Skip to content

Bump the production group with 8 updates#239

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/production-e6adbb67d5
Open

Bump the production group with 8 updates#239
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/production-e6adbb67d5

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps the production group with 8 updates:

Package From To
@sentry/cloudflare 10.55.0 10.62.0
@tanstack/react-virtual 3.14.2 3.14.4
algoliasearch 5.53.0 5.55.1
hono 4.12.25 4.12.27
react 19.2.6 19.2.7
react-dom 19.2.6 19.2.7
semver 7.8.1 7.8.5
swagger-ui-react 5.32.6 5.32.8

Updates @sentry/cloudflare from 10.55.0 to 10.62.0

Release notes

Sourced from @​sentry/cloudflare's releases.

10.62.0

Important Changes

  • feat(server-runtimes): Add v7 support for vercelAiIntegration (#21613)

    The vercelAiIntegration now supports v7 of the ai package. Note that v7 is not yet supported on Cloudflare.

Other Changes

  • fix(node): Avoid failing at runtime if tracingChannel is not available (#21783)
  • fix(sveltekit): Avoid capturing preloaded 400 errors on client (#21784)

Work in this release was contributed by @​hyunbinseo. Thank you for your contribution!

  • chore(github): Update tracked packages (#21789)
  • feat(core): Add spanKindToName helper for reverse span-kind lookup (#21780)
  • ref(aws-serverless): Streamline AwsLambda instrumentation (#21758)
  • ref(node): Fix server-utils name for VercelAI integration (#21809)
  • ref(node): Streamline amqplib instrumentation (#21753)
  • ref(node): Streamline Firebase instrumentation (#21748)
  • test: Pin webpack to 5.107.0 (#21781)
  • test(e2e): Add no-browser-session lighthouse e2e test mode (#21787)
  • test(e2e): Add more test modes, pre-init and element timing (#21760)

Bundle size 📦

Path Size
@​sentry/browser 26.83 KB
@​sentry/browser - with treeshaking flags 25.3 KB
@​sentry/browser (incl. Tracing) 44.89 KB
@​sentry/browser (incl. Tracing + Span Streaming) 46.6 KB
@​sentry/browser (incl. Tracing, Profiling) 49.57 KB
@​sentry/browser (incl. Tracing, Replay) 83.22 KB
@​sentry/browser (incl. Tracing, Replay) - with treeshaking flags 73.06 KB
@​sentry/browser (incl. Tracing, Replay with Canvas) 87.8 KB
@​sentry/browser (incl. Tracing, Replay, Feedback) 100.17 KB
@​sentry/browser (incl. Feedback) 43.61 KB
@​sentry/browser (incl. sendFeedback) 31.5 KB
@​sentry/browser (incl. FeedbackAsync) 36.52 KB
@​sentry/browser (incl. Metrics) 27.87 KB
@​sentry/browser (incl. Logs) 28.11 KB
@​sentry/browser (incl. Metrics & Logs) 28.78 KB
@​sentry/react 28.59 KB
@​sentry/react (incl. Tracing) 47.15 KB

... (truncated)

Changelog

Sourced from @​sentry/cloudflare's changelog.

10.62.0

Important Changes

  • feat(server-runtimes): Add v7 support for vercelAiIntegration (#21613)

    The vercelAiIntegration now supports v7 of the ai package. Note that v7 is not yet supported on Cloudflare.

Other Changes

  • fix(node): Avoid failing at runtime if tracingChannel is not available (#21783)
  • fix(sveltekit): Avoid capturing preloaded 400 errors on client (#21784)

Work in this release was contributed by @​hyunbinseo. Thank you for your contribution!

  • chore(github): Update tracked packages (#21789)
  • feat(core): Add spanKindToName helper for reverse span-kind lookup (#21780)
  • ref(aws-serverless): Streamline AwsLambda instrumentation (#21758)
  • ref(node): Fix server-utils name for VercelAI integration (#21809)
  • ref(node): Streamline amqplib instrumentation (#21753)
  • ref(node): Streamline Firebase instrumentation (#21748)
  • test: Pin webpack to 5.107.0 (#21781)
  • test(e2e): Add no-browser-session lighthouse e2e test mode (#21787)
  • test(e2e): Add more test modes, pre-init and element timing (#21760)

10.61.0

Important Changes

  • feat(core): Enable streamGenAiSpans by default (#21732)

    The SDK now extracts all gen_ai spans out of a transaction and sends them as v2 envelope items by default. This prevents gen_ai spans from being dropped when the transaction payload exceeds size limits. Because they are no longer constrained by transaction size limits, AI message data is also no longer truncated by default. Set enableTruncation: true on the respective AI integration to re-enable truncation. To keep the previous behavior, set streamGenAiSpans: false.

    Self-hosted Sentry users should opt out with streamGenAiSpans: false, since streamed gen_ai spans may not be ingested by their Sentry instance.

Other Changes

  • feat(cloudflare): Add batch, exec, and withSession D1 instrumentation (#21292)
  • feat(cloudflare): Instrument SQL API in sqlite durable objects (#21656)
  • feat(core): Add db.query.summary functionality (#21670)
  • feat(core): Add top-level Sentry.setAttribute(s) APIs (#21705)
  • fix(hono): Name transactions after the matched route handler (#21700)
  • fix(react-router): Bump peerDependencies for react-router 8 (#21762)
  • fix(replays): Record replay trace_ids with span streaming (#21714)

... (truncated)

Commits
  • 1fc539e release: 10.62.0
  • 5ee7977 Merge pull request #21792 from getsentry/prepare-release/10.62.0
  • f36645c meta(changelog): Update changelog for 10.62.0
  • e562f94 ref(node): Streamline amqplib instrumentation (#21753)
  • e1312df ref(node): Fix server-utils name for VercelAI integration (#21809)
  • fc29e61 ref(node): Streamline Firebase instrumentation (#21748)
  • 2081179 ref(cloudflare): Revert vercelAi change (#21793)
  • 2309fb5 chore(github): Update tracked packages (#21789)
  • 3bfeb64 feat(server-runtimes): Add v7 support for vercelAiIntegration (#21613)
  • a15e2a8 fix(sveltekit): Avoid capturing preloaded 400 errors on client (#21784)
  • Additional commits viewable in compare view

Updates @tanstack/react-virtual from 3.14.2 to 3.14.4

Release notes

Sourced from @​tanstack/react-virtual's releases.

@​tanstack/react-virtual@​3.14.4

Patch Changes

@​tanstack/react-virtual@​3.14.3

Patch Changes

  • #1201 2ba5eb6 - Make directDomUpdates a no-op for direct DOM writes when containerRef is omitted. Previously the virtualizer still wrote item positions while never sizing the container (a broken half-state). Now omitting containerRef skips all direct writes while still skipping re-renders, letting consumers own the DOM updates themselves (e.g. in onChange).

  • Updated dependencies [ef69ea3]:

    • @​tanstack/virtual-core@​3.17.1
Changelog

Sourced from @​tanstack/react-virtual's changelog.

3.14.4

Patch Changes

3.14.3

Patch Changes

  • #1201 2ba5eb6 - Make directDomUpdates a no-op for direct DOM writes when containerRef is omitted. Previously the virtualizer still wrote item positions while never sizing the container (a broken half-state). Now omitting containerRef skips all direct writes while still skipping re-renders, letting consumers own the DOM updates themselves (e.g. in onChange).

  • Updated dependencies [ef69ea3]:

    • @​tanstack/virtual-core@​3.17.1
Commits
  • d73a538 ci: Version Packages (#1210)
  • 75ae896 ci: Version Packages (#1202)
  • 2ba5eb6 fix(react-virtual): make directDomUpdates a no-op without containerRef (#1201)
  • ef69ea3 fix(virtual-core): adjust scroll on first measurement during backward scroll ...
  • 932c358 test(react-virtual): add e2e test for React Compiler with directDomUpdates, b...
  • See full diff in compare view

Updates algoliasearch from 5.53.0 to 5.55.1

Release notes

Sourced from algoliasearch's releases.

5.55.1

New version released!

What's Changed

  • a676cd9cef fix(clients): bump replaceAllObjects default maxRetries from 100 to 800 (#6580) by @​Fluf22
  • a632f9fb75 fix(specs): BREAKING CHANGE – allow null records in getObjects response (#6582) by @​Fluf22
    • The getObjects operation now returns a list of nullable objects, as the API can send back null records. The clients previously only allowed a list of objects, so the response type has been updated to allow null values.

Full Changelog: algolia/algoliasearch-client-javascript@5.55.0...5.55.1

Browse the Algolia documentation

5.55.0

New version released!

What's Changed

Full Changelog: algolia/algoliasearch-client-javascript@5.54.1...5.55.0

Browse the Algolia documentation

5.54.1

New version released!

What's Changed

Full Changelog: algolia/algoliasearch-client-javascript@5.54.0...5.54.1

Browse the Algolia documentation

5.54.0

New version released!

