fix(deps): update dependency @sentry/node to v10.52.0

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	OpenSSF
@sentry/node (source)	dependencies	minor	10.51.0 → 10.52.0

---

Release Notes

getsentry/sentry-javascript (@​sentry/node)

v10.52.0

Compare Source

Important Changes

• Beta release of the official Hono Sentry SDK

  This release marks the beta release of the @sentry/hono Sentry SDK. For details on how to use it, check out the
  Sentry Hono SDK docs. Please reach out on
  GitHub if you have any feedback or concerns.

• feat(browser): Add ingest_settings to v2 log envelope payload (#​20453)

  Inference of user data (e.g. IP address, browser name/version) on log events is now gated behind the sendDefaultPii option. Previously, this data was always inferred by default.

Other Changes

• docs(hono): Add new docs link and move to BETA release (#​20666)
• feat(browser): Add ingest_settings to v2 metrics envelope payload (#​20454)
• feat(browser): Migrate spotlight event processor to ignoreSpans (#​20595)
• feat(cloudflare): Capture request body via httpServerIntegration (#​20614)
• feat(cloudflare): Support rpc trace propagation for WorkerEntrypoint (#​20523)
• feat(cloudflare): Support tracing for queue producer (#​20529)
• feat(core): Apply request data to segment spans in span streaming (#​20654)
• feat(core): Migrate Vercel AI event processor to span streaming (#​20608)
• feat(deno): Add processSegmentSpan to Deno context integration (#​20613)
• feat(http): Portable node:http client instrumentation (#​20393)
• feat(nitro): Add unstorage tracing channel instrumentation (#​20615)
• feat(node-core): Add processSegmentSpan to node context integration (#​20678)
• feat(node): Use diagnostics_channel for redis >= 5.12.0 (#​20573)
• feat(node): Vendor ioredis, redis instrumentations (#​20510)
• feat(replay): Reset replay id from DSC on session expiry/refresh (#​20129)
• fix: Bump fast-xml-parser to fix vulnerability (#​20644)
• fix: Bump vite versions to fix vulnerability (#​20646)
• fix(core): Drain buffers in flush() when there is no transport (#​20207)
• fix(core): Guard against undefined chained in copyProps (#​20637)
• fix(deps): Bump rollup-plugin-license to fix lodash vulnerabilities (#​20636)
• fix(deps): Bump transitive deps for medium security fixes (#​20683)
• fix(hono): Do not capture 3xx and 4xx errors and add tests (#​20640)
• fix(nextjs): Skip build modification when SRI is enabled (#​20694)
• fix(opentelemetry): Respect OTEL_SERVICE_NAME, OTEL_RESOURCE_ATTRIBUTES (#​20509)

Internal Changes

• chore: Remove bundle-analyzer-scenarios dev packages (#​20680)
• chore(deps): Bump @​hono/node-server from 1.19.10 to 1.19.13 (#​20117)
• chore(deps): Bump @​nestjs packages to fix path-to-regexp ReDoS (#​20642)
• chore(deps): Bump axios from 1.15.0 to 1.15.2 (#​20665)
• chore(deps): Bump ip-address from 10.1.0 to 10.2.0 (#​20695)
• chore(deps): Bump simple-git from 3.33.0 to 3.36.0 (#​20696)
• chore(deps): Bump vulnerable testem version (#​20634)
• ci(deps): Bump actions/checkout from 4 to 6 (#​20620)
• ci(deps): Bump actions/create-github-app-token from 2 to 3 (#​20079)
• ci(deps): Bump denoland/setup-deno from 2.0.3 to 2.0.4 (#​20080)
• ci(deps): Bump getsentry/craft from 2.24.1 to 2.26.2 (#​20621)
• feat(deps): Bump @​xmldom/xmldom from 0.8.12 to 0.8.13 (#​20457)
• feat(deps): Bump follow-redirects from 1.15.11 to 1.16.0 (#​20267)
• feat(deps): Bump hono from 4.12.12 to 4.12.14 (#​20340)
• fix(tests): Use stable instrumentations api in rr tests (#​20690)
• ref(tests): Rename streamed http.client span test folders (#​20602)
• test(browser): Fix browserTracingIntegration unit test (#​20604)
• test(browser): Fix flaky browser integration test for profiles (#​20587)
• test(browser): Fix flaky loader test (#​20596)
• test(browser): Fix flaky loader test (#​20655)
• test(browser): Make browser profiling test less flaky (#​20664)
• test(cloudflare): Add e2e test for MCPAgent with DurableObject instrumentation (#​20601)
• test(cloudflare): Add integration tests for scheduled, D1, and workflow (#​20609)
• test(cloudflare): Reduce flakiness for cloudflare with sub workers (#​20632)
• test(cloudflare): Use Node v24 for Cloudflare e2e tests (#​20628)
• test(deps): Bump Next.js in E2E test apps to fix Server Components DoS (#​20633)
• test(e2e): Add node-express-streaming E2E test app (#​20684)
• test(e2e): Add span streaming test app for Cloudflare Workers (#​20681)
• test(e2e): Add span streaming test app for next 16 (#​20648)
• test(e2e): Add span streaming test app for React Router 7 SPA (#​20677)
• test(e2e): Remove remaining npmrc pointing to Verdaccio (#​20611)
• test(nextjs): Fix flaky node runtime metrics E2E tests (#​20624)
• test(node): Fix ANR test for flakiness (#​20656)
• test(node): Fix flaky node cron test (#​20661)
• test(node): Unflake mongodb test (#​20662)
• test(react-router): Fix flaky E2E tests (#​20630)
• test(test-utils): Add MemoryProfiler for heap snapshot testing via CDP (#​20555)

