fix(deps): bump nuxt to 3.21.2 and @nuxt/nitro-server to ^3.21.2 to fix h3 CVE

[chargome]

Fixes Dependabot alerts #1221 and #1222. Bumps nuxt from 3.17.7 to 3.21.2 and @nuxt/nitro-server from ^3.21.1 to ^3.21.2 to pull in h3 >=1.15.6, fixing SSE injection (CVE-2026-33128) and path traversal vulnerabilities.

[github-actions]

Semver Impact of This PR

🟢 Patch (bug fixes)

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).

---

New Features ✨

Deps

• Bump mongodb-memory-server-global from 10.1.4 to 11.0.1 by dependabot in #19888
• Bump stacktrace-parser from 0.1.10 to 0.1.11 by dependabot in #19887

Bug Fixes 🐛

Core

• Do not overwrite user provided conversation id in Vercel by nicohrubec in #19903
• Return same value from startSpan as callback returns by s1gr1d in #19300

Deps

• Bump nuxt to 3.21.2 and @nuxt/nitro-server to ^3.21.2 to fix h3 CVE by chargome in #19910

• Bump next to 15.5.14 in nextjs-15 and nextjs-15-intl E2E test apps by chargome in #19917
• Bump socket.io-parser to 4.2.6 to fix CVE-2026-33151 by chargome in #19880

Other

• (cloudflare) Forward ctx argument to Workflow.do user callback by Lms24 in #19891
• (craft) Add missing mainDocsUrl for @sentry/effect SDK by bc-sentry in #19860
• (nestjs) Add node to nest metadata by chargome in #19875
• (serverless) Add node to metadata by nicohrubec in #19878

Internal Changes 🔧

Deps Dev

• Bump qunit-dom from 3.2.1 to 3.5.0 by dependabot in #19546
• Bump @react-router/node from 7.13.0 to 7.13.1 by dependabot in #19544

Other

• (astro) Re-enable server island tracing e2e test in Astro 6 by Lms24 in #19872
• (ci) Fix "Gatbsy" typo in issue package label workflow by chargome in #19905
• (lint) Resolve oxlint warnings by isaacs in #19893
• (node-integration-tests) Remove unnecessary file-type dependency by Lms24 in #19824
• (remix) Replace glob with native recursive fs walk by roli-lpci in #19531
• (sveltekit) Replace recast + @babel/parser with acorn by roli-lpci in #19533
• Add external contributor to CHANGELOG.md by javascript-sdk-gitflow in #19925
• Add external contributor to CHANGELOG.md by javascript-sdk-gitflow in #19909

---

_{🤖 This preview updates automatically when you update the PR.}

[github-actions]

size-limit report 📦

⚠️ Warning: Base artifact is not the latest one, because the latest workflow run is not done yet. This may lead to incorrect results. Try to re-run all tests to get up to date results.

Path	Size	% Change	Change
@sentry/browser	25.69 kB	+0.2%	+49 B 🔺
@sentry/browser - with treeshaking flags	24.17 kB	+0.14%	+33 B 🔺
@sentry/browser (incl. Tracing)	42.67 kB	+0.13%	+54 B 🔺
@sentry/browser (incl. Tracing, Profiling)	47.33 kB	+0.12%	+55 B 🔺
@sentry/browser (incl. Tracing, Replay)	81.48 kB	+0.08%	+57 B 🔺
@sentry/browser (incl. Tracing, Replay) - with treeshaking flags	71.06 kB	+0.1%	+69 B 🔺
@sentry/browser (incl. Tracing, Replay with Canvas)	86.17 kB	+0.06%	+50 B 🔺
@sentry/browser (incl. Tracing, Replay, Feedback)	98.41 kB	+0.04%	+36 B 🔺
@sentry/browser (incl. Feedback)	42.48 kB	+0.08%	+30 B 🔺
@sentry/browser (incl. sendFeedback)	30.35 kB	+0.15%	+43 B 🔺
@sentry/browser (incl. FeedbackAsync)	35.4 kB	+0.12%	+39 B 🔺
@sentry/browser (incl. Metrics)	26.96 kB	+0.15%	+38 B 🔺
@sentry/browser (incl. Logs)	27.1 kB	+0.12%	+32 B 🔺
@sentry/browser (incl. Metrics & Logs)	27.78 kB	+0.15%	+39 B 🔺
@sentry/react	27.45 kB	+0.22%	+58 B 🔺
@sentry/react (incl. Tracing)	45.01 kB	+0.14%	+60 B 🔺
@sentry/vue	30.13 kB	+0.16%	+46 B 🔺
@sentry/vue (incl. Tracing)	44.52 kB	+0.09%	+39 B 🔺
@sentry/svelte	25.7 kB	+0.16%	+40 B 🔺
CDN Bundle	28.35 kB	+0.27%	+75 B 🔺
CDN Bundle (incl. Tracing)	43.57 kB	+0.15%	+62 B 🔺
CDN Bundle (incl. Logs, Metrics)	29.22 kB	+0.27%	+77 B 🔺
CDN Bundle (incl. Tracing, Logs, Metrics)	44.43 kB	+0.17%	+75 B 🔺
CDN Bundle (incl. Replay, Logs, Metrics)	68.29 kB	+0.13%	+85 B 🔺
CDN Bundle (incl. Tracing, Replay)	80.41 kB	+0.1%	+73 B 🔺
CDN Bundle (incl. Tracing, Replay, Logs, Metrics)	81.31 kB	+0.1%	+76 B 🔺
CDN Bundle (incl. Tracing, Replay, Feedback)	85.97 kB	+0.12%	+103 B 🔺
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics)	86.86 kB	+0.1%	+86 B 🔺
CDN Bundle - uncompressed	82.7 kB	+0.1%	+77 B 🔺
CDN Bundle (incl. Tracing) - uncompressed	128.62 kB	+0.05%	+64 B 🔺
CDN Bundle (incl. Logs, Metrics) - uncompressed	85.57 kB	+0.1%	+77 B 🔺
CDN Bundle (incl. Tracing, Logs, Metrics) - uncompressed	131.49 kB	+0.05%	+64 B 🔺
CDN Bundle (incl. Replay, Logs, Metrics) - uncompressed	209.22 kB	+0.05%	+102 B 🔺
CDN Bundle (incl. Tracing, Replay) - uncompressed	245.5 kB	+0.04%	+89 B 🔺
CDN Bundle (incl. Tracing, Replay, Logs, Metrics) - uncompressed	248.35 kB	+0.04%	+89 B 🔺
CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed	258.41 kB	+0.04%	+89 B 🔺
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics) - uncompressed	261.26 kB	+0.04%	+89 B 🔺
@sentry/nextjs (client)	47.4 kB	+0.08%	+37 B 🔺
@sentry/sveltekit (client)	43.12 kB	+0.12%	+51 B 🔺
@sentry/node-core	56.42 kB	+0.13%	+73 B 🔺
@sentry/node	173.38 kB	+0.13%	+220 B 🔺
@sentry/node - without tracing	96.43 kB	+0.1%	+87 B 🔺
@sentry/aws-serverless	113.44 kB	+0.09%	+100 B 🔺

View base workflow run

[github-actions]

node-overhead report 🧳

Note: This is a synthetic benchmark with a minimal express app and does not necessarily reflect the real-world performance impact in an application.

Scenario	Requests/s	% of Baseline	Prev. Requests/s	Change %
GET Baseline	8,923	-	9,535	-6%
GET With Sentry	1,589	18%	1,702	-7%
GET With Sentry (error only)	5,855	66%	6,206	-6%
POST Baseline	1,186	-	1,178	+1%
POST With Sentry	579	49%	560	+3%
POST With Sentry (error only)	1,029	87%	1,042	-1%
MYSQL Baseline	3,156	-	3,199	-1%
MYSQL With Sentry	415	13%	445	-7%
MYSQL With Sentry (error only)	2,584	82%	2,625	-2%

View base workflow run