[Snyk] Upgrade @sentry/angular from 10.43.0 to 10.44.0

[matthew2564]

Snyk has created this PR to upgrade @sentry/angular from 10.43.0 to 10.44.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 1 version ahead of your current version.

• The recommended version was released 22 days ago.

Breaking Change Risk

Notice: This assessment is enhanced by AI.

Release notes

Package name: @sentry/angular

• 10.44.0 - 2026-03-17
  

  Important Changes

  • feat(effect): Add @ sentry/effect SDK (Alpha) (#19644)

    This release introduces @ sentry/effect, a new SDK for Effect.ts applications. The SDK provides Sentry integration via composable Effect layers for both Node.js and browser environments.

    Compose the effectLayer with optional tracing, logging, and metrics layers to instrument your Effect application:

    import as Sentry from '@ sentry/effect';
    import as Layer from 'effect/Layer';
    import * as Logger from 'effect/Logger';

    const SentryLive = Layer.mergeAll(
    Sentry.effectLayer({ dsn: 'DSN', tracesSampleRate: 1.0, enableLogs: true }),
    Layer.setTracer(Sentry.SentryEffectTracer),
    Logger.replace(Logger.defaultLogger, Sentry.SentryEffectLogger),
    Sentry.SentryEffectMetricsLayer,
    );

    Alpha features are still in progress, may have bugs and might include breaking changes. Please reach out on GitHub if you have any feedback or concerns.

  • feat(astro): Add Astro 6 support (#19745)

    This release enables full support for Astro v6 by adjusting our Astro SDK's middleware to some Astro-internal
    changes. We cannot yet guarantee full support for server-islands, due to a bug in Astro v6
    but we'll follow up on this once the bug is fixed.

  • feat(hono): Add basic instrumentation for Node runtime (#19817)

    Adds a new package @ sentry/hono/node (alpha) with basic instrumentation for Hono applications running in Node.js.
    The Hono middleware for Cloudflare (@ sentry/hono/cloudflare - alpha) comes with fixes, and it's now possible to access the Cloudflare Worker Bindings (env) from the options' callback.

    Start using the new Hono middlewares by installing @ sentry/hono and importing the respective middleware for your runtime.
    More instructions can be found in the Hono readme.

    Alpha features are still in progress, may have bugs and might include breaking changes. Please reach out on GitHub if you have any feedback or concerns.

  • feat(nestjs): Instrument @ nestjs/bullmq @ Processor decorator (#19759)

    Automatically capture exceptions and create transactions for BullMQ queue processors in NestJS applications.

    When using the @ Processor decorator from @ nestjs/bullmq, the SDK now automatically wraps the process() method
    to create queue.process transactions with proper isolation scopes, preventing breadcrumb and scope leakage between
    jobs and HTTP requests. Errors thrown in processors are captured with the auto.queue.nestjs.bullmq mechanism type.

    Requires @ nestjs/bullmq v10.0.0 or later.

  • feat(nestjs): Instrument @ nestjs/schedule decorators (#19735)

    Automatically capture exceptions thrown in @ Cron, @ Interval, and @ Timeout decorated methods.

    Previously, exceptions in @ Cron methods were only captured if you used the SentryCron decorator. Now they are
    captured automatically. The exception mechanism type changed from auto.cron.nestjs.async to
    auto.function.nestjs.cron. If you have Sentry queries or alerts that filter on the old mechanism type, update them
    accordingly.

  • feat(node): Expose headersToSpanAttributes option on nativeNodeFetchIntegration() (#19770)

    Response headers like http.response.header.content-length were previously captured automatically on outgoing
    fetch spans but are now opt-in since @ opentelemetry/instrumentation-undici@0.22.0. You can now configure which
    headers to capture via the headersToSpanAttributes option.

    Sentry.init({
      integrations: [
        Sentry.nativeNodeFetchIntegration({
          headersToSpanAttributes: {
            requestHeaders: ['x-custom-header'],
            responseHeaders: ['content-length', 'content-type'],
          },
        }),
      ],
    });

