chore(deps)(deps): bump the production-minor-patch group across 1 directory with 30 updates

[dependabot]

Bumps the production-minor-patch group with 30 updates in the / directory:

Package	From	To
@apollo/server	5.4.0	5.5.0
@graphql-tools/schema	10.0.31	10.0.32
graphql	16.13.0	16.13.2
@graphql-tools/graphql-file-loader	8.1.10	8.1.13
@graphql-tools/load	8.1.8	8.1.9
@graphql-tools/utils	11.0.0	11.0.1
graphql-ws	6.0.7	6.0.8
jose	6.1.3	6.2.2
mathjs	15.1.1	15.2.0
ws	8.19.0	8.20.0
@apollo/client-integration-nextjs	0.14.4	0.14.5
@auth/prisma-adapter	2.11.1	2.11.2
@nosecone/next	1.1.0	1.4.0
@sentry/nextjs	10.40.0	10.49.0
@serwist/next	9.5.6	9.5.7
@tanstack/react-virtual	3.13.19	3.13.24
@vercel/analytics	2.0.0-canary.1	2.0.1
framer-motion	12.34.3	12.38.0
katex	0.16.33	0.16.45
next	16.2.0-canary.69	16.2.4
next-intl	4.8.3	4.9.1
nosecone	1.1.0	1.4.0
tailwindcss	4.2.1	4.2.2
three	0.183.2	0.184.0
zustand	5.0.11	5.0.12
hono	4.12.3	4.12.14
modern-pdf-lib	0.15.1	0.26.0
@neondatabase/serverless	1.0.2	1.1.0
@prisma/adapter-neon	7.5.0-dev.33	7.7.0
@prisma/client	7.5.0-dev.33	7.7.0

Updates @apollo/server from 5.4.0 to 5.5.0

Release notes

Sourced from @​apollo/server's releases.

@​apollo/server-integration-testsuite@​5.5.0

Minor Changes

• #8191 ada1200 - ⚠️ SECURITY @apollo/server/standalone:

  Apollo Server now rejects GraphQL GET requests which contain a Content-Type header other than application/json (with optional parameters such as ; charset=utf-8). Any other value is now rejected with a 415 status code.

  (GraphQL GET requests without a Content-Type header are still allowed, though they do still need to contain a non-empty X-Apollo-Operation-Name or Apollo-Require-Preflight header to be processed if the default CSRF prevention feature is enabled.)

  This improvement makes Apollo Server's CSRF more resistant to browsers which implement CORS in non-spec-compliant ways. Apollo is aware of one browser which as of March 2026 has a bug which allows an attacker to circumvent Apollo Server's CSRF prevention feature to carry out read-only XS-Search-style CSRF attacks. The browser vendor is in the process of patching this vulnerability; upgrading Apollo Server to v5.5.0 mitigates this vulnerability.

  If your server uses cookies (or HTTP Basic Auth) for authentication, Apollo encourages you to upgrade to v5.5.0.

  This is technically a backwards-incompatible change. Apollo is not aware of any GraphQL clients which provide non-empty Content-Type headers with GET requests with types other than application/json. If your use case requires such requests, please file an issue and we may add more configurability in a follow-up release.

  See advisory GHSA-9q82-xgwf-vj6h for more details.

Patch Changes

• Updated dependencies [ada1200]:
  • @​apollo/server@​5.5.0

@​apollo/server@​5.5.0

Minor Changes

• #8191 ada1200 Thanks @​glasser! - ⚠️ SECURITY @apollo/server/standalone:

  Apollo Server now rejects GraphQL GET requests which contain a Content-Type header other than application/json (with optional parameters such as ; charset=utf-8). Any other value is now rejected with a 415 status code.

  (GraphQL GET requests without a Content-Type header are still allowed, though they do still need to contain a non-empty X-Apollo-Operation-Name or Apollo-Require-Preflight header to be processed if the default CSRF prevention feature is enabled.)

  This improvement makes Apollo Server's CSRF more resistant to browsers which implement CORS in non-spec-compliant ways. Apollo is aware of one browser which as of March 2026 has a bug which allows an attacker to circumvent Apollo Server's CSRF prevention feature to carry out read-only XS-Search-style CSRF attacks. The browser vendor is in the process of patching this vulnerability; upgrading Apollo Server to v5.5.0 mitigates this vulnerability.

  If your server uses cookies (or HTTP Basic Auth) for authentication, Apollo encourages you to upgrade to v5.5.0.

