Update all non-major dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update	Pending
@sentry/vue (source)	10.50.0 → 10.53.0			dependencies	minor	10.53.1
axios (source)	1.15.2 → 1.16.0			dependencies	minor	1.16.1
django (changelog)	==6.0.4 → ==6.0.5			project.dependencies	patch
django-resonant-settings	==0.50.4 → ==0.50.5			project.dependencies	patch
psycopg (changelog)	==3.3.3 → ==3.3.4			project.dependencies	patch
pydantic (changelog)	==2.13.3 → ==2.13.4			project.dependencies	patch
rabbitmq	4.2-management-alpine → 4.3-management-alpine			service	minor
rabbitmq	4.2-management-alpine → 4.3-management-alpine				minor
requests (changelog)	==2.33.1 → ==2.34.0			project.dependencies	minor	2.34.2 (+1)
sentry-sdk (changelog)	==2.58.0 → ==2.59.0			project.dependencies	minor	2.60.0
vue (source)	3.5.33 → 3.5.34			dependencies	patch
vuetify (source)	3.12.5 → 3.12.6			dependencies	patch

---

Release Notes

getsentry/sentry-javascript (@​sentry/vue)

v10.53.0

Compare Source

Important Changes

• feat(core): Add streamGenAiSpans options to stream gen_ai spans (#​20785)

  Adds a new streamGenAiSpans option that controls how gen_ai spans are
  sent to Sentry. When set, the SDK extracts all gen_ai spans out of a
  transaction and sends them as v2 envelope items.

  Enable this option if gen_ai spans are being dropped because the transaction payload exceeds size limits.

  Sentry.init({
    dsn: 'https://examplePublicKey@o0.ingest.sentry.io/0',
    streamGenAiSpans: true,
  });

Other Changes

• feat(browser): Migrate browser profiling thread data to span attributes (#​20800)
• feat(core): Add addConsoleInstrumentationFilter utility (#​20790)
• feat(core): Add applicationKey to BuildTimeOptionsBase (#​20789)
• feat(core): split exports by browser/server for bundle size (#​20435)
• feat(nextjs): Add top-level applicationKey option (#​20794)
• feat(node): Support Node 26 (#​20710)
• feat(profiling-node): Bump @sentry-internal/node-cpu-profiler to 2.4.0 (#​20720)
• fix(cloudflare): avoid flush lock self-wait (#​20719)
• fix(hono): Capture transaction name on request for correct culprit (#​20801)
• fix(mcp): retroactively wrap handlers registered before wrapMcpServerWithSentry (#​20699)
• fix(node-core): Guard against undefined util.getSystemErrorMap (#​20660)
• fix(replay): Capture aborted/errored fetch requests in replay network tab (#​20722)

Internal Changes

• chore: bump replay dependencies (#​20746)
• chore: Typo intergation -> integration (#​20799)
• chore(deps): Bump @​babel/plugin-transform-modules-systemjs from 7.24.1 to 7.29.4 (#​20773)
• chore(deps): Bump next from 15.5.15 to 15.5.18 in /dev-packages/e2e-tests/test-applications/nextjs-15 (#​20818)
• chore(deps): Bump next from 16.2.4 to 16.2.6 in /dev-packages/e2e-tests/test-applications/nextjs-16-streaming (#​20811)
• chore(deps): Bump rollup from 4.59.0 to 4.60.3 (#​20716)
• ci: Ensure PR reminder workflow considers new sub teams (#​20814)
• ci: Remove codecov reporting (#​20803)
• feat(deps): Bump bundler plugins to 5.3.0 (#​20820)
• feat(deps): Bump fast-uri from 3.0.6 to 3.1.2 (#​20774)
• feat(deps): Bump hono from 4.12.16 to 4.12.18 (#​20777)
• test(cloudflare-hono): fix 'occured' -> 'occurred' typo in error log (#​20783)
• test(deps): Bump hono from 4.12.14 to 4.12.16 (#​20712)
• test(deps): Bump hono from 4.12.14 to 4.12.18 in /dev-packages/e2e-tests/test-applications/cloudflare-hono (#​20776)
• test(e2e): Pin astro version in astro-6 test app (#​20709)

Work in this release was contributed by @​dmmulroy and @​SAY-5. Thank you for your contributions!

