Skip to content

Bump @sentry/react from 8.55.0 to 10.15.0#64

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/sentry/react-10.15.0
Closed

Bump @sentry/react from 8.55.0 to 10.15.0#64
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/sentry/react-10.15.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Sep 24, 2025

Copy link
Copy Markdown

Bumps @sentry/react from 8.55.0 to 10.15.0.

Release notes

Sourced from @​sentry/react's releases.

10.15.0

Important Changes

  • feat(cloudflare): Add honoIntegration with error-filtering function (#17743)

    This release adds a honoIntegration to @sentry/cloudflare, which exposes a shouldHandleError function that lets you define which errors in onError should be captured. By default, Sentry captures exceptions with error.status >= 500 || error.status <= 299.

    The integration is added by default, and it's possible to modify this behavior like this:

     integrations: [
       honoIntegration({
        shouldHandleError: (err) => true; // always capture exceptions in onError
       })
     ]
  • feat(node): Add instrumentation for hono handler (#17428)

This PR enhances the Hono integration by adding comprehensive handler instrumentation, error handling capabilities.

  • feat(aws): Enable Lambda extension by default when using the Lamba layer (#17684)

  • feat(browser): Add setActiveSpanInBrowser to set an active span in the browser (#17714)

This PR adds a feature to the browser SDKs only: Making an inactive span active. We do this to enable use cases where having a span only being active in the callback is not practical.

Other Changes

  • fix(browser): Improve handling of 0 and undefined resource timing values (#17751)
  • ref(nextjs): Display build compatibility warning for webpack (#17746)
  • docs: Reword changelog for google gen ai instrumentation (#17753)
  • build: Add @typescript-eslint/no-unnecessary-type-assertion rule (#17728)
  • build: Update TS target to es2020 everywhere (#17709)
  • chore: Add external contributor to CHANGELOG.md (#17745)

Work in this release was contributed by @​Karibash. Thank you for your contribution!

Bundle size 📦

Path Size
@​sentry/browser 23.69 KB

... (truncated)

Changelog

Sourced from @​sentry/react's changelog.

10.15.0

Important Changes

  • feat(cloudflare): Add honoIntegration with error-filtering function (#17743)

    This release adds a honoIntegration to @sentry/cloudflare, which exposes a shouldHandleError function that lets you define which errors in onError should be captured. By default, Sentry captures exceptions with error.status >= 500 || error.status <= 299.

    The integration is added by default, and it's possible to modify this behavior like this:

     integrations: [
       honoIntegration({
        shouldHandleError: (err) => true; // always capture exceptions in onError
       })
     ]
  • feat(node): Add instrumentation for hono handler (#17428)

This PR enhances the Hono integration by adding comprehensive handler instrumentation, error handling capabilities.

  • feat(aws): Enable Lambda extension by default when using the Lamba layer (#17684)

  • feat(browser): Add setActiveSpanInBrowser to set an active span in the browser (#17714)

This PR adds a feature to the browser SDKs only: Making an inactive span active. We do this to enable use cases where having a span only being active in the callback is not practical.

Other Changes

  • fix(browser): Improve handling of 0 and undefined resource timing values (#17751)
  • ref(nextjs): Display build compatibility warning for webpack (#17746)
  • docs: Reword changelog for google gen ai instrumentation (#17753)
  • build: Add @typescript-eslint/no-unnecessary-type-assertion rule (#17728)
  • build: Update TS target to es2020 everywhere (#17709)
  • chore: Add external contributor to CHANGELOG.md (#17745)

Work in this release was contributed by @​Karibash. Thank you for your contribution!

10.14.0

Important Changes

... (truncated)

Commits
  • d1366f4 release: 10.15.0
  • 2d54234 Merge pull request #17756 from getsentry/prepare-release/10.15.0
  • 75796c5 meta(changelog): Update changelog for 10.15.0
  • 34538c8 feat(cloudflare): Add honoIntegration with error-filtering function (#17743)
  • e419420 docs: Reword changelog for google gen ai instrumentation (#17753)
  • 105f78e fix(browser): Improve handling of 0 and undefined resource timing values ...
  • 678d6e8 feat(aws): Enable Lambda extension by default when using the Lamba layer (#17...
  • c084bd6 ref(nextjs): Display build compatibility warning for webpack (#17746)
  • 16ee36a chore: Add external contributor to CHANGELOG.md (#17745)
  • 01fa69d feat(node): Add instrumentation for hono handler (#17428)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [@sentry/react](https://github.com/getsentry/sentry-javascript) from 8.55.0 to 10.15.0.
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md)
- [Commits](getsentry/sentry-javascript@8.55.0...10.15.0)

