Update all non-major frontend dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@eslint/js (source)	9.39.2 → 9.39.4
@mui/icons-material (source)	7.3.7 → 7.3.9
@mui/material (source)	7.3.7 → 7.3.9
@mui/x-date-pickers (source)	8.27.0 → 8.27.2
@sentry/react (source)	10.38.0 → 10.42.0
@typescript-eslint/parser (source)	8.55.0 → 8.56.1
axios (source)	1.13.5 → 1.13.6
eslint (source)	9.39.2 → 9.39.4
globals	17.3.0 → 17.4.0
react-hook-form (source)	7.71.1 → 7.71.2
react-router (source)	7.13.0 → 7.13.1
typescript-eslint (source)	8.55.0 → 8.56.1
vite-tsconfig-paths	6.1.0 → 6.1.1

---

Release Notes

eslint/eslint (@​eslint/js)

v9.39.4

Compare Source

v9.39.3

Compare Source

Bug Fixes

• 791bf8d fix: restore TypeScript 4.0 compatibility in types (#​20504) (sethamus)

Chores

• 8594a43 chore: upgrade @​eslint/js@​9.39.3 (#​20529) (Milos Djermanovic)
• 9ceef92 chore: package.json update for @​eslint/js release (Jenkins)
• af498c6 chore: ignore /docs/v9.x in link checker (#​20453) (Milos Djermanovic)

mui/material-ui (@​mui/icons-material)

v7.3.9

Compare Source

v7.3.8

Compare Source

Feb 12, 2026

A big thanks to the 15 contributors who made this release possible. Here are some highlights ✨:

@mui/material@7.3.8

• [alert] Revert removing default icon mapping fallback (#​47629) @​ZeeshanTamboli
• [app-bar] Fix optional chaining in joinVars function (#​47739) @​sai6855
• [autocomplete] Fix scroll position resetting on reopen with disableCloseOnSelect (#​47248) @​ZeeshanTamboli
• [autocomplete] Pass fullWidth prop to input, with default as true (#​47663) @​silviuaavram
• [badge] Refactor variant styles generation (#​47742) @​sai6855
• [chip] Remove unnecessary onDelete check (#​47753) @​ZeeshanTamboli
• [switch][checkbox][radio] Remove aria-disabled from root span (#​46318) @​KirankumarAmbati
• [collapse] Remove unnecessary string concatenation (#​47745) @​sai6855
• [drawer] persistent and permanent variant Drawers should not override the styles via theme using modal class (#​47581) @​ZeeshanTamboli
• [tabs] Add ability to extend Tabs variant (#​47590) @​aditya1906
• [useAutocomplete] Add aria-multiselectable to listbox props when multiple is true (#​47632) @​silviuaavram
• [useAutocomplete] Use React.Key instead of any for key prop (#​47619) @​sonixx02

Core

• Revert "[docs-infra] Add Cookie Banner and Analytics Provider (#​47445)" (868d23e) @​dav-is
• Revert "[docs-infra] Update Cookie Consent Dialog styling and content (#​47718)" (ae29d03) @​dav-is
• [api-docs-builder] Validate slots prop and Slots interface export consistency (#​47623) @​Janpot
• [code-infra] Remove window.muiDocConfig (#​47737) @​Janpot
• [code-infra] Fix flaky Select test on Webkit (#​47728) @​Janpot
• [code-infra] Remove usage of NODE_ENV=test (#​47692) @​Janpot
• [code-infra] Prepare eslint rule rename (#​47702) @​Janpot
• [code-infra] Next.js 15.5.11 (security update) (#​47697) @​Janpot
• [code-infra] Fix Tooltip tests flakyness (#​47669) @​Janpot
• [code-infra] Improve instructions for error messages (#​47668) @​Janpot
• [code-infra] Add initial agent instructions (#​47655) @​Janpot
• [code-infra] Update broken links checker (#​47633) @​Janpot
• [code-infra] Improve Tooltip leaveDelay test (#​47624) @​Janpot
• [code-infra] Fix internal broken links (#​47607) @​Janpot
• [docs-infra] Resolve a few 301s in our docs (#​47746) @​Janpot
• [docs-infra] Update Cookie Consent Dialog styling and content (#​47718) @​dav-is
• [docs-infra] Add Cookie Banner and Analytics Provider (#​47445) @​dav-is
• [docs-infra] Make sure /customers page has a h1 (#​47615) @​Janpot
• [docs-infra] Fix privacy link (#​47614) @​Janpot
• [docs-infra] Resolve a few 301s (#​47579) @​Janpot
• [internal] Remove unused sponsor files (#​47741) @​oliviertassinari
• [markdown] Fix some broken hash links (#​47609) @​Janpot
• [test] Cleanup Table tests TODOs (#​47656) @​Ocheretovich

