chore(deps): update JavaScript SDK to v10.40.0 by github-actions[bot] · Pull Request #2 · huextrat/sentry-react-native

github-actions · 2026-02-17T04:51:45Z

Bumps scripts/update-javascript.sh from 10.38.0 to 10.40.0.

Changelog

10.40.0

Important Changes

feat(tanstackstart-react): Add global sentry exception middlewares (#19330)

The sentryGlobalRequestMiddleware and sentryGlobalFunctionMiddleware global middlewares capture unhandled exceptions thrown in TanStack Start API routes and server functions. Add them as the first entries in the requestMiddleware and functionMiddleware arrays of createStart():

import { createStart } from 'tanstack/react-start/server';
import { sentryGlobalRequestMiddleware, sentryGlobalFunctionMiddleware } from 'sentry/tanstackstart-react/server';

export default createStart({
  requestMiddleware: [sentryGlobalRequestMiddleware, myRequestMiddleware],
  functionMiddleware: [sentryGlobalFunctionMiddleware, myFunctionMiddleware],
});

feat(tanstackstart-react)!: Export Vite plugin from sentry/tanstackstart-react/vite subpath (#19182)

The sentryTanstackStart Vite plugin is now exported from a dedicated subpath. Update your import:
```
- import { sentryTanstackStart } from 'sentry/tanstackstart-react';
+ import { sentryTanstackStart } from 'sentry/tanstackstart-react/vite';
```
fix(node-core): Reduce bundle size by removing apm-js-collab and requiring pino >= 9.10 (#18631)

In order to keep receiving pino logs, you need to update your pino version to >= 9.10, the reason for the support bump is to reduce the bundle size of the node-core SDK in frameworks that cannot tree-shake the apm-js-collab dependency.
fix(browser): Ensure user id is consistently added to sessions (#19341)

Previously, the SDK inconsistently set the user id on sessions, meaning sessions were often lacking proper coupling to the user set for example via Sentry.setUser().
Additionally, the SDK incorrectly skipped starting a new session for the first soft navigation after the pageload.
This patch fixes these issues. As a result, metrics around sessions, like "Crash Free Sessions" or "Crash Free Users" might change.
This could also trigger alerts, depending on your set thresholds and conditions.
We apologize for any inconvenience caused!

While we're at it, if you're using Sentry in a Single Page App or meta framework, you might want to give the new 'page' session lifecycle a try!
This new mode no longer creates a session per soft navigation but continues the initial session until the next hard page refresh.
Check out the docs to learn more!
ref!(gatsby): Drop Gatsby v2 support (#19467)

We drop support for Gatsby v2 (which still relies on webpack 4) for a critical security update in https://github.com/getsentry/sentry-javascript-bundler-plugins/releases/tag/5.0.0

Other Changes

feat(astro): Add support for Astro on CF Workers (#19265)
feat(cloudflare): Instrument async KV API (#19404)
feat(core): Add framework-agnostic tunnel handler (#18892)
feat(deno): Export logs API from Deno SDK (#19313)
feat(deno): Export metrics API from Deno SDK (#19305)
feat(deno): instrument Deno.serve with async context support (#19230)
feat(deps): bump babel-loader from 8.2.5 to 10.0.0 (#19303)
feat(deps): bump body-parser from 1.20.4 to 2.2.2 (#19191)
feat(deps): Bump hono from 4.11.7 to 4.11.10 (#19440)
feat(deps): bump qs from 6.14.1 to 6.14.2 (#19310)
feat(deps): bump the opentelemetry group with 4 updates (#19425)
feat(feedback): Add setTheme() to dynamically update feedback widget color scheme (#19430)
feat(nextjs): Add sourcemaps.filesToDeleteAfterUpload as a top-level option (#19280)
feat(node): Add ignoreConnectSpans option to postgresIntegration (#19291)
feat(node): Bump to latest fastify/otel (#19452)
fix: Bump bundler plugins to v5 (#19468)
fix: updated the codecov config (#19350)
fix(aws-serverless): Prevent crash in isPromiseAllSettledResult with null/undefined array elements (#19346)
fix(bun) Export pinoIntegration from sentry/node (#17990)
fix(core,browser): Delete SentryNonRecordingSpan from fetch/xhr map (#19336)
fix(core): Explicitly flush log buffer in client.close() (#19371)
fix(core): Langgraph state graph invoke accepts null to resume (#19374)
fix(core): Wrap decodeURI in node stack trace parser to handle malformed URIs (#19400)
fix(deps): Bump nuxt devDependency to fix CVE-2026-24001 (#19249)
fix(deps): Bump to latest version of each minimatch major (#19486)
fix(nextjs): Apply environment from options if set (#19274)
fix(nextjs): Don't set sentry.drop_transaction attribute on spans when skipOpenTelemetrySetup is enabled (#19333)
fix(nextjs): Normalize trailing slashes in App Router route parameterization (#19365)
fix(nextjs): Return correct lastEventId for SSR pages (#19240)
fix(nextjs): Set parameterized transaction name for non-transaction events (#19316)
fix(node-core): Align pino mechanism type with spec conventions (#19363)
fix(nuxt): Use options.rootDir instead of options.srcDir (#19343)