  Other Changes

  • feat(browser/cloudflare): Export conversation id from browser and cloudflare runtimes (#19820)
  • feat(bun): Set http response header attributes instead of response context headers (#19821)
  • feat(core): Add sentry.timestamp.sequence attribute for timestamp tie-breaking (#19421)
  • feat(deno): Set http response header attributes instead of response context headers (#19822)
  • feat(deps): Bump OpenTelemetry dependencies (#19682)
  • feat(nestjs): Use more specific span origins for NestJS guards, pipes, interceptors, and exception filters (#19751)
  • feat(nextjs): Vercel queue instrumentation (#19799)
  • feat(node): Avoid OTEL instrumentation for outgoing requests on Node 22+ (#17355)
  • feat(deps): bump hono from 4.12.5 to 4.12.7 (#19747)
  • feat(deps): bump mysql2 from 3.14.4 to 3.19.1 (#19787)
  • feat(deps): bump simple-git from 3.30.0 to 3.33.0 (#19744)
  • feat(deps): bump yauzl from 3.2.0 to 3.2.1 (#19809)
  • fix(browser): Skip browserTracingIntegration setup for bot user agents (#19708)
  • fix(cloudflare): Recreate client when previous one was disposed (#19727)
  • fix(core): Align Vercel embedding spans with semantic conventions (#19795)
  • fix(core): Fallback to sendDefaultPii setting in langchain and langgraph in non-node environments (#19813)
  • fix(core): Improve Vercel AI SDK instrumentation attributes (#19717)
  • fix(hono): Align error mechanism (#19831)
  • fix(hono): Allow passing env and fix type issues (#19825)
  • fix(nestjs): Fork isolation scope in @ nestjs/event-emitter instrumentation (#19725)
  • fix(nextjs): Log correct lastEventId when error is thrown in component render (#19764)
  • fix(nextjs): Strip sourceMappingURL comments after deleting source maps in turbopack builds (#19814)
  • fix(nuxt): Upload client source maps (#19805)
  • fix(profiling-node): Fix NODE_VERSION rendered as [object Object] in warning (#19788)
  Internal Changes

  • chore: Add oxlint migration commits to blame ignore (#19784)
  • chore: add oxlint typescript program suppression to workspace settings (#19692)
  • chore: Bump oxlint and oxfmt (#19771)
  • chore: Clean up lint and format script names (#19719)
  • chore(agents): Be more explicit on linting and formatting (#19803)
  • chore(ci): Extract metadata workflow (#19680)
  • chore(deps): bump tedious from 18.6.1 to 19.2.1 (#19786)
  • chore(deps-dev): bump file-type from 20.5.0 to 21.3.1 (#19748)
  • chore(effect): Add Effect to craft, README and issue templates (#19837)
  • chore(lint): Rule adjustments and fix warnings (#19612)
  • chore(skills): Add skill-creator and update managed agent skills (#19713)
  • docs(changelog): Add entry for @ sentry/hono alpha release (#19828)
  • docs(hono): Document usage without "*" (#19756)
  • docs(new-release): Document sdkName for craft (#19736)
  • docs(new-release): Update docs based on new Craft flow (#19731)
  • ref(cloudflare): Prepare for WorkerEntrypoint (#19742)
  • ref(nestjs): Move event instrumentation unit tests to separate file (#19738)
  • style: Auto changes made from "yarn fix" (#19710)
  • test(astro,cloudflare): Add an E2E test for Astro 6 on Cloudflare (#19781)
  • test(browser): Add simulated mfe integration test (#19768)
  • test(e2e): Add MFE e2e test using vite-plugin-federation (#19778)
  • test(nextjs): Add vercel queue tests to next-16 (#19798)
  • tests(core): Fix flaky metric sequence number test (#19754)

  Bundle size 📦

  Path	Size
  @ sentry/browser	25.04 KB
  @ sentry/browser - with treeshaking flags	23.57 KB
  @ sentry/browser (incl. Tracing)	41.62 KB
  @ sentry/browser (incl. Tracing, Profiling)	46.17 KB
  @ sentry/browser (incl. Tracing, Replay)	79.51 KB
  @ sentry/browser (incl. Tracing, Replay) - with treeshaking flags	69.33 KB
  @ sentry/browser (incl. Tracing, Replay with Canvas)	84.11 KB
  @ sentry/browser (incl. Tracing, Replay, Feedback)	96.07 KB
  @ sentry/browser (incl. Feedback)	41.45 KB
  @ sentry/browser (incl. sendFeedback)	29.6 KB
  @ sentry/browser (incl. FeedbackAsync)	34.53 KB
  @ sentry/browser (incl. Metrics)	26.29 KB
  @ sentry/browser (incl. Logs)	26.43 KB
  @ sentry/browser (incl. Metrics & Logs)	27.09 KB
  @ sentry/react	26.75 KB
  @ sentry/react (incl. Tracing)	43.9 KB
  @ sentry/vue	29.38 KB
  @ sentry/vue (incl. Tracing)	43.44 KB
  @ sentry/svelte	25.06 KB
  CDN Bundle	27.62 KB
  CDN Bundle (incl. Tracing)	42.49 KB
  CDN Bundle (incl. Logs, Metrics)	28.46 KB
  CDN Bundle (incl. Tracing, Logs, Metrics)	43.32 KB
  CDN Bundle (incl. Replay, Logs, Metrics)	66.61 KB
  CDN Bundle (incl. Tracing, Replay)	78.45 KB
  CDN Bundle (incl. Tracing, Replay, Logs, Metrics)	79.33 KB
  CDN Bundle (incl. Tracing, Replay, Feedback)	83.86 KB
  CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics)	84.74 KB
  CDN Bundle - uncompressed	80.69 KB
  CDN Bundle (incl. Tracing) - uncompressed	125.55 KB
  CDN Bundle (incl. Logs, Metrics) - uncompressed	83.49 KB
  CDN Bundle (incl. Tracing, Logs, Metrics) - uncompressed	128.35 KB
  CDN Bundle (incl. Replay, Logs, Metrics) - uncompressed	204.22 KB
  CDN Bundle (incl. Tracing, Replay) - uncompressed	239.66 KB
  CDN Bundle (incl. Tracing, Replay, Logs, Metrics) - uncompressed	242.45 KB
  CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed	252.27 KB
  CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics) - uncompressed	255.05 KB
  @ sentry/nextjs (client)	46.26 KB
  @ sentry/sveltekit (client)	42.06 KB
  @ sentry/node-core	55.03 KB
  @ sentry/node	169.1 KB
  @ sentry/node - without tracing	94.09 KB
  @ sentry/aws-serverless	110.68 KB

