feat(deps): bump next and @sentry/nextjs

[dependabot]

Bumps next and @sentry/nextjs. These dependencies needed to be updated together.
Updates next from 13.4.19 to 16.1.6

Release notes

Sourced from next's releases.

v16.1.6

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Upgrade to swc 54 (#88207)
• implement LRU cache with invocation ID scoping for minimal mode response cache (#88509)
• tweak LRU sentinel key (#89123)

Credits

Huge thanks to @​mischnic, @​wyattjoh, and @​ztanner for helping!

v16.1.5

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472 https://vercel.com/changelog/summary-of-cve-2026-23864

v16.1.4

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Only filter next config if experimental flag is enabled (#88733)

Credits

Huge thanks to @​mischnic for helping!

v16.1.3

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Fix linked list bug in LRU deleteFromLru (#88652)
• Fix relative same host redirects in node middleware (#88253)

Credits

Huge thanks to @​acdlite and @​ijjk for helping!

v16.1.2

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

... (truncated)

Commits

• adf8c61 v16.1.6
• 098c0c0 [backport][ci] Make gh auth status optional when triggering a release (#89100)
• a43df32 Backport/docs fixes jan 25 16.1.x (#89124)
• d6d5734 tweak LRU sentinel cache key (#89123)
• 4324698 backport: implement LRU cache with invocation ID scoping for minimal mode res...
• 23c4649 [backport] Upgrade to swc 54 (#88207) (#89103)
• acba4a6 v16.1.5
• e1d1fc6 Add maximum size limit for postponed body parsing (#88175)
• 500ec83 fetch(next/image): reduce maximumResponseBody from 300MB to 50MB (#88588)
• 1caaca3 feat(next/image)!: add images.maximumResponseBody config (#88183)
• Additional commits viewable in compare view

Updates @sentry/nextjs from 7.64.0 to 10.37.0

Release notes

Sourced from @​sentry/nextjs's releases.

10.37.0

Important Changes

• feat(core): Introduces a new Sentry.setConversationId() API to track multi turn AI conversations across API calls. (#18909)

  You can now set a conversation ID that will be automatically applied to spans within that scope. This allows you to link traces from the same conversation together.

  import * as Sentry from '@sentry/node';
  // Set conversation ID for all subsequent spans
  Sentry.setConversationId('conv_abc123');
  // All AI spans will now include the gen_ai.conversation.id attribute
  await openai.chat.completions.create({...});

  This is particularly useful for tracking multiple AI API calls that are part of the same conversation, allowing you to analyze entire conversation flows in Sentry. The conversation ID is stored on the isolation scope and automatically applied to spans via the new conversationIdIntegration.

• feat(tanstackstart-react): Auto-instrument global middleware in sentryTanstackStart Vite plugin (#18844)

  The sentryTanstackStart Vite plugin now automatically instruments requestMiddleware and functionMiddleware arrays in createStart(). This captures performance data without requiring manual wrapping.

  Auto-instrumentation is enabled by default. To disable it:

  // vite.config.ts
  sentryTanstackStart({
    authToken: process.env.SENTRY_AUTH_TOKEN,
    org: 'your-org',
    project: 'your-project',
    autoInstrumentMiddleware: false,
  });

Other Changes

• feat(core): simplify truncation logic to only keep the newest message (#18906)
• feat(core): Support new client discard reason invalid (#18901)
• feat(deps): Bump OpenTelemetry instrumentations (#18934)
• feat(nextjs): Update default ignore list for sourcemaps (#18938)
• feat(node): pass prisma instrumentation options through (#18900)
• feat(nuxt): Don't run source maps related code on Nuxt "prepare" (#18936)
• feat(replay): Update client report discard reason for invalid sessions (#18796)
• feat(winston): Add customLevelMap for winston transport (#18922)
• feat(react-router): Add support for React Router instrumentation API (#18580)
• fix(astro): Do not show warnings for valid options (#18947)
• fix(core): Report well known values in gen_ai.operation.name attribute (#18925)
• fix(node-core): ignore vercel AbortError by default on unhandled rejection (#18973)

... (truncated)

Changelog

Sourced from @​sentry/nextjs's changelog.

10.37.0

Important Changes

• feat(core): Introduces a new Sentry.setConversationId() API to track multi turn AI conversations across API calls. (#18909)

  You can now set a conversation ID that will be automatically applied to spans within that scope. This allows you to link traces from the same conversation together.

  import * as Sentry from '@sentry/node';
  // Set conversation ID for all subsequent spans
  Sentry.setConversationId('conv_abc123');
  // All AI spans will now include the gen_ai.conversation.id attribute
  await openai.chat.completions.create({...});

  This is particularly useful for tracking multiple AI API calls that are part of the same conversation, allowing you to analyze entire conversation flows in Sentry. The conversation ID is stored on the isolation scope and automatically applied to spans via the new conversationIdIntegration.

• feat(tanstackstart-react): Auto-instrument global middleware in sentryTanstackStart Vite plugin (#18844)

  The sentryTanstackStart Vite plugin now automatically instruments requestMiddleware and functionMiddleware arrays in createStart(). This captures performance data without requiring manual wrapping.

  Auto-instrumentation is enabled by default. To disable it:

  // vite.config.ts
  sentryTanstackStart({
    authToken: process.env.SENTRY_AUTH_TOKEN,
    org: 'your-org',
    project: 'your-project',
    autoInstrumentMiddleware: false,
  });

Other Changes

• feat(core): simplify truncation logic to only keep the newest message (#18906)
• feat(core): Support new client discard reason invalid (#18901)
• feat(deps): Bump OpenTelemetry instrumentations (#18934)
• feat(nextjs): Update default ignore list for sourcemaps (#18938)
• feat(node): pass prisma instrumentation options through (#18900)
• feat(nuxt): Don't run source maps related code on Nuxt "prepare" (#18936)
• feat(replay): Update client report discard reason for invalid sessions (#18796)
• feat(winston): Add customLevelMap for winston transport (#18922)
• feat(react-router): Add support for React Router instrumentation API (#18580)
• fix(astro): Do not show warnings for valid options (#18947)
• fix(core): Report well known values in gen_ai.operation.name attribute (#18925)

... (truncated)

Commits

• 8aec947 release: 10.37.0
• c60ca61 meta(changelog): Update changelog for 10.37.0 (#18984)
• 429ac16 meta(changelog): Update changelog for 10.37.0
• 11f38a7 feat(winston): Add customLevelMap for winston transport (#18922)
• 93a91cc test(prisma): Move to yarn prisma (#18975)
• b0add63 ref(core): Set system message as separate attribute (#18978)
• 9a2b6a4 chore: Add external contributor to CHANGELOG.md (#18977)
• cf738e7 deps: Bump version of sentry-bundler-plugins (#18972)
• 693ca47 test(nextjs): Added nextjs CF workers test app (#18928)
• 75f0e20 feat(react-router): Add support for React Router instrumentation API (#18580)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
tact	Error		Jan 28, 2026 0:39am