Skip to content

chore(deps): bump @sentry/browser from 9.14.0 to 10.43.0#7641

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/sentry/browser-10.43.0
Open

chore(deps): bump @sentry/browser from 9.14.0 to 10.43.0#7641
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/sentry/browser-10.43.0

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 13, 2026
edited
Loading

Bumps @sentry/browser from 9.14.0 to 10.43.0.

Release notes

Sourced from @​sentry/browser's releases.

10.43.0

Important Changes

  • feat(nextjs): Add Turbopack support for React component name annotation (#19604)

    We added experimental support for React component name annotation in Turbopack builds. When enabled, JSX elements are annotated with data-sentry-component, data-sentry-element, and data-sentry-source-file attributes at build time. This enables searching Replays by component name, seeing component names in breadcrumbs, and performance monitoring — previously only available with webpack builds.

    This feature requires Next.js 16+ and is currently behind an experimental flag:

    // next.config.ts
import { withSentryConfig } from '@sentry/nextjs';
export default withSentryConfig(nextConfig, {
_experimental: {
turbopackReactComponentAnnotation: {
enabled: true,
ignoredComponents: ['Header', 'Footer'], // optional
},
},
});

  • feat(hono): Instrument middlewares app.use() (#19611)

    Hono middleware registered via app.use() is now automatically instrumented, creating spans for each middleware invocation.

Other Changes

  • feat(node-core,node): Add tracePropagation option to http and fetch integrations (#19712)
  • feat(hono): Use parametrized names for errors (#19577)
  • fix(browser): Fix missing traces for user feedback (#19660)
  • fix(cloudflare): Use correct Proxy receiver in instrumentDurableObjectStorage (#19662)
  • fix(core): Standardize Vercel AI span descriptions to align with GenAI semantic conventions (#19624)
  • fix(deps): Bump hono to 4.12.5 to fix multiple vulnerabilities (#19653)
  • fix(deps): Bump svgo to 4.0.1 to fix DoS via entity expansion (#19651)
  • fix(deps): Bump tar to 7.5.10 to fix hardlink path traversal (#19650)
  • fix(nextjs): Align Turbopack module metadata injection with webpack behavior (#19645)
  • fix(node): Prevent duplicate LangChain spans from double module patching (#19684)
  • fix(node-core,vercel-edge): Use HEROKU_BUILD_COMMIT env var for default release (#19617)
  • fix(sveltekit): Fix file system race condition in source map cleaning (#19714)
  • fix(tanstackstart-react): Add workerd and worker export conditions (#19461)
  • fix(vercel-ai): Prevent tool call span map memory leak (#19328)
  • feat(deps): Bump @​sentry/rollup-plugin from 5.1.0 to 5.1.1 (#19658)

... (truncated)

Changelog

Sourced from @​sentry/browser's changelog.

10.43.0

Important Changes

  • feat(nextjs): Add Turbopack support for React component name annotation (#19604)

    We added experimental support for React component name annotation in Turbopack builds. When enabled, JSX elements are annotated with data-sentry-component, data-sentry-element, and data-sentry-source-file attributes at build time. This enables searching Replays by component name, seeing component names in breadcrumbs, and performance monitoring — previously only available with webpack builds.

    This feature requires Next.js 16+ and is currently behind an experimental flag:

    // next.config.ts
import { withSentryConfig } from '@sentry/nextjs';
export default withSentryConfig(nextConfig, {
_experimental: {
turbopackReactComponentAnnotation: {
enabled: true,
ignoredComponents: ['Header', 'Footer'], // optional
},
},
});

  • feat(hono): Instrument middlewares app.use() (#19611)

    Hono middleware registered via app.use() is now automatically instrumented, creating spans for each middleware invocation.

Other Changes

  • feat(node-core,node): Add tracePropagation option to http and fetch integrations (#19712)
  • feat(hono): Use parametrized names for errors (#19577)
  • fix(browser): Fix missing traces for user feedback (#19660)
  • fix(cloudflare): Use correct Proxy receiver in instrumentDurableObjectStorage (#19662)
  • fix(core): Standardize Vercel AI span descriptions to align with GenAI semantic conventions (#19624)
  • fix(deps): Bump hono to 4.12.5 to fix multiple vulnerabilities (#19653)
  • fix(deps): Bump svgo to 4.0.1 to fix DoS via entity expansion (#19651)
  • fix(deps): Bump tar to 7.5.10 to fix hardlink path traversal (#19650)
  • fix(nextjs): Align Turbopack module metadata injection with webpack behavior (#19645)
  • fix(node): Prevent duplicate LangChain spans from double module patching (#19684)
  • fix(node-core,vercel-edge): Use HEROKU_BUILD_COMMIT env var for default release (#19617)
  • fix(sveltekit): Fix file system race condition in source map cleaning (#19714)
  • fix(tanstackstart-react): Add workerd and worker export conditions (#19461)
  • fix(vercel-ai): Prevent tool call span map memory leak (#19328)
  • feat(deps): Bump @​sentry/rollup-plugin from 5.1.0 to 5.1.1 (#19658)

... (truncated)

Commits
  • 3fb8102 release: 10.43.0
  • 8706e4e Merge pull request #19716 from getsentry/prepare-release/10.43.0
  • 61d7a84 meta(changelog): Update changelog for 10.43.0
  • f83f288 test(angular): Fix failing canary test (#19639)
  • 2b3ce34 fix(sveltekit): Fix file system race condition in source map cleaning (#19714)
  • 98be6b0 chore(skills): Add bump-size-limit skill (#19715)
  • cdee7a9 chore(sourcemaps): Make sourcemaps e2e test more generic (#19678)
  • b26df86 feat(node-core,node): Add tracePropagation option to http and fetch integrati...
  • 7b69774 chore(ci): Allow triage action to run on issues from external users (#19701)
  • 5651be2 fix(browser): Fix missing traces for user feedback (#19660)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Mar 13, 2026
@monkeytypegeorge monkeytypegeorge added the frontend User interface or web stuff label Mar 13, 2026
@socket-security
Copy link

socket-security bot commented Mar 13, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updated@​sentry/​browser@​9.14.0 ⏵ 10.43.072 -2710091 +296 -3100 +20

View full report

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/sentry/browser-10.43.0 branch 2 times, most recently from 53f4578 to f9f9940 Compare March 15, 2026 09:12
@socket-security
Copy link

socket-security bot commented Mar 15, 2026
edited
Loading

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report

@dependabot
chore(deps): bump @sentry/browser from 9.14.0 to 10.43.0
cf3e1c0 
Bumps [@sentry/browser](https://github.com/getsentry/sentry-javascript) from 9.14.0 to 10.43.0.
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md)
- [Commits](getsentry/sentry-javascript@9.14.0...10.43.0)

---
updated-dependencies:
- dependency-name: "@sentry/browser"
  dependency-version: 10.43.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/sentry/browser-10.43.0 branch from f9f9940 to cf3e1c0 Compare March 15, 2026 11:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file frontend User interface or web stuff javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@monkeytypegeorge