Bump nuxt from ^3.13.2 to ^3.21.1 in @sentry/nuxt devDependencies. This
pulls in @nuxt/devtools@3.1.1 which depends on diff@^8.0.2, replacing
the vulnerable diff@7.0.0 (DoS via parsePatch infinite loop).

Nuxt can only be upgraded to `3.17.7` because later versions are using
Vite v7 as dependency and this causes our Node 18 tests to fail.

---

Summary of Vite dependency chain:
`nuxt` -
[@nuxt/vite-builder](https://github.com/nuxt/nuxt/blob/617b266c732267755a8771b967d693b32e74fca4/packages/nuxt/package.json#L83)
->
[vite-node](https://github.com/nuxt/nuxt/blob/617b266c732267755a8771b967d693b32e74fca4/packages/vite/package.json#L66)
->
[vite](https://github.com/antfu-collective/vite-node/blob/48f3ec7044513349597045ac7053efd8c3db2ba4/package.json#L89)

And from Nuxt `3.20.1`, vite-node was bumped from [major 3 to
5](nuxt/nuxt#33674) which uses [vite
7](https://github.com/antfu-collective/vite-node/blob/2a2d77749c6f97117557c6a584abef15e1f7a46e/package.json#L56)

But also, Nuxt `3.17.7` is the last version which uses Vite 6:
https://github.com/nuxt/nuxt/blob/b56bc134455391f3ea43d29140162f0b04b615b0/packages/vite/package.json#L62

---

Fixes
https://github.com/getsentry/sentry-javascript/security/dependabot/958

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: s1gr1d <32902192+s1gr1d@users.noreply.github.com>

This caused issues in releases where the file got modified somewhere in
the lerna pipeline which then failed our prettier job.

#19296)

Enhances the AI integration guidelines with:

- Runtime-specific placement rules (Node.js, Cloudflare Workers, Browser
only SDKs should stay in their respective packages)
- Mandatory auto-detection requirement for all AI integrations
- E2E testing references for Cloudflare Workers and Browser runtimes
- Attribute restriction rule (only use attributes from
https://getsentry.github.io/sentry-conventions/attributes/gen_ai/)

Closes #19297 (added automatically)

…19308)

Unblocking CI.

Closes #19309 (added automatically)

Closes #15455
Closes #12450

…l option (#19280)

- Adds `sourcemaps.filesToDeleteAfterUpload` to the Next.js SDK's
SentryBuildOptions type, allowing users to specify custom glob patterns
for
source map deletion after upload.
- When set, this option overrides the default deletion patterns computed
by `deleteSourcemapsAfterUpload`, giving users fine-grained control —
including the ability to target server-side source maps if desired.
  
 closes #19235

…vents (#19316)

Calls to `Sentry.captureException()` inside a Next.js App Router route
handler, lead to unparameterized transaction names

- This happens because non-transaction events read their `transaction`
from the isolation scope's `transactionName`, which is set to the raw
URL by `httpServerIntegration`. On turbopack, the webpack wrapping
loader doesn't run, so `wrapRouteHandlerWithSentry` (which sets the
parameterized name on the current scope) is never called.
- The fix updates `handleOnSpanStart` to also set the parameterized
route on the isolation scope when hoisting the `next.route` attribute to
the root span. This ensures manually captured events get the
parameterized route regardless of bundler.
- Adds E2E tests for route handler errors (`throw`), `captureException`,
and `captureMessage` with parameterized routes in the `nextjs-16` test
app.

closes #19312

- Adds a new E2E test application (nextjs-16-bun) that runs Next.js 16
on Bun's runtime via `bun --bun next build/start`
- Update CI to pick up this test for the bun runtime

 Some limitations we ran into:

**1. Outgoing fetch trace propagation is broken**

`sentry-trace` and `baggage` headers are not attached to outgoing
fetch() requests. The OTel `nativeNodeFetchIntegration` does not
intercept Bun's native fetch implementation, so distributed tracing
across services does not work. The inbound request starts a new trace
instead of continuing the caller's trace.

**2. HTTP request headers not extracted as span attributes**

Inbound HTTP request headers (e.g. User-Agent, custom headers) are not
populated as http.request.header.* attributes on server spans. The OTel
HTTP instrumentation doesn't extract these when running on Bun.

Will create tickets for the findings.

ref
https://linear.app/getsentry/issue/FE-713/investigate-nextjsbun-setup

This PR migrates our formatting tool from `prettier` to `oxfmt` which is
part of the oxc toolchain and offers faster checking and format fixing
speeds while [maintaining the same
coverage](https://x.com/boshen_c/status/2018329440607203471).

I created a follow up PR in #19311 to unignore a few rules and fix the
associated snapshot tests affected by it.

### Benchmarks

Benchmark | Prettier | oxfmt | Speedup
-- | -- | -- | --
CI | 45s | 6.0s-7.0s | ~5x-7.5×
Local M3 Pro | 22s | 1.22s-1.98s | ~11×

---
closes #19223

[Gitflow] Merge master into develop

When using `captureUnderscoreErrorException` on an `_error` page, the
events were mostly dropped because it already existed from a
Sentry-wrapped data fetcher (like `getServerProps`). This resulted in
not sending the error to Sentry but still generating a new event ID
which was used as `lastEventId` (and thus was wrong).

Closes #19217
Also, check out this specific comment within the issue as it gives more
context:
#19217 (comment)

The wrapper is not needed, as it's just making the sure the types are
correct. We can just use the type.

For reference, this is the code for the wrapper:
https://github.com/nitrojs/nitro/blob/f663e76df6b25610432c915f19d3cf7c5c19f72e/src/runtime/internal/plugin.ts

Closes #19277

…19336)

This resolves a leak where `SentryNonRecordingSpan` are pilled up when
`tracingSampleRate` is set to `0`. Theoretically
`SentryNonRecordingSpan` are still treated as spans and added to the
`spans` list, but never removed

By moving `shouldCreateSpanResult` closer to the actual span logic, this
is now resolved.

