chore(deps): bump the production-minor group with 8 updates

[dependabot]

Bumps the production-minor group with 8 updates:

Package	From	To
@modelcontextprotocol/sdk	1.26.0	1.27.1
@opentelemetry/sdk-trace-node	2.5.0	2.5.1
@sentry/nextjs	10.38.0	10.40.0
@vercel/functions	3.4.1	3.4.3
@vercel/otel	2.1.0	2.1.1
motion	12.33.0	12.34.3
resend	6.9.1	6.9.3
tailwind-merge	3.4.0	3.5.0

Updates @modelcontextprotocol/sdk from 1.26.0 to 1.27.1

Release notes

Sourced from @​modelcontextprotocol/sdk's releases.

v1.27.1

What's Changed

• feat: implement auth/pre-registration conformance scenario by @​felixweinberger in modelcontextprotocol/typescript-sdk#1545
• docs: add governance documentation for SEP-1730 by @​felixweinberger in modelcontextprotocol/typescript-sdk#1547
• docs: comprehensive feature documentation for SEP-1730 Tier 1 by @​felixweinberger in modelcontextprotocol/typescript-sdk#1548
• fix: prevent command injection in example URL opening (v1.x backport) by @​maxisbey in modelcontextprotocol/typescript-sdk#1579
• fix: call onerror for silently swallowed transport errors by @​qing-ant in modelcontextprotocol/typescript-sdk#1580
• chore: bump version to 1.27.1 by @​felixweinberger in modelcontextprotocol/typescript-sdk#1581

New Contributors

• @​qing-ant made their first contribution in modelcontextprotocol/typescript-sdk#1580

Full Changelog: modelcontextprotocol/typescript-sdk@v1.27.0...v1.27.1

v1.27.0

What's Changed

• feat: add conformance test infrastructure for v1.x by @​felixweinberger in modelcontextprotocol/typescript-sdk#1518
• feat: backport discoverOAuthServerInfo() and discovery caching to v1.x by @​felixweinberger in modelcontextprotocol/typescript-sdk#1533
• feat: add url property to RequestInfo interface by @​valentinbeggi in modelcontextprotocol/typescript-sdk#1353
• [v1.x] feat(tasks): add streaming methods for elicitation and sampling by @​LucaButBoring in modelcontextprotocol/typescript-sdk#1528
• chore: bump version for v1.27.0 by @​felixweinberger in modelcontextprotocol/typescript-sdk#1541

New Contributors

• @​valentinbeggi made their first contribution in modelcontextprotocol/typescript-sdk#1353

Full Changelog: modelcontextprotocol/typescript-sdk@v1.26.0...v1.27.0

Commits

• 4faa8c8 chore: bump version to 1.27.1 (#1581)
• 09a85a8 fix: call onerror for silently swallowed transport errors (#1580)
• e79d14a fix: prevent command injection in example URL opening (v1.x backport) (#1579)
• 342ea39 docs: comprehensive feature documentation for SEP-1730 Tier 1 (#1548)
• 2084a22 docs: add governance documentation for SEP-1730 (#1547)
• f2d2145 feat: implement auth/pre-registration conformance scenario (#1545)
• 8cbc658 chore: bump version for v1.27.0 (#1541)
• 5c16ae3 [v1.x] feat(tasks): add streaming methods for elicitation and sampling (#1528)
• 97ab379 feat: add url property to RequestInfo interface (#1353)
• 825e9ab feat: backport discoverOAuthServerInfo() and discovery caching to v1.x (#1533)
• Additional commits viewable in compare view

Updates @opentelemetry/sdk-trace-node from 2.5.0 to 2.5.1

Release notes

Sourced from @​opentelemetry/sdk-trace-node's releases.

v2.5.1

2.5.1

🐛 Bug Fixes

• fix(opentelemetry-sdk-node): the custom value from env variable for service.instance.id should take priority over random uuid as backup #6345 @​maryliag

🏠 Internal

• perf(sdk-trace-base): use Uint8Array for browser RandomIdGenerator #6209 @​overbalance
• test(sdk-trace-base): remove obsolete TypeScript and platform workarounds #6327 @​overbalance
• fix(example-web): update Docker config and deps for collector #6342 @​overbalance
• perf(sdk-trace-base): optimize setAttribute performance #6283 @​AbhiPrasad
• refactor(core): remove unnecessary closure in _export() #6360 @​cjihrig

Changelog

Sourced from @​opentelemetry/sdk-trace-node's changelog.

2.5.1

🐛 Bug Fixes

• fix(opentelemetry-sdk-node): the custom value from env variable for service.instance.id should take priority over random uuid as backup #6345 @​maryliag

🏠 Internal

• perf(sdk-trace-base): use Uint8Array for browser RandomIdGenerator #6209 @​overbalance
• test(sdk-trace-base): remove obsolete TypeScript and platform workarounds #6327 @​overbalance
• fix(example-web): update Docker config and deps for collector #6342 @​overbalance
• perf(sdk-trace-base): optimize setAttribute performance #6283 @​AbhiPrasad
• refactor(core): remove unnecessary closure in _export() #6360 @​cjihrig

Commits

• ad92be4 chore: prepare next release (#6402)
• 3e68499 feat(configuration): add prometheus exporter support (#6400)
• b743747 fix(configuration): remove default propagator initialization (#6399)
• 48e2fb4 chore(deps): update fossas/fossa-action action to v1.8.0 (#6405)
• 90d1afa ci: allow different release bumps for groups (#6397)
• c1d0543 fix(deps): update dependency axios to v1.13.5 [security] (#6398)
• a78d112 fix(deps): update dependency @​grpc/grpc-js to v1.8.22 [security] (#6366)
• fcafab5 chore: fix lint (#6388)
• a0d5c14 fix(otlp-exporter-base): avoid use of a wrapped fetch (#6353)
• 819ebb2 chore(deps): update dependency webpack-merge to v6 (#6364)
• Additional commits viewable in compare view

Updates @sentry/nextjs from 10.38.0 to 10.40.0

Release notes

Sourced from @​sentry/nextjs's releases.

10.40.0

Important Changes

• feat(tanstackstart-react): Add global sentry exception middlewares (#19330)

  The sentryGlobalRequestMiddleware and sentryGlobalFunctionMiddleware global middlewares capture unhandled exceptions thrown in TanStack Start API routes and server functions. Add them as the first entries in the requestMiddleware and functionMiddleware arrays of createStart():

  import { createStart } from '@tanstack/react-start/server';
  import { sentryGlobalRequestMiddleware, sentryGlobalFunctionMiddleware } from '@sentry/tanstackstart-react';
  export default createStart({
  requestMiddleware: [sentryGlobalRequestMiddleware, myRequestMiddleware],
  functionMiddleware: [sentryGlobalFunctionMiddleware, myFunctionMiddleware],
  });

• feat(tanstackstart-react)!: Export Vite plugin from @sentry/tanstackstart-react/vite subpath (#19182)

  The sentryTanstackStart Vite plugin is now exported from a dedicated subpath. Update your import:

  - import { sentryTanstackStart } from '@sentry/tanstackstart-react';
  + import { sentryTanstackStart } from '@sentry/tanstackstart-react/vite';

• fix(node-core): Reduce bundle size by removing apm-js-collab and requiring pino >= 9.10 (#18631)

  In order to keep receiving pino logs, you need to update your pino version to >= 9.10, the reason for the support bump is to reduce the bundle size of the node-core SDK in frameworks that cannot tree-shake the apm-js-collab dependency.

• fix(browser): Ensure user id is consistently added to sessions (#19341)

  Previously, the SDK inconsistently set the user id on sessions, meaning sessions were often lacking proper coupling to the user set for example via Sentry.setUser(). Additionally, the SDK incorrectly skipped starting a new session for the first soft navigation after the pageload. This patch fixes these issues. As a result, metrics around sessions, like "Crash Free Sessions" or "Crash Free Users" might change. This could also trigger alerts, depending on your set thresholds and conditions. We apologize for any inconvenience caused!

