Bumps scripts/update-javascript.sh from 10.18.0 to 10.42.0.

Auto-generated by a dependency updater.

Changelog

10.42.0

• feat(consola): Enhance Consola integration to extract first-param object as searchable attributes (#19534)
• fix(astro): Do not inject withSentry into Cloudflare Pages (#19558)
• fix(core): Do not remove promiseBuffer entirely (#19592)
• fix(deps): Bump fast-xml-parser to 4.5.4 for CVE-2026-25896 (#19588)
• fix(react-router): Set correct transaction name when navigating with object argument (#19590)
• ref(nuxt): Use addVitePlugin instead of deprecated vite:extendConfig (#19464)

10.41.0

Important Changes

• feat(core,cloudflare,deno): Add instrumentPostgresJsSql instrumentation (#19566)

  Added a new instrumentation helper for the postgres (postgres.js) library, designed for
  SDKs that are not based on OpenTelemetry (e.g. Cloudflare, Deno). This wraps a postgres.js sql tagged template instance so that
  all queries automatically create Sentry spans.

  import postgres from 'postgres';
  import * as Sentry from 'sentry/cloudflare'; // or 'sentry/deno'
  
  export default Sentry.withSentry(env => ({ dsn: '__DSN__' }), {
    async fetch(request, env, ctx) {
      const sql = Sentry.instrumentPostgresJsSql(postgres(env.DATABASE_URL));
  
      // All queries now create Sentry spans
      const users = await sql`SELECT * FROM users WHERE id = ${userId}`;
      return Response.json(users);
    },
  });

  The instrumentation is available in sentry/core, sentry/cloudflare, and sentry/deno.

• feat(nextjs): Add Turbopack support for thirdPartyErrorFilterIntegration (#19542)

  We added experimental support for the thirdPartyErrorFilterIntegration with Turbopack builds.

  This feature requires Next.js 16+ and is currently behind an experimental flag:

  // next.config.ts
  import { withSentryConfig } from 'sentry/nextjs';
  
  export default withSentryConfig(nextConfig, {
    _experimental: {
      turbopackApplicationKey: 'my-app-key',
    },
  });

  Then configure the integration in your client instrumentation file with a matching key:

  // instrumentation-client.ts
  import * as Sentry from 'sentry/nextjs';
  
  Sentry.init({
    integrations: [
      Sentry.thirdPartyErrorFilterIntegration({
        filterKeys: ['my-app-key'],
        behaviour: 'apply-tag-if-exclusively-contains-third-party-frames',
      }),
    ],
  });

Other Changes

• feat(core,cloudflare): Add dispose to the client for proper cleanup (#19506)
• feat(deps): Bump rxjs from 7.8.1 to 7.8.2 (#19545)
• feat(nextjs): Use not: foreign condition in turbopack loaders (#19502)
• feat(react-router): Include middleware function names and indices (#19109)
• fix(consola): Normalize extra keys from consola (#19511)
• fix(core): Improve message truncation for multimodal content and normalize streaming span names (#19500)
• fix(core): Strip inline media from multimodal content before stringification (#19540)
• fix(deps): Bump transitive rollup deps to patch CVE-2026-27606 (#19565)
• fix(langchain): Use runName argument in handleChainStart to fix unknown_chain spans (#19554)
• fix(nestjs): Improve control flow exception filtering (#19524)
• fix(tanstackstart-react): Flush events in server entry point for serverless environments (#19513)
• fix(vue): Avoid triggering deprecated next callback from router instrumentation (#19476)

Work in this release was contributed by YevheniiKotyrlo. Thank you for your contribution!

