Update dependency @sentry/browser to v10

[red-hat-konflux]

Note: This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
@sentry/browser (source)	^7.77.0 -> ^10.0.0

---

Release Notes

getsentry/sentry-javascript (@​sentry/browser)

v10.45.0

Compare Source

Important Changes

• feat(remix): Server Timing Headers Trace Propagation (#​18653)

  The Remix SDK now supports automatic trace propagation via Server-Timing response headers to continue pageload traces on the client side.
  This means, you no longer have to define a custom meta function to add Sentry <meta> tags to your page as previously.
  We'll update out Remix tracing docs after this release.

Other Changes

• fix(cloudflare): Use correct env types for withSentry (#​19836)
• fix(core): Align error span status message with core SpanStatusType for langchain/google-genai (#​19863)
• fix(deno): Clear pre-existing OTel global before registering TracerProvider (#​19723)
• fix(nextjs): Skip tracing for tunnel requests (#​19861)
• fix(node-core): Recycle propagationContext for each request (#​19835)
• ref(core): Simplify core utility functions for smaller bundle (#​19854)

Internal Changes

• chore(deps): bump next from 16.1.5 to 16.1.7 in /dev-packages/e2e-tests/test-applications/nextjs-16 (#​19851)
• ci(release): Switch from action-prepare-release to Craft (#​18763)
• fix(deps): bump devalue 5.6.3 to 5.6.4 to fix CVE-2026-30226 (#​19849)
• fix(deps): bump file-type to 21.3.2 and @​nestjs/common to 11.1.17 (#​19847)
• fix(deps): bump flatted 3.3.1 to 3.4.2 to fix CVE-2026-32141 (#​19842)
• fix(deps): bump hono 4.12.5 to 4.12.7 in cloudflare-hono E2E test app (#​19850)
• fix(deps): bump next to 15.5.13/16.1.7 to fix CVE-2026-1525, CVE-202-33036 and related (#​19870)
• fix(deps): bump tar 7.5.10 to 7.5.11 to fix CVE-2026-31802 (#​19846)
• fix(deps): bump undici 6.23.0 to 6.24.1 to fix multiple CVEs (#​19841)
• fix(deps): bump unhead 2.1.4 to 2.1.12 to fix CVE-2026-31860 and CVE-2026-31873 (#​19848)
• test(nextjs): Skip broken ISR tests (#​19871)
• test(react): Add gql tests for react router (#​19844)

v10.44.0

Compare Source

Important Changes

• feat(effect): Add @sentry/effect SDK (Alpha) (#​19644)

  This release introduces @sentry/effect, a new SDK for Effect.ts applications. The SDK provides Sentry integration via composable Effect layers for both Node.js and browser environments.

  Compose the effectLayer with optional tracing, logging, and metrics layers to instrument your Effect application:

  import * as Sentry from '@​sentry/effect';
  import * as Layer from 'effect/Layer';
  import * as Logger from 'effect/Logger';
  
  const SentryLive = Layer.mergeAll(
    Sentry.effectLayer({ dsn: '__DSN__', tracesSampleRate: 1.0, enableLogs: true }),
    Layer.setTracer(Sentry.SentryEffectTracer),
    Logger.replace(Logger.defaultLogger, Sentry.SentryEffectLogger),
    Sentry.SentryEffectMetricsLayer,
  );

  Alpha features are still in progress, may have bugs and might include breaking changes. Please reach out on GitHub if you have any feedback or concerns.

• feat(astro): Add Astro 6 support (#​19745)

  This release enables full support for Astro v6 by adjusting our Astro SDK's middleware to some Astro-internal
  changes. We cannot yet guarantee full support for server-islands, due to a bug in Astro v6
  but we'll follow up on this once the bug is fixed.

• feat(hono): Add basic instrumentation for Node runtime (#​19817)

  Adds a new package @sentry/hono/node (alpha) with basic instrumentation for Hono applications running in Node.js.
  The Hono middleware for Cloudflare (@sentry/hono/cloudflare - alpha) comes with fixes, and it's now possible to access the Cloudflare Worker Bindings (env) from the options' callback.

  Start using the new Hono middlewares by installing @sentry/hono and importing the respective middleware for your runtime.
  More instructions can be found in the Hono readme.

  Alpha features are still in progress, may have bugs and might include breaking changes. Please reach out on GitHub if you have any feedback or concerns.

• feat(nestjs): Instrument @nestjs/bullmq @Processor decorator (#​19759)

  Automatically capture exceptions and create transactions for BullMQ queue processors in NestJS applications.

  When using the @Processor decorator from @nestjs/bullmq, the SDK now automatically wraps the process() method
  to create queue.process transactions with proper isolation scopes, preventing breadcrumb and scope leakage between
  jobs and HTTP requests. Errors thrown in processors are captured with the auto.queue.nestjs.bullmq mechanism type.

  Requires @nestjs/bullmq v10.0.0 or later.

• feat(nestjs): Instrument @nestjs/schedule decorators (#​19735)

  Automatically capture exceptions thrown in @Cron, @Interval, and @Timeout decorated methods.

  Previously, exceptions in @Cron methods were only captured if you used the SentryCron decorator. Now they are
  captured automatically. The exception mechanism type changed from auto.cron.nestjs.async to
  auto.function.nestjs.cron. If you have Sentry queries or alerts that filter on the old mechanism type, update them
  accordingly.

• feat(node): Expose headersToSpanAttributes option on nativeNodeFetchIntegration() (#​19770)

  Response headers like http.response.header.content-length were previously captured automatically on outgoing
  fetch spans but are now opt-in since @opentelemetry/instrumentation-undici@0.22.0. You can now configure which
  headers to capture via the headersToSpanAttributes option.

