build(deps-dev): bump the sentry group across 1 directory with 2 updates

[dependabot]

Bumps the sentry group with 2 updates in the / directory: @sentry/browser and @sentry/cli.

Updates @sentry/browser from 10.51.0 to 10.55.0

Release notes

Sourced from @​sentry/browser's releases.

10.55.0

Important Changes

• feat(hono): Promote @sentry/hono to stable and deprecate honoIntegration (#21208)

  The @sentry/hono SDK is now stable. See the Sentry Hono SDK docs to get started.

• docs(tanstackstart-react): Promote SDK status to beta (#21175)

  This release promotes the @sentry/tanstackstart-react SDK to beta. For details on how to use it, check out the Sentry TanStack Start SDK docs. Please reach out on GitHub if you have any feedback or concerns.

• feat(hono): Add shouldHandleError option to sentry() middleware (#21205)

  The sentry() middleware now accepts a shouldHandleError callback to control which errors are captured and sent to Sentry. By default, 3xx/4xx HTTP errors are ignored and 5xx errors and plain Error objects are captured. Return true from the callback to capture an error, false to suppress it.

  app.use(
    sentry(app, {
      dsn: '__DSN__',
      shouldHandleError(error) {
        const status = (error as { status?: number })?.status;
        // Capture 401/403 in addition to the default 5xx errors
        return status === 401 || status === 403 || typeof status !== 'number' || status >= 500;
      },
    }),
  );

• test(tanstackstart-react): Move initialization to client entry point (#21161)

  Change the recommended setup for the SDK to do Sentry.init() in the client entry file to capture telemetry that is emitted ahead of page hydration.

• feat(tanstackstart-react): Add distributed tracing (#21144)

  Server and client traces are now automatically connected, allowing you to see the full request lifecycle from server-side rendering through client-side hydration in a single trace.

• feat(tanstackstart-react): Add server-side route parametrization (#21147)

  Server transaction names are now parametrized automatically (e.g., GET /users/123 becomes GET /users/$userId), improving transaction grouping in Sentry.

• feat(tanstackstart-react): Show readable server function names in traces (#21190)

  Server function spans now show human-readable names (e.g., GET /_serverFn/greet instead of GET /_serverFn/a10e70b3...). The tanstackstart.function.hash.sha256 span attribute has been renamed to tanstackstart.function.id.

Other Changes

• feat(core): Migrate request data to dataCollection (#21071)
• feat(hono): Add warning in Bun for double init (#21195)

... (truncated)

Changelog

Sourced from @​sentry/browser's changelog.

10.55.0

Important Changes

• feat(hono): Promote @sentry/hono to stable and deprecate honoIntegration (#21208)

  The @sentry/hono SDK is now stable. See the Sentry Hono SDK docs to get started.

• docs(tanstackstart-react): Promote SDK status to beta (#21175)

  This release promotes the @sentry/tanstackstart-react SDK to beta. For details on how to use it, check out the Sentry TanStack Start SDK docs. Please reach out on GitHub if you have any feedback or concerns.

• feat(hono): Add shouldHandleError option to sentry() middleware (#21205)

  The sentry() middleware now accepts a shouldHandleError callback to control which errors are captured and sent to Sentry. By default, 3xx/4xx HTTP errors are ignored and 5xx errors and plain Error objects are captured. Return true from the callback to capture an error, false to suppress it.

  app.use(
    sentry(app, {
      dsn: '__DSN__',
      shouldHandleError(error) {
        const status = (error as { status?: number })?.status;
        // Capture 401/403 in addition to the default 5xx errors
        return status === 401 || status === 403 || typeof status !== 'number' || status >= 500;
      },
    }),
  );

• test(tanstackstart-react): Move initialization to client entry point (#21161)

  Change the recommended setup for the SDK to do Sentry.init() in the client entry file to capture telemetry that is emitted ahead of page hydration.

• feat(tanstackstart-react): Add distributed tracing (#21144)

  Server and client traces are now automatically connected, allowing you to see the full request lifecycle from server-side rendering through client-side hydration in a single trace.

• feat(tanstackstart-react): Add server-side route parametrization (#21147)

  Server transaction names are now parametrized automatically (e.g., GET /users/123 becomes GET /users/$userId), improving transaction grouping in Sentry.

• feat(tanstackstart-react): Show readable server function names in traces (#21190)

  Server function spans now show human-readable names (e.g., GET /_serverFn/greet instead of GET /_serverFn/a10e70b3...). The tanstackstart.function.hash.sha256 span attribute has been renamed to tanstackstart.function.id.

Other Changes

• feat(core): Migrate request data to dataCollection (#21071)

... (truncated)

Commits

• acd7b57 release: 10.55.0
• d5323d2 Merge pull request #21216 from getsentry/prepare-release/10.55.0
• 2fb1929 meta(changelog): Update changelog for 10.55.0
• 556bcb3 feat(hono): Add shouldHandleError as middleware option (#21205)
• 7a67ea4 feat(hono): Promote @sentry/hono to stable and deprecate honoIntegration ...
• cead7f9 fix(e2e): Fix astro-6 e2e test build by relaxing astro version range (#21211)
• 75fd1d5 chore(changelog): clarify array attributes impact on beforeSend* callbacks ...
• 8a2a490 fix(cloudflare): Use original waitUntil to not create a deadlock (#21197)
• f7b506d feat(metrics): Migrate metrics to use dataCollection instead of `sendDefaul...
• f55fc30 feat(core): Migrate request data to dataCollection (#21071)
• Additional commits viewable in compare view

Updates @sentry/cli from 3.4.1 to 3.4.3

Release notes

Sourced from @​sentry/cli's releases.

3.4.3

Security Fixes

• Behavior-breaking: Disable Xcode Info.plist preprocessing by default to avoid passing project-controlled compiler settings to cc during release auto-discovery. This affects sentry-cli releases propose-version, sentry-cli send-event and sentry-cli bash-hook --send-event release inference, and sentry-cli react-native xcode auto-release detection. Use --allow-xcode-infoplist-preprocessing only for trusted projects that require preprocessing.
• Ensure restrictive file permissions maintained when sentry-cli login updates existing config files.
• Disable TLS verification only when http.verify_ssl is set to false, case-insensitively.
• Shell-escape generated bash-hook arguments, including paths, tags, release names, and the CLI path.
• Stop sending environment variables in sentry-cli bash-hook events.
• Verify the downloaded binary checksum before replacing the current executable in sentry-cli update.

Performance

• (snapshots) Skip uploading images that already exist in objectstore by batch-checking with HEAD requests first (#3305)

Fixes

• (snapshots) Reject snapshot uploads that have a PR number but no base SHA, since comparisons cannot work without a base reference (#3300)

3.4.3-snapshot.20260521.69f5028

Snapshot build from master at 69f5028.

3.4.3-snapshot.20260520.9eabaaa

Snapshot build from master at 9eabaaa.

3.4.3-snapshot.20260511.6679316

Snapshot build from master at 6679316.

3.4.3-snapshot.20260511.7a3b571

Snapshot build from master at 7a3b571.

3.4.2

Fixes

• (snapshots) Stop sending Sentry auth token to Objectstore (#3286)
• (js) Fix argument injection in JavaScript API's serializeOptions. String/number options now validate input types and prevent Array.prototype.concat() from flattening array values into separate CLI arguments. (#3287)

3.4.2-snapshot.20260511.9081115

Snapshot build from master at 9081115.

3.4.2-snapshot.20260511.4052e78

Snapshot build from master at 4052e78.

3.4.2-snapshot.20260511.04c061a

Snapshot build from master at 04c061a.

3.4.2-snapshot.20260511.f5db2f6

Snapshot build from master at f5db2f6.

3.4.2-snapshot.20260508.660e98b

Snapshot build from master at 660e98b.

... (truncated)

Changelog

Sourced from @​sentry/cli's changelog.

3.4.3

Security Fixes

• Behavior-breaking: Disable Xcode Info.plist preprocessing by default to avoid passing project-controlled compiler settings to cc during release auto-discovery. This affects sentry-cli releases propose-version, sentry-cli send-event and sentry-cli bash-hook --send-event release inference, and sentry-cli react-native xcode auto-release detection. Use --allow-xcode-infoplist-preprocessing only for trusted projects that require preprocessing.
• Ensure restrictive file permissions maintained when sentry-cli login updates existing config files.
• Disable TLS verification only when http.verify_ssl is set to false, case-insensitively.
• Shell-escape generated bash-hook arguments, including paths, tags, release names, and the CLI path.
• Stop sending environment variables in sentry-cli bash-hook events.
• Verify the downloaded binary checksum before replacing the current executable in sentry-cli update.

Performance

• (snapshots) Skip uploading images that already exist in objectstore by batch-checking with HEAD requests first (#3305)

Fixes

• (snapshots) Reject snapshot uploads that have a PR number but no base SHA, since comparisons cannot work without a base reference (#3300)

3.4.2

Fixes

• (snapshots) Stop sending Sentry auth token to Objectstore (#3286)
• (js) Fix argument injection in JavaScript API's serializeOptions. String/number options now validate input types and prevent Array.prototype.concat() from flattening array values into separate CLI arguments. (#3287)

Commits

• ee52869 release: 3.4.3
• 69f5028 fix: Various fixes (#3308)
• 9eabaaa perf(snapshots): Skip uploading images that already exist in objectstore (#3305)
• 2624b8d fix(snapshots): Reject uploads with pr_number but no base_sha (#3300)
• 6679316 build(npm): 🤖 Bump optional dependencies to 3.4.2
• 7a3b571 Merge branch 'release/3.4.2'
• e3f5f55 release: 3.4.2
• f5db2f6 build(deps): Update openssl dependency (#3294)
• 4052e78 build(deps): Bump rand (#3296)
• 04c061a build(js): Update fast-uri (#3295)
• Additional commits viewable in compare view