chore: replace toaster with sonner

[nayan-bagale]

What does this PR do?

• Fixes [CAL-5152] chore: replace toaster with sonner #19238 (GitHub issue number)
• Fixes CAL-5152 (Linear issue number - should be visible at the bottom of the GitHub issue description)

/claim #19238

Before:
https://github.com/user-attachments/assets/3d90fd1d-c88b-4321-8770-6bdd9478b348

After:
https://github.com/user-attachments/assets/75a2e300-7941-49fb-b198-cb70af668c2a

Mandatory Tasks (DO NOT REMOVE)

• I have self-reviewed the code (A decent size PR without self-review might be rejected).
• I have updated the developer docs in /docs if this PR makes changes that would require a documentation change. If N/A, write N/A here and check the checkbox.
• I confirm automated tests are in place that prove my fix is effective or that my feature works.

How should this be tested?

Removed react-hot-toast and Added sonner to

• /apps/web/package.json
• /packages/lib/package.json

[vercel]

@nayan-bagale is attempting to deploy a commit to the cal-staging Team on Vercel.

A member of the Team first needs to authorize it.

[algora-pbc]

💵 To receive payouts, sign up on Algora, link your Github account and connect with Stripe.

[graphite-app]

Graphite Automations

"Add consumer team as reviewer" took an action on this PR • (02/11/25)

1 reviewer was added to this PR based on Keith Williams's automation.

"Add community label" took an action on this PR • (02/11/25)

1 label was added to this PR based on Keith Williams's automation.

[retrogtx]

works, lgtm

[socket-security]

Report too large to display inline

View full report↗︎

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source	CI
Known malware	npm/[email protected]	Note: Package has been removed from the npm registry due to security concerns. This is a placeholder package published by the npm security team to prevent malicious usage of the package name. The original package likely contained harmful code.	apps/api/package.json	🚫

View full report↗︎

Next steps

What is known malware?

This package is malware. We have asked the package registry to remove it.

It is strongly recommended that malware is removed from your codebase.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/[email protected]

[retrogtx]

hey @nayan-bagale there are some merge conflicts coming from the main branch, can you look into it? thank you

[nayan-bagale]

Hey @retrogtx @PeerRich , Apologies for the mistake! I accidentally closed this PR, so I’ve opened a new one here: #19342. Please review it there. Thanks!