What's Changed

Full Changelog: algolia/algoliasearch-client-javascript@5.53.0...5.54.0

Browse the Algolia documentation

Changelog

Sourced from algoliasearch's changelog.

5.55.1

  • a676cd9cef fix(clients): bump replaceAllObjects default maxRetries from 100 to 800 (#6580) by @​Fluf22
  • a632f9fb75 fix(specs): BREAKING CHANGE – allow null records in getObjects response (#6582) by @​Fluf22
    • The getObjects operation now returns a list of nullable objects, as the API can send back null records. The clients previously only allowed a list of objects, so the response type has been updated to allow null values.

5.55.0

5.54.1

5.54.0

Commits
  • cd38da1 chore: release 5.55.1
  • 82bcda5 fix(specs): allow null records in getObjects response (generated)
  • 1fee525 chore: release 5.55.0
  • a97f727 feat(clients): release Agent Studio package updates (generated)
  • aa1012a chore: release 5.54.1
  • cd41fa3 fix(javascript): use proper null check instead of truthiness for required par...
  • b2006b2 chore: release 5.54.0
  • 8ddcdb3 feat(kotlin): expose maximum number of retries (generated)
  • See full diff in compare view

Updates hono from 4.12.25 to 4.12.27

Release notes

Sourced from hono's releases.

v4.12.27

Security fixes

This release includes fixes for the following security issues:

hono/jsx does not isolate context per request

Affects: hono/jsx, hono/jsx-renderer. During SSR, context was stored process-wide instead of per request, so useContext()/useRequestContext() read after an await in an async component could return another concurrent request's value — leading to cross-request data disclosure or authorization checks against the wrong request. GHSA-hvrm-45r6-mjfj

Server-Side XSS via JSX escaping bypass in cx()

Affects: hono/css. cx() marked its composed class name as already-escaped without escaping the input, so untrusted input passed as a class name could break out of the JSX class attribute during SSR and inject markup (XSS). GHSA-w62v-xxxg-mg59

API Gateway v1 adapter can drop a repeated request header value

Affects: hono/aws-lambda. The API Gateway v1 (and VPC Lattice) adapter de-duplicated repeated header values by substring instead of exact match, dropping a value that is a substring of another (e.g. 203.0.113.1 dropped when 203.0.113.10 is present) — affecting logic such as X-Forwarded-For-based IP restriction. GHSA-xgm2-5f3f-mvvc


Users of hono/jsx/hono/jsx-renderer, hono/css (cx()), or the hono/aws-lambda API Gateway v1 / VPC Lattice adapters are encouraged to upgrade.

v4.12.26

What's Changed

Full Changelog: honojs/hono@v4.12.25...v4.12.26

Commits
  • 97c6fe1 4.12.27
  • aa92177 Merge commit from fork
  • cd3f6f7 Merge commit from fork
  • d4853a8 fix(jsx): make merged context-isolation tests pass tsc type check (#5037)
  • 6735fea fix(jsx): cast awaitedFallback through unknown to fix Deno type check (#5036)
  • fab3b13 Merge commit from fork
  • 9f0dadf ci: use npm Staged publishing (#5035)
  • 27b7992 4.12.26
  • d29982c chore: replace arg and glob with Bun native APIs in build script
  • 16215d5 chore: remove unused devcontainer and gitpod configs (#5029)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for hono since your current version.


Updates react from 19.2.6 to 19.2.7

Release notes

Sourced from react's releases.

19.2.7 (June 1st, 2026)

React Server Components

Changelog

Sourced from react's changelog.

19.2.7 (June 1, 2026)

React Server Components

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react since your current version.


Updates react-dom from 19.2.6 to 19.2.7

Release notes

Sourced from react-dom's releases.

19.2.7 (June 1st, 2026)

React Server Components

Changelog

Sourced from react-dom's changelog.

19.2.7 (June 1, 2026)

React Server Components

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react-dom since your current version.


Updates semver from 7.8.1 to 7.8.5

Release notes

Sourced from semver's releases.

v7.8.5

7.8.5 (2026-06-19)

Bug Fixes

v7.8.4

7.8.4 (2026-06-09)

Bug Fixes

v7.8.3

7.8.3 (2026-06-08)

Bug Fixes

Chores

v7.8.2

7.8.2 (2026-06-04)

Bug Fixes

Changelog

Sourced from semver's changelog.

7.8.5 (2026-06-19)

Bug Fixes

7.8.4 (2026-06-09)

Bug Fixes

7.8.3 (2026-06-08)

Bug Fixes

Chores

7.8.2 (2026-06-04)

Bug Fixes

Commits

Updates swagger-ui-react from 5.32.6 to 5.32.8

Release notes

Sourced from swagger-ui-react's releases.

v5.32.8

5.32.8 (2026-06-23)

Bug Fixes

  • avoid filling parameter input with invalid array initial values (#10928) (014c512)

v5.32.7

5.32.7 (2026-06-22)

Bug Fixes

Commits
  • 4e0d3f8 chore(release): cut the 5.32.8 release
  • b1990bf chore(deps): bump nginx from 1.31.0-alpine to 1.31.2-alpine (#10936)
  • 014c512 fix: avoid filling parameter input with invalid array initial values (#10928)
  • bf6a8f0 chore(release): cut the 5.32.7 release
  • dd0d338 fix(deps): bump http-proxy-middleware to 2.0.10 and ws to 8.21.0 (#10935)
  • 6287405 chore(deps): bump actions/checkout from 6 to 7 (#10933)
  • 52ef1c9 fix(deps): bump dompurify from 3.4.9 to 3.4.11 (#10931)
  • 4d21bfb chore(deps-dev): bump webpack-dev-server from 5.2.4 to 5.2.5 (#10930)
  • fb2c061 chore(deps-dev): bump @​babel/core from 7.26.10 to 7.29.6 (#10925)
  • f8bcbbf fix(deps): bump form-data from 4.0.5 to 4.0.6 (#10924)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
Bumps the production group with 8 updates:

| Package | From | To |
| --- | --- | --- |
| [@sentry/cloudflare](https://github.com/getsentry/sentry-javascript) | `10.55.0` | `10.62.0` |
| [@tanstack/react-virtual](https://github.com/TanStack/virtual/tree/HEAD/packages/react-virtual) | `3.14.2` | `3.14.4` |
| [algoliasearch](https://github.com/algolia/algoliasearch-client-javascript) | `5.53.0` | `5.55.1` |
| [hono](https://github.com/honojs/hono) | `4.12.25` | `4.12.27` |
| [react](https://github.com/facebook/react/tree/HEAD/packages/react) | `19.2.6` | `19.2.7` |
| [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) | `19.2.6` | `19.2.7` |
| [semver](https://github.com/npm/node-semver) | `7.8.1` | `7.8.5` |
| [swagger-ui-react](https://github.com/swagger-api/swagger-ui) | `5.32.6` | `5.32.8` |


Updates `@sentry/cloudflare` from 10.55.0 to 10.62.0
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md)
- [Commits](getsentry/sentry-javascript@10.55.0...10.62.0)

Updates `@tanstack/react-virtual` from 3.14.2 to 3.14.4
- [Release notes](https://github.com/TanStack/virtual/releases)
- [Changelog](https://github.com/TanStack/virtual/blob/main/packages/react-virtual/CHANGELOG.md)
- [Commits](https://github.com/TanStack/virtual/commits/@tanstack/react-virtual@3.14.4/packages/react-virtual)

Updates `algoliasearch` from 5.53.0 to 5.55.1
- [Release notes](https://github.com/algolia/algoliasearch-client-javascript/releases)
- [Changelog](https://github.com/algolia/algoliasearch-client-javascript/blob/main/CHANGELOG.md)
- [Commits](algolia/algoliasearch-client-javascript@5.53.0...5.55.1)

Updates `hono` from 4.12.25 to 4.12.27
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](honojs/hono@v4.12.25...v4.12.27)

Updates `react` from 19.2.6 to 19.2.7
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react)

Updates `react-dom` from 19.2.6 to 19.2.7
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react-dom)

Updates `semver` from 7.8.1 to 7.8.5
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md)
- [Commits](npm/node-semver@v7.8.1...v7.8.5)

Updates `swagger-ui-react` from 5.32.6 to 5.32.8
- [Release notes](https://github.com/swagger-api/swagger-ui/releases)
- [Commits](swagger-api/swagger-ui@v5.32.6...v5.32.8)

---
updated-dependencies:
- dependency-name: "@sentry/cloudflare"
  dependency-version: 10.62.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production
- dependency-name: "@tanstack/react-virtual"
  dependency-version: 3.14.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production
- dependency-name: algoliasearch
  dependency-version: 5.55.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production
- dependency-name: hono
  dependency-version: 4.12.27
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production
- dependency-name: react
  dependency-version: 19.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production
- dependency-name: react-dom
  dependency-version: 19.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production
- dependency-name: semver
  dependency-version: 7.8.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production
- dependency-name: swagger-ui-react
  dependency-version: 5.32.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

0 participants