chore(deps)(deps): bump the production-minor-patch group across 1 directory with 27 updates

[dependabot]

Bumps the production-minor-patch group with 27 updates in the / directory:

Package	From	To
@apollo/server	5.4.0	5.5.0
@graphql-tools/schema	10.0.31	10.0.32
graphql	16.13.0	16.13.2
@graphql-tools/graphql-file-loader	8.1.10	8.1.13
@graphql-tools/load	8.1.8	8.1.9
@graphql-tools/utils	11.0.0	11.0.1
graphql-ws	6.0.7	6.0.8
jose	6.1.3	6.2.2
mathjs	15.1.1	15.2.0
ws	8.19.0	8.20.0
@apollo/client-integration-nextjs	0.14.4	0.14.5
@nosecone/next	1.1.0	1.3.1
@sentry/nextjs	10.40.0	10.48.0
@serwist/next	9.5.6	9.5.7
@tanstack/react-virtual	3.13.19	3.13.23
@vercel/analytics	2.0.0-canary.1	2.0.1
framer-motion	12.34.3	12.38.0
katex	0.16.33	0.16.45
next	16.2.0-canary.69	16.2.3
next-intl	4.8.3	4.9.1
nosecone	1.1.0	1.3.1
tailwindcss	4.2.1	4.2.2
zustand	5.0.11	5.0.12
hono	4.12.3	4.12.12
modern-pdf-lib	0.15.1	0.26.0
@prisma/adapter-neon	7.5.0-dev.33	7.7.0
@prisma/client	7.5.0-dev.33	7.7.0

Updates @apollo/server from 5.4.0 to 5.5.0

Release notes

Sourced from @​apollo/server's releases.

@​apollo/server-integration-testsuite@​5.5.0

Minor Changes

• #8191 ada1200 - ⚠️ SECURITY @apollo/server/standalone:

  Apollo Server now rejects GraphQL GET requests which contain a Content-Type header other than application/json (with optional parameters such as ; charset=utf-8). Any other value is now rejected with a 415 status code.

  (GraphQL GET requests without a Content-Type header are still allowed, though they do still need to contain a non-empty X-Apollo-Operation-Name or Apollo-Require-Preflight header to be processed if the default CSRF prevention feature is enabled.)

  This improvement makes Apollo Server's CSRF more resistant to browsers which implement CORS in non-spec-compliant ways. Apollo is aware of one browser which as of March 2026 has a bug which allows an attacker to circumvent Apollo Server's CSRF prevention feature to carry out read-only XS-Search-style CSRF attacks. The browser vendor is in the process of patching this vulnerability; upgrading Apollo Server to v5.5.0 mitigates this vulnerability.

  If your server uses cookies (or HTTP Basic Auth) for authentication, Apollo encourages you to upgrade to v5.5.0.

  This is technically a backwards-incompatible change. Apollo is not aware of any GraphQL clients which provide non-empty Content-Type headers with GET requests with types other than application/json. If your use case requires such requests, please file an issue and we may add more configurability in a follow-up release.

  See advisory GHSA-9q82-xgwf-vj6h for more details.

Patch Changes

• Updated dependencies [ada1200]:
  • @​apollo/server@​5.5.0

@​apollo/server@​5.5.0

Minor Changes

• #8191 ada1200 Thanks @​glasser! - ⚠️ SECURITY @apollo/server/standalone:

  Apollo Server now rejects GraphQL GET requests which contain a Content-Type header other than application/json (with optional parameters such as ; charset=utf-8). Any other value is now rejected with a 415 status code.

  (GraphQL GET requests without a Content-Type header are still allowed, though they do still need to contain a non-empty X-Apollo-Operation-Name or Apollo-Require-Preflight header to be processed if the default CSRF prevention feature is enabled.)

  This improvement makes Apollo Server's CSRF more resistant to browsers which implement CORS in non-spec-compliant ways. Apollo is aware of one browser which as of March 2026 has a bug which allows an attacker to circumvent Apollo Server's CSRF prevention feature to carry out read-only XS-Search-style CSRF attacks. The browser vendor is in the process of patching this vulnerability; upgrading Apollo Server to v5.5.0 mitigates this vulnerability.