10.40.0

Important Changes

• feat(tanstackstart-react): Add global sentry exception middlewares (#19330)

  The sentryGlobalRequestMiddleware and sentryGlobalFunctionMiddleware global middlewares capture unhandled exceptions thrown in TanStack Start API routes and server functions. Add them as the first entries in the requestMiddleware and functionMiddleware arrays of createStart():

  import { createStart } from 'tanstack/react-start/server';
  import { sentryGlobalRequestMiddleware, sentryGlobalFunctionMiddleware } from 'sentry/tanstackstart-react/server';
  
  export default createStart({
    requestMiddleware: [sentryGlobalRequestMiddleware, myRequestMiddleware],
    functionMiddleware: [sentryGlobalFunctionMiddleware, myFunctionMiddleware],
  });

• feat(tanstackstart-react)!: Export Vite plugin from sentry/tanstackstart-react/vite subpath (#19182)

  The sentryTanstackStart Vite plugin is now exported from a dedicated subpath. Update your import:

  - import { sentryTanstackStart } from 'sentry/tanstackstart-react';
  + import { sentryTanstackStart } from 'sentry/tanstackstart-react/vite';

• fix(node-core): Reduce bundle size by removing apm-js-collab and requiring pino >= 9.10 (#18631)

  In order to keep receiving pino logs, you need to update your pino version to >= 9.10, the reason for the support bump is to reduce the bundle size of the node-core SDK in frameworks that cannot tree-shake the apm-js-collab dependency.

• fix(browser): Ensure user id is consistently added to sessions (#19341)

  Previously, the SDK inconsistently set the user id on sessions, meaning sessions were often lacking proper coupling to the user set for example via Sentry.setUser().
  Additionally, the SDK incorrectly skipped starting a new session for the first soft navigation after the pageload.
  This patch fixes these issues. As a result, metrics around sessions, like "Crash Free Sessions" or "Crash Free Users" might change.
  This could also trigger alerts, depending on your set thresholds and conditions.
  We apologize for any inconvenience caused!

  While we're at it, if you're using Sentry in a Single Page App or meta framework, you might want to give the new 'page' session lifecycle a try!
  This new mode no longer creates a session per soft navigation but continues the initial session until the next hard page refresh.
  Check out the docs to learn more!

• ref!(gatsby): Drop Gatsby v2 support (#19467)

  We drop support for Gatsby v2 (which still relies on webpack 4) for a critical security update in https://github.com/getsentry/sentry-javascript-bundler-plugins/releases/tag/5.0.0

Other Changes

• feat(astro): Add support for Astro on CF Workers (#19265)
• feat(cloudflare): Instrument async KV API (#19404)
• feat(core): Add framework-agnostic tunnel handler (#18892)
• feat(deno): Export logs API from Deno SDK (#19313)
• feat(deno): Export metrics API from Deno SDK (#19305)
• feat(deno): instrument Deno.serve with async context support (#19230)
• feat(deps): bump babel-loader from 8.2.5 to 10.0.0 (#19303)
• feat(deps): bump body-parser from 1.20.4 to 2.2.2 (#19191)
• feat(deps): Bump hono from 4.11.7 to 4.11.10 (#19440)
• feat(deps): bump qs from 6.14.1 to 6.14.2 (#19310)
• feat(deps): bump the opentelemetry group with 4 updates (#19425)
• feat(feedback): Add setTheme() to dynamically update feedback widget color scheme (#19430)
• feat(nextjs): Add sourcemaps.filesToDeleteAfterUpload as a top-level option (#19280)
• feat(node): Add ignoreConnectSpans option to postgresIntegration (#19291)
• feat(node): Bump to latest fastify/otel (#19452)
• fix: Bump bundler plugins to v5 (#19468)
• fix: updated the codecov config (#19350)
• fix(aws-serverless): Prevent crash in isPromiseAllSettledResult with null/undefined array elements (#19346)
• fix(bun) Export pinoIntegration from sentry/node (#17990)
• fix(core,browser): Delete SentryNonRecordingSpan from fetch/xhr map (#19336)
• fix(core): Explicitly flush log buffer in client.close() (#19371)
• fix(core): Langgraph state graph invoke accepts null to resume (#19374)
• fix(core): Wrap decodeURI in node stack trace parser to handle malformed URIs (#19400)
• fix(deps): Bump nuxt devDependency to fix CVE-2026-24001 (#19249)
• fix(deps): Bump to latest version of each minimatch major (#19486)
• fix(nextjs): Apply environment from options if set (#19274)
• fix(nextjs): Don't set sentry.drop_transaction attribute on spans when skipOpenTelemetrySetup is enabled (#19333)
• fix(nextjs): Normalize trailing slashes in App Router route parameterization (#19365)
• fix(nextjs): Return correct lastEventId for SSR pages (#19240)
• fix(nextjs): Set parameterized transaction name for non-transaction events (#19316)
• fix(node-core): Align pino mechanism type with spec conventions (#19363)
• fix(nuxt): Use options.rootDir instead of options.srcDir (#19343)