Docs

• [website] unclickable banner in the pricing page (#​47634) @​aemartos
• [blog] Company Update: What we've been working on (and why) (#​47626) @​alelthomas
• [docs] Remove outdated notifications (#​47743) @​bernardobelchior
• [docs] Make Demo component product-agnostic (#​47635) @​Janpot
• [docs] Copyedit the Number Field doc (#​47469) @​mapache-salvaje
• [docs] Fix Roboto font not loading in iframe demos (#​47660) @​Janpot
• [docs] Replace Checkbox with Icons in Combobox examples (#​47654) @​silviuaavram
• [docs] Fix punctuation in TypeScript guide description (#​47617) @​nodirbekprogrammer

All contributors of this release in alphabetical order: @​aditya1906, @​aemartos, @​alelthomas, @​bernardobelchior, @​dav-is, @​Janpot, @​KirankumarAmbati, @​mapache-salvaje, @​nodirbekprogrammer, @​Ocheretovich, @​oliviertassinari, @​sai6855, @​silviuaavram, @​sonixx02, @​ZeeshanTamboli

mui/material-ui (@​mui/material)

v7.3.9

Compare Source

v7.3.8

Compare Source

Feb 12, 2026

A big thanks to the 15 contributors who made this release possible. Here are some highlights ✨:

@mui/material@7.3.8

• [alert] Revert removing default icon mapping fallback (#​47629) @​ZeeshanTamboli
• [app-bar] Fix optional chaining in joinVars function (#​47739) @​sai6855
• [autocomplete] Fix scroll position resetting on reopen with disableCloseOnSelect (#​47248) @​ZeeshanTamboli
• [autocomplete] Pass fullWidth prop to input, with default as true (#​47663) @​silviuaavram
• [badge] Refactor variant styles generation (#​47742) @​sai6855
• [chip] Remove unnecessary onDelete check (#​47753) @​ZeeshanTamboli
• [switch][checkbox][radio] Remove aria-disabled from root span (#​46318) @​KirankumarAmbati
• [collapse] Remove unnecessary string concatenation (#​47745) @​sai6855
• [drawer] persistent and permanent variant Drawers should not override the styles via theme using modal class (#​47581) @​ZeeshanTamboli
• [tabs] Add ability to extend Tabs variant (#​47590) @​aditya1906
• [useAutocomplete] Add aria-multiselectable to listbox props when multiple is true (#​47632) @​silviuaavram
• [useAutocomplete] Use React.Key instead of any for key prop (#​47619) @​sonixx02

Core

• Revert "[docs-infra] Add Cookie Banner and Analytics Provider (#​47445)" (868d23e) @​dav-is
• Revert "[docs-infra] Update Cookie Consent Dialog styling and content (#​47718)" (ae29d03) @​dav-is
• [api-docs-builder] Validate slots prop and Slots interface export consistency (#​47623) @​Janpot
• [code-infra] Remove window.muiDocConfig (#​47737) @​Janpot
• [code-infra] Fix flaky Select test on Webkit (#​47728) @​Janpot
• [code-infra] Remove usage of NODE_ENV=test (#​47692) @​Janpot
• [code-infra] Prepare eslint rule rename (#​47702) @​Janpot
• [code-infra] Next.js 15.5.11 (security update) (#​47697) @​Janpot
• [code-infra] Fix Tooltip tests flakyness (#​47669) @​Janpot
• [code-infra] Improve instructions for error messages (#​47668) @​Janpot
• [code-infra] Add initial agent instructions (#​47655) @​Janpot
• [code-infra] Update broken links checker (#​47633) @​Janpot
• [code-infra] Improve Tooltip leaveDelay test (#​47624) @​Janpot
• [code-infra] Fix internal broken links (#​47607) @​Janpot
• [docs-infra] Resolve a few 301s in our docs (#​47746) @​Janpot
• [docs-infra] Update Cookie Consent Dialog styling and content (#​47718) @​dav-is
• [docs-infra] Add Cookie Banner and Analytics Provider (#​47445) @​dav-is
• [docs-infra] Make sure /customers page has a h1 (#​47615) @​Janpot
• [docs-infra] Fix privacy link (#​47614) @​Janpot
• [docs-infra] Resolve a few 301s (#​47579) @​Janpot
• [internal] Remove unused sponsor files (#​47741) @​oliviertassinari
• [markdown] Fix some broken hash links (#​47609) @​Janpot
• [test] Cleanup Table tests TODOs (#​47656) @​Ocheretovich