Internal Changes

- test(nextjs): Add bun e2e test app ([#19318](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19318)) - test(nextjs): Deactivate canary test for cf-workers ([#19483](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19483)) - tests(langchain): Fix langchain v1 internal error tests ([#19409](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19409)) - ref(nuxt): Remove `defineNitroPlugin` wrapper ([#19334](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19334)) - ref(cloudflare): Move internal files and functions around ([#19369](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19369)) - chore: Add external contributor to CHANGELOG.md ([#19395](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19395)) - chore: Add github action to notify stale PRs ([#19361](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19361)) - chore: add oxfmt changes to blame ignore rev list ([#19366](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19366)) - chore: Enhance AI integration guidelines with runtime-specific placem… ([#19296](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19296)) - chore: Ignore `lerna.json` for prettier ([#19288](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19288)) - chore: migrate to oxfmt ([#19200](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19200)) - chore: Revert to lerna v8 ([#19294](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19294)) - chore: Unignore HTML files and reformat with oxfmt ([#19311](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19311)) - chore(ci): Adapt max turns of triage issue agent ([#19473](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19473)) - chore(ci): Add `environment` to triage action ([#19375](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19375)) - chore(ci): Add `id-token: write` permission to triage workflow ([#19381](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19381)) - chore(ci): Move monorepo to nx ([#19325](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19325)) - chore(cursor): Add rules for fetching develop docs ([#19377](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19377)) - chore(deps-dev): Bump sveltejs/kit from 2.49.5 to 2.52.2 in /dev-packages/e2e-tests/test-applications/sveltekit-2 ([#19441](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19441)) - chore(deps-dev): Bump sveltejs/kit from 2.49.5 to 2.52.2 in /dev-packages/e2e-tests/test-applications/sveltekit-2-kit-tracing ([#19446](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19446)) - chore(deps-dev): Bump sveltejs/kit from 2.49.5 to 2.52.2 in /dev-packages/e2e-tests/test-applications/sveltekit-cloudflare-pages ([#19462](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19462)) - chore(deps-dev): Bump sveltejs/kit from 2.50.1 to 2.52.2 ([#19442](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19442)) - chore(deps-dev): bump testing-library/react from 13.0.0 to 15.0.5 ([#19194](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19194)) - chore(deps-dev): bump types/ember__debug from 3.16.5 to 4.0.8 ([#19429](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19429)) - chore(deps-dev): bump ember-resolver from 13.0.2 to 13.1.1 ([#19301](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19301)) - chore(deps): Bump actions/glob from 0.4.0 to 0.6.1 ([#19427](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19427)) - chore(deps): bump agents from 0.2.32 to 0.3.10 in /dev-packages/e2e-tests/test-applications/cloudflare-mcp ([#19326](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19326)) - chore(deps): Bump hono from 4.11.7 to 4.11.10 in /dev-packages/e2e-tests/test-applications/cloudflare-hono ([#19438](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19438)) - chore(deps): Bump Sentry CLI to latest v2 ([#19477](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19477)) - chore(deps): Bump transitive dep `fast-xml-parser` ([#19433](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19433)) - chore(deps): upgrade tar to 7.5.9 to fix CVE-2026-26960 ([#19445](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19445)) - chore(github): Add `allowedTools` to Claude GitHub action ([#19386](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19386)) - chore(github): Add workflow to trigger `triage-issue` skill ([#19358](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19358)) - chore(github): Add write tool for markdown report ([#19387](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19387)) - chore(github): Change tool permission path ([#19389](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19389)) - chore(llm): Add `triage-issue` skill ([#19356](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19356)) - chore(llm): Better defense against prompt injection in triage skill ([#19410](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19410)) - chore(llm): Make cross-repo search optional and remove file cleanup ([#19401](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19401)) - chore(node-core): Make sentry/opentelemetry not a peer dep in node… ([#19308](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19308)) - chore(repo): Allow WebFetch for Sentry docs in Claude settings ([#18890](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/18890)) - chore(repo): Increase number of concurrently running nx tasks ([#19443](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19443)) - chore(skills): Add security notes for injection defense ([#19379](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19379)) - chore(triage-action): Fix JSON parsing ([#19471](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19471)) - chore(triage-issue): Improve triage prompt for accuracy ([#19454](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19454)) - chore(triage-skill): Add GitHub parsing python util script ([#19405](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19405)) - chore(triage-skill): Increase `num_turns` and add script to post summary ([#19456](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19456)) - ci(fix-security-vulnerability): Add id token write permission ([#19412](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19412)) - ci(fix-security-vulnerability): Be specific about how to fetch the alert page ([#19414](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19414)) - ci(fix-security-vulnerability): Run fetch alert first before executing skill ([#19418](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19418)) - ci(fix-security-vulnerability): Use opus 4.6 ([#19416](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19416)) - ci(github): Add tilde to file path to not exact-match ([#19392](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19392)) - ci(triage-skill): Allow `Write` and remove `rm` permission ([#19397](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19397)) - ci(triage-skill): Run on opened issues ([#19423](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19423)) - docs(nuxt): Remove duplicated setup instructions ([#19422](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19422)) - feat(ci): Add security vulnerability skill action ([#19355](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19355))

Work in this release was contributed by LudvigHz and jadengis. Thank you for your contributions!

10.39.0

Important Changes

feat(tanstackstart-react): Auto-instrument server function middleware (#19001)

The sentryTanstackStart Vite plugin now automatically instruments middleware in createServerFn().middleware([...]) calls. This captures performance data without requiring manual wrapping with wrapMiddlewaresWithSentry().
feat(nextjs): New experimental automatic vercel cron monitoring (#19192)

Setting _experimental.vercelCronMonitoring to true in your Sentry configuration will automatically create Sentry cron monitors for your Vercel Cron Jobs.

Please note that this is an experimental unstable feature and subject to change.
```
// next.config.ts
export default withSentryConfig(nextConfig, {
  _experimental: {
    vercelCronMonitoring: true,
  },
});
```
feat(node-core): Add node-core/light (#18502)

This release adds a new light-weight sentry/node-core/light export to sentry/node-core. The export acts as a light-weight SDK that does not depend on OpenTelemetry and emits no spans.

Use this SDK when:
- You only need error tracking, logs or metrics without tracing data (no spans)
- You want to minimize bundle size and runtime overhead
- You don't need spans emitted by OpenTelemetry instrumentation
It supports error tracking and reporting, logs, metrics, automatic request isolation (requires Node.js 22+) and basic tracing via our Sentry.startSpan* APIs.

Install the SDK by running
```
npm install sentry/node-core
```
and add Sentry at the top of your application's entry file:
```
import * as Sentry from 'sentry/node-core/light';

Sentry.init({
  dsn: '__DSN__',
});
```

Other Changes

feat(browser): Add mode option for the browser session integration (#18997)
feat(browser): Include culture context with events (#19148)
feat(browser): Trace continuation from server-timing headers (#18673)
feat(core,cloudflare): Enable certain fields with env variables (#19245)
feat(deps): bump isaacs/brace-expansion from 5.0.0 to 5.0.1 (#19149)
feat(deps): bump sentry/bundler-plugin-core from 4.8.0 to 4.9.0 (#19190)
feat(deps): Bump glob in sentry/react-router (#19162)
feat(deps): bump hono from 4.11.1 to 4.11.7 (#19068)
feat(hono): Add base for Sentry Hono middleware (Cloudflare) (#18787)
feat(nextjs): Set cloudflare runtime (#19084)
feat(node-core): Add outgoing fetch trace propagation to light mode (#19262)
feat(react): Add lazyRouteManifest option to resolve lazy-route names (#19086)
feat(vercel-ai): Add rerank support and fix token attribute mapping (#19144)
fix(core): Avoid blocking the process for weightBasedFlushing (#19174)
fix(core): Avoid blocking the process when calling flush on empty buffer (#19062)
fix(core): Ensure partially set SDK metadata options are preserved (#19102)
fix(core): Fix truncation to only keep last message in vercel (#19080)
fix(core): Intercept .withResponse() to preserve OpenAI stream instrumentation (#19122)
fix(core): Prevent infinite recursion when event processor throws (#19110)
fix(core): Record client report with reason for HTTP 413 responses (#19093)
fix(core): Remove outdated _experiments.enableMetrics references from metrics JSDoc (#19252)
fix(core): Respect event.event_id in scope.captureEvent return value (#19113)
fix(core): use sessionId for MCP transport correlation (#19172)
fix(deps): Bump nestjs/platform-express to 11.1.13 (#19206)
fix(deps): Bump diff to 5.2.2 (#19228)
fix(deps): Bump js-yaml to 3.14.2 and 4.1.1 (#19216)
fix(deps): Bump lodash to 4.17.23 (#19211)
fix(deps): Bump mdast-util-to-hast to 13.2.1 (#19205)
fix(deps): Bump node-forge to 1.3.2 (#19183)
fix(deps): Bump react-router to 6.30.3 (#19212)
fix(deps): Bump sinon to 21.0.1 in sentry/ember (#19246)
fix(deps): Bump vite to 5.4.21 (#19214)
fix(nextjs): Expose an event id when captureUnderscoreErrorException captures an exception (#19185)
fix(nextjs): Populate SENTRY_SERVER_MODULES in Turbopack (#19231)
fix(node): Use snake_case for Fastify's request-handler op. (#18729)
fix(nuxt): Avoid logging database skip warning when debug is disabled (#19095)
fix(nuxt): Respect configured environment settings (#19243)
fix(profiling-node): 137 ABI should not be pruned for node 24 (#19236)
fix(replay): Improve error messages when compression worker fails to load (#19008)
fix(svelte): Bump svelte dev dependency to 3.59.2 (#19208)
fix(sveltekit): Detect used adapter via svelte.config.js (#19270)
fix(tanstackstart-react): Use auto.middleware.tanstackstart as middleware trace origin (#19137)
ref(core): Move shouldPropagateTraceForUrl from opentelemetry to core (#19254)
ref(core): Move shouldPropagateTraceForUrl from opentelemetry to core (#19258)
ref(sveltekit): Use untrack to read route id without invalidation (#19272)

