build(deps): bump the javascript-dependencies group with 6 updates

[dependabot]

Bumps the javascript-dependencies group with 6 updates:

Package	From	To
@sentry/nextjs	10.34.0	10.39.0
@types/node	25.0.8	25.2.3
eslint-config-next	16.1.1	16.1.6
react	19.2.3	19.2.4
@types/react	19.2.8	19.2.14
react-dom	19.2.3	19.2.4

Updates @sentry/nextjs from 10.34.0 to 10.39.0

Release notes

Sourced from @​sentry/nextjs's releases.

10.39.0

Important Changes

• feat(tanstackstart-react): Auto-instrument server function middleware (#19001)

  The sentryTanstackStart Vite plugin now automatically instruments middleware in createServerFn().middleware([...]) calls. This captures performance data without requiring manual wrapping with wrapMiddlewaresWithSentry().

• feat(nextjs): New experimental automatic vercel cron monitoring (#19192)

  Setting _experimental.vercelCronMonitoring to true in your Sentry configuration will automatically create Sentry cron monitors for your Vercel Cron Jobs.

  Please note that this is an experimental unstable feature and subject to change.

  // next.config.ts
  export default withSentryConfig(nextConfig, {
    _experimental: {
      vercelCronMonitoring: true,
    },
  });

• feat(node-core): Add node-core/light (#18502)

  This release adds a new light-weight @sentry/node-core/light export to @sentry/node-core. The export acts as a light-weight SDK that does not depend on OpenTelemetry and emits no spans.

  Use this SDK when:

  • You only need error tracking, logs or metrics without tracing data (no spans)
  • You want to minimize bundle size and runtime overhead
  • You don't need spans emitted by OpenTelemetry instrumentation

  It supports error tracking and reporting, logs, metrics, automatic request isolation (requires Node.js 22+) and basic tracing via our Sentry.startSpan* APIs.

  Install the SDK by running

  npm install @sentry/node-core

  and add Sentry at the top of your application's entry file:

  import * as Sentry from '@sentry/node-core/light';
  Sentry.init({
  dsn: 'DSN',
  });

Other Changes

... (truncated)

Changelog

Sourced from @​sentry/nextjs's changelog.

10.39.0

Important Changes

• feat(tanstackstart-react): Auto-instrument server function middleware (#19001)

  The sentryTanstackStart Vite plugin now automatically instruments middleware in createServerFn().middleware([...]) calls. This captures performance data without requiring manual wrapping with wrapMiddlewaresWithSentry().

• feat(nextjs): New experimental automatic vercel cron monitoring (#19192)

  Setting _experimental.vercelCronMonitoring to true in your Sentry configuration will automatically create Sentry cron monitors for your Vercel Cron Jobs.

  Please note that this is an experimental unstable feature and subject to change.

  // next.config.ts
  export default withSentryConfig(nextConfig, {
    _experimental: {
      vercelCronMonitoring: true,
    },
  });

• feat(node-core): Add node-core/light (#18502)

  This release adds a new light-weight @sentry/node-core/light export to @sentry/node-core. The export acts as a light-weight SDK that does not depend on OpenTelemetry and emits no spans.

  Use this SDK when:

  • You only need error tracking, logs or metrics without tracing data (no spans)
  • You want to minimize bundle size and runtime overhead
  • You don't need spans emitted by OpenTelemetry instrumentation

  It supports error tracking and reporting, logs, metrics, automatic request isolation (requires Node.js 22+) and basic tracing via our Sentry.startSpan* APIs.

  Install the SDK by running

  npm install @sentry/node-core

  and add Sentry at the top of your application's entry file:

  import * as Sentry from '@sentry/node-core/light';
  Sentry.init({
  dsn: 'DSN',
  });

... (truncated)

Commits

• ab54c5c Make @sentry/opentelemetry not a peer dep in node-core
• f822e69 chore: Lint lerna.json
• c4708d2 release: 10.39.0
• b5e3094 chore: Revert to lerna v8 (#19294)
• 9dea581 Merge pull request #19281 from getsentry/prepare-release/10.39.0
• 12e467f meta(changelog): Update changelog for 10.39.0
• d7df7d4 ref(sveltekit): Use untrack to read route id without invalidation (#19272)
• 24b2ef2 fix(sveltekit): Detect used adapter via svelte.config.js (#19270)
• e051be4 feat(node-core): Add outgoing fetch trace propagation to light mode (#19262)
• eaf297f ref(core): Move shouldPropagateTraceForUrl from opentelemetry to core (#19258)
• Additional commits viewable in compare view

Updates @types/node from 25.0.8 to 25.2.3

Commits

• See full diff in compare view

Updates eslint-config-next from 16.1.1 to 16.1.6

Release notes

Sourced from eslint-config-next's releases.

v16.1.6

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Upgrade to swc 54 (#88207)
• implement LRU cache with invocation ID scoping for minimal mode response cache (#88509)
• tweak LRU sentinel key (#89123)

Credits

Huge thanks to @​mischnic, @​wyattjoh, and @​ztanner for helping!

v16.1.5

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472 https://vercel.com/changelog/summary-of-cve-2026-23864

v16.1.4

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Only filter next config if experimental flag is enabled (#88733)

Credits

Huge thanks to @​mischnic for helping!

v16.1.3

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Fix linked list bug in LRU deleteFromLru (#88652)
• Fix relative same host redirects in node middleware (#88253)

Credits

Huge thanks to @​acdlite and @​ijjk for helping!

v16.1.2

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

... (truncated)

Commits

• adf8c61 v16.1.6
• acba4a6 v16.1.5
• 60de6c2 v16.1.4
• f01cf07 v16.1.3
• cb436b3 v16.1.2
• See full diff in compare view

Updates react from 19.2.3 to 19.2.4

Release notes

Sourced from react's releases.

19.2.4 (January 26th, 2026)

React Server Components

• Add more DoS mitigations to Server Actions, and harden Server Components (#35632 by @​gnoff, @​lubieowoce, @​sebmarkbage, @​unstubbable)

Commits

• 90ab3f8 Version 19.2.4
• See full diff in compare view

Updates @types/react from 19.2.8 to 19.2.14

Commits

• See full diff in compare view

Updates react-dom from 19.2.3 to 19.2.4

Release notes

Sourced from react-dom's releases.

19.2.4 (January 26th, 2026)

React Server Components

• Add more DoS mitigations to Server Actions, and harden Server Components (#35632 by @​gnoff, @​lubieowoce, @​sebmarkbage, @​unstubbable)

Commits

• 90ab3f8 Version 19.2.4
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
toolbox	Ready	Preview, Comment	Feb 25, 2026 1:17pm