chore(deps)(deps): bump the minor-and-patch group across 1 directory with 7 updates

[dependabot]

Bumps the minor-and-patch group with 6 updates in the / directory:

Package	From	To
@sentry/nextjs	10.48.0	10.49.0
@supabase/ssr	0.10.0	0.10.2
next	16.2.0	16.2.4
react	19.2.4	19.2.5
react-dom	19.2.4	19.2.5
eslint-config-next	16.2.0	16.2.4

Updates @sentry/nextjs from 10.48.0 to 10.49.0

Release notes

Sourced from @​sentry/nextjs's releases.

10.49.0

Important Changes

• feat(browser): Add View Hierarchy integration (#14981)

  A new viewHierarchyIntegration captures the DOM structure when an error occurs, providing a snapshot of the page state for debugging. Enable it in your Sentry configuration:

  import * as Sentry from '@sentry/browser';
  Sentry.init({
  dsn: 'DSN',
  integrations: [Sentry.viewHierarchyIntegration()],
  });

• feat(cloudflare): Split alarms into multiple traces and link them (#19373)

  Durable Object alarms now create separate traces for each alarm invocation, with proper linking between related alarms for better observability.

• feat(cloudflare): Enable RPC trace propagation with enableRpcTracePropagation (#19991, #20345)

  A new enableRpcTracePropagation option enables automatic trace propagation for Cloudflare RPC calls via .fetch(), ensuring distributed traces flow correctly across service bindings.

• feat(core): Add enableTruncation option to AI integrations (#20167, #20181, #20182, #20183, #20184)

  All AI integrations (OpenAI, Anthropic, Google GenAI, LangChain, LangGraph) now support an enableTruncation option to control whether large AI inputs/outputs are truncated.

• feat(opentelemetry): Vendor AsyncLocalStorageContextManager (#20243)

  The OpenTelemetry context manager is now vendored internally, reducing external dependencies and ensuring consistent behavior across environments.

Other Changes

• feat(core): Export a reusable function to add tracing headers (#20076)
• feat(core): Expose rewriteSources top level option (#20142)
• feat(deps): bump defu from 6.1.4 to 6.1.6 (#20104)
• feat(node-native): Add support for V8 v14 (Node v25+) (#20125)
• feat(node): Include global scope for eventLoopBlockIntegration (#20108)
• fix(core, node): Support loading Express options lazily (#20211)
• fix(core): Set conversation_id only on gen_ai spans (#20274)
• fix(core): Use ai.operationId for Vercel AI V6 operation name mapping (#20285)
• fix(deno): Avoid inferring invalid span op from Deno tracer (#20128)
• fix(deno): Handle reader.closed rejection from releaseLock() in streaming (#20187)
• fix(nextjs): Preserve directive prologues in turbopack loaders (#20103)
• fix(nextjs): Skip custom browser tracing setup for bot user agents (#20263)
• fix(opentelemetry): Use WeakRef for context stored on scope to prevent memory leak (#20328)
• fix(replay): Use live click attributes in breadcrumbs (#20262)

... (truncated)

Changelog

Sourced from @​sentry/nextjs's changelog.

10.49.0

Important Changes

• feat(browser): Add View Hierarchy integration (#14981)

  A new viewHierarchyIntegration captures the DOM structure when an error occurs, providing a snapshot of the page state for debugging. Enable it in your Sentry configuration:

  import * as Sentry from '@sentry/browser';
  Sentry.init({
  dsn: 'DSN',
  integrations: [Sentry.viewHierarchyIntegration()],
  });

• feat(cloudflare): Split alarms into multiple traces and link them (#19373)

  Durable Object alarms now create separate traces for each alarm invocation, with proper linking between related alarms for better observability.

• feat(cloudflare): Enable RPC trace propagation with enableRpcTracePropagation (#19991, #20345)

  A new enableRpcTracePropagation option enables automatic trace propagation for Cloudflare RPC calls via .fetch(), ensuring distributed traces flow correctly across service bindings.

• feat(core): Add enableTruncation option to AI integrations (#20167, #20181, #20182, #20183, #20184)

  All AI integrations (OpenAI, Anthropic, Google GenAI, LangChain, LangGraph) now support an enableTruncation option to control whether large AI inputs/outputs are truncated.

• feat(opentelemetry): Vendor AsyncLocalStorageContextManager (#20243)

  The OpenTelemetry context manager is now vendored internally, reducing external dependencies and ensuring consistent behavior across environments.

