Skip to content

chore(deps): update backend dependencies (major) #1818

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ggrossetie wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore(deps): update backend dependencies (major) #1818

ggrossetie wants to merge 1 commit into from

Conversation

@ggrossetie
Copy link
Collaborator

@ggrossetie ggrossetie commented Nov 27, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change
@graphql-tools/schema (source) dependencies major ^9.0.12 -> ^10.0.0
@sentry/node (source) dependencies major ^9.2.0 -> ^10.0.0
@sentry/profiling-node (source) dependencies major ^9.2.0 -> ^10.0.0
@types/jest (source) devDependencies major ~29.5 -> ~30.0.0
bcryptjs dependencies major ^2.4.3 -> ^3.0.0
body-parser dependencies major ^1.18.3 -> ^2.0.0
css-tree dependencies major ^2.3.1 -> ^3.0.0
dompurify dependencies major ^2.4.3 -> ^3.0.0
dotenv dependencies major ^16.4.5 -> ^17.0.0
eslint (source) devDependencies major ~8.57 -> ~9.39.0
eslint-plugin-jest devDependencies major ~28.14.0 -> ~29.8.0
express (source) dependencies major ^4.16.4 -> ^5.0.0
jest (source) devDependencies major ~29.7 -> ~30.2.0
jest-environment-node (source) devDependencies major ~29.7 -> ~30.2.0
jsdom dependencies major ^21.0.0 -> ^27.0.0
node (source) volta major 22.21.1 -> 24.12.0
npm (source) volta major 10.9.4 -> 11.7.0
pino (source) dependencies major ^7.11.0 -> ^10.0.0
pino-http dependencies major ^7.0.0 -> ^11.0.0

Release Notes

ardatan/graphql-tools (@​graphql-tools/schema)

v10.0.30

Compare Source

Patch Changes

v10.0.29

Compare Source

Patch Changes

v10.0.28

Compare Source

Patch Changes

v10.0.27

Compare Source

Patch Changes

v10.0.26

Compare Source

Patch Changes

v10.0.25

Compare Source

Patch Changes

v10.0.24

Compare Source

Patch Changes

v10.0.23

Compare Source

Patch Changes

v10.0.22

Compare Source

Patch Changes

v10.0.21

Compare Source

Patch Changes

v10.0.20

Compare Source

Patch Changes

v10.0.19

Compare Source

Patch Changes

v10.0.18

Compare Source

Patch Changes

v10.0.17

Compare Source

Patch Changes

v10.0.16

Compare Source

Patch Changes

v10.0.15

Compare Source

Patch Changes

v10.0.14

Compare Source

Patch Changes

v10.0.13

Compare Source

Patch Changes

v10.0.12

Compare Source

Patch Changes

v10.0.11

Compare Source

Patch Changes

v10.0.10

Compare Source

Patch Changes

v10.0.9

Compare Source

Patch Changes

v10.0.8

Compare Source

Patch Changes

v10.0.7

Compare Source

Patch Changes

v10.0.6

Compare Source

Patch Changes

v10.0.5

Compare Source

Patch Changes

v10.0.4

Compare Source

Patch Changes

v10.0.3

Compare Source

Patch Changes

v10.0.2

Compare Source

Patch Changes

v10.0.1

Compare Source

Patch Changes

v10.0.0

Compare Source

Major Changes
Patch Changes
getsentry/sentry-javascript (@​sentry/node)

v10.32.1

Compare Source

  • fix(cloudflare): Add hono transaction name when error is thrown (#​18529)
  • fix(ember): Make implementation field optional (hash routes) (#​18564)
  • fix(vercelai): Fix input token count (#​18574)
Internal Changes
  • chore(lint): prefer 'unknown' to 'any', fix lint warnings
  • chore(test): Remove cloudflare-astro e2e test (#​18567)

v10.32.0

Compare Source

Important Changes

  • feat(core): Apply scope attributes to logs (#​18184)

    You can now set attributes on the SDK's scopes which will be applied to all logs as long as the respective scopes are active. For the time being, only string, number and boolean attribute values are supported.

