[Snyk] Upgrade @sentry/sveltekit from 10.12.0 to 10.14.0

[EVDOG4LIFE]

Snyk has created this PR to upgrade @sentry/sveltekit from 10.12.0 to 10.14.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 2 versions ahead of your current version.

• The recommended version was released 22 days ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Cross-site Scripting (XSS) SNYK-JS-COOKIE-8163060	315	No Known Exploit
	Directory Traversal SNYK-JS-SIRV-12558119	315	Proof of Concept
	Relative Path Traversal SNYK-JS-VITE-12558116	315	Proof of Concept

Release notes

Package name: @sentry/sveltekit

• 10.14.0 - 2025-09-23
  

  Important Changes

  • feat(cloudflare,vercel-edge): Add support for Google Gen AI instrumentation (#17723)

    The SDK now supports manually instrumenting Google's Generative AI operations in Cloudflare Workers and Vercel Edge Runtime environments, providing insights into your AI operations. You can use const wrappedClient = Sentry.instrumentGoogleGenAIClient(genAiClient) to get an instrumented client.

  Other Changes

  • fix(nextjs): Display updated turbopack warnings (#17737)
  • ref(core): Wrap isolationscope in WeakRef when storing it on spans (#17712)
  Internal Changes

  • test(node): Avoid using specific port for node-integration-tests (#17729)
  • test(nuxt): Update Nuxt version and add Nitro $fetch test (#17713)

  Bundle size 📦

  Path	Size
  @ sentry/browser	23.69 KB
  @ sentry/browser - with treeshaking flags	22.24 KB
  @ sentry/browser (incl. Tracing)	39.46 KB
  @ sentry/browser (incl. Tracing, Replay)	76.93 KB
  @ sentry/browser (incl. Tracing, Replay) - with treeshaking flags	66.84 KB
  @ sentry/browser (incl. Tracing, Replay with Canvas)	81.49 KB
  @ sentry/browser (incl. Tracing, Replay, Feedback)	93.41 KB
  @ sentry/browser (incl. Feedback)	40.01 KB
  @ sentry/browser (incl. sendFeedback)	28.24 KB
  @ sentry/browser (incl. FeedbackAsync)	33.05 KB
  @ sentry/react	25.37 KB
  @ sentry/react (incl. Tracing)	41.38 KB
  @ sentry/vue	28.11 KB
  @ sentry/vue (incl. Tracing)	41.22 KB
  @ sentry/svelte	23.72 KB
  CDN Bundle	25.17 KB
  CDN Bundle (incl. Tracing)	39.3 KB
  CDN Bundle (incl. Tracing, Replay)	74.66 KB
  CDN Bundle (incl. Tracing, Replay, Feedback)	80.04 KB
  CDN Bundle - uncompressed	73.6 KB
  CDN Bundle (incl. Tracing) - uncompressed	116.34 KB
  CDN Bundle (incl. Tracing, Replay) - uncompressed	228.76 KB
  CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed	241.23 KB
  @ sentry/nextjs (client)	43.36 KB
  @ sentry/sveltekit (client)	39.87 KB
  @ sentry/node-core	48.85 KB
  @ sentry/node	148.68 KB
  @ sentry/node - without tracing	89.79 KB
  @ sentry/aws-serverless	102.92 KB

• 10.13.0 - 2025-09-22
  

  Important Changes

  • feat(browser): Add option to explicitly end pageload span via reportPageLoaded() (#17697)

    With this release you can take manual control of ending the pageload span. Usually this span is ended automatically by the SDK, based on a period of inactivity after the initial page was loaded in the browser. If you want full control over the pageload duration, you can tell Sentry, when your page was fully loaded:

    Sentry.init({
    //...
    integrations: [
    // 1. Enable manual pageload reporting
    Sentry.browserTracingIntegration({ enableReportPageLoaded: true }),
    ],
    });

    // 2. Whenever you decide the page is loaded, call:
    Sentry.reportPageLoaded();

    Note that if Sentry.reportPageLoaded() is not called within 30 seconds of the initial pageload (or whatever value the finalTimeout option is set to), the pageload span will be ended automatically.

  • feat(core,node): Add instrumentation for GoogleGenerativeAI (#17625)

    The SDK now automatically instruments the @ google/generative-ai package to provide insights into your AI operations.

  • feat(nextjs): Promote useRunAfterProductionCompileHook to non-experimental build option (#17721)

    The useRunAfterProductionCompileHook option is no longer experimental and is now a stable build option for Next.js projects.

  • feat(nextjs): Use afterProductionCompile hook for webpack builds (#17655)

    Next.js projects using webpack can opt-in to use the useRunAfterProductionCompileHook hook for source map uploads.

  • feat(nextjs): Flip default value for useRunAfterProductionCompileHook for Turbopack builds (#17722)

    The useRunAfterProductionCompileHook option is now enabled by default for Turbopack builds, enabling automated source map uploads.

  • feat(node): Do not drop 300 and 304 status codes by default (#17686)

    HTTP transactions with 300 and 304 status codes are now captured by default, providing better visibility into redirect and caching behavior.

  Other Changes

  • feat(core): Add logger to core and allow scope to be passed log methods (#17698)
  • feat(core): Allow to pass onSuccess to handleCallbackErrors (#17679)
  • feat(core): Create template attributes in consoleLoggingIntegration (#17703)
  • feat(deps): bump @ sentry/cli from 2.52.0 to 2.53.0 (#17652)
  • feat(node): Add extra platforms to os context (#17720)
  • fix(browser): Ensure idle span duration is adjusted when child spans are ignored (#17700)
  • fix(core): Ensure builtin stack frames don't affect thirdPartyErrorFilterIntegration (#17693)
  • fix(core): Fix client hook edge cases around multiple callbacks (#17706)
  • fix(nextjs): Enable fetch span when OTel setup is skipped (#17699)
  • fix(node): Fix this context for vercel AI instrumentation (#17681)
  Internal Changes

  • chore: Add external contributor to CHANGELOG.md (#17725)
  • chore: Add link to build and test icon in readme (#17719)
  • chore(nuxt): Bump Vite and Rollup plugins (#17671)
  • chore(repo): Add changelog entry for reportPageLoaded (#17724)
  • ci: Fix lookup of changed E2E test apps (#17707)
  • ci(test-matrix): Add logs for getTestMatrix (#17673)
  • ref: Avoid some usage of SyncPromise where not needed (#17641)
  • ref(core): Add debug log when dropping a span via ignoreSpans (#17692)
  • ref(core): Avoid looking up anthropic-ai integration options (#17694)
  • ref(core): Streamline module_metadata assignment and cleanup functions (#17696)
  • ref(remix): Avoid unnecessary error wrapping HandleDocumentRequestFunction (#17680)
  • Revert "[Gitflow] Merge master into develop"

  Work in this release was contributed by @ Olexandr88. Thank you for your contribution!

  Bundle size 📦

  Path	Size
  @ sentry/browser	23.66 KB
  @ sentry/browser - with treeshaking flags	22.21 KB
  @ sentry/browser (incl. Tracing)	39.39 KB
  @ sentry/browser (incl. Tracing, Replay)	76.88 KB
  @ sentry/browser (incl. Tracing, Replay) - with treeshaking flags	66.78 KB
  @ sentry/browser (incl. Tracing, Replay with Canvas)	81.44 KB
  @ sentry/browser (incl. Tracing, Replay, Feedback)	93.35 KB
  @ sentry/browser (incl. Feedback)	39.99 KB
  @ sentry/browser (incl. sendFeedback)	28.2 KB
  @ sentry/browser (incl. FeedbackAsync)	33 KB
  @ sentry/react	25.33 KB
  @ sentry/react (incl. Tracing)	41.32 KB
  @ sentry/vue	28.05 KB
  @ sentry/vue (incl. Tracing)	41.15 KB
  @ sentry/svelte	23.68 KB
  CDN Bundle	25.14 KB
  CDN Bundle (incl. Tracing)	39.22 KB
  CDN Bundle (incl. Tracing, Replay)	74.59 KB
  CDN Bundle (incl. Tracing, Replay, Feedback)	79.96 KB
  CDN Bundle - uncompressed	73.46 KB
  CDN Bundle (incl. Tracing) - uncompressed	116.1 KB
  CDN Bundle (incl. Tracing, Replay) - uncompressed	228.53 KB
  CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed	240.99 KB
  @ sentry/nextjs (client)	43.3 KB
  @ sentry/sveltekit (client)	39.81 KB
  @ sentry/node-core	48.81 KB
  @ sentry/node	148.62 KB
  @ sentry/node - without tracing	89.73 KB
  @ sentry/aws-serverless	102.86 KB

• 10.12.0 - 2025-09-16
  

  Important Changes

  • ref: Add and Adjust error event mechanism values

    This release includes a variety of changes aimed at setting the mechanism field on errors captured automatically by the Sentry SDKs. The intention is to clearly mark which instrumentation captured an error. In addition, some instrumentations previously did not yet annotate the error as handled or unhandled which this series of PRs corrects as well.

    Relevant PRs

    
    

    Released in 10.12.0:

    • ref(angular): Adjust ErrorHandler event mechanism (#17608)
    • ref(astro): Adjust mechanism on error events captured by astro middleware (#17613)
    • ref(aws-severless): Slightly adjust aws-serverless mechanism type (#17614)
    • ref(bun): Adjust mechanism of errors captured in Bun.serve (#17616)
    • ref(cloudflare): Adjust event mechanisms and durable object origin (#17618)
    • ref(core): Adjust mechanism in captureConsoleIntegration (#17633)
    • ref(core): Adjust MCP server error event mechanism (#17622)
    • ref(core): Simplify linkedErrors mechanism logic (#17600)
    • ref(deno): Adjust mechanism of errors caught by globalHandlersIntegration (#17635)
    • ref(nextjs): Set more specific event mechanisms (#17543)
    • ref(node): Adjust mechanism of express, hapi and fastify error handlers (#17623)
    • ref(node-core): Add mechanism to cron instrumentations (#17544)
    • ref(node-core): Add more specific mechanism.type to worker thread errors from childProcessIntegration (#17578)
    • ref(node-core): Adjust mechanism of onUnhandledRejection and onUnhandledException integrations (#17636)
    • ref(node): Add mechanism to errors captured via connect and koa integrations (#17579)
    • ref(nuxt): Add and adjust mechanism.type in error events (#17599)
    • ref(react): Add mechanism to reactErrorHandler and adjust mechanism in ErrorBoundary (#17602)
    • ref(remix): Adjust event mechanism of captureRemixServerException (#17629)
    • ref(replay-internal): Add mechanism to error caught by replayIntegration in debug mode (#17606)
    • ref(solid): Add mechanism to error captured by withSentryErrorBoundary (#17607)
    • ref(solidstart): Adjust event mechanism in withServerActionInstrumentation (#17637)
    • ref(sveltekit): Adjust mechanism of error events (#17646)
    • ref(vue): Adjust mechanism in Vue error handler (#17647)

    
    

    Released in 10.11.0:

    • ref(browser): Add more specific mechanism.type to errors captured by httpClientIntegration (#17254)
    • ref(browser): Set more descriptive mechanism.type in browserApiErrorsIntergation (#17251)
    • ref(core): Add mechanism.type to trpcMiddleware errors (#17287)
    • ref(core): Add more specific event mechanisms and span origins to openAiIntegration (#17288)
    • ref(nestjs): Add mechanism to captured errors (#17312)
  • feat(node) Ensure prismaIntegration works with Prisma 5 (#17595)

  We used to require to pass in the v5 version of @ prisma/instrumentation into prismaIntegration({ prismaInstrumentation: new PrismaInstrumentation() }), if you wanted to get full instrumentation for Prisma v5. However, it turns out this does not work on v10 of the SDK anymore, because @ prisma/instrumentation@5 requires OTEL v1.

  With this release, we dropped the requirement to configure anything to get v5 support of Prisma. You do not need to configure anything in the integration anymore, and can remove the dependency on @ prisma/instrumentation@5 if you had it in your application. You only need to configure the tracing preview feature according to our docs.

  • feat(deps): Update OpenTelemetry dependencies (#17558)
    • @ opentelemetry/core bumped to ^2.1.0
    • @ opentelemetry/context-async-hooks bumped to ^2.1.0
    • @ opentelemetry/resources bumped to ^2.1.0
    • @ opentelemetry/sdk-trace-base bumped to ^2.1.0
    • @ opentelemetry/semantic-conventions bumped to ^1.37.0
    • @ opentelemetry/instrumentation bumped to ^0.204.0
    • @ opentelemetry/instrumentation-http bumped to ^0.204.0
    • @ opentelemetry/instrumentation-amqplib bumped to ^0.51.0
    • @ opentelemetry/instrumentation-aws-sdk bumped to ^0.59.0
    • @ opentelemetry/instrumentation-connect bumped to ^0.48.0
    • @ opentelemetry/instrumentation-dataloader bumped to ^0.22.0
    • @ opentelemetry/instrumentation-express bumped to ^0.53.0
    • @ opentelemetry/instrumentation-fs bumped from to ^0.24.0
    • @ opentelemetry/instrumentation-generic-pool bumped to ^0.48.0
    • @ opentelemetry/instrumentation-graphql bumped to ^0.52.0
    • @ opentelemetry/instrumentation-hapi bumped to ^0.51.0
    • @ opentelemetry/instrumentation-ioredis bumped to ^0.52.0
    • @ opentelemetry/instrumentation-kafkajs bumped to ^0.14.0
    • @ opentelemetry/instrumentation-knex bumped to ^0.49.0
    • @ opentelemetry/instrumentation-koa bumped to ^0.52.0
    • @ opentelemetry/instrumentation-lru-memoizer bumped to ^0.49.0
    • @ opentelemetry/instrumentation-mongodb bumped from to ^0.57.0
    • @ opentelemetry/instrumentation-mongoose bumped from to ^0.51.0
    • @ opentelemetry/instrumentation-mysql bumped to ^0.50.0
    • @ opentelemetry/instrumentation-mysql2 bumped to ^0.51.0
    • @ opentelemetry/instrumentation-nestjs-core bumped to ^0.50.0
    • @ opentelemetry/instrumentation-pg bumped to ^0.57.0
    • @ opentelemetry/instrumentation-redis bumped to ^0.53.0
    • @ opentelemetry/instrumentation-undici bumped to ^0.15.0
    • @ prisma/instrumentation bumped to 6.15.0

  Other Changes

  • feat(browser): Add timing and status atttributes to resource spans (#17562)
  • feat(cloudflare,vercel-edge): Add support for Anthropic AI instrumentation (#17571)
  • feat(core): Add Consola integration (#17435)
  • feat(deps): Update OpenTelemetry dependencies (#17569)
  • feat(core): Export TracesSamplerSamplingContext type (#17523)
  • feat(deno): Add OpenTelemetry support and vercelAI integration (#17445)
  • feat(node-core): Remove experimental note from winston api (#17626)
  • feat(node): Ensure prismaIntegration works with Prisma v5 (#17595)
  • feat(node): Tidy existing ESM loader hook (#17566)
  • feat(sveltekit): Align build time options with shared type (#17413)
  • fix(core): Fix error handling when sending envelopes (#17662)
  • fix(browser): Always start navigation as root span (#17648)
  • fix(browser): Ensure propagated parentSpanId stays consistent during trace in TwP mode (#17526)
  • fix(cloudflare): Initialize once per workflow run and preserve scope for step.do (#17582)
  • fix(nextjs): Add edge polyfills for nextjs-13 in dev mode (#17488)
  • fix(nitro): Support nested _platform properties in Nitro 2.11.7+ (#17596)
  • fix(node): Preserve synchronous return behavior for streamText and other methods for AI (#17580)
  • ref(node): Inline types imported from shimmer (#17597) - ref(nuxt): Add and adjust mechanism.type in error events (#17599)
  • ref(browser): Improve fetchTransport error handling (#17661)
  Internal Changes

  • chore: Add changelog note about mechanism changes (#17632)
  • chore(aws): Update README.md (#17601)
  • chore(deps): bump hono from 4.7.10 to 4.9.7 in /dev-packages/e2e-tests/test-applications/cloudflare-hono (#17630)
  • chore(deps): bump next from 14.2.25 to 14.2.32 in /dev-packages/e2e-tests/test-applications/nextjs-app-dir (#17627)
  • chore(deps): bump next from 14.2.25 to 14.2.32 in /dev-packages/e2e-tests/test-applications/nextjs-pages-dir (#17620)
  • chore(deps): bump next from 14.2.29 to 14.2.32 in /dev-packages/e2e-tests/test-applications/nextjs-orpc (#17494)
  • chore(deps): bump next from 14.2.30 to 14.2.32 in /dev-packages/e2e-tests/test-applications/nextjs-14 (#17628)
  • chore(repo): Rename .claude/settings.local.json to .claude/settings.json (#17591)
  • docs(issue-template): Add note about prioritization (#17590)
  • ref(core): Streamline event processor handling (#17634)
  • test(angular): Bump TS version to 5.9.0 in Angular 20 e2e test (#17605)
  • test(nextjs): Remove Next 13 and pin Next 14 canary and latest tests (#17577)
  • test(react-router): Unflake flushIfServerless test (#17610)

  Bundle size 📦

  Path	Size
  @ sentry/browser	23.59 KB
  @ sentry/browser - with treeshaking flags	22.19 KB
  @ sentry/browser (incl. Tracing)	39.21 KB
  @ sentry/browser (incl. Tracing, Replay)	76.69 KB
  @ sentry/browser (incl. Tracing, Replay) - with treeshaking flags	66.64 KB
  @ sentry/browser (incl. Tracing, Replay with Canvas)	81.24 KB
  @ sentry/browser (incl. Tracing, Replay, Feedback)	93.16 KB
  @ sentry/browser (incl. Feedback)	39.92 KB
  @ sentry/browser (incl. sendFeedback)	28.13 KB
  @ sentry/browser (incl. FeedbackAsync)	32.96 KB
  @ sentry/react	25.27 KB
  @ sentry/react (incl. Tracing)	41.18 KB
  @ sentry/vue	27.97 KB
  @ sentry/vue (incl. Tracing)	40.99 KB
  @ sentry/svelte	23.62 KB
  CDN Bundle	25.13 KB
  CDN Bundle (incl. Tracing)	39.11 KB
  CDN Bundle (incl. Tracing, Replay)	74.48 KB
  CDN Bundle (incl. Tracing, Replay, Feedback)	79.86 KB
  CDN Bundle - uncompressed	73.41 KB
  CDN Bundle (incl. Tracing) - uncompressed	115.73 KB
  CDN Bundle (incl. Tracing, Replay) - uncompressed	228.13 KB
  CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed	240.59 KB
  @ sentry/nextjs (client)	43.12 KB
  @ sentry/sveltekit (client)	39.64 KB
  @ sentry/node-core	48.69 KB
  @ sentry/node	147.6 KB
  @ sentry/node - without tracing	89.6 KB
  @ sentry/aws-serverless	102.73 KB

from @sentry/sveltekit GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[coderabbitai]

Important

Review skipped

Ignore keyword(s) in the title.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch snyk-upgrade-e492e27ecdf3fe311cbb43c4135cce50

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}