Bundle size 📦

Path	Size
@​sentry/browser	26.22 KB
@​sentry/browser - with treeshaking flags	24.69 KB
@​sentry/browser (incl. Tracing)	43.69 KB
@​sentry/browser (incl. Tracing + Span Streaming)	45.63 KB
@​sentry/browser (incl. Tracing, Profiling)	48.56 KB
@​sentry/browser (incl. Tracing, Replay)	82.4 KB
@​sentry/browser (incl. Tracing, Replay) - with treeshaking flags	72.08 KB
@​sentry/browser (incl. Tracing, Replay with Canvas)	86.99 KB
@​sentry/browser (incl. Tracing, Replay, Feedback)	99.33 KB
@​sentry/browser (incl. Feedback)	43 KB
@​sentry/browser (incl. sendFeedback)	30.92 KB
@​sentry/browser (incl. FeedbackAsync)	35.91 KB
@​sentry/browser (incl. Metrics)	27.27 KB
@​sentry/browser (incl. Logs)	27.42 KB
@​sentry/browser (incl. Metrics & Logs)	28.08 KB
@​sentry/react	27.92 KB
@​sentry/react (incl. Tracing)	45.91 KB
@​sentry/vue	31.01 KB
@​sentry/vue (incl. Tracing)	45.5 KB
@​sentry/svelte	26.24 KB
CDN Bundle	28.55 KB
CDN Bundle (incl. Tracing)	46.05 KB
CDN Bundle (incl. Logs, Metrics)	29.89 KB
CDN Bundle (incl. Tracing, Logs, Metrics)	47.15 KB
CDN Bundle (incl. Replay, Logs, Metrics)	68.3 KB
CDN Bundle (incl. Tracing, Replay)	82.57 KB
CDN Bundle (incl. Tracing, Replay, Logs, Metrics)	83.62 KB
CDN Bundle (incl. Tracing, Replay, Feedback)	88.24 KB
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics)	89.32 KB
CDN Bundle - uncompressed	83.97 KB
CDN Bundle (incl. Tracing) - uncompressed	138.15 KB
CDN Bundle (incl. Logs, Metrics) - uncompressed	88.07 KB
CDN Bundle (incl. Tracing, Logs, Metrics) - uncompressed	141.53 KB
CDN Bundle (incl. Replay, Logs, Metrics) - uncompressed	209.97 KB
CDN Bundle (incl. Tracing, Replay) - uncompressed	254.08 KB
CDN Bundle (incl. Tracing, Replay, Logs, Metrics) - uncompressed	257.44 KB
CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed	267.46 KB
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics) - uncompressed	270.81 KB
@​sentry/nextjs (client)	48.36 KB
@​sentry/sveltekit (client)	44.17 KB
@​sentry/node-core	59.4 KB
@​sentry/node	162.08 KB
@​sentry/node - without tracing	72.22 KB
@​sentry/aws-serverless	105.53 KB
@​sentry/cloudflare (withSentry) - minified	166.66 KB
@​sentry/cloudflare (withSentry)	420.38 KB

v10.52.0

Compare Source

Important Changes

• Beta release of the official Hono Sentry SDK

  This release marks the beta release of the @sentry/hono Sentry SDK. For details on how to use it, check out the
  Sentry Hono SDK docs. Please reach out on
  GitHub if you have any feedback or concerns.

• feat(browser): Add ingest_settings to v2 log envelope payload (#​20453)

  Inference of user data (e.g. IP address, browser name/version) on log events is now gated behind the sendDefaultPii option. Previously, this data was always inferred by default.