Work in this release was contributed by LudvigHz and jadengis. Thank you for your contributions!

10.39.0

Important Changes

• feat(tanstackstart-react): Auto-instrument server function middleware (#19001)

  The sentryTanstackStart Vite plugin now automatically instruments middleware in createServerFn().middleware([...]) calls. This captures performance data without requiring manual wrapping with wrapMiddlewaresWithSentry().

• feat(nextjs): New experimental automatic vercel cron monitoring (#19192)

  Setting _experimental.vercelCronMonitoring to true in your Sentry configuration will automatically create Sentry cron monitors for your Vercel Cron Jobs.

  Please note that this is an experimental unstable feature and subject to change.

  // next.config.ts
  export default withSentryConfig(nextConfig, {
    _experimental: {
      vercelCronMonitoring: true,
    },
  });

• feat(node-core): Add node-core/light (#18502)

  This release adds a new light-weight sentry/node-core/light export to sentry/node-core. The export acts as a light-weight SDK that does not depend on OpenTelemetry and emits no spans.

  Use this SDK when:

  • You only need error tracking, logs or metrics without tracing data (no spans)
  • You want to minimize bundle size and runtime overhead
  • You don't need spans emitted by OpenTelemetry instrumentation

  It supports error tracking and reporting, logs, metrics, automatic request isolation (requires Node.js 22+) and basic tracing via our Sentry.startSpan* APIs.

  Install the SDK by running

  npm install sentry/node-core

  and add Sentry at the top of your application's entry file:

  import * as Sentry from 'sentry/node-core/light';
  
  Sentry.init({
    dsn: '__DSN__',
  });