    Sentry.geGlobalScope().setAttributes({ is_admin: true, auth_provider: 'google' });

Sentry.withScope(scope => {
  scope.setAttribute('step', 'authentication');

  // scope attributes `is_admin`, `auth_provider` and `step` are added
  Sentry.logger.info(`user ${user.id} logged in`, { activeSince: 100 });
  Sentry.logger.info(`updated ${user.id} last activity`);
});

// scope attributes `is_admin` and `auth_provider` are added
Sentry.logger.warn('stale website version, reloading page');

  • feat(replay): Add Request body with attachRawBodyFromRequest option (#​18501)

    To attach the raw request body (from Request objects passed as the first fetch argument) to replay events, you can now use the attachRawBodyFromRequest option in the Replay integration:

    Sentry.init({
  integrations: [
    Sentry.replayIntegration({
      attachRawBodyFromRequest: true,
    }),
  ],
});

  • feat(tanstackstart-react): Trace server functions (#​18500)

    To enable tracing for server-side requests, you can now explicitly define a server entry point in your application and wrap your request handler with wrapFetchWithSentry.

    // src/server.ts
import { wrapFetchWithSentry } from '@​sentry/tanstackstart-react';
import handler, { createServerEntry } from '@​tanstack/react-start/server-entry';

export default createServerEntry(
  wrapFetchWithSentry({
    fetch(request: Request) {
      return handler.fetch(request);
    },
  }),
);

  • feat(vue): Add TanStack Router integration (#​18547)

    The @sentry/vue package now includes support for TanStack Router. Use tanstackRouterBrowserTracingIntegration to automatically instrument pageload and navigation transactions with parameterized routes:

    import { createApp } from 'vue';
import { createRouter } from '@​tanstack/vue-router';
import * as Sentry from '@​sentry/vue';
import { tanstackRouterBrowserTracingIntegration } from '@​sentry/vue/tanstackrouter';

const router = createRouter({
  // your router config
});

Sentry.init({
  app,
  dsn: '__PUBLIC_DSN__',
  integrations: [tanstackRouterBrowserTracingIntegration(router)],
  tracesSampleRate: 1.0,
});
Other Changes
  • feat(core): Capture initialize attributes on MCP servers (#​18531)
  • feat(nextjs): Extract tracing logic from server component wrapper templates (#​18408)
  • feat(nextjs): added webpack treeshaking flags as config (#​18359)
  • fix(solid/tanstackrouter): Ensure web vitals are sent on pageload (#​18542)
Internal Changes
  • chore(changelog): Add entry for scope attributes (#​18555)
  • chore(changelog): Add entry for tanstack start wrapFetchWithSentry (#​18558)
  • chore(deps): bump @​trpc/server from 10.45.2 to 10.45.3 in /dev-packages/e2e-tests/test-applications/node-express-incorrect-instrumentation (#​18530)
  • chore(deps): bump @​trpc/server from 10.45.2 to 10.45.3 in /dev-packages/e2e-tests/test-applications/node-express-v5 (#​18550)
  • chore(e2e): Pin to react-router 7.10.1 in spa e2e test (#​18548)
  • chore(e2e): Remove check on http.response_content_length_uncompressed (#​18536)
  • chore(github): Add "Closes" to PR template (#​18538)
  • test(cloudflare-mcp): Unpin mcp sdk (#​18528)
  • test(nextjs): Add e2e tests for server component spans in next 16 (#​18544)

v10.31.0

Compare Source

Important Changes
  • feat(browser): Add support for GraphQL persisted operations (#​18505)

The graphqlClientIntegration now supports GraphQL persisted operations (queries). When a persisted query is detected, the integration will capture the operation hash and version as span attributes:

  • graphql.persisted_query.hash.sha256 - The SHA-256 hash of the persisted query
  • graphql.persisted_query.version - The version of the persisted query protocol

Additionally, the graphql.document attribute format has changed to align with OpenTelemetry semantic conventions. It now contains only the GraphQL query string instead of the full JSON request payload.