Closes #19337 (added automatically)

Closes #19335

## Summary

- Add `metrics` to the `@sentry/core` re-export block in
`packages/deno/src/index.ts`
- The `metrics` namespace is already exported from `@sentry/core` and
re-exported by `@sentry/node`, but was missing from the Deno SDK

## Test plan

- [x] `yarn build:dev:filter @sentry/deno` passes
- [x] `cd packages/deno && yarn test` — all 12 tests pass
- [x] `eslint src/index.ts` — no lint issues

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Closes #19307 (added automatically)

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

Came across this while working on the same issue in Nuxt:
#19243

We should respect both the environment option from the `options` and
from the environment variable.

Related: #19238

…19291)

OTel's `PgInstrumentation` exposes an option to ignore
`pg(.pool).connect` spans.
This option was added recently in
open-telemetry/opentelemetry-js-contrib#3280. We
should allow users to configure our wrapping `postgresIntegration` with
the same option.

…h null/undefined array elements (#19346)

Added a guard against null/undefined elements in
isPromiseAllSettledResult which caused TypeError: Cannot convert
undefined or null to object when captureAllSettledReasons: true and the
Lambda handler returned an array containing nullish values.

closes #19344

## Summary
- Re-export `logger` and `consoleLoggingIntegration` from `@sentry/core`
in the Deno SDK
- Add integration test verifying `logger.info()` produces a log envelope
item with correct `level` and `body`

## Test plan
- [x] `yarn build:dev:filter @sentry/deno` — builds successfully
- [x] `cd packages/deno && yarn test` — all 13 tests pass
- [x] `eslint packages/deno/src/index.ts` — no lint errors

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Closes #19314 (added automatically)

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

- Replace lerna with Nx for all monorepo task execution (`lerna run` →
`nx run-many`). Lerna was already using Nx under the hood, so this
removes the wrapper layer and uses Nx directly.
- Replace `lerna version` with a custom `scripts/bump-version.js` for
release version bumping. The script replicates `lerna version
--force-publish --exact --no-git-tag-version --no-push` – bumps all
workspace package versions and updates internal dependency references to
exact versions. Also added some unit tests.
- Remove lerna dependency (`lerna.json`, `lerna` devDependency) and add
`nx` as a direct devDependency (22.5.0).
- Move lockfile stability check to its own CI jo (`job_check_lockfile`)
that runs in parallel with the build.
- Configure Nx TUI to auto-exit so `yarn build` doesn't hang waiting for
ESC.
- Adds a `.version.json` as a single source of truth for the current
version (this works well with triggering gitflow)
- Update docs (`CLAUDE.md`, `CONTRIBUTING.md`, `.cursor/rules`) to
reflect the migration.

Closes #19340 (added automatically)

Closes #19362 (added automatically)

…iring pino >= 9.10 (#18631)

We discussed this in Bikeshedding, apm-js runtime hooks gets bundled in
frameworks still using CJS like Next.js, even if the user was not using
Pino integration at all. Attempts to tree-shake it failed as Next.js is
still using CJS.

We can drop support for older versions of Pino, given that `pino@9.10`
already exposes a tracing channel that we use, and that the injected
channel was a backup for `pino<9.10`

This will reduce bundle sizes and ensure frameworks incapable of esm
tree-shaking don't pick it up as a dependency.

I will remove `@apm-js-collab/tracing-hooks` as a dep from `node-core`
since nothing else uses it.

closes #18199

Adds `WebFetch` permissions for `docs.sentry.io` and
`develop.sentry.dev` to Claude Code settings, enabling Claude to fetch
documentation content directly from Sentry's official documentation
sites.

This follows the same pattern used in the sentry-cocoa repository.

Closes #18891 (added automatically)

---------

Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>

…19330)

This PR adds `sentryGlobalRequestMiddleware` and
`sentryGlobalFunctionMiddleware` that capture unhandled errors from all
HTTP requests and server function invocations. Users add these as the
first entries in the `requestMiddleware` / `functionMiddleware` arrays
of `createStart()`. These internal middlewares get marked with a
`__SENTRY_INTERNAL__`, so that they can be easily skipped in the vite
plugin to exclude them from middleware auto-instrumentation. Originally
we wanted to do this in the server-entry-point, but since there haven't
been any updates on this front in months I propose this as an
alternative solution for now. This is probably slightly worse UX but in
my case better than having nothing in place.

We could also think about auto-injecting this during the build, but
maybe not worth the effort since this is a one-time setup step.

**Limitations**

Tanstack Start has three types of server-side errors that we care about.
With these middlewares we can capture 2 of these (route, function
exceptions). We cannot capture SSR exceptions like this, because the
exceptions are serialized at a deeper layer and newer thrown.

**Usage**

```
import { sentryGlobalFunctionMiddleware, sentryGlobalRequestMiddleware } from '@sentry/tanstackstart-react';
import { createStart } from '@tanstack/react-start';

export const startInstance = createStart(() => ({
  requestMiddleware: [sentryGlobalRequestMiddleware, ...otherMiddleware],
  functionMiddleware: [sentryGlobalFunctionMiddleware, ...otherMiddleware],
}));
```

**Tests**

- Updated E2E tests to verify server side function/route errors are
being captured
- Added an E2E test to document that SSR exceptions are NOT being
captured

Closes #18283

…hen `skipOpenTelemetrySetup` is enabled (#19333)

When users bring their own OpenTelemetry setup, we were still mutating
their OTel spans by setting `sentry.drop_transaction` as a span
attribute.

Added early returns in `dropNextjsRootContext()` and
`dropMiddlewareTunnelRequests()` to skip span mutation when
skipOpenTelemetrySetup is enabled

closes #19169

Builds on #19200 by:

- Removing the ignores that were affecting `*.hbs` and `*.html` files
- Fixed some malformed HTML in our tests

I initially thought it was some extra stuff done by oxfmt, but its just
we didn't have those file extensions in the extension list for the
format script. so, its the same output if prettier ran over those files.

closes #19223

closes #19215 
closes
[JS-1656](https://linear.app/getsentry/issue/JS-1656/support-astro-on-cloudflare-workers)

This allows to deploy Astro on CF Workers and instrument it with Sentry

The main issue was that within CF Workers everything needs to be wrapped
with `withSentry` from the `@sentry/cloudflare` SDK. With this PR the
config cannot be changed via code and it is for now only possible to
update the config on Cloudflare via [Environment
Variables](https://developers.cloudflare.com/workers/configuration/environment-variables/).

