chore(deps): update JavaScript SDK to v10.38.0

[github-actions]

Bumps scripts/update-javascript.sh from 10.18.0 to 10.38.0.

Auto-generated by a dependency updater.

Changelog

10.38.0

Important Changes

• feat(tanstackstart-react): Auto-instrument request middleware (#18989)

  The sentryTanstackStart Vite plugin now automatically instruments middleware arrays in createFileRoute(). This captures performance data without requiring manual wrapping with wrapMiddlewaresWithSentry().

Other Changes

• feat: Use v4.8.0 bundler plugins (#18993)
• feat(browser): Add logs.metrics bundle (#19020)
• feat(browser): Add replay.logs.metrics bundle (#19021)
• feat(browser): Add tracing.replay.logs.metrics bundle (#19039)
• feat(deps): bump import-in-the-middle from 2.0.1 to 2.0.6 (#19042)
• feat(node): Add AI manual instrumentation exports to Node (#19063)
• feat(wasm): initialised sentryWasmImages for webworkers (#18812)
• fix(core): Classify custom AggregateErrors as exception groups (#19053)
• fix(nextjs): Turn off debugID injection if sourcemaps are explicitly disabled (#19010)
• fix(react): Avoid String(key) to fix Symbol conversion error (#18982)
• fix(react): Prevent lazy route handlers from updating wrong navigation span (#18898)

Internal Changes

- feat(deps-dev): bump types/rsvp from 4.0.4 to 4.0.9 ([#19038](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19038)) - ci(build): Run full test suite on new bundle with logs+metrics ([#19065](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19065)) - ci(deps): bump actions/create-github-app-token from 1 to 2 ([#19028](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19028)) - ci(deps): bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 ([#19029](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19029)) - chore: Add external contributor to CHANGELOG.md ([#19005](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19005)) - chore(aws-serverless): Fix local cache issues ([#19081](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19081)) - chore(dependabot): Allow all packages to update ([#19024](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19024)) - chore(dependabot): Update ignore patterns and add more groups ([#19037](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19037)) - chore(dependabot): Update ignore patterns and add more groups ([#19043](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19043)) - chore(deps-dev): bump edge-runtime/types from 3.0.1 to 4.0.0 ([#19032](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19032)) - chore(deps-dev): bump vercel/nft from 0.29.4 to 1.3.0 ([#19030](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19030)) - chore(deps): bump actions/artifact from 2.1.11 to 5.0.3 ([#19031](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19031)) - chore(deps): bump hono from 4.11.4 to 4.11.7 in /dev-packages/e2e-tests/test-applications/cloudflare-hono ([#19009](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19009)) - chore(deps): bump next from 16.0.9 to 16.1.5 in /dev-packages/e2e-tests/test-applications/nextjs-16-cacheComponents ([#19012](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19012)) - chore(deps): Bump trpc v11 dependency in e2e test ([#19061](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19061)) - chore(deps): Bump wrangler to 4.61.0 ([#19023](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19023)) - chore(deps): Upgrade remix-run deps to 2.17.4 ([#19040](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19040)) - chore(deps): Upgrade `next` versions 15 and 16 ([#19057](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19057)) - chore(deps): Upgrade Lerna to v8 ([#19050](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19050)) - chore(deps): Upgrade next to 14.2.35 ([#19055](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19055)) - chore(deps): Upgrade react-router, react-router/node, react-router/serve, react-router/dev to 7.13.0 ([#19026](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19026)) - chore(llm): Add claude skill + cursor command for adding new cdn bundles ([#19048](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19048)) - chore(llm): Ignore local Claude settings ([#18893](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/18893)) - chore(react): Update react-router-5 dev dependency to another than 5.0.0 ([#19047](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19047)) - chore(release): Add generate-changelog script ([#18999](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/18999)) - chore(remix): Upgrade remix-run/router to ^1.23.2 ([#19045](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19045)) - chore(solidstart): Bump peer dependencies of solidjs/start ([#19051](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19051)) - chore(solidstart): Upgrade Vinxi to update h3 peer dependency ([#19018](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19018)) - chore(tests): Reject messages from unknown origins in integration tests ([#19016](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/19016))

Work in this release was contributed by harshit078. Thank you for your contribution!

10.37.0

Important Changes

• feat(core): Introduces a new Sentry.setConversationId() API to track multi turn AI conversations across API calls. (#18909)

  You can now set a conversation ID that will be automatically applied to spans within that scope. This allows you to link traces from the same conversation together.

  import * as Sentry from 'sentry/node';
  
  // Set conversation ID for all subsequent spans
  Sentry.setConversationId('conv_abc123');
  
  // All AI spans will now include the gen_ai.conversation.id attribute
  await openai.chat.completions.create({...});

  This is particularly useful for tracking multiple AI API calls that are part of the same conversation, allowing you to analyze entire conversation flows in Sentry.
  The conversation ID is stored on the isolation scope and automatically applied to spans via the new conversationIdIntegration.