  This is technically a backwards-incompatible change. Apollo is not aware of any GraphQL clients which provide non-empty Content-Type headers with GET requests with types other than application/json. If your use case requires such requests, please file an issue and we may add more configurability in a follow-up release.

  See advisory GHSA-9q82-xgwf-vj6h for more details.

Changelog

Sourced from @​apollo/server's changelog.

5.5.0

Minor Changes

• #8191 ada1200 Thanks @​glasser! - ⚠️ SECURITY @apollo/server/standalone:

  Apollo Server now rejects GraphQL GET requests which contain a Content-Type header other than application/json (with optional parameters such as ; charset=utf-8). Any other value is now rejected with a 415 status code.

  (GraphQL GET requests without a Content-Type header are still allowed, though they do still need to contain a non-empty X-Apollo-Operation-Name or Apollo-Require-Preflight header to be processed if the default CSRF prevention feature is enabled.)

  This improvement makes Apollo Server's CSRF more resistant to browsers which implement CORS in non-spec-compliant ways. Apollo is aware of one browser which as of March 2026 has a bug which allows an attacker to circumvent Apollo Server's CSRF prevention feature to carry out read-only XS-Search-style CSRF attacks. The browser vendor is in the process of patching this vulnerability; upgrading Apollo Server to v5.5.0 mitigates this vulnerability.

  If your server uses cookies (or HTTP Basic Auth) for authentication, Apollo encourages you to upgrade to v5.5.0.

  This is technically a backwards-incompatible change. Apollo is not aware of any GraphQL clients which provide non-empty Content-Type headers with GET requests with types other than application/json. If your use case requires such requests, please file an issue and we may add more configurability in a follow-up release.

  See advisory GHSA-9q82-xgwf-vj6h for more details.

Commits

• 64c0e1b Version Packages (#8192)
• ada1200 Reject GET requests with a Content-Type other than application/json (#8191)
• See full diff in compare view

Updates @graphql-tools/schema from 10.0.31 to 10.0.32

Changelog

Sourced from @​graphql-tools/schema's changelog.

10.0.32

Patch Changes

• Updated dependencies [ae36a0e]:
  • @​graphql-tools/utils@​11.0.1
  • @​graphql-tools/merge@​9.1.8

Commits

• 14066f9 chore(release): update monorepo packages versions (#8118)
• 5d6bcc4 Remove skipLibCheck (#8019)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​graphql-tools/schema since your current version.

Updates graphql from 16.13.0 to 16.13.2

Release notes

Sourced from graphql's releases.

v16.13.2 (2026-03-24)

Docs 📝

• #4611 add dev mode docs (@​yaacovCR)

Polish 💅

• #4631 Use Object.create(null) over {} to avoid prototype issues - v16 (@​benjie)

Internal 🏠

• #4626 backport: internal: streamline release process (#4615) (@​yaacovCR)

Committers: 2

• Benjie(@​benjie)
• Yaacov Rydzinski (@​yaacovCR)

v16.13.1 (2026-03-04)

First 16.x.x release with trusted publishing and provenance, see: https://docs.npmjs.com/trusted-publishers for additional information.

Docs 📝

• #4433 docs: move migrate from express graphql guide to graphqlJS docs (@​sarahxsanders)

Internal 🏠

• #4608 internal: backport new release flow from 17.x.x (@​yaacovCR)
• #4610 internal: pin node version for release action (@​yaacovCR)

Committers: 2

• Sarah Sanders(@​sarahxsanders)
• Yaacov Rydzinski (@​yaacovCR)

Commits

• 123e958 chore(release): v16.13.2 (#4632)
• 13f130d Use Object.create(null) over {} to avoid prototype issues - v16 (#4631)
• 6ca59e1 backport: internal: streamline release process (#4615) (#4626)
• df8c53f docs: dev mode for v17 (#4611)
• 3b5c3f9 internal: pin node version for release action (#4610)
• 6dee435 chore(release): v16.13.1 (#4609)
• c2ad5c6 internal: backport new release flow from 17.x.x (#4608)
• adff4e6 docs: move migrate from express graphql guide to graphqlJS docs (#4433)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for graphql since your current version.

Updates @graphql-tools/graphql-file-loader from 8.1.10 to 8.1.13

Changelog

Sourced from @​graphql-tools/graphql-file-loader's changelog.