I couldn't come up with a nice solution to have the config and bundle it
with the entrypoint of `@astro/cloudflare`.

### Future ideas

However, in `@astro/cloudflare@13` the entry point is not [exporting a
function](https://github.com/withastro/astro/blob/%40astrojs/cloudflare%4012.6.12/packages/integrations/cloudflare/src/entrypoints/server.ts)
anymore, but a real module:
https://github.com/withastro/astro/blob/%40astrojs/cloudflare%4013.0.0-beta.6/packages/integrations/cloudflare/src/entrypoints/server.ts

With this we could possibly change the entrypoint entirely to a Sentry
entrypoint where `withSentry` is available as code.

### Merge checks

- [x] Create docs issue to update Astro on Cloudflare docs

- Adds a new local Claude Code skill at
`.claude/skills/triage-issue/SKILL.md`
- Invoked via `/triage-issue <issue-number-or-url> [--ci]` to triage
GitHub issues on getsentry/sentry-javascript
- Produces a structured report with classification, root cause analysis,
cross-repo search results, and actionable next steps
- Optional --ci flag outputs a Linear payload stub (to be wired up
later)

Closes #19357 (added automatically)

After moving from lerna to nx, I noticed we run fewer tasks in
parrallel. This PR sets the limit to ~10~ 5. previously, we used the
[default
value](https://nx.dev/docs/guides/tasks--caching/run-tasks-in-parallel)
3.

If reviewers prefer a different number than ~10~ 5, I'm happy to change
it. On my local build this led to good results but mileage may vary.

UPDATE: I reduced the number from 10 to 5 because 10 concurrent tasks
produced random test fails on CI. After a bit or research, this most
likely relates to memory pressure or CPU starvation, due to many
parallel running threads. Vitest and Playwright run tests in multiple
threads, so if we multiply this with more concurrently running tests,
this produceds a lot of threads, especially in resource-constrained CI
runners. We could experiment further with a higher threshold but for now
I'd keep 5. If we run into inexplicable test fails, this is the PR we
need to revert.

Closes #19444 (added automatically)

…g skill (#19418)

Closes #19419 (added automatically)

…ary (#19456)

With the new addition of security measures (e.g. stopping immediately
with non-zero exit code), the action just stops when reaching 20 turns.
Before, the action ran for around 35 turns, so the limit is increased to
40.

Additionally (because strictly stopping execution and we no longer get a
Job Summary), a script was added to take the script output and post it.

So far, we no longer have tool call errors, just non-zero exit codes
because of too many turns. Now, we can at least see the summary from the
`claude-execution-output.json` (this is saved as an [`output` by the
claude
action](https://github.com/anthropics/claude-code-action/blob/edd85d61533cbba7b57ed0ca4af1750b1fdfd3c4/base-action/README.md?plain=1#L119)).

Previous `exit code 1` logs:
```
{
  "type": "result",
  "subtype": "error_max_turns",
  "is_error": false,
  ...
}
Log saved to /home/runner/work/_temp/claude-execution-output.json
Error: Execution failed: 
Error: Action failed with error: Claude execution failed: 
Error: Process completed with exit code 1.
```

Closes #19457 (added automatically)

…t color scheme (#19430)

Adds a `setTheme(colorScheme: 'light' | 'dark' | 'system')` method to
the feedback integration, allowing applications to update the widget's
color scheme at runtime without re-initializing the integration.
  
closes #19257

This PR unvendors `@fastify/otel` and bumps to the latest version. We
can do this now because the newest `minimatch` expanded node support to
node 18.

Closes: #19450

Adds an explicit `_INTERNAL_flushLogsBuffer(this)` call at the start of
the base Client.close() method, before flush(timeout) is called.

Previously, the log buffer flush during `close()` relied on an indirect
event chain: `close() → flush() → emit('flush') →
setupWeightBasedFlushing handler → _INTERNAL_flushLogsBuffer`. While
this works, it's fragile and could break if someone refactors the event
mechanism. The explicit call ensures logs are always flushed on close
regardless of the event wiring.

The call is placed before flush() so the log envelope is queued to the
transport before transport.flush(timeout) drains all pending sends.
_INTERNAL_flushLogsBuffer safely handles empty buffers (returns early),
so there's no overhead when logs are disabled or the buffer is empty.

All platform SDKs (NodeClient, LightNodeClient, DenoClient,
BrowserClient, CloudflareClient) ultimately call super.close() which
reaches this base implementation, so all runtimes benefit automatically.

closes #19347

…kages/e2e-tests/test-applications/sveltekit-cloudflare-pages (#19462)