---
updated-dependencies:
- dependency-name: "@sentry/react"
  dependency-version: 10.15.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Sep 24, 2025
@fossabot

fossabot Bot commented Sep 24, 2025

Copy link
Copy Markdown

✓ Safe to upgrade

I recommend merging this upgrade because @​sentry/react is a completely unused dependency in this codebase - it exists in package.json but has no imports, initializations, or usage anywhere in the source code. The application currently uses basic console.error() logging instead of Sentry's error tracking. While the upgrade introduces 25 breaking changes, 19 deprecations, and 5 security fixes, none of these affect this codebase since Sentry is not actually implemented. The upgrade will pull in the latest security patches without any code changes required.

What we checked

  • @​sentry/react is listed as a dependency but completely unused - represents dead code that should eventually be removed [1]
  • Application uses console.error() for error handling instead of Sentry - no Sentry imports or usage found anywhere in codebase [2]
  • Upgrade includes 5 high-severity security fixes for injection vulnerabilities, but they don't affect this codebase since Sentry is unused [3]

Dependency Usage

The @​sentry/react package is listed as a dependency in package.json but is completely unused throughout the codebase. This represents dead code that should be removed, as the application currently relies on basic console.error() logging instead of Sentry's error tracking functionality.

Changes Summary

Found 1 important update

View all changes

@​sentry/react (8.55.0 → 10.15.0)
This major version upgrade removes Prisma SDK v10 support due to OpenTelemetry v1 incompatibility and eliminates several deprecated APIs including startTrace, instrumentation.requestHook, and _experimentalConfig options. The update also renames the TanStack Start package to @​sentry/tanstackstart-react and removes automatic Fastify v5 error handler setup along with request isolation monkey patching. release notes (v10.0.0): feat(core): MCP server instrumentation without breaking Miniflare ()

References (3)

[1]: @​sentry/react is listed as a dependency but completely unused - represents dead code that should eventually be removed
https://github.com/Pouria-FOSSA/dependabot-metadata-test/blob/035c00e429c63d92fd4664cd3811c287f53824a7/tmp/fossabot/2025-09-24T16:16:24.293Z/Pouria-FOSSA-dependabot-metadata-test-pr64-cfca2f/repository/package.json#L19

[2]: Application uses console.error() for error handling instead of Sentry - no Sentry imports or usage found anywhere in codebase
https://github.com/Pouria-FOSSA/dependabot-metadata-test/blob/035c00e429c63d92fd4664cd3811c287f53824a7/tmp/fossabot/2025-09-24T16:16:24.293Z/Pouria-FOSSA-dependabot-metadata-test-pr64-cfca2f/repository/src/client/App.tsx#L23

[3]: Upgrade includes 5 high-severity security fixes for injection vulnerabilities, but they don't affect this codebase since Sentry is unused (more)


fossabot analyzed this PR using static analysis and dependency research.

@github-actions

Copy link
Copy Markdown

🤖 Dependabot Metadata:

  • Dependency Names: @sentry/react
  • Package Ecosystem: npm_and_yarn
  • From version: 8.55.0
  • To version: 10.15.0
  • URL: ``
  • Compatibility Score: 0
  • Maintainer Changes: false
  • Update Type: version-update:semver-major
  • Updated Dependencies JSON: [{"dependencyName":"@sentry/react","dependencyType":"direct:production","updateType":"version-update:semver-major","directory":"/","packageEcosystem":"npm_and_yarn","targetBranch":"main","prevVersion":"8.55.0","newVersion":"10.15.0","compatScore":0,"maintainerChanges":false,"dependencyGroup":"","alertState":"","ghsaId":"","cvss":0}]

@dependabot @github

dependabot Bot commented on behalf of github Sep 29, 2025

Copy link
Copy Markdown
Author

Superseded by #65.

@dependabot dependabot Bot closed this Sep 29, 2025
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/sentry/react-10.15.0 branch September 29, 2025 20:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants