chore: Upgrade packages to resolve Dependabot issues (#39710)

## Description
- Fix XSS issue by upgrading packages such that the
`serialize-javascript` dependency resolves to `v6.0.2`
Fixes https://github.com/appsmithorg/appsmith/security/dependabot/376

- Fix XSS issue by upgrading `esbuild` to `v0.25.1`
Fixes https://github.com/appsmithorg/appsmith/security/dependabot/367

- Fix vite vulnerability by upgrading `vite` to `v6.2.1` (this is a
major version upgrade and effects the `storybook` package)
Fixes https://github.com/appsmithorg/appsmith/security/dependabot/364
Fixes https://github.com/appsmithorg/appsmith/security/dependabot/334
Fixes https://github.com/appsmithorg/appsmith/security/dependabot/336


- Fixes TinyMCE XSS vulnerabilities by upgrading `tinymce` to `v7.7.1`
and `tinymce-react` to `v6.0.0` (Major version upgrade)
Fixes https://github.com/appsmithorg/appsmith/security/dependabot/347
Fixes https://github.com/appsmithorg/appsmith/security/dependabot/348
Fixes https://github.com/appsmithorg/appsmith/security/dependabot/290

- Fix vulnerability in `webpack` by upgrading to `v5.98.0`
Fixes https://github.com/appsmithorg/appsmith/security/dependabot/324

- Fix vulnerability in `@sentry/browser` by upgrading `@sentry/react` to
`v7.120.3` (Major version upgrade)
_Note: [`Severity` enum has been
deprecated](https://docs.sentry.io/platforms/javascript/migration/v7-to-v8/#removal-of-severity-enum)_
Fixes https://github.com/appsmithorg/appsmith/security/dependabot/345

- Fix vulnerability in `axios` by upgrading to `v1.8.3`
Fixes https://github.com/appsmithorg/appsmith/security/dependabot/391

- Fix vulnerability in `@babel/runtime` by upgrading to `v7.26.10`
Fixes https://github.com/appsmithorg/appsmith/security/dependabot/393

- Fix vulnerability in `@babel/helper` by upgrading `@babel/core` to
`v7.26.10`
Fixes https://github.com/appsmithorg/appsmith/security/dependabot/392

- Fix vulnerability in `prismjs` by upgrading to `v1.30.0`
Fixes https://github.com/appsmithorg/appsmith/security/dependabot/390

- Fix vulnerability in `cookie` by upgrading to `v0.7.0`
Fixes https://github.com/appsmithorg/appsmith/security/dependabot/346

## Automation

/ok-to-test tags="@tag.All"

### 🔍 Cypress test results
<!-- This is an auto-generated comment: Cypress test results  -->
> [!TIP]
> 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉
> Workflow run:
<https://github.com/appsmithorg/appsmith/actions/runs/13967528524>
> Commit: 6a36c9755e7df9e22c1c109876c127b963127a71
> <a
href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=13967528524&attempt=1"
target="_blank">Cypress dashboard</a>.
> Tags: `@tag.All`
> Spec:
> <hr>Thu, 20 Mar 2025 12:03:08 UTC
<!-- end of auto-generated comment: Cypress test results  -->


## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [x] No


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

## Summary by CodeRabbit

- **New Features**
- Enhanced the text editor experience by introducing quick
markdown-style shortcuts for headings, lists, and quotes.
- **Chores**
- Upgraded numerous underlying libraries and tools for improved
performance and stability.
- Streamlined error logging by refining how errors are categorized and
reported.
- Improved accessibility by updating element selectors to use
`aria-label` attributes.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

app/client/cypress/support/Objects/CommonLocators.ts

@@ -315,11 +315,11 @@ export class CommonLocators {
   _fileUploadAddMore = ".uppy-DashboardContent-addMore";
   _buttonText = ".bp3-button-text";
   _richText_TitleBlock = "[aria-label='Block Paragraph']";
-  _richText_Heading = "[title='Heading 1']";
+  _richText_Heading = "[aria-label='Heading 1']";
   _richText_Label_Text = ".tox-tbtn__select-label";
   _richText_Text_Color = (color: string) =>
     `[aria-label="Text color ${color}"] .tox-split-button__chevron`;
-  _richText_color = (value: string) => `[title="${value}"]`;
+  _richText_color = (value: string) => `[aria-label="${value}"]`;
   _richText_line = "#tinymce p span";
   _treeSelectedContent = ".rc-tree-select-selection-item-content";
   _switcherIcon = ".switcher-icon";