Before:

"graphql.document": "{\"query\":\"query Test { user { id } }\"}"

After:

"graphql.document": "query Test { user { id } }"
Other Changes
  • feat(node): Support propagateTraceparent option (#​18476)
  • feat(bun): Expose spotlight option in TypeScript (#​18436)
  • feat(core): Add additional exports for captureException and captureMessage parameter types (#​18521)
  • feat(core): Export captureException and captureMessage parameter types (#​18509)
  • feat(core): Parse individual cookies from cookie header (#​18325)
  • feat(node): Add instrument OpenAI export to node (#​18461)
  • feat(nuxt): Bump @sentry/vite-plugin and @sentry/rollup-plugin to 4.6.1 (#​18349)
  • feat(profiling): Add support for Node v24 in the prune script (#​18447)
  • feat(tracing): strip inline media from messages (#​18413)
  • feat(node): Add ESM support for postgres.js instrumentation (#​17961)
  • fix(browser): Stringify span context in linked traces log statement (#​18376)
  • fix(google-cloud-serverless): Move @​types/express to optional peerDeps (#​18452)
  • fix(node-core): passthrough node-cron context (#​17835)
  • fix(tanstack-router): Check for fromLocation existence before reporting pageload (#​18463)
  • fix(tracing): add system prompt, model to google genai (#​18424)
  • fix(tracing): Set span operations for AI spans with model ID only (#​18471)
  • ref(browser): Improve profiling debug statement (#​18507)
Internal Changes
  • chore: Add external contributor to CHANGELOG.md (#​18473)
  • chore: upgrade Playwright to ~1.56.0 for WSL2 compatibility (#​18468)
  • chore(bugbot): Add testing conventions code review rules (#​18433)
  • chore(deps): bump next from 14.2.25 to 14.2.35 in /dev-packages/e2e-tests/test-applications/create-next-app (#​18494)
  • chore(deps): bump next from 14.2.32 to 14.2.35 in /dev-packages/e2e-tests/test-applications/nextjs-orpc (#​18520)
  • chore(deps): bump next from 14.2.32 to 14.2.35 in /dev-packages/e2e-tests/test-applications/nextjs-pages-dir (#​18496)
  • chore(deps): bump next from 15.5.7 to 15.5.9 in /dev-packages/e2e-tests/test-applications/nextjs-15 (#​18482)
  • chore(deps): bump next from 15.5.7 to 15.5.9 in /dev-packages/e2e-tests/test-applications/nextjs-15-intl (#​18483)
  • chore(deps): bump next from 16.0.7 to 16.0.9 in /dev-packages/e2e-tests/test-applications/nextjs-16 (#​18480)
  • chore(deps): bump next from 16.0.7 to 16.0.9 in /dev-packages/e2e-tests/test-applications/nextjs-16-cacheComponents (#​18479)
  • chore(deps): bump next from 16.0.7 to 16.0.9 in /dev-packages/e2e-tests/test-applications/nextjs-16-tunnel (#​18481)
  • chore(deps): bump next from 16.0.9 to 16.0.10 in /dev-packages/e2e-tests/test-applications/nextjs-16 (#​18514)
  • chore(deps): bump next from 16.0.9 to 16.0.10 in /dev-packages/e2e-tests/test-applications/nextjs-16-tunnel (#​18487)
  • chore(tests): Added test variant flag (#​18458)
  • test(cloudflare-mcp): Pin mcp sdk to 1.24.0 (#​18524)

Work in this release was contributed by @​sebws and @​TBeeren. Thank you for your contributions!

v10.30.0

Compare Source

  • feat(nextjs): Deprecate Webpack top-level options (#​18343)
  • feat(node): Capture scope when event loop blocked (#​18040)
  • fix(aws-serverless): Remove hyphens from AWS-lambda origins (#​18353)
  • fix(core): Parse method from Request object in fetch (#​18453)
  • fix(react): Add transaction name guards for rapid lazy-route navigations (#​18346)
Internal Changes
  • chore(ci): Fix double issue creation for unreferenced PRs (#​18442)
  • chore(deps): bump next from 15.5.4 to 15.5.7 in /dev-packages/e2e-tests/test-applications/nextjs-15 (#​18411)
  • chore(deps): bump next from 15.5.4 to 15.5.7 in /dev-packages/e2e-tests/test-applications/nextjs-15-intl (#​18400)
  • chore(deps): bump next from 16.0.0 to 16.0.7 in /dev-packages/e2e-tests/test-applications/nextjs-16 (#​18399)
  • chore(deps): bump next from 16.0.0 to 16.0.7 in /dev-packages/e2e-tests/test-applications/nextjs-16-cacheComponents (#​18427)
  • chore(deps): bump next from 16.0.0 to 16.0.7 in /dev-packages/e2e-tests/test-applications/nextjs-16-tunnel (#​18439)
  • chore(publish): Fix publish order for @sentry/types (#​18429)
  • ci(deps): bump actions/create-github-app-token from 2.1.4 to 2.2.0 (#​18362)