  Sentry.init({
    integrations: [
      Sentry.nativeNodeFetchIntegration({
        headersToSpanAttributes: {
          requestHeaders: ['x-custom-header'],
          responseHeaders: ['content-length', 'content-type'],
        },
      }),
    ],
  });

Other Changes

• feat(browser/cloudflare): Export conversation id from browser and cloudflare runtimes (#​19820)
• feat(bun): Set http response header attributes instead of response context headers (#​19821)
• feat(core): Add sentry.timestamp.sequence attribute for timestamp tie-breaking (#​19421)
• feat(deno): Set http response header attributes instead of response context headers (#​19822)
• feat(deps): Bump OpenTelemetry dependencies (#​19682)
• feat(nestjs): Use more specific span origins for NestJS guards, pipes, interceptors, and exception filters (#​19751)
• feat(nextjs): Vercel queue instrumentation (#​19799)
• feat(node): Avoid OTEL instrumentation for outgoing requests on Node 22+ (#​17355)
• feat(deps): bump hono from 4.12.5 to 4.12.7 (#​19747)
• feat(deps): bump mysql2 from 3.14.4 to 3.19.1 (#​19787)
• feat(deps): bump simple-git from 3.30.0 to 3.33.0 (#​19744)
• feat(deps): bump yauzl from 3.2.0 to 3.2.1 (#​19809)
• fix(browser): Skip browserTracingIntegration setup for bot user agents (#​19708)
• fix(cloudflare): Recreate client when previous one was disposed (#​19727)
• fix(core): Align Vercel embedding spans with semantic conventions (#​19795)
• fix(core): Fallback to sendDefaultPii setting in langchain and langgraph in non-node environments (#​19813)
• fix(core): Improve Vercel AI SDK instrumentation attributes (#​19717)
• fix(hono): Align error mechanism (#​19831)
• fix(hono): Allow passing env and fix type issues (#​19825)
• fix(nestjs): Fork isolation scope in @nestjs/event-emitter instrumentation (#​19725)
• fix(nextjs): Log correct lastEventId when error is thrown in component render (#​19764)
• fix(nextjs): Strip sourceMappingURL comments after deleting source maps in turbopack builds (#​19814)
• fix(nuxt): Upload client source maps (#​19805)
• fix(profiling-node): Fix NODE_VERSION rendered as [object Object] in warning (#​19788)

Internal Changes

• chore: Add oxlint migration commits to blame ignore (#​19784)
• chore: add oxlint typescript program suppression to workspace settings (#​19692)
• chore: Bump oxlint and oxfmt (#​19771)
• chore: Clean up lint and format script names (#​19719)
• chore(agents): Be more explicit on linting and formatting (#​19803)
• chore(ci): Extract metadata workflow (#​19680)
• chore(deps): bump tedious from 18.6.1 to 19.2.1 (#​19786)
• chore(deps-dev): bump file-type from 20.5.0 to 21.3.1 (#​19748)
• chore(effect): Add Effect to craft, README and issue templates (#​19837)
• chore(lint): Rule adjustments and fix warnings (#​19612)
• chore(skills): Add skill-creator and update managed agent skills (#​19713)
• docs(changelog): Add entry for @sentry/hono alpha release (#​19828)
• docs(hono): Document usage without "*" (#​19756)
• docs(new-release): Document sdkName for craft (#​19736)
• docs(new-release): Update docs based on new Craft flow (#​19731)
• ref(cloudflare): Prepare for WorkerEntrypoint (#​19742)
• ref(nestjs): Move event instrumentation unit tests to separate file (#​19738)
• style: Auto changes made from "yarn fix" (#​19710)
• test(astro,cloudflare): Add an E2E test for Astro 6 on Cloudflare (#​19781)
• test(browser): Add simulated mfe integration test (#​19768)
• test(e2e): Add MFE e2e test using vite-plugin-federation (#​19778)
• test(nextjs): Add vercel queue tests to next-16 (#​19798)
• tests(core): Fix flaky metric sequence number test (#​19754)

v10.43.0

Compare Source

Important Changes

• feat(nextjs): Add Turbopack support for React component name annotation (#​19604)

  We added experimental support for React component name annotation in Turbopack builds. When enabled, JSX elements
  are annotated with data-sentry-component, data-sentry-element, and data-sentry-source-file attributes at build
  time. This enables searching Replays by component name, seeing component names in breadcrumbs, and performance
  monitoring — previously only available with webpack builds.

  This feature requires Next.js 16+ and is currently behind an experimental flag:

  // next.config.ts
  import { withSentryConfig } from '@​sentry/nextjs';
  
  export default withSentryConfig(nextConfig, {
    _experimental: {
      turbopackReactComponentAnnotation: {
        enabled: true,
        ignoredComponents: ['Header', 'Footer'], // optional
      },
    },
  });

• feat(hono): Instrument middlewares app.use() (#​19611)

  Hono middleware registered via app.use() is now automatically instrumented, creating spans for each middleware invocation.