• feat(tanstackstart-react): Auto-instrument global middleware in sentryTanstackStart Vite plugin (#18844)

  The sentryTanstackStart Vite plugin now automatically instruments requestMiddleware and functionMiddleware arrays in createStart(). This captures performance data without requiring manual wrapping.

  Auto-instrumentation is enabled by default. To disable it:

  // vite.config.ts
  sentryTanstackStart({
    authToken: process.env.SENTRY_AUTH_TOKEN,
    org: 'your-org',
    project: 'your-project',
    autoInstrumentMiddleware: false,
  });

Other Changes

• feat(core): simplify truncation logic to only keep the newest message (#18906)
• feat(core): Support new client discard reason invalid (#18901)
• feat(deps): Bump OpenTelemetry instrumentations (#18934)
• feat(nextjs): Update default ignore list for sourcemaps (#18938)
• feat(node): pass prisma instrumentation options through (#18900)
• feat(nuxt): Don't run source maps related code on Nuxt "prepare" (#18936)
• feat(replay): Update client report discard reason for invalid sessions (#18796)
• feat(winston): Add customLevelMap for winston transport (#18922)
• feat(react-router): Add support for React Router instrumentation API (#18580)
• fix(astro): Do not show warnings for valid options (#18947)
• fix(core): Report well known values in gen_ai.operation.name attribute (#18925)
• fix(node-core): ignore vercel AbortError by default on unhandled rejection (#18973)
• fix(nuxt): include sentry.config.server.ts in nuxt app types (#18971)
• fix(profiling): Add platform to envelope item header (#18954)
• fix(react): Defer React Router span finalization until lazy routes load (#18881)
• ref(core): rename gen_ai.input.messages.original_length to sentry.sdk_meta.gen_ai.input.messages.original_length (#18970)
• ref(core): rename gen_ai.request.messages to gen_ai.input.messages (#18944)
• ref(core): Set system message as separate attribute (#18978)
• deps: Bump version of sentry-bundler-plugins (#18972)

Internal Changes

• chore(e2e): Add e2e claude skill (#18957)
• chore(e2e): Add Makefile to make running specific e2e test apps easier (#18953)
• chore(e2e): Modify e2e skill to also account for untracked files (#18959)
• ref(tests): use constants in ai integration tests and add missing ones (#18945)
• test(nextjs): Added nextjs CF workers test app (#18928)
• test(prisma): Move to yarn prisma (#18975)

Work in this release was contributed by sebws, harshit078, and fedetorre. Thank you for your contributions!

10.36.0

• feat(node): Add Prisma v7 support (#18908)
• feat(opentelemetry): Support db.system.name attribute for database spans (#18902)
• feat(deps): Bump OpenTelemetry dependencies (#18878)
• fix(core): Sanitize data URLs in http.client spans (#18896)
• fix(nextjs): Add ALS runner fallbacks for serverless environments (#18889)
• fix(node): Profiling debug ID matching

Internal Changes

• chore(deps-dev): bump remix-run/server-runtime from 2.15.2 to 2.17.3 in /packages/remix (#18750)

10.35.0

Important Changes

• feat(tanstackstart-react): Add sentryTanstackStart vite plugin to manage automatic source map uploads (#18712)

  You can now configure source maps upload for TanStack Start using the sentryTanstackStart Vite plugin:

  // vite.config.ts
  import { defineConfig } from 'vite';
  import { sentryTanstackStart } from 'sentry/tanstackstart-react';
  import { tanstackStart } from 'tanstack/react-start/plugin/vite';
  
  export default defineConfig({
    plugins: [
      sentryTanstackStart({
        authToken: process.env.SENTRY_AUTH_TOKEN,
        org: 'your-org',
        project: 'your-project',
      }),
      tanstackStart(),
    ],
  });

Other Changes

• feat(browser): Add CDN bundle for tracing.replay.feedback.logs.metrics (#18785)
• feat(browser): Add shim package for logs (#18831)
• feat(cloudflare): Automatically set the release id when CF_VERSION_METADATA is enabled (#18855)
• feat(core): Add ignored client report event drop reason (#18815)
• feat(logs): Add Log exports to browser and node packages (#18857)
• feat(node-core,bun): Export processSessionIntegration from node-core and add it to bun (#18852)
• fix(core): Find the correct IP address regardless their case (#18880)
• fix(core): Check for AI operation id to detect a vercelai span (#18823)
• fix(ember): Use ES5 syntax in inline vendor scripts (#18858)
• fix(fetch): Shallow-clone fetch options to prevent mutation (#18867)

