build(deps): bump @sentry/astro from 9.19.0 to 9.28.1

[dependabot]

Bumps @sentry/astro from 9.19.0 to 9.28.1.

Release notes

Sourced from @​sentry/astro's releases.

9.28.1

• feat(deps): Bump @​sentry/cli from 2.45.0 to 2.46.0 (#16516)
• fix(nextjs): Avoid tracing calls to symbolication server on dev (#16533)
• fix(sveltekit): Add import attribute for node exports (#16528)

Work in this release was contributed by @​eltigerchino. Thank you for your contribution!

Bundle size 📦

Path	Size
@​sentry/browser	23.43 KB
@​sentry/browser - with treeshaking flags	23.2 KB
@​sentry/browser (incl. Tracing)	37.46 KB
@​sentry/browser (incl. Tracing, Replay)	74.68 KB
@​sentry/browser (incl. Tracing, Replay) - with treeshaking flags	67.94 KB
@​sentry/browser (incl. Tracing, Replay with Canvas)	79.33 KB
@​sentry/browser (incl. Tracing, Replay, Feedback)	91.13 KB
@​sentry/browser (incl. Feedback)	39.78 KB
@​sentry/browser (incl. sendFeedback)	28.03 KB
@​sentry/browser (incl. FeedbackAsync)	32.8 KB
@​sentry/react	25.15 KB
@​sentry/react (incl. Tracing)	39.41 KB
@​sentry/vue	27.69 KB
@​sentry/vue (incl. Tracing)	39.27 KB
@​sentry/svelte	23.45 KB
CDN Bundle	24.88 KB
CDN Bundle (incl. Tracing)	37.63 KB
CDN Bundle (incl. Tracing, Replay)	72.66 KB
CDN Bundle (incl. Tracing, Replay, Feedback)	77.99 KB
CDN Bundle - uncompressed	72.67 KB
CDN Bundle (incl. Tracing) - uncompressed	111.42 KB
CDN Bundle (incl. Tracing, Replay) - uncompressed	222.72 KB
CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed	235.25 KB
@​sentry/nextjs (client)	41.03 KB
@​sentry/sveltekit (client)	37.93 KB
@​sentry/node	146.9 KB
@​sentry/node - without tracing	96.03 KB
@​sentry/aws-serverless	121.19 KB

9.28.0

Important Changes

• feat(nestjs): Stop creating spans for TracingInterceptor (#16501)

With this change we stop creating spans for TracingInterceptor as this interceptor only serves as an internal helper and adds noise for the user.

• feat(node): Update vercel ai spans as per new conventions (#16497)

This feature ships updates to the span names and ops to better match OpenTelemetry. This should make them more easily accessible to the new agents module view we are building.

... (truncated)

Changelog

Sourced from @​sentry/astro's changelog.

9.28.1

• feat(deps): Bump @​sentry/cli from 2.45.0 to 2.46.0 (#16516)
• fix(nextjs): Avoid tracing calls to symbolication server on dev (#16533)
• fix(sveltekit): Add import attribute for node exports (#16528)

Work in this release was contributed by @​eltigerchino. Thank you for your contribution!

9.28.0

Important Changes

• feat(nestjs): Stop creating spans for TracingInterceptor (#16501)

With this change we stop creating spans for TracingInterceptor as this interceptor only serves as an internal helper and adds noise for the user.

• feat(node): Update vercel ai spans as per new conventions (#16497)

This feature ships updates to the span names and ops to better match OpenTelemetry. This should make them more easily accessible to the new agents module view we are building.

Other Changes

• fix(sveltekit): Export vercelAIIntegration from @sentry/node (#16496)

Work in this release was contributed by @​agrattan0820. Thank you for your contribution!

9.27.0

• feat(node): Expand how vercel ai input/outputs can be set (#16455)
• feat(node): Switch to new semantic conventions for Vercel AI (#16476)
• feat(react-router): Add component annotation plugin (#16472)
• feat(react-router): Export wrappers for server loaders and actions (#16481)
• fix(browser): Ignore unrealistically long INP values (#16484)
• fix(react-router): Conditionally add ReactRouterServer integration (#16470)

9.26.0

• feat(react-router): Re-export functions from @sentry/react (#16465)
• fix(nextjs): Skip re instrumentating on generate phase of experimental build mode (#16410)
• fix(node): Ensure adding sentry-trace and baggage headers via SentryHttpInstrumentation doesn't crash (#16473)

9.25.1

• fix(otel): Don't ignore child spans after the root is sent (#16416)

9.25.0

Important Changes

• feat(browser): Add option to ignore mark and measure spans (#16443)

... (truncated)

Commits

• 111db4a release: 9.28.1
• 1ce9e77 Merge pull request #16544 from getsentry/prepare-release/9.28.1
• 0b0942f meta(changelog): Update changelog for 9.28.1
• 70a57e6 chore: Add external contributor to CHANGELOG.md (#16543)
• f56cc3e fix(sveltekit): Add import attribute for node exports (#16528)
• 0635a5b doc(core): Remove beforeSendSpan returning null from JSDoc (#16535)
• b2a48b4 feat(deps): Bump @​sentry/cli from 2.45.0 to 2.46.0 (#16516)
• b18dd8a Merge pull request #16534 from getsentry/master
• 037fbef build: Fix command injection possibility in playwright GHA (#16510)
• 50e2646 fix(nextjs): Avoid tracing calls to symbolication server on dev (#16533)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
npm/@opentelemetry/semantic-conventions	1.34.0	🟢 6.4	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 10 all changesets reviewed Dependency-Update-Tool 🟢 10 update tool detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ -1 internal error: error during GetBranch(v1.x): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration License 🟢 10 license file detected Security-Policy 🟢 10 security policy file detected Vulnerabilities ⚠️ 0 13 existing vulnerabilities detected SAST 🟢 10 SAST tool is run on all commits CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 43 contributing companies or organizations
npm/@prisma/instrumentation	6.8.2	🟢 6.6	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 9 security policy file detected Packaging ⚠️ -1 packaging workflow not detected License 🟢 10 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during GetBranch(6.8.x): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo SAST 🟢 7 SAST tool detected but not run on all commits Fuzzing 🟢 10 project is fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 0 40 existing vulnerabilities detected
npm/@sentry-internal/browser-utils	9.28.1	🟢 5.2	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 10 all changesets reviewed CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected License 🟢 10 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 10 security policy file detected Binary-Artifacts 🟢 9 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 7 SAST tool detected but not run on all commits Vulnerabilities ⚠️ 0 75 existing vulnerabilities detected
npm/@sentry-internal/feedback	9.28.1	🟢 5.2	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 10 all changesets reviewed CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected License 🟢 10 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 10 security policy file detected Binary-Artifacts 🟢 9 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 7 SAST tool detected but not run on all commits Vulnerabilities ⚠️ 0 75 existing vulnerabilities detected
npm/@sentry-internal/replay	9.28.1	🟢 5.2	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 10 all changesets reviewed CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected License 🟢 10 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 10 security policy file detected Binary-Artifacts 🟢 9 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 7 SAST tool detected but not run on all commits Vulnerabilities ⚠️ 0 75 existing vulnerabilities detected
npm/@sentry-internal/replay-canvas	9.28.1	🟢 5.2	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 10 all changesets reviewed CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected License 🟢 10 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 10 security policy file detected Binary-Artifacts 🟢 9 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 7 SAST tool detected but not run on all commits Vulnerabilities ⚠️ 0 75 existing vulnerabilities detected
npm/@sentry/astro	9.28.1	🟢 5.2	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 10 all changesets reviewed CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected License 🟢 10 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 10 security policy file detected Binary-Artifacts 🟢 9 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 7 SAST tool detected but not run on all commits Vulnerabilities ⚠️ 0 75 existing vulnerabilities detected
npm/@sentry/browser	9.28.1	🟢 5.2	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 10 all changesets reviewed CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected License 🟢 10 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 10 security policy file detected Binary-Artifacts 🟢 9 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 7 SAST tool detected but not run on all commits Vulnerabilities ⚠️ 0 75 existing vulnerabilities detected
npm/@sentry/core	9.28.1	🟢 5.2	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 10 all changesets reviewed CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected License 🟢 10 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 10 security policy file detected Binary-Artifacts 🟢 9 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 7 SAST tool detected but not run on all commits Vulnerabilities ⚠️ 0 75 existing vulnerabilities detected
npm/@sentry/node	9.28.1	🟢 5.2	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 10 all changesets reviewed CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected License 🟢 10 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 10 security policy file detected Binary-Artifacts 🟢 9 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 7 SAST tool detected but not run on all commits Vulnerabilities ⚠️ 0 75 existing vulnerabilities detected
npm/@sentry/opentelemetry	9.28.1	🟢 5.2	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 10 all changesets reviewed CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected License 🟢 10 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 10 security policy file detected Binary-Artifacts 🟢 9 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 7 SAST tool detected but not run on all commits Vulnerabilities ⚠️ 0 75 existing vulnerabilities detected
npm/@sentry/astro	9.28.1	🟢 5.2	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 10 all changesets reviewed CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected License 🟢 10 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 10 security policy file detected Binary-Artifacts 🟢 9 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 7 SAST tool detected but not run on all commits Vulnerabilities ⚠️ 0 75 existing vulnerabilities detected

Scanned Files

• package-lock.json
• package.json

[dependabot]

Superseded by #40.