X Tutup
Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: getsentry/sentry-javascript
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: develop@{1day}
Choose a base ref
...
head repository: getsentry/sentry-javascript
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: develop
Choose a head ref
  • 8 commits
  • 55 files changed
  • 4 contributors

Commits on Mar 26, 2026

  1. fix(e2e): Pin @opentelemetry/api to 1.9.0 in ts3.8 test app (#19992) 

    ## Summary

- `@opentelemetry/api@1.9.1` was released on Mar 25 and introduced
`export { Foo, type Bar }` syntax (inline type modifiers) in its `.d.ts`
files, which requires TypeScript 4.5+
- The `generic-ts3.8` E2E test runs with `skipLibCheck: false` and
TypeScript 3.8, so it tries to parse OTel's types and fails
- This pins `@opentelemetry/api` to `1.9.0` in the ts3.8 test app via
`pnpm.overrides`
- We can't pin repo-wide in published packages because OTel uses a
global singleton pattern — version mismatches with
`@opentelemetry/sdk-trace-base` cause the tracer to become a no-op
- Our published `.d.ts` files are unaffected — only OTel's own types use
the incompatible syntax

## Test plan

- [x] Verified locally: `yarn test:run generic-ts3.8` passes with the
pin
- [ ] CI `E2E generic-ts3.8 Test` should go green

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Closes #19998 (added automatically)

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
    @logaretm @claude
    logaretm and claude authored Mar 26, 2026
    Configuration menu
    Copy the full SHA
    f685a85 View commit details
    Browse the repository at this point in the history

  2. feat(browser): Replace element timing spans with metrics (#19869) 

    Removes element timing span creation from `browserTracingIntegration`
(deprecates `enableElementTiming` option, introduces a new standalone
`elementTimingIntegration` that emits Element Timing API data as
**Sentry distribution metrics** instead of spans.

Emits `element_timing.render_time` and `element_timing.load_time`
metrics with `element.identifier` and `element.paint_type` attributes. I
believe users can query by the element identifier if they are interested
in metrics for a specific element.

Me and Lukas think this is a safe change because it was never
documented, even then I made sure to export NO-OP replacement functions
to stub them out.

## Reasoning for the change

Element Timing values (`renderTime`, `loadTime`) are point-in-time
timestamps, not durations. Modeling them as spans required awkward
workarounds (zero-duration spans, arbitrary start times) that didn't
produce meaningful trace data. Metrics are the correct abstraction here.

See discussion in #19261 for full context.

## Usage

```js
Sentry.init({
  integrations: [
    Sentry.browserTracingIntegration(),
    Sentry.elementTimingIntegration(),
  ],
});
```

closes #19260

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
    @logaretm @claude
    logaretm and claude authored Mar 26, 2026
    Configuration menu
    Copy the full SHA
    91709f0 View commit details
    Browse the repository at this point in the history

  3. ref(core): Introduce instrumented method registry for AI integrations ( 

    …#19981)

Replace the shared `getOperationName()` function with per-provider
method registries that map API paths to their operation name and
streaming behavior. This explicitly couples the instrumented methods and
necessary metadata in one place instead of having convoluted substring
matching in multiple places that can be quite hard to reason about.

Closes #19987 (added automatically)
    @nicohrubec
    nicohrubec authored Mar 26, 2026
    Configuration menu
    Copy the full SHA
    e3bdbed View commit details
    Browse the repository at this point in the history

  4. fix(node): Ensure startNewTrace propagates traceId in OTel environmen… 

    …ts (#19963)

## Summary

- Add OTel-aware `startNewTrace` implementation that injects the new
traceId as a remote span context into the OTel context
- Add `startNewTrace` to the `AsyncContextStrategy` interface so OTel
can override the default behavior
- Register the new implementation in the OTel async context strategy

### Root Cause

`startNewTrace` set a new `traceId` on the Sentry scope's propagation
context but only called `withActiveSpan(null, callback)`, which in OTel
translates to `trace.deleteSpan(context.active())`. This removed the
active span but did **not** inject the new traceId into the OTel
context. Each subsequent `startInactiveSpan` call created a root span
with a fresh random traceId from OTel's tracer.

