meta(changelog): Update changelog for 10.30.0 #18460

s1gr1d · 2025-12-10T12:25:51Z

No description provided.

…ts/test-applications/nextjs-15-intl (#18400) Bumps [next](https://github.com/vercel/next.js) from 15.5.4 to 15.5.7. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vercel/next.js/releases">next's releases</a>.</em></p> <blockquote> <h2>v15.5.7</h2> <p>Please see <a href="https://nextjs.org/blog/CVE-2025-66478">CVE-2025-66478</a> for additional details about this release.</p> <h2>v15.5.6</h2> <blockquote> <p>[!NOTE]<br /> This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>Turbopack: don't define process.cwd() in node_modules <a href="https://redirect.github.com/vercel/next.js/issues/83452">#83452</a></li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/mischnic"><code>@mischnic</code></a> for helping!</p> <h2>v15.5.5</h2> <blockquote> <p>[!NOTE]<br /> This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>Split code-frame into separate compiled package (<a href="https://redirect.github.com/vercel/next.js/issues/84238">#84238</a>)</li> <li>Add deprecation warning to Runtime config (<a href="https://redirect.github.com/vercel/next.js/issues/84650">#84650</a>)</li> <li>fix: unstable_cache should perform blocking revalidation during ISR revalidation (<a href="https://redirect.github.com/vercel/next.js/issues/84716">#84716</a>)</li> <li>feat: <code>experimental.middlewareClientMaxBodySize</code> body cloning limit (<a href="https://redirect.github.com/vercel/next.js/issues/84722">#84722</a>)</li> <li>fix: missing next/link types with typedRoutes (<a href="https://redirect.github.com/vercel/next.js/issues/84779">#84779</a>)</li> </ul> <h3>Misc Changes</h3> <ul> <li>docs: early October improvements and fixes (<a href="https://redirect.github.com/vercel/next.js/issues/84334">#84334</a>)</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/devjiwonchoi"><code>@devjiwonchoi</code></a>, <a href="https://github.com/ztanner"><code>@ztanner</code></a>, and <a href="https://github.com/icyJoseph"><code>@icyJoseph</code></a> for helping!</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vercel/next.js/commit/3eaf68b09b2b6b8c0c8e080a9713e131a78dc529"><code>3eaf68b</code></a> v15.5.7</li> <li><a href="https://github.com/vercel/next.js/commit/8367ce592ad0190ec941dac1ce6d0b5a44606593"><code>8367ce5</code></a> update version script</li> <li><a href="https://github.com/vercel/next.js/commit/9115040008baf255499136933a50084b76f4bfd8"><code>9115040</code></a> Update React Version for Next.js 15.5.7 (<a href="https://redirect.github.com/vercel/next.js/issues/10">#10</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/96f699902a5c57293e312591f843080a4d68ee1b"><code>96f6999</code></a> update tag</li> <li><a href="https://github.com/vercel/next.js/commit/55ef0e3ebc1d43e1a4a191341dc2a415e12124d4"><code>55ef0e3</code></a> v15.5.6</li> <li><a href="https://github.com/vercel/next.js/commit/92bbbb1beca8738c783ea36ee5dd84d89cd638be"><code>92bbbb1</code></a> Backport: don't define <code>process.cwd()</code> in node_modules (<a href="https://redirect.github.com/vercel/next.js/issues/84957">#84957</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/f895b727626ad921d5068bcfada284f68c998bfa"><code>f895b72</code></a> Fix url-imports test on 15-5 (<a href="https://redirect.github.com/vercel/next.js/issues/84966">#84966</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/81f530db2652a96d4b88fabaf4dfaf30c2269695"><code>81f530d</code></a> v15.5.5</li> <li><a href="https://github.com/vercel/next.js/commit/9abbc0e9eba67d635d4da5293273de123263101d"><code>9abbc0e</code></a> [backport] fix: missing <code>next/link</code> types with <code>typedRoutes</code> (<a href="https://redirect.github.com/vercel/next.js/issues/82814">#82814</a>) (<a href="https://redirect.github.com/vercel/next.js/issues/84779">#84779</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/121e1b566f8bf632dd09bf06fbbdb5ff5a21a51c"><code>121e1b5</code></a> [backport] docs: early October improvements and fixes (<a href="https://redirect.github.com/vercel/next.js/issues/84334">#84334</a>)</li> <li>Additional commits viewable in <a href="https://github.com/vercel/next.js/compare/v15.5.4...v15.5.7">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=next&package-manager=npm_and_yarn&previous-version=15.5.4&new-version=15.5.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/getsentry/sentry-javascript/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…ts/test-applications/nextjs-16 (#18399) Bumps [next](https://github.com/vercel/next.js) from 16.0.0 to 16.0.7. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vercel/next.js/releases">next's releases</a>.