app/client/package.json

@@ -81,12 +81,13 @@
     "@redux-saga/types": "1.2.1",
     "@reduxjs/toolkit": "^2.4.0",
     "@segment/analytics-next": "^1.76.0",
-    "@sentry/react": "^6.2.4",
+    "@sentry/react": "^7.120.3",
+    "@sentry/utils": "^7.120.3",
     "@shared/ast": "workspace:^",
     "@shared/dsl": "workspace:^",
     "@svgr/webpack": "^5.5.0",
     "@tanstack/virtual-core": "^3.0.0-beta.18",
-    "@tinymce/tinymce-react": "^5.1.1",
+    "@tinymce/tinymce-react": "^6.0.0",
     "@types/babel__standalone": "^7.1.7",
     "@types/d3-geo": "^3.1.0",
     "@types/google.maps": "^3.51.0",
@@ -109,7 +110,7 @@
     "assert-never": "^1.2.1",
     "astring": "^1.7.5",
     "async-mutex": "^0.5.0",
-    "axios": "^1.7.4",
+    "axios": "^1.8.3",
     "bfj": "^7.0.2",
     "camelcase": "^6.2.1",
     "classnames": "^2.3.1",
@@ -163,7 +164,7 @@
     "path-to-regexp": "^6.3.0",
     "pluralize": "^8.0.0",
     "popper.js": "^1.15.0",
-    "prismjs": "^1.27.0",
+    "prismjs": "^1.30.0",
     "prompts": "^2.4.2",
     "proxy-memoize": "^1.2.0",
     "rc-pagination": "^3.1.3",
@@ -225,7 +226,7 @@
     "tailwindcss": "^3.3.3",
     "tern": "^0.21.0",
     "tinycolor2": "^1.4.2",
-    "tinymce": "6.8.3",
+    "tinymce": "7.7.1",
     "toposort": "^2.0.2",
     "tslib": "^2.3.1",
     "typescript": "^5.5.4",
@@ -246,11 +247,11 @@
   ],
   "devDependencies": {
     "@appsmith/eslint-plugin": "workspace:^",
-    "@babel/core": "^7.16.0",
-    "@babel/standalone": "^7.23.6",
+    "@babel/core": "^7.26.10",
+    "@babel/standalone": "^7.26.10",
     "@cypress/grep": "^4.0.1",
     "@faker-js/faker": "^7.4.0",
-    "@grafana/faro-webpack-plugin": "^0.1.1",
+    "@grafana/faro-webpack-plugin": "^0.2.1",
     "@octokit/rest": "^20.0.1",
     "@peculiar/webcrypto": "^1.4.3",
     "@pmmmwh/react-refresh-webpack-plugin": "^0.5.3",
@@ -309,7 +310,7 @@
     "browserslist": "^4.24.4",
     "case-sensitive-paths-webpack-plugin": "^2.4.0",
     "chalk": "^4.1.1",
-    "compression-webpack-plugin": "^10.0.0",
+    "compression-webpack-plugin": "^11.1.0",
     "css-loader": "^6.5.1",
     "css-minimizer-webpack-plugin": "^3.2.0",
     "cy-verify-downloads": "^0.0.5",
@@ -390,14 +391,15 @@
     "ts-jest": "^29.1.0",
     "ts-jest-mock-import-meta": "^0.12.0",
     "ts-node": "^10.9.1",
-    "webpack": "^5.64.4",
+    "webpack": "^5.98.0",
     "webpack-dev-server": "^4.6.0",
     "webpack-manifest-plugin": "^4.0.2",
     "webpack-retry-chunk-load-plugin": "^3.1.1",
-    "workbox-webpack-plugin": "^6.4.1",
+    "workbox-webpack-plugin": "^7.3.0",
     "xlsx": "https://cdn.sheetjs.com/xlsx-0.19.3/xlsx-0.19.3.tgz"
   },
   "resolutions": {
+    "cookie": "0.7.0",
     "browserslist": "4.24.4",
     "chokidar": "3.5.3",
     "css-select": "4.1.3",
@@ -415,12 +417,14 @@
     "tabbable": "5.2.1",
     "trim-newlines": "3.0.1",
     "trim": "0.0.3",
-    "webpack": "5.76.0",
+    "webpack": "5.98.0",
     "@blueprintjs/core@^3.43.0": "patch:@blueprintjs/core@npm%3A3.47.0#./.yarn/patches/@blueprintjs-core-npm-3.47.0-a5bc1ea927.patch",
     "@blueprintjs/core@^3.33.0": "patch:@blueprintjs/core@npm%3A3.47.0#./.yarn/patches/@blueprintjs-core-npm-3.47.0-a5bc1ea927.patch",
     "@blueprintjs/core@^3.47.0": "patch:@blueprintjs/core@npm%3A3.47.0#./.yarn/patches/@blueprintjs-core-npm-3.47.0-a5bc1ea927.patch",
     "@blueprintjs/icons": "3.22.0",
     "@types/react": "^17.0.2",
-    "postcss": "8.4.31"
+    "postcss": "8.4.31",
+    "axios": "^1.8.3",
+    "esbuild": "^0.25.1"
   }
 }

app/client/packages/design-system/headless/src/components/Popover/stories/Popover.stories.tsx

@@ -21,11 +21,8 @@ const meta: Meta<typeof Popover> = {
   component: Popover,
   title: "WDS/Headless/Popover",
   subcomponents: {
-    //@ts-expect-error: don't need props to pass here
     PopoverTrigger,
-    //@ts-expect-error: don't need props to pass here
     PopoverContent,
-    //@ts-expect-error: don't need props to pass here
     PopoverModalContent,
   },
   render: (args) => (

app/client/packages/design-system/widgets/package.json

@@ -39,12 +39,12 @@
     "usehooks-ts": "*"
   },
   "devDependencies": {
-    "@babel/core": "^7.26.9",
+    "@babel/core": "^7.26.10",
     "@babel/helper-compilation-targets": "^7.26.5",
     "@babel/preset-env": "^7.26.9",
     "@babel/preset-react": "^7.26.3",
     "@babel/preset-typescript": "^7.26.0",
-    "@babel/runtime": "^7.26.9",
+    "@babel/runtime": "^7.26.10",
     "@rollup/plugin-babel": "^6.0.4",
     "@rollup/plugin-commonjs": "^28.0.2",
     "@rollup/plugin-image": "^3.0.3",

app/client/packages/design-system/widgets/src/components/Modal/stories/Modal.stories.tsx

@@ -15,11 +15,8 @@ const meta: Meta<typeof Modal> = {
   component: Modal,
   title: "WDS/Widgets/Modal",
   subcomponents: {
-    //@ts-expect-error: don't need props to pass here
     ModalHeader,
-    //@ts-expect-error: don't need props to pass here
     ModalFooter,
-    //@ts-expect-error: don't need props to pass here
     ModalContent,
   },
   render: () => <SimpleModal />,

app/client/packages/rts/package.json

@@ -23,7 +23,7 @@
     "@opentelemetry/sdk-trace-node": "^1.27.0",
     "@opentelemetry/semantic-conventions": "^1.27.0",
     "@shared/ast": "workspace:^",
-    "axios": "^1.7.4",
+    "axios": "^1.8.3",
     "dotenv": "10.0.0",
     "express": "^4.20.0",
     "express-validator": "^6.14.2",

app/client/packages/storybook/package.json

@@ -31,8 +31,8 @@
     "@storybook/theming": "^8.2.7",
     "@vitejs/plugin-react": "^4.3.1",
     "chromatic": "^11.3.0",
-    "storybook": "^8.2.7",
-    "vite": "^5.3.5",
+    "storybook": "^8.6.4",
+    "vite": "^6.2.1",
     "vite-plugin-svgr": "^4.2.0"
   },
   "dependencies": {

app/client/src/PluginActionEditor/components/PluginActionResponse/components/Visualization/Visualization.tsx

@@ -96,7 +96,9 @@ export const Visualization = (props: VisualizationProps) => {
 
       <Flex flexDirection="column" flexGrow={1} position="relative">
         {generateVisualization.elements ? (
-          <ErrorBoundary fallback="Visualization failed. Please try again.">
+          <ErrorBoundary
+            fallback={<>Visualization failed. Please try again.</>}
+          >
             <Result data={response} elements={generateVisualization.elements} />
           </ErrorBoundary>
         ) : (

app/client/src/ce/pages/AppIDE/layout/routers/MainPane/constants.ts

@@ -33,8 +33,11 @@ import { FirstTimeUserOnboardingChecklist } from "pages/Editor/FirstTimeUserOnbo
 import DataSourceEditor from "pages/Editor/DataSourceEditor";
 import DatasourceBlankState from "pages/Editor/DataSourceEditor/DatasourceBlankState";
 import DatasourceForm from "pages/Editor/SaaSEditor/DatasourceForm";
+import type { RouteProps } from "react-router";
 
-export const MainPaneRoutes = (path: string) => [
+export const MainPaneRoutes = (
+  path: string,
+): Array<RouteProps & { key: string }> => [
   {
     key: "Canvas",
     component: WidgetsEditor,

app/client/src/components/editorComponents/CodeEditor/EvaluatedValuePopup.tsx

@@ -15,7 +15,6 @@ import { UNDEFINED_VALIDATION } from "utils/validation/common";
 import copy from "copy-to-clipboard";
 
 import * as Sentry from "@sentry/react";
-import { Severity } from "@sentry/react";
 import type { CodeEditorExpected } from "components/editorComponents/CodeEditor/index";
 import type { Indices } from "constants/Layers";
 import { Layers } from "constants/Layers";
@@ -292,7 +291,7 @@ export function PreparedStatementViewer(props: {
 
   if (!value) {
     Sentry.captureException("Prepared statement got no value", {
-      level: Severity.Debug,
+      level: "debug",
       extra: { props },
     });
 

app/client/src/components/formControls/utils.ts

@@ -9,7 +9,6 @@ import type { FormConfigType, HiddenType } from "./BaseControl";
 import type { Diff } from "deep-diff";
 import { diff } from "deep-diff";
 import { MongoDefaultActionConfig } from "constants/DatasourceEditorConstants";
-import type { Action } from "@sentry/react/dist/types";
 import { klona } from "klona/full";
 import type { FeatureFlags } from "ee/entities/FeatureFlag";
 import _ from "lodash";
@@ -749,8 +748,8 @@ export const updateEvaluatedSectionConfig = (
 };
 
 export function fixActionPayloadForMongoQuery(
-  action?: Action,
-): Action | undefined {
+  action?: unknown,
+): unknown | undefined {
   if (!action) return action;
 
   /* eslint-disable */
@@ -782,7 +781,6 @@ export function fixActionPayloadForMongoQuery(
           }
           // @ts-expect-error: Types are not available
           value = actionObjectDiff[i]?.rhs;
-          // @ts-expect-error: Types are not available
           set(action, path, value);
         }
       }

app/client/src/pages/AppIDE/layouts/routers/MainPane/MainPane.tsx

@@ -1,5 +1,5 @@
 import React from "react";
-import { Switch, useRouteMatch } from "react-router";
+import { Switch, useRouteMatch, type RouteProps } from "react-router";
 import { MainPaneRoutes } from "ee/pages/AppIDE/layouts/routers/MainPane/constants";
 import { useSelector } from "react-redux";
 import { selectCombinedPreviewMode } from "selectors/gitModSelectors";
@@ -9,7 +9,7 @@ import { SentryRoute } from "components/SentryRoute";
 
 export const MainPane = (props: { id: string }) => {
   const { path } = useRouteMatch();
-  const routes = MainPaneRoutes(path);
+  const routes: Array<RouteProps & { key: string }> = MainPaneRoutes(path);
 
   useWidgetSelectionBlockListener();
 

app/client/src/pages/UserAuth/Login.tsx

@@ -52,7 +52,6 @@ import { useFeatureFlag } from "utils/hooks/useFeatureFlag";
 import { FEATURE_FLAG } from "ee/entities/FeatureFlag";
 import { getHTMLPageTitle } from "ee/utils/BusinessFeatures/brandingPageHelpers";
 import * as Sentry from "@sentry/react";
-import { Severity } from "@sentry/react";
 import CsrfTokenInput from "pages/UserAuth/CsrfTokenInput";
 
