chore(deps): bump the production-dependencies group with 2 updates

[dependabot]

Bumps the production-dependencies group with 2 updates: @sentry/react and @tanstack/react-query.

Updates @sentry/react from 10.43.0 to 10.45.0

Release notes

Sourced from @​sentry/react's releases.

10.45.0

Important Changes

• feat(remix): Server Timing Headers Trace Propagation (#18653)

  The Remix SDK now supports automatic trace propagation via Server-Timing response headers to continue pageload traces on the client side. This means, you no longer have to define a custom meta function to add Sentry <meta> tags to your page as previously. We'll update out Remix tracing docs after this release.

Other Changes

• fix(cloudflare): Use correct env types for withSentry (#19836)
• fix(core): Align error span status message with core SpanStatusType for langchain/google-genai (#19863)
• fix(deno): Clear pre-existing OTel global before registering TracerProvider (#19723)
• fix(nextjs): Skip tracing for tunnel requests (#19861)
• fix(node-core): Recycle propagationContext for each request (#19835)
• ref(core): Simplify core utility functions for smaller bundle (#19854)

• chore(deps): bump next from 16.1.5 to 16.1.7 in /dev-packages/e2e-tests/test-applications/nextjs-16 (#19851)
• ci(release): Switch from action-prepare-release to Craft (#18763)
• fix(deps): bump devalue 5.6.3 to 5.6.4 to fix CVE-2026-30226 (#19849)
• fix(deps): bump file-type to 21.3.2 and @​nestjs/common to 11.1.17 (#19847)
• fix(deps): bump flatted 3.3.1 to 3.4.2 to fix CVE-2026-32141 (#19842)
• fix(deps): bump hono 4.12.5 to 4.12.7 in cloudflare-hono E2E test app (#19850)
• fix(deps): bump next to 15.5.13/16.1.7 to fix CVE-2026-1525, CVE-202-33036 and related (#19870)
• fix(deps): bump tar 7.5.10 to 7.5.11 to fix CVE-2026-31802 (#19846)
• fix(deps): bump undici 6.23.0 to 6.24.1 to fix multiple CVEs (#19841)
• fix(deps): bump unhead 2.1.4 to 2.1.12 to fix CVE-2026-31860 and CVE-2026-31873 (#19848)
• test(nextjs): Skip broken ISR tests (#19871)
• test(react): Add gql tests for react router (#19844)

Bundle size 📦

Path	Size
@​sentry/browser	24.93 KB
@​sentry/browser - with treeshaking flags	23.47 KB
@​sentry/browser (incl. Tracing)	41.51 KB
@​sentry/browser (incl. Tracing, Profiling)	46.07 KB
@​sentry/browser (incl. Tracing, Replay)	79.41 KB
@​sentry/browser (incl. Tracing, Replay) - with treeshaking flags	69.22 KB
@​sentry/browser (incl. Tracing, Replay with Canvas)	84 KB
@​sentry/browser (incl. Tracing, Replay, Feedback)	95.97 KB
@​sentry/browser (incl. Feedback)	41.35 KB
@​sentry/browser (incl. sendFeedback)	29.49 KB

... (truncated)

Changelog

Sourced from @​sentry/react's changelog.

10.45.0

Important Changes

• feat(remix): Server Timing Headers Trace Propagation (#18653)

  The Remix SDK now supports automatic trace propagation via Server-Timing response headers to continue pageload traces on the client side. This means, you no longer have to define a custom meta function to add Sentry <meta> tags to your page as previously. We'll update out Remix tracing docs after this release.

Other Changes

• fix(cloudflare): Use correct env types for withSentry (#19836)
• fix(core): Align error span status message with core SpanStatusType for langchain/google-genai (#19863)
• fix(deno): Clear pre-existing OTel global before registering TracerProvider (#19723)
• fix(nextjs): Skip tracing for tunnel requests (#19861)
• fix(node-core): Recycle propagationContext for each request (#19835)
• ref(core): Simplify core utility functions for smaller bundle (#19854)

• chore(deps): bump next from 16.1.5 to 16.1.7 in /dev-packages/e2e-tests/test-applications/nextjs-16 (#19851)
• ci(release): Switch from action-prepare-release to Craft (#18763)
• fix(deps): bump devalue 5.6.3 to 5.6.4 to fix CVE-2026-30226 (#19849)
• fix(deps): bump file-type to 21.3.2 and @​nestjs/common to 11.1.17 (#19847)
• fix(deps): bump flatted 3.3.1 to 3.4.2 to fix CVE-2026-32141 (#19842)
• fix(deps): bump hono 4.12.5 to 4.12.7 in cloudflare-hono E2E test app (#19850)
• fix(deps): bump next to 15.5.13/16.1.7 to fix CVE-2026-1525, CVE-202-33036 and related (#19870)
• fix(deps): bump tar 7.5.10 to 7.5.11 to fix CVE-2026-31802 (#19846)
• fix(deps): bump undici 6.23.0 to 6.24.1 to fix multiple CVEs (#19841)
• fix(deps): bump unhead 2.1.4 to 2.1.12 to fix CVE-2026-31860 and CVE-2026-31873 (#19848)
• test(nextjs): Skip broken ISR tests (#19871)
• test(react): Add gql tests for react router (#19844)

10.44.0

Important Changes

• feat(effect): Add @sentry/effect SDK (Alpha) (#19644)

  This release introduces @sentry/effect, a new SDK for Effect.ts applications. The SDK provides Sentry integration via composable Effect layers for both Node.js and browser environments.

  Compose the effectLayer with optional tracing, logging, and metrics layers to instrument your Effect application:

  import * as Sentry from '@sentry/effect';
  import * as Layer from 'effect/Layer';

... (truncated)

Commits

• ef79d28 release: 10.45.0
• 28208bc Merge pull request #19877 from getsentry/prepare-release/10.45.0
• 2e2fd35 meta(changelog): Update changelog for 10.45.0
• 79241b0 fix(nextjs): Skip tracing for tunnel requests (#19861)
• 938ab2d ref(core): Simplify core utility functions for smaller bundle (#19854)
• 3bb4325 fix(core): Align error span status message with core SpanStatusType for lan...
• 3e5499a fix(deps): bump next to 15.5.13/16.1.7 to fix CVE-2026-1525, CVE-202-33036 an...
• 6f17b8a fix(cloudflare): Use correct env types for withSentry (#19836)
• b4b9e71 test(nextjs): Skip broken ISR tests (#19871)
• ae7206f feat(remix): Server Timing Headers Trace Propagation (#18653)
• Additional commits viewable in compare view

Updates @tanstack/react-query from 5.90.21 to 5.95.0

Release notes

Sourced from @​tanstack/react-query's releases.

@​tanstack/react-query-devtools@​5.95.0

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.95.0
  • @​tanstack/react-query@​5.95.0

@​tanstack/react-query-next-experimental@​5.95.0

Patch Changes

• Updated dependencies []:
  • @​tanstack/react-query@​5.95.0

@​tanstack/react-query-persist-client@​5.95.0

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-persist-client-core@​5.95.0
  • @​tanstack/react-query@​5.95.0

@​tanstack/react-query@​5.95.0

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.95.0

@​tanstack/react-query-devtools@​5.94.5

Patch Changes

• fix(*): resolve issue about excluded build directory (#10312)

• Updated dependencies [4b6536d]:

  • @​tanstack/query-devtools@​5.94.5
  • @​tanstack/react-query@​5.94.5

@​tanstack/react-query-next-experimental@​5.94.5

Patch Changes

• fix(*): resolve issue about excluded build directory (#10312)

• Updated dependencies [4b6536d]:

  • @​tanstack/react-query@​5.94.5

@​tanstack/react-query-persist-client@​5.94.5

Patch Changes

• fix(*): resolve issue about excluded build directory (#10312)

• Updated dependencies [4b6536d]:

  • @​tanstack/query-persist-client-core@​5.94.5

... (truncated)

Changelog

Sourced from @​tanstack/react-query's changelog.

5.95.0

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.95.0

5.94.5

Patch Changes

• fix(*): resolve issue about excluded build directory (#10312)

• Updated dependencies [4b6536d]:

  • @​tanstack/query-core@​5.94.5

5.94.4

Patch Changes

• chore: fixed version (#10064)

• Updated dependencies [4c75210]:

  • @​tanstack/query-core@​5.94.4

5.91.3

Patch Changes

• fix: stop node types from leaking into browser (#10302)

5.91.2

Patch Changes

• fix(streamedQuery): maintain error state on reset refetch with initialData defined (#10287)

• Updated dependencies [248975e]:

  • @​tanstack/query-core@​5.91.2

5.91.1

Patch Changes

• fix(core): cancel paused initial fetch when last observer unsubscribes (#10291)

• Updated dependencies [a89aab9]:

  • @​tanstack/query-core@​5.91.1

5.91.0

... (truncated)

Commits

• 4d7de83 ci: Version Packages (#10317)
• 8fe71e4 ci: Version Packages (#10313)
• c613c22 ci: Version Packages (#10309)
• 9346430 ci: changeset release
• be3746f fix: stop node types from leaking into browser (#10302)
• b6fd86b ci: Version Packages (#10297)
• 79e37cb ci: Version Packages (#10296)
• a89aab9 fix(core): cancel paused initial fetch when last observer unsubscribes (#10291)
• 3761d2b ci: Version Packages (#10290)
• 6fa901b feat/environmentManager (#10199)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.