Merge pull request #19882 from getsentry/master

[Gitflow] Merge master into develop

Author: github-actions[bot]

.version.json

@@ -1,4 +1,4 @@
 {
   "_comment": "Auto-generated by scripts/bump-version.js. Used by the gitflow sync workflow to detect version bumps. Do not edit manually.",
-  "version": "10.44.0"
+  "version": "10.45.0"
 }

CHANGELOG.md

@@ -4,6 +4,43 @@
 
 - "You miss 100 percent of the chances you don't take. — Wayne Gretzky" — Michael Scott
 
+## 10.45.0
+
+### Important Changes
+
+- **feat(remix): Server Timing Headers Trace Propagation ([#18653](https://github.com/getsentry/sentry-javascript/pull/18653))**
+
+  The Remix SDK now supports automatic trace propagation via `Server-Timing` response headers to continue pageload traces on the client side.
+  This means, you no longer have to define a custom `meta` function to add Sentry `<meta>` tags to your page as previously.
+  We'll update out Remix tracing docs after this release.
+
+### Other Changes
+
+- fix(cloudflare): Use correct env types for `withSentry` ([#19836](https://github.com/getsentry/sentry-javascript/pull/19836))
+- fix(core): Align error span status message with core `SpanStatusType` for langchain/google-genai ([#19863](https://github.com/getsentry/sentry-javascript/pull/19863))
+- fix(deno): Clear pre-existing OTel global before registering TracerProvider ([#19723](https://github.com/getsentry/sentry-javascript/pull/19723))
+- fix(nextjs): Skip tracing for tunnel requests ([#19861](https://github.com/getsentry/sentry-javascript/pull/19861))
+- fix(node-core): Recycle propagationContext for each request ([#19835](https://github.com/getsentry/sentry-javascript/pull/19835))
+- ref(core): Simplify core utility functions for smaller bundle ([#19854](https://github.com/getsentry/sentry-javascript/pull/19854))
+
+<details>
+  <summary> <strong>Internal Changes</strong> </summary>
+
+- chore(deps): bump next from 16.1.5 to 16.1.7 in /dev-packages/e2e-tests/test-applications/nextjs-16 ([#19851](https://github.com/getsentry/sentry-javascript/pull/19851))
+- ci(release): Switch from action-prepare-release to Craft ([#18763](https://github.com/getsentry/sentry-javascript/pull/18763))
+- fix(deps): bump devalue 5.6.3 to 5.6.4 to fix CVE-2026-30226 ([#19849](https://github.com/getsentry/sentry-javascript/pull/19849))
+- fix(deps): bump file-type to 21.3.2 and @nestjs/common to 11.1.17 ([#19847](https://github.com/getsentry/sentry-javascript/pull/19847))
+- fix(deps): bump flatted 3.3.1 to 3.4.2 to fix CVE-2026-32141 ([#19842](https://github.com/getsentry/sentry-javascript/pull/19842))
+- fix(deps): bump hono 4.12.5 to 4.12.7 in cloudflare-hono E2E test app ([#19850](https://github.com/getsentry/sentry-javascript/pull/19850))
+- fix(deps): bump next to 15.5.13/16.1.7 to fix CVE-2026-1525, CVE-202-33036 and related ([#19870](https://github.com/getsentry/sentry-javascript/pull/19870))
+- fix(deps): bump tar 7.5.10 to 7.5.11 to fix CVE-2026-31802 ([#19846](https://github.com/getsentry/sentry-javascript/pull/19846))
+- fix(deps): bump undici 6.23.0 to 6.24.1 to fix multiple CVEs ([#19841](https://github.com/getsentry/sentry-javascript/pull/19841))
+- fix(deps): bump unhead 2.1.4 to 2.1.12 to fix CVE-2026-31860 and CVE-2026-31873 ([#19848](https://github.com/getsentry/sentry-javascript/pull/19848))
+- test(nextjs): Skip broken ISR tests ([#19871](https://github.com/getsentry/sentry-javascript/pull/19871))
+- test(react): Add gql tests for react router ([#19844](https://github.com/getsentry/sentry-javascript/pull/19844))
+
+</details>
+
 ## 10.44.0
 
 ### Important Changes

dev-packages/browser-integration-tests/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sentry-internal/browser-integration-tests",
-  "version": "10.44.0",
+  "version": "10.45.0",
   "main": "index.js",
   "license": "MIT",
   "engines": {
@@ -60,7 +60,7 @@
     "@babel/preset-typescript": "^7.16.7",
     "@playwright/test": "~1.56.0",
     "@sentry-internal/rrweb": "2.34.0",
-    "@sentry/browser": "10.44.0",
+    "@sentry/browser": "10.45.0",
     "@supabase/supabase-js": "2.49.3",
     "axios": "^1.12.2",
     "babel-loader": "^10.0.0",

dev-packages/bundle-analyzer-scenarios/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sentry-internal/bundle-analyzer-scenarios",
-  "version": "10.44.0",
+  "version": "10.45.0",
   "description": "Scenarios to test bundle analysis with",
   "repository": "git://github.com/getsentry/sentry-javascript.git",
   "homepage": "https://github.com/getsentry/sentry-javascript/tree/master/dev-packages/bundle-analyzer-scenarios",

dev-packages/bundler-tests/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sentry-internal/bundler-tests",
-  "version": "10.44.0",
+  "version": "10.45.0",
   "description": "Bundler tests for Sentry Browser SDK",
   "repository": "git://github.com/getsentry/sentry-javascript.git",
   "homepage": "https://github.com/getsentry/sentry-javascript/tree/master/packages/bundler-tests",
@@ -13,7 +13,7 @@
   },
   "dependencies": {
     "@rollup/plugin-node-resolve": "^16.0.3",
-    "@sentry/browser": "10.44.0",
+    "@sentry/browser": "10.45.0",
     "rollup": "^4.0.0",
     "vite": "^5.0.0",
     "vitest": "^3.2.4",

dev-packages/clear-cache-gh-action/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@sentry-internal/clear-cache-gh-action",
   "description": "An internal Github Action to clear GitHub caches.",
-  "version": "10.44.0",
+  "version": "10.45.0",
   "license": "MIT",
   "engines": {
     "node": ">=18"

dev-packages/cloudflare-integration-tests/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sentry-internal/cloudflare-integration-tests",
-  "version": "10.44.0",
+  "version": "10.45.0",
   "license": "MIT",
   "engines": {
     "node": ">=18"
@@ -14,13 +14,13 @@
   },
   "dependencies": {
     "@langchain/langgraph": "^1.0.1",
-    "@sentry/cloudflare": "10.44.0",
-    "@sentry/hono": "10.44.0",
+    "@sentry/cloudflare": "10.45.0",
+    "@sentry/hono": "10.45.0",
     "hono": "^4.12.7"
   },
   "devDependencies": {
     "@cloudflare/workers-types": "^4.20250922.0",
-    "@sentry-internal/test-utils": "10.44.0",
+    "@sentry-internal/test-utils": "10.45.0",
     "eslint-plugin-regexp": "^1.15.0",
     "vitest": "^3.2.4",
     "wrangler": "4.61.0"

dev-packages/e2e-tests/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sentry-internal/e2e-tests",
-  "version": "10.44.0",
+  "version": "10.45.0",
   "license": "MIT",
   "private": true,
   "scripts": {

dev-packages/external-contributor-gh-action/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@sentry-internal/external-contributor-gh-action",
   "description": "An internal Github Action to add external contributors to the CHANGELOG.md file.",
-  "version": "10.44.0",
+  "version": "10.45.0",
   "license": "MIT",
   "engines": {
     "node": ">=18"

dev-packages/node-core-integration-tests/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sentry-internal/node-core-integration-tests",
-  "version": "10.44.0",
+  "version": "10.45.0",
   "license": "MIT",
   "engines": {
     "node": ">=18"
@@ -34,8 +34,8 @@
     "@opentelemetry/resources": "^2.6.0",
     "@opentelemetry/sdk-trace-base": "^2.6.0",
     "@opentelemetry/semantic-conventions": "^1.40.0",
-    "@sentry/core": "10.44.0",
-    "@sentry/node-core": "10.44.0",
+    "@sentry/core": "10.45.0",
+    "@sentry/node-core": "10.45.0",
     "body-parser": "^2.2.2",
     "cors": "^2.8.5",
     "cron": "^3.1.6",