Update all non-major dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update	Pending
@libsql/client (source)	0.17.0 → 0.17.2			pnpm.catalog.sqlite	patch	0.17.3
@libsql/client (source)	0.17.0 → 0.17.2			dependencies	patch	0.17.3
@libsql/client (source)	0.17.0 → 0.17.2			pnpm.overrides	patch	0.17.3
@npmcli/package-json	7.0.4 → 7.0.5			dependencies	patch
@react-router/dev (source)	7.12.0 → 7.14.1			pnpm.catalog.react-router	minor	7.14.2
@react-router/fs-routes (source)	7.12.0 → 7.14.1			pnpm.catalog.react-router	minor	7.14.2
@react-router/node (source)	7.12.0 → 7.14.1			pnpm.catalog.react-router	minor	7.14.2
@react-router/remix-routes-option-adapter (source)	7.12.0 → 7.14.1			pnpm.catalog.react-router	minor	7.14.2
@sentry/profiling-node (source)	10.33.0 → 10.49.0			pnpm.catalog.sentry	minor
@sentry/react-router (source)	10.33.0 → 10.49.0			pnpm.catalog.sentry	minor
@storybook/addon-docs (source)	10.1.11 → 10.3.5			pnpm.catalog.storybook	minor
@storybook/addon-onboarding (source)	10.1.11 → 10.3.5			pnpm.catalog.storybook	minor
@storybook/builder-vite (source)	10.1.11 → 10.3.5			pnpm.catalog.storybook	minor
@storybook/react-vite (source)	10.1.11 → 10.3.5			pnpm.catalog.storybook	minor
@t3-oss/env-core (source)	0.13.10 → 0.13.11			pnpm.catalog.default	patch
@tailwindcss/vite (source)	4.1.18 → 4.2.2			pnpm.catalog.tailwindcss	minor	4.2.4 (+1)
@types/pg (source)	8.16.0 → 8.20.0			pnpm.catalog.postgresql	minor
@types/react (source)	19.2.8 → 19.2.14			pnpm.catalog.react19	patch
dotenv	17.2.3 → 17.4.2			pnpm.catalog.default	minor
drizzle-kit (source)	0.31.8 → 0.31.10			pnpm.catalog.drizzle	patch
drizzle-orm (source)	0.45.1 → 0.45.2			pnpm.catalog.drizzle	patch
esbuild	0.27.2 → 0.28.0			devDependencies	minor
eslint-plugin-import-x	4.16.1 → 4.16.2			dependencies	patch
eslint-plugin-react-hooks (source)	7.0.1 → 7.1.1			dependencies	minor
eslint-plugin-storybook (source)	10.1.11 → 10.3.5			pnpm.catalog.storybook	minor
glob	13.0.0 → 13.0.6			pnpm.catalog.default	patch
globals	17.2.0 → 17.5.0			dependencies	minor
hono (source)	4.11.4 → 4.12.14			pnpm.catalog.hono	minor
isbot (source)	5.1.32 → 5.1.39			pnpm.catalog.default	patch
pg (source)	8.16.3 → 8.20.0			pnpm.catalog.postgresql	minor
pnpm (source)	10.28.0 → 10.33.0			packageManager	minor	10.33.1
react (source)	19.2.3 → 19.2.5			pnpm.catalog.react19	patch
react-dom (source)	19.2.3 → 19.2.5			pnpm.catalog.react19	patch
react-router (source)	7.12.0 → 7.14.1			pnpm.catalog.react-router	minor	7.14.2
react-router-dom (source)	7.12.0 → 7.14.1			pnpm.catalog.react-router	minor	7.14.2
react-router-hono-server	2.22.0 → 2.25.3			pnpm.catalog.hono	minor
rimraf	6.1.2 → 6.1.3			pnpm.catalog.default	patch
storybook (source)	10.1.11 → 10.3.5			pnpm.catalog.storybook	minor
styfle/cancel-workflow-action	0.13.0 → 0.13.1			action	patch
superfly/flyctl-actions	1.5 → 1.6			action	minor
tailwind-merge	3.4.0 → 3.5.0			pnpm.catalog.tailwindcss	minor
tailwindcss (source)	4.1.18 → 4.2.2			pnpm.catalog.tailwindcss	minor	4.2.4 (+1)
typescript-eslint (source)	8.53.0 → 8.58.2			dependencies	minor	8.59.0