Docs

• [website] unclickable banner in the pricing page (#​47634) @​aemartos
• [blog] Company Update: What we've been working on (and why) (#​47626) @​alelthomas
• [docs] Remove outdated notifications (#​47743) @​bernardobelchior
• [docs] Make Demo component product-agnostic (#​47635) @​Janpot
• [docs] Copyedit the Number Field doc (#​47469) @​mapache-salvaje
• [docs] Fix Roboto font not loading in iframe demos (#​47660) @​Janpot
• [docs] Replace Checkbox with Icons in Combobox examples (#​47654) @​silviuaavram
• [docs] Fix punctuation in TypeScript guide description (#​47617) @​nodirbekprogrammer

All contributors of this release in alphabetical order: @​aditya1906, @​aemartos, @​alelthomas, @​bernardobelchior, @​dav-is, @​Janpot, @​KirankumarAmbati, @​mapache-salvaje, @​nodirbekprogrammer, @​Ocheretovich, @​oliviertassinari, @​sai6855, @​silviuaavram, @​sonixx02, @​ZeeshanTamboli

mui/mui-x (@​mui/x-date-pickers)

v8.27.2

Compare Source

We'd like to extend a big thank you to the 3 contributors who made this release possible. Here are some highlights ✨:

• 🐞 Bugfixes

Data Grid

@mui/x-data-grid@8.27.2

Internal changes.

@mui/x-data-grid-pro@8.27.2

Same changes as in @mui/x-data-grid@8.27.2, plus:

• [DataGridPro] Fix number input visibility in header filters (#​21345) @​michelengelen

@mui/x-data-grid-premium@8.27.2

Same changes as in @mui/x-data-grid-pro@8.27.2.

Date and Time Pickers

@mui/x-date-pickers@8.27.2

• [DatePicker] Add keyboard support for selecting day, month, and year (#​21399) @​michelengelen

@mui/x-date-pickers-pro@8.27.2

Same changes as in @mui/x-date-pickers@8.27.2, plus:

• [DateRangePicker] Fix timezone update issue leading to invalidRange error (#​21382) @​michelengelen

Charts

@mui/x-charts@8.27.2

Internal changes.

@mui/x-charts-pro@8.27.2

Same changes as in @mui/x-charts@8.27.2, plus:

• [charts-pro] Handle edge case in export image (#​21206) @​bernardobelchior

@mui/x-charts-premium@8.27.2

Same changes as in @mui/x-charts-pro@8.27.2.

Tree View

@mui/x-tree-view@8.27.2

• [tree view] Focus item sibling on unmount instead of the 1st item (#​21386) @​flaviendelangle

@mui/x-tree-view-pro@8.27.2

Same changes as in @mui/x-tree-view@8.27.2.

Codemod

@mui/x-codemod@8.27.2

Internal changes.

Core

• [code-infra] Only ignore renovate[bot] in changelog generation script (#​21188) @​bernardobelchior

getsentry/sentry-javascript (@​sentry/react)

v10.42.0

Compare Source

• feat(consola): Enhance Consola integration to extract first-param object as searchable attributes (#​19534)
• fix(astro): Do not inject withSentry into Cloudflare Pages (#​19558)
• fix(core): Do not remove promiseBuffer entirely (#​19592)
• fix(deps): Bump fast-xml-parser to 4.5.4 for CVE-2026-25896 (#​19588)
• fix(react-router): Set correct transaction name when navigating with object argument (#​19590)
• ref(nuxt): Use addVitePlugin instead of deprecated vite:extendConfig (#​19464)

