chore(deps)(deps): bump the monitoring group across 1 directory with 2 updates

[dependabot]

Bumps the monitoring group with 2 updates in the / directory: @sentry/nextjs and @vercel/analytics.

Updates @sentry/nextjs from 10.43.0 to 10.45.0

Release notes

Sourced from @​sentry/nextjs's releases.

10.45.0

Important Changes

• feat(remix): Server Timing Headers Trace Propagation (#18653)

  The Remix SDK now supports automatic trace propagation via Server-Timing response headers to continue pageload traces on the client side. This means, you no longer have to define a custom meta function to add Sentry <meta> tags to your page as previously. We'll update out Remix tracing docs after this release.

Other Changes

• fix(cloudflare): Use correct env types for withSentry (#19836)
• fix(core): Align error span status message with core SpanStatusType for langchain/google-genai (#19863)
• fix(deno): Clear pre-existing OTel global before registering TracerProvider (#19723)
• fix(nextjs): Skip tracing for tunnel requests (#19861)
• fix(node-core): Recycle propagationContext for each request (#19835)
• ref(core): Simplify core utility functions for smaller bundle (#19854)

• chore(deps): bump next from 16.1.5 to 16.1.7 in /dev-packages/e2e-tests/test-applications/nextjs-16 (#19851)
• ci(release): Switch from action-prepare-release to Craft (#18763)
• fix(deps): bump devalue 5.6.3 to 5.6.4 to fix CVE-2026-30226 (#19849)
• fix(deps): bump file-type to 21.3.2 and @​nestjs/common to 11.1.17 (#19847)
• fix(deps): bump flatted 3.3.1 to 3.4.2 to fix CVE-2026-32141 (#19842)
• fix(deps): bump hono 4.12.5 to 4.12.7 in cloudflare-hono E2E test app (#19850)
• fix(deps): bump next to 15.5.13/16.1.7 to fix CVE-2026-1525, CVE-202-33036 and related (#19870)
• fix(deps): bump tar 7.5.10 to 7.5.11 to fix CVE-2026-31802 (#19846)
• fix(deps): bump undici 6.23.0 to 6.24.1 to fix multiple CVEs (#19841)
• fix(deps): bump unhead 2.1.4 to 2.1.12 to fix CVE-2026-31860 and CVE-2026-31873 (#19848)
• test(nextjs): Skip broken ISR tests (#19871)
• test(react): Add gql tests for react router (#19844)

Bundle size 📦

Path	Size
@​sentry/browser	24.93 KB
@​sentry/browser - with treeshaking flags	23.47 KB
@​sentry/browser (incl. Tracing)	41.51 KB
@​sentry/browser (incl. Tracing, Profiling)	46.07 KB
@​sentry/browser (incl. Tracing, Replay)	79.41 KB
@​sentry/browser (incl. Tracing, Replay) - with treeshaking flags	69.22 KB
@​sentry/browser (incl. Tracing, Replay with Canvas)	84 KB
@​sentry/browser (incl. Tracing, Replay, Feedback)	95.97 KB
@​sentry/browser (incl. Feedback)	41.35 KB
@​sentry/browser (incl. sendFeedback)	29.49 KB

... (truncated)

Changelog

Sourced from @​sentry/nextjs's changelog.

10.45.0

Important Changes

• feat(remix): Server Timing Headers Trace Propagation (#18653)

  The Remix SDK now supports automatic trace propagation via Server-Timing response headers to continue pageload traces on the client side. This means, you no longer have to define a custom meta function to add Sentry <meta> tags to your page as previously. We'll update out Remix tracing docs after this release.