Internal Changes

chore: Add cursor rules for AI integrations contributions (#19167)
chore: Add Makefiles for dev-packages to make it convenient to run tests (#19203)
chore: bump prettier to 3.8 (#19198)
chore(bugbot): Add rule to flag not-unref'd timers (#19082)
chore(deps-dev): bump sveltejs/kit from 2.49.5 to 2.50.1 (#19089)
chore(deps-dev): bump ts-node from 10.9.1 to 10.9.2 (#19189)
chore(deps-dev): bump vite from 3.2.11 to 5.4.21 (#19227)
chore(deps-dev): bump webpack from 5.95.0 to 5.104.1 (#19199)
chore(deps-dev): bump yaml from 2.2.2 to 2.8.2 (#19087)
chore(deps): Bump Apollo Server from v3 to v5 in integration tests (#19202)
chore(deps): Bump express in test utils + e2e apps (#19159)
chore(deps): Bump Lerna to v9 (#19244)
chore(deps): Bump mongoose in integration tests (#19175)
chore(deps): Bump solidjs to 1.9.11 to fix seroval alerts (#19150)
chore(deps): Bump webpack from 5.97.0 to 5.104.0 in ember-classic e2e test (#19239)
chore(deps): Bump webpack from 5.104.0 to 5.104.1 in ember-classic e2e test (#19247)
chore(e2e): Add banner to readme (#19138)
chore(llm): Add skill for fixing security vulnerabilities (#19178)
chore(node-core): Fix node-core integration test assertions (#19219)
ci: Ignore ticket creation for base branches other than develop/master (#19103)
ci(e2e): Remove nextjs-turbo canary tests (#19118)
ref: Removes unused eslint rule (via yarn fix) (#19266)
test(e2e): Bump nextjs-t3 to next 15 (#19130)
test(e2e): Migrate test app nextjs-turbo into nextjs-15 (#19107)

Work in this release was contributed by limbonaut and rfoel. Thank you for your contributions!

The sentryTanstackStart Vite plugin now automatically instruments middleware arrays in createFileRoute(). This captures performance data without requiring manual wrapping with wrapMiddlewaresWithSentry().

Full CHANGELOG.md diff

 -4,13 +4,286 
 
 - "You miss 100 percent of the chances you don't take. — Wayne Gretzky" — Michael Scott
 