  If your server uses cookies (or HTTP Basic Auth) for authentication, Apollo encourages you to upgrade to v5.5.0.

  This is technically a backwards-incompatible change. Apollo is not aware of any GraphQL clients which provide non-empty Content-Type headers with GET requests with types other than application/json. If your use case requires such requests, please file an issue and we may add more configurability in a follow-up release.

  See advisory GHSA-9q82-xgwf-vj6h for more details.

Changelog

Sourced from @​apollo/server's changelog.

5.5.0

Minor Changes

• #8191 ada1200 Thanks @​glasser! - ⚠️ SECURITY @apollo/server/standalone:

  Apollo Server now rejects GraphQL GET requests which contain a Content-Type header other than application/json (with optional parameters such as ; charset=utf-8). Any other value is now rejected with a 415 status code.

  (GraphQL GET requests without a Content-Type header are still allowed, though they do still need to contain a non-empty X-Apollo-Operation-Name or Apollo-Require-Preflight header to be processed if the default CSRF prevention feature is enabled.)

  This improvement makes Apollo Server's CSRF more resistant to browsers which implement CORS in non-spec-compliant ways. Apollo is aware of one browser which as of March 2026 has a bug which allows an attacker to circumvent Apollo Server's CSRF prevention feature to carry out read-only XS-Search-style CSRF attacks. The browser vendor is in the process of patching this vulnerability; upgrading Apollo Server to v5.5.0 mitigates this vulnerability.

  If your server uses cookies (or HTTP Basic Auth) for authentication, Apollo encourages you to upgrade to v5.5.0.

  This is technically a backwards-incompatible change. Apollo is not aware of any GraphQL clients which provide non-empty Content-Type headers with GET requests with types other than application/json. If your use case requires such requests, please file an issue and we may add more configurability in a follow-up release.

  See advisory GHSA-9q82-xgwf-vj6h for more details.

Commits

• 64c0e1b Version Packages (#8192)
• ada1200 Reject GET requests with a Content-Type other than application/json (#8191)
• See full diff in compare view

Updates @graphql-tools/schema from 10.0.31 to 10.0.32

Changelog

Sourced from @​graphql-tools/schema's changelog.

10.0.32

Patch Changes

• Updated dependencies [ae36a0e]:
  • @​graphql-tools/utils@​11.0.1
  • @​graphql-tools/merge@​9.1.8

Commits

• 14066f9 chore(release): update monorepo packages versions (#8118)
• 5d6bcc4 Remove skipLibCheck (#8019)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​graphql-tools/schema since your current version.

Updates graphql from 16.13.0 to 16.13.2

Release notes

Sourced from graphql's releases.

v16.13.2 (2026-03-24)

Docs 📝

• #4611 add dev mode docs (@​yaacovCR)

Polish 💅

• #4631 Use Object.create(null) over {} to avoid prototype issues - v16 (@​benjie)

Internal 🏠

• #4626 backport: internal: streamline release process (#4615) (@​yaacovCR)

Committers: 2

• Benjie(@​benjie)
• Yaacov Rydzinski (@​yaacovCR)

v16.13.1 (2026-03-04)

First 16.x.x release with trusted publishing and provenance, see: https://docs.npmjs.com/trusted-publishers for additional information.

Docs 📝

• #4433 docs: move migrate from express graphql guide to graphqlJS docs (@​sarahxsanders)

Internal 🏠

• #4608 internal: backport new release flow from 17.x.x (@​yaacovCR)
• #4610 internal: pin node version for release action (@​yaacovCR)

Committers: 2

• Sarah Sanders(@​sarahxsanders)
• Yaacov Rydzinski (@​yaacovCR)

Commits

• 123e958 chore(release): v16.13.2 (#4632)
• 13f130d Use Object.create(null) over {} to avoid prototype issues - v16 (#4631)
• 6ca59e1 backport: internal: streamline release process (#4615) (#4626)
• df8c53f docs: dev mode for v17 (#4611)
• 3b5c3f9 internal: pin node version for release action (#4610)
• 6dee435 chore(release): v16.13.1 (#4609)
• c2ad5c6 internal: backport new release flow from 17.x.x (#4608)
• adff4e6 docs: move migrate from express graphql guide to graphqlJS docs (#4433)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for graphql since your current version.