Internal Changes

• chore(ci): Use javascript-sdk-gitflow app instead of personal token (#18829)
• chore(deps): Bump sveltejs/kit devDependency to 2.49.5 (#18848)
• chore(deps): Bump bundler plugins to ^4.6.2 (#18822)
• chore(deps): bump hono from 4.10.3 to 4.11.4 in /dev-packages/e2e-tests/test-applications/cloudflare-hono (#18806)
• chore(test): Bump svelte dependencies (#18850)
• chore(core): Comment out Error tests in langchain (#18837)
• meta(changelog): Fix entry for tanstack start vite plugin (#18883)
• test(e2e): Add testing app for User Feedback (#18877)
• test(fastify): Verify if upstream error is fixed and won't regress (#18838)

Work in this release was contributed by rreckonerr. Thank you for your contribution!

10.34.0

Important Changes

• feat(core): Add option to enhance the fetch error message (#18466)

  You can now enable enhanced fetch error messages by setting the enhancedFetchErrorMessage option. When enabled, the SDK will include additional context in fetch error messages to help with debugging.

• feat(nextjs): Add routeManifestInjection option to exclude routes from client bundle (#18798)

  A new routeManifestInjection option allows you to exclude sensitive routes from being injected into the client bundle.

• feat(tanstackstart-react): Add wrapMiddlewaresWithSentry for manual middleware instrumentation (#18680)

  You can now wrap your middlewares using wrapMiddlewaresWithSentry, allowing you to trace middleware execution in your TanStack Start application.

  import { createMiddleware } from 'tanstack/react-start';
  import { wrapMiddlewaresWithSentry } from 'sentry/tanstackstart-react';
  
  const loggingMiddleware = createMiddleware({ type: 'function' }).server(async ({ next }) => {
    console.log('Request started');
    return next();
  });
  
  export const [wrappedLoggingMiddleware] = wrapMiddlewaresWithSentry({ loggingMiddleware });

Other Changes

• feat(browser): Add CDN bundle for tracing.logs.metrics (#18784)
• feat(core,node-core): Consolidate bun and node types with ServerRuntimeOptions (#18734)
• feat(nextjs): Remove tracing from generation function template (#18733)
• fix(core): Don't record outcomes for failed client reports (#18808)
• fix(deno,cloudflare): Prioritize name from params over name from options (#18800)
• fix(web-vitals): Add error handling for invalid object keys in WeakMap (#18809)

Internal Changes

• ref(nextjs): Split withSentryConfig (#18777)
• test(e2e): Pin shopify/remix-oxygen to unblock ci (#18811)

10.33.0

Important Changes

• feat(core): Apply scope attributes to metrics (#18738)

  You can now set attributes on the SDK's scopes which will be applied to all metrics as long as the respective scopes are active. For the time being, only string, number and boolean attribute values are supported.

  Sentry.getGlobalScope().setAttributes({ is_admin: true, auth_provider: 'google' });
  
  Sentry.withScope(scope => {
    scope.setAttribute('step', 'authentication');
  
    // scope attributes `is_admin`, `auth_provider` and `step` are added
    Sentry.metrics.count('clicks', 1, { attributes: { activeSince: 100 } });
    Sentry.metrics.gauge('timeSinceRefresh', 4, { unit: 'hour' });
  });
  
  // scope attributes `is_admin` and `auth_provider` are added
  Sentry.metrics.count('response_time', 283.33, { unit: 'millisecond' });

• feat(tracing): Add Vercel AI SDK v6 support (#18741)

  The Sentry SDK now supports the Vercel AI SDK v6. Tracing and error monitoring will work automatically with the new version.

• feat(wasm): Add applicationKey option for third-party error filtering (#18762)

  Adds support for applying an application key to WASM stack frames that can be then used in the thirdPartyErrorFilterIntegration for detection of first-party code.

  Usage:

  Sentry.init({
    integrations: [
      // Integration order matters: wasmIntegration needs to be before thirdPartyErrorFilterIntegration
      wasmIntegration({ applicationKey: 'your-custom-application-key' }), ←───┐
      thirdPartyErrorFilterIntegration({                                      │
        behaviour: 'drop-error-if-exclusively-contains-third-party-frames',   ├─ matching keys
        filterKeys: ['your-custom-application-key'] ←─────────────────────────┘
      }),
    ],
  });