+## 10.40.0
+
+### Important Changes
+
+- **feat(tanstackstart-react): Add global sentry exception middlewares ([#19330](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19330))**
+
+  The `sentryGlobalRequestMiddleware` and `sentryGlobalFunctionMiddleware` global middlewares capture unhandled exceptions thrown in TanStack Start API routes and server functions. Add them as the first entries in the `requestMiddleware` and `functionMiddleware` arrays of `createStart()`:
+
+  ```ts
+  import { createStart } from 'tanstack/react-start/server';
+  import { sentryGlobalRequestMiddleware, sentryGlobalFunctionMiddleware } from 'sentry/tanstackstart-react/server';
+
+  export default createStart({
+    requestMiddleware: [sentryGlobalRequestMiddleware, myRequestMiddleware],
+    functionMiddleware: [sentryGlobalFunctionMiddleware, myFunctionMiddleware],
+  });
+  ```
+
+- **feat(tanstackstart-react)!: Export Vite plugin from `sentry/tanstackstart-react/vite` subpath ([#19182](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19182))**
+
+  The `sentryTanstackStart` Vite plugin is now exported from a dedicated subpath. Update your import:
+
+  ```diff
+  - import { sentryTanstackStart } from 'sentry/tanstackstart-react';
+  + import { sentryTanstackStart } from 'sentry/tanstackstart-react/vite';
+  ```
+
+- **fix(node-core): Reduce bundle size by removing apm-js-collab and requiring pino >= 9.10 ([#18631](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/18631))**
+
+  In order to keep receiving pino logs, you need to update your pino version to >= 9.10, the reason for the support bump is to reduce the bundle size of the node-core SDK in frameworks that cannot tree-shake the apm-js-collab dependency.
+
+- **fix(browser): Ensure user id is consistently added to sessions ([#19341](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19341))**
+
+  Previously, the SDK inconsistently set the user id on sessions, meaning sessions were often lacking proper coupling to the user set for example via `Sentry.setUser()`.
+  Additionally, the SDK incorrectly skipped starting a new session for the first soft navigation after the pageload.
+  This patch fixes these issues. As a result, metrics around sessions, like "Crash Free Sessions" or "Crash Free Users" might change.
+  This could also trigger alerts, depending on your set thresholds and conditions.
+  We apologize for any inconvenience caused!
+
+  While we're at it, if you're using Sentry in a Single Page App or meta framework, you might want to give the new `'page'` session lifecycle a try!
+  This new mode no longer creates a session per soft navigation but continues the initial session until the next hard page refresh.
+  Check out the [docs](https://docs.sentry.io/platforms/javascript/guides/nextjs/configuration/integrations/browsersession/) to learn more!
+
+- **ref!(gatsby): Drop Gatsby v2 support ([#19467](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19467))**
+
+  We drop support for Gatsby v2 (which still relies on webpack 4) for a critical security update in https://github.com/getsentry/sentry-javascript-bundler-plugins/releases/tag/5.0.0
+
+### Other Changes
+
+- feat(astro): Add support for Astro on CF Workers ([#19265](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19265))
+- feat(cloudflare): Instrument async KV API ([#19404](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19404))
+- feat(core): Add framework-agnostic tunnel handler ([#18892](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/18892))
+- feat(deno): Export logs API from Deno SDK ([#19313](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19313))
+- feat(deno): Export metrics API from Deno SDK ([#19305](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19305))
+- feat(deno): instrument Deno.serve with async context support ([#19230](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19230))
+- feat(deps): bump babel-loader from 8.2.5 to 10.0.0 ([#19303](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19303))
+- feat(deps): bump body-parser from 1.20.4 to 2.2.2 ([#19191](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19191))
+- feat(deps): Bump hono from 4.11.7 to 4.11.10 ([#19440](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19440))
+- feat(deps): bump qs from 6.14.1 to 6.14.2 ([#19310](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19310))
+- feat(deps): bump the opentelemetry group with 4 updates ([#19425](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19425))
+- feat(feedback): Add `setTheme()` to dynamically update feedback widget color scheme ([#19430](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19430))
+- feat(nextjs): Add `sourcemaps.filesToDeleteAfterUpload` as a top-level option ([#19280](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19280))
+- feat(node): Add `ignoreConnectSpans` option to `postgresIntegration` ([#19291](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19291))
+- feat(node): Bump to latest fastify/otel ([#19452](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19452))
+- fix: Bump bundler plugins to v5 ([#19468](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19468))
+- fix: updated the codecov config ([#19350](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19350))
+- fix(aws-serverless): Prevent crash in` isPromiseAllSettledResult` with null/undefined array elements ([#19346](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19346))
+- fix(bun) Export pinoIntegration from sentry/node ([#17990](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/17990))
+- fix(core,browser): Delete SentryNonRecordingSpan from fetch/xhr map ([#19336](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19336))
+- fix(core): Explicitly flush log buffer in `client.close()` ([#19371](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19371))
+- fix(core): Langgraph state graph invoke accepts null to resume ([#19374](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19374))
+- fix(core): Wrap decodeURI in node stack trace parser to handle malformed URIs ([#19400](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19400))
+- fix(deps): Bump nuxt devDependency to fix CVE-2026-24001 ([#19249](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19249))
+- fix(deps): Bump to latest version of each minimatch major ([#19486](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19486))
+- fix(nextjs): Apply environment from `options` if set ([#19274](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19274))
+- fix(nextjs): Don't set `sentry.drop_transaction` attribute on spans when `skipOpenTelemetrySetup` is enabled ([#19333](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19333))
+- fix(nextjs): Normalize trailing slashes in App Router route parameterization ([#19365](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19365))
+- fix(nextjs): Return correct lastEventId for SSR pages ([#19240](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19240))
+- fix(nextjs): Set parameterized transaction name for non-transaction events ([#19316](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19316))
+- fix(node-core): Align pino mechanism type with spec conventions ([#19363](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19363))
+- fix(nuxt): Use `options.rootDir` instead of `options.srcDir` ([#19343](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19343))
+
+<details>
+  <summary><strong>Internal Changes</strong></summary>
+- test(nextjs): Add bun e2e test app ([#19318](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19318))
+- test(nextjs): Deactivate canary test for cf-workers ([#19483](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19483))
+- tests(langchain): Fix langchain v1 internal error tests ([#19409](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19409))
+- ref(nuxt): Remove `defineNitroPlugin` wrapper ([#19334](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19334))
+- ref(cloudflare): Move internal files and functions around ([#19369](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19369))
+- chore: Add external contributor to CHANGELOG.md ([#19395](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19395))
+- chore: Add github action to notify stale PRs ([#19361](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19361))
+- chore: add oxfmt changes to blame ignore rev list ([#19366](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19366))
+- chore: Enhance AI integration guidelines with runtime-specific placem… ([#19296](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19296))
+- chore: Ignore `lerna.json` for prettier ([#19288](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19288))