Updates @graphql-tools/graphql-file-loader from 8.1.10 to 8.1.13

Changelog

Sourced from @​graphql-tools/graphql-file-loader's changelog.

8.1.13

Patch Changes

• Updated dependencies [ae36a0e]:
  • @​graphql-tools/utils@​11.0.1
  • @​graphql-tools/import@​7.1.13

8.1.12

Patch Changes

• Updated dependencies [5d6bcc4]:
  • @​graphql-tools/import@​7.1.12

8.1.11

Patch Changes

• Updated dependencies [417d875, 0e4d00e]:
  • @​graphql-tools/import@​7.1.11

Commits

• 14066f9 chore(release): update monorepo packages versions (#8118)
• 309c14a chore(release): update monorepo packages versions (#8020)
• 66cee43 Ranged
• 9410e77 chore(release): update monorepo packages versions (#7881)
• 1b1b51f chore(release): update monorepo packages versions (#7841)
• 7417ceb chore(release): update monorepo packages versions (#7754)
• 7b17d1f chore(release): update monorepo packages versions (#7722)
• 946c496 chore(release): update monorepo packages versions (#7699)
• 8e2f481 chore(release): update monorepo packages versions (#7684)
• 53fdba6 chore(release): update monorepo packages versions (#7680)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​graphql-tools/graphql-file-loader since your current version.

Updates @graphql-tools/load from 8.1.8 to 8.1.9

Changelog

Sourced from @​graphql-tools/load's changelog.

8.1.9

Patch Changes

• Updated dependencies [ae36a0e]:
  • @​graphql-tools/utils@​11.0.1
  • @​graphql-tools/schema@​10.0.32

Commits

• 14066f9 chore(release): update monorepo packages versions (#8118)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​graphql-tools/load since your current version.

Updates @graphql-tools/utils from 11.0.0 to 11.0.1

Changelog

Sourced from @​graphql-tools/utils's changelog.

11.0.1

Patch Changes

• ae36a0e Thanks @​mattkrick! - Handle enum values correctly if they are arguments of directives defined in the extensions

Commits

• 14066f9 chore(release): update monorepo packages versions (#8118)
• ae36a0e fix: coerce enum directive arguments to internal values when printing (#8117)
• a831489 build(deps): bump the actions-deps group with 7 updates (#8105)
• fe413ee Revert unnecessary changes
• 4dd39fa fix(mergeDeep): do not concatenate arrays while merging
• a91a765 build(deps): bump the actions-deps group with 8 updates (#8056)
• 3929728 build(deps): bump the actions-deps group across 1 directory with 2 updates (#...
• 75f72c3 chore(deps): lock file maintenance (#8029)
• d0e76cd build(deps): bump the actions-deps group across 1 directory with 3 updates (#...
• 5d6bcc4 Remove skipLibCheck (#8019)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​graphql-tools/utils since your current version.

Updates graphql-ws from 6.0.7 to 6.0.8

Release notes

Sourced from graphql-ws's releases.

v6.0.8

Patch Changes

• #667 fc03004 Thanks @​endigma! - Fix the server sending a Complete message after an Error message for subscriptions.

  Previously, when a subscription's async iterable threw an error, the server would send:

  {"id":"1","type":"error","payload":[{"message":"..."}]}
  {"id":"1","type":"complete"}
  

  Per the protocol spec:

  Error: This message terminates the operation and no further messages will be sent.

  Complete (Server → Client): If the server dispatched the Error message relative to the original Subscribe message, no Complete message will be emitted.

  The server now correctly sends only the Error message:

  {"id":"1","type":"error","payload":[{"message":"..."}]}
  

  Clients that correctly follow the spec should be unaffected, as they are expected to ignore messages for operations they consider already completed.