The fix follows the same pattern as `continueTrace` — injecting the
traceId as a remote span context via `trace.setSpanContext()` so all
spans in the callback inherit it.

Closes #19952

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
    @logaretm @claude
    logaretm and claude authored Mar 26, 2026
    Configuration menu
    Copy the full SHA
    c0d52df View commit details
    Browse the repository at this point in the history

Commits on Mar 27, 2026

  1. feat(core): Support embedding APIs in google-genai (#19797) 

    Add instrumentation support for the Google GenAI embeddings API
(`models.embedContent`).

Docs: https://ai.google.dev/gemini-api/docs/embeddings

Closes #19535

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
    @nicohrubec @claude
    nicohrubec and claude authored Mar 27, 2026
    Configuration menu
    Copy the full SHA
    fa74db5 View commit details
    Browse the repository at this point in the history

  2. feat(deps): Bump handlebars from 4.7.7 to 4.7.9 (#20008) 

    Bumps [handlebars](https://github.com/handlebars-lang/handlebars.js)
from 4.7.7 to 4.7.9.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/handlebars-lang/handlebars.js/releases">handlebars's
releases</a>.</em></p>
<blockquote>
<h2>v4.7.9</h2>
<ul>
<li>fix: enable shell mode for spawn to resolve Windows EINVAL issue -
e0137c2</li>
<li>fix type &quot;RuntimeOptions&quot; also accepting string partials -
eab1d14</li>
<li>feat(types): set <code>hash</code> to be a <code>Record&lt;string,
any&gt;</code> - de4414d</li>
<li>fix non-contiguous program indices - 4512766</li>
<li>refactor: rename i to startPartIndex - e497a35</li>
<li>security: fix security issues - 68d8df5
<ul>
<li><a
href="https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q">https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q</a></li>
<li><a
href="https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r">https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r</a></li>
<li><a
href="https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6">https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6</a></li>
<li><a
href="https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf">https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf</a></li>
<li><a
href="https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff">https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff</a></li>
<li><a
href="https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9">https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9</a></li>
<li><a
href="https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh">https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh</a></li>
<li><a
href="https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2">https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2</a></li>
</ul>
</li>
</ul>
<p><a
href="https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9">Commits</a></p>
<h2>v4.7.8</h2>
<ul>
<li>Make library compatible with workers (<a
href="https://redirect.github.com/handlebars-lang/handlebars.js/issues/1894">#1894</a>)
- 3d3796c</li>
<li>Don't rely on Node.js global object (<a
href="https://redirect.github.com/handlebars-lang/handlebars.js/issues/1776">#1776</a>)
- 2954e7e</li>
<li>Fix compiling of each block params in strict mode (<a
href="https://redirect.github.com/handlebars-lang/handlebars.js/issues/1855">#1855</a>)
- 30dbf04</li>
<li>Fix rollup warning when importing Handlebars as ESM - 03d387b</li>
<li>Fix bundler issue with webpack 5 (<a
href="https://redirect.github.com/handlebars-lang/handlebars.js/issues/1862">#1862</a>)
- c6c6bbb</li>
<li>Use https instead of git for mustache submodule - 88ac068</li>
</ul>
<p><a
href="https://github.com/handlebars-lang/handlebars.js/compare/v4.7.7...v4.7.8">Commits</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md">handlebars's
changelog</a>.</em></p>
<blockquote>
<h2>v4.7.9 - March 26th, 2026</h2>
<ul>
<li>fix: enable shell mode for spawn to resolve Windows EINVAL issue -
e0137c2</li>
<li>fix type &quot;RuntimeOptions&quot; also accepting string partials -
eab1d14</li>
<li>feat(types): set <code>hash</code> to be a <code>Record&lt;string,
any&gt;</code> - de4414d</li>
<li>fix non-contiguous program indices - 4512766</li>
<li>refactor: rename i to startPartIndex - e497a35</li>
<li>security: fix security issues - 68d8df5</li>
</ul>
<p><a
href="https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9">Commits</a></p>
<h2>v4.7.8 - July 27th, 2023</h2>
<ul>
<li>Make library compatible with workers (<a
href="https://redirect.github.com/handlebars-lang/handlebars.js/issues/1894">#1894</a>)
- 3d3796c</li>
<li>Don't rely on Node.js global object (<a
href="https://redirect.github.com/handlebars-lang/handlebars.js/issues/1776">#1776</a>)
- 2954e7e</li>
<li>Fix compiling of each block params in strict mode (<a
href="https://redirect.github.com/handlebars-lang/handlebars.js/issues/1855">#1855</a>)
- 30dbf04</li>
<li>Fix rollup warning when importing Handlebars as ESM - 03d387b</li>
<li>Fix bundler issue with webpack 5 (<a
href="https://redirect.github.com/handlebars-lang/handlebars.js/issues/1862">#1862</a>)
- c6c6bbb</li>
<li>Use https instead of git for mustache submodule - 88ac068</li>
</ul>
<p><a
href="https://github.com/handlebars-lang/handlebars.js/compare/v4.7.7...v4.7.8">Commits</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/handlebars-lang/handlebars.js/commit/dce542c9a660048d31f0981ac8a45c08b919bddb"><code>dce542c</code></a>
v4.7.9</li>
<li><a
href="https://github.com/handlebars-lang/handlebars.js/commit/8a41389ba5b2624b6f43a5463d8e2533b843a562"><code>8a41389</code></a>
Update release notes</li>
<li><a
href="https://github.com/handlebars-lang/handlebars.js/commit/68d8df5a88e0a26fe9e6084c5c6aaebe67b07da2"><code>68d8df5</code></a>
Fix security issues</li>
<li><a
href="https://github.com/handlebars-lang/handlebars.js/commit/b2a083136b11e1da9f0f47a11f749a9830a49328"><code>b2a0831</code></a>
Fix browser tests</li>
<li><a
href="https://github.com/handlebars-lang/handlebars.js/commit/9f98c1629834abf8de5a127caff8a2eab03d2c12"><code>9f98c16</code></a>
Fix release script</li>
<li><a
href="https://github.com/handlebars-lang/handlebars.js/commit/45443b4290475dfb7cec32a85d344f12ab345eb9"><code>45443b4</code></a>
Revert &quot;Improve partial indenting performance&quot;</li>
<li><a
href="https://github.com/handlebars-lang/handlebars.js/commit/8841a5f6d35096aee95d68e1e49636a4cb5c661e"><code>8841a5f</code></a>
Fix CI errors with linting</li>
<li><a
href="https://github.com/handlebars-lang/handlebars.js/commit/e0137c26f2202593bca7cc25184e733e87d54709"><code>e0137c2</code></a>
fix: enable shell mode for spawn to resolve Windows EINVAL issue</li>
<li><a
href="https://github.com/handlebars-lang/handlebars.js/commit/e914d6037ffb0dd371f7e4823cdb019732ae66d7"><code>e914d60</code></a>
Improve rendering performance</li>
<li><a
href="https://github.com/handlebars-lang/handlebars.js/commit/7de4b41c344a5d702edca93d1841b59642fa32bd"><code>7de4b41</code></a>
Upgrade GitHub Actions checkout and setup-node on 4.x branch</li>
<li>Additional commits viewable in <a
href="https://github.com/handlebars-lang/handlebars.js/compare/v4.7.7...v4.7.9">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~jaylinski">jaylinski</a>, a new releaser
for handlebars since your current version.</p>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=handlebars&package-manager=npm_and_yarn&previous-version=4.7.7&new-version=4.7.9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/getsentry/sentry-javascript/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Mar 27, 2026
    Configuration menu
    Copy the full SHA
    cd6d8cc View commit details
    Browse the repository at this point in the history

  3. chore(deps): Bump @apollo/server from 5.4.0 to 5.5.0 (#20007) 

    Bumps
[@apollo/server](https://github.com/apollographql/apollo-server/tree/HEAD/packages/server)
from 5.4.0 to 5.5.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/apollographql/apollo-server/releases"><code>@​apollo/server</code>'s
releases</a>.</em></p>
<blockquote>
<h2><code>@​apollo/server-integration-testsuite</code><a
href="https://github.com/5"><code>@​5</code></a>.5.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/apollographql/apollo-server/pull/8191">#8191</a>
<a
href="https://github.com/apollographql/apollo-server/commit/ada12001c4e95b5c779d80314a5a32e33087b5cf"><code>ada1200</code></a>
- ⚠️ SECURITY <code>@apollo/server/standalone</code>:</p>
<p>Apollo Server now rejects GraphQL <code>GET</code> requests which
contain a <code>Content-Type</code> header other than
<code>application/json</code> (with optional parameters such as <code>;
charset=utf-8</code>). Any other value is now rejected with a 415 status
code.</p>
<p>(GraphQL <code>GET</code> requests without a
<code>Content-Type</code> header are still allowed, though they do still
need to contain a non-empty <code>X-Apollo-Operation-Name</code> or
<code>Apollo-Require-Preflight</code> header to be processed if the
default CSRF prevention feature is enabled.)</p>
<p>This improvement makes Apollo Server's CSRF more resistant to
browsers which implement CORS in non-spec-compliant ways. Apollo is
aware of one browser which as of March 2026 has a bug which allows an
attacker to circumvent Apollo Server's CSRF prevention feature to carry
out read-only XS-Search-style CSRF attacks. The browser vendor is in the
process of patching this vulnerability; upgrading Apollo Server to
v5.5.0 mitigates this vulnerability.</p>
<p><strong>If your server uses cookies (or HTTP Basic Auth) for
authentication, Apollo encourages you to upgrade to v5.5.0.</strong></p>
<p>This is technically a backwards-incompatible change. Apollo is not
aware of any GraphQL clients which provide non-empty
<code>Content-Type</code> headers with <code>GET</code> requests with
types other than <code>application/json</code>. If your use case
requires such requests, please <a
href="https://github.com/apollographql/apollo-server/issues">file an
issue</a> and we may add more configurability in a follow-up
release.</p>
<p>See <a
href="https://github.com/apollographql/apollo-server/security/advisories/GHSA-9q82-xgwf-vj6h">advisory
GHSA-9q82-xgwf-vj6h</a> for more details.</p>
</li>
</ul>
<h3>Patch Changes</h3>
<ul>
<li>Updated dependencies [<a
href="https://github.com/apollographql/apollo-server/commit/ada12001c4e95b5c779d80314a5a32e33087b5cf"><code>ada1200</code></a>]:
<ul>
<li><code>@​apollo/server</code><a
href="https://github.com/5"><code>@​5</code></a>.5.0</li>
</ul>
</li>
</ul>
<h2><code>@​apollo/server</code><a
href="https://github.com/5"><code>@​5</code></a>.5.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/apollographql/apollo-server/pull/8191">#8191</a>
<a
href="https://github.com/apollographql/apollo-server/commit/ada12001c4e95b5c779d80314a5a32e33087b5cf"><code>ada1200</code></a>
Thanks <a href="https://github.com/glasser"><code>@​glasser</code></a>!
- ⚠️ SECURITY <code>@apollo/server/standalone</code>:</p>
<p>Apollo Server now rejects GraphQL <code>GET</code> requests which
contain a <code>Content-Type</code> header other than
<code>application/json</code> (with optional parameters such as <code>;
charset=utf-8</code>). Any other value is now rejected with a 415 status
code.</p>
<p>(GraphQL <code>GET</code> requests without a
<code>Content-Type</code> header are still allowed, though they do still
need to contain a non-empty <code>X-Apollo-Operation-Name</code> or
<code>Apollo-Require-Preflight</code> header to be processed if the
default CSRF prevention feature is enabled.)</p>
<p>This improvement makes Apollo Server's CSRF more resistant to
browsers which implement CORS in non-spec-compliant ways. Apollo is
aware of one browser which as of March 2026 has a bug which allows an
attacker to circumvent Apollo Server's CSRF prevention feature to carry
out read-only XS-Search-style CSRF attacks. The browser vendor is in the
process of patching this vulnerability; upgrading Apollo Server to
v5.5.0 mitigates this vulnerability.</p>
<p><strong>If your server uses cookies (or HTTP Basic Auth) for
authentication, Apollo encourages you to upgrade to v5.5.0.</strong></p>
<p>This is technically a backwards-incompatible change. Apollo is not
aware of any GraphQL clients which provide non-empty
<code>Content-Type</code> headers with <code>GET</code> requests with
types other than <code>application/json</code>. If your use case
requires such requests, please <a
href="https://github.com/apollographql/apollo-server/issues">file an
issue</a> and we may add more configurability in a follow-up
release.</p>
<p>See <a
href="https://github.com/apollographql/apollo-server/security/advisories/GHSA-9q82-xgwf-vj6h">advisory
GHSA-9q82-xgwf-vj6h</a> for more details.</p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/apollographql/apollo-server/blob/main/packages/server/CHANGELOG.md"><code>@​apollo/server</code>'s
changelog</a>.</em></p>
<blockquote>
<h2>5.5.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/apollographql/apollo-server/pull/8191">#8191</a>
<a
href="https://github.com/apollographql/apollo-server/commit/ada12001c4e95b5c779d80314a5a32e33087b5cf"><code>ada1200</code></a>
Thanks <a href="https://github.com/glasser"><code>@​glasser</code></a>!
- ⚠️ SECURITY <code>@apollo/server/standalone</code>:</p>
<p>Apollo Server now rejects GraphQL <code>GET</code> requests which
contain a <code>Content-Type</code> header other than
<code>application/json</code> (with optional parameters such as <code>;
charset=utf-8</code>). Any other value is now rejected with a 415 status
code.</p>
<p>(GraphQL <code>GET</code> requests without a
<code>Content-Type</code> header are still allowed, though they do still
need to contain a non-empty <code>X-Apollo-Operation-Name</code> or
<code>Apollo-Require-Preflight</code> header to be processed if the
default CSRF prevention feature is enabled.)</p>
<p>This improvement makes Apollo Server's CSRF more resistant to
browsers which implement CORS in non-spec-compliant ways. Apollo is
aware of one browser which as of March 2026 has a bug which allows an
attacker to circumvent Apollo Server's CSRF prevention feature to carry
out read-only XS-Search-style CSRF attacks. The browser vendor is in the
process of patching this vulnerability; upgrading Apollo Server to
v5.5.0 mitigates this vulnerability.</p>
<p><strong>If your server uses cookies (or HTTP Basic Auth) for
authentication, Apollo encourages you to upgrade to v5.5.0.</strong></p>
<p>This is technically a backwards-incompatible change. Apollo is not
aware of any GraphQL clients which provide non-empty
<code>Content-Type</code> headers with <code>GET</code> requests with
types other than <code>application/json</code>. If your use case
requires such requests, please <a
href="https://github.com/apollographql/apollo-server/issues">file an
issue</a> and we may add more configurability in a follow-up
release.</p>
<p>See <a
href="https://github.com/apollographql/apollo-server/security/advisories/GHSA-9q82-xgwf-vj6h">advisory
GHSA-9q82-xgwf-vj6h</a> for more details.</p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/apollographql/apollo-server/commit/64c0e1bb5d79d571bf448c35aea0b31097e6ce9d"><code>64c0e1b</code></a>
Version Packages (<a
href="https://github.com/apollographql/apollo-server/tree/HEAD/packages/server/issues/8192">#8192</a>)</li>
<li><a
href="https://github.com/apollographql/apollo-server/commit/ada12001c4e95b5c779d80314a5a32e33087b5cf"><code>ada1200</code></a>
Reject GET requests with a Content-Type other than application/json (<a
href="https://github.com/apollographql/apollo-server/tree/HEAD/packages/server/issues/8191">#8191</a>)</li>
<li>See full diff in <a
href="https://github.com/apollographql/apollo-server/commits/@apollo/server@5.5.0/packages/server">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@apollo/server&package-manager=npm_and_yarn&previous-version=5.4.0&new-version=5.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/getsentry/sentry-javascript/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Mar 27, 2026
    Configuration menu
    Copy the full SHA
    819240d View commit details
    Browse the repository at this point in the history

  4. chore(deps): Bump srvx from 0.11.12 to 0.11.13 (#20001) 

    Bumps [srvx](https://github.com/h3js/srvx) from 0.11.12 to 0.11.13.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/h3js/srvx/releases">srvx's
releases</a>.</em></p>
<blockquote>
<h2>v0.11.13</h2>
<p><a
href="https://github.com/h3js/srvx/compare/v0.11.12...v0.11.13">compare
changes</a></p>
<h3>🩹 Fixes</h3>
<ul>
<li><strong>url:</strong> Deopt absolute URIs in FastURL (<a
href="https://github.com/h3js/srvx/commit/de0d699">de0d699</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/h3js/srvx/blob/main/CHANGELOG.md">srvx's
changelog</a>.</em></p>
<blockquote>
<h2>v0.11.13</h2>
<p><a
href="https://github.com/h3js/srvx/compare/v0.11.12...v0.11.13">compare
changes</a></p>
<h3>🩹 Fixes</h3>
<ul>
<li><strong>url:</strong> Deopt absolute URIs in FastURL (<a
href="https://github.com/h3js/srvx/commit/de0d699">de0d699</a>)</li>
</ul>
<h3>🏡 Chore</h3>
<ul>
<li>Update deps (<a
href="https://github.com/h3js/srvx/commit/4e6ace6">4e6ace6</a>)</li>
<li>Update deps (<a
href="https://github.com/h3js/srvx/commit/6a72a00">6a72a00</a>)</li>
<li>Fix type issue (<a
href="https://github.com/h3js/srvx/commit/ed8cc2b">ed8cc2b</a>)</li>
<li>Apply automated updates (<a
href="https://github.com/h3js/srvx/commit/7375fed">7375fed</a>)</li>
<li>Update deps (<a
href="https://github.com/h3js/srvx/commit/8f4bc4f">8f4bc4f</a>)</li>
</ul>
<h3>❤️ Contributors</h3>
<ul>
<li>Pooya Parsa (<a
href="https://github.com/pi0"><code>@​pi0</code></a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/h3js/srvx/commit/e19649a96a33012be5f5c201c11fb388940ade68"><code>e19649a</code></a>
chore(release): v0.11.13</li>
<li><a
href="https://github.com/h3js/srvx/commit/8f4bc4f2d00622d980f31b4ab205c6e5ad80c02f"><code>8f4bc4f</code></a>
chore: update deps</li>
<li><a
href="https://github.com/h3js/srvx/commit/7375fed4a2bf9fb4b64896ce868937eda7cf686f"><code>7375fed</code></a>
chore: apply automated updates</li>
<li><a
href="https://github.com/h3js/srvx/commit/ed8cc2b900e25da2f0ec1505da1e2edad867b4b6"><code>ed8cc2b</code></a>
chore: fix type issue</li>
<li><a
href="https://github.com/h3js/srvx/commit/6a72a0031063669d6f8320ad6c9a7cac3254fb41"><code>6a72a00</code></a>
chore: update deps</li>
<li><a
href="https://github.com/h3js/srvx/commit/de0d69901c357f36a39b7e13eebef6c930652baa"><code>de0d699</code></a>
fix(url): deopt absolute URIs in FastURL</li>
<li><a
href="https://github.com/h3js/srvx/commit/4e6ace6b55686acd6125f608ef6ab3ab1efb057f"><code>4e6ace6</code></a>
chore: update deps</li>
<li>See full diff in <a
href="https://github.com/h3js/srvx/compare/v0.11.12...v0.11.13">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=srvx&package-manager=npm_and_yarn&previous-version=0.11.12&new-version=0.11.13)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/getsentry/sentry-javascript/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Mar 27, 2026
    Configuration menu
    Copy the full SHA
    5ba0bd3 View commit details
    Browse the repository at this point in the history
Loading
X Tutup