Other Changes

• feat(core): Export a reusable function to add tracing headers (#20076)
• feat(core): Expose rewriteSources top level option (#20142)
• feat(deps): bump defu from 6.1.4 to 6.1.6 (#20104)
• feat(node-native): Add support for V8 v14 (Node v25+) (#20125)
• feat(node): Include global scope for eventLoopBlockIntegration (#20108)
• fix(core, node): Support loading Express options lazily (#20211)
• fix(core): Set conversation_id only on gen_ai spans (#20274)
• fix(core): Use ai.operationId for Vercel AI V6 operation name mapping (#20285)
• fix(deno): Avoid inferring invalid span op from Deno tracer (#20128)
• fix(deno): Handle reader.closed rejection from releaseLock() in streaming (#20187)
• fix(nextjs): Preserve directive prologues in turbopack loaders (#20103)
• fix(nextjs): Skip custom browser tracing setup for bot user agents (#20263)
• fix(opentelemetry): Use WeakRef for context stored on scope to prevent memory leak (#20328)
• fix(replay): Use live click attributes in breadcrumbs (#20262)

... (truncated)

Commits

• 745af79 release: 10.49.0
• 46dcef1 Merge pull request #20348 from getsentry/prepare-release/10.49.0
• bf4e188 meta(changelog): Update changelog for 10.49.0
• 5f72df5 feat(cloudflare): Enable RPC trace propagation with enableRpcTracePropagation...
• 50438f9 feat(browser): Emit web vitals as streamed spans (#19827)
• 3332fec fix(opentelemetry): Use WeakRef for context stored on scope to prevent memory...
• 684a41f ref(opentelemetry): Replace @opentelemetry/resources with inline `getSentry...
• 8b2a9dc ci: Remove Docker container for Verdaccio package publishing (#20329)
• 0007c7b ci: Extract test names for flaky test issues (#20298)
• 9b9d65c chore(ci): Bump actions/cache to v5 and actions/download-artifact to v7 (#20249)
• Additional commits viewable in compare view

Updates @supabase/ssr from 0.10.0 to 0.10.2

Release notes

Sourced from @​supabase/ssr's releases.

v0.10.2

0.10.2 (2026-04-09)

Bug Fixes

• ci: remove packageManager field (#197) (6bf0226)

v0.10.2-rc.88

What's Changed

• fix(ci): remove packageManager field by @​mandarini in supabase/ssr#197

Full Changelog: supabase/ssr@v0.10.1...v0.10.2-rc.88

v0.10.1

0.10.1 (2026-04-08)

Bug Fixes

• auth: respect user-provided auth options in createBrowserClient (#167) (5f04837)

Changelog

Sourced from @​supabase/ssr's changelog.

0.10.2 (2026-04-09)

Bug Fixes

• ci: remove packageManager field (#197) (6bf0226)

0.10.1 (2026-04-08)

Bug Fixes

• auth: respect user-provided auth options in createBrowserClient (#167) (5f04837)

Commits

• 6fc9c52 chore(main): release 0.10.2 (#198)
• 6bf0226 fix(ci): remove packageManager field (#197)
• 6f897b8 chore(main): release 0.10.1 (#195)
• 465759d chore(ci): upgrade Node.js to 22 and npm to 11 via corepack (#196)
• 5f04837 fix(auth): respect user-provided auth options in createBrowserClient (#167)
• 693eab5 chore: update @​supabase/supabase-js to v2.102.1 (#193)
• af23c17 chore: update @​supabase/supabase-js to v2.101.1 (#189)
• 12a09d2 docs: shorten createServerClient tsdoc (#174)
• 2224e06 chore: update @​supabase/supabase-js to v2.101.0 (#188)
• See full diff in compare view

Updates @supabase/supabase-js from 2.100.1 to 2.103.3

Release notes

Sourced from @​supabase/supabase-js's releases.

v2.103.3

2.103.3 (2026-04-16)

🩹 Fixes

• realtime: throw Error objects instead of bare strings (#2256)
• storage: correct signedUrl type to allow null in createSignedUrls (#2254)

❤️ Thank You

• Katerina Skroumpelou @​mandarini
• oniani1

v2.103.3-canary.1

2.103.3-canary.1 (2026-04-16)

🚀 Features

• postgrest: add stripNulls method for null value stripping (#2189)
• storage: add cacheNonce parameter for download (#2234)
• supabase: export PostgrestFilterBuilder and StorageApiError from supabase-js (#2222)

🩹 Fixes

• auth: downgrade console.error to console.warn for missing session (#2214)
• auth: add toJSON to AuthError for correct JSON serialization (#2238)
• auth: include Cloudflare error codes in NETWORK_ERROR_CODES (#2239)
• auth: remove Prettify wrapper from exported types for TypeDoc expansion (#2250)
• functions: add toJSON to FunctionsError for correct JSON serialization (#2226)
• misc: add explicit return types to toJSON methods for JSR compat (#2252)
• postgrest: fix scalar computed column type inference for isNotNullable and SETOF scalar (#2224)
• postgrest: handle bigint rpc (#2245)
• realtime: throw Error objects instead of bare strings (#2256)
• storage: set correct content-type for uploads (#2211)
• storage: avoid duplicate content-type headers in vector requests (#2220)
• storage: add toJSON to StorageError for correct JSON serialization (#2246)
• storage: apply empty transform check to download and getPublicUrl (#2219)
• storage: remove client-side signed URL render endpoint normalization (#2249)
• storage: correct signedUrl type to allow null in createSignedUrls (#2254)

❤️ Thank You

• Katerina Skroumpelou @​mandarini
• oniani1
• Seydi Charyyev @​TheSeydiCharyyev
• Vaibhav @​7ttp
• Vansh Sharma @​Vansh1811

v2.103.3-canary.0

2.103.3-canary.0 (2026-04-15)

... (truncated)

Changelog

Sourced from @​supabase/supabase-js's changelog.

2.103.3 (2026-04-16)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.103.2 (2026-04-15)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.103.1 (2026-04-15)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.103.0 (2026-04-09)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.102.1 (2026-04-07)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.102.0 (2026-04-07)

🚀 Features

• supabase: export PostgrestFilterBuilder and StorageApiError from supabase-js (#2222)
• postgrest: add automatic retries for transient errors (#2072)

❤️ Thank You

• Guilherme Souza
• Katerina Skroumpelou @​mandarini

2.101.1 (2026-03-31)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.101.0 (2026-03-30)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

Commits

• a2f9414 chore(release): version 2.103.2 changelogs (#2253)
• f9da9ee chore(release): version 2.103.1 changelogs (#2248)
• d38c180 chore(release): version 2.103.0 changelogs (#2237)
• 16dd265 chore(release): version 2.102.1 changelogs (#2233)
• 0c1e6db chore(release): version 2.102.0 changelogs (#2232)
• 5a6a5be feat(supabase): export PostgrestFilterBuilder and StorageApiError from supaba...
• ea3e086 feat(postgrest): add automatic retries for transient errors (#2072)
• ddae672 ci(repo): fix flaky tests (#2210)
• 647cee8 fix(ci): add --ignore-scripts to platform test installs to block post install...
• ea30c93 chore(release): version 2.101.1 changelogs (#2208)
• Additional commits viewable in compare view

Updates next from 16.2.0 to 16.2.4

Release notes

Sourced from next's releases.

v16.2.4

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• chore: Bump reqwest to 0.13.2 (Fixes Google Fonts with Turbopack for Windows on ARM64) (#92713)
• Turbopack: fix filesystem watcher config not applying follow_symlinks(false) (#92631)
• Scope Safari ?ts= cache-buster to CSS/font assets only (Pages Router) (#92580)
• Compiler: Support boolean and number primtives in next.config defines (#92731)
• turbo-tasks: Fix recomputation loop by allowing cell cleanup on error during recomputation (#92725)
• Turbopack: shorter error for ChunkGroupInfo::get_index_of (#92814)
• Turbopack: shorter error message for ModuleBatchesGraph::get_entry_index (#92828)
• Adding more system info to the 'initialize project' trace (#92427)

Credits

Huge thanks to @​Badbird5907, @​lukesandberg, @​andrewimm, @​sokra, and @​mischnic for helping!

v16.2.3

[!NOTE] This release is backporting security and bug fixes. For more information about the fixed security vulnerability, please see https://vercel.com/changelog/summary-of-cve-2026-23869. The release does not include all pending features/changes on canary.

Core Changes

• Ensure app-page reports stale ISR revalidation errors via onRequestError (#92282)
• Fix [Bug]: manifest.ts breaks HMR in Next.js 16.2 (#91981 through #92273)
• Deduplicate output assets and detect content conflicts on emit (#92292)
• Fix styled-jsx race condition: styles lost due to concurrent rendering (#92459)
• turbo-tasks-backend: stability fixes for task cancellation and error handling (#92254)

Credits

Huge thanks to @​icyJoseph, @​sokra, @​wbinnssmith, @​eps1lon and @​ztanner for helping!

v16.2.2

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• backport: Move expanded adapters docs to API reference (#92115) (#92129)
• Backport: TypeScript v6 deprecations for baseUrl and moduleResolution (#92130)
• [create-next-app] Skip interactive prompts when CLI flags are provided (#91840)
• next.config.js: Accept an option for serverFastRefresh (#91968)
• Turbopack: enable server HMR for app route handlers (#91466)
• Turbopack: exclude metadata routes from server HMR (#92034)
• Fix CI for glibc linux builds
• Backport: disable bmi2 in qfilter #92177
• [backport] Fix CSS HMR on Safari (#92174)

... (truncated)

Commits

• 2275bd8 v16.2.4
• e073983 Adding more system info to the 'initialize project' trace (#92427)
• 8a540b5 Turbopack: shorter error message for ModuleBatchesGraph::get_entry_index (#92...
• 2f5343f Turbopack: shorter error for ChunkGroupInfo::get_index_of (#92814)
• 2ad9d3f turbo-tasks: Fix recomputation loop by allowing cell cleanup on error during ...
• 6f3808e Compiler: Support boolean and number primtives in next.config defines (#92731)
• fbc7684 Scope Safari ?ts= cache-buster to CSS/font assets only (Pages Router) (#92580)
• 805d758 Turbopack: fix filesystem watcher config not applying follow_symlinks(false) ...
• 1056fae chore: Bump reqwest to 0.13.2 (#92713)
• d5f649b v16.2.3
• Additional commits viewable in compare view

Updates react from 19.2.4 to 19.2.5

Release notes

Sourced from react's releases.

19.2.5 (April 8th, 2026)

React Server Components

• Add more cycle protections (#36236 by @​eps1lon and @​unstubbable)

Commits

• 23f4f9f 19.2.5
• See full diff in compare view

Updates react-dom from 19.2.4 to 19.2.5

Release notes

Sourced from react-dom's releases.

19.2.5 (April 8th, 2026)

React Server Components

• Add more cycle protections (#36236 by @​eps1lon and @​unstubbable)

Commits

• 23f4f9f 19.2.5
• See full diff in compare view

Updates eslint-config-next from 16.2.0 to 16.2.4

Release notes

Sourced from eslint-config-next's releases.

v16.2.4

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• chore: Bump reqwest to 0.13.2 (Fixes Google Fonts with Turbopack for Windows on ARM64) (#92713)
• Turbopack: fix filesystem watcher config not applying follow_symlinks(false) (#92631)
• Scope Safari ?ts= cache-buster to CSS/font assets only (Pages Router) (#92580)
• Compiler: Support boolean and number primtives in next.config defines (#92731)
• turbo-tasks: Fix recomputation loop by allowing cell cleanup on error during recomputation (#92725)
• Turbopack: shorter error for ChunkGroupInfo::get_index_of (#92814)
• Turbopack: shorter error message for ModuleBatchesGraph::get_entry_index (#92828)
• Adding more system info to the 'initialize project' trace (#92427)

Credits

Huge thanks to @​Badbird5907, @​lukesandberg, @​andrewimm, @​sokra, and @​mischnic for helping!

v16.2.3

[!NOTE] This release is backporting security and bug fixes. For more information about the fixed security vulnerability, please see https://vercel.com/changelog/summary-of-cve-2026-23869. The release does not include all pending features/changes on canary.

Core Changes

• Ensure app-page reports stale ISR revalidation errors via onRequestError (#92282)
• Fix [Bug]: manifest.ts breaks HMR in Next.js 16.2 (#91981 through #92273)
• Deduplicate output assets and detect content conflicts on emit (#92292)
• Fix styled-jsx race condition: styles lost due to concurrent rendering (#92459)
• turbo-tasks-backend: stability fixes for task cancellation and error handling (#92254)

Credits

Huge thanks to @​icyJoseph, @​sokra, @​wbinnssmith, @​eps1lon and @​ztanner for helping!

v16.2.2

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• backport: Move expanded adapters docs to API reference (#92115) (#92129)
• Backport: TypeScript v6 deprecations for baseUrl and moduleResolution (#92130)
• [create-next-app] Skip interactive prompts when CLI flags are provided (#91840)
• next.config.js: Accept an option for serverFastRefresh (#91968)
• Turbopack: enable server HMR for app route handlers (#91466)
• Turbopack: exclude metadata routes from server HMR (#92034)
• Fix CI for glibc linux builds
• Backport: disable bmi2 in qfilter #92177
• [backport] Fix CSS HMR on Safari (#92174)

... (truncated)

Commits

• 2275bd8 v16.2.4
• d5f649b v16.2.3
• 52faae3 v16.2.2
• ed7d2ce v16.2.1
• See full diff in compare view

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
kaichen.dev	Ready	Preview, Comment	Apr 17, 2026 0:19am

[kaiiiichen]

Rebasing onto latest main so CI runs clean.

@dependabot rebase