</em></p> <blockquote> <h2>v16.0.7</h2> <p>Please see <a href="https://nextjs.org/blog/CVE-2025-66478">CVE-2025-66478</a> for additional details about this release.</p> <h2>v16.0.6</h2> <blockquote> <p>[!NOTE] This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>bump the browserslist version to silence a warning in CI (<a href="https://redirect.github.com/vercel/next.js/issues/86625">#86625</a>)</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/lukesandberg"><code>@lukesandberg</code></a> for helping!</p> <h2>v16.0.5</h2> <blockquote> <p>[!NOTE] This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>fix(nodejs-middleware): await for body cloning to be properly finalized (<a href="https://redirect.github.com/vercel/next.js/issues/85418">#85418</a>)</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/lucasadrianof"><code>@lucasadrianof</code></a> for helping!</p> <h2>v16.0.4</h2> <blockquote> <p>[!NOTE] This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>fix: Rename proxy.js to middleware.js in NFT file (<a href="https://redirect.github.com/vercel/next.js/issues/86214">#86214</a>)</li> <li>fix: prevent fetch abort errors propagating to user error boundaries (<a href="https://redirect.github.com/vercel/next.js/issues/86277">#86277</a>)</li> <li>Turbopack: fix passing project options from napi (<a href="https://redirect.github.com/vercel/next.js/issues/86256">#86256</a>)</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/devjiwonchoi"><code>@devjiwonchoi</code></a>, <a href="https://github.com/sokra"><code>@sokra</code></a> and <a href="https://github.com/ztanner"><code>@ztanner</code></a> for helping!</p> <h2>v16.0.3</h2> <h3>Core Changes</h3> <ul> <li>fix: Rspack throw error when using ForceCompleteRuntimePlugin: <a href="https://redirect.github.com/vercel/next.js/issues/85221">#85221</a></li> <li>fix: build CLI output not displaying Proxy (Middleware) when nodejs runtime: <a href="https://redirect.github.com/vercel/next.js/issues/85403">#85403</a></li> <li>fix: staleTimes.static should consistently enforce a 30s minimum: <a href="https://redirect.github.com/vercel/next.js/issues/85479">#85479</a></li> <li>[turbopack] fix build of empty entries of pages: <a href="https://redirect.github.com/vercel/next.js/issues/84873">#84873</a></li> <li>Cache the head separately from the route tree: <a href="https://redirect.github.com/vercel/next.js/issues/84724">#84724</a></li> <li>Allow inspecting dev server on default port with <code>next dev --inspect</code>: <a href="https://redirect.github.com/vercel/next.js/issues/85037">#85037</a></li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vercel/next.js/commit/7492122a3bbc6655b64ccba04076c73ab418cdcc"><code>7492122</code></a> v16.0.7</li> <li><a href="https://github.com/vercel/next.js/commit/d21259d920f666814fa634e744d2c6e797ceae43"><code>d21259d</code></a> update version script</li> <li><a href="https://github.com/vercel/next.js/commit/b1a04a84e991b48b6558d15841b86f3017878607"><code>b1a04a8</code></a> Update React Version (<a href="https://redirect.github.com/vercel/next.js/issues/11">#11</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/aab1edcb8d7a57a6f7a1637d0f87be84ea62edc8"><code>aab1edc</code></a> v16.0.6</li> <li><a href="https://github.com/vercel/next.js/commit/279f2e319e939af54db81f9f5db730501f755284"><code>279f2e3</code></a> bump the browserslist version to silence a warning in CI (<a href="https://redirect.github.com/vercel/next.js/issues/86625">#86625</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/89ccb9fc86c13ca6aaaa5eb0e61c02c309abf1a3"><code>89ccb9f</code></a> v16.0.5</li> <li><a href="https://github.com/vercel/next.js/commit/75f63f70084de2198a22267fc344884b091f9d7c"><code>75f63f7</code></a> backport fix(nodejs-middleware): await for body cloning to be properly finali...</li> <li><a href="https://github.com/vercel/next.js/commit/d440c75650c79b8be450df5fd434afbfe230506a"><code>d440c75</code></a> v16.0.4</li> <li><a href="https://github.com/vercel/next.js/commit/296923e0cd66084708ac108026c414b4a64d07e9"><code>296923e</code></a> Turbopack: fix passing project options from napi (<a href="https://redirect.github.com/vercel/next.js/issues/86256">#86256</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/98317f5a3bd0cae2565e44e0108a0d7ab6cd5185"><code>98317f5</code></a> fix: prevent fetch abort errors propagating to user error boundaries (<a href="https://redirect.github.com/vercel/next.js/issues/86277">#86277</a>)</li> <li>Additional commits viewable in <a href="https://github.com/vercel/next.js/compare/v16.0.0...v16.0.7">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=next&package-manager=npm_and_yarn&previous-version=16.0.0&new-version=16.0.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/getsentry/sentry-javascript/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…18362)

