Welcome to Sentry's Angular 21 E2E test app
+-
+
- Visit User 123 +
- Redirect +
- Cancel +
- Error +
- Component Tracking +
Release notes
Sourced from actions/setup-node's releases.
v6.0.0
What's Changed
Breaking Changes
- Limit automatic caching to npm, update workflows and documentation by
@priyagupta108in actions/setup-node#1374Dependency Upgrades
- Upgrade ts-jest from 29.1.2 to 29.4.1 and document breaking changes in v5 by
@dependabot[bot] in #1336- Upgrade prettier from 2.8.8 to 3.6.2 by
@dependabot[bot] in #1334- Upgrade actions/publish-action from 0.3.0 to 0.4.0 by
@dependabot[bot] in #1362Full Changelog: https://github.com/actions/setup-node/compare/v5...v6.0.0
v5.0.0
What's Changed
Breaking Changes
- Enhance caching in setup-node with automatic package manager detection by
@priya-kinthaliin actions/setup-node#1348This update, introduces automatic caching when a valid
packageManagerfield is present in yourpackage.json. This aims to improve workflow performance and make dependency management more seamless. To disable this automatic caching, setpackage-manager-cache: falsesteps: - uses: actions/checkout@v5 - uses: actions/setup-node@v5 with: package-manager-cache: false
- Upgrade action to use node24 by
@salmanmkcin actions/setup-node#1325Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes
Dependency Upgrades
- Upgrade
@octokit/request-errorand@actions/githubby@dependabot[bot] in actions/setup-node#1227- Upgrade uuid from 9.0.1 to 11.1.0 by
@dependabot[bot] in actions/setup-node#1273- Upgrade undici from 5.28.5 to 5.29.0 by
@dependabot[bot] in actions/setup-node#1295- Upgrade form-data to bring in fix for critical vulnerability by
@gowridurgadin actions/setup-node#1332- Upgrade actions/checkout from 4 to 5 by
@dependabot[bot] in actions/setup-node#1345New Contributors
@priya-kinthalimade their first contribution in actions/setup-node#1348@salmanmkcmade their first contribution in actions/setup-node#1325Full Changelog: https://github.com/actions/setup-node/compare/v4...v5.0.0
v4.4.0
... (truncated)
Commits
2028fbcLimit automatic caching to npm, update workflows and documentation (#1374)1342781Bump actions/publish-action from 0.3.0 to 0.4.0 (#1362)89d709dBump prettier from 2.8.8 to 3.6.2 (#1334)cd2651cBump ts-jest from 29.1.2 to 29.4.1 (#1336)a0853c2Bump actions/checkout from 4 to 5 (#1345)b7234ccUpgrade action to use node24 (#1325)d7a1131Enhance caching in setup-node with automatic package manager detection (#1348)5e2628cBumps form-data (#1332)65becefBump undici from 5.28.5 to 5.29.0 (#1295)7e24a65Bump uuid from 9.0.1 to 11.1.0 (#1273)- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from github/codeql-action's releases.
v3.31.2
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
3.31.2 - 30 Oct 2025
No user facing changes.
See the full CHANGELOG.md for more information.
v3.31.1
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
3.31.1 - 30 Oct 2025
- The
add-snippetsinput has been removed from theanalyzeaction. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.See the full CHANGELOG.md for more information.
v3.31.0
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
3.31.0 - 24 Oct 2025
- Bump minimum CodeQL bundle version to 2.17.6. #3223
- When SARIF files are uploaded by the
analyzeorupload-sarifactions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for theupload-sarifaction. Foranalyze, this may affect Advanced Setup for CodeQL users who specify a value other thanalwaysfor theuploadinput. #3222See the full CHANGELOG.md for more information.
v3.30.9
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
3.30.9 - 17 Oct 2025
- Update default CodeQL bundle version to 2.23.3. #3205
- Experimental: A new
setup-codeqlaction has been added which is similar toinit, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. #3204See the full CHANGELOG.md for more information.
v3.30.8
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
... (truncated)
Changelog
Sourced from github/codeql-action's changelog.
4.31.2 - 30 Oct 2025
No user facing changes.
4.31.1 - 30 Oct 2025
- The
add-snippetsinput has been removed from theanalyzeaction. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.4.31.0 - 24 Oct 2025
- Bump minimum CodeQL bundle version to 2.17.6. #3223
- When SARIF files are uploaded by the
analyzeorupload-sarifactions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for theupload-sarifaction. Foranalyze, this may affect Advanced Setup for CodeQL users who specify a value other thanalwaysfor theuploadinput. #32224.30.9 - 17 Oct 2025
- Update default CodeQL bundle version to 2.23.3. #3205
- Experimental: A new
setup-codeqlaction has been added which is similar toinit, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. #32044.30.8 - 10 Oct 2025
No user facing changes.
4.30.7 - 06 Oct 2025
- [v4+ only] The CodeQL Action now runs on Node.js v24. #3169
3.30.6 - 02 Oct 2025
- Update default CodeQL bundle version to 2.23.2. #3168
3.30.5 - 26 Sep 2025
- We fixed a bug that was introduced in
3.30.4withupload-sarifwhich resulted in files without a.sarifextension not getting uploaded. #31603.30.4 - 25 Sep 2025
- We have improved the CodeQL Action's ability to validate that the workflow it is used in does not use different versions of the CodeQL Action for different workflow steps. Mixing different versions of the CodeQL Action in the same workflow is unsupported and can lead to unpredictable results. A warning will now be emitted from the
codeql-action/initstep if different versions of the CodeQL Action are detected in the workflow file. Additionally, an error will now be thrown by the other CodeQL Action steps if they load a configuration file that was generated by a different version of thecodeql-action/initstep. #3099 and #3100- We added support for reducing the size of dependency caches for Java analyses, which will reduce cache usage and speed up workflows. This will be enabled automatically at a later time. #3107
- You can now run the latest CodeQL nightly bundle by passing
tools: nightlyto theinitaction. In general, the nightly bundle is unstable and we only recommend running it when directed by GitHub staff. #3130- Update default CodeQL bundle version to 2.23.1. #3118
3.30.3 - 10 Sep 2025
No user facing changes.
3.30.2 - 09 Sep 2025
- Fixed a bug which could cause language autodetection to fail. #3084
- Experimental: The
quality-queriesinput that was added in3.29.2as part of an internal experiment is now deprecated and will be removed in an upcoming version of the CodeQL Action. It has been superseded by a newanalysis-kindsinput, which is part of the same internal experiment. Do not use this in production as it is subject to change at any time. #3064
... (truncated)
Commits
74c8748Update analyze/action.yml34c50c1Merge pull request #3251 from github/mbg/user-error/enablement4ae68afWarn if theadd-snippetsinput is used52a7bd7Check for 403 status194ba0eMake error message tests less brittle53acf0bTurn enablement errors into configuration errorsac9aeeeMerge pull request #3249 from github/henrymercer/api-loggingd49e837Merge branch 'main' into henrymercer/api-logging3d988b2Pass minimal copy ofcore8cc18acMerge pull request #3250 from github/henrymercer/prefer-fs-delete- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from actions/create-github-app-token's releases.
v2.1.4
2.1.4 (2025-09-13)
Bug Fixes
v2.1.3
2.1.3 (2025-09-13)
Bug Fixes
v2.1.2
2.1.2 (2025-09-12)
Bug Fixes
Commits
6701853build(release): 2.1.4 [skip ci]bef1eaffix(deps): bump@octokit/auth-appfrom 7.2.1 to 8.0.1 (#257)1526738build(release): 2.1.3 [skip ci]f3d5ec2fix(deps): bump undici from 7.8.0 to 7.10.0 in the production-dependencies gr...def152bbuild(release): 2.1.2 [skip ci]5d7307bfix(deps): bump@octokit/requestfrom 9.2.3 to 10.0.2 (#256)525760abuild(deps): bump stefanzweifel/git-auto-commit-action from 5.2.0 to 6.0.1 (#...8ab05a8Add beta branch support for releases (#282)d00315ebuild(deps): bump actions/checkout from 4 to 5 (#279)fcc6c28build(deps-dev): bump dotenv from 16.5.0 to 17.2.1 (#269)- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from astro's releases.
astro@5.15.9
Patch Changes
#14786
758a891Thanks@mef! - Add handling of invalid encrypted props and slots in server islands.#14783
504958fThanks@florian-lefebvre! - Improves the experimental Fonts API build log to show the number of downloaded files. This can help spotting excessive downloading because of misconfiguration#14791
9e9c528Thanks@Princesseuh! - Changes the remote protocol checks for images to require explicit authorization in order to use data URIs.In order to allow data URIs for remote images, you will need to update your
astro.config.mjsfile to include the following configuration:// astro.config.mjs import { defineConfig } from 'astro/config';export default defineConfig({ images: { remotePatterns: [ { protocol: 'data', }, ], }, });
#14787
0f75f6bThanks@matthewp! - Fixes wildcard hostname pattern matching to correctly reject hostnames without dotsPreviously, hostnames like
localhostor other single-part names would incorrectly match patterns like*.example.com. The wildcard matching logic has been corrected to ensure that only valid subdomains matching the pattern are accepted.#14776
3537876Thanks@ktym4a! - Fixes the behavior ofpassthroughImageServiceso it does not generate webp.astro@5.15.8
Patch Changes
#14772
00c579aThanks@matthewp! - Improves the security of Server Islands slots by encrypting them before transmission to the browser, matching the security model used for props. This improves the integrity of slot content and prevents injection attacks, even when component templates don't explicitly support slots.Slots continue to work as expected for normal usage—this change has no breaking changes for legitimate requests.