 const validate = (values: LoginFormValues, props: ValidateProps) => {
@@ -117,7 +116,7 @@ export function Login(props: LoginFormProps) {
     errorMessage = queryParams.get("message") || queryParams.get("error") || "";
     showError = true;
     Sentry.captureException("Login failed", {
-      level: Severity.Error,
+      level: "error",
       extra: {
         error: new Error(errorMessage),
       },

app/client/src/pages/UserAuth/SignUp.tsx

@@ -58,7 +58,6 @@ import { getHTMLPageTitle } from "ee/utils/BusinessFeatures/brandingPageHelpers"
 import log from "loglevel";
 import { SELF_HOSTING_DOC } from "constants/ThirdPartyConstants";
 import * as Sentry from "@sentry/react";
-import { Severity } from "@sentry/react";
 import CsrfTokenInput from "pages/UserAuth/CsrfTokenInput";
 
 declare global {
@@ -137,7 +136,7 @@ export function SignUp(props: SignUpFormProps) {
     errorMessage = queryParams.get("error") || "";
     showError = true;
     Sentry.captureException("Sign up failed", {
-      level: Severity.Error,
+      level: "error",
       extra: {
         error: new Error(errorMessage),
       },

app/client/src/sagas/ActionSagas.ts

@@ -521,8 +521,7 @@ export function* updateActionSaga(actionPayload: ReduxAction<{ id: string }>) {
     const plugin: Plugin | undefined = yield select(getPlugin, action.pluginId);
 
     if (action && plugin && plugin.packageName === PluginPackageName.MONGO) {
-      // @ts-expect-error: Types are not available
-      action = fixActionPayloadForMongoQuery(action);
+      action = fixActionPayloadForMongoQuery(action) as Action;
     }
 
     const response: ApiResponse<Action> = yield call(

app/client/src/sagas/AppThemingSaga.tsx

@@ -45,7 +45,6 @@ import {
 } from "selectors/editorSelectors";
 import { find } from "lodash";
 import * as Sentry from "@sentry/react";
-import { Severity } from "@sentry/react";
 import { getAllPageIdentities } from "./selectors";
 import type { SagaIterator } from "@redux-saga/types";
 import type { AxiosPromise } from "axios";
@@ -128,7 +127,7 @@ export function* fetchAppSelectedTheme(
       });
     } else {
       Sentry.captureException("Unable to fetch the selected theme", {
-        level: Severity.Critical,
+        level: "fatal",
         extra: {
           pageIdentities,
           applicationId,

app/client/src/sagas/EvalErrorHandler.ts

@@ -242,7 +242,7 @@ export function* evalErrorHandler(
                 diffs,
               },
               // Level is warning because it could be a user error
-              level: Sentry.Severity.Warning,
+              level: "warning",
             });
           }
 
@@ -251,7 +251,7 @@ export function* evalErrorHandler(
             node,
             entityType,
             // Level is warning because it could be a user error
-            level: Sentry.Severity.Warning,
+            level: "warning",
           });
         }
 

app/client/src/widgets/RichTextEditorWidget/component/index.tsx

@@ -442,7 +442,7 @@ function RichtextEditorComponent(props: RichtextEditorComponentProps) {
             plugins: [
               "advlist",
               "autolink",
-              "lists",
+              "lists", // Required for InsertOrderedList and InsertUnorderedList commands
               "link",
               "image",
               "charmap",
@@ -452,13 +452,21 @@ function RichtextEditorComponent(props: RichtextEditorComponentProps) {
               "visualblocks",
               "code",
               "fullscreen",
-              "insertdatetime ",
-              "media ",
+              "insertdatetime",
+              "media",
               "table",
-              "code ",
               "help",
               "emoticons",
-              "code",
+            ],
+            // Configure text patterns to use space key trigger for markdown-style formatting
+            text_patterns: [
+              { start: "#", format: "h1", trigger: "space" },
+              { start: "##", format: "h2", trigger: "space" },
+              { start: "###", format: "h3", trigger: "space" },
+              { start: "1.", cmd: "InsertOrderedList", trigger: "space" },
+              { start: "*", cmd: "InsertUnorderedList", trigger: "space" },
+              { start: "-", cmd: "InsertUnorderedList", trigger: "space" },
+              { start: ">", cmd: "mceBlockQuote", trigger: "space" },
             ],
             contextmenu: "link useBrowserSpellcheck image table",
             setup: function (editor) {