Internal Changes

• chore(deps-dev): bump @​sveltejs/kit from 2.52.2 to 2.53.3 (#​19571)
• chore(deps): Bump @​sveltejs/kit to 2.53.3 in sveltekit-2-svelte-5 E2E test (#​19594)
• ci(deps): bump actions/checkout from 4 to 6 (#​19570)

Bundle size 📦

Path	Size
@​sentry/browser	25.02 KB
@​sentry/browser - with treeshaking flags	23.57 KB
@​sentry/browser (incl. Tracing)	41.44 KB
@​sentry/browser (incl. Tracing, Profiling)	45.99 KB
@​sentry/browser (incl. Tracing, Replay)	79.35 KB
@​sentry/browser (incl. Tracing, Replay) - with treeshaking flags	69.21 KB
@​sentry/browser (incl. Tracing, Replay with Canvas)	83.93 KB
@​sentry/browser (incl. Tracing, Replay, Feedback)	95.91 KB
@​sentry/browser (incl. Feedback)	41.44 KB
@​sentry/browser (incl. sendFeedback)	29.58 KB
@​sentry/browser (incl. FeedbackAsync)	34.52 KB
@​sentry/browser (incl. Metrics)	26.17 KB
@​sentry/browser (incl. Logs)	26.31 KB
@​sentry/browser (incl. Metrics & Logs)	26.96 KB
@​sentry/react	26.74 KB
@​sentry/react (incl. Tracing)	43.72 KB
@​sentry/vue	29.37 KB
@​sentry/vue (incl. Tracing)	43.26 KB
@​sentry/svelte	25.05 KB
CDN Bundle	27.51 KB
CDN Bundle (incl. Tracing)	42.25 KB
CDN Bundle (incl. Logs, Metrics)	28.33 KB
CDN Bundle (incl. Tracing, Logs, Metrics)	43.07 KB
CDN Bundle (incl. Replay, Logs, Metrics)	66.49 KB
CDN Bundle (incl. Tracing, Replay)	78.26 KB
CDN Bundle (incl. Tracing, Replay, Logs, Metrics)	79.1 KB
CDN Bundle (incl. Tracing, Replay, Feedback)	83.65 KB
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics)	84.5 KB
CDN Bundle - uncompressed	80.42 KB
CDN Bundle (incl. Tracing) - uncompressed	125.07 KB
CDN Bundle (incl. Logs, Metrics) - uncompressed	83.19 KB
CDN Bundle (incl. Tracing, Logs, Metrics) - uncompressed	127.83 KB
CDN Bundle (incl. Replay, Logs, Metrics) - uncompressed	203.96 KB
CDN Bundle (incl. Tracing, Replay) - uncompressed	239.21 KB
CDN Bundle (incl. Tracing, Replay, Logs, Metrics) - uncompressed	241.96 KB
CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed	251.82 KB
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics) - uncompressed	254.56 KB
@​sentry/nextjs (client)	46.08 KB
@​sentry/sveltekit (client)	41.89 KB
@​sentry/node-core	51.01 KB
@​sentry/node	170.6 KB
@​sentry/node - without tracing	95.09 KB
@​sentry/aws-serverless	110.53 KB

v10.41.0

Compare Source

v10.40.0

Compare Source

Important Changes

• feat(tanstackstart-react): Add global sentry exception middlewares (#​19330)

  The sentryGlobalRequestMiddleware and sentryGlobalFunctionMiddleware global middlewares capture unhandled exceptions thrown in TanStack Start API routes and server functions. Add them as the first entries in the requestMiddleware and functionMiddleware arrays of createStart():

  import { createStart } from '@​tanstack/react-start/server';
  import { sentryGlobalRequestMiddleware, sentryGlobalFunctionMiddleware } from '@​sentry/tanstackstart-react/server';
  
  export default createStart({
    requestMiddleware: [sentryGlobalRequestMiddleware, myRequestMiddleware],
    functionMiddleware: [sentryGlobalFunctionMiddleware, myFunctionMiddleware],
  });

• feat(tanstackstart-react)!: Export Vite plugin from @sentry/tanstackstart-react/vite subpath (#​19182)

  The sentryTanstackStart Vite plugin is now exported from a dedicated subpath. Update your import:

  - import { sentryTanstackStart } from '@​sentry/tanstackstart-react';
  + import { sentryTanstackStart } from '@​sentry/tanstackstart-react/vite';

• fix(node-core): Reduce bundle size by removing apm-js-collab and requiring pino >= 9.10 (#​18631)

  In order to keep receiving pino logs, you need to update your pino version to >= 9.10, the reason for the support bump is to reduce the bundle size of the node-core SDK in frameworks that cannot tree-shake the apm-js-collab dependency.