  While we're at it, if you're using Sentry in a Single Page App or meta framework, you might want to give the new 'page' session lifecycle a try! This new mode no longer creates a session per soft navigation but continues the initial session until the next hard page refresh. Check out the docs to learn more!

• ref!(gatsby): Drop Gatsby v2 support (#19467)

  We drop support for Gatsby v2 (which still relies on webpack 4) for a critical security update in https://github.com/getsentry/sentry-javascript-bundler-plugins/releases/tag/5.0.0

Other Changes

• feat(astro): Add support for Astro on CF Workers (#19265)
• feat(cloudflare): Instrument async KV API (#19404)

... (truncated)

Changelog

Sourced from @​sentry/nextjs's changelog.

10.40.0

Important Changes

• feat(tanstackstart-react): Add global sentry exception middlewares (#19330)

  The sentryGlobalRequestMiddleware and sentryGlobalFunctionMiddleware global middlewares capture unhandled exceptions thrown in TanStack Start API routes and server functions. Add them as the first entries in the requestMiddleware and functionMiddleware arrays of createStart():

  import { createStart } from '@tanstack/react-start/server';
  import { sentryGlobalRequestMiddleware, sentryGlobalFunctionMiddleware } from '@sentry/tanstackstart-react/server';
  export default createStart({
  requestMiddleware: [sentryGlobalRequestMiddleware, myRequestMiddleware],
  functionMiddleware: [sentryGlobalFunctionMiddleware, myFunctionMiddleware],
  });

• feat(tanstackstart-react)!: Export Vite plugin from @sentry/tanstackstart-react/vite subpath (#19182)

  The sentryTanstackStart Vite plugin is now exported from a dedicated subpath. Update your import:

  - import { sentryTanstackStart } from '@sentry/tanstackstart-react';
  + import { sentryTanstackStart } from '@sentry/tanstackstart-react/vite';

• fix(node-core): Reduce bundle size by removing apm-js-collab and requiring pino >= 9.10 (#18631)

  In order to keep receiving pino logs, you need to update your pino version to >= 9.10, the reason for the support bump is to reduce the bundle size of the node-core SDK in frameworks that cannot tree-shake the apm-js-collab dependency.

• fix(browser): Ensure user id is consistently added to sessions (#19341)

  Previously, the SDK inconsistently set the user id on sessions, meaning sessions were often lacking proper coupling to the user set for example via Sentry.setUser(). Additionally, the SDK incorrectly skipped starting a new session for the first soft navigation after the pageload. This patch fixes these issues. As a result, metrics around sessions, like "Crash Free Sessions" or "Crash Free Users" might change. This could also trigger alerts, depending on your set thresholds and conditions. We apologize for any inconvenience caused!

  While we're at it, if you're using Sentry in a Single Page App or meta framework, you might want to give the new 'page' session lifecycle a try! This new mode no longer creates a session per soft navigation but continues the initial session until the next hard page refresh. Check out the docs to learn more!

• ref!(gatsby): Drop Gatsby v2 support (#19467)

  We drop support for Gatsby v2 (which still relies on webpack 4) for a critical security update in https://github.com/getsentry/sentry-javascript-bundler-plugins/releases/tag/5.0.0

Other Changes

• feat(astro): Add support for Astro on CF Workers (#19265)

... (truncated)

Commits

• 663fd5e Increase bundler-tests timeout to 30s
• 8033ea3 release: 10.40.0
• eb3c4d2 Merge pull request #19488 from getsentry/prepare-release/10.40.0
• 9a10630 meta(changelog): Update changelog for 10.40.0
• 39d1ef7 fix(deps): Bump to latest version of each minimatch major (#19486)
• e8ed6d2 test(nextjs): Deactivate canary test for cf-workers (#19483)
• 6eb320e chore(deps): Bump Sentry CLI to latest v2 (#19477)
• 8fc81d2 fix: Bump bundler plugins to v5 (#19468)
• 365f7fa chore(ci): Adapt max turns of triage issue agent (#19473)
• 11e5412 feat(tanstackstart-react)!: Export Vite plugin from @​sentry/tanstackstart-rea...
• Additional commits viewable in compare view

Updates @vercel/functions from 3.4.1 to 3.4.3

Release notes

Sourced from @​vercel/functions's releases.