Bumps
[@sveltejs/kit](https://github.com/sveltejs/kit/tree/HEAD/packages/kit)
from 2.49.5 to 2.52.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sveltejs/kit/releases"><code>@​sveltejs/kit</code>'s
releases</a>.</em></p>
<blockquote>
<h2><code>@​sveltejs/kit</code><a
href="https://github.com/2"><code>@​2</code></a>.52.2</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p>fix: validate <code>form</code> file information to prevent
amplification attacks (<a
href="https://github.com/sveltejs/kit/commit/3e607b314aec9e5f278d32847945b8b6323e1cb8"><code>3e607b3</code></a>)</p>
</li>
<li>
<p>chore: upgrade <code>devalue</code> and <code>svelte</code> (<a
href="https://redirect.github.com/sveltejs/kit/pull/15339">#15339</a>)</p>
</li>
<li>
<p>fix: parse file offset table more strictly (<a
href="https://github.com/sveltejs/kit/commit/f47c01bd8100328c24fdb8522fe35913b0735f35"><code>f47c01b</code></a>)</p>
</li>
</ul>
<h2><code>@​sveltejs/kit</code><a
href="https://github.com/2"><code>@​2</code></a>.52.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>feat: <code>match</code> function to map a path back to a route id
and params (<a
href="https://redirect.github.com/sveltejs/kit/pull/14997">#14997</a>)</li>
</ul>
<h3>Patch Changes</h3>
<ul>
<li>
<p>fix: respect scroll-margin when navigating to a url-supplied anchor
(<a
href="https://redirect.github.com/sveltejs/kit/pull/15246">#15246</a>)</p>
</li>
<li>
<p>fix: <code>resolve</code> will narrow types to follow trailing slash
page settings (<a
href="https://redirect.github.com/sveltejs/kit/pull/15027">#15027</a>)</p>
</li>
</ul>
<h2><code>@​sveltejs/kit</code><a
href="https://github.com/2"><code>@​2</code></a>.51.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>
<p>feat: add <code>scroll</code> property to
<code>NavigationTarget</code> in navigation callbacks (<a
href="https://redirect.github.com/sveltejs/kit/pull/15248">#15248</a>)</p>
<p>Navigation callbacks (<code>beforeNavigate</code>,
<code>onNavigate</code>, and <code>afterNavigate</code>) now include
scroll position information via the <code>scroll</code> property on
<code>from</code> and <code>to</code> targets:</p>
<ul>
<li><code>from.scroll</code>: The scroll position at the moment
navigation was triggered</li>
<li><code>to.scroll</code>: In <code>beforeNavigate</code> and
<code>onNavigate</code>, this is populated for <code>popstate</code>
navigations (back/forward) with the scroll position that will be
restored, and <code>null</code> for other navigation types. In
<code>afterNavigate</code>, this is always the final scroll position
after navigation completed.</li>
</ul>
<p>This enables use cases like animating transitions based on the target
scroll position when using browser back/forward navigation.</p>
</li>
<li>
<p>feat: <code>hydratable</code>'s injected script now works with CSP
(<a
href="https://redirect.github.com/sveltejs/kit/pull/15048">#15048</a>)</p>
</li>
</ul>
<h3>Patch Changes</h3>
<ul>
<li>
<p>fix: put preloads before styles (<a
href="https://redirect.github.com/sveltejs/kit/pull/15232">#15232</a>)</p>
</li>
<li>
<p>fix: suppress false-positive inner content warning when children prop
is forwarded to a child component (<a
href="https://redirect.github.com/sveltejs/kit/pull/15269">#15269</a>)</p>
</li>
<li>
<p>fix: <code>fetch</code> not working when URL is same host but
different than <code>paths.base</code> (<a
href="https://redirect.github.com/sveltejs/kit/pull/15291">#15291</a>)</p>
</li>
<li>
<p>fix: navigate to hash link when base element is present (<a
href="https://redirect.github.com/sveltejs/kit/pull/15236">#15236</a>)</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/sveltejs/kit/blob/main/packages/kit/CHANGELOG.md"><code>@​sveltejs/kit</code>'s
changelog</a>.</em></p>
<blockquote>
<h2>2.52.2</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p>fix: validate <code>form</code> file information to prevent
amplification attacks (<a
href="https://github.com/sveltejs/kit/commit/3e607b314aec9e5f278d32847945b8b6323e1cb8"><code>3e607b3</code></a>)</p>
</li>
<li>
<p>chore: upgrade <code>devalue</code> and <code>svelte</code> (<a
href="https://redirect.github.com/sveltejs/kit/pull/15339">#15339</a>)</p>
</li>
<li>
<p>fix: parse file offset table more strictly (<a
href="https://github.com/sveltejs/kit/commit/f47c01bd8100328c24fdb8522fe35913b0735f35"><code>f47c01b</code></a>)</p>
</li>
</ul>
<h2>2.52.1</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p>fix: clear stale preflight issues on subsequent valid form
submissions (<a
href="https://redirect.github.com/sveltejs/kit/pull/15281">#15281</a>)</p>
</li>
<li>
<p>chore: remove dependency on <code>sade</code> (<a
href="https://redirect.github.com/sveltejs/kit/pull/15272">#15272</a>)</p>
</li>
<li>
<p>fix: include <code>.txt</code> files in precompression (<a
href="https://redirect.github.com/sveltejs/kit/pull/15259">#15259</a>)</p>
</li>
<li>
<p>fix: escape backticks and dollar signs when creating inlined css (<a
href="https://redirect.github.com/sveltejs/kit/pull/15320">#15320</a>)</p>
</li>
<li>
<p>fix: increment <code>form.pending</code> count before preflight
validation (<a
href="https://redirect.github.com/sveltejs/kit/pull/15279">#15279</a>)</p>
</li>
</ul>
<h2>2.52.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>feat: <code>match</code> function to map a path back to a route id
and params (<a
href="https://redirect.github.com/sveltejs/kit/pull/14997">#14997</a>)</li>
</ul>
<h3>Patch Changes</h3>
<ul>
<li>
<p>fix: respect scroll-margin when navigating to a url-supplied anchor
(<a
href="https://redirect.github.com/sveltejs/kit/pull/15246">#15246</a>)</p>
</li>
<li>
<p>fix: <code>resolve</code> will narrow types to follow trailing slash
page settings (<a
href="https://redirect.github.com/sveltejs/kit/pull/15027">#15027</a>)</p>
</li>
</ul>
<h2>2.51.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>feat: add <code>scroll</code> property to
<code>NavigationTarget</code> in navigation callbacks (<a
href="https://redirect.github.com/sveltejs/kit/pull/15248">#15248</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/sveltejs/kit/commit/9c4a73733441acaa2f166d023fcdb977a9d88cf6"><code>9c4a737</code></a>
Version Packages (<a
href="https://github.com/sveltejs/kit/tree/HEAD/packages/kit/issues/15338">#15338</a>)</li>
<li><a
href="https://github.com/sveltejs/kit/commit/3e607b314aec9e5f278d32847945b8b6323e1cb8"><code>3e607b3</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/sveltejs/kit/commit/62991c81db4f50ccfb08a9ac5e05ccba4ddab59e"><code>62991c8</code></a>
chore: upgrade <code>devalue</code> and <code>svelte</code> (<a
href="https://github.com/sveltejs/kit/tree/HEAD/packages/kit/issues/15339">#15339</a>)</li>
<li><a
href="https://github.com/sveltejs/kit/commit/f47c01bd8100328c24fdb8522fe35913b0735f35"><code>f47c01b</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/sveltejs/kit/commit/6f69ded005c14db0c2e6a73843cc5e5cb15b684f"><code>6f69ded</code></a>
Version Packages (<a
href="https://github.com/sveltejs/kit/tree/HEAD/packages/kit/issues/15321">#15321</a>)</li>
<li><a
href="https://github.com/sveltejs/kit/commit/e87efba90aeb04227e6a1a5e9017989e7f1c78dc"><code>e87efba</code></a>
fix: clear stale preflight issues on subsequent valid form submissions
(<a
href="https://github.com/sveltejs/kit/tree/HEAD/packages/kit/issues/15281">#15281</a>)</li>
<li><a
href="https://github.com/sveltejs/kit/commit/4f367d5bf80935e99c9048e75d6f7e258730980f"><code>4f367d5</code></a>
chore: fix Node 18 CI by changing .remote.js import to .remote.ts (<a
href="https://github.com/sveltejs/kit/tree/HEAD/packages/kit/issues/15331">#15331</a>)</li>
<li><a
href="https://github.com/sveltejs/kit/commit/20dfadfbef312b4e750318aa871aebbfcb4396a4"><code>20dfadf</code></a>
fix: escape backticks and dollar signs before creating interpolated
string (#...</li>
<li><a
href="https://github.com/sveltejs/kit/commit/8c2384a346825d54eb4281f9da854388fb4d81b3"><code>8c2384a</code></a>
fix: increment <code>form.pending</code> count before preflight
validation (<a
href="https://github.com/sveltejs/kit/tree/HEAD/packages/kit/issues/15279">#15279</a>)</li>
<li><a
href="https://github.com/sveltejs/kit/commit/71ddbc7ff19a612cfcd483f3b7ba58586372528b"><code>71ddbc7</code></a>
chore: remove dependency on sade (<a
href="https://github.com/sveltejs/kit/tree/HEAD/packages/kit/issues/15272">#15272</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/sveltejs/kit/commits/@sveltejs/kit@2.52.2/packages/kit">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@sveltejs/kit&package-manager=npm_and_yarn&previous-version=2.49.5&new-version=2.52.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/getsentry/sentry-javascript/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps the opentelemetry group with 4 updates:
[@opentelemetry/core](https://github.com/open-telemetry/opentelemetry-js),
[@opentelemetry/context-async-hooks](https://github.com/open-telemetry/opentelemetry-js),
[@opentelemetry/resources](https://github.com/open-telemetry/opentelemetry-js)
and
[@opentelemetry/sdk-trace-base](https://github.com/open-telemetry/opentelemetry-js).