• fix(browser): Ensure user id is consistently added to sessions (#​19341)

  Previously, the SDK inconsistently set the user id on sessions, meaning sessions were often lacking proper coupling to the user set for example via Sentry.setUser().
  Additionally, the SDK incorrectly skipped starting a new session for the first soft navigation after the pageload.
  This patch fixes these issues. As a result, metrics around sessions, like "Crash Free Sessions" or "Crash Free Users" might change.
  This could also trigger alerts, depending on your set thresholds and conditions.
  We apologize for any inconvenience caused!

  While we're at it, if you're using Sentry in a Single Page App or meta framework, you might want to give the new 'page' session lifecycle a try!
  This new mode no longer creates a session per soft navigation but continues the initial session until the next hard page refresh.
  Check out the docs to learn more!

• ref!(gatsby): Drop Gatsby v2 support (#​19467)

  We drop support for Gatsby v2 (which still relies on webpack 4) for a critical security update in https://github.com/getsentry/sentry-javascript-bundler-plugins/releases/tag/5.0.0

Other Changes

• feat(astro): Add support for Astro on CF Workers (#​19265)
• feat(cloudflare): Instrument async KV API (#​19404)
• feat(core): Add framework-agnostic tunnel handler (#​18892)
• feat(deno): Export logs API from Deno SDK (#​19313)
• feat(deno): Export metrics API from Deno SDK (#​19305)
• feat(deno): instrument Deno.serve with async context support (#​19230)
• feat(deps): bump babel-loader from 8.2.5 to 10.0.0 (#​19303)
• feat(deps): bump body-parser from 1.20.4 to 2.2.2 (#​19191)
• feat(deps): Bump hono from 4.11.7 to 4.11.10 (#​19440)
• feat(deps): bump qs from 6.14.1 to 6.14.2 (#​19310)
• feat(deps): bump the opentelemetry group with 4 updates (#​19425)
• feat(feedback): Add setTheme() to dynamically update feedback widget color scheme (#​19430)
• feat(nextjs): Add sourcemaps.filesToDeleteAfterUpload as a top-level option (#​19280)
• feat(node): Add ignoreConnectSpans option to postgresIntegration (#​19291)
• feat(node): Bump to latest @​fastify/otel (#​19452)
• fix: Bump bundler plugins to v5 (#​19468)
• fix: updated the codecov config (#​19350)
• fix(aws-serverless): Prevent crash in isPromiseAllSettledResult with null/undefined array elements (#​19346)
• fix(bun) Export pinoIntegration from @​sentry/node (#​17990)
• fix(core,browser): Delete SentryNonRecordingSpan from fetch/xhr map (#​19336)
• fix(core): Explicitly flush log buffer in client.close() (#​19371)
• fix(core): Langgraph state graph invoke accepts null to resume (#​19374)
• fix(core): Wrap decodeURI in node stack trace parser to handle malformed URIs (#​19400)
• fix(deps): Bump nuxt devDependency to fix CVE-2026-24001 (#​19249)
• fix(deps): Bump to latest version of each minimatch major (#​19486)
• fix(nextjs): Apply environment from options if set (#​19274)
• fix(nextjs): Don't set sentry.drop_transaction attribute on spans when skipOpenTelemetrySetup is enabled (#​19333)
• fix(nextjs): Normalize trailing slashes in App Router route parameterization (#​19365)
• fix(nextjs): Return correct lastEventId for SSR pages (#​19240)
• fix(nextjs): Set parameterized transaction name for non-transaction events (#​19316)
• fix(node-core): Align pino mechanism type with spec conventions (#​19363)
• fix(nuxt): Use options.rootDir instead of options.srcDir (#​19343)

Internal Changes

- test(nextjs): Add bun e2e test app ([#​19318](https://redirect.github.com/getsentry/sentry-javascript/pull/19318)) - test(nextjs): Deactivate canary test for cf-workers ([#​19483](https://redirect.github.com/getsentry/sentry-javascript/pull/19483)) - tests(langchain): Fix langchain v1 internal error tests ([#​19409](https://redirect.github.com/getsentry/sentry-javascript/pull/19409)) - ref(nuxt): Remove `defineNitroPlugin` wrapper ([#​19334](https://redirect.github.com/getsentry/sentry-javascript/pull/19334)) - ref(cloudflare): Move internal files and functions around ([#​19369](https://redirect.github.com/getsentry/sentry-javascript/pull/19369)) - chore: Add external contributor to CHANGELOG.md ([#​19395](https://redirect.github.com/getsentry/sentry-javascript/pull/19395)) - chore: Add github action to notify stale PRs ([#​19361](https://redirect.github.com/getsentry/sentry-javascript/pull/19361)) - chore: add oxfmt changes to blame ignore rev list ([#​19366](https://redirect.github.com/getsentry/sentry-javascript/pull/19366)) - chore: Enhance AI integration guidelines with runtime-specific placem… ([#​19296](https://redirect.github.com/getsentry/sentry-javascript/pull/19296)) - chore: Ignore `lerna.json` for prettier ([#​19288](https://redirect.github.com/getsentry/sentry-javascript/pull/19288)) - chore: migrate to oxfmt ([#​19200](https://redirect.github.com/getsentry/sentry-javascript/pull/19200)) - chore: Revert to lerna v8 ([#​19294](https://redirect.github.com/getsentry/sentry-javascript/pull/19294)) - chore: Unignore HTML files and reformat with oxfmt ([#​19311](https://redirect.github.com/getsentry/sentry-javascript/pull/19311)) - chore(ci): Adapt max turns of triage issue agent ([#​19473](https://redirect.github.com/getsentry/sentry-javascript/pull/19473)) - chore(ci): Add `environment` to triage action ([#​19375](https://redirect.github.com/getsentry/sentry-javascript/pull/19375)) - chore(ci): Add `id-token: write` permission to triage workflow ([#​19381](https://redirect.github.com/getsentry/sentry-javascript/pull/19381)) - chore(ci): Move monorepo to nx ([#​19325](https://redirect.github.com/getsentry/sentry-javascript/pull/19325)) - chore(cursor): Add rules for fetching develop docs ([#​19377](https://redirect.github.com/getsentry/sentry-javascript/pull/19377)) - chore(deps-dev): Bump @​sveltejs/kit from 2.49.5 to 2.52.2 in /dev-packages/e2e-tests/test-applications/sveltekit-2 ([#​19441](https://redirect.github.com/getsentry/sentry-javascript/pull/19441)) - chore(deps-dev): Bump @​sveltejs/kit from 2.49.5 to 2.52.2 in /dev-packages/e2e-tests/test-applications/sveltekit-2-kit-tracing ([#​19446](https://redirect.github.com/getsentry/sentry-javascript/pull/19446)) - chore(deps-dev): Bump @​sveltejs/kit from 2.49.5 to 2.52.2 in /dev-packages/e2e-tests/test-applications/sveltekit-cloudflare-pages ([#​19462](https://redirect.github.com/getsentry/sentry-javascript/pull/19462)) - chore(deps-dev): Bump @​sveltejs/kit from 2.50.1 to 2.52.2 ([#​19442](https://redirect.github.com/getsentry/sentry-javascript/pull/19442)) - chore(deps-dev): bump @​testing-library/react from 13.0.0 to 15.0.5 ([#​19194](https://redirect.github.com/getsentry/sentry-javascript/pull/19194)) - chore(deps-dev): bump @​types/ember__debug from 3.16.5 to 4.0.8 ([#​19429](https://redirect.github.com/getsentry/sentry-javascript/pull/19429)) - chore(deps-dev): bump ember-resolver from 13.0.2 to 13.1.1 ([#​19301](https://redirect.github.com/getsentry/sentry-javascript/pull/19301)) - chore(deps): Bump @​actions/glob from 0.4.0 to 0.6.1 ([#​19427](https://redirect.github.com/getsentry/sentry-javascript/pull/19427)) - chore(deps): bump agents from 0.2.32 to 0.3.10 in /dev-packages/e2e-tests/test-applications/cloudflare-mcp ([#​19326](https://redirect.github.com/getsentry/sentry-javascript/pull/19326)) - chore(deps): Bump hono from 4.11.7 to 4.11.10 in /dev-packages/e2e-tests/test-applications/cloudflare-hono ([#​19438](https://redirect.github.com/getsentry/sentry-javascript/pull/19438)) - chore(deps): Bump Sentry CLI to latest v2 ([#​19477](https://redirect.github.com/getsentry/sentry-javascript/pull/19477)) - chore(deps): Bump transitive dep `fast-xml-parser` ([#​19433](https://redirect.github.com/getsentry/sentry-javascript/pull/19433)) - chore(deps): upgrade tar to 7.5.9 to fix CVE-2026-26960 ([#​19445](https://redirect.github.com/getsentry/sentry-javascript/pull/19445)) - chore(github): Add `allowedTools` to Claude GitHub action ([#​19386](https://redirect.github.com/getsentry/sentry-javascript/pull/19386)) - chore(github): Add workflow to trigger `triage-issue` skill ([#​19358](https://redirect.github.com/getsentry/sentry-javascript/pull/19358)) - chore(github): Add write tool for markdown report ([#​19387](https://redirect.github.com/getsentry/sentry-javascript/pull/19387)) - chore(github): Change tool permission path ([#​19389](https://redirect.github.com/getsentry/sentry-javascript/pull/19389)) - chore(llm): Add `triage-issue` skill ([#​19356](https://redirect.github.com/getsentry/sentry-javascript/pull/19356)) - chore(llm): Better defense against prompt injection in triage skill ([#​19410](https://redirect.github.com/getsentry/sentry-javascript/pull/19410)) - chore(llm): Make cross-repo search optional and remove file cleanup ([#​19401](https://redirect.github.com/getsentry/sentry-javascript/pull/19401)) - chore(node-core): Make @​sentry/opentelemetry not a peer dep in node… ([#​19308](https://redirect.github.com/getsentry/sentry-javascript/pull/19308)) - chore(repo): Allow WebFetch for Sentry docs in Claude settings ([#​18890](https://redirect.github.com/getsentry/sentry-javascript/pull/18890)) - chore(repo): Increase number of concurrently running nx tasks ([#​19443](https://redirect.github.com/getsentry/sentry-javascript/pull/19443)) - chore(skills): Add security notes for injection defense ([#​19379](https://redirect.github.com/getsentry/sentry-javascript/pull/19379)) - chore(triage-action): Fix JSON parsing ([#​19471](https://redirect.github.com/getsentry/sentry-javascript/pull/19471)) - chore(triage-issue): Improve triage prompt for accuracy ([#​19454](https://redirect.github.com/getsentry/sentry-javascript/pull/19454)) - chore(triage-skill): Add GitHub parsing python util script ([#​19405](https://redirect.github.com/getsentry/sentry-javascript/pull/19405)) - chore(triage-skill): Increase `num_turns` and add script to post summary ([#​19456](https://redirect.github.com/getsentry/sentry-javascript/pull/19456)) - ci(fix-security-vulnerability): Add id token write permission ([#​19412](https://redirect.github.com/getsentry/sentry-javascript/pull/19412)) - ci(fix-security-vulnerability): Be specific about how to fetch the alert page ([#​19414](https://redirect.github.com/getsentry/sentry-javascript/pull/19414)) - ci(fix-security-vulnerability): Run fetch alert first before executing skill ([#​19418](https://redirect.github.com/getsentry/sentry-javascript/pull/19418)) - ci(fix-security-vulnerability): Use opus 4.6 ([#​19416](https://redirect.github.com/getsentry/sentry-javascript/pull/19416)) - ci(github): Add tilde to file path to not exact-match ([#​19392](https://redirect.github.com/getsentry/sentry-javascript/pull/19392)) - ci(triage-skill): Allow `Write` and remove `rm` permission ([#​19397](https://redirect.github.com/getsentry/sentry-javascript/pull/19397)) - ci(triage-skill): Run on opened issues ([#​19423](https://redirect.github.com/getsentr

---

Configuration

📅 Schedule: Branch creation - Only on Sunday and Saturday ( * * * * 0,6 ) in timezone Europe/Budapest, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 93.84%. Comparing base (c683577) to head (0fefe84).
⚠️ Report is 8 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1596   +/-   ##
=======================================
  Coverage   93.84%   93.84%           
=======================================
  Files          73       73           
  Lines        2338     2338           
  Branches      179      179           
=======================================
  Hits         2194     2194           
  Misses        119      119           
  Partials       25       25           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.