Other Changes

• feat(cloudflare): Support propagateTraceparent (#18569)
• feat(core): Add ignoreSentryInternalFrames option to thirdPartyErrorFilterIntegration (#18632)
• feat(core): Add gen_ai.conversation.id attribute to OpenAI and LangGr… (#18703)
• feat(core): Add recordInputs/recordOutputs options to MCP server wrapper (#18600)
• feat(core): Support IPv6 hosts in the DSN (#2996) (#17708)
• feat(deps): Bump bundler plugins to ^4.6.1 (#17980)
• feat(nextjs): Emit warning for conflicting treeshaking / debug settings (#18638)
• feat(nextjs): Print Turbopack note for deprecated webpack options (#18769)
• feat(node-core): Add isolateTrace option to node-cron instrumentation (#18416)
• feat(node): Use process.on('SIGTERM') for flushing in Vercel functions (#17583)
• feat(nuxt): Detect development environment and add dev E2E test (#18671)
• fix(browser): Forward worker metadata for third-party error filtering (#18756)
• fix(browser): Reduce number of visibilitystate and pagehide listeners (#18581)
• fix(browser): Respect tunnel in diagnoseSdkConnectivity (#18616)
• fix(cloudflare): Consume body of fetch in the Cloudflare transport (#18545)
• fix(core): Set op on ended Vercel AI spans (#18601)
• fix(core): Subtract performance.now() from browserPerformanceTimeOrigin fallback (#18715)
• fix(core): Update client options to allow explicit undefined (#18024)
• fix(feedback): Fix cases where the outline of inputs were wrong (#18647)
• fix(next): Ensure inline sourcemaps are generated for wrapped modules in Dev (#18640)
• fix(next): Wrap all Random APIs with a safe runner (#18700)
• fix(nextjs): Avoid Edge build warning from OpenTelemetry process.argv0 (#18759)
• fix(nextjs): Remove polynomial regular expression (#18725)
• fix(node-core): Ignore worker threads in OnUncaughtException (#18689)
• fix(node): relax Fastify's setupFastifyErrorHandler argument type (#18620)
• fix(nuxt): Allow overwriting server-side defaultIntegrations (#18717)
• fix(pino): Allow custom namespaces for msg and err (#18597)
• fix(react,solid,vue): Fix parametrization behavior for non-matched routes (#18735)
• fix(replay): Ensure replays contain canvas rendering when resumed after inactivity (#18714)
• fix(tracing): add gen_ai.request.messages.original_length attributes (#18608)
• ref(nextjs): Drop resolve dependency (#18618)
• ref(react-router): Use snake_case for span op names (#18617)

Internal Changes

• chore(bun): Fix install-bun.js version check and improve upgrade feedback (#18492)
• chore(changelog): Fix typo (#18648)
• chore(craft): Use version templating for aws layer (#18675)
• chore(deps): Bump IITM to ^2.0.1 (#18599)
• chore(e2e-tests): Upgrade trpc/server and trpc/client (#18722)
• chore(e2e): Unpin react-router-7-framework-spa to ^7.11.0 (#18551)
• chore(nextjs): Bump next version in dev deps (#18661)
• chore(node-tests): Upgrade langchain/core (#18720)
• chore(react): Inline hoist-non-react-statics package (#18102)
• chore(size-limit): Add size checks for metrics and logs (#18573)
• chore(tests): Add unordered mode to cloudflare test runner (#18596)
• ci(deps): bump actions/cache from 4 to 5 (#18654)
• ci(deps): Bump actions/create-github-app-token from 2.2.0 to 2.2.1 (#18656)
• ci(deps): bump actions/upload-artifact from 5 to 6 (#18655)
• ci(deps): bump peter-evans/create-pull-request from 7.0.9 to 8.0.0 (#18657)
• doc: E2E testing documentation updates (#18649)
• ref(core): Extract and reuse getCombinedScopeData helper (#18585)
• ref(core): Remove dependence between performance.timeOrigin and performance.timing.navigationStart (#18710)
• ref(core): Streamline and test browserPerformanceTimeOrigin (#18708)
• ref(core): Strengthen browserPerformanceTimeOrigin reliability check (#18719)
• ref(core): Use serializeAttributes for metric attribute serialization (#18582)
• ref(node): Remove duplicate function isCjs (#18662)
• test(core): Improve unit test performance for offline transport tests (#18628)
• test(core): Use fake timers in promisebuffer tests to ensure deterministic behavior (#18659)
• test(e2e): Add e2e metrics tests in Next.js 16 (#18643)
• test(e2e): Pin agents package in cloudflare-mcp test (#18609)
• test(e2e): Pin solid/vue tanstack router to 1.41.8 (#18610)
• test(nestjs): Add canary test for latest (#18685)
• test(node-native): Increase worker block timeout (#18683)
• test(nuxt): Fix nuxt-4 dev E2E test (#18737)
• test(tanstackstart-react): Add canary test for latest (#18686)
• test(vue): Added canary and latest test variants to Vue tests (#18681)

Work in this release was contributed by G-Rath, gianpaj, maximepvrt, Mohataseem89, sebws, and xgedev. Thank you for your contributions!