Other Changes

• feat(node-core,node): Add tracePropagation option to http and fetch integrations (#​19712)
• feat(hono): Use parametrized names for errors (#​19577)
• fix(browser): Fix missing traces for user feedback (#​19660)
• fix(cloudflare): Use correct Proxy receiver in instrumentDurableObjectStorage (#​19662)
• fix(core): Standardize Vercel AI span descriptions to align with GenAI semantic conventions (#​19624)
• fix(deps): Bump hono to 4.12.5 to fix multiple vulnerabilities (#​19653)
• fix(deps): Bump svgo to 4.0.1 to fix DoS via entity expansion (#​19651)
• fix(deps): Bump tar to 7.5.10 to fix hardlink path traversal (#​19650)
• fix(nextjs): Align Turbopack module metadata injection with webpack behavior (#​19645)
• fix(node): Prevent duplicate LangChain spans from double module patching (#​19684)
• fix(node-core,vercel-edge): Use HEROKU_BUILD_COMMIT env var for default release (#​19617)
• fix(sveltekit): Fix file system race condition in source map cleaning (#​19714)
• fix(tanstackstart-react): Add workerd and worker export conditions (#​19461)
• fix(vercel-ai): Prevent tool call span map memory leak (#​19328)
• feat(deps): Bump @​sentry/rollup-plugin from 5.1.0 to 5.1.1 (#​19658)

Internal Changes

• chore: Migrate to oxlint (#​19134)
• chore(aws-serverless): Don't build layer in build:dev command (#​19586)
• chore(ci): Allow triage action to run on issues from external users (#​19701)
• chore(deps): Bump immutable from 4.0.0 to 4.3.8 (#​19637)
• chore(e2e): Expand microservices E2E application with auto-tracing tests (#​19652)
• chore(hono): Prepare readme and add craft entry (#​19583)
• chore(sourcemaps): Make sourcemaps e2e test more generic (#​19678)
• chore(tanstackstart-react): Add link to docs in README (#​19697)
• feat(deps): Bump @​hono/node-server from 1.19.4 to 1.19.10 (#​19634)
• feat(deps): Bump underscore from 1.12.1 to 1.13.8 (#​19616)
• test(angular): Fix failing canary test (#​19639)
• test(nextjs): Add sourcemaps test for nextjs turbopack (#​19647)
• tests(e2e): Add microservices e2e for nestjs (#​19642)
• tests(e2e): Add websockets e2e for nestjs (#​19630)

Work in this release was contributed by @​dmmulroy, @​lithdew, and @​smorimoto. Thank you for your contributions!

v10.42.0

Compare Source

• feat(consola): Enhance Consola integration to extract first-param object as searchable attributes (#​19534)
• fix(astro): Do not inject withSentry into Cloudflare Pages (#​19558)
• fix(core): Do not remove promiseBuffer entirely (#​19592)
• fix(deps): Bump fast-xml-parser to 4.5.4 for CVE-2026-25896 (#​19588)
• fix(react-router): Set correct transaction name when navigating with object argument (#​19590)
• ref(nuxt): Use addVitePlugin instead of deprecated vite:extendConfig (#​19464)

Internal Changes

• chore(deps-dev): bump @​sveltejs/kit from 2.52.2 to 2.53.3 (#​19571)
• chore(deps): Bump @​sveltejs/kit to 2.53.3 in sveltekit-2-svelte-5 E2E test (#​19594)
• ci(deps): bump actions/checkout from 4 to 6 (#​19570)

v10.41.0

Compare Source

Important Changes

• feat(core,cloudflare,deno): Add instrumentPostgresJsSql instrumentation (#​19566)

  Added a new instrumentation helper for the postgres (postgres.js) library, designed for
  SDKs that are not based on OpenTelemetry (e.g. Cloudflare, Deno). This wraps a postgres.js sql tagged template instance so that
  all queries automatically create Sentry spans.

  import postgres from 'postgres';
  import * as Sentry from '@​sentry/cloudflare'; // or '@​sentry/deno'
  
  export default Sentry.withSentry(env => ({ dsn: '__DSN__' }), {
    async fetch(request, env, ctx) {
      const sql = Sentry.instrumentPostgresJsSql(postgres(env.DATABASE_URL));
  
      // All queries now create Sentry spans
      const users = await sql`SELECT * FROM users WHERE id = ${userId}`;
      return Response.json(users);
    },
  });

  The instrumentation is available in @sentry/core, @sentry/cloudflare, and @sentry/deno.

• feat(nextjs): Add Turbopack support for thirdPartyErrorFilterIntegration (#​19542)

  We added experimental support for the thirdPartyErrorFilterIntegration with Turbopack builds.

  This feature requires Next.js 16+ and is currently behind an experimental flag:

  // next.config.ts
  import { withSentryConfig } from '@​sentry/nextjs';
  
  export default withSentryConfig(nextConfig, {
    _experimental: {
      turbopackApplicationKey: 'my-app-key',
    },
  });

  Then configure the integration in your client instrumentation file with a matching key:

  // instrumentation-client.ts
  import * as Sentry from '@​sentry/nextjs';
  
  Sentry.init({
    integrations: [
      Sentry.thirdPartyErrorFilterIntegration({
        filterKeys: ['my-app-key'],
        behaviour: 'apply-tag-if-exclusively-contains-third-party-frames',
      }),
    ],
  });

Other Changes

• feat(core,cloudflare): Add dispose to the client for proper cleanup (#​19506)
• feat(deps): Bump rxjs from 7.8.1 to 7.8.2 (#​19545)
• feat(nextjs): Use not: foreign condition in turbopack loaders (#​19502)
• feat(react-router): Include middleware function names and indices (#​19109)
• fix(consola): Normalize extra keys from consola (#​19511)
• fix(core): Improve message truncation for multimodal content and normalize streaming span names (#​19500)
• fix(core): Strip inline media from multimodal content before stringification (#​19540)
• fix(deps): Bump transitive rollup deps to patch CVE-2026-27606 (#​19565)
• fix(langchain): Use runName argument in handleChainStart to fix unknown_chain spans (#​19554)
• fix(nestjs): Improve control flow exception filtering (#​19524)
• fix(tanstackstart-react): Flush events in server entry point for serverless environments (#​19513)
• fix(vue): Avoid triggering deprecated next callback from router instrumentation (#​19476)