---

Release Notes

tursodatabase/libsql-client-ts (@​libsql/client)

v0.17.2

Compare Source

v0.17.1

Compare Source

npm/package-json (@​npmcli/package-json)

v7.0.5

Compare Source

Bug Fixes

• 09b981d #​172 inline license validation code (@​wraithgar)

Dependencies

• cb3e677 #​172 spdx-expression-parse@4.0.0
• 61738b2 #​172 remove validate-npm-package-license

Chores

• bd3b7ea #​169 bump @​npmcli/template-oss from 4.28.0 to 4.28.1 (#​169) (@​dependabot[bot], @​npm-cli-bot)

remix-run/react-router (@​react-router/dev)

v7.14.1

Compare Source

Patch Changes

• Add TypeScript 6 support to peer dependency ranges
• Updated dependencies:
  • react-router@7.14.1
  • @react-router/node@7.14.1
  • @react-router/serve@7.14.1

v7.14.0

Compare Source

Minor Changes

• Add support for Vite 8 (#​14876)

Patch Changes

• support for prerendering multiple server bundles with v8_viteEnvironmentApi (#​14921)

• rsc framework mode prerender / spa mode support (#​14907)

• UNSTABLE RSC FRAMEWORK MODE BREAKING CHANGE - Existing route module exports remain unchanged from stable v7 non-RSC mode, but new exports are added for RSC mode. If you want to use RSC features, you will need to update your route modules to export the new annotations. (#​14901)

  If you are using RSC framework mode currently, you will need to update your route modules to the new conventions. The following route module components have their own mutually exclusive server component counterparts:

  Server Component Export	Client Component
  ServerComponent	default
  ServerErrorBoundary	ErrorBoundary
  ServerLayout	Layout
  ServerHydrateFallback	HydrateFallback

  If you were previously exporting a ServerComponent, your ErrorBoundary, Layout, and HydrateFallback were also server components. If you want to keep those as server components, you can rename them and prefix them with Server. If you were previously importing the implementations of those components from a client module, you can simply inline them.

  Example:

  Before

  import { ErrorBoundary as ClientErrorBoundary } from "./client";
  
  export function ServerComponent() {
    // ...
  }
  
  export function ErrorBoundary() {
    return <ClientErrorBoundary />;
  }
  
  export function Layout() {
    // ...
  }
  
  export function HydrateFallback() {
    // ...
  }

  After

  export function ServerComponent() {
    // ...
  }
  
  export function ErrorBoundary() {
    // previous implementation of ClientErrorBoundary, this is now a client component
  }
  
  export function ServerLayout() {
    // rename previous Layout export to ServerLayout to make it a server component
  }
  
  export function ServerHydrateFallback() {
    // rename previous HydrateFallback export to ServerHydrateFallback to make it a server component
  }

• update the reveal command to support rsc for entry.client, entry.rsc, entry.ssr (#​14904)

• Updated dependencies:

  • react-router@7.14.0
  • @react-router/node@7.14.0
  • @react-router/serve@7.14.0

v7.13.2

Compare Source

Patch Changes

• Fix react-router dev crash when Unix socket files exist in the project root (#​14854)

• Escape redirect locations in prerendered redirect HTML (#​14880)

• Add future.unstable_passThroughRequests flag (#​14775)

  By default, React Router normalizes the request.url passed to your loader, action, and middleware functions by removing React Router's internal implementation details (.data suffixes, index + _routes query params).