Updates `@opentelemetry/core` from 2.5.0 to 2.5.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/open-telemetry/opentelemetry-js/releases"><code>@​opentelemetry/core</code>'s
releases</a>.</em></p>
<blockquote>
<h2>v2.5.1</h2>
<h2>2.5.1</h2>
<h3>:bug: Bug Fixes</h3>
<ul>
<li>fix(opentelemetry-sdk-node): the custom value from env variable for
service.instance.id should take priority over random uuid as backup <a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6345">#6345</a>
<a href="https://github.com/maryliag"><code>@​maryliag</code></a></li>
</ul>
<h3>:house: Internal</h3>
<ul>
<li>perf(sdk-trace-base): use Uint8Array for browser RandomIdGenerator
<a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6209">#6209</a>
<a
href="https://github.com/overbalance"><code>@​overbalance</code></a></li>
<li>test(sdk-trace-base): remove obsolete TypeScript and platform
workarounds <a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6327">#6327</a>
<a
href="https://github.com/overbalance"><code>@​overbalance</code></a></li>
<li>fix(example-web): update Docker config and deps for collector <a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6342">#6342</a>
<a
href="https://github.com/overbalance"><code>@​overbalance</code></a></li>
<li>perf(sdk-trace-base): optimize setAttribute performance <a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6283">#6283</a>
<a
href="https://github.com/AbhiPrasad"><code>@​AbhiPrasad</code></a></li>
<li>refactor(core): remove unnecessary closure in _export() <a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6360">#6360</a>
<a href="https://github.com/cjihrig"><code>@​cjihrig</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md"><code>@​opentelemetry/core</code>'s
changelog</a>.</em></p>
<blockquote>
<h2>2.5.1</h2>
<h3>:bug: Bug Fixes</h3>
<ul>
<li>fix(opentelemetry-sdk-node): the custom value from env variable for
service.instance.id should take priority over random uuid as backup <a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6345">#6345</a>
<a href="https://github.com/maryliag"><code>@​maryliag</code></a></li>
</ul>
<h3>:house: Internal</h3>
<ul>
<li>perf(sdk-trace-base): use Uint8Array for browser RandomIdGenerator
<a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6209">#6209</a>
<a
href="https://github.com/overbalance"><code>@​overbalance</code></a></li>
<li>test(sdk-trace-base): remove obsolete TypeScript and platform
workarounds <a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6327">#6327</a>
<a
href="https://github.com/overbalance"><code>@​overbalance</code></a></li>
<li>fix(example-web): update Docker config and deps for collector <a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6342">#6342</a>
<a
href="https://github.com/overbalance"><code>@​overbalance</code></a></li>
<li>perf(sdk-trace-base): optimize setAttribute performance <a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6283">#6283</a>
<a
href="https://github.com/AbhiPrasad"><code>@​AbhiPrasad</code></a></li>
<li>refactor(core): remove unnecessary closure in _export() <a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6360">#6360</a>
<a href="https://github.com/cjihrig"><code>@​cjihrig</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/open-telemetry/opentelemetry-js/commit/ad92be4c2c1094745a85b0b7eeff1444a11b1b4a"><code>ad92be4</code></a>
chore: prepare next release (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6402">#6402</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-js/commit/3e68499ff1039728ef2d8206df343cf8cf8530b3"><code>3e68499</code></a>
feat(configuration): add prometheus exporter support (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6400">#6400</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-js/commit/b7437476938aac9a16c8104453f52345c63a3514"><code>b743747</code></a>
fix(configuration): remove default propagator initialization (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6399">#6399</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-js/commit/48e2fb499ee476b18c08679b056adc2c1ef6f36b"><code>48e2fb4</code></a>
chore(deps): update fossas/fossa-action action to v1.8.0 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6405">#6405</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-js/commit/90d1afaa7679c4c84bd05ffd68815d2bf06289a8"><code>90d1afa</code></a>
ci: allow different release bumps for groups (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6397">#6397</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-js/commit/c1d05435794abff2dc208dc07e0df0729ecd3b56"><code>c1d0543</code></a>
fix(deps): update dependency axios to v1.13.5 [security] (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6398">#6398</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-js/commit/a78d112822019849a1f508c37f046d1c97786a91"><code>a78d112</code></a>
fix(deps): update dependency <code>@​grpc/grpc-js</code> to v1.8.22
[security] (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6366">#6366</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-js/commit/fcafab54ebf18b675a2f160e83d6bbd5093011a7"><code>fcafab5</code></a>
chore: fix lint (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6388">#6388</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-js/commit/a0d5c141a1aa13c56b75e3332e3ced4396a2c037"><code>a0d5c14</code></a>
fix(otlp-exporter-base): avoid use of a wrapped fetch (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6353">#6353</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-js/commit/819ebb2d03e8ae6281c0000801cf10bb8c8f2c95"><code>819ebb2</code></a>
chore(deps): update dependency webpack-merge to v6 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6364">#6364</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/open-telemetry/opentelemetry-js/compare/v2.5.0...v2.5.1">compare
view</a></li>
</ul>
</details>
<br />

