build(deps): Bump the monitoring group with 2 updates

[dependabot]

Bumps the monitoring group with 2 updates: @sentry/nextjs and posthog-js.

Updates @sentry/nextjs from 10.38.0 to 10.42.0

Release notes

Sourced from @​sentry/nextjs's releases.

10.42.0

• feat(consola): Enhance Consola integration to extract first-param object as searchable attributes (#19534)
• fix(astro): Do not inject withSentry into Cloudflare Pages (#19558)
• fix(core): Do not remove promiseBuffer entirely (#19592)
• fix(deps): Bump fast-xml-parser to 4.5.4 for CVE-2026-25896 (#19588)
• fix(react-router): Set correct transaction name when navigating with object argument (#19590)
• ref(nuxt): Use addVitePlugin instead of deprecated vite:extendConfig (#19464)

• chore(deps-dev): bump @​sveltejs/kit from 2.52.2 to 2.53.3 (#19571)
• chore(deps): Bump @​sveltejs/kit to 2.53.3 in sveltekit-2-svelte-5 E2E test (#19594)
• ci(deps): bump actions/checkout from 4 to 6 (#19570)

Bundle size 📦

Path	Size
@​sentry/browser	25.02 KB
@​sentry/browser - with treeshaking flags	23.57 KB
@​sentry/browser (incl. Tracing)	41.44 KB
@​sentry/browser (incl. Tracing, Profiling)	45.99 KB
@​sentry/browser (incl. Tracing, Replay)	79.35 KB
@​sentry/browser (incl. Tracing, Replay) - with treeshaking flags	69.21 KB
@​sentry/browser (incl. Tracing, Replay with Canvas)	83.93 KB
@​sentry/browser (incl. Tracing, Replay, Feedback)	95.91 KB
@​sentry/browser (incl. Feedback)	41.44 KB
@​sentry/browser (incl. sendFeedback)	29.58 KB
@​sentry/browser (incl. FeedbackAsync)	34.52 KB
@​sentry/browser (incl. Metrics)	26.17 KB
@​sentry/browser (incl. Logs)	26.31 KB
@​sentry/browser (incl. Metrics & Logs)	26.96 KB
@​sentry/react	26.74 KB
@​sentry/react (incl. Tracing)	43.72 KB
@​sentry/vue	29.37 KB
@​sentry/vue (incl. Tracing)	43.26 KB
@​sentry/svelte	25.05 KB
CDN Bundle	27.51 KB
CDN Bundle (incl. Tracing)	42.25 KB
CDN Bundle (incl. Logs, Metrics)	28.33 KB
CDN Bundle (incl. Tracing, Logs, Metrics)	43.07 KB
CDN Bundle (incl. Replay, Logs, Metrics)	66.49 KB
CDN Bundle (incl. Tracing, Replay)	78.26 KB
CDN Bundle (incl. Tracing, Replay, Logs, Metrics)	79.1 KB
CDN Bundle (incl. Tracing, Replay, Feedback)	83.65 KB
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics)	84.5 KB
CDN Bundle - uncompressed	80.42 KB

... (truncated)

Changelog

Sourced from @​sentry/nextjs's changelog.

10.42.0

• feat(consola): Enhance Consola integration to extract first-param object as searchable attributes (#19534)
• fix(astro): Do not inject withSentry into Cloudflare Pages (#19558)
• fix(core): Do not remove promiseBuffer entirely (#19592)
• fix(deps): Bump fast-xml-parser to 4.5.4 for CVE-2026-25896 (#19588)
• fix(react-router): Set correct transaction name when navigating with object argument (#19590)
• ref(nuxt): Use addVitePlugin instead of deprecated vite:extendConfig (#19464)

• chore(deps-dev): bump @​sveltejs/kit from 2.52.2 to 2.53.3 (#19571)
• chore(deps): Bump @​sveltejs/kit to 2.53.3 in sveltekit-2-svelte-5 E2E test (#19594)
• ci(deps): bump actions/checkout from 4 to 6 (#19570)

10.41.0

Important Changes

• feat(core,cloudflare,deno): Add instrumentPostgresJsSql instrumentation (#19566)

  Added a new instrumentation helper for the postgres (postgres.js) library, designed for SDKs that are not based on OpenTelemetry (e.g. Cloudflare, Deno). This wraps a postgres.js sql tagged template instance so that all queries automatically create Sentry spans.

  import postgres from 'postgres';
  import * as Sentry from '@sentry/cloudflare'; // or '@sentry/deno'
  export default Sentry.withSentry(env => ({ dsn: 'DSN' }), {
  async fetch(request, env, ctx) {
  const sql = Sentry.instrumentPostgresJsSql(postgres(env.DATABASE_URL));
  // All queries now create Sentry spans
  const users = await sql`SELECT * FROM users WHERE id = ${userId}`;
  return Response.json(users);
  
  },
  });

  The instrumentation is available in @sentry/core, @sentry/cloudflare, and @sentry/deno.

• feat(nextjs): Add Turbopack support for thirdPartyErrorFilterIntegration (#19542)

  We added experimental support for the thirdPartyErrorFilterIntegration with Turbopack builds.

  This feature requires Next.js 16+ and is currently behind an experimental flag:

... (truncated)

Commits

• 07c9190 release: 10.42.0
• 193a78d Merge pull request #19601 from getsentry/prepare-release/10.42.0
• 8738f9b meta(changelog): Update changelog for 10.42.0
• f870073 fix(astro): Do not inject withSentry into Cloudflare Pages (#19558)
• 552187d chore(deps): Bump @​sveltejs/kit to 2.53.3 in sveltekit-2-svelte-5 E2E test (#...
• 1ffba2c fix(core): Do not remove promiseBuffer entirely (#19592)
• 4a7c056 fix(react-router): Set correct transaction name when navigating with object a...
• 003e894 ci(deps): bump actions/checkout from 4 to 6 (#19570)
• 5d4c0eb chore(deps-dev): bump @​sveltejs/kit from 2.52.2 to 2.53.3 (#19571)
• 116c3f3 fix(deps): Bump fast-xml-parser to 4.5.4 for CVE-2026-25896 (#19588)
• Additional commits viewable in compare view

Updates posthog-js from 1.345.5 to 1.360.0

Release notes

Sourced from posthog-js's releases.

posthog-js@1.360.0

1.360.0

Patch Changes

• #3213 db089fd Thanks @​TueHaulund! - fix(replay): treat legacy configs without cache_timestamp as fresh

  Configs persisted by older SDK versions never include a cache_timestamp. Defaulting to 0 treats them as always stale, causing the persisted config to be cleared before start() runs — so recording never starts for customers on older core SDK versions paired with the latest CDN recorder. (2026-03-09)

• #3207 c5a37cb Thanks @​dustinbyrne! - fix: PostHogFeatureFlags uses a TreeShakeable type (2026-03-09)

• Updated dependencies [c5a37cb]:

  • @​posthog/types@​1.360.0

posthog-js@1.359.1

1.359.1

Patch Changes

• #3204 2b0cd52 Thanks @​marandaneto! - chore: upgrade dompurify to 3.3.2 (2026-03-06)
• Updated dependencies []:
  • @​posthog/types@​1.359.1

posthog-js@1.359.0

1.359.0

Minor Changes

• #3166 9180726 Thanks @​dustinbyrne! - feat: Tree-shake feature flags (2026-03-05)

Patch Changes

• Updated dependencies []:
  • @​posthog/types@​1.359.0

posthog-js@1.358.1

1.358.1

Patch Changes

• #3191 9f41d26 Thanks @​TueHaulund! - fix(replay): fall back to persisted config when remote config fetch fails

  When the remote config fetch failed (network error, ad blocker, CDN outage), the SDK received an empty {} response with no sessionRecording key. The onRemoteConfig handler returned early without ever setting _receivedFlags = true, leaving the recording permanently stuck in pending_config status for the entire page session.

  This removes the _receivedFlags gate entirely. The 1-hour TTL on persisted config (added in #3051, increased from 5 minutes) and the stale-config retry in _onScriptLoaded (added in #3093) already prevent recording from starting with outdated config. The additional gate was redundant and created a deadlock when the config fetch failed.

... (truncated)

Commits

• 1fc147e chore: update versions and lockfile [version bump]
• db089fd fix(replay): treat legacy configs without cache_timestamp as fresh (#3213)
• edc162f chore: add Vercel config for Next.js app router example (#3209)
• dc59f94 chore: add Slack failure notification to version-bump job (#3208)
• c5a37cb fix(browser): Drop the feature flags stub (#3207)
• 43a81c5 feat(ai): support versioned prompts (#3206)
• 6f426db chore: update versions and lockfile [version bump]
• 2b0cd52 chore: upgrade dompurify to 3.3.2 (#3204)
• 706adb8 feat(next): Add first class support for Next.js (#3122)
• 88beadb chore: update versions and lockfile [version bump]
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions