deps: bump uuid, @rspack/cli, @rspack/dev-server and @sentry/webpack-plugin in /frontend

[dependabot]

Removes uuid. It's no longer used after updating ancestor dependencies uuid, @rspack/cli, @rspack/dev-server and @sentry/webpack-plugin. These dependencies need to be updated together.

Removes uuid

Updates @rspack/cli from 1.7.11 to 2.0.4

Release notes

Sourced from @​rspack/cli's releases.

v2.0.4

Highlights 💡

• Inline const with module declarations (#14032): Previously, Rspack only inlined constant exports from leaf modules in the module graph. Now constant exports from any module can be inlined, even when that module also imports or re-exports other modules. In rare circular-reference cases this can make a TDZ error disappear, but we do not expect real projects to rely on TDZ errors, so Rspack prioritizes the optimization.

  // constants.js
  import './setup';
  export const ENABLE_EXPERIMENT = false;
  // entry.js
  import { ENABLE_EXPERIMENT } from './constants';
  if (ENABLE_EXPERIMENT) {
  runExperiment();
  }
  // Before: constants.js is not a leaf module, so the branch could keep
  // reading the imported binding.
  if (ENABLE_EXPERIMENT) {
  runExperiment();
  }
  // Now: the constant can still be inlined, so dead branches are easier
  // to remove.
  if (false) {
  runExperiment();
  }

• Tree shake namespace default reexport (#13980): Previously, the import * as a from './a'; export default a; pattern did not tree-shake a through the default export. Now Rspack further analyzes the default-exported namespace object and can remove unused exports from the original namespace module.

  // a.js
  export function used() {}
  export function unused() {}
  // bridge.js
  import * as a from './a';
  export default a;
  // app.js
  import a from './bridge';
  a.used();
  // Before: both used and unused could be kept in the bundle.
  // Now: unused can be tree-shaken.

... (truncated)

Commits

• 744af1e chore: release v2.0.4
• c9e86b8 perf(cli): lazy load json stream helpers (#14079)
• c0db17f docs(cli): update cli option descriptions (#14071)
• 361ecde fix(cli): remove process title startup overhead (#14061)
• 9a2ef24 chore(deps): update patch npm dependencies (#14055)
• 3c6700c fix(cli): write logger trace output to file by default (#14022)
• dfcccd6 chore: release version 2.0.3 (#14015)
• ed2742a chore: enable tsgo for dts generation (#13952)
• 3998196 chore(deps): update patch npm dependencies (#13959)
• 45e3a8a chore: enable Rslint for more packages and fix lint issues (#13934)
• Additional commits viewable in compare view

Updates @rspack/dev-server from 1.2.1 to 2.0.1

Release notes

Sourced from @​rspack/dev-server's releases.

v2.0.1

What's Changed

• fix: bundle ws types in declarations by @​chenjiahan in rstackjs/rspack-dev-server#209
• chore(deps): update @​rslint/core to v0.5.0 by @​chenjiahan in rstackjs/rspack-dev-server#205
• chore(deps): update all non-major dependencies by @​renovate[bot] in rstackjs/rspack-dev-server#203
• chore(deps): update dependency @​rspack/plugin-react-refresh to v2 by @​renovate[bot] in rstackjs/rspack-dev-server#195
• chore(deps): update all non-major dependencies by @​renovate[bot] in rstackjs/rspack-dev-server#207
• chore(deps): update dependency @​hono/node-server to v2 by @​renovate[bot] in rstackjs/rspack-dev-server#208

Full Changelog: rstackjs/rspack-dev-server@v2.0.0...v2.0.1

v2.0.0

Notable Changes

@rspack/dev-server v2 is designed for Rspack v2.

See the Migration Guide (v1 -> v2) for more details.

What's Changed

Breaking changes

• feat!: remove bonjour feature by @​chenjiahan in rstackjs/rspack-dev-server#87
• feat!: update http-proxy-middleware v3, remove bypass and path options by @​chenjiahan in rstackjs/rspack-dev-server#101
• feat!: rename webpack env vars to rspack by @​chenjiahan in rstackjs/rspack-dev-server#108
• feat!: remove spdy support by @​chenjiahan in rstackjs/rspack-dev-server#114
• feat!: remove SockJS support by @​chenjiahan in rstackjs/rspack-dev-server#120
• feat!: remove internalIP methods by @​chenjiahan in rstackjs/rspack-dev-server#121
• feat!: make selfsigned an optional peer dependency by @​chenjiahan in rstackjs/rspack-dev-server#129
• feat!: convert to pure ESM package by @​chenjiahan in rstackjs/rspack-dev-server#130
• feat!: replace express with connect as default server by @​chenjiahan in rstackjs/rspack-dev-server#143
• refactor(server)!: convert some public methods to private by @​chenjiahan in rstackjs/rspack-dev-server#149
• feat(deps)!: update chokidar to v5 by @​chenjiahan in rstackjs/rspack-dev-server#150
• feat!: remove serve-index dependency and related functionality by @​chenjiahan in rstackjs/rspack-dev-server#151
• feat(deps)!: bump http-proxy-middleware to 4.0.0-beta.3 by @​chenjiahan in rstackjs/rspack-dev-server#200

Features

• perf: replace graceful-fs with node:fs by @​chenjiahan in rstackjs/rspack-dev-server#77
• perf: remove schema-utils dependency and validation by @​chenjiahan in rstackjs/rspack-dev-server#78
• feat: print Rsbuild-style URL logs by @​chenjiahan in rstackjs/rspack-dev-server#81
• feat(types): add LiteralUnion type and refactor union types by @​chenjiahan in rstackjs/rspack-dev-server#128
• feat: migrate from connect to connect-next by @​chenjiahan in rstackjs/rspack-dev-server#144
• feat: bundle more dependencies by @​chenjiahan in rstackjs/rspack-dev-server#185

