Update all non-major dependencies by renovate[bot] · Pull Request #463 · successible/cleanslate

renovate · 2026-03-09T06:20:01Z

This PR contains the following updates:

Package	Change	Age	Confidence
@apollo/client (source)	`4.1.5` → `4.1.6`
@sentry/react (source)	`10.39.0` → `10.41.0`
@types/node (source)	`24.10.13` → `24.11.0`
axios (source)	`1.13.5` → `1.13.6`
firebase (source, changelog)	`12.9.0` → `12.10.0`
firebase-admin (source)	`13.6.1` → `13.7.0`
firebase-functions	`7.0.5` → `7.0.6`
graphql	`16.12.0` → `16.13.0`

Release Notes

apollographql/apollo-client (@apollo/client)

`v4.1.6`

Compare Source

Patch Changes

#13128 6c0b8e4 Thanks @pavelivanov! - Fix useQuery hydration mismatch when ssr: false and skip: true are used together

When both options were combined, the server would return loading: false (because useSSRQuery checks skip first), but the client's getServerSnapshot was returning ssrDisabledResult with loading: true, causing a hydration mismatch.

getsentry/sentry-javascript (@sentry/react)

`v10.41.0`

Compare Source

`v10.40.0`

Compare Source

Important Changes

feat(tanstackstart-react): Add global sentry exception middlewares (#19330)

The sentryGlobalRequestMiddleware and sentryGlobalFunctionMiddleware global middlewares capture unhandled exceptions thrown in TanStack Start API routes and server functions. Add them as the first entries in the requestMiddleware and functionMiddleware arrays of createStart():

import { createStart } from '@&#8203;tanstack/react-start/server';
import { sentryGlobalRequestMiddleware, sentryGlobalFunctionMiddleware } from '@&#8203;sentry/tanstackstart-react/server';

export default createStart({
  requestMiddleware: [sentryGlobalRequestMiddleware, myRequestMiddleware],
  functionMiddleware: [sentryGlobalFunctionMiddleware, myFunctionMiddleware],
});

feat(tanstackstart-react)!: Export Vite plugin from @sentry/tanstackstart-react/vite subpath (#19182)

The sentryTanstackStart Vite plugin is now exported from a dedicated subpath. Update your import:
```
- import { sentryTanstackStart } from '@&#8203;sentry/tanstackstart-react';
+ import { sentryTanstackStart } from '@&#8203;sentry/tanstackstart-react/vite';
```
fix(node-core): Reduce bundle size by removing apm-js-collab and requiring pino >= 9.10 (#18631)

In order to keep receiving pino logs, you need to update your pino version to >= 9.10, the reason for the support bump is to reduce the bundle size of the node-core SDK in frameworks that cannot tree-shake the apm-js-collab dependency.
fix(browser): Ensure user id is consistently added to sessions (#19341)

Previously, the SDK inconsistently set the user id on sessions, meaning sessions were often lacking proper coupling to the user set for example via Sentry.setUser().
Additionally, the SDK incorrectly skipped starting a new session for the first soft navigation after the pageload.
This patch fixes these issues. As a result, metrics around sessions, like "Crash Free Sessions" or "Crash Free Users" might change.
This could also trigger alerts, depending on your set thresholds and conditions.
We apologize for any inconvenience caused!

While we're at it, if you're using Sentry in a Single Page App or meta framework, you might want to give the new 'page' session lifecycle a try!
This new mode no longer creates a session per soft navigation but continues the initial session until the next hard page refresh.
Check out the docs to learn more!
ref!(gatsby): Drop Gatsby v2 support (#19467)

We drop support for Gatsby v2 (which still relies on webpack 4) for a critical security update in https://github.com/getsentry/sentry-javascript-bundler-plugins/releases/tag/5.0.0