8.1.13

Patch Changes

• Updated dependencies [ae36a0e]:
  • @​graphql-tools/utils@​11.0.1
  • @​graphql-tools/import@​7.1.13

8.1.12

Patch Changes

• Updated dependencies [5d6bcc4]:
  • @​graphql-tools/import@​7.1.12

8.1.11

Patch Changes

• Updated dependencies [417d875, 0e4d00e]:
  • @​graphql-tools/import@​7.1.11

Commits

• 14066f9 chore(release): update monorepo packages versions (#8118)
• 309c14a chore(release): update monorepo packages versions (#8020)
• 66cee43 Ranged
• 9410e77 chore(release): update monorepo packages versions (#7881)
• 1b1b51f chore(release): update monorepo packages versions (#7841)
• 7417ceb chore(release): update monorepo packages versions (#7754)
• 7b17d1f chore(release): update monorepo packages versions (#7722)
• 946c496 chore(release): update monorepo packages versions (#7699)
• 8e2f481 chore(release): update monorepo packages versions (#7684)
• 53fdba6 chore(release): update monorepo packages versions (#7680)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​graphql-tools/graphql-file-loader since your current version.

Updates @graphql-tools/load from 8.1.8 to 8.1.9

Changelog

Sourced from @​graphql-tools/load's changelog.

8.1.9

Patch Changes

• Updated dependencies [ae36a0e]:
  • @​graphql-tools/utils@​11.0.1
  • @​graphql-tools/schema@​10.0.32

Commits

• 14066f9 chore(release): update monorepo packages versions (#8118)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​graphql-tools/load since your current version.

Updates @graphql-tools/utils from 11.0.0 to 11.0.1

Changelog

Sourced from @​graphql-tools/utils's changelog.

11.0.1

Patch Changes

• ae36a0e Thanks @​mattkrick! - Handle enum values correctly if they are arguments of directives defined in the extensions

Commits

• 14066f9 chore(release): update monorepo packages versions (#8118)
• ae36a0e fix: coerce enum directive arguments to internal values when printing (#8117)
• a831489 build(deps): bump the actions-deps group with 7 updates (#8105)
• fe413ee Revert unnecessary changes
• 4dd39fa fix(mergeDeep): do not concatenate arrays while merging
• a91a765 build(deps): bump the actions-deps group with 8 updates (#8056)
• 3929728 build(deps): bump the actions-deps group across 1 directory with 2 updates (#...
• 75f72c3 chore(deps): lock file maintenance (#8029)
• d0e76cd build(deps): bump the actions-deps group across 1 directory with 3 updates (#...
• 5d6bcc4 Remove skipLibCheck (#8019)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​graphql-tools/utils since your current version.

Updates graphql-ws from 6.0.7 to 6.0.8

Release notes

Sourced from graphql-ws's releases.

v6.0.8

Patch Changes

• #667 fc03004 Thanks @​endigma! - Fix the server sending a Complete message after an Error message for subscriptions.

  Previously, when a subscription's async iterable threw an error, the server would send:

  {"id":"1","type":"error","payload":[{"message":"..."}]}
  {"id":"1","type":"complete"}
  

  Per the protocol spec:

  Error: This message terminates the operation and no further messages will be sent.

  Complete (Server → Client): If the server dispatched the Error message relative to the original Subscribe message, no Complete message will be emitted.

  The server now correctly sends only the Error message:

  {"id":"1","type":"error","payload":[{"message":"..."}]}
  

  Clients that correctly follow the spec should be unaffected, as they are expected to ignore messages for operations they consider already completed.

Changelog

Sourced from graphql-ws's changelog.

6.0.8

Patch Changes

• #667 fc03004 Thanks @​endigma! - Fix the server sending a Complete message after an Error message for subscriptions.

  Previously, when a subscription's async iterable threw an error, the server would send:

  {"id":"1","type":"error","payload":[{"message":"..."}]}
  {"id":"1","type":"complete"}
  

  Per the protocol spec:

  Error: This message terminates the operation and no further messages will be sent.

  Complete (Server → Client): If the server dispatched the Error message relative to the original Subscribe message, no Complete message will be emitted.

  The server now correctly sends only the Error message:

  {"id":"1","type":"error","payload":[{"message":"..."}]}
  

  Clients that correctly follow the spec should be unaffected, as they are expected to ignore messages for operations they consider already completed.

Commits

• 2cbe0ed Upcoming Release Changes (#668)
• fc03004 fix: do not send Complete after Error for subscriptions (#667)
• See full diff in compare view

Updates jose from 6.1.3 to 6.2.2

Release notes

Sourced from jose's releases.

v6.2.2

Fixes

• reject failed decompression with JWEInvalid error (043b181)

v6.2.1

Refactor

• reorganize internals, less files, smaller footprint (d4231f9)

v6.2.0

Features

• re-introduce JWE "zip" (Compression Algorithm) Header Parameter support (b13b446)

Documentation

• clarify return of general jws and jwe (56682b4)

Changelog

Sourced from jose's changelog.

6.2.2 (2026-03-18)

Fixes

• reject failed decompression with JWEInvalid error (043b181)

6.2.1 (2026-03-09)

Refactor

• reorganize internals, less files, smaller footprint (d4231f9)

6.2.0 (2026-03-05)

Features

• re-introduce JWE "zip" (Compression Algorithm) Header Parameter support (b13b446)

Documentation

• clarify return of general jws and jwe (56682b4)

Commits

• 9c86586 chore(release): 6.2.2
• 4984b5c chore(deps): bump the actions group with 4 updates
• 043b181 fix: reject failed decompression with JWEInvalid error
• 867cc2c chore(deps-dev): bump undici
• f4e20e7 chore(deps-dev): bump tar in the npm_and_yarn group across 1 directory
• d0505bf chore: cleanup after release
• d491aa9 chore(release): 6.2.1
• d4231f9 refactor: reorganize internals, less files, smaller footprint
• 7b22ba8 test: use playwright instead of testcafe
• 00965b4 chore: bump packages
• Additional commits viewable in compare view

Updates mathjs from 15.1.1 to 15.2.0

Changelog

Sourced from mathjs's changelog.

unpublished changes since 15.2.0

• Docs: fix the browser example rocket_trajectory_optimization.html (#3654). Thanks @​dvd101x.

2026-04-07, 15.2.0

• Feat: Add amp-hour charge unit Ah (#3617). Thanks @​adrfantini.
• Feat: #3595 implement num and den functions returning the parts of a fraction (#3605). Thanks @​AnslemHack.
• Fix: Provide TypeScript types for [and/or]TransformDependencies (#3639). Thanks @​NilsDietrich.
• Fix: two security vulnerabilities that allowed executing arbitrary JavaScript via the expression parser. Thanks @​CykuTW for finding and reporting them.

Commits

• fee4561 chore: publish v15.2.0
• 139dcab chore: update history
• 0aee2f6 fix: two security vulnerabilities allowing execution of arbitrary JavaScript ...
• f7c10b1 feat: Fraction numerator and denominator helper functions (#3605)
• 2066220 feat: Add Ah charge unit (#3617)
• 685da0f chore: Add andTransformDependencies and orTransformDependencies to index.d.ts...
• 8fe12e5 docs: update links to TestMu AI
• See full diff in compare view

Updates ws from 8.19.0 to 8.20.0

Release notes

Sourced from ws's releases.

8.20.0

Features

• Added exports for the PerMessageDeflate class and utilities for the Sec-WebSocket-Extensions and Sec-WebSocket-Protocol headers (d3503c1f).

Commits

• 8439255 [dist] 8.20.0
• d3503c1 [minor] Export the PerMessageDeflate class and header utils
• 3ee5349 [api] Convert the isServer and maxPayload parameters to options
• 91707b4 [doc] Add missing space
• 8b55319 [pkg] Update eslint to version 10.0.1
• ca533a5 [pkg] Update globals to version 17.0.0
• See full diff in compare view

Updates @apollo/client-integration-nextjs from 0.14.4 to 0.14.5

Release notes

Sourced from @​apollo/client-integration-nextjs's releases.

@​apollo/client-integration-nextjs@​0.14.5

Patch Changes

• Updated dependencies [077a94e]
  • @​apollo/client-react-streaming@​0.14.5

Commits

• 15eda44 Version Packages (#548)
• 0f58188 Update Docs
• 077a94e Avoid warning when using fragments in preloadQuery. (#536)
• 43b0a18 Add Apollo Client skill to README files (#539)
• 23bc7b6 Use Apollo Client skill in Copilot Agents
• 01467a2 post-version script: also update CHANGELOG.md
• bc9984a enforce publishing one package at a time, not in parallel
• See full diff in compare view

Updates @auth/prisma-adapter from 2.11.1 to 2.11.2

Release notes

Sourced from @​auth/prisma-adapter's releases.