Other Changes

• docs(hono): Add new docs link and move to BETA release (#​20666)
• feat(browser): Add ingest_settings to v2 metrics envelope payload (#​20454)
• feat(browser): Migrate spotlight event processor to ignoreSpans (#​20595)
• feat(cloudflare): Capture request body via httpServerIntegration (#​20614)
• feat(cloudflare): Support rpc trace propagation for WorkerEntrypoint (#​20523)
• feat(cloudflare): Support tracing for queue producer (#​20529)
• feat(core): Apply request data to segment spans in span streaming (#​20654)
• feat(core): Migrate Vercel AI event processor to span streaming (#​20608)
• feat(deno): Add processSegmentSpan to Deno context integration (#​20613)
• feat(http): Portable node:http client instrumentation (#​20393)
• feat(nitro): Add unstorage tracing channel instrumentation (#​20615)
• feat(node-core): Add processSegmentSpan to node context integration (#​20678)
• feat(node): Use diagnostics_channel for redis >= 5.12.0 (#​20573)
• feat(node): Vendor ioredis, redis instrumentations (#​20510)
• feat(replay): Reset replay id from DSC on session expiry/refresh (#​20129)
• fix: Bump fast-xml-parser to fix vulnerability (#​20644)
• fix: Bump vite versions to fix vulnerability (#​20646)
• fix(core): Drain buffers in flush() when there is no transport (#​20207)
• fix(core): Guard against undefined chained in copyProps (#​20637)
• fix(deps): Bump rollup-plugin-license to fix lodash vulnerabilities (#​20636)
• fix(deps): Bump transitive deps for medium security fixes (#​20683)
• fix(hono): Do not capture 3xx and 4xx errors and add tests (#​20640)
• fix(nextjs): Skip build modification when SRI is enabled (#​20694)
• fix(opentelemetry): Respect OTEL_SERVICE_NAME, OTEL_RESOURCE_ATTRIBUTES (#​20509)

Internal Changes

• chore: Remove bundle-analyzer-scenarios dev packages (#​20680)
• chore(deps): Bump @​hono/node-server from 1.19.10 to 1.19.13 (#​20117)
• chore(deps): Bump @​nestjs packages to fix path-to-regexp ReDoS (#​20642)
• chore(deps): Bump axios from 1.15.0 to 1.15.2 (#​20665)
• chore(deps): Bump ip-address from 10.1.0 to 10.2.0 (#​20695)
• chore(deps): Bump simple-git from 3.33.0 to 3.36.0 (#​20696)
• chore(deps): Bump vulnerable testem version (#​20634)
• ci(deps): Bump actions/checkout from 4 to 6 (#​20620)
• ci(deps): Bump actions/create-github-app-token from 2 to 3 (#​20079)
• ci(deps): Bump denoland/setup-deno from 2.0.3 to 2.0.4 (#​20080)
• ci(deps): Bump getsentry/craft from 2.24.1 to 2.26.2 (#​20621)
• feat(deps): Bump @​xmldom/xmldom from 0.8.12 to 0.8.13 (#​20457)
• feat(deps): Bump follow-redirects from 1.15.11 to 1.16.0 (#​20267)
• feat(deps): Bump hono from 4.12.12 to 4.12.14 (#​20340)
• fix(tests): Use stable instrumentations api in rr tests (#​20690)
• ref(tests): Rename streamed http.client span test folders (#​20602)
• test(browser): Fix browserTracingIntegration unit test (#​20604)
• test(browser): Fix flaky browser integration test for profiles (#​20587)
• test(browser): Fix flaky loader test (#​20596)
• test(browser): Fix flaky loader test (#​20655)
• test(browser): Make browser profiling test less flaky (#​20664)
• test(cloudflare): Add e2e test for MCPAgent with DurableObject instrumentation (#​20601)
• test(cloudflare): Add integration tests for scheduled, D1, and workflow (#​20609)
• test(cloudflare): Reduce flakiness for cloudflare with sub workers (#​20632)
• test(cloudflare): Use Node v24 for Cloudflare e2e tests (#​20628)
• test(deps): Bump Next.js in E2E test apps to fix Server Components DoS (#​20633)
• test(e2e): Add node-express-streaming E2E test app (#​20684)
• test(e2e): Add span streaming test app for Cloudflare Workers (#​20681)
• test(e2e): Add span streaming test app for next 16 (#​20648)
• test(e2e): Add span streaming test app for React Router 7 SPA (#​20677)
• test(e2e): Remove remaining npmrc pointing to Verdaccio (#​20611)
• test(nextjs): Fix flaky node runtime metrics E2E tests (#​20624)
• test(node): Fix ANR test for flakiness (#​20656)
• test(node): Fix flaky node cron test (#​20661)
• test(node): Unflake mongodb test (#​20662)
• test(react-router): Fix flaky E2E tests (#​20630)
• test(test-utils): Add MemoryProfiler for heap snapshot testing via CDP (#​20555)

Work in this release was contributed by @​sbs44. Thank you for your contribution!