#14771
6f80081Thanks@matthewp! - Fix middleware pathname matching by normalizing URL-encoded pathsMiddleware now receives normalized pathname values, ensuring that encoded paths like
/%61dminare properly decoded to/adminbefore middleware checks. This prevents potential security issues where middleware checks might be bypassed through URL encoding.astro@5.15.7
Patch Changes
... (truncated)
Changelog
Sourced from astro's changelog.
5.15.9
Patch Changes
#14786
758a891Thanks@mef! - Add handling of invalid encrypted props and slots in server islands.#14783
504958fThanks@florian-lefebvre! - Improves the experimental Fonts API build log to show the number of downloaded files. This can help spotting excessive downloading because of misconfiguration#14791
9e9c528Thanks@Princesseuh! - Changes the remote protocol checks for images to require explicit authorization in order to use data URIs.In order to allow data URIs for remote images, you will need to update your
astro.config.mjsfile to include the following configuration:// astro.config.mjs import { defineConfig } from 'astro/config';export default defineConfig({ images: { remotePatterns: [ { protocol: 'data', }, ], }, });
#14787
0f75f6bThanks@matthewp! - Fixes wildcard hostname pattern matching to correctly reject hostnames without dotsPreviously, hostnames like
localhostor other single-part names would incorrectly match patterns like*.example.com. The wildcard matching logic has been corrected to ensure that only valid subdomains matching the pattern are accepted.#14776
3537876Thanks@ktym4a! - Fixes the behavior ofpassthroughImageServiceso it does not generate webp.5.15.8
Patch Changes
#14772
00c579aThanks@matthewp! - Improves the security of Server Islands slots by encrypting them before transmission to the browser, matching the security model used for props. This improves the integrity of slot content and prevents injection attacks, even when component templates don't explicitly support slots.Slots continue to work as expected for normal usage—this change has no breaking changes for legitimate requests.
#14771
6f80081Thanks@matthewp! - Fix middleware pathname matching by normalizing URL-encoded pathsMiddleware now receives normalized pathname values, ensuring that encoded paths like
/%61dminare properly decoded to/adminbefore middleware checks. This prevents potential security issues where middleware checks might be bypassed through URL encoding.5.15.7
... (truncated)
Commits
7a07f02[ci] release (#14788)8cf3f05[ci] format758a891fix(astro): handle invalid encrypted props in server island (#14786)3537876fix:passthroughImageServicegenerate webp (#14776)048e4dc[ci] format9e9c528fix: require explicit authorization to use data urls (#14791)0f75f6bFix wildcard hostname matching to reject hostnames without dots (#14787)504958ffeat(fonts): log number of downloaded files (#14783)24e28d2fix(deps): update astro dependencies (#14779)60af4d0[ci] release (#14773)- Additional commits viewable in compare view
Maintainer changes
This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for astro since your current version.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from hono's releases.
v4.10.3
Securiy Fix
A security issue in the CORS middleware has been fixed. In some cases, a request header could affect the Vary response header. Please update to the latest version if you are using the CORS middleware.
What's Changed
- fix(aws-lambda): serve microsoft office files as binary in lambda handler by
@matthiasfeistin honojs/hono#4469- fix(request-id): validation accepts
=by@ryuappin honojs/hono#4478- refactor(jwt): reduce the size of the code generated by minification by
@usualomain honojs/hono#4480New Contributors
@matthiasfeistmade their first contribution in honojs/hono#4469Full Changelog: https://github.com/honojs/hono/compare/v4.10.2...v4.10.3
v4.10.2
Security hardening improvement
If you are using JWT middleware, please read the following and consider applying the configuration.
Improper Authorization in Hono (JWT Audience Validation)
Hono’s JWT authentication middleware did not validate the aud (Audience) claim by default. As a result, applications using the middleware without an explicit audience check could accept tokens intended for other audiences, leading to potential cross-service access (token mix-up).
The issue is addressed by adding a new
verification.audconfiguration option to allow RFC 7519–compliant audience validation. This change is classified as a security hardening improvement, but the lack of validation can still be considered a vulnerability in deployments that rely on default JWT verification.Recommended secure configuration
You can enable RFC 7519–compliant audience validation using the new
verification.audoption:import { Hono } from 'hono' import { jwt } from 'hono/jwt'const app = new Hono()
app.use(
'/api/*',
jwt({
secret: 'my-secret',
verification: {
// Require this API to only accept tokens with aud = 'service-a'
aud: 'service-a',
},
})
)
What's Changed
- tests: Fix test case of handlers without a path by
@IAmSSHin honojs/hono#4472
... (truncated)
Commits
fcefd504.10.395ae4d3refactor(jwt): reduce the size of the code generated by minification (#4480)d9b8b4bMerge commit from fork5216117fix(request-id): validation accepts=(#4478)253ec28fix(aws-lambda): serve microsoft office files as binary in lambda handler (#4...0c6455d4.10.245ba3bfMerge commit from fork4cbad8btests: Fix test case of handlers without a path (#4472)db764c24.10.18774bf9fix(types): cannot.usenon-return mw fromcreateMiddleware(#4465)- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from @sentry/cli's
releases.
2.58.2
Improvements
- Added validation for the
sentry-cli build uploadcommand's--head-shaand--base-shaarguments (#2945). The CLI now validates that these are valid SHA1 sums. Passing an empty string is also allowed; this prevents the default values from being used, causing the values to instead be unset.Fixes
- Fixed a bug where providing empty-string values for the
sentry-cli build uploadcommand's--vcs-provider,--head-repo-name,--head-ref,--base-ref, and--base-repo-namearguments resulted in 400 errors (#2946). Now, setting these to empty strings instead explicitly clears the default value we would set otherwise, as expected.2.58.1
Deprecations
- Deprecated API key authentication (#2934, #2937). Users who are still using API keys to authenticate Sentry CLI should generate and use an Auth Token instead.
Improvements
- The
sentry-cli debug-files bundle-jvmno longer makes any HTTP requests to Sentry, meaning auth tokens are no longer needed, and the command can be run offline (#2926).Fixes
- Skip setting
base_shaandbase_refwhen they equalhead_shaduring auto-inference, since comparing a commit to itself provides no meaningful baseline (#2924).- Improved error message when supplying a non-existent organization to
sentry-cli sourcemaps upload. The error now correctly indicates the organization doesn't exist, rather than incorrectly suggesting the Sentry server lacks artifact bundle support (#2931).2.58.0
New Features
- Removed experimental status from the
sentry-cli build uploadcommands (#2899, #2905). At the time of this release, build uploads are still in closed beta on the server side, so most customers cannot use this functionality quite yet.- Added CLI version metadata to build upload archives (#2890).
Deprecations
- Deprecated the
upload-proguardsubcommand's--platformflag (#2863). This flag was a no-op for some time, so we will remove it in the next major.- Deprecated the
upload-proguardsubcommand's--android-manifestflag (#2891). This flag was a no-op for some time, so we will remove it in the next major.- Deprecated the
sentry-cli sourcemaps uploadcommand's--no-dedupeflag (#2913). The flag was no longer relevant for sourcemap uploads to modern Sentry servers and was made a no-op.Fixes
- Fixed autofilled git base metadata (
--base-ref,--base-sha) when using thebuild uploadsubcommand in git repos. Previously this worked only in the context of GitHub workflows (#2897, #2898).Performance
- Slightly sped up the
sentry-cli sourcemaps uploadcommand by eliminating an HTTP request to the Sentry server, which was not required in most cases (#2913).2.57.0
New Features
- (JS API) Add
projectsfield toSentryCliUploadSourceMapsOptions(#2856)Deprecations
... (truncated)
Changelog
Sourced from @sentry/cli's
changelog.
2.58.2
Improvements
- Added validation for the
sentry-cli build uploadcommand's--head-shaand--base-shaarguments (#2945). The CLI now validates that these are valid SHA1 sums. Passing an empty string is also allowed; this prevents the default values from being used, causing the values to instead be unset.Fixes
- Fixed a bug where providing empty-string values for the
sentry-cli build uploadcommand's--vcs-provider,--head-repo-name,--head-ref,--base-ref, and--base-repo-namearguments resulted in 400 errors (#2946). Now, setting these to empty strings instead explicitly clears the default value we would set otherwise, as expected.2.58.1
Deprecations
- Deprecated API key authentication (#2934, #2937). Users who are still using API keys to authenticate Sentry CLI should generate and use an Auth Token instead.
Improvements
- The
sentry-cli debug-files bundle-jvmno longer makes any HTTP requests to Sentry, meaning auth tokens are no longer needed, and the command can be run offline (#2926).Fixes
- Skip setting
base_shaandbase_refwhen they equalhead_shaduring auto-inference, since comparing a commit to itself provides no meaningful baseline (#2924).- Improved error message when supplying a non-existent organization to
sentry-cli sourcemaps upload. The error now correctly indicates the organization doesn't exist, rather than incorrectly suggesting the Sentry server lacks artifact bundle support (#2931).2.58.0
New Features
- Removed experimental status from the
sentry-cli build uploadcommands (#2899, #2905). At the time of this release, build uploads are still in closed beta on the server side, so most customers cannot use this functionality quite yet.- Added CLI version metadata to build upload archives (#2890).
Deprecations
- Deprecated the
upload-proguardsubcommand's--platformflag (#2863). This flag was a no-op for some time, so we will remove it in the next major.- Deprecated the
upload-proguardsubcommand's--android-manifestflag (#2891). This flag was a no-op for some time, so we will remove it in the next major.- Deprecated the
sentry-cli sourcemaps uploadcommand's--no-dedupeflag (#2913). The flag was no longer relevant for sourcemap uploads to modern Sentry servers and was made a no-op.Fixes
- Fixed autofilled git base metadata (
--base-ref,--base-sha) when using thebuild uploadsubcommand in git repos. Previously this worked only in the context of GitHub workflows (#2897, #2898).Performance
- Slightly sped up the
sentry-cli sourcemaps uploadcommand by eliminating an HTTP request to the Sentry server, which was not required in most cases (#2913).Internal changes
- Migrated JavaScript wrapper to TypeScript for better type safety (#2910)
... (truncated)
Commits
b8965a3release: 2.58.2f99509ffix(build): Allow clearing string arguments tobuild upload(#2946)a2cef20ref(build): Add client-side validation for SHA fields (#2945)c550aa7ref(build): MoveVcsInfobeside otherbuild uploadAPI types (#2944)f303fd4ref(build): UseVcsInfodirectly inChunkedBuildRequest(#2943)63b187cmeta(cargo): RemoveauthorsfromCargo.toml(#2939)1ccff9dbuild(npm): 🤖 Bump optional dependencies to 2.58.14362cf6Merge branch 'release/2.58.1'b25423arelease: 2.58.17595ba9chore(js): DeprecateapiKeyfield (#2937)- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Component
`,
+})
+export class SampleComponent implements OnInit {
+ ngOnInit() {
+ console.log('SampleComponent');
+ }
+}
diff --git a/dev-packages/e2e-tests/test-applications/angular-21/src/app/user/user.component.ts b/dev-packages/e2e-tests/test-applications/angular-21/src/app/user/user.component.ts
new file mode 100644
index 000000000000..db02568d395f
--- /dev/null
+++ b/dev-packages/e2e-tests/test-applications/angular-21/src/app/user/user.component.ts
@@ -0,0 +1,25 @@
+import { AsyncPipe } from '@angular/common';
+import { Component } from '@angular/core';
+import { ActivatedRoute } from '@angular/router';
+import { Observable, map } from 'rxjs';
+
+@Component({
+ selector: 'app-user',
+ standalone: true,
+ imports: [AsyncPipe],
+ template: `
+ Hello User {{ userId$ | async }}
+ + `, +}) +export class UserComponent { + public userId$: Observable
+
+ );
+}
diff --git a/dev-packages/e2e-tests/test-applications/react-router-7-lazy-routes/src/pages/DelayedLazyRoute.tsx b/dev-packages/e2e-tests/test-applications/react-router-7-lazy-routes/src/pages/DelayedLazyRoute.tsx
new file mode 100644
index 000000000000..41e5ba5463be
--- /dev/null
+++ b/dev-packages/e2e-tests/test-applications/react-router-7-lazy-routes/src/pages/DelayedLazyRoute.tsx
@@ -0,0 +1,50 @@
+import React from 'react';
+import { Link, useParams, useLocation, useSearchParams } from 'react-router-dom';
+
+const DelayedLazyRoute = () => {
+ const { id } = useParams<{ id: string }>();
+ const location = useLocation();
+ const [searchParams] = useSearchParams();
+ const view = searchParams.get('view') || 'none';
+ const source = searchParams.get('source') || 'none';
+
+ return (
+ Deep Route Root
+You are at the deep route root
+
+
+ );
+};
+
+export default DelayedLazyRoute;
diff --git a/dev-packages/e2e-tests/test-applications/react-router-7-lazy-routes/src/pages/Index.tsx b/dev-packages/e2e-tests/test-applications/react-router-7-lazy-routes/src/pages/Index.tsx
index 3053aa57b887..21b965f571f3 100644
--- a/dev-packages/e2e-tests/test-applications/react-router-7-lazy-routes/src/pages/Index.tsx
+++ b/dev-packages/e2e-tests/test-applications/react-router-7-lazy-routes/src/pages/Index.tsx
@@ -19,6 +19,18 @@ const Index = () => {
Navigate to Long Running Lazy Route
+ Delayed Lazy Route
+ID: {id}
+{location.pathname}
+{location.search}
+{location.hash}
+View: {view}
+Source: {source}
+ + ++ + Navigate to Delayed Lazy Parameterized Route + +
+ + Navigate to Delayed Lazy with Query Param + +
+ + Navigate to Deep Nested Route (3 levels, 900ms total) + ); }; diff --git a/dev-packages/e2e-tests/test-applications/react-router-7-lazy-routes/src/pages/deep/Level1Routes.tsx b/dev-packages/e2e-tests/test-applications/react-router-7-lazy-routes/src/pages/deep/Level1Routes.tsx new file mode 100644 index 000000000000..0e0887b8850b --- /dev/null +++ b/dev-packages/e2e-tests/test-applications/react-router-7-lazy-routes/src/pages/deep/Level1Routes.tsx @@ -0,0 +1,11 @@ +// Delay: 300ms before module loads +await new Promise(resolve => setTimeout(resolve, 300)); + +export const level2Routes = [ + { + path: 'level2', + handle: { + lazyChildren: () => import('./Level2Routes').then(module => module.level3Routes), + }, + }, +]; diff --git a/dev-packages/e2e-tests/test-applications/react-router-7-lazy-routes/src/pages/deep/Level2Routes.tsx b/dev-packages/e2e-tests/test-applications/react-router-7-lazy-routes/src/pages/deep/Level2Routes.tsx new file mode 100644 index 000000000000..43671e1b7eee --- /dev/null +++ b/dev-packages/e2e-tests/test-applications/react-router-7-lazy-routes/src/pages/deep/Level2Routes.tsx @@ -0,0 +1,14 @@ +// Delay: 300ms before module loads +await new Promise(resolve => setTimeout(resolve, 300)); + +export const level3Routes = [ + { + path: 'level3/:id', + lazy: async () => { + await new Promise(resolve => setTimeout(resolve, 300)); + return { + Component: (await import('./Level3')).default, + }; + }, + }, +]; diff --git a/dev-packages/e2e-tests/test-applications/react-router-7-lazy-routes/src/pages/deep/Level3.tsx b/dev-packages/e2e-tests/test-applications/react-router-7-lazy-routes/src/pages/deep/Level3.tsx new file mode 100644 index 000000000000..e44ecc7da655 --- /dev/null +++ b/dev-packages/e2e-tests/test-applications/react-router-7-lazy-routes/src/pages/deep/Level3.tsx @@ -0,0 +1,13 @@ +import React from 'react'; +import { useParams } from 'react-router-dom'; + +export default function Level3() { + const { id } = useParams(); + return ( +
+
+ );
+}
diff --git a/dev-packages/e2e-tests/test-applications/react-router-7-lazy-routes/tests/timeout-behaviour.test.ts b/dev-packages/e2e-tests/test-applications/react-router-7-lazy-routes/tests/timeout-behaviour.test.ts
new file mode 100644
index 000000000000..281ebc88e52c
--- /dev/null
+++ b/dev-packages/e2e-tests/test-applications/react-router-7-lazy-routes/tests/timeout-behaviour.test.ts
@@ -0,0 +1,126 @@
+import { expect, test } from '@playwright/test';
+import { waitForTransaction } from '@sentry-internal/test-utils';
+
+test('lazyRouteTimeout: Routes load within timeout window', async ({ page }) => {
+ const transactionPromise = waitForTransaction('react-router-7-lazy-routes', async transactionEvent => {
+ return (
+ !!transactionEvent?.transaction &&
+ transactionEvent.contexts?.trace?.op === 'navigation' &&
+ transactionEvent.transaction.includes('deep')
+ );
+ });
+