@​auth/prisma-adapter@​2.11.2

Other

• @​auth/core: dependency update (67f2b168)

Commits

• af9daa8 chore(release): bump package version(s) [skip ci]
• d4dab3d chore: sync package versions with npm registry (#13414)
• 8a23c5b chore: fix lockfile (#13411)
• 2018202 docs: fix TypeScript type mismatch in refresh token rotation example (#13396)
• 0eba7e4 adapter-kysely: Update kysely for CVE-2026-33468 (#13407)
• 67f2b16 fix(providers): add issuer to GitHub provider for RFC 9207 compliance (#13410)
• f457068 docs: update middleware.ts references to proxy.ts for Next.js 16 (#13373)
• c7c2cfa docs: update Better Auth migration guide (#13334)
• b4ef14a chore(release): bump version [skip ci]
• See full diff in compare view

Maintainer changes

This version was pushed to npm by better-gustavo, a new releaser for @​auth/prisma-adapter since your current version.

Updates @nosecone/next from 1.1.0 to 1.4.0

Release notes

Sourced from @​nosecone/next's releases.

v1.4.0

1.4.0 (2026-04-14)

🚀 New Features

Introducing Arcjet Guard - protect AI agent tool calls, background jobs, and anything beyond HTTP. @arcjet/guard is a new API built for the agentic era: rate limit by any key, detect prompt injection, and catch PII.

• guard: promote @​arcjet/guard from experimental to stable release (#5996) (f511f44)

📝 Documentation

• add @​arcjet/guard documentation to root README (#5993) (4be39c8)
• add MCP server mentions to @​arcjet/guard (#5974) (cd398c0)

🧹 Miscellaneous Chores

• add .claude/ to .gitignore (#5988) (6f0f922)
• always trigger workflows on release-please branch (#5998) (6554cd1)
• delete astro-5 example (#5995) (38487cb)
• Deprecate score and threshold fields in detectPromptInjection (#5987) (de46cb7)
• examples: Add Astro 5 example, upgrade main Astro example to v6 (#5975) (a77c077)
• guard: add legacy type resolution for typescript@<=5 (#5978) (fd6ad6d)
• guard: introduce arcjet guard js (#5957) (53ff2e2)
• guard: update protobuf (#5986) (25f0e9e)
• proto: sync generated proto (#5994) (25b11fe)
• regenerate wasm binaries after aws-lc-rs update (#5969) (bda5448)

🔨 Build System

• deps-dev: bump vite from 7.3.1 to 7.3.2 (#5980) (8a253f6)
• deps-dev: bump vite from 7.3.1 to 7.3.2 in /examples/react-router (#5982) (ddf3416)
• deps-dev: bump vite from 7.3.1 to 7.3.2 in /examples/react-router-middleware (#5985) (e36cf35)
• deps: bump @​nestjs/core from 11.1.17 to 11.1.18 in /examples/nestjs (#5983) (514ae8b)
• deps: bump unhead and @​unhead/vue in /examples/nuxt (#5989) (6add894)
• deps: bump vite from 7.3.1 to 7.3.2 in /examples/nuxt (#5981) (97138bc)
• deps: bump vite in /examples/remix-express (#5977) (3b97d6f)

v1.3.1

1.3.1 (2026-03-30)

🪲 Bug Fixes

• filter: update wasm and add tests for len() on absent map fields (#5929) (d2a3161)
• install command & pricing references (#5959) (7e54cbd)

... (truncated)

Changelog

Sourced from @​nosecone/next's changelog.

1.4.0 (2026-04-14)

🧹 Miscellaneous Chores

• @​nosecone/next: Synchronize arcjet-js versions

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • nosecone bumped from 1.3.1 to 1.4.0
  • devDependencies
    • @​arcjet/eslint-config bumped from 1.3.1 to 1.4.0
    • @​arcjet/rollup-config bumped from 1.3.1 to 1.4.0

1.3.1 (2026-03-30)

🧹 Miscellaneous Chores

• @​nosecone/next: Synchronize arcjet-js versions

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • nosecone bumped from 1.3.0 to 1.3.1
  • devDependencies
    • @​arcjet/eslint-config bumped from 1.3.0 to 1.3.1
    • @​arcjet/rollup-config bumped from 1.3.0 to 1.3.1

1.3.0 (2026-03-12)

🧹 Miscellaneous Chores

• @​nosecone/next: Synchronize arcjet-js versions

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • nosecone bumped from 1.2.0 to 1.3.0
  • devDependencies
    • @​arcjet/eslint-config bumped from 1.2.0 to 1.3.0
    • @​arcjet/rollup-config bumped from 1.2.0 to 1.3.0

... (truncated)

Commits

• b4337ec chore: Release 1.4.0 (#5972)
• ddcad58 chore: Release 1.3.1 (#5926)
• b3f76ef deps: periodic dependency update and security update (#5965)
• 9ddc395 deps(dev): update dependency @​rollup/wasm-node to v4.59.0 (#5935)
• 682a80e chore: Release 1.3.0 (#5912)
• 9992ba4 chore: Release 1.2.0 (#5802)
• a56c62b deps: periodic dependency update (#5892)
• See full diff in compare view

Updates @sentry/nextjs from 10.40.0 to 10.49.0

Release notes

Sourced from @​sentry/nextjs's releases.

