chore(deps): bump the production-dependencies group with 10 updates

[dependabot]

Bumps the production-dependencies group with 10 updates:

Package	From	To
@logtape/sentry	2.0.2	2.0.4
@sentry/node	10.38.0	10.40.0
lru-cache	11.2.4	11.2.6
@logtape/drizzle-orm	2.0.2	2.0.4
dotenv	17.2.3	17.3.1
semver	7.7.3	7.7.4
better-result	2.5.2	2.7.0
@logtape/logtape	2.0.2	2.0.4
@types/node	25.2.1	25.3.3
wrangler	4.63.0	4.69.0

Updates @logtape/sentry from 2.0.2 to 2.0.4

Changelog

Sourced from @​logtape/sentry's changelog.

Version 2.0.4

Released on February 26, 2026.

@​logtape/redaction

• Fixed CREDIT_CARD_NUMBER_PATTERN to correctly match American Express-style credit card numbers (e.g., 1234-5678-901234) on Bun. The previous regex /(?:\d{4}-){3}\d{4}|(?:\d{4}-){2}\d{6}/g triggered a backtracking bug in Bun's regex engine where, after the first alternative partially consumed a common prefix and failed, the engine incorrectly started the second alternative from the failure position rather than from the original match position. The pattern has been rewritten as /(?:\d{4}-){2}(?:\d{4}-\d{4}|\d{6})/g to factor out the common prefix, which avoids the issue while preserving the same matching behavior.

Version 2.0.3

Released on February 26, 2026.

@​logtape/logtape

• Revised the startup notice text from the meta logger to avoid implying that seeing the message always means the meta logger was auto-configured. The message now uses neutral wording while keeping guidance for suppressing it with a higher meta logger level. [#141]

#141: dahlia/logtape#141

Commits

• c9255ba Version bump
• f53b69a Version bump
• See full diff in compare view

Updates @sentry/node from 10.38.0 to 10.40.0

Release notes

Sourced from @​sentry/node's releases.

10.40.0

Important Changes

• feat(tanstackstart-react): Add global sentry exception middlewares (#19330)

  The sentryGlobalRequestMiddleware and sentryGlobalFunctionMiddleware global middlewares capture unhandled exceptions thrown in TanStack Start API routes and server functions. Add them as the first entries in the requestMiddleware and functionMiddleware arrays of createStart():

  import { createStart } from '@tanstack/react-start/server';
  import { sentryGlobalRequestMiddleware, sentryGlobalFunctionMiddleware } from '@sentry/tanstackstart-react';
  export default createStart({
  requestMiddleware: [sentryGlobalRequestMiddleware, myRequestMiddleware],
  functionMiddleware: [sentryGlobalFunctionMiddleware, myFunctionMiddleware],
  });

• feat(tanstackstart-react)!: Export Vite plugin from @sentry/tanstackstart-react/vite subpath (#19182)

  The sentryTanstackStart Vite plugin is now exported from a dedicated subpath. Update your import:

  - import { sentryTanstackStart } from '@sentry/tanstackstart-react';
  + import { sentryTanstackStart } from '@sentry/tanstackstart-react/vite';

• fix(node-core): Reduce bundle size by removing apm-js-collab and requiring pino >= 9.10 (#18631)

  In order to keep receiving pino logs, you need to update your pino version to >= 9.10, the reason for the support bump is to reduce the bundle size of the node-core SDK in frameworks that cannot tree-shake the apm-js-collab dependency.

• fix(browser): Ensure user id is consistently added to sessions (#19341)

  Previously, the SDK inconsistently set the user id on sessions, meaning sessions were often lacking proper coupling to the user set for example via Sentry.setUser(). Additionally, the SDK incorrectly skipped starting a new session for the first soft navigation after the pageload. This patch fixes these issues. As a result, metrics around sessions, like "Crash Free Sessions" or "Crash Free Users" might change. This could also trigger alerts, depending on your set thresholds and conditions. We apologize for any inconvenience caused!

  While we're at it, if you're using Sentry in a Single Page App or meta framework, you might want to give the new 'page' session lifecycle a try! This new mode no longer creates a session per soft navigation but continues the initial session until the next hard page refresh. Check out the docs to learn more!

• ref!(gatsby): Drop Gatsby v2 support (#19467)

  We drop support for Gatsby v2 (which still relies on webpack 4) for a critical security update in https://github.com/getsentry/sentry-javascript-bundler-plugins/releases/tag/5.0.0

Other Changes

• feat(astro): Add support for Astro on CF Workers (#19265)
• feat(cloudflare): Instrument async KV API (#19404)

... (truncated)

Changelog

Sourced from @​sentry/node's changelog.

10.40.0

Important Changes

• feat(tanstackstart-react): Add global sentry exception middlewares (#19330)

  The sentryGlobalRequestMiddleware and sentryGlobalFunctionMiddleware global middlewares capture unhandled exceptions thrown in TanStack Start API routes and server functions. Add them as the first entries in the requestMiddleware and functionMiddleware arrays of createStart():

  import { createStart } from '@tanstack/react-start/server';
  import { sentryGlobalRequestMiddleware, sentryGlobalFunctionMiddleware } from '@sentry/tanstackstart-react/server';
  export default createStart({
  requestMiddleware: [sentryGlobalRequestMiddleware, myRequestMiddleware],
  functionMiddleware: [sentryGlobalFunctionMiddleware, myFunctionMiddleware],
  });

• feat(tanstackstart-react)!: Export Vite plugin from @sentry/tanstackstart-react/vite subpath (#19182)

  The sentryTanstackStart Vite plugin is now exported from a dedicated subpath. Update your import:

  - import { sentryTanstackStart } from '@sentry/tanstackstart-react';
  + import { sentryTanstackStart } from '@sentry/tanstackstart-react/vite';

• fix(node-core): Reduce bundle size by removing apm-js-collab and requiring pino >= 9.10 (#18631)

  In order to keep receiving pino logs, you need to update your pino version to >= 9.10, the reason for the support bump is to reduce the bundle size of the node-core SDK in frameworks that cannot tree-shake the apm-js-collab dependency.

• fix(browser): Ensure user id is consistently added to sessions (#19341)

  Previously, the SDK inconsistently set the user id on sessions, meaning sessions were often lacking proper coupling to the user set for example via Sentry.setUser(). Additionally, the SDK incorrectly skipped starting a new session for the first soft navigation after the pageload. This patch fixes these issues. As a result, metrics around sessions, like "Crash Free Sessions" or "Crash Free Users" might change. This could also trigger alerts, depending on your set thresholds and conditions. We apologize for any inconvenience caused!

  While we're at it, if you're using Sentry in a Single Page App or meta framework, you might want to give the new 'page' session lifecycle a try! This new mode no longer creates a session per soft navigation but continues the initial session until the next hard page refresh. Check out the docs to learn more!

• ref!(gatsby): Drop Gatsby v2 support (#19467)

  We drop support for Gatsby v2 (which still relies on webpack 4) for a critical security update in https://github.com/getsentry/sentry-javascript-bundler-plugins/releases/tag/5.0.0

Other Changes

• feat(astro): Add support for Astro on CF Workers (#19265)

... (truncated)

Commits

• 663fd5e Increase bundler-tests timeout to 30s
• 8033ea3 release: 10.40.0
• eb3c4d2 Merge pull request #19488 from getsentry/prepare-release/10.40.0
• 9a10630 meta(changelog): Update changelog for 10.40.0
• 39d1ef7 fix(deps): Bump to latest version of each minimatch major (#19486)
• e8ed6d2 test(nextjs): Deactivate canary test for cf-workers (#19483)
• 6eb320e chore(deps): Bump Sentry CLI to latest v2 (#19477)
• 8fc81d2 fix: Bump bundler plugins to v5 (#19468)
• 365f7fa chore(ci): Adapt max turns of triage issue agent (#19473)
• 11e5412 feat(tanstackstart-react)!: Export Vite plugin from @​sentry/tanstackstart-rea...
• Additional commits viewable in compare view

Updates lru-cache from 11.2.4 to 11.2.6

Commits

• ad9c097 11.2.6
• ac2a7f4 export minified version by default
• 8a34522 remove dead/commented code from test
• b89badb 11.2.5
• 3d1c0ee Preserve fetch promises working in the background
• 8b04fbe doc: guidance re mocking timers for testing TTL
• 83b51a7 fix git repo url
• See full diff in compare view

Updates @logtape/drizzle-orm from 2.0.2 to 2.0.4

Changelog

Sourced from @​logtape/drizzle-orm's changelog.

Version 2.0.4

Released on February 26, 2026.

@​logtape/redaction

• Fixed CREDIT_CARD_NUMBER_PATTERN to correctly match American Express-style credit card numbers (e.g., 1234-5678-901234) on Bun. The previous regex /(?:\d{4}-){3}\d{4}|(?:\d{4}-){2}\d{6}/g triggered a backtracking bug in Bun's regex engine where, after the first alternative partially consumed a common prefix and failed, the engine incorrectly started the second alternative from the failure position rather than from the original match position. The pattern has been rewritten as /(?:\d{4}-){2}(?:\d{4}-\d{4}|\d{6})/g to factor out the common prefix, which avoids the issue while preserving the same matching behavior.

Version 2.0.3

Released on February 26, 2026.

@​logtape/logtape

• Revised the startup notice text from the meta logger to avoid implying that seeing the message always means the meta logger was auto-configured. The message now uses neutral wording while keeping guidance for suppressing it with a higher meta logger level. [#141]

#141: dahlia/logtape#141

Commits

• c9255ba Version bump
• f53b69a Version bump
• See full diff in compare view

Updates dotenv from 17.2.3 to 17.3.1

Changelog

Sourced from dotenv's changelog.

17.3.1 (2026-02-12)

Changed

• Fix as2 example command in README and update spanish README

17.3.0 (2026-02-12)

Added

• Add a new README section on dotenv’s approach to the agentic future.

Changed

• Rewrite README to get humans started more quickly with less noise while simultaneously making more accessible for llms and agents to go deeper into details.

17.2.4 (2026-02-05)

Changed

• Make DotenvPopulateInput accept NodeJS.ProcessEnv type (#915)

• Give back to dotenv by checking out my newest project vestauth. It is auth for agents. Thank you for using my software.

Commits

• 7bc16a4 17.3.1
• 27303fd update README-es
• 6379eb2 update README
• b6d7339 fix spelling
• 5febe35 17.3.0
• f61f383 changelog 🪵
• dec94ad update README
• 4856950 update README
• 6351887 update README
• 23bd017 update README
• Additional commits viewable in compare view

Updates semver from 7.7.3 to 7.7.4

Release notes

Sourced from semver's releases.

v7.7.4

7.7.4 (2026-01-16)

Bug Fixes

• a29faa5 #835 cli: pass options to semver.valid() for loose version validation (#835) (@​mldangelo)

Documentation

• 1d28d5e #836 fix typos and update -n CLI option documentation (#836) (@​mldangelo)

Dependencies

• 120968b #840 @npmcli/template-oss@4.29.0 (#840)

Chores

• 44d7130 #824 bump @​npmcli/eslint-config from 5.1.0 to 6.0.0 (#824) (@​dependabot[bot])
• 7073576 #820 reorder parameters in invalid-versions.js test (#820) (@​reggi)
• 5816d4c #829 bump @​npmcli/template-oss from 4.28.0 to 4.28.1 (#829) (@​dependabot[bot], @​npm-cli-bot)

Changelog

Sourced from semver's changelog.

7.7.4 (2026-01-16)

Bug Fixes

• a29faa5 #835 cli: pass options to semver.valid() for loose version validation (#835) (@​mldangelo)

Documentation

• 1d28d5e #836 fix typos and update -n CLI option documentation (#836) (@​mldangelo)

Dependencies

• 120968b #840 @npmcli/template-oss@4.29.0 (#840)

Chores

• 44d7130 #824 bump @​npmcli/eslint-config from 5.1.0 to 6.0.0 (#824) (@​dependabot[bot])
• 7073576 #820 reorder parameters in invalid-versions.js test (#820) (@​reggi)
• 5816d4c #829 bump @​npmcli/template-oss from 4.28.0 to 4.28.1 (#829) (@​dependabot[bot], @​npm-cli-bot)

Commits

• 5993c2e chore: release 7.7.4 (#839)
• 120968b deps: @​npmcli/template-oss@​4.29.0 (#840)
• a29faa5 fix(cli): pass options to semver.valid() for loose version validation (#835)
• 1d28d5e docs: fix typos and update -n CLI option documentation (#836)
• 5816d4c chore: bump @​npmcli/template-oss from 4.28.0 to 4.28.1 (#829)
• ab9e28a chore: bump @​npmcli/template-oss from 4.27.1 to 4.28.0 (#827)
• 44d7130 chore: bump @​npmcli/eslint-config from 5.1.0 to 6.0.0 (#824)
• 7073576 chore: reorder parameters in invalid-versions.js test (#820)
• 16a35f5 chore: bump @​npmcli/template-oss from 4.26.0 to 4.27.1 (#823)
• 3a3459d chore: bump @​npmcli/template-oss from 4.25.1 to 4.26.0 (#818)
• See full diff in compare view

Updates better-result from 2.5.2 to 2.7.0

Release notes

Sourced from better-result's releases.

v2.6.0

What's Changed

Features

• Result.deserialize now returns ResultDeserializationError instead of null (#29)

  • Adds ResultDeserializationError tagged error class
  • Result.deserialize returns Result<T, E | ResultDeserializationError> instead of Result<T, E> | null
  • Allows handling deserialization failures using the same Result utilities as everything else

• Compile-time protection against async in Result.try (#30) by @​trvswgnr

  • Prevents a footgun where Result.try silently accepts async functions
  • TypeScript now rejects async functions at compile time, guiding users toward Result.tryPromise

Fixes

• Fix opensrc repository URL (#28)
• Remove recursive publish script

Docs

• Fix TaggedError example in JSDoc (#27)

Full Changelog: dmmulroy/better-result@v2.5.2...v2.6.0

Commits

• See full diff in compare view

Updates @logtape/logtape from 2.0.2 to 2.0.4

Changelog

Sourced from @​logtape/logtape's changelog.

Version 2.0.4

Released on February 26, 2026.

@​logtape/redaction

• Fixed CREDIT_CARD_NUMBER_PATTERN to correctly match American Express-style credit card numbers (e.g., 1234-5678-901234) on Bun. The previous regex /(?:\d{4}-){3}\d{4}|(?:\d{4}-){2}\d{6}/g triggered a backtracking bug in Bun's regex engine where, after the first alternative partially consumed a common prefix and failed, the engine incorrectly started the second alternative from the failure position rather than from the original match position. The pattern has been rewritten as /(?:\d{4}-){2}(?:\d{4}-\d{4}|\d{6})/g to factor out the common prefix, which avoids the issue while preserving the same matching behavior.

Version 2.0.3

Released on February 26, 2026.

@​logtape/logtape

• Revised the startup notice text from the meta logger to avoid implying that seeing the message always means the meta logger was auto-configured. The message now uses neutral wording while keeping guidance for suppressing it with a higher meta logger level. [#141]

#141: dahlia/logtape#141

Commits

• c9255ba Version bump
• e1ff153 Refine meta logger notice wording and docs
• f53b69a Version bump
• See full diff in compare view

Updates @types/node from 25.2.1 to 25.3.3

Commits

• See full diff in compare view

Updates wrangler from 4.63.0 to 4.69.0

Release notes

Sourced from wrangler's releases.

wrangler@4.69.0

Minor Changes

• #12625 c0e9e08 Thanks @​WillTaylorDev! - Add cache configuration option for enabling worker cache (experimental)

  You can now enable cache before worker execution using the new cache configuration:

  {
  	"cache": {
  		"enabled": true,
  	},
  }

  This setting is environment-inheritable and opt-in. When enabled, cache behavior is applied before your worker runs.

  Note: This feature is experimental. The runtime API is not yet generally available.

Patch Changes

• #12661 99037e3 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260302.0	1.20260303.0

• #12680 295297a Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260303.0	1.20260305.0

• #12671 f765244 Thanks @​MattieTK! - fix: Only redact account names in CI environments, not all non-interactive contexts

  The multi-account selection error in getAccountId now only redacts account names when running in a CI environment (detected via ci-info). Non-interactive terminals such as coding agents and piped commands can now see account names, which they need to identify which account to configure. CI logs remain protected.

• Updated dependencies [99037e3, 295297a]:

  • miniflare@4.20260305.0

wrangler@4.68.1

Patch Changes

... (truncated)

Commits

• 414799d Version Packages (#12670)
• 295297a chore(deps): bump the workerd-and-workers-types group with 2 updates (#12680)
• 99037e3 chore(deps): bump the workerd-and-workers-types group with 2 updates (#12661)
• f765244 fix: restrict account name redaction to CI environments only (#12671)
• c0e9e08 [wrangler] Add worker cache configuration support (#12625)
• 07531a2 Version Packages (#12663)
• 294297e Update Waku autoconfig logic (#12657)
• 603fe18 fix: add maxRetries to recursive directory removal for Windows EBUSY (#12629)
• 19df099 [wrangler] Split deploy.test.ts into 15 focused test files (#12642)
• 3d6e421 [C3/wrangler] Fix Angular localhost SSR blocking in development mode (#12648)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml