build(deps-dev): bump the sentry group across 1 directory with 2 updates

[dependabot]

Bumps the sentry group with 2 updates in the / directory: @sentry/browser and @sentry/cli.

Updates @sentry/browser from 10.51.0 to 10.53.1

Release notes

Sourced from @​sentry/browser's releases.

10.53.1

• fix(core): Don't gate user data for streamed spans at scope read time (#20827)
• fix(core): Include subpath type shims in published package (#20835)
• ref(hono): Consolidate route patching and add clarification comments (#20829)

• chore(deps): Bump next from 15.5.15 to 15.5.18 in /dev-packages/e2e-tests/test-applications/nextjs-15-intl (#20821)

Bundle size 📦

Path	Size
@​sentry/browser	26.22 KB
@​sentry/browser - with treeshaking flags	24.69 KB
@​sentry/browser (incl. Tracing)	43.69 KB
@​sentry/browser (incl. Tracing + Span Streaming)	45.62 KB
@​sentry/browser (incl. Tracing, Profiling)	48.56 KB
@​sentry/browser (incl. Tracing, Replay)	82.4 KB
@​sentry/browser (incl. Tracing, Replay) - with treeshaking flags	72.08 KB
@​sentry/browser (incl. Tracing, Replay with Canvas)	86.99 KB
@​sentry/browser (incl. Tracing, Replay, Feedback)	99.33 KB
@​sentry/browser (incl. Feedback)	43 KB
@​sentry/browser (incl. sendFeedback)	30.92 KB
@​sentry/browser (incl. FeedbackAsync)	35.91 KB
@​sentry/browser (incl. Metrics)	27.27 KB
@​sentry/browser (incl. Logs)	27.42 KB
@​sentry/browser (incl. Metrics & Logs)	28.08 KB
@​sentry/react	27.92 KB
@​sentry/react (incl. Tracing)	45.9 KB
@​sentry/vue	31.01 KB
@​sentry/vue (incl. Tracing)	45.5 KB
@​sentry/svelte	26.24 KB
CDN Bundle	28.55 KB
CDN Bundle (incl. Tracing)	46.04 KB
CDN Bundle (incl. Logs, Metrics)	29.89 KB
CDN Bundle (incl. Tracing, Logs, Metrics)	47.14 KB
CDN Bundle (incl. Replay, Logs, Metrics)	68.3 KB
CDN Bundle (incl. Tracing, Replay)	82.55 KB
CDN Bundle (incl. Tracing, Replay, Logs, Metrics)	83.6 KB
CDN Bundle (incl. Tracing, Replay, Feedback)	88.23 KB
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics)	89.3 KB
CDN Bundle - uncompressed	83.97 KB
CDN Bundle (incl. Tracing) - uncompressed	138.12 KB
CDN Bundle (incl. Logs, Metrics) - uncompressed	88.07 KB
CDN Bundle (incl. Tracing, Logs, Metrics) - uncompressed	141.5 KB
CDN Bundle (incl. Replay, Logs, Metrics) - uncompressed	209.97 KB

... (truncated)

Changelog

Sourced from @​sentry/browser's changelog.

10.53.1

• fix(core): Don't gate user data for streamed spans at scope read time (#20827)
• fix(core): Include subpath type shims in published package (#20835)
• ref(hono): Consolidate route patching and add clarification comments (#20829)

• chore(deps): Bump next from 15.5.15 to 15.5.18 in /dev-packages/e2e-tests/test-applications/nextjs-15-intl (#20821)

10.53.0

Important Changes

• feat(core): Add streamGenAiSpans options to stream gen_ai spans (#20785)

  Adds a new streamGenAiSpans option that controls how gen_ai spans are sent to Sentry. When set, the SDK extracts all gen_ai spans out of a transaction and sends them as v2 envelope items.

  Enable this option if gen_ai spans are being dropped because the transaction payload exceeds size limits.

  Sentry.init({
    dsn: 'https://examplePublicKey@o0.ingest.sentry.io/0',
    streamGenAiSpans: true,
  });

Other Changes

• feat(browser): Migrate browser profiling thread data to span attributes (#20800)
• feat(core): Add addConsoleInstrumentationFilter utility (#20790)
• feat(core): Add applicationKey to BuildTimeOptionsBase (#20789)
• feat(core): split exports by browser/server for bundle size (#20435)
• feat(nextjs): Add top-level applicationKey option (#20794)
• feat(node): Support Node 26 (#20710)
• feat(profiling-node): Bump @sentry-internal/node-cpu-profiler to 2.4.0 (#20720)
• fix(cloudflare): avoid flush lock self-wait (#20719)
• fix(hono): Capture transaction name on request for correct culprit (#20801)
• fix(mcp): retroactively wrap handlers registered before wrapMcpServerWithSentry (#20699)
• fix(node-core): Guard against undefined util.getSystemErrorMap (#20660)
• fix(replay): Capture aborted/errored fetch requests in replay network tab (#20722)

... (truncated)

Commits

• cd97408 release: 10.53.1
• 66cfb25 Merge pull request #20838 from getsentry/prepare-release/10.53.1
• df8fd38 meta(changelog): Update changelog for 10.53.1
• 5881009 fix(core): Include subpath type shims in published package (#20835)
• 6a7d179 fix(core): Don't gate user data for streamed spans at scope read time (#20827)
• ad47c3c ref(hono): Consolidate route patching and add clarification comments (#20829)
• 28d6fe5 Merge pull request #20826 from getsentry/master
• 46aca45 Merge branch 'release/10.53.0'
• b5cbc9c chore(deps): Bump next from 15.5.15 to 15.5.18 in /dev-packages/e2e-tests/tes...
• 05489b8 release: 10.53.0
• Additional commits viewable in compare view

Updates @sentry/cli from 3.4.1 to 3.4.3

Release notes

Sourced from @​sentry/cli's releases.

3.4.3

Security Fixes

• Behavior-breaking: Disable Xcode Info.plist preprocessing by default to avoid passing project-controlled compiler settings to cc during release auto-discovery. This affects sentry-cli releases propose-version, sentry-cli send-event and sentry-cli bash-hook --send-event release inference, and sentry-cli react-native xcode auto-release detection. Use --allow-xcode-infoplist-preprocessing only for trusted projects that require preprocessing.
• Ensure restrictive file permissions maintained when sentry-cli login updates existing config files.
• Disable TLS verification only when http.verify_ssl is set to false, case-insensitively.
• Shell-escape generated bash-hook arguments, including paths, tags, release names, and the CLI path.
• Stop sending environment variables in sentry-cli bash-hook events.
• Verify the downloaded binary checksum before replacing the current executable in sentry-cli update.

Performance

• (snapshots) Skip uploading images that already exist in objectstore by batch-checking with HEAD requests first (#3305)

Fixes

• (snapshots) Reject snapshot uploads that have a PR number but no base SHA, since comparisons cannot work without a base reference (#3300)

3.4.3-snapshot.20260521.69f5028

Snapshot build from master at 69f5028.

3.4.3-snapshot.20260520.9eabaaa

Snapshot build from master at 9eabaaa.

3.4.3-snapshot.20260511.6679316

Snapshot build from master at 6679316.

3.4.3-snapshot.20260511.7a3b571

Snapshot build from master at 7a3b571.

3.4.2

Fixes

• (snapshots) Stop sending Sentry auth token to Objectstore (#3286)
• (js) Fix argument injection in JavaScript API's serializeOptions. String/number options now validate input types and prevent Array.prototype.concat() from flattening array values into separate CLI arguments. (#3287)

3.4.2-snapshot.20260511.9081115

Snapshot build from master at 9081115.

3.4.2-snapshot.20260511.4052e78

Snapshot build from master at 4052e78.

3.4.2-snapshot.20260511.04c061a

Snapshot build from master at 04c061a.

3.4.2-snapshot.20260511.f5db2f6

Snapshot build from master at f5db2f6.

3.4.2-snapshot.20260508.660e98b

Snapshot build from master at 660e98b.

... (truncated)

Changelog

Sourced from @​sentry/cli's changelog.

3.4.3

Security Fixes

• Behavior-breaking: Disable Xcode Info.plist preprocessing by default to avoid passing project-controlled compiler settings to cc during release auto-discovery. This affects sentry-cli releases propose-version, sentry-cli send-event and sentry-cli bash-hook --send-event release inference, and sentry-cli react-native xcode auto-release detection. Use --allow-xcode-infoplist-preprocessing only for trusted projects that require preprocessing.
• Ensure restrictive file permissions maintained when sentry-cli login updates existing config files.
• Disable TLS verification only when http.verify_ssl is set to false, case-insensitively.
• Shell-escape generated bash-hook arguments, including paths, tags, release names, and the CLI path.
• Stop sending environment variables in sentry-cli bash-hook events.
• Verify the downloaded binary checksum before replacing the current executable in sentry-cli update.

Performance

• (snapshots) Skip uploading images that already exist in objectstore by batch-checking with HEAD requests first (#3305)

Fixes

• (snapshots) Reject snapshot uploads that have a PR number but no base SHA, since comparisons cannot work without a base reference (#3300)

3.4.2

Fixes

• (snapshots) Stop sending Sentry auth token to Objectstore (#3286)
• (js) Fix argument injection in JavaScript API's serializeOptions. String/number options now validate input types and prevent Array.prototype.concat() from flattening array values into separate CLI arguments. (#3287)

Commits

• ee52869 release: 3.4.3
• 69f5028 fix: Various fixes (#3308)
• 9eabaaa perf(snapshots): Skip uploading images that already exist in objectstore (#3305)
• 2624b8d fix(snapshots): Reject uploads with pr_number but no base_sha (#3300)
• 6679316 build(npm): 🤖 Bump optional dependencies to 3.4.2
• 7a3b571 Merge branch 'release/3.4.2'
• e3f5f55 release: 3.4.2
• f5db2f6 build(deps): Update openssl dependency (#3294)
• 4052e78 build(deps): Bump rand (#3296)
• 04c061a build(js): Update fast-uri (#3295)
• Additional commits viewable in compare view