Bundle size 📦

Path	Size
@​sentry/browser	25.68 KB
@​sentry/browser - with treeshaking flags	24.2 KB
@​sentry/browser (incl. Tracing)	43.13 KB
@​sentry/browser (incl. Tracing + Span Streaming)	45.3 KB
@​sentry/browser (incl. Tracing, Profiling)	47.99 KB
@​sentry/browser (incl. Tracing, Replay)	81.67 KB
@​sentry/browser (incl. Tracing, Replay) - with treeshaking flags	71.37 KB
@​sentry/browser (incl. Tracing, Replay with Canvas)	86.25 KB
@​sentry/browser (incl. Tracing, Replay, Feedback)	98.57 KB
@​sentry/browser (incl. Feedback)	42.42 KB
@​sentry/browser (incl. sendFeedback)	30.38 KB
@​sentry/browser (incl. FeedbackAsync)	35.35 KB
@​sentry/browser (incl. Metrics)	26.95 KB
@​sentry/browser (incl. Logs)	27.08 KB
@​sentry/browser (incl. Metrics & Logs)	27.76 KB
@​sentry/react	27.38 KB
@​sentry/react (incl. Tracing)	45.31 KB
@​sentry/vue	30.45 KB
@​sentry/vue (incl. Tracing)	44.94 KB
@​sentry/svelte	25.7 KB
CDN Bundle	28.23 KB
CDN Bundle (incl. Tracing)	45.83 KB
CDN Bundle (incl. Logs, Metrics)	29.62 KB
CDN Bundle (incl. Tracing, Logs, Metrics)	46.91 KB
CDN Bundle (incl. Replay, Logs, Metrics)	67.84 KB
CDN Bundle (incl. Tracing, Replay)	82.15 KB
CDN Bundle (incl. Tracing, Replay, Logs, Metrics)	83.2 KB
CDN Bundle (incl. Tracing, Replay, Feedback)	87.84 KB
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics)	88.89 KB
CDN Bundle - uncompressed	82.89 KB
CDN Bundle (incl. Tracing) - uncompressed	137.15 KB
CDN Bundle (incl. Logs, Metrics) - uncompressed	86.99 KB
CDN Bundle (incl. Tracing, Logs, Metrics) - uncompressed	140.53 KB
CDN Bundle (incl. Replay, Logs, Metrics) - uncompressed	208.3 KB
CDN Bundle (incl. Tracing, Replay) - uncompressed	252.48 KB
CDN Bundle (incl. Tracing, Replay, Logs, Metrics) - uncompressed	255.85 KB
CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed	265.86 KB
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics) - uncompressed	269.22 KB
@​sentry/nextjs (client)	47.75 KB
@​sentry/sveltekit (client)	43.6 KB
@​sentry/node-core	59.05 KB
@​sentry/node	161.63 KB
@​sentry/node - without tracing	71.76 KB
@​sentry/aws-serverless	105.11 KB
@​sentry/cloudflare (withSentry) - minified	165.38 KB
@​sentry/cloudflare (withSentry)	417.48 KB

v10.51.0

Compare Source

Important Changes

• feat(cloudflare): Add trace propagation for RPC method calls (#​20343)

  Trace context is now propagated across Cloudflare Workers RPC calls, connecting traces between Workers and Durable Objects.
  This feature is opt-in and requires setting enableRpcTracePropagation: true in your SDK configuration:

  // Worker
  export default Sentry.withSentry(
    env => ({
      dsn: env.SENTRY_DSN,
      enableRpcTracePropagation: true,
    }),
    handler,
  );
  
  // Durable Object
  export const MyDurableObject = Sentry.instrumentDurableObjectWithSentry(
    env => ({
      dsn: env.SENTRY_DSN,
      enableRpcTracePropagation: true,
    }),
    MyDurableObjectBase,
  );

• feat(hono)!: Change setup for @sentry/hono/node (init in external file) (#​20497)