Other Changes

feat(astro): Add support for Astro on CF Workers (#19265)
feat(cloudflare): Instrument async KV API (#19404)
feat(core): Add framework-agnostic tunnel handler (#18892)
feat(deno): Export logs API from Deno SDK (#19313)
feat(deno): Export metrics API from Deno SDK (#19305)
feat(deno): instrument Deno.serve with async context support (#19230)
feat(deps): bump babel-loader from 8.2.5 to 10.0.0 (#19303)
feat(deps): bump body-parser from 1.20.4 to 2.2.2 (#19191)
feat(deps): Bump hono from 4.11.7 to 4.11.10 (#19440)
feat(deps): bump qs from 6.14.1 to 6.14.2 (#19310)
feat(deps): bump the opentelemetry group with 4 updates (#19425)
feat(feedback): Add setTheme() to dynamically update feedback widget color scheme (#19430)
feat(nextjs): Add sourcemaps.filesToDeleteAfterUpload as a top-level option (#19280)
feat(node): Add ignoreConnectSpans option to postgresIntegration (#19291)
feat(node): Bump to latest @fastify/otel (#19452)
fix: Bump bundler plugins to v5 (#19468)
fix: updated the codecov config (#19350)
fix(aws-serverless): Prevent crash in isPromiseAllSettledResult with null/undefined array elements (#19346)
fix(bun) Export pinoIntegration from @sentry/node (#17990)
fix(core,browser): Delete SentryNonRecordingSpan from fetch/xhr map (#19336)
fix(core): Explicitly flush log buffer in client.close() (#19371)
fix(core): Langgraph state graph invoke accepts null to resume (#19374)
fix(core): Wrap decodeURI in node stack trace parser to handle malformed URIs (#19400)
fix(deps): Bump nuxt devDependency to fix CVE-2026-24001 (#19249)
fix(deps): Bump to latest version of each minimatch major (#19486)
fix(nextjs): Apply environment from options if set (#19274)
fix(nextjs): Don't set sentry.drop_transaction attribute on spans when skipOpenTelemetrySetup is enabled (#19333)
fix(nextjs): Normalize trailing slashes in App Router route parameterization (#19365)
fix(nextjs): Return correct lastEventId for SSR pages (#19240)
fix(nextjs): Set parameterized transaction name for non-transaction events (#19316)
fix(node-core): Align pino mechanism type with spec conventions (#19363)
fix(nuxt): Use options.rootDir instead of options.srcDir (#19343)

Internal Changes

- test(nextjs): Add bun e2e test app ([#19318](https://redirect.github.com/getsentry/sentry-javascript/pull/19318)) - test(nextjs): Deactivate canary test for cf-workers ([#19483](https://redirect.github.com/getsentry/sentry-javascript/pull/19483)) - tests(langchain): Fix langchain v1 internal error tests ([#19409](https://redirect.github.com/getsentry/sentry-javascript/pull/19409)) - ref(nuxt): Remove `defineNitroPlugin` wrapper ([#19334](https://redirect.github.com/getsentry/sentry-javascript/pull/19334)) - ref(cloudflare): Move internal files and functions around ([#19369](https://redirect.github.com/getsentry/sentry-javascript/pull/19369)) - chore: Add external contributor to CHANGELOG.md ([#19395](https://redirect.github.com/getsentry/sentry-javascript/pull/19395)) - chore: Add github action to notify stale PRs ([#19361](https://redirect.github.com/getsentry/sentry-javascript/pull/19361)) - chore: add oxfmt changes to blame ignore rev list ([#19366](https://redirect.github.com/getsentry/sentry-javascript/pull/19366)) - chore: Enhance AI integration guidelines with runtime-specific placem… ([#19296](https://redirect.github.com/getsentry/sentry-javascript/pull/19296)) - chore: Ignore `lerna.json` for prettier ([#19288](https://redirect.github.com/getsentry/sentry-javascript/pull/19288)) - chore: migrate to oxfmt ([#19200](https://redirect.github.com/getsentry/sentry-javascript/pull/19200)) - chore: Revert to lerna v8 ([#19294](https://redirect.github.com/getsentry/sentry-javascript/pull/19294)) - chore: Unignore HTML files and reformat with oxfmt ([#19311](https://redirect.github.com/getsentry/sentry-javascript/pull/19311)) - chore(ci): Adapt max turns of triage issue agent ([#19473](https://redirect.github.com/getsentry/sentry-javascript/pull/19473)) - chore(ci): Add `environment` to triage action ([#19375](https://redirect.github.com/getsentry/sentry-javascript/pull/19375)) - chore(ci): Add `id-token: write` permission to triage workflow ([#19381](https://redirect.github.com/getsentry/sentry-javascript/pull/19381)) - chore(ci): Move monorepo to nx ([#19325](https://redirect.github.com/getsentry/sentry-javascript/pull/19325)) - chore(cursor): Add rules for fetching develop docs ([#19377](https://redirect.github.com/getsentry/sentry-javascript/pull/19377)) - chore(deps-dev): Bump @sveltejs/kit from 2.49.5 to 2.52.2 in /dev-packages/e2e-tests/test-applications/sveltekit-2 ([#19441](https://redirect.github.com/getsentry/sentry-javascript/pull/19441)) - chore(deps-dev): Bump @sveltejs/kit from 2.49.5 to 2.52.2 in /dev-packages/e2e-tests/test-applications/sveltekit-2-kit-tracing ([#19446](https://redirect.github.com/getsentry/sentry-javascript/pull/19446)) - chore(deps-dev): Bump @sveltejs/kit from 2.49.5 to 2.52.2 in /dev-packages/e2e-tests/test-applications/sveltekit-cloudflare-pages ([#19462](https://redirect.github.com/getsentry/sentry-javascript/pull/19462)) - chore(deps-dev): Bump @sveltejs/kit from 2.50.1 to 2.52.2 ([#19442](https://redirect.github.com/getsentry/sentry-javascript/pull/19442)) - chore(deps-dev): bump @testing-library/react from 13.0.0 to 15.0.5 ([#19194](https://redirect.github.com/getsentry/sentry-javascript/pull/19194)) - chore(deps-dev): bump @types/ember__debug from 3.16.5 to 4.0.8 ([#19429](https://redirect.github.com/getsentry/sentry-javascript/pull/19429)) - chore(deps-dev): bump ember-resolver from 13.0.2 to 13.1.1 ([#19301](https://redirect.github.com/getsentry/sentry-javascript/pull/19301)) - chore(deps): Bump @actions/glob from 0.4.0 to 0.6.1 ([#19427](https://redirect.github.com/getsentry/sentry-javascript/pull/19427)) - chore(deps): bump agents from 0.2.32 to 0.3.10 in /dev-packages/e2e-tests/test-applications/cloudflare-mcp ([#19326](https://redirect.github.com/getsentry/sentry-javascript/pull/19326)) - chore(deps): Bump hono from 4.11.7 to 4.11.10 in /dev-packages/e2e-tests/test-applications/cloudflare-hono ([#19438](https://redirect.github.com/getsentry/sentry-javascript/pull/19438)) - chore(deps): Bump Sentry CLI to latest v2 ([#19477](https://redirect.github.com/getsentry/sentry-javascript/pull/19477)) - chore(deps): Bump transitive dep `fast-xml-parser` ([#19433](https://redirect.github.com/getsentry/sentry-javascript/pull/19433)) - chore(deps): upgrade tar to 7.5.9 to fix CVE-2026-26960 ([#19445](https://redirect.github.com/getsentry/sentry-javascript/pull/19445)) - chore(github): Add `allowedTools` to Claude GitHub action ([#19386](https://redirect.github.com/getsentry/sentry-javascript/pull/19386)) - chore(github): Add workflow to trigger `triage-issue` skill ([#19358](https://redirect.github.com/getsentry/sentry-javascript/pull/19358)) - chore(github): Add write tool for markdown report ([#19387](https://redirect.github.com/getsentry/sentry-javascript/pull/19387)) - chore(github): Change tool permission path ([#19389](https://redirect.github.com/getsentry/sentry-javascript/pull/19389)) - chore(llm): Add `triage-issue` skill ([#19356](https://redirect.github.com/getsentry/sentry-javascript/pull/19356)) - chore(llm): Better defense against prompt injection in triage skill ([#19410](https://redirect.github.com/getsentry/sentry-javascript/pull/19410)) - chore(llm): Make cross-repo search optional and remove file cleanup ([#19401](https://redirect.github.com/getsentry/sentry-javascript/pull/19401)) - chore(node-core): Make @sentry/opentelemetry not a peer dep in node… ([#19308](https://redirect.github.com/getsentry/sentry-javascript/pull/19308)) - chore(repo): Allow WebFetch for Sentry docs in Claude settings ([#18890](https://redirect.github.com/getsentry/sentry-javascript/pull/18890)) - chore(repo): Increase number of concurrently running nx tasks ([#19443](https://redirect.github.com/getsentry/sentry-javascript/pull/19443)) - chore(skills): Add security notes for injection defense ([#19379](https://redirect.github.com/getsentry/sentry-javascript/pull/19379)) - chore(triage-action): Fix JSON parsing ([#19471](https://redirect.github.com/getsentry/sentry-javascript/pull/19471)) - chore(triage-issue): Improve triage prompt for accuracy ([#19454](https://redirect.github.com/getsentry/sentry-javascript/pull/19454)) - chore(triage-skill): Add GitHub parsing python util script ([#19405](https://redirect.github.com/getsentry/sentry-javascript/pull/19405)) - chore(triage-skill): Increase `num_turns` and add script to post summary ([#19456](https://redirect.github.com/getsentry/sentry-javascript/pull/19456)) - ci(fix-security-vulnerability): Add id token write permission ([#19412](https://redirect.github.com/getsentry/sentry-javascript/pull/19412)) - ci(fix-security-vulnerability): Be specific about how to fetch the alert page ([#19414](https://redirect.github.com/getsentry/sentry-javascript/pull/19414)) - ci(fix-security-vulnerability): Run fetch alert first before executing skill ([#19418](https://redirect.github.com/getsentry/sentry-javascript/pull/19418)) - ci(fix-security-vulnerability): Use opus 4.6 ([#19416](https://redirect.github.com/getsentry/sentry-javascript/pull/19416)) - ci(github): Add tilde to file path to not exact-match ([#19392](https://redirect.github.com/getsentry/sentry-javascript/pull/19392)) - ci(triage-skill): Allow `Write` and remove `rm` permission ([#19397](https://redirect.github.com/getsentry/sentry-javascript/pull/19397)) - ci(triage-skill): Run on opened issues ([#19423](https://redirect.github.com/getsentry/sentry-javascript/pull/19423)) - docs(nuxt): Remove duplicated setup instructions ([#19422](https://redirect.github.com/getsentry/sentry-javascript/pull/19422)) - feat(ci): Add security vulnerability skill action ([#19355](https://redirect.github.com/getsentry/sentry-javascript/pull/19355))

Work in this release was contributed by @LudvigHz and @jadengis. Thank you for your contributions!

Bundle size 📦

Path	Size
@sentry/browser	25.02 KB
@sentry/browser - with treeshaking flags	23.56 KB
@sentry/browser (incl. Tracing)	41.43 KB
@sentry/browser (incl. Tracing, Profiling)	45.98 KB
@sentry/browser (incl. Tracing, Replay)	79.34 KB
@sentry/browser (incl. Tracing, Replay) - with treeshaking flags	69.2 KB
@sentry/browser (incl. Tracing, Replay with Canvas)	83.92 KB
@sentry/browser (incl. Tracing, Replay, Feedback)	95.9 KB
@sentry/browser (incl. Feedback)	41.43 KB
@sentry/browser (incl. sendFeedback)	29.58 KB
@sentry/browser (incl. FeedbackAsync)	34.51 KB
@sentry/browser (incl. Metrics)	26.16 KB
@sentry/browser (incl. Logs)	26.3 KB
@sentry/browser (incl. Metrics & Logs)	26.96 KB
@sentry/react	26.73 KB
@sentry/react (incl. Tracing)	43.71 KB
@sentry/vue	29.36 KB
@sentry/vue (incl. Tracing)	43.23 KB
@sentry/svelte	25.04 KB
CDN Bundle	27.5 KB
CDN Bundle (incl. Tracing)	42.24 KB
CDN Bundle (incl. Logs, Metrics)	28.32 KB
CDN Bundle (incl. Tracing, Logs, Metrics)	43.06 KB
CDN Bundle (incl. Replay, Logs, Metrics)	66.49 KB
CDN Bundle (incl. Tracing, Replay)	78.25 KB
CDN Bundle (incl. Tracing, Replay, Logs, Metrics)	79.1 KB
CDN Bundle (incl. Tracing, Replay, Feedback)	83.64 KB
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics)	84.5 KB
CDN Bundle - uncompressed	80.41 KB
CDN Bundle (incl. Tracing) - uncompressed	125.06 KB
CDN Bundle (incl. Logs, Metrics) - uncompressed	83.18 KB
CDN Bundle (incl. Tracing, Logs, Metrics) - uncompressed	127.82 KB
CDN Bundle (incl. Replay, Logs, Metrics) - uncompressed	203.94 KB
CDN Bundle (incl. Tracing, Replay) - uncompressed	239.2 KB
CDN Bundle (incl. Tracing, Replay, Logs, Metrics) - uncompressed	241.95 KB
CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed	251.81 KB
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics) - uncompressed	254.55 KB
@sentry/nextjs (client)	46.07 KB
@sentry/sveltekit (client)	41.88 KB
@sentry/node-core	50.95 KB
@sentry/node	169.38 KB
@sentry/node - without tracing	95.04 KB
@sentry/aws-serverless	110.47 KB

axios/axios (axios)

`v1.13.6`

Compare Source

This release focuses on platform compatibility, error handling improvements, and code quality maintenance.

