull request #20707 from getsentry/prepare-release/10.52.0
• 11a64f6 meta(changelog): Update changelog for 10.52.0
• e185818 feat(node-core): Add processSegmentSpan to node context integration (#20678)
• 7e49571 feat(node): use diagnostics_channel for redis >= 5.12.0 (#20573)
• a8ab715 feat(replay): Reset replay id from DSC on session expiry/refresh (#20129)
• 7efc03f feat(core): Apply request data to segment spans in span streaming (#20654)
• 01d0a70 feat(core): Migrate Vercel AI event processor to span streaming (#20608)
• 12cd3e5 fix(nextjs): Skip build modification when SRI is enabled (#20694)
• f1f534c fix(deps): Bump transitive deps for medium security fixes (#20683)
• Additional commits viewable in compare view

Updates graphql from 16.13.2 to 16.14.0

Release notes

Sourced from graphql's releases.

v16.14.0 (2026-05-03)

New Feature 🚀

• #4317 Allow configuration of the ofType introspection depth (@​Nols1000)
• #4521 Add experimental support for directives on directive definitions (@​BoD)

Bug Fix 🐞

• #4652 Fix valueFromAST variable own-property checks (@​abishekgiri)

Docs 📝

• #4706 Fix mistake in GraphQLError guidance (@​benjie)

Committers: 4

• Abishek Kumar Giri(@​abishekgiri)
• Benjie(@​benjie)
• Benoit 'BoD' Lubek(@​BoD)
• Nils-Börge Margotti(@​Nols1000)

Commits

• 57b385b chore(release): v16.14.0 (#4720)
• 85700ed Fix mistake in GraphQLError guidance (#4706)
• 8eb6383 Allow configuration of the ofType introspection depth (#4317)
• ad9c519 Add support for directives on directive definitions (#4521)
• db2987c fix(valueFromAST): restore variable own-property checks (#4652)
• See full diff in compare view

Updates jotai from 2.19.1 to 2.20.0

Release notes

Sourced from jotai's releases.

v2.20.0

This release improves performance in high-throughput scenarios. Huge kudos to @​dmaskasky!

What's Changed

• breaking(internals): avoid getInternalBuildingBlock function by @​dai-shi in pmndrs/jotai#3293
• refactor(internals): Rev3 type narrowing for onMount hooks by @​dmaskasky in pmndrs/jotai#3311
• fix(internals): guard atomOnInit hook with hasOnInit by @​dmaskasky in pmndrs/jotai#3312
• refactor(internals): lazy hooks in ensureAtomState for new atom state by @​dmaskasky in pmndrs/jotai#3313

Full Changelog: pmndrs/jotai@v2.19.1...v2.20.0

Commits

• bdbc766 2.20.0
• 64181cc chore(deps): update dev dependencies (#3317)
• e2aa859 refactor(internals): lazy hooks in ensureAtomState for new atom state (#3313)
• 26f3e9c fix(internals): guard atomOnInit hook with hasOnInit (#3312)
• e923843 refactor(internals): Rev3 type narrowing for onMount hooks (#3311)
• 4b63111 breaking(internals): avoid getInternalBuildingBlock function (#3293)
• See full diff in compare view

[sentry]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 76.83%. Comparing base (941377d) to head (e19846b).
⚠️ Report is 1 commits behind head on master.

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #2710   +/-   ##
=======================================
  Coverage   76.83%   76.83%           
=======================================
  Files         300      300           
  Lines       22233    22233           
  Branches     2245     2245           
=======================================
  Hits        17082    17082           
  Misses       5104     5104           
  Partials       47       47           

Flag	Coverage Δ
backend	99.65% <ø> (ø)
frontend	69.10% <ø> (ø)
sharedComponents	68.72% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.