Work in this release was contributed by @​sbs44. Thank you for your contribution!

Bundle size 📦

Path	Size
@​sentry/browser	25.68 KB
@​sentry/browser - with treeshaking flags	24.2 KB
@​sentry/browser (incl. Tracing)	43.13 KB
@​sentry/browser (incl. Tracing + Span Streaming)	45.3 KB
@​sentry/browser (incl. Tracing, Profiling)	47.99 KB
@​sentry/browser (incl. Tracing, Replay)	81.67 KB
@​sentry/browser (incl. Tracing, Replay) - with treeshaking flags	71.37 KB
@​sentry/browser (incl. Tracing, Replay with Canvas)	86.25 KB
@​sentry/browser (incl. Tracing, Replay, Feedback)	98.57 KB
@​sentry/browser (incl. Feedback)	42.42 KB
@​sentry/browser (incl. sendFeedback)	30.38 KB
@​sentry/browser (incl. FeedbackAsync)	35.35 KB
@​sentry/browser (incl. Metrics)	26.95 KB
@​sentry/browser (incl. Logs)	27.08 KB
@​sentry/browser (incl. Metrics & Logs)	27.76 KB
@​sentry/react	27.38 KB
@​sentry/react (incl. Tracing)	45.31 KB
@​sentry/vue	30.45 KB
@​sentry/vue (incl. Tracing)	44.94 KB
@​sentry/svelte	25.7 KB
CDN Bundle	28.23 KB
CDN Bundle (incl. Tracing)	45.83 KB
CDN Bundle (incl. Logs, Metrics)	29.62 KB
CDN Bundle (incl. Tracing, Logs, Metrics)	46.91 KB
CDN Bundle (incl. Replay, Logs, Metrics)	67.84 KB
CDN Bundle (incl. Tracing, Replay)	82.15 KB
CDN Bundle (incl. Tracing, Replay, Logs, Metrics)	83.2 KB
CDN Bundle (incl. Tracing, Replay, Feedback)	87.84 KB
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics)	88.89 KB
CDN Bundle - uncompressed	82.89 KB
CDN Bundle (incl. Tracing) - uncompressed	137.15 KB
CDN Bundle (incl. Logs, Metrics) - uncompressed	86.99 KB
CDN Bundle (incl. Tracing, Logs, Metrics) - uncompressed	140.53 KB
CDN Bundle (incl. Replay, Logs, Metrics) - uncompressed	208.3 KB
CDN Bundle (incl. Tracing, Replay) - uncompressed	252.48 KB
CDN Bundle (incl. Tracing, Replay, Logs, Metrics) - uncompressed	255.85 KB
CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed	265.86 KB
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics) - uncompressed	269.22 KB
@​sentry/nextjs (client)	47.75 KB
@​sentry/sveltekit (client)	43.6 KB
@​sentry/node-core	59.05 KB
@​sentry/node	161.63 KB
@​sentry/node - without tracing	71.76 KB
@​sentry/aws-serverless	105.11 KB
@​sentry/cloudflare (withSentry) - minified	165.38 KB
@​sentry/cloudflare (withSentry)	417.48 KB

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​sentry/​node@​10.51.0 ⏵ 10.52.0	-1		+1

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm @sentry/node-core is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package-lock.json → npm/@sentry/node@10.52.0 → npm/@sentry/node-core@10.52.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@sentry/node-core@10.52.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report