[Gitflow] Merge master into develop

…ts/test-applications/nextjs-15 (#18411)

This PR deprecates the webpack-only configurations via the `@deprecated` JSDoc annotation and introduces a new `webpack` config namespace for them. Under the hood the logic was changed to read from the new values, with a compatibility layer that sets them from the deprecated top-level options while warning for each option if used. This should set us up for a v11/v12 deletion of those options. I might have missed a few options that only affect webpack, so I appreciate a good look at this. At any case this isn't breaking so even if missed a few, users won't experience disruptions.

…ons (#18346) Following up on #18098 and #18155 Fixes a race condition where rapid navigations between lazy routes cause transaction names to be incorrectly assigned or corrupted. This occurs when async lazy handlers resolve after the user already navigated to a different route. The root cause was `captureCurrentLocation()` was reading `window.location` at the time of handler invocation, but during `patchRoutesOnNavigation`, the browser URL hasn't actually updated yet. So when handlers invoked during navigation A resolve later, they would capture navigation B's location (or whatever the current URL is), leading to incorrect span updates. The fix introduces a navigation context mechanism that captures both the correct `targetPath` and the active span at the start of `patchRoutesOnNavigation`, making them available to async handler proxies during invocation. This ensures handlers always use the navigation context they were invoked with, not the current browser state. The navigation context uses a stack to properly handle overlapping/concurrent `patchRoutesOnNavigation` calls. If a second navigation starts before the first one's handlers complete, each navigation maintains its own captured context.

This fixes a problem, where our unreferenced PR GH workflow would trigger another new issue being created because of a race condition between creating the issue and updating the PR description automatically.

@BYK

Types depends on core but we accidentally published it before core. Not the end of the world but theoretically, if publishing core failed, we would have published a faulty types package. h/t @BYK for detecting this! Closes #18431