10.32.1

• fix(cloudflare): Add hono transaction name when error is thrown (#18529)
• fix(ember): Make implementation field optional (hash routes) (#18564)
• fix(vercelai): Fix input token count (#18574)

Internal Changes

• chore(lint): prefer 'unknown' to 'any', fix lint warnings
• chore(test): Remove cloudflare-astro e2e test (#18567)

10.32.0

Important Changes

• feat(core): Apply scope attributes to logs (#18184)

  You can now set attributes on the SDK's scopes which will be applied to all logs as long as the respective scopes are active. For the time being, only string, number and boolean attribute values are supported.

  Sentry.getGlobalScope().setAttributes({ is_admin: true, auth_provider: 'google' });
  
  Sentry.withScope(scope => {
    scope.setAttribute('step', 'authentication');
  
    // scope attributes `is_admin`, `auth_provider` and `step` are added
    Sentry.logger.info(`user ${user.id} logged in`, { activeSince: 100 });
    Sentry.logger.info(`updated ${user.id} last activity`);
  });
  
  // scope attributes `is_admin` and `auth_provider` are added
  Sentry.logger.warn('stale website version, reloading page');

• feat(replay): Add Request body with attachRawBodyFromRequest option (#18501)

  To attach the raw request body (from Request objects passed as the first fetch argument) to replay events, you can now use the attachRawBodyFromRequest option in the Replay integration:

  Sentry.init({
    integrations: [
      Sentry.replayIntegration({
        attachRawBodyFromRequest: true,
      }),
    ],
  });

• feat(tanstackstart-react): Trace server functions (#18500)

  To enable tracing for server-side requests, you can now explicitly define a server entry point in your application and wrap your request handler with wrapFetchWithSentry.

  // src/server.ts
  import { wrapFetchWithSentry } from 'sentry/tanstackstart-react';
  import handler, { createServerEntry } from 'tanstack/react-start/server-entry';
  
  export default createServerEntry(
    wrapFetchWithSentry({
      fetch(request: Request) {
        return handler.fetch(request);
      },
    }),
  );

• feat(vue): Add TanStack Router integration (#18547)

  The sentry/vue package now includes support for TanStack Router. Use tanstackRouterBrowserTracingIntegration to automatically instrument pageload and navigation transactions with parameterized routes:

  import { createApp } from 'vue';
  import { createRouter } from 'tanstack/vue-router';
  import * as Sentry from 'sentry/vue';
  import { tanstackRouterBrowserTracingIntegration } from 'sentry/vue/tanstackrouter';
  
  const router = createRouter({
    // your router config
  });
  
  Sentry.init({
    app,
    dsn: '__PUBLIC_DSN__',
    integrations: [tanstackRouterBrowserTracingIntegration(router)],
    tracesSampleRate: 1.0,
  });

Other Changes

• feat(core): Capture initialize attributes on MCP servers (#18531)
• feat(nextjs): Extract tracing logic from server component wrapper templates (#18408)
• feat(nextjs): added webpack treeshaking flags as config (#18359)
• fix(solid/tanstackrouter): Ensure web vitals are sent on pageload (#18542)

Internal Changes

• chore(changelog): Add entry for scope attributes (#18555)
• chore(changelog): Add entry for tanstack start wrapFetchWithSentry (#18558)
• chore(deps): bump trpc/server from 10.45.2 to 10.45.3 in /dev-packages/e2e-tests/test-applications/node-express-incorrect-instrumentation (#18530)
• chore(deps): bump trpc/server from 10.45.2 to 10.45.3 in /dev-packages/e2e-tests/test-applications/node-express-v5 (#18550)
• chore(e2e): Pin to react-router 7.10.1 in spa e2e test (#18548)
• chore(e2e): Remove check on http.response_content_length_uncompressed (#18536)
• chore(github): Add "Closes" to PR template (#18538)
• test(cloudflare-mcp): Unpin mcp sdk (#18528)
• test(nextjs): Add e2e tests for server component spans in next 16 (#18544)

10.31.0

Important Changes

• feat(browser): Add support for GraphQL persisted operations (#18505)

The graphqlClientIntegration now supports GraphQL persisted operations (queries). When a persisted query is detected, the integration will capture the operation hash and version as span attributes:

• graphql.persisted_query.hash.sha256 - The SHA-256 hash of the persisted query
• graphql.persisted_query.version - The version of the persisted query protocol

Additionally, the graphql.document attribute format has changed to align with OpenTelemetry semantic conventions. It now contains only the GraphQL query string instead of the full JSON request payload.