+- chore: migrate to oxfmt ([#19200](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19200))
+- chore: Revert to lerna v8 ([#19294](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19294))
+- chore: Unignore HTML files and reformat with oxfmt ([#19311](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19311))
+- chore(ci): Adapt max turns of triage issue agent ([#19473](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19473))
+- chore(ci): Add `environment` to triage action ([#19375](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19375))
+- chore(ci): Add `id-token: write` permission to triage workflow ([#19381](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19381))
+- chore(ci): Move monorepo to nx ([#19325](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19325))
+- chore(cursor): Add rules for fetching develop docs ([#19377](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19377))
+- chore(deps-dev): Bump sveltejs/kit from 2.49.5 to 2.52.2 in /dev-packages/e2e-tests/test-applications/sveltekit-2 ([#19441](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19441))
+- chore(deps-dev): Bump sveltejs/kit from 2.49.5 to 2.52.2 in /dev-packages/e2e-tests/test-applications/sveltekit-2-kit-tracing ([#19446](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19446))
+- chore(deps-dev): Bump sveltejs/kit from 2.49.5 to 2.52.2 in /dev-packages/e2e-tests/test-applications/sveltekit-cloudflare-pages ([#19462](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19462))
+- chore(deps-dev): Bump sveltejs/kit from 2.50.1 to 2.52.2 ([#19442](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19442))
+- chore(deps-dev): bump testing-library/react from 13.0.0 to 15.0.5 ([#19194](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19194))
+- chore(deps-dev): bump types/ember__debug from 3.16.5 to 4.0.8 ([#19429](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19429))
+- chore(deps-dev): bump ember-resolver from 13.0.2 to 13.1.1 ([#19301](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19301))
+- chore(deps): Bump actions/glob from 0.4.0 to 0.6.1 ([#19427](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19427))
+- chore(deps): bump agents from 0.2.32 to 0.3.10 in /dev-packages/e2e-tests/test-applications/cloudflare-mcp ([#19326](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19326))
+- chore(deps): Bump hono from 4.11.7 to 4.11.10 in /dev-packages/e2e-tests/test-applications/cloudflare-hono ([#19438](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19438))
+- chore(deps): Bump Sentry CLI to latest v2 ([#19477](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19477))
+- chore(deps): Bump transitive dep `fast-xml-parser` ([#19433](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19433))
+- chore(deps): upgrade tar to 7.5.9 to fix CVE-2026-26960 ([#19445](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19445))
+- chore(github): Add `allowedTools` to Claude GitHub action ([#19386](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19386))
+- chore(github): Add workflow to trigger `triage-issue` skill ([#19358](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19358))
+- chore(github): Add write tool for markdown report ([#19387](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19387))
+- chore(github): Change tool permission path ([#19389](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19389))
+- chore(llm): Add `triage-issue` skill ([#19356](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19356))
+- chore(llm): Better defense against prompt injection in triage skill ([#19410](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19410))
+- chore(llm): Make cross-repo search optional and remove file cleanup ([#19401](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19401))
+- chore(node-core): Make sentry/opentelemetry not a peer dep in node… ([#19308](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19308))
+- chore(repo): Allow WebFetch for Sentry docs in Claude settings ([#18890](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/18890))
+- chore(repo): Increase number of concurrently running nx tasks ([#19443](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19443))
+- chore(skills): Add security notes for injection defense ([#19379](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19379))
+- chore(triage-action): Fix JSON parsing ([#19471](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19471))
+- chore(triage-issue): Improve triage prompt for accuracy ([#19454](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19454))
+- chore(triage-skill): Add GitHub parsing python util script ([#19405](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19405))
+- chore(triage-skill): Increase `num_turns` and add script to post summary ([#19456](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19456))
+- ci(fix-security-vulnerability): Add id token write permission ([#19412](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19412))
+- ci(fix-security-vulnerability): Be specific about how to fetch the alert page ([#19414](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19414))
+- ci(fix-security-vulnerability): Run fetch alert first before executing skill ([#19418](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19418))
+- ci(fix-security-vulnerability): Use opus 4.6 ([#19416](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19416))
+- ci(github): Add tilde to file path to not exact-match ([#19392](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19392))
+- ci(triage-skill): Allow `Write` and remove `rm` permission ([#19397](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19397))
+- ci(triage-skill): Run on opened issues ([#19423](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19423))
+- docs(nuxt): Remove duplicated setup instructions ([#19422](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19422))
+- feat(ci): Add security vulnerability skill action ([#19355](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19355))
+</details>
+
+Work in this release was contributed by LudvigHz and jadengis. Thank you for your contributions!
+
+## 10.39.0
+
+### Important Changes
+
+- **feat(tanstackstart-react): Auto-instrument server function middleware ([#19001](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19001))**
+
+  The `sentryTanstackStart` Vite plugin now automatically instruments middleware in `createServerFn().middleware([...])` calls. This captures performance data without requiring manual wrapping with `wrapMiddlewaresWithSentry()`.
+
+- **feat(nextjs): New experimental automatic vercel cron monitoring ([#19192](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19192))**
+
+  Setting `_experimental.vercelCronMonitoring` to `true` in your Sentry configuration will automatically create Sentry cron monitors for your Vercel Cron Jobs.
+
+  Please note that this is an experimental unstable feature and subject to change.
+
+  ```ts
+  // next.config.ts
+  export default withSentryConfig(nextConfig, {
+    _experimental: {
+      vercelCronMonitoring: true,
+    },
+  });
+  ```
+
+- **feat(node-core): Add node-core/light ([#18502](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/18502))**
+
+  This release adds a new light-weight `sentry/node-core/light` export to `sentry/node-core`. The export acts as a light-weight SDK that does not depend on OpenTelemetry and emits no spans.
+
+  Use this SDK when:
+  - You only need error tracking, logs or metrics without tracing data (no spans)
+  - You want to minimize bundle size and runtime overhead
+  - You don't need spans emitted by OpenTelemetry instrumentation
+
+  It supports error tracking and reporting, logs, metrics, automatic request isolation (requires Node.js 22+) and basic tracing via our `Sentry.startSpan*` APIs.
+
+  Install the SDK by running
+
+  ```bash
+  npm install sentry/node-core
+  ```
+
+  and add Sentry at the top of your application's entry file:
+
+  ```js
+  import * as Sentry from 'sentry/node-core/light';
+
+  Sentry.init({
+    dsn: '__DSN__',
+  });
+  ```
+
+### Other Changes
+
+- feat(browser): Add mode option for the browser session integration ([#18997](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/18997))
+- feat(browser): Include culture context with events ([#19148](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19148))
+- feat(browser): Trace continuation from server-timing headers ([#18673](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/18673))
+- feat(core,cloudflare): Enable certain fields with env variables ([#19245](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19245))
+- feat(deps): bump isaacs/brace-expansion from 5.0.0 to 5.0.1 ([#19149](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19149))
+- feat(deps): bump sentry/bundler-plugin-core from 4.8.0 to 4.9.0 ([#19190](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19190))
+- feat(deps): Bump `glob` in `sentry/react-router` ([#19162](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19162))
+- feat(deps): bump hono from 4.11.1 to 4.11.7 ([#19068](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19068))
+- feat(hono): Add base for Sentry Hono middleware (Cloudflare) ([#18787](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/18787))
+- feat(nextjs): Set cloudflare runtime ([#19084](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19084))
+- feat(node-core): Add outgoing fetch trace propagation to light mode ([#19262](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19262))
+- feat(react): Add `lazyRouteManifest` option to resolve lazy-route names ([#19086](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19086))
+- feat(vercel-ai): Add rerank support and fix token attribute mapping ([#19144](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19144))
+- fix(core): Avoid blocking the process for weightBasedFlushing ([#19174](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19174))
+- fix(core): Avoid blocking the process when calling `flush` on empty buffer ([#19062](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19062))
+- fix(core): Ensure partially set SDK metadata options are preserved ([#19102](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19102))
+- fix(core): Fix truncation to only keep last message in vercel ([#19080](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19080))
+- fix(core): Intercept .withResponse() to preserve OpenAI stream instrumentation ([#19122](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19122))
+- fix(core): Prevent infinite recursion when event processor throws ([#19110](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19110))
+- fix(core): Record client report with reason for HTTP 413 responses ([#19093](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19093))
+- fix(core): Remove outdated `_experiments.enableMetrics` references from metrics JSDoc ([#19252](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19252))
+- fix(core): Respect event.event_id in scope.captureEvent return value ([#19113](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19113))
+- fix(core): use sessionId for MCP transport correlation ([#19172](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19172))
+- fix(deps): Bump `nestjs/platform-express` to `11.1.13` ([#19206](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19206))
+- fix(deps): Bump diff to 5.2.2 ([#19228](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19228))
+- fix(deps): Bump js-yaml to 3.14.2 and 4.1.1 ([#19216](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19216))
+- fix(deps): Bump lodash to 4.17.23 ([#19211](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19211))
+- fix(deps): Bump mdast-util-to-hast to 13.2.1 ([#19205](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19205))
+- fix(deps): Bump node-forge to 1.3.2 ([#19183](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19183))
+- fix(deps): Bump react-router to 6.30.3 ([#19212](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19212))
+- fix(deps): Bump sinon to `21.0.1` in `sentry/ember` ([#19246](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19246))
+- fix(deps): Bump vite to 5.4.21 ([#19214](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19214))
+- fix(nextjs): Expose an event id when `captureUnderscoreErrorException` captures an exception ([#19185](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19185))
+- fix(nextjs): Populate **SENTRY_SERVER_MODULES** in Turbopack ([#19231](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19231))
+- fix(node): Use snake_case for Fastify's `request-handler` op. ([#18729](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/18729))
+- fix(nuxt): Avoid logging database skip warning when `debug` is disabled ([#19095](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19095))
+- fix(nuxt): Respect configured environment settings ([#19243](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19243))
+- fix(profiling-node): 137 ABI should not be pruned for node 24 ([#19236](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19236))
+- fix(replay): Improve error messages when compression worker fails to load ([#19008](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19008))
+- fix(svelte): Bump svelte dev dependency to `3.59.2` ([#19208](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19208))
+- fix(sveltekit): Detect used adapter via `svelte.config.js` ([#19270](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19270))
+- fix(tanstackstart-react): Use `auto.middleware.tanstackstart` as middleware trace origin ([#19137](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19137))
+- ref(core): Move `shouldPropagateTraceForUrl` from opentelemetry to core ([#19254](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19254))
+- ref(core): Move shouldPropagateTraceForUrl from opentelemetry to core ([#19258](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19258))
+- ref(sveltekit): Use `untrack` to read route id without invalidation ([#19272](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19272))
+
+<details>
+  <summary><strong>Internal Changes</strong></summary>
+
+- chore: Add cursor rules for AI integrations contributions ([#19167](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19167))
+- chore: Add Makefiles for dev-packages to make it convenient to run tests ([#19203](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19203))
+- chore: bump prettier to 3.8 ([#19198](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19198))
+- chore(bugbot): Add rule to flag not-unref'd timers ([#19082](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19082))
+- chore(deps-dev): bump sveltejs/kit from 2.49.5 to 2.50.1 ([#19089](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19089))
+- chore(deps-dev): bump ts-node from 10.9.1 to 10.9.2 ([#19189](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19189))
+- chore(deps-dev): bump vite from 3.2.11 to 5.4.21 ([#19227](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19227))
+- chore(deps-dev): bump webpack from 5.95.0 to 5.104.1 ([#19199](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19199))
+- chore(deps-dev): bump yaml from 2.2.2 to 2.8.2 ([#19087](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19087))
+- chore(deps): Bump Apollo Server from v3 to v5 in integration tests ([#19202](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19202))
+- chore(deps): Bump express in test utils + e2e apps ([#19159](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19159))
+- chore(deps): Bump Lerna to v9 ([#19244](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19244))
+- chore(deps): Bump mongoose in integration tests ([#19175](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19175))
+- chore(deps): Bump solidjs to 1.9.11 to fix `seroval` alerts ([#19150](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19150))
+- chore(deps): Bump webpack from 5.97.0 to 5.104.0 in ember-classic e2e test ([#19239](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19239))
+- chore(deps): Bump webpack from 5.104.0 to 5.104.1 in ember-classic e2e test ([#19247](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19247))
+- chore(e2e): Add banner to readme ([#19138](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19138))
+- chore(llm): Add skill for fixing security vulnerabilities ([#19178](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19178))
+- chore(node-core): Fix node-core integration test assertions ([#19219](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19219))
+- ci: Ignore ticket creation for base branches other than develop/master ([#19103](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19103))
+- ci(e2e): Remove `nextjs-turbo` canary tests ([#19118](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19118))
+- ref: Removes unused eslint rule (via yarn fix) ([#19266](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19266))
+- test(e2e): Bump `nextjs-t3` to next 15 ([#19130](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19130))
+- test(e2e): Migrate test app `nextjs-turbo` into `nextjs-15` ([#19107](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19107))
+
+</details>
+
+Work in this release was contributed by limbonaut and rfoel. Thank you for your contributions!
+
 ## 10.38.0
 
 ### Important Changes
 
 - **feat(tanstackstart-react): Auto-instrument request middleware ([#18989](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/18989))**
 
-The `sentryTanstackStart` Vite plugin now automatically instruments `middleware` arrays in `createFileRoute()`. This captures performance data without requiring manual wrapping with `wrapMiddlewaresWithSentry()`.
+  The `sentryTanstackStart` Vite plugin now automatically instruments `middleware` arrays in `createFileRoute()`. This captures performance data without requiring manual wrapping with `wrapMiddlewaresWithSentry()`.
 
 ### Other Changes

github-actions bot force-pushed the deps/scripts/update-javascript.sh branch from 30c19d1 to d0dc5df Compare February 17, 2026 04:51

github-actions bot added the dependencies label Feb 17, 2026

github-actions bot force-pushed the deps/scripts/update-javascript.sh branch from d0dc5df to 8404ad9 Compare February 17, 2026 04:53

chore: update scripts/update-javascript.sh to 10.40.0

a1f012d

github-actions bot force-pushed the deps/scripts/update-javascript.sh branch from 8404ad9 to a1f012d Compare February 25, 2026 04:52

github-actions bot changed the title ~~chore(deps): update JavaScript SDK to v10.39.0~~ chore(deps): update JavaScript SDK to v10.40.0 Feb 25, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update JavaScript SDK to v10.40.0#2

chore(deps): update JavaScript SDK to v10.40.0#2
github-actions[bot] wants to merge 1 commit intomainfrom
deps/scripts/update-javascript.sh

github-actions bot commented Feb 17, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

github-actions bot commented Feb 17, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Changelog

10.40.0

Important Changes

Other Changes

10.39.0

Important Changes

Other Changes

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

github-actions bot commented Feb 17, 2026 •

edited

Loading