…ts/test-applications/nextjs-16-tunnel (#18439) Bumps [next](https://github.com/vercel/next.js) from 16.0.0 to 16.0.7. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vercel/next.js/releases">next's releases</a>.</em></p> <blockquote> <h2>v16.0.7</h2> <p>Please see <a href="https://nextjs.org/blog/CVE-2025-66478">CVE-2025-66478</a> for additional details about this release.</p> <h2>v16.0.6</h2> <blockquote> <p>[!NOTE] This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>bump the browserslist version to silence a warning in CI (<a href="https://redirect.github.com/vercel/next.js/issues/86625">#86625</a>)</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/lukesandberg"><code>@lukesandberg</code></a> for helping!</p> <h2>v16.0.5</h2> <blockquote> <p>[!NOTE] This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>fix(nodejs-middleware): await for body cloning to be properly finalized (<a href="https://redirect.github.com/vercel/next.js/issues/85418">#85418</a>)</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/lucasadrianof"><code>@lucasadrianof</code></a> for helping!</p> <h2>v16.0.4</h2> <blockquote> <p>[!NOTE] This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>fix: Rename proxy.js to middleware.js in NFT file (<a href="https://redirect.github.com/vercel/next.js/issues/86214">#86214</a>)</li> <li>fix: prevent fetch abort errors propagating to user error boundaries (<a href="https://redirect.github.com/vercel/next.js/issues/86277">#86277</a>)</li> <li>Turbopack: fix passing project options from napi (<a href="https://redirect.github.com/vercel/next.js/issues/86256">#86256</a>)</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/devjiwonchoi"><code>@devjiwonchoi</code></a>, <a href="https://github.com/sokra"><code>@sokra</code></a> and <a href="https://github.com/ztanner"><code>@ztanner</code></a> for helping!</p> <h2>v16.0.3</h2> <h3>Core Changes</h3> <ul> <li>fix: Rspack throw error when using ForceCompleteRuntimePlugin: <a href="https://redirect.github.com/vercel/next.js/issues/85221">#85221</a></li> <li>fix: build CLI output not displaying Proxy (Middleware) when nodejs runtime: <a href="https://redirect.github.com/vercel/next.js/issues/85403">#85403</a></li> <li>fix: staleTimes.static should consistently enforce a 30s minimum: <a href="https://redirect.github.com/vercel/next.js/issues/85479">#85479</a></li> <li>[turbopack] fix build of empty entries of pages: <a href="https://redirect.github.com/vercel/next.js/issues/84873">#84873</a></li> <li>Cache the head separately from the route tree: <a href="https://redirect.github.com/vercel/next.js/issues/84724">#84724</a></li> <li>Allow inspecting dev server on default port with <code>next dev --inspect</code>: <a href="https://redirect.github.com/vercel/next.js/issues/85037">#85037</a></li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vercel/next.js/commit/7492122a3bbc6655b64ccba04076c73ab418cdcc"><code>7492122</code></a> v16.0.7</li> <li><a href="https://github.com/vercel/next.js/commit/d21259d920f666814fa634e744d2c6e797ceae43"><code>d21259d</code></a> update version script</li> <li><a href="https://github.com/vercel/next.js/commit/b1a04a84e991b48b6558d15841b86f3017878607"><code>b1a04a8</code></a> Update React Version (<a href="https://redirect.github.com/vercel/next.js/issues/11">#11</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/aab1edcb8d7a57a6f7a1637d0f87be84ea62edc8"><code>aab1edc</code></a> v16.0.6</li> <li><a href="https://github.com/vercel/next.js/commit/279f2e319e939af54db81f9f5db730501f755284"><code>279f2e3</code></a> bump the browserslist version to silence a warning in CI (<a href="https://redirect.github.com/vercel/next.js/issues/86625">#86625</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/89ccb9fc86c13ca6aaaa5eb0e61c02c309abf1a3"><code>89ccb9f</code></a> v16.0.5</li> <li><a href="https://github.com/vercel/next.js/commit/75f63f70084de2198a22267fc344884b091f9d7c"><code>75f63f7</code></a> backport fix(nodejs-middleware): await for body cloning to be properly finali...</li> <li><a href="https://github.com/vercel/next.js/commit/d440c75650c79b8be450df5fd434afbfe230506a"><code>d440c75</code></a> v16.0.4</li> <li><a href="https://github.com/vercel/next.js/commit/296923e0cd66084708ac108026c414b4a64d07e9"><code>296923e</code></a> Turbopack: fix passing project options from napi (<a href="https://redirect.github.com/vercel/next.js/issues/86256">#86256</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/98317f5a3bd0cae2565e44e0108a0d7ab6cd5185"><code>98317f5</code></a> fix: prevent fetch abort errors propagating to user error boundaries (<a href="https://redirect.github.com/vercel/next.js/issues/86277">#86277</a>)</li> <li>Additional commits viewable in <a href="https://github.com/vercel/next.js/compare/v16.0.0...v16.0.7">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=next&package-manager=npm_and_yarn&previous-version=16.0.0&new-version=16.0.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/getsentry/sentry-javascript/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…ts/test-applications/nextjs-16-cacheComponents (#18427) Bumps [next](https://github.com/vercel/next.js) from 16.0.0 to 16.0.7. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vercel/next.js/releases">next's releases</a>.</em></p> <blockquote> <h2>v16.0.7</h2> <p>Please see <a href="https://nextjs.org/blog/CVE-2025-66478">CVE-2025-66478</a> for additional details about this release.</p> <h2>v16.0.6</h2> <blockquote> <p>[!NOTE] This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>bump the browserslist version to silence a warning in CI (<a href="https://redirect.github.com/vercel/next.js/issues/86625">#86625</a>)</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/lukesandberg"><code>@lukesandberg</code></a> for helping!</p> <h2>v16.0.5</h2> <blockquote> <p>[!NOTE] This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>fix(nodejs-middleware): await for body cloning to be properly finalized (<a href="https://redirect.github.com/vercel/next.js/issues/85418">#85418</a>)</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/lucasadrianof"><code>@lucasadrianof</code></a> for helping!</p> <h2>v16.0.4</h2> <blockquote> <p>[!NOTE] This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>fix: Rename proxy.js to middleware.js in NFT file (<a href="https://redirect.github.com/vercel/next.js/issues/86214">#86214</a>)</li> <li>fix: prevent fetch abort errors propagating to user error boundaries (<a href="https://redirect.github.com/vercel/next.js/issues/86277">#86277</a>)</li> <li>Turbopack: fix passing project options from napi (<a href="https://redirect.github.com/vercel/next.js/issues/86256">#86256</a>)</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/devjiwonchoi"><code>@devjiwonchoi</code></a>, <a href="https://github.com/sokra"><code>@sokra</code></a> and <a href="https://github.com/ztanner"><code>@ztanner</code></a> for helping!</p> <h2>v16.0.3</h2> <h3>Core Changes</h3> <ul> <li>fix: Rspack throw error when using ForceCompleteRuntimePlugin: <a href="https://redirect.github.com/vercel/next.js/issues/85221">#85221</a></li> <li>fix: build CLI output not displaying Proxy (Middleware) when nodejs runtime: <a href="https://redirect.github.com/vercel/next.js/issues/85403">#85403</a></li> <li>fix: staleTimes.static should consistently enforce a 30s minimum: <a href="https://redirect.github.com/vercel/next.js/issues/85479">#85479</a></li> <li>[turbopack] fix build of empty entries of pages: <a href="https://redirect.github.com/vercel/next.js/issues/84873">#84873</a></li> <li>Cache the head separately from the route tree: <a href="https://redirect.github.com/vercel/next.js/issues/84724">#84724</a></li> <li>Allow inspecting dev server on default port with <code>next dev --inspect</code>: <a href="https://redirect.github.com/vercel/next.js/issues/85037">#85037</a></li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vercel/next.js/commit/7492122a3bbc6655b64ccba04076c73ab418cdcc"><code>7492122</code></a> v16.0.7</li> <li><a href="https://github.com/vercel/next.js/commit/d21259d920f666814fa634e744d2c6e797ceae43"><code>d21259d</code></a> update version script</li> <li><a href="https://github.com/vercel/next.js/commit/b1a04a84e991b48b6558d15841b86f3017878607"><code>b1a04a8</code></a> Update React Version (<a href="https://redirect.github.com/vercel/next.js/issues/11">#11</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/aab1edcb8d7a57a6f7a1637d0f87be84ea62edc8"><code>aab1edc</code></a> v16.0.6</li> <li><a href="https://github.com/vercel/next.js/commit/279f2e319e939af54db81f9f5db730501f755284"><code>279f2e3</code></a> bump the browserslist version to silence a warning in CI (<a href="https://redirect.github.com/vercel/next.js/issues/86625">#86625</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/89ccb9fc86c13ca6aaaa5eb0e61c02c309abf1a3"><code>89ccb9f</code></a> v16.0.5</li> <li><a href="https://github.com/vercel/next.js/commit/75f63f70084de2198a22267fc344884b091f9d7c"><code>75f63f7</code></a> backport fix(nodejs-middleware): await for body cloning to be properly finali...</li> <li><a href="https://github.com/vercel/next.js/commit/d440c75650c79b8be450df5fd434afbfe230506a"><code>d440c75</code></a> v16.0.4</li> <li><a href="https://github.com/vercel/next.js/commit/296923e0cd66084708ac108026c414b4a64d07e9"><code>296923e</code></a> Turbopack: fix passing project options from napi (<a href="https://redirect.github.com/vercel/next.js/issues/86256">#86256</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/98317f5a3bd0cae2565e44e0108a0d7ab6cd5185"><code>98317f5</code></a> fix: prevent fetch abort errors propagating to user error boundaries (<a href="https://redirect.github.com/vercel/next.js/issues/86277">#86277</a>)</li> <li>Additional commits viewable in <a href="https://github.com/vercel/next.js/compare/v16.0.0...v16.0.7">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=next&package-manager=npm_and_yarn&previous-version=16.0.0&new-version=16.0.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/getsentry/sentry-javascript/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Following up: #18351 Looks like these are also forgotten in hyphens

Fixes the case that the instrumentation defaulted to `GET` in case `undefined` was parsed as a second `fetch` argument. ```js const request = new Request("https://httpbin.org/post", { method: "POST" }); const response = await fetch(request, undefined); <-- will be GET (should be POST) ``` Closes #18455 (added automatically)

- Closes #17887 This currently only capture scope if it gets forked as isolation scope (`Sentry.withIsolationScope`)

github-actions · 2025-12-10T12:29:31Z

size-limit report 📦

Path	Size	% Change	Change
@sentry/browser	24.81 kB	added	added
@sentry/browser - with treeshaking flags	23.3 kB	added	added
@sentry/browser (incl. Tracing)	41.55 kB	added	added
@sentry/browser (incl. Tracing, Profiling)	46.14 kB	added	added
@sentry/browser (incl. Tracing, Replay)	79.97 kB	added	added
@sentry/browser (incl. Tracing, Replay) - with treeshaking flags	69.7 kB	added	added
@sentry/browser (incl. Tracing, Replay with Canvas)	84.64 kB	added	added
@sentry/browser (incl. Tracing, Replay, Feedback)	96.89 kB	added	added
@sentry/browser (incl. Feedback)	41.52 kB	added	added
@sentry/browser (incl. sendFeedback)	29.49 kB	added	added
@sentry/browser (incl. FeedbackAsync)	34.48 kB	added	added
@sentry/react	26.52 kB	added	added
@sentry/react (incl. Tracing)	43.75 kB	added	added
@sentry/vue	29.27 kB	added	added
@sentry/vue (incl. Tracing)	43.36 kB	added	added
@sentry/svelte	24.82 kB	added	added
CDN Bundle	27.24 kB	added	added
CDN Bundle (incl. Tracing)	42.23 kB	added	added
CDN Bundle (incl. Tracing, Replay)	78.75 kB	added	added
CDN Bundle (incl. Tracing, Replay, Feedback)	84.21 kB	added	added
CDN Bundle - uncompressed	80.04 kB	added	added
CDN Bundle (incl. Tracing) - uncompressed	125.39 kB	added	added
CDN Bundle (incl. Tracing, Replay) - uncompressed	241.42 kB	added	added
CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed	254.18 kB	added	added
@sentry/nextjs (client)	45.97 kB	added	added
@sentry/sveltekit (client)	41.92 kB	added	added
@sentry/node-core	51.27 kB	added	added
@sentry/node	159.59 kB	added	added
@sentry/node - without tracing	92.91 kB	added	added
@sentry/aws-serverless	108.2 kB	added	added

github-actions · 2025-12-10T12:31:38Z

node-overhead report 🧳

Note: This is a synthetic benchmark with a minimal express app and does not necessarily reflect the real-world performance impact in an application.