  Enabling this flag removes that normalization and passes the raw HTTP request instance to your handlers. This provides a few benefits:

  • Reduces server-side overhead by eliminating multiple new Request() calls on the critical path
  • Allows you to distinguish document from data requests in your handlers base don the presence of a .data suffix (useful for observability purposes)

  If you were previously relying on the normalization of request.url, you can switch to use the new sibling unstable_url parameter which contains a URL instance representing the normalized location:

  // ❌ Before: you could assume there was no `.data` suffix in `request.url`
  export async function loader({ request }: Route.LoaderArgs) {
    let url = new URL(request.url);
    if (url.pathname === "/path") {
      // This check will fail with the flag enabled because the `.data` suffix will
      // exist on data requests
    }
  }
  
  // ✅ After: use `unstable_url` for normalized routing logic and `request.url`
  // for raw routing logic
  export async function loader({ request, unstable_url }: Route.LoaderArgs) {
    if (unstable_url.pathname === "/path") {
      // This will always have the `.data` suffix stripped
    }
  
    // And now you can distinguish between document versus data requests
    let isDataRequest = new URL(request.url).pathname.endsWith(".data");
  }

• Add a new unstable_url: URL parameter to route handler methods (loader, action, middleware, etc.) representing the normalized URL the application is navigating to or fetching, with React Router implementation details removed (.datasuffix, index/_routes query params) (#​14775)

  This is being added alongside the new future.unstable_passthroughRequests future flag so that users still have a way to access the normalized URL when that flag is enabled and non-normalized request's are being passed to your handlers. When adopting this flag, you will only need to start leveraging this new parameter if you are relying on the normalization of request.url in your application code.

  If you don't have the flag enabled, then unstable_url will match request.url.

• Updated dependencies:

  • react-router@7.13.2
  • @react-router/node@7.13.2
  • @react-router/serve@7.13.2

v7.13.1

Compare Source

Patch Changes

• Updated dependencies:
  • react-router@7.13.1
  • @react-router/node@7.13.1
  • @react-router/serve@7.13.1

v7.13.0

Compare Source

Patch Changes

• Bump @​remix-run/node-fetch-server dep (#​14704)
• Updated dependencies:
  • react-router@7.13.0
  • @react-router/node@7.13.0
  • @react-router/serve@7.13.0

remix-run/react-router (@​react-router/fs-routes)

v7.14.1

Compare Source

Patch Changes

• Add TypeScript 6 support to peer dependency ranges
• Updated dependencies:
  • @react-router/dev@7.14.1

v7.14.0

Compare Source

Patch Changes

• Updated dependencies:
  • @react-router/dev@7.14.0

v7.13.2

Compare Source

Patch Changes

• Updated dependencies:
  • @react-router/dev@7.13.2

v7.13.1

Compare Source

Patch Changes

• Updated dependencies:
  • @react-router/dev@7.13.1

v7.13.0

Compare Source

Patch Changes

• Fix route file paths when routes directory is outside of the app directory (#​13937)
• Updated dependencies:
  • @react-router/dev@7.13.0

remix-run/react-router (@​react-router/node)

v7.14.1

Compare Source

Patch Changes

• Add TypeScript 6 support to peer dependency ranges
• Updated dependencies:
  • react-router@7.14.1

v7.14.0

Compare Source

Patch Changes

• Updated dependencies:
  • react-router@7.14.0

v7.13.2

Compare Source

Patch Changes

• Updated dependencies:
  • react-router@7.13.2

v7.13.1

Compare Source

Patch Changes

• Updated dependencies:
  • react-router@7.13.1

v7.13.0

Compare Source

Patch Changes

• Updated dependencies:
  • react-router@7.13.0

remix-run/react-router (@​react-router/remix-routes-option-adapter)

v7.14.1

Compare Source

Patch Changes

• Add TypeScript 6 support to peer dependency ranges
• Updated dependencies:
  • @react-router/dev@7.14.1

v7.14.0

Compare Source

Patch Changes

• Updated dependencies:
  • @react-router/dev@7.14.0

v7.13.2

Compare Source

Patch Changes

• Updated dependencies:
  • @react-router/dev@7.13.2

v7.13.1

Compare Source

Patch Changes

• Updated dependencies:
  • @react-router/dev@7.13.1

v7.13.0

Compare Source

Patch Changes

• Updated dependencies:
  • @react-router/dev@7.13.0

getsentry/sentry-javascript (@​sentry/profiling-node)

v10.49.0

Compare Source

Important Changes

• feat(browser): Add View Hierarchy integration (#​14981)