Changelog

Sourced from graphql-ws's changelog.

6.0.8

Patch Changes

• #667 fc03004 Thanks @​endigma! - Fix the server sending a Complete message after an Error message for subscriptions.

  Previously, when a subscription's async iterable threw an error, the server would send:

  {"id":"1","type":"error","payload":[{"message":"..."}]}
  {"id":"1","type":"complete"}
  

  Per the protocol spec:

  Error: This message terminates the operation and no further messages will be sent.

  Complete (Server → Client): If the server dispatched the Error message relative to the original Subscribe message, no Complete message will be emitted.

  The server now correctly sends only the Error message:

  {"id":"1","type":"error","payload":[{"message":"..."}]}
  

  Clients that correctly follow the spec should be unaffected, as they are expected to ignore messages for operations they consider already completed.

Commits

• 2cbe0ed Upcoming Release Changes (#668)
• fc03004 fix: do not send Complete after Error for subscriptions (#667)
• See full diff in compare view

Updates jose from 6.1.3 to 6.2.2

Release notes

Sourced from jose's releases.

v6.2.2

Fixes

• reject failed decompression with JWEInvalid error (043b181)

v6.2.1

Refactor

• reorganize internals, less files, smaller footprint (d4231f9)

v6.2.0

Features

• re-introduce JWE "zip" (Compression Algorithm) Header Parameter support (b13b446)

Documentation

• clarify return of general jws and jwe (56682b4)

Changelog

Sourced from jose's changelog.

6.2.2 (2026-03-18)

Fixes

• reject failed decompression with JWEInvalid error (043b181)

6.2.1 (2026-03-09)

Refactor

• reorganize internals, less files, smaller footprint (d4231f9)

6.2.0 (2026-03-05)

Features

• re-introduce JWE "zip" (Compression Algorithm) Header Parameter support (b13b446)

Documentation

• clarify return of general jws and jwe (56682b4)

Commits

• 9c86586 chore(release): 6.2.2
• 4984b5c chore(deps): bump the actions group with 4 updates
• 043b181 fix: reject failed decompression with JWEInvalid error
• 867cc2c chore(deps-dev): bump undici
• f4e20e7 chore(deps-dev): bump tar in the npm_and_yarn group across 1 directory
• d0505bf chore: cleanup after release
• d491aa9 chore(release): 6.2.1
• d4231f9 refactor: reorganize internals, less files, smaller footprint
• 7b22ba8 test: use playwright instead of testcafe
• 00965b4 chore: bump packages
• Additional commits viewable in compare view

Updates mathjs from 15.1.1 to 15.2.0

Changelog

Sourced from mathjs's changelog.

2026-04-07, 15.2.0

• Feat: Add amp-hour charge unit Ah (#3617). Thanks @​adrfantini.
• Feat: #3595 implement num and den functions returning the parts of a fraction (#3605). Thanks @​AnslemHack.
• Fix: Provide TypeScript types for [and/or]TransformDependencies (#3639). Thanks @​NilsDietrich.
• Fix: two security vulnerabilities that allowed executing arbitrary JavaScript via the expression parser. Thanks @​CykuTW for finding and reporting them.

Commits

• fee4561 chore: publish v15.2.0
• 139dcab chore: update history
• 0aee2f6 fix: two security vulnerabilities allowing execution of arbitrary JavaScript ...
• f7c10b1 feat: Fraction numerator and denominator helper functions (#3605)
• 2066220 feat: Add Ah charge unit (#3617)
• 685da0f chore: Add andTransformDependencies and orTransformDependencies to index.d.ts...
• 8fe12e5 docs: update links to TestMu AI
• See full diff in compare view

Updates ws from 8.19.0 to 8.20.0

Release notes

Sourced from ws's releases.

8.20.0

Features

• Added exports for the PerMessageDeflate class and utilities for the Sec-WebSocket-Extensions and Sec-WebSocket-Protocol headers (d3503c1f).

Commits

• 8439255 [dist] 8.20.0
• d3503c1 [minor] Export the PerMessageDeflate class and header utils
• 3ee5349 [api] Convert the isServer and maxPayload parameters to options
• 91707b4 [doc] Add missing space
• 8b55319 [pkg] Update eslint to version 10.0.1
• ca533a5 [pkg] Update globals to version 17.0.0
• See full diff in compare view

Updates @apollo/client-integration-nextjs from 0.14.4 to 0.14.5

Release notes

Sourced from @​apollo/client-integration-nextjs's releases.

@​apollo/client-integration-nextjs@​0.14.5

Patch Changes

• Updated dependencies [077a94e]
  • @​apollo/client-react-streaming@​0.14.5

Commits

• 15eda44 Version Packages (#548)
• 0f58188 Update Docs
• 077a94e Avoid warning when using fragments in preloadQuery. (#536)
• 43b0a18 Add Apollo Client skill to README files (#539)
• 23bc7b6 Use Apollo Client skill in Copilot Agents
• 01467a2 post-version script: also update CHANGELOG.md
• bc9984a enforce publishing one package at a time, not in parallel
• See full diff in compare view

Updates @nosecone/next from 1.1.0 to 1.3.1

Release notes

Sourced from @​nosecone/next's releases.

v1.3.1

1.3.1 (2026-03-30)

🪲 Bug Fixes

• filter: update wasm and add tests for len() on absent map fields (#5929) (d2a3161)
• install command & pricing references (#5959) (7e54cbd)

📝 Documentation

• add api sections (#5803) (a203381)

🧹 Miscellaneous Chores

• add ARCJET_SIGNALS to well-known bots list (#5930) (a936e87)
• astro: support astro@6 (#5963) (0058e90)
• docs: refresh READMEs (#5951) (e1957d3)
• refresh READMEs (#5940) (dae94a1)
• trunk: disable trivy (#5937) (d5b5b62)

🔨 Build System

• deps-dev: bump flatted from 3.3.3 to 3.4.2 in /examples/nestjs (#5939) (1731808)
• deps-dev: bump tar from 7.5.10 to 7.5.11 in /examples/nextjs-app-dir-rate-limit (#5924) (db91f18)
• deps: bump tar from 7.5.10 to 7.5.11 in /examples/nuxt (#5925) (66cb779)

v1.3.0

1.3.0 (2026-03-12)

🚀 New Features

• add botnet category and IP abuser detection (#5913) (d307e26)
• graduate experimental_detectPromptInjection to detectPromptInjection (#5920) (0e0e4c1)
• set minimum timeout when detectPromptInjection rule present (#5922) (36ec27e)

🧹 Miscellaneous Chores

• publish packages in topological dependency order (#5911) (3068548)

🔨 Build System

• deps-dev: bump tar from 7.5.10 to 7.5.11 in /examples/nextjs-app-dir-validate-email (#5916) (22784d4)
• deps-dev: bump tar from 7.5.10 to 7.5.11 in /examples/nextjs-ip-details (#5914) (e7f14ee)

... (truncated)

Changelog

Sourced from @​nosecone/next's changelog.

1.3.1 (2026-03-30)

🧹 Miscellaneous Chores

• @​nosecone/next: Synchronize arcjet-js versions

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • nosecone bumped from 1.3.0 to 1.3.1
  • devDependencies
    • @​arcjet/eslint-config bumped from 1.3.0 to 1.3.1
    • @​arcjet/rollup-config bumped from 1.3.0 to 1.3.1

1.3.0 (2026-03-12)

🧹 Miscellaneous Chores

• @​nosecone/next: Synchronize arcjet-js versions

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • nosecone bumped from 1.2.0 to 1.3.0
  • devDependencies
    • @​arcjet/eslint-config bumped from 1.2.0 to 1.3.0
    • @​arcjet/rollup-config bumped from 1.2.0 to 1.3.0

1.2.0 (2026-03-06)

🧹 Miscellaneous Chores

• @​nosecone/next: Synchronize arcjet-js versions

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • nosecone bumped from 1.1.0 to 1.2.0
  • devDependencies
    • @​arcjet/eslint-config bumped from 1.1.0 to 1.2.0
    • @​arcjet/rollup-config bumped from 1.1.0 to 1.2.0

Commits

• ddcad58 chore: Release 1.3.1 (#5926)
• b3f76ef deps: periodic dependency update and security update (#5965)
• 9ddc395 deps(dev): update dependency @​rollup/wasm-node to v4.59.0 (#5935)
• 682a80e chore: Release 1.3.0 (#5912)
• 9992ba4 chore: Release 1.2.0 (#5802)
• a56c62b deps: periodic dependency update (#5892)
• See full diff in compare view

Updates @sentry/nextjs from 10.40.0 to 10.48.0

Release notes

Sourced from @​sentry/nextjs's releases.

10.48.0

Important Changes

• feat(aws-serverless): Ship Lambda extension in npm package for container image Lambdas (#20133)

  The Sentry Lambda extension is now included in the npm package, enabling container image-based Lambda functions to use it. Copy the extension files into your Docker image and set the tunnel option:

  RUN mkdir -p /opt/sentry-extension
  COPY node_modules/@sentry/aws-serverless/build/lambda-extension/sentry-extension /opt/extensions/sentry-extension
  COPY node_modules/@sentry/aws-serverless/build/lambda-extension/index.mjs /opt/sentry-extension/index.mjs
  RUN chmod +x /opt/extensions/sentry-extension /opt/sentry-extension/index.mjs

  Sentry.init({
    dsn: '__DSN__',
    tunnel: 'http://localhost:9000/envelope',
  });

  This works with any Sentry SDK (@sentry/aws-serverless, @sentry/sveltekit, @sentry/node, etc.).

• feat(cloudflare): Support basic WorkerEntrypoint (#19884)

  withSentry now supports instrumenting classes extending Cloudflare's WorkerEntrypoint. This instruments fetch, scheduled, queue, and tail handlers.

  import * as Sentry from '@sentry/cloudflare';
  import { WorkerEntrypoint } from 'cloudflare:workers';
  class MyWorker extends WorkerEntrypoint {
  async fetch(request: Request): Promise<Response> {
  return new Response('Hello World!');
  }
  }
  export default Sentry.withSentry(env => ({ dsn: env.SENTRY_DSN, tracesSampleRate: 1.0 }), MyWorker);

• ref(core): Unify .do* span ops to gen_ai.generate_content (#20074)

  All Vercel AI do* spans (ai.generateText.doGenerate, ai.streamText.doStream, ai.generateObject.doGenerate, ai.streamObject.doStream) now use a single unified span op gen_ai.generate_content instead of separate ops like gen_ai.generate_text, gen_ai.stream_text, gen_ai.generate_object, and gen_ai.stream_object.

• ref(core): Remove provider-specific AI span attributes in favor of gen_ai attributes in sentry conventions (#20011)

  The following provider-specific span attributes have been removed from the OpenAI and Anthropic AI integrations. Use the standardized gen_ai.* equivalents instead:

  Removed attribute	Replacement

... (truncated)

Changelog

Sourced from @​sentry/nextjs's changelog.

10.48.0

Important Changes

• feat(aws-serverless): Ship Lambda extension in npm package for container image Lambdas (#20133)

  The Sentry Lambda extension is now included in the npm package, enabling container image-based Lambda functions to use it. Copy the extension files into your Docker image and set the tunnel option:

  RUN mkdir -p /opt/sentry-extension
  COPY node_modules/@sentry/aws-serverless/build/lambda-extension/sentry-extension /opt/extensions/sentry-extension
  COPY node_modules/@sentry/aws-serverless/build/lambda-extension/index.mjs /opt/sentry-extension/index.mjs
  RUN chmod +x /opt/extensions/sentry-extension /opt/sentry-extension/index.mjs

  Sentry.init({
    dsn: '__DSN__',
    tunnel: 'http://localhost:9000/envelope',
  });

  This works with any Sentry SDK (@sentry/aws-serverless, @sentry/sveltekit, @sentry/node, etc.).