  To improve Node.js instrumentation, the sentry() middleware exported from @sentry/hono/node no longer accepts configuration options.
  Instead, you must configure the SDK by calling Sentry.init() in a dedicated instrumentation file that runs before your application code (read more in the Hono SDK readme:

  // instrument.mjs (or instrument.ts)
  import * as Sentry from '@​sentry/hono/node';
  
  Sentry.init({
    dsn: '__DSN__',
    tracesSampleRate: 1.0,
  });

• feat(nitro): Add @sentry/nitro SDK (#​19224)

  A new @sentry/nitro package provides first-class Sentry support for Nitro applications, with HTTP handler and error instrumentation, middleware tracing, request isolation, and build-time source map uploading via withSentryConfig.
  Read more in the Nitro SDK docs and the Nitro SDK readme.

Other Changes

• deps(minimatch): Upgrade patch version to use new brace-expansion peer-dep (#​20198)
• docs: Add deprecation notices to bin scripts (#​20570)
• feat(astro): Drop prerendered http.server filter via ignoreSpans (#​20513)
• feat(aws-serverless): Validate extension tunnel DSN against SENTRY_DSN (#​20528)
• feat(browser): Add ingest_settings to span v2 envelope payload (#​20411)
• feat(browser): Add support for streamed spans in httpContextIntegration (#​20464)
• feat(core): Backfill otel attributes on streamed spans (#​20439)
• feat(core): clear up integrations on dispose (#​20407)
• feat(core): Instrument langgraph createReactAgent (#​20344)
• feat(core): Support attribute matching in ignoreSpans (#​20512)
• feat(feedback): allow error messages to be customized (#​20474)
• feat(hono): Support middleware spans defined in app groups (#​20465)
• feat(nextjs): Filter unwanted segments when span streaming is enabled (#​20384)
• feat(nextjs): Migrate edge event processors to span-first APIs (#​20551)
• feat(nextjs): Migrate server event processors to span-first APIs (#​20527)
• feat(nextjs): Set global attribute for turbopack usage (#​20558)
• feat(nitro): Nitro SDK (#​19224)
• feat(react-router): Clean up bogus * http.route attribute on segment spans (#​20471)
• feat(react-router): Drop low-quality transactions via ignoreSpans (#​20514)
• feat(sveltekit): Support span streaming in svelteKitSpansEnhancement integration (#​20496)
• feat(tanstackstart-react): Add dynamic tunnel route helper and generator (#​20264)
• fix: update prisma v7 spans descriptions (#​20456)
• fix(core): Avoid parse-time SyntaxError on Safari <16.4 in postgresjs (#​20498)
• fix(core): Ensure isSentryRequest handles subdomains properly (#​20530)
• fix(core): Ensure ip address headers are stripped when lower case (#​20484)
• fix(core): Filter more cookie names for PII (#​20485)
• fix(core): Use symbol for normalization checks (#​20486)
• fix(hono): Distinguish .use() middleware in sub-apps from .all() handlers (#​20554)
• fix(nextjs): Ensure we do not match tunnel endpoints too broadly (#​20488)
• fix(opentelemetry): Add conditional browser export to avoid node deps (#​20556)
• fix(replay): Avoid main-thread blocking in WorkerHandler under event bursts (#​20548)
• fix(replay): Ensure maskAttributes works with maskAllText=false (#​20491)
• fix(supabase): Consider sendDefaultPii for supabase integration (#​20490)