Before:

"graphql.document": "{\"query\":\"query Test { user { id } }\"}"

After:

"graphql.document": "query Test { user { id } }"

Other Changes

• feat(node): Support propagateTraceparent option (#18476)
• feat(bun): Expose spotlight option in TypeScript (#18436)
• feat(core): Add additional exports for captureException and captureMessage parameter types (#18521)
• feat(core): Export captureException and captureMessage parameter types (#18509)
• feat(core): Parse individual cookies from cookie header (#18325)
• feat(node): Add instrument OpenAI export to node (#18461)
• feat(nuxt): Bump sentry/vite-plugin and sentry/rollup-plugin to 4.6.1 (#18349)
• feat(profiling): Add support for Node v24 in the prune script (#18447)
• feat(tracing): strip inline media from messages (#18413)
• feat(node): Add ESM support for postgres.js instrumentation (#17961)
• fix(browser): Stringify span context in linked traces log statement (#18376)
• fix(google-cloud-serverless): Move types/express to optional peerDeps (#18452)
• fix(node-core): passthrough node-cron context (#17835)
• fix(tanstack-router): Check for fromLocation existence before reporting pageload (#18463)
• fix(tracing): add system prompt, model to google genai (#18424)
• fix(tracing): Set span operations for AI spans with model ID only (#18471)
• ref(browser): Improve profiling debug statement (#18507)

Internal Changes

• chore: Add external contributor to CHANGELOG.md (#18473)
• chore: upgrade Playwright to ~1.56.0 for WSL2 compatibility (#18468)
• chore(bugbot): Add testing conventions code review rules (#18433)
• chore(deps): bump next from 14.2.25 to 14.2.35 in /dev-packages/e2e-tests/test-applications/create-next-app (#18494)
• chore(deps): bump next from 14.2.32 to 14.2.35 in /dev-packages/e2e-tests/test-applications/nextjs-orpc (#18520)
• chore(deps): bump next from 14.2.32 to 14.2.35 in /dev-packages/e2e-tests/test-applications/nextjs-pages-dir (#18496)
• chore(deps): bump next from 15.5.7 to 15.5.9 in /dev-packages/e2e-tests/test-applications/nextjs-15 (#18482)
• chore(deps): bump next from 15.5.7 to 15.5.9 in /dev-packages/e2e-tests/test-applications/nextjs-15-intl (#18483)
• chore(deps): bump next from 16.0.7 to 16.0.9 in /dev-packages/e2e-tests/test-applications/nextjs-16 (#18480)
• chore(deps): bump next from 16.0.7 to 16.0.9 in /dev-packages/e2e-tests/test-applications/nextjs-16-cacheComponents (#18479)
• chore(deps): bump next from 16.0.7 to 16.0.9 in /dev-packages/e2e-tests/test-applications/nextjs-16-tunnel (#18481)
• chore(deps): bump next from 16.0.9 to 16.0.10 in /dev-packages/e2e-tests/test-applications/nextjs-16 (#18514)
• chore(deps): bump next from 16.0.9 to 16.0.10 in /dev-packages/e2e-tests/test-applications/nextjs-16-tunnel (#18487)
• chore(tests): Added test variant flag (#18458)
• test(cloudflare-mcp): Pin mcp sdk to 1.24.0 (#18524)

Work in this release was contributed by sebws and TBeeren. Thank you for your contributions!

10.30.0

• feat(nextjs): Deprecate Webpack top-level options (#18343)
• feat(node): Capture scope when event loop blocked (#18040)
• fix(aws-serverless): Remove hyphens from AWS-lambda origins (#18353)
• fix(core): Parse method from Request object in fetch (#18453)
• fix(react): Add transaction name guards for rapid lazy-route navigations (#18346)

Internal Changes

• chore(ci): Fix double issue creation for unreferenced PRs (#18442)
• chore(deps): bump next from 15.5.4 to 15.5.7 in /dev-packages/e2e-tests/test-applications/nextjs-15 (#18411)
• chore(deps): bump next from 15.5.4 to 15.5.7 in /dev-packages/e2e-tests/test-applications/nextjs-15-intl (#18400)
• chore(deps): bump next from 16.0.0 to 16.0.7 in /dev-packages/e2e-tests/test-applications/nextjs-16 (#18399)
• chore(deps): bump next from 16.0.0 to 16.0.7 in /dev-packages/e2e-tests/test-applications/nextjs-16-cacheComponents (#18427)
• chore(deps): bump next from 16.0.0 to 16.0.7 in /dev-packages/e2e-tests/test-applications/nextjs-16-tunnel (#18439)
• chore(publish): Fix publish order for sentry/types (#18429)
• ci(deps): bump actions/create-github-app-token from 2.1.4 to 2.2.0 (#18362)

10.29.0

Important Changes

• feat(solid|solidstart): Bump accepted solidjs/router range (#18395)

We expanded the supported version range for solidjs/router to include 0.14.x and 0.15.x versions.

Other Changes

• fix(logs): Add support for msg in pino integration (#18389)
• fix(node): Include system message in anthropic-ai messages span (#18332)
• fix(tracing): Add missing attributes in vercel-ai spans (#18333)

Internal Changes

• chore(tanstackstart-react): clean up re-exported types (#18393)
• ref(core): Avoid looking up openai integration options (#17695)
• test(nuxt): Relax captured unhandled error assertion (#18397)
• test(tanstackstart-react): Set up E2E test application (#18358)

10.28.0

Important Changes

• feat(core): Make matcher parameter optional in makeMultiplexedTransport (#10798)

The matcher parameter in makeMultiplexedTransport is now optional with a sensible default. This makes it much easier to use the multiplexed transport for sending events to multiple DSNs based on runtime configuration.

Before:

import { makeFetchTransport, makeMultiplexedTransport } from 'sentry/browser';

const EXTRA_KEY = 'ROUTE_TO';

const transport = makeMultiplexedTransport(makeFetchTransport, args => {
  const event = args.getEvent();
  if (event?.extra?.[EXTRA_KEY] && Array.isArray(event.extra[EXTRA_KEY])) {
    return event.extra[EXTRA_KEY];
  }
  return [];
});

Sentry.init({
  transport,
  // ... other options
});

// Capture events with routing info
Sentry.captureException(error, {
  extra: {
    [EXTRA_KEY]: [
      { dsn: 'https://key1sentry.io/project1', release: 'v1.0.0' },
      { dsn: 'https://key2sentry.io/project2' },
    ],
  },
});

After:

import { makeFetchTransport, makeMultiplexedTransport, MULTIPLEXED_TRANSPORT_EXTRA_KEY } from 'sentry/browser';

// Just pass the transport generator - the default matcher handles the rest!
Sentry.init({
  transport: makeMultiplexedTransport(makeFetchTransport),
  // ... other options
});

// Capture events with routing info using the exported constant
Sentry.captureException(error, {
  extra: {
    [MULTIPLEXED_TRANSPORT_EXTRA_KEY]: [
      { dsn: 'https://key1sentry.io/project1', release: 'v1.0.0' },
      { dsn: 'https://key2sentry.io/project2' },
    ],
  },
});

The default matcher looks for routing information in event.extra[MULTIPLEXED_TRANSPORT_EXTRA_KEY]. You can still provide a custom matcher function for advanced use cases.

• feat(nextjs): Support cacheComponents on turbopack (#18304)

This release adds support for cacheComponents on turbopack builds. We are working on adding support for this feature in webpack builds as well.

Other Changes

• feat: Publish AWS Lambda Layer for Node 24 (#18327)
• feat(browser): Expose langchain instrumentation (#18342)
• feat(browser): Expose langgraph instrumentation (#18345)
• feat(cloudflare): Allow specifying a custom fetch in Cloudflare transport options (#18335)
• feat(core): Add isolateTrace option to Sentry.withMonitor() (#18079)
• feat(deps): bump sentry/webpack-plugin from 4.3.0 to 4.6.1 (#18272)
• feat(nextjs): Add cloudflare waitUntil detection (#18336)
• feat(node): Add LangChain v1 support (#18306)
• feat(remix): Add parameterized transaction naming for routes (#17951)
• fix(cloudflare): Keep http root span alive until streaming responses are consumed (#18087)
• fix(cloudflare): Wait for async events to finish (#18334)
• fix(core): continueTrace doesn't propagate given trace ID if active span exists (#18328)
• fix(node-core): Handle custom scope in log messages without parameters (#18322)
• fix(opentelemetry): Ensure Sentry spans don't leak when tracing is disabled (#18337)
• fix(react-router): Use underscores in trace origin values (#18351)
• chore(tanstackstart-react): Export custom inits from tanstackstart-react (#18369)
• chore(tanstackstart-react)!: Remove empty placeholder implementations (#18338)

Internal Changes

• chore: Allow URLs as issue (#18372)
• chore(changelog): Add entry for #18304 (#18329)
• chore(ci): Add action to track all PRs as issues (#18363)
• chore(github): Adjust BUGBOT.md rules to flag invalid op and origin values during review (#18352)
• ci: Add action to create issue on gitflow merge conflicts (#18319)
• ci(deps): bump actions/checkout from 5 to 6 (#18268)
• ci(deps): bump peter-evans/create-pull-request from 7.0.8 to 7.0.9 (#18361)
• test(cloudflare): Add typechecks for cloudflare-worker e2e test (#18321)

10.27.0

Important Changes

• feat(deps): Bump OpenTelemetry (#18239)

  • Bump opentelemetry/context-async-hooks from ^2.1.0 to ^2.2.0
  • Bump opentelemetry/core from ^2.1.0 to ^2.2.0
  • Bump opentelemetry/resources from ^2.1.0 to ^2.2.0
  • Bump opentelemetry/sdk-trace-base from ^2.1.0 to ^2.2.0
  • Bump opentelemetry/sdk-trace-node from ^2.1.0 to ^2.2.0
  • Bump opentelemetry/instrumentation from 0.204.0 to 0.208.0
  • Bump opentelemetry/instrumentation-amqplib from 0.51.0 to 0.55.0
  • Bump opentelemetry/instrumentation-aws-sdk from 0.59.0 to 0.64.0
  • Bump opentelemetry/instrumentation-connect from 0.48.0 to 0.52.0
  • Bump opentelemetry/instrumentation-dataloader from 0.22.0 to 0.26.0
  • Bump opentelemetry/instrumentation-express from 0.53.0 to 0.57.0
  • Bump opentelemetry/instrumentation-fs from 0.24.0 to 0.28.0
  • Bump opentelemetry/instrumentation-generic-pool from 0.48.0 to 0.52.0
  • Bump opentelemetry/instrumentation-graphql from 0.52.0 to 0.56.0
  • Bump opentelemetry/instrumentation-hapi from 0.51.0 to 0.55.0
  • Bump opentelemetry/instrumentation-http from 0.204.0 to 0.208.0
  • Bump opentelemetry/instrumentation-ioredis from 0.52.0 to 0.56.0
  • Bump opentelemetry/instrumentation-kafkajs from 0.14.0 to 0.18.0
  • Bump opentelemetry/instrumentation-knex from 0.49.0 to 0.53.0
  • Bump opentelemetry/instrumentation-koa from 0.52.0 to 0.57.0
  • Bump opentelemetry/instrumentation-lru-memoizer from 0.49.0 to 0.53.0
  • Bump opentelemetry/instrumentation-mongodb from 0.57.0 to 0.61.0
  • Bump opentelemetry/instrumentation-mongoose from 0.51.0 to 0.55.0
  • Bump opentelemetry/instrumentation-mysql from 0.50.0 to 0.54.0
  • Bump opentelemetry/instrumentation-mysql2 from 0.51.0 to 0.55.0
  • Bump opentelemetry/instrumentation-nestjs-core from 0.50.0 to 0.55.0
  • Bump opentelemetry/instrumentation-pg from 0.57.0 to 0.61.0
  • Bump opentelemetry/instrumentation-redis from 0.53.0 to 0.57.0
  • Bump opentelemetry/instrumentation-tedious from 0.23.0 to 0.27.0
  • Bump opentelemetry/instrumentation-undici from 0.15.0 to 0.19.0
  • Bump prisma/instrumentation from 6.15.0 to 6.19.0

• feat(browserprofiling): Add manual mode and deprecate old profiling (#18189)

  Adds the manual lifecycle mode for UI profiling (the default mode), allowing profiles to be captured manually with Sentry.uiProfiler.startProfiler() and Sentry.uiProfiler.stopProfiler().
  The previous transaction-based profiling is with profilesSampleRate is now deprecated in favor of the new UI Profiling with profileSessionSampleRate.

Other Changes

• feat(core): Add gibibyte and pebibyte to InformationUnit type (#18241)
• feat(core): Add scope attribute APIs (#18165)
• feat(core): Re-add _experiments.enableLogs option (#18299)
• feat(core): Use maxValueLength on error messages (#18301)
• feat(deps): bump sentry/bundler-plugin-core from 4.3.0 to 4.6.1 (#18273)
• feat(deps): bump sentry/cli from 2.56.0 to 2.58.2 (#18271)
• feat(node): Add tracing support for AzureOpenAI (#18281)
• feat(node): Fix local variables capturing for out-of-app frames (#18245)
• fix(core): Add a PromiseBuffer for incoming events on the client (#18120)
• fix(core): Always redact content of sensitive headers regardless of sendDefaultPii (#18311)
• fix(metrics): Update return type of beforeSendMetric (#18261)
• fix(nextjs): universal random tunnel path support (#18257)
• ref(react): Add more guarding against wildcards in lazy route transactions (#18155)
• chore(deps): bump glob from 11.0.1 to 11.1.0 in /packages/react-router (#18243)

Internal Changes

- build(deps): bump hono from 4.9.7 to 4.10.3 in /dev-packages/e2e-tests/test-applications/cloudflare-hono ([#18038](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/18038)) - chore: Add `bump_otel_instrumentations` cursor command ([#18253](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/18253)) - chore: Add external contributor to CHANGELOG.md ([#18297](https://github-redirect.dependabot.com/getsentry/sentry-javascript/pull/18297))

⚠️ Changelog content truncated by 26964 characters because it was over the limit (60000) and wouldn't fit into PR description.