v10.29.0

Compare Source

Important Changes

We expanded the supported version range for @solidjs/router to include 0.14.x and 0.15.x versions.

Other Changes
  • fix(logs): Add support for msg in pino integration (#​18389)
  • fix(node): Include system message in anthropic-ai messages span (#​18332)
  • fix(tracing): Add missing attributes in vercel-ai spans (#​18333)
Internal Changes
  • chore(tanstackstart-react): clean up re-exported types (#​18393)
  • ref(core): Avoid looking up openai integration options (#​17695)
  • test(nuxt): Relax captured unhandled error assertion (#​18397)
  • test(tanstackstart-react): Set up E2E test application (#​18358)

v10.28.0

Compare Source

Important Changes
  • feat(core): Make matcher parameter optional in makeMultiplexedTransport (#​10798)

The matcher parameter in makeMultiplexedTransport is now optional with a sensible default. This makes it much easier to use the multiplexed transport for sending events to multiple DSNs based on runtime configuration.

Before:

import { makeFetchTransport, makeMultiplexedTransport } from '@​sentry/browser';

const EXTRA_KEY = 'ROUTE_TO';

const transport = makeMultiplexedTransport(makeFetchTransport, args => {
  const event = args.getEvent();
  if (event?.extra?.[EXTRA_KEY] && Array.isArray(event.extra[EXTRA_KEY])) {
    return event.extra[EXTRA_KEY];
  }
  return [];
});

Sentry.init({
  transport,
  // ... other options
});

// Capture events with routing info
Sentry.captureException(error, {
  extra: {
    [EXTRA_KEY]: [
      { dsn: 'https://key1@​sentry.io/project1', release: 'v1.0.0' },
      { dsn: 'https://key2@​sentry.io/project2' },
    ],
  },
});

After:

import { makeFetchTransport, makeMultiplexedTransport, MULTIPLEXED_TRANSPORT_EXTRA_KEY } from '@​sentry/browser';

// Just pass the transport generator - the default matcher handles the rest!
Sentry.init({
  transport: makeMultiplexedTransport(makeFetchTransport),
  // ... other options
});

// Capture events with routing info using the exported constant
Sentry.captureException(error, {
  extra: {
    [MULTIPLEXED_TRANSPORT_EXTRA_KEY]: [
      { dsn: 'https://key1@​sentry.io/project1', release: 'v1.0.0' },
      { dsn: 'https://key2@​sentry.io/project2' },
    ],
  },
});

The default matcher looks for routing information in event.extra[MULTIPLEXED_TRANSPORT_EXTRA_KEY]. You can still provide a custom matcher function for advanced use cases.

  • feat(nextjs): Support cacheComponents on turbopack (#​18304)

This release adds support for cacheComponents on turbopack builds. We are working on adding support for this feature in webpack builds as well.