⚠️ Important Changes

Breaking Changes: None identified in this release.
Action Required: Users targeting React Native should verify their integration, particularly if relying on specific Blob or FormData behaviours, as improvements have been made to support these objects.

🚀 New Features

React Native Blob Support: Axios now includes support for React Native Blob objects. Thanks to @moh3n9595 for the initial implementation. (#5764)
Code Quality: Implemented prettier across the codebase and resolved associated formatting issues. (#7385)

🐛 Bug Fixes

Environment Compatibility:
- Fixed module exports for React Native and Browserify environments. (#7386)
- Added safe FormData detection for the WeChat Mini Program environment. (#7324)
Error Handling:
- AxiosError.message is now correctly enumerable. (#7392)
- AxiosError.from now correctly copies the status property from the source error, ensuring better error propagation. (#7403)

🔧 Maintenance & Chores

Dependencies: Updated the development_dependencies group (5 updates). (#7432)
Infrastructure: Migrated @rollup/plugin-babel from v5.3.1 to v6.1.0. (#7424)
Documentation: Added missing JSDoc comments to utilities. (#7427)

🌟 New Contributors

We are thrilled to welcome our new contributors! Thank you for helping improve the project:

Full Changelog: v1.13.5...v1.13.6

firebase/firebase-js-sdk (firebase)

`v12.10.0`

Compare Source

For more detailed release notes, see Firebase JavaScript SDK Release Notes.

What's Changed

@firebase/ai@2.9.0

Minor Changes

47f8521 #9489 - Added automatic function calling capability when using ChatSession.

Patch Changes

Updated dependencies [eebba69]:
@firebase/util@1.14.0
@firebase/component@0.7.1

@firebase/data-connect@0.4.0

Minor Changes

eebba69 #9439 - Add Memory-Based caching to Queries in Firebase Data Connect.

Patch Changes

Updated dependencies [eebba69]:
@firebase/util@1.14.0
@firebase/component@0.7.1

firebase@12.10.0

Minor Changes

14d9745 #9483 - Support added for mapSet, mapValues, mapEntries, mapKeys Pipelines expressions.
47f8521 #9489 - Added automatic function calling capability when using ChatSession.
f8996c4 #9479 - Support added for the following string Pipeline expressions: stringRepeat, stringReplaceOne, stringReplaceAll, stringIndexOf, ltrim, rtrim.
eebba69 #9439 - Add Memory-Based caching to Queries in Firebase Data Connect.
659d9bb #9576 - Add support for first, last, array_agg and array_agg_distinct expressions
852162b #9498 - Add support for rand and trunc pipeline expressions
6041509 #9484 - feat(firestore): Support added for the isType Pipeline expression.

Patch Changes

Updated dependencies [14d9745, 47f8521, f8996c4, eebba69, 659d9bb, 852162b, 6041509]:
@firebase/firestore@4.12.0
@firebase/app@0.14.9
@firebase/ai@2.9.0
@firebase/data-connect@0.4.0
@firebase/util@1.14.0
@firebase/firestore-compat@0.4.6
@firebase/analytics@0.10.20
@firebase/app-check@0.11.1
@firebase/app-compat@0.5.9
@firebase/auth@1.12.1
@firebase/database@1.1.1
@firebase/functions@0.13.2
@firebase/installations@0.6.20
@firebase/messaging@0.12.24
@firebase/performance@0.7.10
@firebase/remote-config@0.8.1
@firebase/storage@0.14.1
@firebase/analytics-compat@0.2.26
@firebase/app-check-compat@0.4.1
@firebase/auth-compat@0.6.3
@firebase/database-compat@2.1.1
@firebase/functions-compat@0.4.2
@firebase/installations-compat@0.2.20
@firebase/messaging-compat@0.2.24
@firebase/performance-compat@0.2.23
@firebase/remote-config-compat@0.2.22
@firebase/storage-compat@0.4.1

@firebase/firestore@4.12.0

Minor Changes

14d9745 #9483 - Support added for mapSet, mapValues, mapEntries, mapKeys Pipelines expressions.
f8996c4 #9479 - Support added for the following string Pipeline expressions: stringRepeat, stringReplaceOne, stringReplaceAll, stringIndexOf, ltrim, rtrim.
659d9bb #9576 - Add support for first, last, array_agg and array_agg_distinct expressions
852162b #9498 - Add support for rand and trunc pipeline expressions
6041509 #9484 - feat(firestore): Support added for the isType Pipeline expression.