Other Changes

• feat(browser): Add mode option for the browser session integration (#18997)
• feat(browser): Include culture context with events (#19148)
• feat(browser): Trace continuation from server-timing headers (#18673)
• feat(core,cloudflare): Enable certain fields with env variables (#19245)
• feat(deps): bump isaacs/brace-expansion from 5.0.0 to 5.0.1 (#19149)
• feat(deps): bump sentry/bundler-plugin-core from 4.8.0 to 4.9.0 (#19190)
• feat(deps): Bump glob in sentry/react-router (#19162)
• feat(deps): bump hono from 4.11.1 to 4.11.7 (#19068)
• feat(hono): Add base for Sentry Hono middleware (Cloudflare) (#18787)
• feat(nextjs): Set cloudflare runtime (#19084)
• feat(node-core): Add outgoing fetch trace propagation to light mode (#19262)
• feat(react): Add lazyRouteManifest option to resolve lazy-route names (#19086)
• feat(vercel-ai): Add rerank support and fix token attribute mapping (#19144)
• fix(core): Avoid blocking the process for weightBasedFlushing (#19174)
• fix(core): Avoid blocking the process when calling flush on empty buffer (#19062)
• fix(core): Ensure partially set SDK metadata options are preserved (#19102)
• fix(core): Fix truncation to only keep last message in vercel (#19080)
• fix(core): Intercept .withResponse() to preserve OpenAI stream instrumentation (#19122)
• fix(core): Prevent infinite recursion when event processor throws (#19110)
• fix(core): Record client report with reason for HTTP 413 responses (#19093)
• fix(core): Remove outdated _experiments.enableMetrics references from metrics JSDoc (#19252)
• fix(core): Respect event.event_id in scope.captureEvent return value (#19113)
• fix(core): use sessionId for MCP transport correlation (#19172)
• fix(deps): Bump nestjs/platform-express to 11.1.13 (#19206)
• fix(deps): Bump diff to 5.2.2 (#19228)
• fix(deps): Bump js-yaml to 3.14.2 and 4.1.1 (#19216)
• fix(deps): Bump lodash to 4.17.23 (#19211)
• fix(deps): Bump mdast-util-to-hast to 13.2.1 (#19205)
• fix(deps): Bump node-forge to 1.3.2 (#19183)
• fix(deps): Bump react-router to 6.30.3 (#19212)
• fix(deps): Bump sinon to 21.0.1 in sentry/ember (#19246)
• fix(deps): Bump vite to 5.4.21 (#19214)
• fix(nextjs): Expose an event id when captureUnderscoreErrorException captures an exception (#19185)
• fix(nextjs): Populate SENTRY_SERVER_MODULES in Turbopack (#19231)
• fix(node): Use snake_case for Fastify's request-handler op. (#18729)
• fix(nuxt): Avoid logging database skip warning when debug is disabled (#19095)
• fix(nuxt): Respect configured environment settings (#19243)
• fix(profiling-node): 137 ABI should not be pruned for node 24 (#19236)
• fix(replay): Improve error messages when compression worker fails to load (#19008)
• fix(svelte): Bump svelte dev dependency to 3.59.2 (#19208)
• fix(sveltekit): Detect used adapter via svelte.config.js (#19270)
• fix(tanstackstart-react): Use auto.middleware.tanstackstart as middleware trace origin (#19137)
• ref(core): Move shouldPropagateTraceForUrl from opentelemetry to core (#19254)
• ref(core): Move shouldPropagateTraceForUrl from opentelemetry to core (#19258)
• ref(sveltekit): Use untrack to read route id without invalidation (#19272)

Work in this release was contributed by limbonaut and rfoel. Thank you for your contributions!

10.38.0

Important Changes

• feat(tanstackstart-react): Auto-instrument request middleware (#18989)

  The sentryTanstackStart Vite plugin now automatically instruments middleware arrays in createFileRoute(). This captures performance data without requiring manual wrapping with wrapMiddlewaresWithSentry().

Other Changes

• feat: Use v4.8.0 bundler plugins (#18993)
• feat(browser): Add logs.metrics bundle (#19020)
• feat(browser): Add replay.logs.metrics bundle (#19021)
• feat(browser): Add tracing.replay.logs.metrics bundle (#19039)
• feat(deps): bump import-in-the-middle from 2.0.1 to 2.0.6 (#19042)
• feat(node): Add AI manual instrumentation exports to Node (#19063)
• feat(wasm): initialised sentryWasmImages for webworkers (#18812)
• fix(core): Classify custom AggregateErrors as exception groups (#19053)
• fix(nextjs): Turn off debugID injection if sourcemaps are explicitly disabled (#19010)
• fix(react): Avoid String(key) to fix Symbol conversion error (#18982)
• fix(react): Prevent lazy route handlers from updating wrong navigation span (#18898)

Work in this release was contributed by harshit078. Thank you for your contribution!

10.37.0

Important Changes

• feat(core): Introduces a new Sentry.setConversationId() API to track multi turn AI conversations across API calls. (#18909)

  You can now set a conversation ID that will be automatically applied to spans within that scope. This allows you to link traces from the same conversation together.

  import * as Sentry from 'sentry/node';
  
  // Set conversation ID for all subsequent spans
  Sentry.setConversationId('conv_abc123');
  
  // All AI spans will now include the gen_ai.conversation.id attribute
  await openai.chat.completions.create({...});

  This is particularly useful for tracking multiple AI API calls that are part of the same conversation, allowing you to analyze entire conversation flows in Sentry.
  The conversation ID is stored on the isolation scope and automatically applied to spans via the new conversationIdIntegration.