Other Changes
  • feat: Publish AWS Lambda Layer for Node 24 (#​18327)
  • feat(browser): Expose langchain instrumentation (#​18342)
  • feat(browser): Expose langgraph instrumentation (#​18345)
  • feat(cloudflare): Allow specifying a custom fetch in Cloudflare transport options (#​18335)
  • feat(core): Add isolateTrace option to Sentry.withMonitor() (#​18079)
  • feat(deps): bump @​sentry/webpack-plugin from 4.3.0 to 4.6.1 (#​18272)
  • feat(nextjs): Add cloudflare waitUntil detection (#​18336)
  • feat(node): Add LangChain v1 support (#​18306)
  • feat(remix): Add parameterized transaction naming for routes (#​17951)
  • fix(cloudflare): Keep http root span alive until streaming responses are consumed (#​18087)
  • fix(cloudflare): Wait for async events to finish (#​18334)
  • fix(core): continueTrace doesn't propagate given trace ID if active span exists (#​18328)
  • fix(node-core): Handle custom scope in log messages without parameters (#​18322)
  • fix(opentelemetry): Ensure Sentry spans don't leak when tracing is disabled (#​18337)
  • fix(react-router): Use underscores in trace origin values (#​18351)
  • chore(tanstackstart-react): Export custom inits from tanstackstart-react (#​18369)
  • chore(tanstackstart-react)!: Remove empty placeholder implementations (#​18338)
Internal Changes
  • chore: Allow URLs as issue (#​18372)
  • chore(changelog): Add entry for #​18304 (#​18329)
  • chore(ci): Add action to track all PRs as issues (#​18363)
  • chore(github): Adjust BUGBOT.md rules to flag invalid op and origin values during review (#​18352)
  • ci: Add action to create issue on gitflow merge conflicts (#​18319)
  • ci(deps): bump actions/checkout from 5 to 6 (#​18268)
  • ci(deps): bump peter-evans/create-pull-request from 7.0.8 to 7.0.9 (#​18361)
  • test(cloudflare): Add typechecks for cloudflare-worker e2e test (#​18321)

v10.27.0

Compare Source

Important Changes
Other Changes
  • feat(core): Add gibibyte and pebibyte to InformationUnit type (#​18241)
  • feat(core): Add scope attribute APIs (#​18165)
  • feat(core): Re-add _experiments.enableLogs opti

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@ggrossetie
Copy link
Collaborator Author

ggrossetie commented Nov 27, 2025
edited
Loading

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: graphql/package-lock.json
npm warn Unknown env config "store". This will stop working in the next major version of npm.
npm error code ERESOLVE
npm error ERESOLVE could not resolve
npm error
npm error While resolving: @shelf/jest-mongodb@4.3.2
npm error Found: jest-environment-node@30.2.0
npm error node_modules/jest-environment-node
npm error   dev jest-environment-node@"~30.2.0" from the root project
npm error
npm error Could not resolve dependency:
npm error peer jest-environment-node@"28.x || 29.x" from @shelf/jest-mongodb@4.3.2
npm error node_modules/@shelf/jest-mongodb
npm error   dev @shelf/jest-mongodb@"~4.3" from the root project
npm error
npm error Conflicting peer dependency: jest-environment-node@29.7.0
npm error node_modules/jest-environment-node
npm error   peer jest-environment-node@"28.x || 29.x" from @shelf/jest-mongodb@4.3.2
npm error   node_modules/@shelf/jest-mongodb
npm error     dev @shelf/jest-mongodb@"~4.3" from the root project
npm error
npm error Fix the upstream dependency conflict, or retry
npm error this command with --force or --legacy-peer-deps
npm error to accept an incorrect (and potentially broken) dependency resolution.
npm error
npm error
npm error For a full report see:
npm error /tmp/renovate/cache/others/npm/_logs/2025-12-22T02_51_24_577Z-eresolve-report.txt
npm error A complete log of this run can be found in: /tmp/renovate/cache/others/npm/_logs/2025-12-22T02_51_24_577Z-debug-0.log

@netlify
Copy link

netlify bot commented Nov 27, 2025
edited
Loading

Deploy Preview for stylo-docs canceled.

Name Link
🔨 Latest commit d0400d3
🔍 Latest deploy log https://app.netlify.com/projects/stylo-docs/deploys/6948b234d3a97900083b2dab

@ggrossetie ggrossetie force-pushed the renovate/major-backend-dependencies branch 2 times, most recently from ae095b0 to 5001060 Compare November 29, 2025 02:43
@ggrossetie ggrossetie force-pushed the renovate/major-backend-dependencies branch 4 times, most recently from af276c8 to da567ce Compare December 15, 2025 02:49
@ggrossetie ggrossetie force-pushed the renovate/major-backend-dependencies branch from da567ce to d0400d3 Compare December 22, 2025 02:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ggrossetie