10.49.0

Important Changes

• feat(browser): Add View Hierarchy integration (#14981)

  A new viewHierarchyIntegration captures the DOM structure when an error occurs, providing a snapshot of the page state for debugging. Enable it in your Sentry configuration:

  import * as Sentry from '@sentry/browser';
  Sentry.init({
  dsn: 'DSN',
  integrations: [Sentry.viewHierarchyIntegration()],
  });

• feat(cloudflare): Split alarms into multiple traces and link them (#19373)

  Durable Object alarms now create separate traces for each alarm invocation, with proper linking between related alarms for better observability.

• feat(cloudflare): Enable RPC trace propagation with enableRpcTracePropagation (#19991, #20345)

  A new enableRpcTracePropagation option enables automatic trace propagation for Cloudflare RPC calls via .fetch(), ensuring distributed traces flow correctly across service bindings.

• feat(core): Add enableTruncation option to AI integrations (#20167, #20181, #20182, #20183, #20184)

  All AI integrations (OpenAI, Anthropic, Google GenAI, LangChain, LangGraph) now support an enableTruncation option to control whether large AI inputs/outputs are truncated.

• feat(opentelemetry): Vendor AsyncLocalStorageContextManager (#20243)

  The OpenTelemetry context manager is now vendored internally, reducing external dependencies and ensuring consistent behavior across environments.

Other Changes

• feat(core): Export a reusable function to add tracing headers (#20076)
• feat(core): Expose rewriteSources top level option (#20142)
• feat(deps): bump defu from 6.1.4 to 6.1.6 (#20104)
• feat(node-native): Add support for V8 v14 (Node v25+) (#20125)
• feat(node): Include global scope for eventLoopBlockIntegration (#20108)
• fix(core, node): Support loading Express options lazily (#20211)
• fix(core): Set conversation_id only on gen_ai spans (#20274)
• fix(core): Use ai.operationId for Vercel AI V6 operation name mapping (#20285)
• fix(deno): Avoid inferring invalid span op from Deno tracer (#20128)
• fix(deno): Handle reader.closed rejection from releaseLock() in streaming (#20187)
• fix(nextjs): Preserve directive prologues in turbopack loaders (#20103)
• fix(nextjs): Skip custom browser tracing setup for bot user agents (#20263)
• fix(opentelemetry): Use WeakRef for context stored on scope to prevent memory leak (#20328)
• fix(replay): Use live click attributes in breadcrumbs (#20262)

... (truncated)

Changelog

Sourced from @​sentry/nextjs's changelog.

10.49.0

Important Changes

• feat(browser): Add View Hierarchy integration (#14981)

  A new viewHierarchyIntegration captures the DOM structure when an error occurs, providing a snapshot of the page state for debugging. Enable it in your Sentry configuration:

  import * as Sentry from '@sentry/browser';
  Sentry.init({
  dsn: 'DSN',
  integrations: [Sentry.viewHierarchyIntegration()],
  });

• feat(cloudflare): Split alarms into multiple traces and link them (#19373)

  Durable Object alarms now create separate traces for each alarm invocation, with proper linking between related alarms for better observability.

• feat(cloudflare): Enable RPC trace propagation with enableRpcTracePropagation (#19991, #20345)

  A new enableRpcTracePropagation option enables automatic trace propagation for Cloudflare RPC calls via .fetch(), ensuring distributed traces flow correctly across service bindings.

• feat(core): Add enableTruncation option to AI integrations (#20167, #20181, #20182, #20183, #20184)

  All AI integrations (OpenAI, Anthropic, Google GenAI, LangChain, LangGraph) now support an enableTruncation option to control whether large AI inputs/outputs are truncated.

• feat(opentelemetry): Vendor AsyncLocalStorageC...

  Description has been truncated

[dependabot]

Labels

The following labels could not be found: automated, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
nextcalc-pro	Error		Apr 20, 2026 3:56pm