Other Changes

• fix(cloudflare): Use correct env types for withSentry (#19836)
• fix(core): Align error span status message with core SpanStatusType for langchain/google-genai (#19863)
• fix(deno): Clear pre-existing OTel global before registering TracerProvider (#19723)
• fix(nextjs): Skip tracing for tunnel requests (#19861)
• fix(node-core): Recycle propagationContext for each request (#19835)
• ref(core): Simplify core utility functions for smaller bundle (#19854)

• chore(deps): bump next from 16.1.5 to 16.1.7 in /dev-packages/e2e-tests/test-applications/nextjs-16 (#19851)
• ci(release): Switch from action-prepare-release to Craft (#18763)
• fix(deps): bump devalue 5.6.3 to 5.6.4 to fix CVE-2026-30226 (#19849)
• fix(deps): bump file-type to 21.3.2 and @​nestjs/common to 11.1.17 (#19847)
• fix(deps): bump flatted 3.3.1 to 3.4.2 to fix CVE-2026-32141 (#19842)
• fix(deps): bump hono 4.12.5 to 4.12.7 in cloudflare-hono E2E test app (#19850)
• fix(deps): bump next to 15.5.13/16.1.7 to fix CVE-2026-1525, CVE-202-33036 and related (#19870)
• fix(deps): bump tar 7.5.10 to 7.5.11 to fix CVE-2026-31802 (#19846)
• fix(deps): bump undici 6.23.0 to 6.24.1 to fix multiple CVEs (#19841)
• fix(deps): bump unhead 2.1.4 to 2.1.12 to fix CVE-2026-31860 and CVE-2026-31873 (#19848)
• test(nextjs): Skip broken ISR tests (#19871)
• test(react): Add gql tests for react router (#19844)

10.44.0

Important Changes

• feat(effect): Add @sentry/effect SDK (Alpha) (#19644)

  This release introduces @sentry/effect, a new SDK for Effect.ts applications. The SDK provides Sentry integration via composable Effect layers for both Node.js and browser environments.

  Compose the effectLayer with optional tracing, logging, and metrics layers to instrument your Effect application:

  import * as Sentry from '@sentry/effect';
  import * as Layer from 'effect/Layer';

... (truncated)

Commits

• ef79d28 release: 10.45.0
• 28208bc Merge pull request #19877 from getsentry/prepare-release/10.45.0
• 2e2fd35 meta(changelog): Update changelog for 10.45.0
• 79241b0 fix(nextjs): Skip tracing for tunnel requests (#19861)
• 938ab2d ref(core): Simplify core utility functions for smaller bundle (#19854)
• 3bb4325 fix(core): Align error span status message with core SpanStatusType for lan...
• 3e5499a fix(deps): bump next to 15.5.13/16.1.7 to fix CVE-2026-1525, CVE-202-33036 an...
• 6f17b8a fix(cloudflare): Use correct env types for withSentry (#19836)
• b4b9e71 test(nextjs): Skip broken ISR tests (#19871)
• ae7206f feat(remix): Server Timing Headers Trace Propagation (#18653)
• Additional commits viewable in compare view

Updates @vercel/analytics from 1.6.1 to 2.0.1

Release notes

Sourced from @​vercel/analytics's releases.

v2.0.1

What's Changed

• fix(nuxt): set nuxt as optional dependency by @​CHC383 in vercel/analytics#193

New Contributors

• @​CHC383 made their first contribution in vercel/analytics#193

Full Changelog: vercel/analytics@v2.0.0...v2.0.1

v2.0.0

What's Changed

Breaking Changes

• License changed from MPL-2.0 to MIT (#170)
• Nuxt: introduce module support. If you need to configure it, load injectAnalytics() from @vercel/analytics/nuxt/runtime (#183)

Features

• feat: load dynamic configuration (#184) — analytics config can now be loaded dynamically

Bug Fixes

• fix: src and endpoint paths do not work when relative (#186)

Full Changelog: vercel/speed-insights@1.6.1...2.0.0

v2.0.0-canary.1

Canary release for testing 2.0.0 changes

Commits

• 0d69416 chore: bump version to v2.0.1 (#195)
• c7f3c37 fix(nuxt): set nuxt as optional dependency (#193)
• c3e3805 chore: bump version to v2.0.0
• 425a797 chore: bump version to v2.0.0-canary.1
• 22888e3 fix: src and endpoint paths do not work when relative (#186)
• 3879f57 feat: load dynamic configuration (#184)
• 95f8914 feat(nuxt)!: Add support for injectAnalytics() and Nuxt module (#183)
• e407489 feat!: change license to MIT (#170)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies, npm. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
progresstracker	Ready	Preview, Comment	Mar 23, 2026 0:43am