Updates `@opentelemetry/context-async-hooks` from 2.5.0 to 2.5.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/open-telemetry/opentelemetry-js/releases"><code>@​opentelemetry/context-async-hooks</code>'s
releases</a>.</em></p>
<blockquote>
<h2>v2.5.1</h2>
<h2>2.5.1</h2>
<h3>:bug: Bug Fixes</h3>
<ul>
<li>fix(opentelemetry-sdk-node): the custom value from env variable for
service.instance.id should take priority over random uuid as backup <a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6345">#6345</a>
<a href="https://github.com/maryliag"><code>@​maryliag</code></a></li>
</ul>
<h3>:house: Internal</h3>
<ul>
<li>perf(sdk-trace-base): use Uint8Array for browser RandomIdGenerator
<a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6209">#6209</a>
<a
href="https://github.com/overbalance"><code>@​overbalance</code></a></li>
<li>test(sdk-trace-base): remove obsolete TypeScript and platform
workarounds <a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6327">#6327</a>
<a
href="https://github.com/overbalance"><code>@​overbalance</code></a></li>
<li>fix(example-web): update Docker config and deps for collector <a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6342">#6342</a>
<a
href="https://github.com/overbalance"><code>@​overbalance</code></a></li>
<li>perf(sdk-trace-base): optimize setAttribute performance <a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6283">#6283</a>
<a
href="https://github.com/AbhiPrasad"><code>@​AbhiPrasad</code></a></li>
<li>refactor(core): remove unnecessary closure in _export() <a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6360">#6360</a>
<a href="https://github.com/cjihrig"><code>@​cjihrig</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md"><code>@​opentelemetry/context-async-hooks</code>'s
changelog</a>.</em></p>
<blockquote>
<h2>2.5.1</h2>
<h3>:bug: Bug Fixes</h3>
<ul>
<li>fix(opentelemetry-sdk-node): the custom value from env variable for
service.instance.id should take priority over random uuid as backup <a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6345">#6345</a>
<a href="https://github.com/maryliag"><code>@​maryliag</code></a></li>
</ul>
<h3>:house: Internal</h3>
<ul>
<li>perf(sdk-trace-base): use Uint8Array for browser RandomIdGenerator
<a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6209">#6209</a>
<a
href="https://github.com/overbalance"><code>@​overbalance</code></a></li>
<li>test(sdk-trace-base): remove obsolete TypeScript and platform
workarounds <a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6327">#6327</a>
<a
href="https://github.com/overbalance"><code>@​overbalance</code></a></li>
<li>fix(example-web): update Docker config and deps for collector <a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6342">#6342</a>
<a
href="https://github.com/overbalance"><code>@​overbalance</code></a></li>
<li>perf(sdk-trace-base): optimize setAttribute performance <a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6283">#6283</a>
<a
href="https://github.com/AbhiPrasad"><code>@​AbhiPrasad</code></a></li>
<li>refactor(core): remove unnecessary closure in _export() <a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6360">#6360</a>
<a href="https://github.com/cjihrig"><code>@​cjihrig</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/open-telemetry/opentelemetry-js/commit/ad92be4c2c1094745a85b0b7eeff1444a11b1b4a"><code>ad92be4</code></a>
chore: prepare next release (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6402">#6402</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-js/commit/3e68499ff1039728ef2d8206df343cf8cf8530b3"><code>3e68499</code></a>
feat(configuration): add prometheus exporter support (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6400">#6400</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-js/commit/b7437476938aac9a16c8104453f52345c63a3514"><code>b743747</code></a>
fix(configuration): remove default propagator initialization (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6399">#6399</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-js/commit/48e2fb499ee476b18c08679b056adc2c1ef6f36b"><code>48e2fb4</code></a>
chore(deps): update fossas/fossa-action action to v1.8.0 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6405">#6405</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-js/commit/90d1afaa7679c4c84bd05ffd68815d2bf06289a8"><code>90d1afa</code></a>
ci: allow different release bumps for groups (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6397">#6397</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-js/commit/c1d05435794abff2dc208dc07e0df0729ecd3b56"><code>c1d0543</code></a>
fix(deps): update dependency axios to v1.13.5 [security] (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6398">#6398</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-js/commit/a78d112822019849a1f508c37f046d1c97786a91"><code>a78d112</code></a>
fix(deps): update dependency <code>@​grpc/grpc-js</code> to v1.8.22
[security] (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6366">#6366</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-js/commit/fcafab54ebf18b675a2f160e83d6bbd5093011a7"><code>fcafab5</code></a>
chore: fix lint (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6388">#6388</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-js/commit/a0d5c141a1aa13c56b75e3332e3ced4396a2c037"><code>a0d5c14</code></a>
fix(otlp-exporter-base): avoid use of a wrapped fetch (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6353">#6353</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-js/commit/819ebb2d03e8ae6281c0000801cf10bb8c8f2c95"><code>819ebb2</code></a>
chore(deps): update dependency webpack-merge to v6 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6364">#6364</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/open-telemetry/opentelemetry-js/compare/v2.5.0...v2.5.1">compare
view</a></li>
</ul>
</details>
<br />