Internal Changes

• chore: Updating minimatch (#​19434)
• chore(agents): Add dotagents (#​19526)
• chore(agents): Add nested AGENTS.md for browser (#​19551)
• chore(agents): Add nested AGENTS.md for nextjs (#​19556)
• chore(agents): Consolidate SDK dev rules into AGENTS.md (#​19521)
• chore(agents): Migrate repo-wide cursor rules to skills (#​19549)
• chore(agents): Remove stale cursor commands (#​19560)
• chore(ci): Validate alert id (#​19499)
• chore(deps): Bump rollup to 4.59.0 to fix path traversal vulnerability (#​19538)
• chore(lint): Remove junit report file (#​19491)
• chore(svelte,sveltekit): Use version range for magic-string (#​19520)
• chore(tanstackstart): Fix leftover formatting issue (#​19536)
• test(consola): Restructure tests (#​19517)
• test(node): Test runName parameter in handleChainStart for langchain (#​19562)

Work in this release was contributed by @​YevheniiKotyrlo. Thank you for your contribution!

v10.40.0

Compare Source

Important Changes

• feat(tanstackstart-react): Add global sentry exception middlewares (#​19330)

  The sentryGlobalRequestMiddleware and sentryGlobalFunctionMiddleware global middlewares capture unhandled exceptions thrown in TanStack Start API routes and server functions. Add them as the first entries in the requestMiddleware and functionMiddleware arrays of createStart():

  import { createStart } from '@​tanstack/react-start/server';
  import { sentryGlobalRequestMiddleware, sentryGlobalFunctionMiddleware } from '@​sentry/tanstackstart-react/server';
  
  export default createStart({
    requestMiddleware: [sentryGlobalRequestMiddleware, myRequestMiddleware],
    functionMiddleware: [sentryGlobalFunctionMiddleware, myFunctionMiddleware],
  });

• feat(tanstackstart-react)!: Export Vite plugin from @sentry/tanstackstart-react/vite subpath (#​19182)

  The sentryTanstackStart Vite plugin is now exported from a dedicated subpath. Update your import:

  - import { sentryTanstackStart } from '@​sentry/tanstackstart-react';
  + import { sentryTanstackStart } from '@​sentry/tanstackstart-react/vite';

• fix(node-core): Reduce bundle size by removing apm-js-collab and requiring pino >= 9.10 (#​18631)

  In order to keep receiving pino logs, you need to update your pino version to >= 9.10, the reason for the support bump is to reduce the bundle size of the node-core SDK in frameworks that cannot tree-shake the apm-js-collab dependency.

• fix(browser): Ensure user id is consistently added to sessions (#​19341)

  Previously, the SDK inconsistently set the user id on sessions, meaning sessions were often lacking proper coupling to the user set for example via Sentry.setUser().
  Additionally, the SDK incorrectly skipped starting a new session for the first soft navigation after the pageload.
  This patch fixes these issues. As a result, metrics around sessions, like "Crash Free Sessions" or "Crash Free Users" might change.
  This could also trigger alerts, depending on your set thresholds and conditions.
  We apologize for any inconvenience caused!

  While we're at it, if you're using Sentry in a Single Page App or meta framework, you might want to give the new 'page' session lifecycle a try!
  This new mode no longer creates a session per soft navigation but continues the initial session until the next hard page refresh.
  Check out the docs to learn more!

• ref!(gatsby): Drop Gatsby v2 support (#​19467)

  We drop support for Gatsby v2 (which still relies on webpack 4) for a critical security update in https://github.com/getsentry/sentry-javascript-bundler-plugins/releases/tag/5.0.0

Other Changes

• feat(astro): Add support for Astro on CF Workers (#​19265)
• feat(cloudflare): Instrument async KV API (#​19404)
• feat(core): Add framework-agnostic tunnel handler (#​18892)
• feat(deno): Export logs API from Deno SDK (#​19313)
• feat(deno): Export metrics API from Deno SDK (#​19305)
• feat(deno): instrument Deno.serve with async context support (#​19230)
• feat(deps): bump babel-loader from 8.2.5 to 10.0.0 (#​19303)
• feat(deps): bump body-parser from 1.20.4 to 2.2.2 (#​19191)
• feat(deps): Bump hono from 4.11.7 to 4.11.10 (#​19440)
• feat(deps): bump qs from 6.14.1 to 6.14.2 (#​19310)
• feat(deps): bump the opentelemetry group with 4 updates (#​19425)
• feat(feedback): Add setTheme() to dynamically update feedback widget color scheme (#​19430)
• feat(nextjs): Add sourcemaps.filesToDeleteAfterUpload as a top-level option (#​19280)
• feat(node): Add ignoreConnectSpans option to postgresIntegration (#​19291)
• feat(node): Bump to latest @​fastify/otel (#​19452)
• fix: Bump bundler plugins to v5 (#​19468)
• fix: updated the codecov config (#​19350)
• fix(aws-serverless): Prevent crash in isPromiseAllSettledResult with null/undefined array elements (#​19346)
• fix(bun) Export pinoIntegration from @​sentry/node (#​17990)
• fix(core,browser): Delete SentryNonRecordingSpan from fetch/xhr map (#​19336)
• fix(core): Explicitly flush log buffer in client.close() (#​19371)
• fix(core): Langgraph state graph invoke accepts null to resume (#​19374)
• fix(core): Wrap decodeURI in node stack trace parser to handle malformed URIs (#​19400)
• fix(deps): Bump nuxt devDependency to fix CVE-2026-24001 (#​19249)
• fix(deps): Bump to latest version of each minimatch major (#​19486)
• fix(nextjs): Apply environment from options if set (#​19274)
• fix(nextjs): Don't set sentry.drop_transaction attribute on spans when skipOpenTelemetrySetup is enabled (#​19333)
• fix(nextjs): Normalize trailing slashes in App Router route parameterization (#​19365)
• fix(nextjs): Return correct lastEventId for SSR pages (#​19240)
• fix(nextjs): Set parameterized transaction name for non-transaction events (#​19316)
• fix(node-core): Align pino mechanism type with spec conventions (#​19363)
• fix(nuxt): Use options.rootDir instead of options.srcDir (#​19343)