• feat(tanstackstart-react): Auto-instrument global middleware in sentryTanstackStart Vite plugin (#18844)

  The sentryTanstackStart Vite plugin now automatically instruments requestMiddleware and functionMiddleware arrays in createStart(). This captures performance data without requiring manual wrapping.

  Auto-instrumentation is enabled by default. To disable it:

  // vite.config.ts
  sentryTanstackStart({
    authToken: process.env.SENTRY_AUTH_TOKEN,
    org: 'your-org',
    project: 'your-project',
    autoInstrumentMiddleware: false,
  });

Other Changes

• feat(core): simplify truncation logic to only keep the newest message (#18906)
• feat(core): Support new client discard reason invalid (#18901)
• feat(deps): Bump OpenTelemetry instrumentations (#18934)
• feat(nextjs): Update default ignore list for sourcemaps (#18938)
• feat(node): pass prisma instrumentation options through (#18900)
• feat(nuxt): Don't run source maps related code on Nuxt "prepare" (#18936)
• feat(replay): Update client report discard reason for invalid sessions (#18796)
• feat(winston): Add customLevelMap for winston transport (#18922)
• feat(react-router): Add support for React Router instrumentation API (#18580)
• fix(astro): Do not show warnings for valid options (#18947)
• fix(core): Report well known values in gen_ai.operation.name attribute (#18925)
• fix(node-core): ignore vercel AbortError by default on unhandled rejection (#18973)
• fix(nuxt): include sentry.config.server.ts in nuxt app types (#18971)
• fix(profiling): Add platform to envelope item header (#18954)
• fix(react): Defer React Router span finalization until lazy routes load (#18881)
• ref(core): rename gen_ai.input.messages.original_length to sentry.sdk_meta.gen_ai.input.messages.original_length (#18970)
• ref(core): rename gen_ai.request.messages to gen_ai.input.messages (#18944)
• ref(core): Set system message as separate attribute (#18978)
• deps: Bump version of sentry-bundler-plugins (#18972)

Work in this release was contributed by sebws, harshit078, and fedetorre. Thank you for your contributions!

10.36.0

• feat(node): Add Prisma v7 support (#18908)
• feat(opentelemetry): Support db.system.name attribute for database spans (#18902)
• feat(deps): Bump OpenTelemetry dependencies (#18878)
• fix(core): Sanitize data URLs in http.client spans (#18896)
• fix(nextjs): Add ALS runner fallbacks for serverless environments (#18889)
• fix(node): Profiling debug ID matching

10.35.0

Important Changes

• feat(tanstackstart-react): Add sentryTanstackStart vite plugin to manage automatic source map uploads (#18712)

  You can now configure source maps upload for TanStack Start using the sentryTanstackStart Vite plugin:

  // vite.config.ts
  import { defineConfig } from 'vite';
  import { sentryTanstackStart } from 'sentry/tanstackstart-react';
  import { tanstackStart } from 'tanstack/react-start/plugin/vite';
  
  export default defineConfig({
    plugins: [
      sentryTanstackStart({
        authToken: process.env.SENTRY_AUTH_TOKEN,
        org: 'your-org',
        project: 'your-project',
      }),
      tanstackStart(),
    ],
  });

Other Changes

• feat(browser): Add CDN bundle for tracing.replay.feedback.logs.metrics (#18785)
• feat(browser): Add shim package for logs (#18831)
• feat(cloudflare): Automatically set the release id when CF_VERSION_METADATA is enabled (#18855)
• feat(core): Add ignored client report event drop reason (#18815)
• feat(logs): Add Log exports to browser and node packages (#18857)
• feat(node-core,bun): Export processSessionIntegration from node-core and add it to bun (#18852)
• fix(core): Find the correct IP address regardless their case (#18880)
• fix(core): Check for AI operation id to detect a vercelai span (#18823)
• fix(ember): Use ES5 syntax in inline vendor scripts (#18858)
• fix(fetch): Shallow-clone fetch options to prevent mutation (#18867)

Work in this release was contributed by rreckonerr. Thank you for your contribution!

10.34.0

Important Changes

• feat(core): Add option to enhance the fetch error message (#18466)

  You can now enable enhanced fetch error messages by setting the enhancedFetchErrorMessage option. When enabled, the SDK will include additional context in fetch error messages to help with debugging.

• feat(nextjs): Add routeManifestInjection option to exclude routes from client bundle (#18798)

  A new routeManifestInjection option allows you to exclude sensitive routes from being injected into the client bundle.

• feat(tanstackstart-react): Add wrapMiddlewaresWithSentry for manual middleware instrumentation (#18680)

  You can now wrap your middlewares using wrapMiddlewaresWithSentry, allowing you to trace middleware execution in your TanStack Start application.

  import { createMiddleware } from 'tanstack/react-start';
  import { wrapMiddlewaresWithSentry } from 'sentry/tanstackstart-react';
  
  const loggingMiddleware = createMiddleware({ type: 'function' }).server(async ({ next }) => {
    console.log('Request started');
    return next();
  });
  
  export const [wrappedLoggingMiddleware] = wrapMiddlewaresWithSentry({ loggingMiddleware });

Other Changes

• feat(browser): Add CDN bundle for tracing.logs.metrics (#18784)
• feat(core,node-core): Consolidate bun and node types with ServerRuntimeOptions (#18734)
• feat(nextjs): Remove tracing from generation function template (#18733)
• fix(core): Don't record outcomes for failed client reports (#18808)
• fix(deno,cloudflare): Prioritize name from params over name from options (#18800)
• fix(web-vitals): Add error handling for invalid object keys in WeakMap (#18809)

10.33.0

Important Changes

• feat(core): Apply scope attributes to metrics (#18738)

  You can now set attributes on the SDK's scopes which will be applied to all metrics as long as the respective scopes are active. For the time being, only string, number and boolean attribute values are supported.

  Sentry.getGlobalScope().setAttributes({ is_admin: true, auth_provider: 'google' });
  
  Sentry.withScope(scope => {
    scope.setAttribute('step', 'authentication');
  
    // scope attributes `is_admin`, `auth_provider` and `step` are added
    Sentry.metrics.count('clicks', 1, { attributes: { activeSince: 100 } });
    Sentry.metrics.gauge('timeSinceRefresh', 4, { unit: 'hour' });
  });
  
  // scope attributes `is_admin` and `auth_provider` are added
  Sentry.metrics.count('response_time', 283.33, { unit: 'millisecond' });

• feat(tracing): Add Vercel AI SDK v6 support (#18741)

  The Sentry SDK now supports the Vercel AI SDK v6. Tracing and error monitoring will work automatically with the new version.

• feat(wasm): Add applicationKey option for third-party error filtering (#18762)

  Adds support for applying an application key to WASM stack frames that can be then used in the thirdPartyErrorFilterIntegration for detection of first-party code.

  Usage:

  Sentry.init({
    integrations: [
      // Integration order matters: wasmIntegration needs to be before thirdPartyErrorFilterIntegration
      wasmIntegration({ applicationKey: 'your-custom-application-key' }), ←───┐
      thirdPartyErrorFilterIntegration({                                      │
        behaviour: 'drop-error-if-exclusively-contains-third-party-frames',   ├─ matching keys
        filterKeys: ['your-custom-application-key'] ←─────────────────────────┘
      }),
    ],
  });

Other Changes

• feat(cloudflare): Support propagateTraceparent (#18569)
• feat(core): Add ignoreSentryInternalFrames option to thirdPartyErrorFilterIntegration (#18632)
• feat(core): Add gen_ai.conversation.id attribute to OpenAI and LangGr… (#18703)
• feat(core): Add recordInputs/recordOutputs options to MCP server wrapper (#18600)
• feat(core): Support IPv6 hosts in the DSN (#2996) (#17708)
• feat(deps): Bump bundler plugins to ^4.6.1 (#17980)

⚠️ Changelog content truncated by 63669 characters because it was over the limit (60000) and wouldn't fit into PR description.