Updates `@opentelemetry/resources` from 2.5.0 to 2.5.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/open-telemetry/opentelemetry-js/releases"><code>@​opentelemetry/resources</code>'s
releases</a>.</em></p>
<blockquote>
<h2>v2.5.1</h2>
<h2>2.5.1</h2>
<h3>:bug: Bug Fixes</h3>
<ul>
<li>fix(opentelemetry-sdk-node): the custom value from env variable for
service.instance.id should take priority over random uuid as backup <a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6345">#6345</a>
<a href="https://github.com/maryliag"><code>@​maryliag</code></a></li>
</ul>
<h3>:house: Internal</h3>
<ul>
<li>perf(sdk-trace-base): use Uint8Array for browser RandomIdGenerator
<a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6209">#6209</a>
<a
href="https://github.com/overbalance"><code>@​overbalance</code></a></li>
<li>test(sdk-trace-base): remove obsolete TypeScript and platform
workarounds <a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6327">#6327</a>
<a
href="https://github.com/overbalance"><code>@​overbalance</code></a></li>
<li>fix(example-web): update Docker config and deps for collector <a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6342">#6342</a>
<a
href="https://github.com/overbalance"><code>@​overbalance</code></a></li>
<li>perf(sdk-trace-base): optimize setAttribute performance <a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6283">#6283</a>
<a
href="https://github.com/AbhiPrasad"><code>@​AbhiPrasad</code></a></li>
<li>refactor(core): remove unnecessary closure in _export() <a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6360">#6360</a>
<a href="https://github.com/cjihrig"><code>@​cjihrig</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md"><code>@​opentelemetry/resources</code>'s
changelog</a>.</em></p>
<blockquote>
<h2>2.5.1</h2>
<h3>:bug: Bug Fixes</h3>
<ul>
<li>fix(opentelemetry-sdk-node): the custom value from env variable for
service.instance.id should take priority over random uuid as backup <a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6345">#6345</a>
<a href="https://github.com/maryliag"><code>@​maryliag</code></a></li>
</ul>
<h3>:house: Internal</h3>
<ul>
<li>perf(sdk-trace-base): use Uint8Array for browser RandomIdGenerator
<a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6209">#6209</a>
<a
href="https://github.com/overbalance"><code>@​overbalance</code></a></li>
<li>test(sdk-trace-base): remove obsolete TypeScript and platform
workarounds <a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6327">#6327</a>
<a
href="https://github.com/overbalance"><code>@​overbalance</code></a></li>
<li>fix(example-web): update Docker config and deps for collector <a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6342">#6342</a>
<a
href="https://github.com/overbalance"><code>@​overbalance</code></a></li>
<li>perf(sdk-trace-base): optimize setAttribute performance <a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6283">#6283</a>
<a
href="https://github.com/AbhiPrasad"><code>@​AbhiPrasad</code></a></li>
<li>refactor(core): remove unnecessary closure in _export() <a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6360">#6360</a>
<a href="https://github.com/cjihrig"><code>@​cjihrig</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/open-telemetry/opentelemetry-js/commit/ad92be4c2c1094745a85b0b7eeff1444a11b1b4a"><code>ad92be4</code></a>
chore: prepare next release (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6402">#6402</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-js/commit/3e68499ff1039728ef2d8206df343cf8cf8530b3"><code>3e68499</code></a>
feat(configuration): add prometheus exporter support (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6400">#6400</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-js/commit/b7437476938aac9a16c8104453f52345c63a3514"><code>b743747</code></a>
fix(configuration): remove default propagator initialization (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6399">#6399</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-js/commit/48e2fb499ee476b18c08679b056adc2c1ef6f36b"><code>48e2fb4</code></a>
chore(deps): update fossas/fossa-action action to v1.8.0 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6405">#6405</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-js/commit/90d1afaa7679c4c84bd05ffd68815d2bf06289a8"><code>90d1afa</code></a>
ci: allow different release bumps for groups (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6397">#6397</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-js/commit/c1d05435794abff2dc208dc07e0df0729ecd3b56"><code>c1d0543</code></a>
fix(deps): update dependency axios to v1.13.5 [security] (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6398">#6398</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-js/commit/a78d112822019849a1f508c37f046d1c97786a91"><code>a78d112</code></a>
fix(deps): update dependency <code>@​grpc/grpc-js</code> to v1.8.22
[security] (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6366">#6366</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-js/commit/fcafab54ebf18b675a2f160e83d6bbd5093011a7"><code>fcafab5</code></a>
chore: fix lint (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6388">#6388</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-js/commit/a0d5c141a1aa13c56b75e3332e3ced4396a2c037"><code>a0d5c14</code></a>
fix(otlp-exporter-base): avoid use of a wrapped fetch (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6353">#6353</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-js/commit/819ebb2d03e8ae6281c0000801cf10bb8c8f2c95"><code>819ebb2</code></a>
chore(deps): update dependency webpack-merge to v6 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6364">#6364</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/open-telemetry/opentelemetry-js/compare/v2.5.0...v2.5.1">compare
view</a></li>
</ul>
</details>
<br />