Internal Changes

- test(nextjs): Add bun e2e test app ([#​19318](https://redirect.github.com/getsentry/sentry-javascript/pull/19318)) - test(nextjs): Deactivate canary test for cf-workers ([#​19483](https://redirect.github.com/getsentry/sentry-javascript/pull/19483)) - tests(langchain): Fix langchain v1 internal error tests ([#​19409](https://redirect.github.com/getsentry/sentry-javascript/pull/19409)) - ref(nuxt): Remove `defineNitroPlugin` wrapper ([#​19334](https://redirect.github.com/getsentry/sentry-javascript/pull/19334)) - ref(cloudflare): Move internal files and functions around ([#​19369](https://redirect.github.com/getsentry/sentry-javascript/pull/19369)) - chore: Add external contributor to CHANGELOG.md ([#​19395](https://redirect.github.com/getsentry/sentry-javascript/pull/19395)) - chore: Add github action to notify stale PRs ([#​19361](https://redirect.github.com/getsentry/sentry-javascript/pull/19361)) - chore: add oxfmt changes to blame ignore rev list ([#​19366](https://redirect.github.com/getsentry/sentry-javascript/pull/19366)) - chore: Enhance AI integration guidelines with runtime-specific placem… ([#​19296](https://redirect.github.com/getsentry/sentry-javascript/pull/19296)) - chore: Ignore `lerna.json` for prettier ([#​19288](https://redirect.github.com/getsentry/sentry-javascript/pull/19288)) - chore: migrate to oxfmt ([#​19200](https://redirect.github.com/getsentry/sentry-javascript/pull/19200)) - chore: Revert to lerna v8 ([#​19294](https://redirect.github.com/getsentry/sentry-javascript/pull/19294)) - chore: Unignore HTML files and reformat with oxfmt ([#​19311](https://redirect.github.com/getsentry/sentry-javascript/pull/19311)) - chore(ci): Adapt max turns of triage issue agent ([#​19473](https://redirect.github.com/getsentry/sentry-javascript/pull/19473)) - chore(ci): Add `environment` to triage action ([#​19375](https://redirect.github.com/getsentry/sentry-javascript/pull/19375)) - chore(ci): Add `id-token: write` permission to triage workflow ([#​19381](https://redirect.github.com/getsentry/sentry-javascript/pull/19381)) - chore(ci): Move monorepo to nx ([#​19325](https://redirect.github.com/getsentry/sentry-javascript/pull/19325)) - chore(cursor): Add rules for fetching develop docs ([#​19377](https://redirect.github.com/getsentry/sentry-javascript/pull/19377)) - chore(deps-dev): Bump @​sveltejs/kit from 2.49.5 to 2.52.2 in /dev-packages/e2e-tests/test-applications/sveltekit-2 ([#​19441](https://redirect.github.com/getsentry/sentry-javascript/pull/19441)) - chore(deps-dev): Bump @​sveltejs/kit from 2.49.5 to 2.52.2 in /dev-packages/e2e-tests/test-applications/sveltekit-2-kit-tracing ([#​19446](https://redirect.github.com/getsentry/sentry-javascript/pull/19446)) - chore(deps-dev): Bump @​sveltejs/kit from 2.49.5 to 2.52.2 in /dev-packages/e2e-tests/test-applications/sveltekit-cloudflare-pages ([#​19462](https://redirect.github.com/getsentry/sentry-javascript/pull/19462)) - chore(deps-dev): Bump @​sveltejs/kit from 2.50.1 to 2.52.2 ([#​19442](https://redirect.github.com/getsentry/sentry-javascript/pull/19442)) - chore(deps-dev): bump @​testing-library/react from 13.0.0 to 15.0.5 ([#​19194](https://redirect.github.com/getsentry/sentry-javascript/pull/19194)) - chore(deps-dev): bump @​types/ember__debug from 3.16.5 to 4.0.8 ([#​19429](https://redirect.github.com/getsentry/sentry-javascript/pull/19429)) - chore(deps-dev): bump ember-resolver from 13.0.2 to 13.1.1 ([#​19301](https://redirect.github.com/getsentry/sentry-javascript/pull/19301)) - chore(deps): Bump @​actions/glob from 0.4.0 to 0.6.1 ([#​19427](https://redirect.github.com/getsentry/sentry-javascript/pull/19427)) - chore(deps): bump agents from 0.2.32 to 0.3.10 in /dev-packages/e2e-tests/test-applications/cloudflare-mcp ([#​19326](https://redirect.github.com/getsentry/sentry-javascript/pull/19326)) - chore(deps): Bump hono from 4.11.7 to 4.11.10 in /dev-packages/e2e-tests/test-applications/cloudflare-hono ([#​19438](https://redirect.github.com/getsentry/sentry-javascript/pull/19438)) - chore(deps): Bump Sentry CLI to latest v2 ([#​19477](https://redirect.github.com/getsentry/sentry-javascript/pull/19477)) - chore(deps): Bump transitive dep `fast-xml-parser` ([#​19433](https://redirect.github.com/getsentry/sentry-javascript/pull/19433)) - chore(deps): upgrade tar to 7.5.9 to fix CVE-2026-26960 ([#​19445](https://redirect.github.com/getsentry/sentry-javascript/pull/19445)) - chore(github): Add `allowedTools` to Claude GitHub action ([#​19386](https://redirect.github.com/getsentry/sentry-javascript/pull/19386)) - chore(github): Add workflow to trigger `triage-issue` skill ([#​19358](https://redirect.github.com/getsentry/sentry-javascript/pull/19358)) - chore(github): Add write tool for markdown report ([#​19387](https://redirect.github.com/getsentry/sentry-javascript/pull/19387)) - chore(github): Change tool permission path ([#​19389](https://redirect.github.com/getsentry/sentry-javascript/pull/19389)) - chore(llm): Add `triage-issue` skill ([#​19356](https://redirect.github.com/getsentry/sentry-javascript/pull/19356)) - chore(llm): Better defense against prompt injection in triage skill ([#​19410](https://redirect.github.com/getsentry/sentry-javascript/pull/19410)) - chore(llm): Make cross-repo search optional and remove file cleanup ([#​19401](https://redirect.github.com/getsentry/sentry-javascript/pull/19401)) - chore(node-core): Make @​sentry/opentelemetry not a peer dep in node… ([#​19308](https://redirect.github.com/getsentry/sentry-javascript/pull/19308)) - chore(repo): Allow WebFetch for Sentry docs in Claude settings ([#​18890](https://redirect.github.com/getsentry/sentry-javascript/pull/18890)) - chore(repo): Increase number of concurrently running nx tasks ([#​19443](https://redirect.github.com/getsentry/sentry-javascript/pull/19443)) - chore(skills): Add security notes for injection defense ([#​19379](https://redirect.github.com/getsentry/sentry-javascript/pull/19379)) - chore(triage-action): Fix JSON parsing ([#​19471](https://redirect.github.com/getsentry/sentry-javascript/pull/19471)) - chore(triage-issue): Improve triage prompt for accuracy ([#​19454](https://redirect.github.com/getsentry/sentry-javascript/pull/19454)) - chore(triage-skill): Add GitHub parsing python util script ([#​19405](https://redirect.github.com/getsentry/sentry-javascript/pull/19405)) - chore(triage-skill): Increase `num_turns` and add script to post summary ([#​19456](https://redirect.github.com/getsentry/sentry-javascript/pull/19456)) - ci(fix-security-vulnerability): Add id token write permission ([#​19412](https://redirect.github.com/getsentry/sentry-javascript/pull/19412)) - ci(fix-security-vulnerability): Be specific about how to fetch the alert page ([#​19414](https://redirect.github.com/getsentry/sentry-javascript/pull/19414)) - ci(fix-security-vulnerability): Run fetch alert first before executing skill ([#​19418](https://redirect.github.com/getsentry/sentry-javascript/pull/19418)) - ci(fix-security-vulnerability): Use opus 4.6 ([#​19416](https://redirect.github.com/getsentry/sentry-javascript/pull/19416)) - ci(github): Add tilde to file path to not exact-match ([#​19392](https://redirect.github.com/getsentry/sentry-javascript/pull/19392)) - ci(triage-skill): Allow `Write` and remove `rm` permission ([#​19397](https://redirect.github.com/getsentry/sentry-javascript/pull/19397)) - ci(triage-skill): Run on opened issues ([#​19423](https://redirect.github.com/getsentry/sentry-javascript/pull/19423)) - docs(nuxt): Remove duplicated setup instructions ([#​19422](https://redirect.github.com/getsentry/sentry-javascript/pull/19422)) - feat(ci): Add security vulnerability skill action ([#​19355](https://redirect.github.com/getsentry/sentry-javascript/pull/19355))

Work in this release was contributed by @​LudvigHz and @​jadengis. Thank you for your contributions!

v10.39.0

Compare Source

Important Changes

• feat(tanstackstart-react): Auto-instrument server function middleware (#​19001)

  The sentryTanstackStart Vite plugin now automatically instruments middleware in createServerFn().middleware([...]) calls. This captures performance data without requiring manual wrapping with wrapMiddlewaresWithSentry().

• feat(nextjs): New experimental automatic vercel cron monitoring (#​19192)

  Setting _experimental.vercelCronMonitoring to true in your Sentry configuration will automatically create Sentry cron monitors for your Vercel Cron Jobs.

  Please note that this is an experimental unstable feature and subject to change.

  // next.config.ts
  export default withSentryConfig(nextConfig, {
    _experimental: {
      vercelCronMonitoring: true,
    },
  });

• feat(node-core): Add node-core/light (#​18502)

  This release adds a new light-weight @sentry/node-core/light export to @sentry/node-core. The export acts as a light-weight SDK that does not depend on OpenTelemetry and emits no spans.

  Use this SDK when:

  • You only need error tracking, logs or metrics without tracing data (no spans)
  • You want to minimize bundle size and runtime overhead
  • You don't need spans emitted by OpenTelemetry instrumentation

  It supports error tracking and reporting, logs, metrics, automatic request isolation (requires Node.js 22+) and basic tracing via our Sentry.startSpan* APIs.

  Install the SDK by running

  npm install @​sentry/node-core

  and add Sentry at the top of your application's entry file:

  import * as Sentry from '@​sentry/node-core/light';
  
  Sentry.init({
    dsn: '__DSN__',
  });

