Bump @sentry/profiling-node from 1.2.6 to 10.39.0

[dependabot]

Bumps @sentry/profiling-node from 1.2.6 to 10.39.0.

Release notes

Sourced from @​sentry/profiling-node's releases.

10.39.0

Important Changes

• feat(tanstackstart-react): Auto-instrument server function middleware (#19001)

  The sentryTanstackStart Vite plugin now automatically instruments middleware in createServerFn().middleware([...]) calls. This captures performance data without requiring manual wrapping with wrapMiddlewaresWithSentry().

• feat(nextjs): New experimental automatic vercel cron monitoring (#19192)

  Setting _experimental.vercelCronMonitoring to true in your Sentry configuration will automatically create Sentry cron monitors for your Vercel Cron Jobs.

  Please note that this is an experimental unstable feature and subject to change.

  // next.config.ts
  export default withSentryConfig(nextConfig, {
    _experimental: {
      vercelCronMonitoring: true,
    },
  });

• feat(node-core): Add node-core/light (#18502)

  This release adds a new light-weight @sentry/node-core/light export to @sentry/node-core. The export acts as a light-weight SDK that does not depend on OpenTelemetry and emits no spans.

  Use this SDK when:

  • You only need error tracking, logs or metrics without tracing data (no spans)
  • You want to minimize bundle size and runtime overhead
  • You don't need spans emitted by OpenTelemetry instrumentation

  It supports error tracking and reporting, logs, metrics, automatic request isolation (requires Node.js 22+) and basic tracing via our Sentry.startSpan* APIs.

  Install the SDK by running

  npm install @sentry/node-core

  and add Sentry at the top of your application's entry file:

  import * as Sentry from '@sentry/node-core/light';
  Sentry.init({
  dsn: 'DSN',
  });

Other Changes

... (truncated)

Changelog

Sourced from @​sentry/profiling-node's changelog.

10.39.0

Important Changes

• feat(tanstackstart-react): Auto-instrument server function middleware (#19001)

  The sentryTanstackStart Vite plugin now automatically instruments middleware in createServerFn().middleware([...]) calls. This captures performance data without requiring manual wrapping with wrapMiddlewaresWithSentry().

• feat(nextjs): New experimental automatic vercel cron monitoring (#19192)

  Setting _experimental.vercelCronMonitoring to true in your Sentry configuration will automatically create Sentry cron monitors for your Vercel Cron Jobs.

  Please note that this is an experimental unstable feature and subject to change.

  // next.config.ts
  export default withSentryConfig(nextConfig, {
    _experimental: {
      vercelCronMonitoring: true,
    },
  });

• feat(node-core): Add node-core/light (#18502)

  This release adds a new light-weight @sentry/node-core/light export to @sentry/node-core. The export acts as a light-weight SDK that does not depend on OpenTelemetry and emits no spans.

  Use this SDK when:

  • You only need error tracking, logs or metrics without tracing data (no spans)
  • You want to minimize bundle size and runtime overhead
  • You don't need spans emitted by OpenTelemetry instrumentation

  It supports error tracking and reporting, logs, metrics, automatic request isolation (requires Node.js 22+) and basic tracing via our Sentry.startSpan* APIs.

  Install the SDK by running

  npm install @sentry/node-core

  and add Sentry at the top of your application's entry file:

  import * as Sentry from '@sentry/node-core/light';
  Sentry.init({
  dsn: 'DSN',
  });

... (truncated)

Commits

• See full diff in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[hardillb]

@cstns I've assigned this to you (as part of the triage dependabot work) because you were looking at the sentry burn rate as much as anything.

I'll Stick it in the 2.29.0 milestone so it can be scheduled properly

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 76.65%. Comparing base (be2aaa7) to head (4ddd19d).
⚠️ Report is 390 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #6719   +/-   ##
=======================================
  Coverage   76.65%   76.65%           
=======================================
  Files         398      398           
  Lines       20108    20108           
  Branches     4844     4844           
=======================================
  Hits        15414    15414           
  Misses       4694     4694           

Flag	Coverage Δ
backend	76.65% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[dependabot]

A newer version of @​sentry/profiling-node exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged.

[hardillb]

@allthedoll This is the last remaining dependency holding a bad version of tar in the dependency tree. (It's also in the chain for the minimatch package)

We really need to get this upgraded, it needs somebody to spend the time needed to work out what is needed for this Huge version bump.

@dependabot rebase

[dependabot]

Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry!

If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

[hardillb]

@dependabot recreate

[dependabot]

Looks like this PR is already up-to-date with main! If you'd still like to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.