• 10.43.0 - 2026-03-10
  

  Important Changes

  • feat(nextjs): Add Turbopack support for React component name annotation (#19604)

    We added experimental support for React component name annotation in Turbopack builds. When enabled, JSX elements
    are annotated with data-sentry-component, data-sentry-element, and data-sentry-source-file attributes at build
    time. This enables searching Replays by component name, seeing component names in breadcrumbs, and performance
    monitoring — previously only available with webpack builds.

    This feature requires Next.js 16+ and is currently behind an experimental flag:

    // next.config.ts
    import { withSentryConfig } from '@ sentry/nextjs';

    export default withSentryConfig(nextConfig, {
    _experimental: {
    turbopackReactComponentAnnotation: {
    enabled: true,
    ignoredComponents: ['Header', 'Footer'], // optional
    },
    },
    });

  • feat(hono): Instrument middlewares app.use() (#19611)

    Hono middleware registered via app.use() is now automatically instrumented, creating spans for each middleware invocation.

  Other Changes

  • feat(node-core,node): Add tracePropagation option to http and fetch integrations (#19712)
  • feat(hono): Use parametrized names for errors (#19577)
  • fix(browser): Fix missing traces for user feedback (#19660)
  • fix(cloudflare): Use correct Proxy receiver in instrumentDurableObjectStorage (#19662)
  • fix(core): Standardize Vercel AI span descriptions to align with GenAI semantic conventions (#19624)
  • fix(deps): Bump hono to 4.12.5 to fix multiple vulnerabilities (#19653)
  • fix(deps): Bump svgo to 4.0.1 to fix DoS via entity expansion (#19651)
  • fix(deps): Bump tar to 7.5.10 to fix hardlink path traversal (#19650)
  • fix(nextjs): Align Turbopack module metadata injection with webpack behavior (#19645)
  • fix(node): Prevent duplicate LangChain spans from double module patching (#19684)
  • fix(node-core,vercel-edge): Use HEROKU_BUILD_COMMIT env var for default release (#19617)
  • fix(sveltekit): Fix file system race condition in source map cleaning (#19714)
  • fix(tanstackstart-react): Add workerd and worker export conditions (#19461)
  • fix(vercel-ai): Prevent tool call span map memory leak (#19328)
  • feat(deps): Bump @ sentry/rollup-plugin from 5.1.0 to 5.1.1 (#19658)
  Internal Changes

  • chore: Migrate to oxlint (#19134)
  • chore(aws-serverless): Don't build layer in build:dev command (#19586)
  • chore(ci): Allow triage action to run on issues from external users (#19701)
  • chore(deps): Bump immutable from 4.0.0 to 4.3.8 (#19637)
  • chore(e2e): Expand microservices E2E application with auto-tracing tests (#19652)
  • chore(hono): Prepare readme and add craft entry (#19583)
  • chore(sourcemaps): Make sourcemaps e2e test more generic (#19678)
  • chore(tanstackstart-react): Add link to docs in README (#19697)
  • feat(deps): Bump @ hono/node-server from 1.19.4 to 1.19.10 (#19634)
  • feat(deps): Bump underscore from 1.12.1 to 1.13.8 (#19616)
  • test(angular): Fix failing canary test (#19639)
  • test(nextjs): Add sourcemaps test for nextjs turbopack (#19647)
  • tests(e2e): Add microservices e2e for nestjs (#19642)
  • tests(e2e): Add websockets e2e for nestjs (#19630)

  Work in this release was contributed by @ dmmulroy, @ lithdew, and @ smorimoto. Thank you for your contributions!

  Bundle size 📦

  Path	Size
  @ sentry/browser	25.04 KB
  @ sentry/browser - with treeshaking flags	23.57 KB
  @ sentry/browser (incl. Tracing)	41.45 KB
  @ sentry/browser (incl. Tracing, Profiling)	46 KB
  @ sentry/browser (incl. Tracing, Replay)	79.35 KB
  @ sentry/browser (incl. Tracing, Replay) - with treeshaking flags	69.22 KB
  @ sentry/browser (incl. Tracing, Replay with Canvas)	83.94 KB
  @ sentry/browser (incl. Tracing, Replay, Feedback)	95.91 KB
  @ sentry/browser (incl. Feedback)	41.45 KB
  @ sentry/browser (incl. sendFeedback)	29.6 KB
  @ sentry/browser (incl. FeedbackAsync)	34.53 KB
  @ sentry/browser (incl. Metrics)	26.18 KB
  @ sentry/browser (incl. Logs)	26.31 KB
  @ sentry/browser (incl. Metrics & Logs)	26.97 KB
  @ sentry/react	26.75 KB
  @ sentry/react (incl. Tracing)	43.73 KB
  @ sentry/vue	29.38 KB
  @ sentry/vue (incl. Tracing)	43.27 KB
  @ sentry/svelte	25.06 KB
  CDN Bundle	27.52 KB
  CDN Bundle (incl. Tracing)	42.26 KB
  CDN Bundle (incl. Logs, Metrics)	28.34 KB
  CDN Bundle (incl. Tracing, Logs, Metrics)	43.08 KB
  CDN Bundle (incl. Replay, Logs, Metrics)	66.5 KB
  CDN Bundle (incl. Tracing, Replay)	78.27 KB
  CDN Bundle (incl. Tracing, Replay, Logs, Metrics)	79.11 KB
  CDN Bundle (incl. Tracing, Replay, Feedback)	83.66 KB
  CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics)	84.51 KB
  CDN Bundle - uncompressed	80.45 KB
  CDN Bundle (incl. Tracing) - uncompressed	125.09 KB
  CDN Bundle (incl. Logs, Metrics) - uncompressed	83.22 KB
  CDN Bundle (incl. Tracing, Logs, Metrics) - uncompressed	127.86 KB
  CDN Bundle (incl. Replay, Logs, Metrics) - uncompressed	203.98 KB
  CDN Bundle (incl. Tracing, Replay) - uncompressed	239.24 KB
  CDN Bundle (incl. Tracing, Replay, Logs, Metrics) - uncompressed	241.99 KB
  CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed	251.85 KB
  CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics) - uncompressed	254.59 KB
  @ sentry/nextjs (client)	46.09 KB
  @ sentry/sveltekit (client)	41.9 KB
  @ sentry/node-core	51.04 KB
  @ sentry/node	170.67 KB
  @ sentry/node - without tracing	95.14 KB
  @ sentry/aws-serverless	110.58 KB

from @sentry/angular GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[matthew2564]

This is a minor version upgrade for @sentry/angular. While not a breaking change in the API, version 10.44.0 is part of a release cycle that alters a default behavior regarding Personally Identifiable Information (PII).

Behavioral Change:

• User IP Address Collection: The SDK will no longer infer or collect user IP addresses by default. This change was officially implemented in version 10.4.0 but is relevant to this upgrade. To continue collecting user IP addresses, you must explicitly set sendDefaultPii: true in your Sentry.init() configuration.

Recommendation:
Review your Sentry configuration. If your project relies on user IP address data from Sentry, you must add sendDefaultPii: true to your Sentry.init() call to maintain the previous behavior.

Source: Sentry JavaScript SDK Changelog

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[Copilot]

Pull request overview

This PR upgrades the Sentry Angular SDK dependency to keep the application’s error/telemetry tooling up to date.

Changes:

• Bump @sentry/angular from 10.43.0 to 10.44.0 in package.json.
• Update package-lock.json to reflect the new @sentry/angular version and its transitive dependencies.

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.

File	Description
package.json	Updates the declared @sentry/angular version to 10.44.0.
package-lock.json	Updates the resolved Sentry Angular package and adds/adjusts nested Sentry dependencies accordingly.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Upgrading @sentry/angular to 10.44.0 appears to conflict with @sentry/capacitor@3.2.0, which peers on @sentry/angular@10.43.0 (see package-lock.json entry for @sentry/capacitor). This will at least produce a peer-dependency mismatch and may lead to multiple Sentry SDK copies at runtime. Consider upgrading @sentry/capacitor to a version compatible with 10.44.0 (or keep the Sentry packages on matching versions).

Suggested change

	"@sentry/angular": "10.44.0",
	"@sentry/angular": "10.43.0",