Other Changes

• feat(browser): Add mode option for the browser session integration (#​18997)
• feat(browser): Include culture context with events (#​19148)
• feat(browser): Trace continuation from server-timing headers (#​18673)
• feat(core,cloudflare): Enable certain fields with env variables (#​19245)
• feat(deps): bump @​isaacs/brace-expansion from 5.0.0 to 5.0.1 (#​19149)
• feat(deps): bump @​sentry/bundler-plugin-core from 4.8.0 to 4.9.0 (#​19190)
• feat(deps): Bump glob in @sentry/react-router (#​19162)
• feat(deps): bump hono from 4.11.1 to 4.11.7 (#​19068)
• feat(hono): Add base for Sentry Hono middleware (Cloudflare) (#​18787)
• feat(nextjs): Set cloudflare runtime (#​19084)
• feat(node-core): Add outgoing fetch trace propagation to light mode (#​19262)
• feat(react): Add lazyRouteManifest option to resolve lazy-route names (#​19086)
• feat(vercel-ai): Add rerank support and fix token attribute mapping (#​19144)
• fix(core): Avoid blocking the process for weightBasedFlushing (#​19174)
• fix(core): Avoid blocking the process when calling flush on empty buffer (#​19062)
• fix(core): Ensure partially set SDK metadata options are preserved (#​19102)
• fix(core): Fix truncation to only keep last message in vercel (#​19080)
• fix(core): Intercept .withResponse() to preserve OpenAI stream instrumentation (#​19122)
• fix(core): Prevent infinite recursion when event processor throws (#​19110)
• fix(core): Record client report with reason for HTTP 413 responses (#​19093)
• fix(core): Remove outdated _experiments.enableMetrics references from metrics JSDoc (#​19252)
• fix(core): Respect event.event_id in scope.captureEvent return value (#​19113)
• fix(core): use sessionId for MCP transport correlation (#​19172)
• fix(deps): Bump @nestjs/platform-express to 11.1.13 (#​19206)
• fix(deps): Bump diff to 5.2.2 (#​19228)
• fix(deps): Bump js-yaml to 3.14.2 and 4.1.1 (#​19216)
• fix(deps): Bump lodash to 4.17.23 (#​19211)
• fix(deps): Bump mdast-util-to-hast to 13.2.1 (#​19205)
• fix(deps): Bump node-forge to 1.3.2 (#​19183)
• fix(deps): Bump react-router to 6.30.3 (#​19212)
• fix(deps): Bump sinon to 21.0.1 in @sentry/ember (#​19246)
• fix(deps): Bump vite to 5.4.21 (#​19214)
• fix(nextjs): Expose an event id when captureUnderscoreErrorException captures an exception (#​19185)
• fix(nextjs): Populate SENTRY_SERVER_MODULES in Turbopack (#​19231)
• fix(node): Use snake_case for Fastify's request-handler op. (#​18729)
• fix(nuxt): Avoid logging database skip warning when debug is disabled (#​19095)
• fix(nuxt): Respect configured environment settings (#​19243)
• fix(profiling-node): 137 ABI should not be pruned for node 24 (#​19236)
• fix(replay): Improve error messages when compression worker fails to load (#​19008)
• fix(svelte): Bump svelte dev dependency to 3.59.2 (#​19208)
• fix(sveltekit): Detect used adapter via svelte.config.js (#​19270)
• fix(tanstackstart-react): Use auto.middleware.tanstackstart as middleware trace origin (#​19137)
• ref(core): Move shouldPropagateTraceForUrl from opentelemetry to core (#​19254)
• ref(core): Move shouldPropagateTraceForUrl from opentelemetry to core (#​19258)
• ref(sveltekit): Use untrack to read route id without invalidation (#​19272)

Internal Changes

• chore: Add cursor rules for AI integrations contributions (#​19167)
• chore: Add Makefiles for dev-packages to make it convenient to run tests (#​19203)
• chore: bump prettier to 3.8 (#​19198)
• chore(bugbot): Add rule to flag not-unref'd timers (#​19082)
• chore(deps-dev): bump @​sveltejs/kit from 2.49.5 to 2.50.1 (#​19089)
• chore(deps

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[coderabbitai]

Summary by CodeRabbit

• Chores
  • Upgraded error monitoring dependencies to the latest major version for enhanced stability tracking and improved error reporting capabilities.

Walkthrough

The @sentry/browser dependency version constraint in package.json was updated from ^7.77.0 to ^10.0.0, upgrading the Sentry browser SDK major version from 7.x to 10.x.

Changes

Cohort / File(s)	Summary
Dependency Update package.json	Updated @sentry/browser version constraint from ^7.77.0 to ^10.0.0, a major version bump spanning three major releases.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description is largely incomplete compared to the template. It lacks required sections like 'Summary', 'Jira', 'How to Test', and QE checklist items. Only a Renovate-generated auto-formatted change summary is provided.	Add a custom 'Summary' section explaining the upgrade rationale and impacts. Link to any corresponding Jira ticket, add testing guidance, and complete the QE reviewer checklist items or mark them as not applicable.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The PR title clearly and accurately describes the main change: updating the @sentry/browser dependency to version 10, which aligns with the changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch konflux/mintmaker/main/major-sentry-javascript-monorepo

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@package.json`:
- Around line 30-31: Remove the unused, deprecated dependency
"@sentry/integrations" from package.json by deleting its entry, then run your
package manager (npm/yarn/pnpm) to update lockfiles and node_modules; also
search the repo for any imports or references to "@sentry/integrations" and
replace them with the corresponding exports from "@sentry/browser" (or remove
the import if truly unused) to ensure no broken imports remain.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: bfb8d092-9555-465a-bdc3-203e9c67847e

📥 Commits

Reviewing files that changed from the base of the PR and between a54d9ec and 9d0fe6c.