• feat(cloudflare): Support basic WorkerEntrypoint (#19884)

  withSentry now supports instrumenting classes extending Cloudflare's WorkerEntrypoint. This instruments fetch, scheduled, queue, and tail handlers.

  import * as Sentry from '@sentry/cloudflare';
  import { WorkerEntrypoint } from 'cloudflare:workers';
  class MyWorker extends WorkerEntrypoint {
  async fetch(request: Request): Promise<Response> {
  return new Response('Hello World!');
  }
  }
  export default Sentry.withSentry(env => ({ dsn: env.SENTRY_DSN, tracesSampleRate: 1.0 }), MyWorker);

• ref(core): Unify .do* span ops to gen_ai.generate_content (#20074)

  All Vercel AI do* spans (ai.generateText.doGenerate, ai.streamText.doStream, ai.generateObject.doGenerate, ai.streamObject.doStream) now use a single unified span op gen_ai.generate_content instead of separate ops like gen_ai.generate_text, gen_ai.stream_text, gen_ai.generate_object, and gen_ai.stream_object.

• ref(core): Remove provider-specific AI span attributes in favor of gen_ai attributes in sentry conventions (#20011)

  The following provider-specific span attributes have been removed from the OpenAI and Anthropic AI integrations. Use the standardized gen_ai.* equivalents instead:

  | Removed attribute | Replacement |

... (truncated)

Commits

• a67df4d release: 10.48.0
• e0732ff Merge pull request #20172 from getsentry/prepare-release/10.48.0
• d1ee40f meta(changelog): Update changelog for 10.48.0
• 2897297 feat(nuxt): Exclude tracing meta tags on cached pages in Nuxt 5 (#20168)
• 1cc3dd0 chore(deps-dev): Bump effect from 3.20.0 to 3.21.0 (#19999)
• c273167 fix(core): Fix withStreamedSpan typing error add missing exports (#20124)
• b6f7b86 feat(core): Apply ignoreSpans to streamed spans (#19934)
• 7bd8449 test(node,node-core): Add span streaming integration tests (#19806)
• 51fc6d1 feat(node-core): Add POtel server-side span streaming implementation (#19741)
• 77357c7 fix(core): Replace global interval with trace-specific interval based flushin...
• Additional commits viewable in compare view

Updates @serwist/next from 9.5.6 to 9.5.7

Release notes

Sourced from @​serwist/next's releases.

@​serwist/next@​9.5.7

Patch Changes

• Updated dependencies []:
  • @​serwist/build@​9.5.7
  • @​serwist/cli@​9.5.7
  • @​serwist/utils@​9.5.7
  • @​serwist/webpack-plugin@​9.5.7
  • @​serwist/window@​9.5.7
  • serwist@9.5.7

Commits

• f22ca21 chore(packages): publish packages (#347)
• 9e649b3 chore(deps): updated deps & removed ESLint
• d813c3b fix(turbo): resolve default.default issue breaking bun build (#344)
• f88382b feat(turbo): add option to rebuild sw.js on content change (#346)
• See full diff in compare view

Updates @tanstack/react-virtual from 3.13.19 to 3.13.23

Release notes

Sourced from @​tanstack/react-virtual's releases.

@​tanstack/react-virtual@​3.13.23

Patch Changes

• Updated dependencies [7ece2d5]:
  • @​tanstack/virtual-core@​3.13.23

@​tanstack/react-virtual@​3.13.22

Patch Changes

• Updated dependencies [54d771a, d3416c3]:
  • @​tanstack/virtual-core@​3.13.22

@​tanstack/react-virtual@​3.13.21

Patch Changes

• Updated dependencies [be89e29]:
  • @​tanstack/virtual-core@​3.13.21

@​tanstack/react-virtual@​3.13.20

Patch Changes

• Updated...

  Description has been truncated

[dependabot]

Labels

The following labels could not be found: automated, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
nextcalc-pro	Ready	Preview, Comment	Apr 13, 2026 2:43pm

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.