Scenario	Requests/s	% of Baseline	Prev. Requests/s	Change %
GET Baseline	9,185	-	-	added
GET With Sentry	1,804	20%	-	added
GET With Sentry (error only)	6,088	66%	-	added
POST Baseline	1,198	-	-	added
POST With Sentry	608	51%	-	added
POST With Sentry (error only)	1,076	90%	-	added
MYSQL Baseline	3,379	-	-	added
MYSQL With Sentry	510	15%	-	added
MYSQL With Sentry (error only)	2,729	81%	-	added

cursor · 2025-12-10T12:37:45Z

packages/node-native/src/event-loop-block-watchdog.ts

+    // We need to rehydrate the scopes from the serialized objects so we can call getScopeData()
+    const scope = Object.assign(new Scope(), asyncState.scope).getScopeData();
+    const isolationScope = Object.assign(new Scope(), asyncState.isolationScope).getScopeData();
+    mergeScopeData(scope, isolationScope);


Bug: Scope merge order causes incorrect precedence

The mergeScopeData(scope, isolationScope) call merges isolation scope data INTO the current scope data, meaning isolation scope values overwrite current scope values. This is inverted from the expected behavior where more specific scope data (current scope) should take precedence over less specific data (isolation scope). The call order should be mergeScopeData(isolationScope, scope) with the result applied via applyScopeToEvent(event, isolationScope), matching the pattern used elsewhere in the codebase.

dependabot bot and others added 15 commits December 4, 2025 11:55

ci(deps): bump actions/create-github-app-token from 2.1.4 to 2.2.0 (#…

656e8de

…18362)

Merge pull request #18410 from getsentry/master

27a8b90

[Gitflow] Merge master into develop

chore(deps): bump next from 15.5.4 to 15.5.7 in /dev-packages/e2e-tes…

fdf22a3

…ts/test-applications/nextjs-15 (#18411)

chore(ci): Fix double issue creation for unreferenced PRs (#18442)

c786fc5

This fixes a problem, where our unreferenced PR GH workflow would trigger another new issue being created because of a race condition between creating the issue and updating the PR description automatically.

fix(aws-serverless): Remove hyphens from AWS-lambda origins (#18353)

8596086

Following up: #18351 Looks like these are also forgotten in hyphens

feat(node): Capture scope when event loop blocked (#18040)

741ad6a

- Closes #17887 This currently only capture scope if it gets forked as isolation scope (`Sentry.withIsolationScope`)

meta(changelog): Update changelog for 10.30.0

cce2c81

s1gr1d requested review from JPeer264 and Lms24 December 10, 2025 12:26

cursor bot reviewed Dec 10, 2025

View reviewed changes

s1gr1d requested a review from logaretm December 10, 2025 14:08

Lms24 approved these changes Dec 10, 2025

View reviewed changes

s1gr1d merged commit 90f9704 into master Dec 10, 2025
397 of 399 checks passed

s1gr1d deleted the prepare-release/10.30.0 branch December 10, 2025 14:44

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

meta(changelog): Update changelog for 10.30.0 #18460

meta(changelog): Update changelog for 10.30.0 #18460

Uh oh!

s1gr1d commented Dec 10, 2025

Uh oh!

github-actions bot commented Dec 10, 2025

Uh oh!

github-actions bot commented Dec 10, 2025

Uh oh!

cursor bot Dec 10, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants

Uh oh!

meta(changelog): Update changelog for 10.30.0 #18460

meta(changelog): Update changelog for 10.30.0 #18460

Uh oh!

Conversation

s1gr1d commented Dec 10, 2025

Uh oh!

github-actions bot commented Dec 10, 2025

size-limit report 📦

Uh oh!

github-actions bot commented Dec 10, 2025

node-overhead report 🧳

Uh oh!

cursor bot Dec 10, 2025

Choose a reason for hiding this comment

Bug: Scope merge order causes incorrect precedence

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants