deps(deps-dev): bump @sentry/nextjs from 7.120.4 to 10.31.0

[dependabot]

Bumps @sentry/nextjs from 7.120.4 to 10.31.0.

Release notes

Sourced from @​sentry/nextjs's releases.

10.31.0

Important Changes

• feat(browser): Add support for GraphQL persisted operations (#18505)

The graphqlClientIntegration now supports GraphQL persisted operations (queries). When a persisted query is detected, the integration will capture the operation hash and version as span attributes:

• graphql.persisted_query.hash.sha256 - The SHA-256 hash of the persisted query
• graphql.persisted_query.version - The version of the persisted query protocol

Additionally, the graphql.document attribute format has changed to align with OpenTelemetry semantic conventions. It now contains only the GraphQL query string instead of the full JSON request payload.

Before:

"graphql.document": "{\"query\":\"query Test { user { id } }\"}"

After:

"graphql.document": "query Test { user { id } }"

Other Changes

• feat(node): Support propagateTraceparent option (#18476)
• feat(bun): Expose spotlight option in TypeScript (#18436)
• feat(core): Add additional exports for captureException and captureMessage parameter types (#18521)
• feat(core): Export captureException and captureMessage parameter types (#18509)
• feat(core): Parse individual cookies from cookie header (#18325)
• feat(node): Add instrument OpenAI export to node (#18461)
• feat(nuxt): Bump @sentry/vite-plugin and @sentry/rollup-plugin to 4.6.1 (#18349)
• feat(profiling): Add support for Node v24 in the prune script (#18447)
• feat(tracing): strip inline media from messages (#18413)
• feat(node): Add ESM support for postgres.js instrumentation (#17961)
• fix(browser): Stringify span context in linked traces log statement (#18376)
• fix(google-cloud-serverless): Move @​types/express to optional peerDeps (#18452)
• fix(node-core): passthrough node-cron context (#17835)
• fix(tanstack-router): Check for fromLocation existence before reporting pageload (#18463)
• fix(tracing): add system prompt, model to google genai (#18424)
• fix(tracing): Set span operations for AI spans with model ID only (#18471)
• ref(browser): Improve profiling debug statement (#18507)

• chore: Add external contributor to CHANGELOG.md (#18473)
• chore: upgrade Playwright to ~1.56.0 for WSL2 compatibility (#18468)
• chore(bugbot): Add testing conventions code review rules (#18433)

... (truncated)

Changelog

Sourced from @​sentry/nextjs's changelog.

10.31.0

Important Changes

• feat(browser): Add support for GraphQL persisted operations (#18505)

The graphqlClientIntegration now supports GraphQL persisted operations (queries). When a persisted query is detected, the integration will capture the operation hash and version as span attributes:

• graphql.persisted_query.hash.sha256 - The SHA-256 hash of the persisted query
• graphql.persisted_query.version - The version of the persisted query protocol

Additionally, the graphql.document attribute format has changed to align with OpenTelemetry semantic conventions. It now contains only the GraphQL query string instead of the full JSON request payload.

Before:

"graphql.document": "{\"query\":\"query Test { user { id } }\"}"

After:

"graphql.document": "query Test { user { id } }"

Other Changes

• feat(node): Support propagateTraceparent option (#18476)
• feat(bun): Expose spotlight option in TypeScript (#18436)
• feat(core): Add additional exports for captureException and captureMessage parameter types (#18521)
• feat(core): Export captureException and captureMessage parameter types (#18509)
• feat(core): Parse individual cookies from cookie header (#18325)
• feat(node): Add instrument OpenAI export to node (#18461)
• feat(nuxt): Bump @sentry/vite-plugin and @sentry/rollup-plugin to 4.6.1 (#18349)
• feat(profiling): Add support for Node v24 in the prune script (#18447)
• feat(tracing): strip inline media from messages (#18413)
• feat(node): Add ESM support for postgres.js instrumentation (#17961)
• fix(browser): Stringify span context in linked traces log statement (#18376)
• fix(google-cloud-serverless): Move @​types/express to optional peerDeps (#18452)
• fix(node-core): passthrough node-cron context (#17835)
• fix(tanstack-router): Check for fromLocation existence before reporting pageload (#18463)
• fix(tracing): add system prompt, model to google genai (#18424)
• fix(tracing): Set span operations for AI spans with model ID only (#18471)
• ref(browser): Improve profiling debug statement (#18507)

• chore: Add external contributor to CHANGELOG.md (#18473)
• chore: upgrade Playwright to ~1.56.0 for WSL2 compatibility (#18468)

... (truncated)

Commits

• bb70f39 release: 10.31.0
• f2574f9 meta(changelog): Update changelog for 10.31.0 (#18526)
• 47e82e3 meta(changelog): Update changelog for 10.31.0
• 8acba7f feat(node): Support propagateTraceparent
• 87d04c4 Merge branch 'develop' into timfish/feat/node-propagateTraceparent
• 6f0b8b4 feat(core): Add additional exports for captureException and `captureMessage...
• a882862 chore(deps): bump next from 14.2.32 to 14.2.35 in /dev-packages/e2e-tests/tes...
• 4068b57 test(cloudflare-mcp): Pin mcp sdk to 1.24.0 (#18524)
• e42e912 feat(core): Export captureException and captureMessage parameter types (#...
• ffe1614 chore(deps): bump next from 16.0.9 to 16.0.10 in /dev-packages/e2e-tests/test...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: dependencies, security. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[codeant-ai]

Skipping PR review because a bot author is detected.

If you want to trigger CodeAnt AI, comment @codeant-ai review to trigger a manual review.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

Note

Free review on us!

CodeRabbit is offering free reviews until Wed Dec 17 2025 to showcase some of the refinements we've made.

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[dependabot]

Superseded by #112.