@​vercel/functions@​3.4.3

Patch Changes

• [functions] Revert "[functions] URL encode cache tags" (#15213)

Changelog

Sourced from @​vercel/functions's changelog.

3.4.3

Patch Changes

• [functions] Revert "[functions] URL encode cache tags" (#15213)

3.4.2

Patch Changes

• Updated dependencies [3760ea1e97fdc45dae36c64138023e1b1a075467]:
  • @​vercel/oidc@​3.2.0

Commits

• 522f8cc Version Packages (#15225)
• feafcb7 Revert "[functions] URL encode cache tags" (#15213)
• 36179b3 Version Packages (#14978)
• 3760ea1 feat(oidc): add optional argument getVercelOidcToken({ team, project }) (#1...
• See full diff in compare view

Updates @vercel/otel from 2.1.0 to 2.1.1

Release notes

Sourced from @​vercel/otel's releases.

@​vercel/otel@​2.1.1

Patch Changes

• #190 41d4511 Thanks @​mischnic! - fix: don't inline system env vars

Commits

• e8a4031 Version Packages (#191)
• 41d4511 fix: don't inline system env vars (#190)
• See full diff in compare view

Updates motion from 12.33.0 to 12.34.3

Changelog

Sourced from motion's changelog.

[12.34.3] 2026-02-20

Fixed

• Ensure velocity is never transferred to a time-derived spring.

[12.34.2] 2026-02-18

Fixed

• Layout animations: Reset motion value velocity when starting a new layout animation.

[12.34.1] 2026-02-17

Fixed

• useScroll: Ensure animations aren't hardware accelerated when target is set.
• Improve animatable "none" generation for mask values.

[12.34.0] 2026-02-09

Added

• useScroll: Hardware accelerated animations.

[12.33.2] 2026-02-06

Fixed

• Improve detection of detached elements with vanilla layout animations.

[12.33.1] 2026-02-06

Fixed

• AnimatePresence: Ensure exiting nodes are correctly removed when rapidly switching children.

Commits

• 071f659 v12.34.3
• ab73833 Updating changelog
• bd6eac3 Merge pull request #3564 from motiondivision/fix/time-defined-spring-velocity
• bebd7f5 Ignore velocity for time-defined springs to prevent wild oscillation
• 6828340 v12.34.2
• 679a0ad Reset layout animation motion value velocity on restart
• 1d566fc Merge pull request #3546 from veeceey/fix/typescript-ban-types-issue
• 57263d8 v12.34.1
• 9447ee2 Updating changelog
• 79a4097 Merge pull request #3555 from motiondivision/scroll-acc
• Additional commits viewable in compare view

Updates resend from 6.9.1 to 6.9.3

Release notes

Sourced from resend's releases.

v6.9.3

What's Changed

• chore(deps): update tj-actions/changed-files digest to 875e6e5 by @​renovate[bot] in resend/resend-node#841
• chore(deps): update pnpm to v10.29.2 by @​renovate[bot] in resend/resend-node#840
• fix(deps): update dependency esbuild to v0.27.3 by @​renovate[bot] in resend/resend-node#836
• chore(deps): update dependency dotenv to v17.2.4 by @​renovate[bot] in resend/resend-node#835
• chore(deps): update dependency tsdown to v0.20.3 by @​renovate[bot] in resend/resend-node#831
• chore(deps): update dependency @​types/react to v19.2.13 by @​renovate[bot] in resend/resend-node#830
• chore(deps): update dependency @​biomejs/biome to v2.3.14 by @​renovate[bot] in resend/resend-node#829
• chore(deps): update dependency @​types/node to v24.10.13 by @​renovate[bot] in resend/resend-node#827
• chore(deps): update dependency pkg-pr-new to v0.0.63 by @​renovate[bot] in resend/resend-node#825
• fix: export email list response type by @​Shubhdeep12 in resend/resend-node#833
• feat: add batch specific email options type to reflect API limitations by @​titouv in resend/resend-node#801
• refactor(types): align attachment types with monorepo public-api by @​lucasfcosta in resend/resend-node#855
• chore(deps): update dependency pkg-pr-new to v0.0.65 by @​renovate[bot] in resend/resend-node#857
• fix(ci): preview release workflow by @​gabrielmfern in resend/resend-node#858
• chore: bump by @​gabrielmfern in resend/resend-node#859

New Contributors

• @​Shubhdeep12 made their first contribution in resend/resend-node#833
• @​titouv made their first contribution in resend/resend-node#801

Full Changelog: resend/resend-node@v6.9.2...v6.9.3

v6.9.2

What's Changed

• feat: improve type errors for audience -> segments transition by @​gabrielmfern in resend/resend-node#815
• chore(deps): update tj-actions/changed-files digest to caee9d9 by @​renovate[bot] in resend/resend-node#818
• fix(deps): update dependency next to v16.1.6 by @​renovate[bot] in resend/resend-node#819
• fix: inbound attachment types mismatch API values by @​gabrielmfern in resend/resend-node#828
• fix: support for Cloudflare Workers, and other non-Node environments by @​gabrielmfern in resend/resend-node#820
• chore: bump to 6.9.2 by @​gabrielmfern in resend/resend-node#843
• fix(topics): broken types referencing defaultSubscription by @​gabrielmfern in resend/resend-node#844

Full Changelog: resend/resend-node@v6.9.1...v6.9.2

Commits

• 184204d chore: bump (#859)
• 1351fd9 fix(ci): preview release workflow (#858)
• cc39964 chore(deps): update dependency pkg-pr-new to v0.0.65 (#857)
• af22de3 refactor(types): align attachment types with monorepo public-api (#855)
• 2856a15 feat: add batch specific email options type to reflect API limitations (#801)
• a7d4cf7 fix: export email list response type (#833)
• 3f85435 chore(deps): update dependency pkg-pr-new to v0.0.63 (#825)
• 514a0a0 chore(deps): update dependency @​types/node to v24.10.13 (#827)
• 2ed1fc9 chore(deps): update dependency @​biomejs/biome to v2.3.14 (#829)
• aa30291 chore(deps): update dependency @​types/react to v19.2.13 (#830)
• Additional commits viewable in compare view

Updates tailwind-merge from 3.4.0 to 3.5.0

Release notes

Sourced from tailwind-merge's releases.

v3.5.0

New Features

• Add support for Tailwind CSS v4.2 by @​dcastil in dcastil/tailwind-merge#651

Full Changelog: dcastil/tailwind-merge@v3.4.1...v3.5.0

Thanks to @​brandonmcconnell, @​manavm1990, @​langy, @​roboflow, @​syntaxfm, @​getsentry, @​codecov, a private sponsor, @​block, @​openclaw, @​sourcegraph and more via @​thnxdev for sponsoring tailwind-merge! ❤️

v3.4.1

Bug Fixes

• Prevent arbitrary font-family and font-weight from merging by @​roneymoon in dcastil/tailwind-merge#635

Full Changelog: dcastil/tailwind-merge@v3.4.0...v3.4.1

Thanks to @​brandonmcconnell, @​manavm1990, @​langy, @​roboflow, @​syntaxfm, @​getsentry, @​codecov, a private sponsor, @​block, @​openclaw, @​sourcegraph and more via @​thnxdev for sponsoring tailwind-merge! ❤️

Commits

• 270ac79 v3.5.0
• 86f772e add changelog for 3.5.0
• 6c1f77c Merge pull request #651 from dcastil/feature/add-support-for-tailwind-css-v4.2
• 7a4cacf Add support for decimal fraction values
• 9ef0f79 fix incorrectly escaped characters
• f4938b0 update README with v4.2 support
• b02a572 Add Tailwind v4.2 font-features utilities support
• 5bd25ec Add Tailwind v4.2 logical sizing utilities
• 697c920 Add Tailwind v4.2 logical border block utilities
• 6656a47 Improve JSDoc comments for logical insets
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
unicon	Ready	Preview, Comment	Mar 2, 2026 1:25pm