Updates `@opentelemetry/sdk-trace-base` from 2.5.0 to 2.5.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/open-telemetry/opentelemetry-js/releases"><code>@​opentelemetry/sdk-trace-base</code>'s
releases</a>.</em></p>
<blockquote>
<h2>v2.5.1</h2>
<h2>2.5.1</h2>
<h3>:bug: Bug Fixes</h3>
<ul>
<li>fix(opentelemetry-sdk-node): the custom value from env variable for
service.instance.id should take priority over random uuid as backup <a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6345">#6345</a>
<a href="https://github.com/maryliag"><code>@​maryliag</code></a></li>
</ul>
<h3>:house: Internal</h3>
<ul>
<li>perf(sdk-trace-base): use Uint8Array for browser RandomIdGenerator
<a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6209">#6209</a>
<a
href="https://github.com/overbalance"><code>@​overbalance</code></a></li>
<li>test(sdk-trace-base): remove obsolete TypeScript and platform
workarounds <a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6327">#6327</a>
<a
href="https://github.com/overbalance"><code>@​overbalance</code></a></li>
<li>fix(example-web): update Docker config and deps for collector <a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6342">#6342</a>
<a
href="https://github.com/overbalance"><code>@​overbalance</code></a></li>
<li>perf(sdk-trace-base): optimize setAttribute performance <a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6283">#6283</a>
<a
href="https://github.com/AbhiPrasad"><code>@​AbhiPrasad</code></a></li>
<li>refactor(core): remove unnecessary closure in _export() <a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6360">#6360</a>
<a href="https://github.com/cjihrig"><code>@​cjihrig</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md"><code>@​opentelemetry/sdk-trace-base</code>'s
changelog</a>.</em></p>
<blockquote>
<h2>2.5.1</h2>
<h3>:bug: Bug Fixes</h3>
<ul>
<li>fix(opentelemetry-sdk-node): the custom value from env variable for
service.instance.id should take priority over random uuid as backup <a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6345">#6345</a>
<a href="https://github.com/maryliag"><code>@​maryliag</code></a></li>
</ul>
<h3>:house: Internal</h3>
<ul>
<li>perf(sdk-trace-base): use Uint8Array for browser RandomIdGenerator
<a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6209">#6209</a>
<a
href="https://github.com/overbalance"><code>@​overbalance</code></a></li>
<li>test(sdk-trace-base): remove obsolete TypeScript and platform
workarounds <a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6327">#6327</a>
<a
href="https://github.com/overbalance"><code>@​overbalance</code></a></li>
<li>fix(example-web): update Docker config and deps for collector <a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6342">#6342</a>
<a
href="https://github.com/overbalance"><code>@​overbalance</code></a></li>
<li>perf(sdk-trace-base): optimize setAttribute performance <a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6283">#6283</a>
<a
href="https://github.com/AbhiPrasad"><code>@​AbhiPrasad</code></a></li>
<li>refactor(core): remove unnecessary closure in _export() <a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6360">#6360</a>
<a href="https://github.com/cjihrig"><code>@​cjihrig</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/open-telemetry/opentelemetry-js/commit/ad92be4c2c1094745a85b0b7eeff1444a11b1b4a"><code>ad92be4</code></a>
chore: prepare next release (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6402">#6402</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-js/commit/3e68499ff1039728ef2d8206df343cf8cf8530b3"><code>3e68499</code></a>
feat(configuration): add prometheus exporter support (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6400">#6400</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-js/commit/b7437476938aac9a16c8104453f52345c63a3514"><code>b743747</code></a>
fix(configuration): remove default propagator initialization (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6399">#6399</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-js/commit/48e2fb499ee476b18c08679b056adc2c1ef6f36b"><code>48e2fb4</code></a>
chore(deps): update fossas/fossa-action action to v1.8.0 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6405">#6405</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-js/commit/90d1afaa7679c4c84bd05ffd68815d2bf06289a8"><code>90d1afa</code></a>
ci: allow different release bumps for groups (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6397">#6397</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-js/commit/c1d05435794abff2dc208dc07e0df0729ecd3b56"><code>c1d0543</code></a>
fix(deps): update dependency axios to v1.13.5 [security] (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6398">#6398</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-js/commit/a78d112822019849a1f508c37f046d1c97786a91"><code>a78d112</code></a>
fix(deps): update dependency <code>@​grpc/grpc-js</code> to v1.8.22
[security] (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6366">#6366</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-js/commit/fcafab54ebf18b675a2f160e83d6bbd5093011a7"><code>fcafab5</code></a>
chore: fix lint (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6388">#6388</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-js/commit/a0d5c141a1aa13c56b75e3332e3ced4396a2c037"><code>a0d5c14</code></a>
fix(otlp-exporter-base): avoid use of a wrapped fetch (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6353">#6353</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-js/commit/819ebb2d03e8ae6281c0000801cf10bb8c8f2c95"><code>819ebb2</code></a>
chore(deps): update dependency webpack-merge to v6 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6364">#6364</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/open-telemetry/opentelemetry-js/compare/v2.5.0...v2.5.1">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Andrei Borza <andrei.borza@sentry.io>

We drop support for Gatsby v2 (still relies on webpack 4) for a critical
security update in
https://github.com/getsentry/sentry-javascript-bundler-plugins/releases/tag/5.0.0

closes #19465

The file is a single pretty-printed JSON array,
`JSON.stringify(messages, null, 2)` ([source
code](https://github.com/anthropics/claude-code-action/blob/edd85d61533cbba7b57ed0ca4af1750b1fdfd3c4/base-action/src/run-claude-sdk.ts#L183-L189)),
not NDJSON. This script change (treating the parsed root as a list and
collecting objects with type === "result") reads it correctly.


This is the the current error output:
```
Traceback (most recent call last):
  File "/home/runner/work/sentry-javascript/sentry-javascript/.claude/skills/triage-issue/scripts/write_job_summary.py", line 109, in <module>
    sys.exit(main())
             ^^^^^^
  File "/home/runner/work/sentry-javascript/sentry-javascript/.claude/skills/triage-issue/scripts/write_job_summary.py", line 55, in main
    if obj.get("type") == "result":
       ^^^^^^^
```


Closes #19472 (added automatically)

…tart-react/vite subpath (#19182)

Closes #19180
Closes #19181

Context #19142

As discussed we change the `sentryTanstackStart()` vite plugin to now be
a subpath export from `@sentry/tanstackstart-react`. This should resolve
the issue of the plugin being pulled into user builds. As far as I could
see this now seems to work for the latest nitro alpha. With the latest
nitro nightly we still see a `rollup` issue that is a bit annoying.
However, it does work with the latest vite 8 beta, which uses
`rolldown`.

Bumps max turns to 50, as we hope this will result in the action not
erroring out.

We released a new major v5 of the bundler plugins earlier today to fix
security vulnerabilities. This PR bumps to the new sentry bundler
plugins major for the same reason.


Closes #19469 (added automatically)

---------

Co-authored-by: Charly Gomez <charly.gomez@sentry.io>

Bump Sentry CLI to a non-vulnerable version

Closes #19478 (added automatically)

Deactivating this test for noise removal until this gets resolved
upstream.

Closes #19484 (added automatically)

Noticed we still have some older versions in the lockfile.

Closes #19487 (added automatically)