  A new viewHierarchyIntegration captures the DOM structure when an error occurs, providing a snapshot of the page state for debugging. Enable it in your Sentry configuration:

  import * as Sentry from '@​sentry/browser';
  
  Sentry.init({
    dsn: '__DSN__',
    integrations: [Sentry.viewHierarchyIntegration()],
  });

• feat(cloudflare): Split alarms into multiple traces and link them (#​19373)

  Durable Object alarms now create separate traces for each alarm invocation, with proper linking between related alarms for better observability.

• feat(cloudflare): Enable RPC trace propagation with enableRpcTracePropagation (#​19991, #​20345)

  A new enableRpcTracePropagation option enables automatic trace propagation for Cloudflare RPC calls via .fetch(), ensuring distributed traces flow correctly across service bindings.

• feat(core): Add enableTruncation option to AI integrations (#​20167, #​20181, #​20182, #​20183, #​20184)

  All AI integrations (OpenAI, Anthropic, Google GenAI, LangChain, LangGraph) now support an enableTruncation option to control whether large AI inputs/outputs are truncated.

• feat(opentelemetry): Vendor AsyncLocalStorageContextManager (#​20243)

  The OpenTelemetry context manager is now vendored internally, reducing external dependencies and ensuring consistent behavior across environments.

Other Changes

• feat(core): Export a reusable function to add tracing headers (#​20076)
• feat(core): Expose rewriteSources top level option (#​20142)
• feat(deps): bump defu from 6.1.4 to 6.1.6 (#​20104)
• feat(node-native): Add support for V8 v14 (Node v25+) (#​20125)
• feat(node): Include global scope for eventLoopBlockIntegration (#​20108)
• fix(core, node): Support loading Express options lazily (#​20211)
• fix(core): Set conversation_id only on gen_ai spans (#​20274)
• fix(core): Use ai.operationId for Vercel AI V6 operation name mapping (#​20285)
• fix(deno): Avoid inferring invalid span op from Deno tracer (#​20128)
• fix(deno): Handle reader.closed rejection from releaseLock() in streaming (#​20187)
• fix(nextjs): Preserve directive prologues in turbopack loaders (#​20103)
• fix(nextjs): Skip custom browser tracing setup for bot user agents (#​20263)
• fix(opentelemetry): Use WeakRef for context stored on scope to prevent memory leak (#​20328)
• fix(replay): Use live click attributes in breadcrumbs (#​20262)

Internal Changes

• chore: Add PR review reminder workflow (#​20175)
• chore: Fix lint warnings (#​20250)
• chore(bugbot): Add rules to flag test-flake-provoking patterns (#​20192)
• chore(ci): Bump actions/cache to v5 and actions/download-artifact to v7 (#​20249)
• chore(ci): Bump dorny/paths-filter from v3.0.1 to v4.0.1 (#​20251)
• chore(ci): Remove codecov steps from jobs that produce no coverage/JUnit data (#​20244)
• chore(ci): Remove craft changelog preview (#​20271)
• chore(ci): Remove node-overhead GitHub Action (#​20246)
• chore(ci): Replace pr-labels-action with native GitHub expressions (#​20252)
• chore(ci): Skip flaky issue creation for optional tests (#​20288)
• chore(deps-dev): Bump @​sveltejs/kit from 2.53.3 to 2.57.1 (#​20216)
• chore(deps-dev): Bump vite from 7.2.0 to 7.3.2 in /dev-packages/e2e-tests/test-applications/tanstackstart-react (#​20107)
• chore(deps): Bump axios from 1.13.5 to 1.15.0 (#​20180)
• chore(deps): Bump axios from 1.13.5 to 1.15.0 in /dev-packages/e2e-tests/test-applications/nestjs-basic (#​20179)
• chore(deps): Bump hono from 4.12.7 to 4.12.12 (#​20118)
• chore(deps): Bump hono from 4.12.7 to 4.12.12 in /dev-packages/e2e-tests/test-applications/cloudflare-hono (#​20119)
• chore(deps): Bump next from 16.1.7 to 16.2.3 in nextjs-16-cf-workers (#​20289)
• chore(size-limit): Bump failing size limit scenario (#​20186)
• ci: Add automatic flaky test detector (#​18684)
• ci: Extract test names for flaky test issues (#​20298)
• ci: Remove Docker container for Verdaccio package publishing (#​20329)
• fix(ci): Prevent command injection in ci-metadata workflow (#​19899)
• fix(e2e-tests): Remove flaky navigation breadcrumb assertions from parameterized-routes tests (#​20202)
• fix(e2e): Add op check to waitForTransaction in React Router e2e tests (#​20193)
• fix(node-integration-tests): Fix flaky kafkajs test race condition (#​20189)
• ref(core): Add registry in Vercel ai integration (#​20098)
• ref(core): Automatically disable truncation when span streaming is enabled in Anthropic AI integration (#​20228)
• ref(core): Automatically disable truncation when span streaming is enabled in Google GenAI integration (#​20229)
• ref(core): Automatically disable truncation when span streaming is enabled in LangChain integration (#​20230)
• ref(core): Automatically disable truncation when span streaming is enabled in LangGraph integration (#​20231)
• ref(core): Automatically disable truncation when span streaming is enabled in OpenAI integration (#​20227)
• ref(core): Automatically disable truncation when span streaming is enabled in Vercel AI integration (#​20232)
• ref(core): Merge embeddings operations constants (#​20095)
• ref(core): Remove unused constants from vercel-ai-attributes.ts (#​20096)
• ref(nextjs): Refactor findInjectionIndexAfterDirectives for better readability (#​20310)
• ref(opentelemetry): Replace @opentelemetry/resources with inline getSentryResource() (#​20327)
• test: Fix flaky ANR test by increasing blocking duration (#​20239)
• test(bun): Add bun integration test folder (#​20286)
• test(cloudflare): Skip flaky durableobject-spans test (#​20282)
• test(openai): Use multi-message scenario in no-truncation test (#​20194)
• test(react): Remove duplicated test mock (#​20200)
• tests(ai): Fix streaming+truncation integration tests across AI integrations (#​20326)

Bundle size 📦

Path	Size
@​sentry/browser	25.18 KB
@​sentry/browser - with treeshaking flags	23.71 KB
@​sentry/browser (incl. Tracing)	42.59 KB
@​sentry/browser (incl. Tracing + Span Streaming)	44.26 KB
@​sentry/browser (incl. Tracing, Profiling)	47.37 KB
@​sentry/browser (incl. Tracing, Replay)	80.8 KB
@​sentry/browser (incl. Tracing, Replay) - with treeshaking flags	70.55 KB
@​sentry/browser (incl. Tracing, Replay with Canvas)	85.38 KB
@​sentry/browser (incl. Tracing, Replay, Feedback)	97.34 KB
@​sentry/browser (incl. Feedback)	41.59 KB
@​sentry/browser (incl. sendFeedback)	29.74 KB
@​sentry/browser (incl. FeedbackAsync)	34.62 KB
@​sentry/browser (incl. Metrics)	26.44 KB
@​sentry/browser (incl. Logs)	26.57 KB
@​sentry/browser (incl. Metrics & Logs)	27.24 KB
@​sentry/react	26.89 KB
@​sentry/react (incl. Tracing)	44.81 KB
@​sentry/vue	29.89 KB
@​sentry/vue (incl. Tracing)	44.38 KB
@​sentry/svelte	25.2 KB
CDN Bundle	27.79 KB
CDN Bundle (incl. Tracing)	43.64 KB
CDN Bundle (incl. Logs, Metrics)	29.13 KB
CDN Bundle (incl. Tracing, Logs, Metrics)	44.7 KB
CDN Bundle (incl. Replay, Logs, Metrics)	67.12 KB
CDN Bundle (incl. Tracing, Replay)	79.74 KB
CDN Bundle (incl. Tracing, Replay, Logs, Metrics)	80.79 KB
CDN Bundle (incl. Tracing, Replay, Feedback)	85.13 KB
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics)	86.17 KB
CDN Bundle - uncompressed	81.17 KB
CDN Bundle (incl. Tracing) - uncompressed	130.51 KB
CDN Bundle (incl. Logs, Metrics) - uncompressed	85.22 KB
CDN Bundle (incl. Tracing, Logs, Metrics) - uncompressed	133.84 KB
CDN Bundle (incl. Replay, Logs, Metrics) - uncompressed	205.7 KB
CDN Bundle (incl. Tracing, Replay) - uncompressed	244.99 KB
CDN Bundle (incl. Tracing, Replay, Logs, Metrics) - uncompressed	248.31 KB
CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed	257.6 KB
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics) - uncompressed	260.91 KB
@​sentry/nextjs (client)	47.28 KB
@​sentry/sveltekit (client)	43.02 KB
@​sentry/node-core	56.58 KB
@​sentry/node	170.68 KB
@​sentry/node - without tracing	95.57 KB
@​sentry/aws-serverless	112.42 KB