Internal Changes

• chore: Add size limit reports on PRs for Cloudflare (#​20055)
• chore: Update CODEOWNERS (#​20559)
• chore(build): Opt-out of nx analytics (#​20487)
• chore(ci): Automatically bump size limit every week (#​20531)
• chore(ci): Bump pnpm/action-setup to v5 and pin to commit SHA (#​20462)
• chore(ci): Do not report flaky test issues if we cannot find a test name (#​20589)
• chore(ci): Streamline CI setup to split bundle, layer, tarball generation (#​20396)
• chore(ci): Vendor nx-affected-list action, drop dkhunt27 dependency (#​20463)
• chore(e2e): Add vue and vue-router to nuxt-4 canary build step to fix rollup resolution (#​20519)
• chore(e2e): Remove @​tanstack/start-plugin-core override (#​20518)
• chore(size-limit): weekly auto-bump (#​20572)
• chore(skill): Add skill for writing unit and E2E tests (#​20561)
• chore(test): Reduce unneeded idleTimeout test config (#​20467)
• ci(size-bump): Fix path in size-limit auto-bump workflow (#​20566)
• fix(e2e/tanstackstart-react): pin @​tanstack/start-plugin-core to unblock CI (#​20482)
• fix(tests): Remove nitro canary test job (#​20473)
• ref(browser): Use safeSetSpanJSONAttributes in cultureContext integration (#​20481)
• test(browser): Unflake some more tests (#​20591)
• test(nextjs): Pin eslint-config-next package to major (#​20552)
• test(node): Fix flaky ANR test (#​20592)
• test(node): Fix flaky worker thread integration test (#​20588)
• test(node): Unflake postgres tests (#​20593)
• test(node): Update timeout for cron integration tests (#​20586)
• test(supabase): Stop supabase before initializing (#​20563)
• test(tanstack): Prefix test labels (#​20569)

Bundle size 📦

Path	Size
@​sentry/browser	25.54 KB
@​sentry/browser - with treeshaking flags	24.06 KB
@​sentry/browser (incl. Tracing)	43.08 KB
@​sentry/browser (incl. Tracing + Span Streaming)	45.07 KB
@​sentry/browser (incl. Tracing, Profiling)	47.91 KB
@​sentry/browser (incl. Tracing, Replay)	81.5 KB
@​sentry/browser (incl. Tracing, Replay) - with treeshaking flags	71.23 KB
@​sentry/browser (incl. Tracing, Replay with Canvas)	86.07 KB
@​sentry/browser (incl. Tracing, Replay, Feedback)	98.42 KB
@​sentry/browser (incl. Feedback)	42.38 KB
@​sentry/browser (incl. sendFeedback)	30.24 KB
@​sentry/browser (incl. FeedbackAsync)	35.3 KB
@​sentry/browser (incl. Metrics)	26.8 KB
@​sentry/browser (incl. Logs)	26.95 KB
@​sentry/browser (incl. Metrics & Logs)	27.62 KB
@​sentry/react	27.25 KB
@​sentry/react (incl. Tracing)	45.26 KB
@​sentry/vue	30.3 KB
@​sentry/vue (incl. Tracing)	44.87 KB
@​sentry/svelte	25.57 KB
CDN Bundle	28.16 KB
CDN Bundle (incl. Tracing)	45.61 KB
CDN Bundle (incl. Logs, Metrics)	29.54 KB
CDN Bundle (incl. Tracing, Logs, Metrics)	46.68 KB
CDN Bundle (incl. Replay, Logs, Metrics)	67.71 KB
CDN Bundle (incl. Tracing, Replay)	81.91 KB
CDN Bundle (incl. Tracing, Replay, Logs, Metrics)	82.95 KB
CDN Bundle (incl. Tracing, Replay, Feedback)	87.59 KB
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics)	88.66 KB
CDN Bundle - uncompressed	82.57 KB
CDN Bundle (incl. Tracing) - uncompressed	136.41 KB
CDN Bundle (incl. Logs, Metrics) - uncompressed	86.67 KB
CDN Bundle (incl. Tracing, Logs, Metrics) - uncompressed	139.79 KB
CDN Bundle (incl. Replay, Logs, Metrics) - uncompressed	207.73 KB
CDN Bundle (incl. Tracing, Replay) - uncompressed	251.45 KB
CDN Bundle (incl. Tracing, Replay, Logs, Metrics) - uncompressed	254.82 KB
CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed	264.83 KB
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics) - uncompressed	268.18 KB
@​sentry/nextjs (client)	47.7 KB
@​sentry/sveltekit (client)	43.52 KB
@​sentry/node-core	57.57 KB
@​sentry/node	166.25 KB
@​sentry/node - without tracing	94.54 KB
@​sentry/aws-serverless	111 KB
@​sentry/cloudflare (withSentry) - minified	160.29 KB
@​sentry/cloudflare (withSentry)	405.47 KB

axios/axios (axios)

v1.16.0

Compare Source

v1.16.0 — May 2, 2026

This release adds support for the QUERY HTTP method and a new ECONNREFUSED error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.

⚠️ Notable Changes

A handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:

• Fetch adapter now enforces maxBodyLength and maxContentLength. These limits were silently ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as a safety net (DoS protection, accidental large uploads) had no protection. (#​10795)
• Proxy requests now preserve user-supplied Host headers. Previously, the proxy path could overwrite a custom Host. Virtual-host-style routing through a proxy will now behave correctly. (#​10822)
• Basic auth credentials embedded in URLs are now URL-decoded. If you have percent-encoded credentials in a URL (e.g. https://user:p%40ss@host), the decoded value is what now goes on the wire. (#​10825)
• parseProtocol now strictly requires a colon in the protocol separator. Strings that loosely parsed as protocols before may no longer match. (#​10729)
• Deprecated unescape() replaced with modern UTF-8 encoding. Non-ASCII URL handling is now spec-correct; consumers depending on legacy unescape() quirks may see different output bytes. (#​7378)
• transformRequest input typing change was reverted. The typing change introduced in #​10745 was reverted in #​10810 after follow-up review — net behavior is unchanged from 1.15.2. (#​10745, #​10810)

🚀 New Features

• QUERY HTTP Method: Added support for the QUERY HTTP method across adapters and type definitions. (#​10802)
• ECONNREFUSED Error Constant: Exposed ECONNREFUSED as a constant on AxiosError so callers can match connection-refused failures without comparing string literals (closes #​6485). (#​10680)
• Encode Helper Export: Exported the internal encode helper from buildURL so userland param serializers can reuse the same encoding logic that axios uses internally. (#​6897)

🐛 Bug Fixes

• HTTP Adapter — Redirects & Headers: Cleared stale headers when a redirect targets a no-proxy host, fixed the redirect listener chain so listeners no longer stack across hops, restored the missing requestDetails argument on beforeRedirect, preserved user-supplied Host headers when forwarding through a proxy, and properly URL-decoded basic auth credentials. (#​10794, #​10800, #​6241, #​10822, #​10825)
• HTTP Adapter — Streams & Timeouts: Preserved the partial response object on AxiosError when a stream is aborted after headers arrive, honoured the timeout option during the connect phase when redirects are disabled, and resolved an unsettled-promise hang when an aborted request was combined with compression and maxRedirects: 0. (#​10708, #​10819, #​7149)
• Fetch Adapter: Enforced maxBodyLength / maxContentLength in the fetch adapter, set the User-Agent header to match the HTTP adapter, preserved the original abort reason instead of replacing it with a generic error, and deferred global access so importing the module no longer throws a TypeError in restricted environments. (#​10795, #​10772, #​10806, #​7260)
• XHR Adapter: Unsubscribed the cancelToken and AbortSignal listeners on the error, timeout, and abort code paths to prevent leaked subscriptions. (#​10787)
• Error Handling: Attached the parsed response to AxiosError when JSON.parse fails inside dispatchRequest, prevented settle from emitting undefined error codes, and tightened the parseProtocol regex to require a colon in the protocol separator. (#​10724, #​7276, #​10729)
• Types & Exports: Aligned the CommonJS CancelToken typings with the ESM build, fixed a compiler error caused by RawAxiosHeaders, and re-exported create from the package index. (#​7414, #​6389, #​6460)
• UTF-8 Encoding: Replaced the deprecated unescape() call with a modern UTF-8 encoding implementation. (#​7378)
• Misc Cleanup: Resolved a batch of small inconsistencies and gadget-level issues across the codebase. (#​10833)

🔧 Maintenance & Chores

• Refactor — ES6 Modernisation: Modernised the utils module and XHR adapter to use ES6 features, and tidied the multipart boundary error message. (#​10588, #​7419)
• Tests: Hardened the HTTP test server lifecycle to fix flaky FormData EPIPE failures, fixed Win32 platform support for the pipe tests, and corrected an incorrect test assumption. (**[#​10820](https://redirect.github.co

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[cloudflare-workers-and-pages]

Deploying bats-ai with    Cloudflare Pages

Latest commit:	0450101
Status:	✅  Deploy successful!
Preview URL:	https://3c80cf5f.bats-ai.pages.dev
Branch Preview URL:	https://renovate-all-minor-patch.bats-ai.pages.dev

View logs

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.