Bugfixes

... (truncated)

Commits

• 39c998e chore: release v2.0.1
• f1cb953 fix: bundle ws types in declarations (#209)
• 082dffe chore(deps): update dependency @​hono/node-server to v2 (#208)
• c2c65ae chore(deps): update all non-major dependencies (#207)
• 5054863 chore(deps): update dependency @​rspack/plugin-react-refresh to v2 (#195)
• 060cf0e chore(deps): update all non-major dependencies (#203)
• c80a9c3 chore(deps): update @​rslint/core to v0.5.0 (#205)
• d6f34d9 release: v2.0.0 (#201)
• 42214b2 docs: update http-proxy-middleware migration version (#202)
• ca33b81 feat(deps)!: bump http-proxy-middleware to 4.0.0-beta.3 (#200)
• Additional commits viewable in compare view

Updates @sentry/webpack-plugin from 2.22.7 to 5.3.0

Release notes

Sourced from @​sentry/webpack-plugin's releases.

5.3.0

New Features ✨

• (babel) Auto-inject sentry-label from static text children by @​antonis in #925

Bug Fixes 🐛

• (vite) Avoid version-specific plugin return type by @​logaretm in #928

Internal Changes 🔧

• Fix craft config by @​timfish in #930
• Update craft by @​timfish in #929
• Use Rolldown v1 stable by @​timfish in #924
• Remove old integration tests by @​timfish in #922
• Ensure correct bundlers are resolved by @​timfish in #921
• Fix telemetry tests to capture all envelopes by @​timfish in #920

5.2.1

Bug Fixes 🐛

• (webpack) Await source map deletion before signaling build completion by @​andreiborza in #918

Internal Changes 🔧

• (ci) Disable changelog preview by @​chargome in #917
• Add additional integration tests by @​timfish in #914
• Remove unused e2e tests by @​timfish in #915

5.2.0

New Features ✨

• (core) Pass mapDir to rewriteSourcesHook by @​chargome in #908
• Use crypto.randomUUID rather than uuid by @​timfish in #892

Bug Fixes 🐛

• (core) Conditionally add tracing headers by @​chargome in #907
• (e2e-tests) Pin axios to 1.13.5 to avoid compromised 1.14.1 by @​andreiborza in #906
• (rollup) Make rollup an optional peer dependency by @​andreiborza in #913
• Add missing webpack5 entrypoint in webpack-plugin by @​brunodccarvalho in #905

Internal Changes 🔧

• (deps) Bump vulnerable webpack version by @​chargome in #909
• (tests) Use deterministic debugids by @​chargome in #912
• Add esbuild integration tests by @​timfish in #911
• Vite integration tests by @​timfish in #899
• Webpack integration tests by @​timfish in #904
• Isolate integration test package installs by @​timfish in #902

... (truncated)

Changelog

Sourced from @​sentry/webpack-plugin's changelog.

5.3.0

New Features ✨

• (babel) Auto-inject sentry-label from static text children by @​antonis in #925

Bug Fixes 🐛

• (vite) Avoid version-specific plugin return type by @​logaretm in #928

Internal Changes 🔧

• Fix craft config by @​timfish in #930
• Update craft by @​timfish in #929
• Use Rolldown v1 stable by @​timfish in #924
• Remove old integration tests by @​timfish in #922
• Ensure correct bundlers are resolved by @​timfish in #921
• Fix telemetry tests to capture all envelopes by @​timfish in #920

5.2.1

Bug Fixes 🐛

• (webpack) Await source map deletion before signaling build completion by @​andreiborza in #918

Internal Changes 🔧

• (ci) Disable changelog preview by @​chargome in #917
• Add additional integration tests by @​timfish in #914
• Remove unused e2e tests by @​timfish in #915

5.2.0

New Features ✨

• (core) Pass mapDir to rewriteSourcesHook by @​chargome in #908
• Use crypto.randomUUID rather than uuid by @​timfish in #892

Bug Fixes 🐛

• (core) Conditionally add tracing headers by @​chargome in #907
• (e2e-tests) Pin axios to 1.13.5 to avoid compromised 1.14.1 by @​andreiborza in #906
• (rollup) Make rollup an optional peer dependency by @​andreiborza in #913
• Add missing webpack5 entrypoint in webpack-plugin by @​brunodccarvalho in #905

Internal Changes 🔧

• (deps) Bump vulnerable webpack version by @​chargome in #909
• (tests) Use deterministic debugids by @​chargome in #912
• Add esbuild integration tests by @​timfish in #911

... (truncated)

Commits

• 5889189 release: 5.3.0
• 06fde9e chore: fix craft config (#930)
• eb88048 chore: Update craft (#929)
• efe7dae fix(vite): avoid version-specific plugin return type (#928)
• 7ac1cbc feat(babel): Auto-inject sentry-label from static text children (#925)
• 5c677ff chore: Use Rolldown v1 stable (#924)
• 0f36974 test: Remove old integration tests (#922)
• 1b599cd test: Ensure correct bundlers are resolved (#921)
• dea8819 test: Fix telemetry tests to capture all envelopes (#920)
• 7e76d7c Merge branch 'release/5.2.1'
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
flagsmith-frontend-preview	Error		May 21, 2026 8:10pm
flagsmith-frontend-staging	Error		May 21, 2026 8:10pm

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
docs	Ignored	Preview	May 21, 2026 8:10pm

[claude]

Claude Code Review

This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.

_{Tip: disable this comment in your organization's Code Review settings.}