⛔ Files ignored due to path filters (1)

• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (1)

• package.json

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Find all usages of `@sentry/integrations` in the codebase
echo "=== Searching for `@sentry/integrations` imports ==="
rg -n "@sentry/integrations" --type ts --type tsx --type js --type jsx -C 3

echo ""
echo "=== Searching for Sentry initialization and integration usage ==="
rg -n "Sentry\.(init|addIntegration)" --type ts --type tsx --type js --type jsx -C 5

echo ""
echo "=== Searching for common integration imports (CaptureConsole, ExtraErrorData, etc.) ==="
rg -n "(CaptureConsole|ExtraErrorData|ReportingObserver|HttpClient|Dedupe)" -C 3

Repository: RedHatInsights/uhc-portal

Length of output: 348

---

🌐 Web query:

Sentry JavaScript SDK v10 migration guide @sentry/integrations deprecated

💡 Result:

What changed (and why you see @sentry/integrations deprecated)

• The standalone @sentry/integrations package is considered legacy; integrations are now exported directly from the relevant SDK packages (for example @sentry/node, @sentry/react, etc.) to improve maintenance and reduce bundle size. [1]
• Sentry has also been moving from class-based integrations (new Integrations.X()) to function-based integration factories (xIntegration()), with the class-based style deprecated. [2]

How to migrate code that imports from @sentry/integrations

Before (legacy):

import { CaptureConsole } from "@sentry/integrations";

Sentry.init({
  integrations: [new CaptureConsole()],
});

After (recommended): import from your SDK package

• Node:

import * as Sentry from "@sentry/node";

Sentry.init({
  integrations: [Sentry.captureConsoleIntegration()],
  // or: Sentry.addIntegration(Sentry.captureConsoleIntegration());
});

(See Sentry’s Node integrations docs for the addIntegration/integrations patterns.) [3]

Do the same kind of change for other integrations: remove @sentry/integrations imports and use the integration exports on your platform SDK (for example @sentry/react, @sentry/browser, @sentry/node, etc.). [1]

v10-specific migration notes (JavaScript SDK 9 → 10)

Sentry JS SDK v10 primarily upgrades underlying OpenTelemetry dependencies to v2 (with relatively minimal breaking changes beyond that). [4]
Key items called out in the v9→v10 guide include:

• OpenTelemetry deps bumped to v2; if you can’t run OTel v2, Sentry suggests staying on v9 or using @sentry/node-core (wider OTel peer deps). [4]
• FID web vital reporting removed. [4]
• Some deprecated APIs were removed (for example BaseClient, hasTracingEnabled, and internal logger exports in @sentry/core). [4]

If your migration is specifically about tracing

If you still have older tracing setup patterns, note that Sentry deprecated older “new integration class” usage in favor of Sentry.browserTracingIntegration() (instead of new Sentry.BrowserTracing() / older patterns). [2]

Sources:
[1] Sentry @sentry/integrations registry docs noting integrations are exported from SDK packages now: [1] (tessl.io)
[2] Sentry JS deprecations guidance showing move to functional integrations (example: Sentry.browserTracingIntegration()): [2] (docs.sentry.dev)
[3] Sentry Node integrations configuration examples (addIntegration, etc.): [3] (docs.sentry.dev)
[4] Official Sentry JS SDK v9→v10 migration guide (OTel v2, removed APIs, etc.): [4] (docs.sentry.io)

Citations:

• 1: https://tessl.io/registry/tessl/npm-sentry--integrations?utm_source=openai
• 2: https://docs.sentry.dev/platforms/javascript/migration/v7-to-v8/v7-deprecations/?utm_source=openai
• 3: https://docs.sentry.dev/platforms/javascript/guides/node/configuration/integrations/?utm_source=openai
• 4: https://docs.sentry.io/platforms/javascript/migration/v9-to-v10/

---

Remove unused @sentry/integrations dependency.

@sentry/integrations is not used anywhere in the codebase and is deprecated as of Sentry v8+. Integrations are now exported directly from @sentry/browser. Remove this dependency from package.json to reduce bundle size and eliminate unused legacy code.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@package.json` around lines 30 - 31, Remove the unused, deprecated dependency
"@sentry/integrations" from package.json by deleting its entry, then run your
package manager (npm/yarn/pnpm) to update lockfiles and node_modules; also
search the repo for any imports or references to "@sentry/integrations" and
replace them with the corresponding exports from "@sentry/browser" (or remove
the import if truly unused) to ensure no broken imports remain.

[eliranmal]

sentry/integrations is currently used in chrome-main.

we need to update that import to reference sentry/browser before we can remove sentry/integrations.

[coderabbitai]

🧩 Analysis chain

Good to know! Let me find the exact usage to plan the migration properly.

---

🏁 Script executed:

#!/bin/bash
echo "=== Searching for `@sentry/integrations` imports/usage ==="
rg -n "@sentry/integrations" -C 5

echo ""
echo "=== Searching for chrome-main file(s) ==="
fd -i "chrome-main" --extension ts --extension tsx --extension js --extension jsx

echo ""
echo "=== Searching for any Sentry-related imports broadly ==="
rg -n "from ['\"]@sentry" -C 3

Length of output: 8496

---

Let me confirm sessionTimingIntegration availability in @sentry/browser v10.

@eliranmal, thanks for the context! Confirmed — the only usage of @sentry/integrations in the codebase is sessionTimingIntegration in src/chrome-main.tsx (line 27). sessionTimingIntegration is now exported directly from @sentry/browser, so the fix is a one-liner:

src/chrome-main.tsx — update line 27:

- import { sessionTimingIntegration } from '@sentry/integrations';
+ import { sessionTimingIntegration } from '@sentry/browser';

Then remove the stale dependency from package.json:

     "@sentry/browser": "^10.0.0",
-    "@sentry/integrations": "^7.77.0",

Side note: The SessionTiming integration is deprecated and will be removed in the next major version of the SDK. You may want to evaluate whether it's still needed, but migrating the import first is the right approach for this PR.

---

📝 Learnings were identified and not saved (knowledge base disabled). Enable

[eliranmal]

✏️

[eliranmal]

sentry/integrations is currently used in chrome-main.

we need to update that import to reference sentry/browser before we can remove sentry/integrations.