v10.48.0

Compare Source

v10.47.0

Compare Source

Important Changes

• feat(node-core): Add OTLP integration for node-core/light (#​19729)

  Added otlpIntegration at @sentry/node-core/light/otlp for users who manage
  their own OpenTelemetry setup and want to send trace data to Sentry without
  adopting the full @sentry/node SDK.

  import { NodeTracerProvider } from '@​opentelemetry/sdk-trace-node';
  import * as Sentry from '@​sentry/node-core/light';
  import { otlpIntegration } from '@​sentry/node-core/light/otlp';
  
  const provider = new NodeTracerProvider();
  provider.register();
  
  Sentry.init({
    dsn: '__DSN__',
    integrations: [
      otlpIntegration({
        // Export OTel spans to Sentry via OTLP (default: true)
        setupOtlpTracesExporter: true,
      }),
    ],
  });

  The integration links Sentry errors to OTel traces and exports spans to Sentry via OTLP.

• feat(node, bun): Add runtime metrics integrations for Node.js and Bun (#​19923, #​19979)

  New nodeRuntimeMetricsIntegration and bunRuntimeMetricsIntegration automatically collect runtime health metrics and send them to Sentry on a configurable interval (default: 30s). Collected metrics include memory (RSS, heap used/total), CPU utilization, event loop utilization, and process uptime. Node additionally collects event loop delay percentiles (p50, p99). Extra metrics like CPU time and external memory are available as opt-in.

  // Node.js
  import * as Sentry from '@​sentry/node';
  
  Sentry.init({
    dsn: '...',
    integrations: [Sentry.nodeRuntimeMetricsIntegration()],
  });
  
  // Bun
  import * as Sentry from '@​sentry/bun';
  
  Sentry.init({
    dsn: '...',
    integrations: [Sentry.bunRuntimeMetricsIntegration()],
  });

• feat(core): Support embedding APIs in google-genai (#​19797)

  Adds instrumentation for the Google GenAI embedContent API, creating gen_ai.embeddings spans.

• feat(browser): Add elementTimingIntegration for tracking element render and load times (#​19869)

  The new elementTimingIntegration captures Element Timing API data as Sentry metrics. It emits element_timing.render_time and element_timing.load_time distribution metrics for elements annotated with the elementtiming HTML attribute.

  import * as Sentry from '@​sentry/browser';
  
  Sentry.init({
    dsn: '__DSN__',
    integrations: [Sentry.browserTracingIntegration(), Sentry.elementTimingIntegration()],
  });

  <img src="hero.jpg" elementtiming="hero-image" />

Other Changes

• feat(nuxt): Add middleware instrumentation compatibility for Nuxt 5 (#​19968)
• feat(nuxt): Support parametrized SSR routes in Nuxt 5 (#​19977)
• feat(solid): Add route parametrization for Solid Router (#​20031)
• fix(core): Guard nullish response in