+ // Route takes ~900ms, timeout allows 1050ms (50 + 1000)
+ // Routes will load in time → parameterized name
+ await page.goto('/?idleTimeout=50&timeout=1000');
+
+ const navigationLink = page.locator('id=navigation-to-deep');
+ await expect(navigationLink).toBeVisible();
+ await navigationLink.click();
+
+ const event = await transactionPromise;
+
+ // Should get full parameterized route
+ expect(event.transaction).toBe('/deep/level2/level3/:id');
+ expect(event.contexts?.trace?.data?.['sentry.source']).toBe('route');
+ expect(event.contexts?.trace?.data?.['sentry.idle_span_finish_reason']).toBe('idleTimeout');
+});
+
+test('lazyRouteTimeout: Infinity timeout always waits for routes', async ({ page }) => {
+ const transactionPromise = waitForTransaction('react-router-7-lazy-routes', async transactionEvent => {
+ return (
+ !!transactionEvent?.transaction &&
+ transactionEvent.contexts?.trace?.op === 'navigation' &&
+ transactionEvent.transaction.includes('deep')
+ );
+ });
+
+ // Infinity timeout → waits as long as possible (capped at finalTimeout to prevent indefinite hangs)
+ await page.goto('/?idleTimeout=50&timeout=Infinity');
+
+ const navigationLink = page.locator('id=navigation-to-deep');
+ await expect(navigationLink).toBeVisible();
+ await navigationLink.click();
+
+ const event = await transactionPromise;
+
+ // Should wait for routes to load (up to finalTimeout) and get full route
+ expect(event.transaction).toBe('/deep/level2/level3/:id');
+ expect(event.contexts?.trace?.data?.['sentry.source']).toBe('route');
+ expect(event.contexts?.trace?.data?.['sentry.idle_span_finish_reason']).toBe('idleTimeout');
+});
+
+test('idleTimeout: Captures all activity with increased timeout', async ({ page }) => {
+ const transactionPromise = waitForTransaction('react-router-7-lazy-routes', async transactionEvent => {
+ return (
+ !!transactionEvent?.transaction &&
+ transactionEvent.contexts?.trace?.op === 'navigation' &&
+ transactionEvent.transaction.includes('deep')
+ );
+ });
+
+ // High idleTimeout (5000ms) ensures transaction captures all lazy loading activity
+ await page.goto('/?idleTimeout=5000');
+
+ const navigationLink = page.locator('id=navigation-to-deep');
+ await expect(navigationLink).toBeVisible();
+ await navigationLink.click();
+
+ const event = await transactionPromise;
+
+ expect(event.transaction).toBe('/deep/level2/level3/:id');
+ expect(event.contexts?.trace?.data?.['sentry.source']).toBe('route');
+ expect(event.contexts?.trace?.data?.['sentry.idle_span_finish_reason']).toBe('idleTimeout');
+
+ // Transaction should wait for full idle timeout (5+ seconds)
+ const duration = event.timestamp! - event.start_timestamp;
+ expect(duration).toBeGreaterThan(5.0);
+ expect(duration).toBeLessThan(7.0);
+});
+
+test('idleTimeout: Finishes prematurely with low timeout', async ({ page }) => {
+ const transactionPromise = waitForTransaction('react-router-7-lazy-routes', async transactionEvent => {
+ return (
+ !!transactionEvent?.transaction &&
+ transactionEvent.contexts?.trace?.op === 'navigation' &&
+ transactionEvent.transaction.includes('deep')
+ );
+ });
+
+ // Very low idleTimeout (50ms) and lazyRouteTimeout (100ms)
+ // Transaction finishes quickly, but still gets parameterized route name
+ await page.goto('/?idleTimeout=50&timeout=100');
+
+ const navigationLink = page.locator('id=navigation-to-deep');
+ await expect(navigationLink).toBeVisible();
+ await navigationLink.click();
+
+ const event = await transactionPromise;
+
+ expect(event.contexts?.trace?.data?.['sentry.idle_span_finish_reason']).toBe('idleTimeout');
+ expect(event.transaction).toBe('/deep/level2/level3/:id');
+ expect(event.contexts?.trace?.data?.['sentry.source']).toBe('route');
+
+ // Transaction should finish quickly (< 200ms)
+ const duration = event.timestamp! - event.start_timestamp;
+ expect(duration).toBeLessThan(0.2);
+});
+
+test('idleTimeout: Pageload on deeply nested route', async ({ page }) => {
+ const pageloadPromise = waitForTransaction('react-router-7-lazy-routes', async transactionEvent => {
+ return (
+ !!transactionEvent?.transaction &&
+ transactionEvent.contexts?.trace?.op === 'pageload' &&
+ transactionEvent.transaction.includes('deep')
+ );
+ });
+
+ // Direct pageload to deeply nested route (not navigation)
+ await page.goto('/deep/level2/level3/12345');
+
+ const pageloadEvent = await pageloadPromise;
+
+ expect(pageloadEvent.transaction).toBe('/deep/level2/level3/:id');
+ expect(pageloadEvent.contexts?.trace?.data?.['sentry.source']).toBe('route');
+ expect(pageloadEvent.contexts?.trace?.data?.['sentry.idle_span_finish_reason']).toBe('idleTimeout');
+});
diff --git a/dev-packages/e2e-tests/test-applications/react-router-7-lazy-routes/tests/transactions.test.ts b/dev-packages/e2e-tests/test-applications/react-router-7-lazy-routes/tests/transactions.test.ts
index e5b9f35042ed..ce8137d7f686 100644
--- a/dev-packages/e2e-tests/test-applications/react-router-7-lazy-routes/tests/transactions.test.ts
+++ b/dev-packages/e2e-tests/test-applications/react-router-7-lazy-routes/tests/transactions.test.ts
@@ -588,3 +588,298 @@ test('Creates separate transactions for rapid consecutive navigations', async ({
expect(secondSpanId).not.toBe(thirdSpanId);
expect(firstSpanId).not.toBe(thirdSpanId);
});
+
+test('Creates pageload transaction with parameterized route for delayed lazy route', async ({ page }) => {
+ const pageloadPromise = waitForTransaction('react-router-7-lazy-routes', async transactionEvent => {
+ return (
+ !!transactionEvent?.transaction &&
+ transactionEvent.contexts?.trace?.op === 'pageload' &&
+ transactionEvent.transaction === '/delayed-lazy/:id'
+ );
+ });
+
+ await page.goto('/delayed-lazy/123');
+
+ const pageloadEvent = await pageloadPromise;
+
+ const delayedReady = page.locator('id=delayed-lazy-ready');
+ await expect(delayedReady).toBeVisible();
+ await expect(page.locator('id=delayed-lazy-id')).toHaveText('ID: 123');
+ await expect(page.locator('id=delayed-lazy-path')).toHaveText('/delayed-lazy/123');
+
+ expect(pageloadEvent.transaction).toBe('/delayed-lazy/:id');
+ expect(pageloadEvent.contexts?.trace?.op).toBe('pageload');
+ expect(pageloadEvent.contexts?.trace?.data?.['sentry.source']).toBe('route');
+});
+
+test('Creates navigation transaction with parameterized route for delayed lazy route', async ({ page }) => {
+ await page.goto('/');
+
+ const navigationPromise = waitForTransaction('react-router-7-lazy-routes', async transactionEvent => {
+ return (
+ !!transactionEvent?.transaction &&
+ transactionEvent.contexts?.trace?.op === 'navigation' &&
+ transactionEvent.transaction === '/delayed-lazy/:id'
+ );
+ });
+
+ const navigationLink = page.locator('id=navigation-to-delayed-lazy');
+ await expect(navigationLink).toBeVisible();
+ await navigationLink.click();
+
+ const navigationEvent = await navigationPromise;
+
+ const delayedReady = page.locator('id=delayed-lazy-ready');
+ await expect(delayedReady).toBeVisible();
+ await expect(page.locator('id=delayed-lazy-id')).toHaveText('ID: 123');
+ await expect(page.locator('id=delayed-lazy-path')).toHaveText('/delayed-lazy/123');
+
+ expect(navigationEvent.transaction).toBe('/delayed-lazy/:id');
+ expect(navigationEvent.contexts?.trace?.op).toBe('navigation');
+ expect(navigationEvent.contexts?.trace?.data?.['sentry.source']).toBe('route');
+});
+
+test('Creates navigation transaction when navigating with query parameters from home to route', async ({ page }) => {
+ await page.goto('/');
+
+ // Navigate from / to /delayed-lazy/123?source=homepage
+ // This should create a navigation transaction with the parameterized route name
+ const navigationPromise = waitForTransaction('react-router-7-lazy-routes', async transactionEvent => {
+ return (
+ !!transactionEvent?.transaction &&
+ transactionEvent.contexts?.trace?.op === 'navigation' &&
+ transactionEvent.transaction === '/delayed-lazy/:id'
+ );
+ });
+
+ const navigationLink = page.locator('id=navigation-to-delayed-lazy-with-query');
+ await expect(navigationLink).toBeVisible();
+ await navigationLink.click();
+
+ const navigationEvent = await navigationPromise;
+
+ const delayedReady = page.locator('id=delayed-lazy-ready');
+ await expect(delayedReady).toBeVisible();
+ await expect(page.locator('id=delayed-lazy-id')).toHaveText('ID: 123');
+ await expect(page.locator('id=delayed-lazy-path')).toHaveText('/delayed-lazy/123');
+ await expect(page.locator('id=delayed-lazy-search')).toHaveText('?source=homepage');
+ await expect(page.locator('id=delayed-lazy-source')).toHaveText('Source: homepage');
+
+ // Verify the navigation transaction has the correct parameterized route name
+ // Query parameters should NOT affect the transaction name (still /delayed-lazy/:id)
+ expect(navigationEvent.transaction).toBe('/delayed-lazy/:id');
+ expect(navigationEvent.contexts?.trace?.op).toBe('navigation');
+ expect(navigationEvent.contexts?.trace?.data?.['sentry.source']).toBe('route');
+ expect(navigationEvent.contexts?.trace?.status).toBe('ok');
+});
+
+test('Creates separate navigation transaction when changing only query parameters on same route', async ({ page }) => {
+ await page.goto('/delayed-lazy/123');
+
+ // Wait for the page to fully load
+ const delayedReady = page.locator('id=delayed-lazy-ready');
+ await expect(delayedReady).toBeVisible();
+
+ // Navigate from /delayed-lazy/123 to /delayed-lazy/123?view=detailed
+ // This is a query-only change on the same route
+ const navigationPromise = waitForTransaction('react-router-7-lazy-routes', async transactionEvent => {
+ return (
+ !!transactionEvent?.transaction &&
+ transactionEvent.contexts?.trace?.op === 'navigation' &&
+ transactionEvent.transaction === '/delayed-lazy/:id'
+ );
+ });
+
+ const queryLink = page.locator('id=link-to-query-view-detailed');
+ await expect(queryLink).toBeVisible();
+ await queryLink.click();
+
+ const navigationEvent = await navigationPromise;
+
+ // Verify query param was updated
+ await expect(page.locator('id=delayed-lazy-search')).toHaveText('?view=detailed');
+ await expect(page.locator('id=delayed-lazy-view')).toHaveText('View: detailed');
+
+ // Query-only navigation should create a navigation transaction
+ expect(navigationEvent.transaction).toBe('/delayed-lazy/:id');
+ expect(navigationEvent.contexts?.trace?.op).toBe('navigation');
+ expect(navigationEvent.contexts?.trace?.data?.['sentry.source']).toBe('route');
+ expect(navigationEvent.contexts?.trace?.status).toBe('ok');
+});
+
+test('Creates separate navigation transactions for multiple query parameter changes', async ({ page }) => {
+ await page.goto('/delayed-lazy/123');
+
+ const delayedReady = page.locator('id=delayed-lazy-ready');
+ await expect(delayedReady).toBeVisible();
+
+ // First query change: /delayed-lazy/123 -> /delayed-lazy/123?view=detailed
+ const firstNavigationPromise = waitForTransaction('react-router-7-lazy-routes', async transactionEvent => {
+ return (
+ !!transactionEvent?.transaction &&
+ transactionEvent.contexts?.trace?.op === 'navigation' &&
+ transactionEvent.transaction === '/delayed-lazy/:id'
+ );
+ });
+
+ const firstQueryLink = page.locator('id=link-to-query-view-detailed');
+ await expect(firstQueryLink).toBeVisible();
+ await firstQueryLink.click();
+
+ const firstNavigationEvent = await firstNavigationPromise;
+ const firstTraceId = firstNavigationEvent.contexts?.trace?.trace_id;
+
+ await expect(page.locator('id=delayed-lazy-view')).toHaveText('View: detailed');
+
+ // Second query change: /delayed-lazy/123?view=detailed -> /delayed-lazy/123?view=list
+ const secondNavigationPromise = waitForTransaction('react-router-7-lazy-routes', async transactionEvent => {
+ return (
+ !!transactionEvent?.transaction &&
+ transactionEvent.contexts?.trace?.op === 'navigation' &&
+ transactionEvent.transaction === '/delayed-lazy/:id' &&
+ transactionEvent.contexts?.trace?.trace_id !== firstTraceId
+ );
+ });
+
+ const secondQueryLink = page.locator('id=link-to-query-view-list');
+ await expect(secondQueryLink).toBeVisible();
+ await secondQueryLink.click();
+
+ const secondNavigationEvent = await secondNavigationPromise;
+ const secondTraceId = secondNavigationEvent.contexts?.trace?.trace_id;
+
+ await expect(page.locator('id=delayed-lazy-view')).toHaveText('View: list');
+
+ // Both navigations should have created separate transactions
+ expect(firstNavigationEvent.transaction).toBe('/delayed-lazy/:id');
+ expect(firstNavigationEvent.contexts?.trace?.op).toBe('navigation');
+ expect(secondNavigationEvent.transaction).toBe('/delayed-lazy/:id');
+ expect(secondNavigationEvent.contexts?.trace?.op).toBe('navigation');
+
+ // Trace IDs should be different (separate transactions)
+ expect(firstTraceId).toBeDefined();
+ expect(secondTraceId).toBeDefined();
+ expect(firstTraceId).not.toBe(secondTraceId);
+});
+
+test('Creates navigation transaction when changing only hash on same route', async ({ page }) => {
+ await page.goto('/delayed-lazy/123');
+
+ const delayedReady = page.locator('id=delayed-lazy-ready');
+ await expect(delayedReady).toBeVisible();
+
+ // Navigate from /delayed-lazy/123 to /delayed-lazy/123#section1
+ // This is a hash-only change on the same route
+ const navigationPromise = waitForTransaction('react-router-7-lazy-routes', async transactionEvent => {
+ return (
+ !!transactionEvent?.transaction &&
+ transactionEvent.contexts?.trace?.op === 'navigation' &&
+ transactionEvent.transaction === '/delayed-lazy/:id'
+ );
+ });
+
+ const hashLink = page.locator('id=link-to-hash-section1');
+ await expect(hashLink).toBeVisible();
+ await hashLink.click();
+
+ const navigationEvent = await navigationPromise;
+
+ // Verify hash was updated
+ await expect(page.locator('id=delayed-lazy-hash')).toHaveText('#section1');
+
+ // Hash-only navigation should create a navigation transaction
+ expect(navigationEvent.transaction).toBe('/delayed-lazy/:id');
+ expect(navigationEvent.contexts?.trace?.op).toBe('navigation');
+ expect(navigationEvent.contexts?.trace?.data?.['sentry.source']).toBe('route');
+ expect(navigationEvent.contexts?.trace?.status).toBe('ok');
+});
+
+test('Creates separate navigation transactions for multiple hash changes', async ({ page }) => {
+ await page.goto('/delayed-lazy/123');
+
+ const delayedReady = page.locator('id=delayed-lazy-ready');
+ await expect(delayedReady).toBeVisible();
+
+ // First hash change: /delayed-lazy/123 -> /delayed-lazy/123#section1
+ const firstNavigationPromise = waitForTransaction('react-router-7-lazy-routes', async transactionEvent => {
+ return (
+ !!transactionEvent?.transaction &&
+ transactionEvent.contexts?.trace?.op === 'navigation' &&
+ transactionEvent.transaction === '/delayed-lazy/:id'
+ );
+ });
+
+ const firstHashLink = page.locator('id=link-to-hash-section1');
+ await expect(firstHashLink).toBeVisible();
+ await firstHashLink.click();
+
+ const firstNavigationEvent = await firstNavigationPromise;
+ const firstTraceId = firstNavigationEvent.contexts?.trace?.trace_id;
+
+ await expect(page.locator('id=delayed-lazy-hash')).toHaveText('#section1');
+
+ // Second hash change: /delayed-lazy/123#section1 -> /delayed-lazy/123#section2
+ const secondNavigationPromise = waitForTransaction('react-router-7-lazy-routes', async transactionEvent => {
+ return (
+ !!transactionEvent?.transaction &&
+ transactionEvent.contexts?.trace?.op === 'navigation' &&
+ transactionEvent.transaction === '/delayed-lazy/:id' &&
+ transactionEvent.contexts?.trace?.trace_id !== firstTraceId
+ );
+ });
+
+ const secondHashLink = page.locator('id=link-to-hash-section2');
+ await expect(secondHashLink).toBeVisible();
+ await secondHashLink.click();
+
+ const secondNavigationEvent = await secondNavigationPromise;
+ const secondTraceId = secondNavigationEvent.contexts?.trace?.trace_id;
+
+ await expect(page.locator('id=delayed-lazy-hash')).toHaveText('#section2');
+
+ // Both navigations should have created separate transactions
+ expect(firstNavigationEvent.transaction).toBe('/delayed-lazy/:id');
+ expect(firstNavigationEvent.contexts?.trace?.op).toBe('navigation');
+ expect(secondNavigationEvent.transaction).toBe('/delayed-lazy/:id');
+ expect(secondNavigationEvent.contexts?.trace?.op).toBe('navigation');
+
+ // Trace IDs should be different (separate transactions)
+ expect(firstTraceId).toBeDefined();
+ expect(secondTraceId).toBeDefined();
+ expect(firstTraceId).not.toBe(secondTraceId);
+});
+
+test('Creates navigation transaction when changing both query and hash on same route', async ({ page }) => {
+ await page.goto('/delayed-lazy/123?view=list');
+
+ const delayedReady = page.locator('id=delayed-lazy-ready');
+ await expect(delayedReady).toBeVisible();
+ await expect(page.locator('id=delayed-lazy-view')).toHaveText('View: list');
+
+ // Navigate from /delayed-lazy/123?view=list to /delayed-lazy/123?view=grid#results
+ // This changes both query and hash
+ const navigationPromise = waitForTransaction('react-router-7-lazy-routes', async transactionEvent => {
+ return (
+ !!transactionEvent?.transaction &&
+ transactionEvent.contexts?.trace?.op === 'navigation' &&
+ transactionEvent.transaction === '/delayed-lazy/:id'
+ );
+ });
+
+ const queryAndHashLink = page.locator('id=link-to-query-and-hash');
+ await expect(queryAndHashLink).toBeVisible();
+ await queryAndHashLink.click();
+
+ const navigationEvent = await navigationPromise;
+
+ // Verify both query and hash were updated
+ await expect(page.locator('id=delayed-lazy-search')).toHaveText('?view=grid');
+ await expect(page.locator('id=delayed-lazy-hash')).toHaveText('#results');
+ await expect(page.locator('id=delayed-lazy-view')).toHaveText('View: grid');
+
+ // Combined query + hash navigation should create a navigation transaction
+ expect(navigationEvent.transaction).toBe('/delayed-lazy/:id');
+ expect(navigationEvent.contexts?.trace?.op).toBe('navigation');
+ expect(navigationEvent.contexts?.trace?.data?.['sentry.source']).toBe('route');
+ expect(navigationEvent.contexts?.trace?.status).toBe('ok');
+});
diff --git a/packages/react/src/reactrouter-compat-utils/index.ts b/packages/react/src/reactrouter-compat-utils/index.ts
index c2b56ec446fb..bb91ba8d3072 100644
--- a/packages/react/src/reactrouter-compat-utils/index.ts
+++ b/packages/react/src/reactrouter-compat-utils/index.ts
@@ -25,6 +25,7 @@ export {
pathEndsWithWildcard,
pathIsWildcardAndHasChildren,
getNumberOfUrlSegments,
+ transactionNameHasWildcard,
} from './utils';
// Lazy route exports
diff --git a/packages/react/src/reactrouter-compat-utils/instrumentation.tsx b/packages/react/src/reactrouter-compat-utils/instrumentation.tsx
index 235b207ed9a0..6e19b9021ba5 100644
--- a/packages/react/src/reactrouter-compat-utils/instrumentation.tsx
+++ b/packages/react/src/reactrouter-compat-utils/instrumentation.tsx
@@ -41,59 +41,118 @@ import type {
UseRoutes,
} from '../types';
import { checkRouteForAsyncHandler } from './lazy-routes';
-import { initializeRouterUtils, resolveRouteNameAndSource } from './utils';
+import { initializeRouterUtils, resolveRouteNameAndSource, transactionNameHasWildcard } from './utils';
let _useEffect: UseEffect;
let _useLocation: UseLocation;
let _useNavigationType: UseNavigationType;
let _createRoutesFromChildren: CreateRoutesFromChildren;
let _matchRoutes: MatchRoutes;
+
let _enableAsyncRouteHandlers: boolean = false;
+let _lazyRouteTimeout = 3000;
const CLIENTS_WITH_INSTRUMENT_NAVIGATION = new WeakSetLevel 3 Deep Route
+Deeply nested route loaded!
+ID: {id}
+, R extends React.FC
>( Routes: R, @@ -933,11 +1163,13 @@ export function createV6CompatibleWithSentryReactRouterRouting
{ return { ...(actual as any), startBrowserTracingNavigationSpan: vi.fn(), + startBrowserTracingPageLoadSpan: vi.fn(), browserTracingIntegration: vi.fn(() => ({ setup: vi.fn(), afterAllSetup: vi.fn(), @@ -49,6 +56,9 @@ vi.mock('../../src/reactrouter-compat-utils/utils', () => ({ getGlobalLocation: vi.fn(() => ({ pathname: '/test', search: '', hash: '' })), getGlobalPathname: vi.fn(() => '/test'), routeIsDescendant: vi.fn(() => false), + transactionNameHasWildcard: vi.fn((name: string) => { + return name.includes('/*') || name === '*' || name.endsWith('*'); + }), })); vi.mock('../../src/reactrouter-compat-utils/lazy-routes', () => ({ @@ -370,3 +380,932 @@ describe('addRoutesToAllRoutes', () => { expect(firstCount).toBe(secondCount); }); }); + +describe('updateNavigationSpan with wildcard detection', () => { + const sampleLocation: Location = { + pathname: '/test', + search: '', + hash: '', + state: null, + key: 'default', + }; + + const sampleRoutes: RouteObject[] = [ + { path: '/', element:
Home
},
+ { path: '/about', element: About
},
+ ];
+
+ const mockMatchRoutes = vi.fn(() => []);
+
+ beforeEach(() => {
+ vi.clearAllMocks();
+ });
+
+ it('should call updateName when provided with valid routes', () => {
+ const testSpan = { ...mockSpan };
+ updateNavigationSpan(testSpan, sampleLocation, sampleRoutes, false, mockMatchRoutes);
+
+ expect(mockUpdateName).toHaveBeenCalledWith('Test Route');
+ expect(mockSetAttribute).toHaveBeenCalledWith('sentry.source', 'route');
+ });
+
+ it('should handle forced updates', () => {
+ const testSpan = { ...mockSpan, __sentry_navigation_name_set__: true };
+ updateNavigationSpan(testSpan, sampleLocation, sampleRoutes, true, mockMatchRoutes);
+
+ // Should update even though already named because forceUpdate=true
+ expect(mockUpdateName).toHaveBeenCalledWith('Test Route');
+ });
+});
+
+describe('tryUpdateSpanNameBeforeEnd - source upgrade logic', () => {
+ beforeEach(() => {
+ vi.clearAllMocks();
+ });
+
+ it('should upgrade from URL source to route source (regression fix)', async () => {
+ // Setup: Current span has URL source and non-parameterized name
+ vi.mocked(spanToJSON).mockReturnValue({
+ op: 'navigation',
+ description: '/users/123',
+ data: { 'sentry.source': 'url' },
+ } as any);
+
+ // Target: Resolves to route source with parameterized name
+ vi.mocked(resolveRouteNameAndSource).mockReturnValue(['/users/:id', 'route']);
+
+ const mockUpdateName = vi.fn();
+ const mockSetAttribute = vi.fn();
+ const testSpan = {
+ updateName: mockUpdateName,
+ setAttribute: mockSetAttribute,
+ end: vi.fn(),
+ } as unknown as Span;
+
+ // Simulate patchSpanEnd calling tryUpdateSpanNameBeforeEnd
+ // by updating the span name during a navigation
+ updateNavigationSpan(
+ testSpan,
+ { pathname: '/users/123', search: '', hash: '', state: null, key: 'test' },
+ [{ path: '/users/:id', element: }],
+ false,
+ vi.fn(() => [{ route: { path: '/users/:id' } }]),
+ );
+
+ // Should upgrade from URL to route source
+ expect(mockUpdateName).toHaveBeenCalledWith('/users/:id');
+ expect(mockSetAttribute).toHaveBeenCalledWith('sentry.source', 'route');
+ });
+
+ it('should not downgrade from route source to URL source', async () => {
+ // Setup: Current span has route source with parameterized name (no wildcard)
+ vi.mocked(spanToJSON).mockReturnValue({
+ op: 'navigation',
+ description: '/users/:id',
+ data: { 'sentry.source': 'route' },
+ } as any);
+
+ // Target: Would resolve to URL source (downgrade attempt)
+ vi.mocked(resolveRouteNameAndSource).mockReturnValue(['/users/456', 'url']);
+
+ const mockUpdateName = vi.fn();
+ const mockSetAttribute = vi.fn();
+ const testSpan = {
+ updateName: mockUpdateName,
+ setAttribute: mockSetAttribute,
+ end: vi.fn(),
+ __sentry_navigation_name_set__: true, // Mark as already named
+ } as unknown as Span;
+
+ updateNavigationSpan(
+ testSpan,
+ { pathname: '/users/456', search: '', hash: '', state: null, key: 'test' },
+ [{ path: '/users/:id', element: }],
+ false,
+ vi.fn(() => [{ route: { path: '/users/:id' } }]),
+ );
+
+ // Should not update because span is already named
+ // The early return in tryUpdateSpanNameBeforeEnd protects against downgrades
+ // This test verifies that route->url downgrades are blocked
+ expect(mockUpdateName).not.toHaveBeenCalled();
+ expect(mockSetAttribute).not.toHaveBeenCalled();
+ });
+
+ it('should upgrade wildcard names to specific routes', async () => {
+ // Setup: Current span has route source with wildcard
+ vi.mocked(spanToJSON).mockReturnValue({
+ op: 'navigation',
+ description: '/users/*',
+ data: { 'sentry.source': 'route' },
+ } as any);
+
+ // Mock wildcard detection: current name has wildcard, new name doesn't
+ vi.mocked(transactionNameHasWildcard).mockImplementation((name: string) => {
+ return name === '/users/*'; // Only the current name has wildcard
+ });
+
+ // Target: Resolves to specific parameterized route
+ vi.mocked(resolveRouteNameAndSource).mockReturnValue(['/users/:id', 'route']);
+
+ const mockUpdateName = vi.fn();
+ const mockSetAttribute = vi.fn();
+ const testSpan = {
+ updateName: mockUpdateName,
+ setAttribute: mockSetAttribute,
+ end: vi.fn(),
+ } as unknown as Span;
+
+ updateNavigationSpan(
+ testSpan,
+ { pathname: '/users/123', search: '', hash: '', state: null, key: 'test' },
+ [{ path: '/users/:id', element: }],
+ false,
+ vi.fn(() => [{ route: { path: '/users/:id' } }]),
+ );
+
+ // Should upgrade from wildcard to specific
+ expect(mockUpdateName).toHaveBeenCalledWith('/users/:id');
+ expect(mockSetAttribute).toHaveBeenCalledWith('sentry.source', 'route');
+ });
+
+ it('should not downgrade from wildcard route to URL', async () => {
+ // Setup: Current span has route source with wildcard
+ vi.mocked(spanToJSON).mockReturnValue({
+ op: 'navigation',
+ description: '/users/*',
+ data: { 'sentry.source': 'route' },
+ } as any);
+
+ // Mock wildcard detection: current name has wildcard, new name doesn't
+ vi.mocked(transactionNameHasWildcard).mockImplementation((name: string) => {
+ return name === '/users/*'; // Only the current wildcard name returns true
+ });
+
+ // Target: After timeout, resolves to URL (lazy route didn't finish loading)
+ vi.mocked(resolveRouteNameAndSource).mockReturnValue(['/users/123', 'url']);
+
+ const mockUpdateName = vi.fn();
+ const mockSetAttribute = vi.fn();
+ const testSpan = {
+ updateName: mockUpdateName,
+ setAttribute: mockSetAttribute,
+ end: vi.fn(),
+ __sentry_navigation_name_set__: true, // Mark span as already named/finalized
+ } as unknown as Span;
+
+ updateNavigationSpan(
+ testSpan,
+ { pathname: '/users/123', search: '', hash: '', state: null, key: 'test' },
+ [{ path: '/users/*', element: }],
+ false,
+ vi.fn(() => [{ route: { path: '/users/*' } }]),
+ );
+
+ // Should not update - keep wildcard route instead of downgrading to URL
+ // Wildcard routes are better than URLs for aggregation in performance monitoring
+ expect(mockUpdateName).not.toHaveBeenCalled();
+ expect(mockSetAttribute).not.toHaveBeenCalled();
+ });
+
+ it('should set name when no current name exists', async () => {
+ // Setup: Current span has no name (undefined)
+ vi.mocked(spanToJSON).mockReturnValue({
+ op: 'navigation',
+ description: undefined,
+ } as any);
+
+ // Target: Resolves to route
+ vi.mocked(resolveRouteNameAndSource).mockReturnValue(['/users/:id', 'route']);
+
+ const mockUpdateName = vi.fn();
+ const mockSetAttribute = vi.fn();
+ const testSpan = {
+ updateName: mockUpdateName,
+ setAttribute: mockSetAttribute,
+ end: vi.fn(),
+ } as unknown as Span;
+
+ updateNavigationSpan(
+ testSpan,
+ { pathname: '/users/123', search: '', hash: '', state: null, key: 'test' },
+ [{ path: '/users/:id', element: }],
+ false,
+ vi.fn(() => [{ route: { path: '/users/:id' } }]),
+ );
+
+ // Should set initial name
+ expect(mockUpdateName).toHaveBeenCalledWith('/users/:id');
+ expect(mockSetAttribute).toHaveBeenCalledWith('sentry.source', 'route');
+ });
+
+ it('should not update when same source and no improvement', async () => {
+ // Setup: Current span has URL source
+ vi.mocked(spanToJSON).mockReturnValue({
+ op: 'navigation',
+ description: '/users/123',
+ data: { 'sentry.source': 'url' },
+ } as any);
+
+ // Target: Resolves to same URL source (no improvement)
+ vi.mocked(resolveRouteNameAndSource).mockReturnValue(['/users/123', 'url']);
+
+ const mockUpdateName = vi.fn();
+ const mockSetAttribute = vi.fn();
+ const testSpan = {
+ updateName: mockUpdateName,
+ setAttribute: mockSetAttribute,
+ end: vi.fn(),
+ } as unknown as Span;
+
+ updateNavigationSpan(
+ testSpan,
+ { pathname: '/users/123', search: '', hash: '', state: null, key: 'test' },
+ [{ path: '/users/:id', element: }],
+ false,
+ vi.fn(() => [{ route: { path: '/users/:id' } }]),
+ );
+
+ // Note: updateNavigationSpan always updates if not already named
+ // This test validates that the isImprovement logic works correctly in tryUpdateSpanNameBeforeEnd
+ // which is called during span.end() patching
+ expect(mockUpdateName).toHaveBeenCalled(); // Initial set is allowed
+ });
+
+ describe('computeLocationKey (pure function)', () => {
+ it('should include pathname, search, and hash in location key', () => {
+ const location: Location = {
+ pathname: '/search',
+ search: '?q=foo',
+ hash: '#results',
+ state: null,
+ key: 'test',
+ };
+
+ const result = computeLocationKey(location);
+
+ expect(result).toBe('/search?q=foo#results');
+ });
+
+ it('should differentiate locations with same pathname but different query', () => {
+ const loc1: Location = { pathname: '/search', search: '?q=foo', hash: '', state: null, key: 'k1' };
+ const loc2: Location = { pathname: '/search', search: '?q=bar', hash: '', state: null, key: 'k2' };
+
+ const key1 = computeLocationKey(loc1);
+ const key2 = computeLocationKey(loc2);
+
+ // Verifies that search params are included in the location key
+ expect(key1).not.toBe(key2);
+ expect(key1).toBe('/search?q=foo');
+ expect(key2).toBe('/search?q=bar');
+ });
+
+ it('should differentiate locations with same pathname but different hash', () => {
+ const loc1: Location = { pathname: '/page', search: '', hash: '#section1', state: null, key: 'k1' };
+ const loc2: Location = { pathname: '/page', search: '', hash: '#section2', state: null, key: 'k2' };
+
+ const key1 = computeLocationKey(loc1);
+ const key2 = computeLocationKey(loc2);
+
+ // Verifies that hash values are included in the location key
+ expect(key1).not.toBe(key2);
+ expect(key1).toBe('/page#section1');
+ expect(key2).toBe('/page#section2');
+ });
+
+ it('should produce same key for identical locations', () => {
+ const loc1: Location = { pathname: '/users', search: '?id=123', hash: '#profile', state: null, key: 'k1' };
+ const loc2: Location = { pathname: '/users', search: '?id=123', hash: '#profile', state: null, key: 'k2' };
+
+ expect(computeLocationKey(loc1)).toBe(computeLocationKey(loc2));
+ });
+
+ it('should normalize undefined/null search and hash to empty strings (partial location objects)', () => {
+ // When Next.js 16 Tunnel Route Test
; +} diff --git a/dev-packages/e2e-tests/test-applications/nextjs-16-tunnel/eslint.config.mjs b/dev-packages/e2e-tests/test-applications/nextjs-16-tunnel/eslint.config.mjs new file mode 100644 index 000000000000..60f7af38f6c2 --- /dev/null +++ b/dev-packages/e2e-tests/test-applications/nextjs-16-tunnel/eslint.config.mjs @@ -0,0 +1,19 @@ +import { dirname } from 'path'; +import { fileURLToPath } from 'url'; +import { FlatCompat } from '@eslint/eslintrc'; + +const __filename = fileURLToPath(import.meta.url); +const __dirname = dirname(__filename); + +const compat = new FlatCompat({ + baseDirectory: __dirname, +}); + +const eslintConfig = [ + ...compat.extends('next/core-web-vitals', 'next/typescript'), + { + ignores: ['node_modules/**', '.next/**', 'out/**', 'build/**', 'next-env.d.ts'], + }, +]; + +export default eslintConfig; diff --git a/dev-packages/e2e-tests/test-applications/nextjs-16-tunnel/instrumentation-client.ts b/dev-packages/e2e-tests/test-applications/nextjs-16-tunnel/instrumentation-client.ts new file mode 100644 index 000000000000..d40b790f18a5 --- /dev/null +++ b/dev-packages/e2e-tests/test-applications/nextjs-16-tunnel/instrumentation-client.ts @@ -0,0 +1,12 @@ +import * as Sentry from '@sentry/nextjs'; + +Sentry.init({ + environment: 'qa', // dynamic sampling bias to keep transactions + // Use a fake but properly formatted Sentry SaaS DSN for tunnel route testing + dsn: 'https://public@o12345.ingest.us.sentry.io/67890', + // No tunnel option - using tunnelRoute from withSentryConfig + tracesSampleRate: 1.0, + sendDefaultPii: true, +}); + +export const onRouterTransitionStart = Sentry.captureRouterTransitionStart; diff --git a/dev-packages/e2e-tests/test-applications/nextjs-16-tunnel/instrumentation.ts b/dev-packages/e2e-tests/test-applications/nextjs-16-tunnel/instrumentation.ts new file mode 100644 index 000000000000..964f937c439a --- /dev/null +++ b/dev-packages/e2e-tests/test-applications/nextjs-16-tunnel/instrumentation.ts @@ -0,0 +1,13 @@ +import * as Sentry from '@sentry/nextjs'; + +export async function register() { + if (process.env.NEXT_RUNTIME === 'nodejs') { + await import('./sentry.server.config'); + } + + if (process.env.NEXT_RUNTIME === 'edge') { + await import('./sentry.edge.config'); + } +} + +export const onRequestError = Sentry.captureRequestError; diff --git a/dev-packages/e2e-tests/test-applications/nextjs-16-tunnel/next.config.ts b/dev-packages/e2e-tests/test-applications/nextjs-16-tunnel/next.config.ts new file mode 100644 index 000000000000..cad68b926a58 --- /dev/null +++ b/dev-packages/e2e-tests/test-applications/nextjs-16-tunnel/next.config.ts @@ -0,0 +1,9 @@ +import { withSentryConfig } from '@sentry/nextjs'; +import type { NextConfig } from 'next'; + +const nextConfig: NextConfig = {}; + +export default withSentryConfig(nextConfig, { + silent: true, + tunnelRoute: true, +}); diff --git a/dev-packages/e2e-tests/test-applications/nextjs-16-tunnel/package.json b/dev-packages/e2e-tests/test-applications/nextjs-16-tunnel/package.json new file mode 100644 index 000000000000..40389ad0888f --- /dev/null +++ b/dev-packages/e2e-tests/test-applications/nextjs-16-tunnel/package.json @@ -0,0 +1,63 @@ +{ + "name": "nextjs-16-tunnel", + "version": "0.1.0", + "private": true, + "scripts": { + "dev": " next dev", + "build": "_SENTRY_TUNNEL_DESTINATION_OVERRIDE=http://localhost:3031/ next build > .tmp_build_stdout 2> .tmp_build_stderr || (cat .tmp_build_stdout && cat .tmp_build_stderr && exit 1)", + "clean": "npx rimraf node_modules pnpm-lock.yaml .tmp_dev_server_logs", + "dev:webpack": "_SENTRY_TUNNEL_DESTINATION_OVERRIDE=http://localhost:3031/ next dev --webpack", + "build-webpack": "_SENTRY_TUNNEL_DESTINATION_OVERRIDE=http://localhost:3031/ next build --webpack > .tmp_build_stdout 2> .tmp_build_stderr || (cat .tmp_build_stdout && cat .tmp_build_stderr && exit 1)", + "start": "_SENTRY_TUNNEL_DESTINATION_OVERRIDE=http://localhost:3031/ next start", + "lint": "eslint", + "test:prod": "TEST_ENV=production playwright test", + "test:dev": "TEST_ENV=development _SENTRY_TUNNEL_DESTINATION_OVERRIDE=http://localhost:3031/ playwright test", + "test:dev-webpack": "TEST_ENV=development-webpack _SENTRY_TUNNEL_DESTINATION_OVERRIDE=http://localhost:3031/ playwright test", + "test:build": "pnpm install && pnpm build", + "test:build-webpack": "pnpm install && pnpm build-webpack", + "test:build-canary": "pnpm install && pnpm add next@canary && pnpm build", + "test:build-latest": "pnpm install && pnpm add next@latest && pnpm build", + "test:build-latest-webpack": "pnpm install && pnpm add next@latest && pnpm build-webpack", + "test:build-canary-webpack": "pnpm install && pnpm add next@canary && pnpm build-webpack", + "test:assert": "pnpm test:prod && pnpm test:dev", + "test:assert-webpack": "pnpm test:prod && pnpm test:dev-webpack" + }, + "dependencies": { + "@sentry/nextjs": "latest || *", + "@sentry/core": "latest || *", + "ai": "^3.0.0", + "import-in-the-middle": "^1", + "next": "16.0.0", + "react": "19.1.0", + "react-dom": "19.1.0", + "require-in-the-middle": "^7", + "zod": "^3.22.4" + }, + "devDependencies": { + "@playwright/test": "~1.53.2", + "@sentry-internal/test-utils": "link:../../../test-utils", + "@types/node": "^20", + "@types/react": "^19", + "@types/react-dom": "^19", + "eslint": "^9", + "eslint-config-next": "canary", + "typescript": "^5" + }, + "volta": { + "extends": "../../package.json" + }, + "sentryTest": { + "variants": [ + { + "build-command": "pnpm test:build-webpack", + "label": "nextjs-16-tunnel (webpack)", + "assert-command": "pnpm test:assert-webpack" + }, + { + "build-command": "pnpm test:build", + "label": "nextjs-16-tunnel (turbopack)", + "assert-command": "pnpm test:assert" + } + ] + } +} diff --git a/dev-packages/e2e-tests/test-applications/nextjs-16-tunnel/playwright.config.mjs b/dev-packages/e2e-tests/test-applications/nextjs-16-tunnel/playwright.config.mjs new file mode 100644 index 000000000000..797418b8cf7d --- /dev/null +++ b/dev-packages/e2e-tests/test-applications/nextjs-16-tunnel/playwright.config.mjs @@ -0,0 +1,29 @@ +import { getPlaywrightConfig } from '@sentry-internal/test-utils'; +const testEnv = process.env.TEST_ENV; + +if (!testEnv) { + throw new Error('No test env defined'); +} + +const getStartCommand = () => { + if (testEnv === 'development-webpack') { + return 'pnpm next dev -p 3030 --webpack 2>&1 | tee .tmp_dev_server_logs'; + } + + if (testEnv === 'development') { + return 'pnpm next dev -p 3030 2>&1 | tee .tmp_dev_server_logs'; + } + + if (testEnv === 'production') { + return 'pnpm next start -p 3030'; + } + + throw new Error(`Unknown test env: ${testEnv}`); +}; + +const config = getPlaywrightConfig({ + startCommand: getStartCommand(), + port: 3030, +}); + +export default config; diff --git a/dev-packages/e2e-tests/test-applications/nextjs-16-tunnel/proxy.ts b/dev-packages/e2e-tests/test-applications/nextjs-16-tunnel/proxy.ts new file mode 100644 index 000000000000..28639f60bbe4 --- /dev/null +++ b/dev-packages/e2e-tests/test-applications/nextjs-16-tunnel/proxy.ts @@ -0,0 +1,11 @@ +import { NextResponse } from 'next/server'; +import type { NextRequest } from 'next/server'; + +export async function proxy(_request: NextRequest) { + return NextResponse.next(); +} + +// Match all routes to test that tunnel requests are properly filtered +export const config = { + matcher: '/:path*', +}; diff --git a/dev-packages/e2e-tests/test-applications/nextjs-16-tunnel/public/file.svg b/dev-packages/e2e-tests/test-applications/nextjs-16-tunnel/public/file.svg new file mode 100644 index 000000000000..004145cddf3f --- /dev/null +++ b/dev-packages/e2e-tests/test-applications/nextjs-16-tunnel/public/file.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/dev-packages/e2e-tests/test-applications/nextjs-16-tunnel/public/globe.svg b/dev-packages/e2e-tests/test-applications/nextjs-16-tunnel/public/globe.svg new file mode 100644 index 000000000000..567f17b0d7c7 --- /dev/null +++ b/dev-packages/e2e-tests/test-applications/nextjs-16-tunnel/public/globe.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/dev-packages/e2e-tests/test-applications/nextjs-16-tunnel/public/next.svg b/dev-packages/e2e-tests/test-applications/nextjs-16-tunnel/public/next.svg new file mode 100644 index 000000000000..5174b28c565c --- /dev/null +++ b/dev-packages/e2e-tests/test-applications/nextjs-16-tunnel/public/next.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/dev-packages/e2e-tests/test-applications/nextjs-16-tunnel/public/vercel.svg b/dev-packages/e2e-tests/test-applications/nextjs-16-tunnel/public/vercel.svg new file mode 100644 index 000000000000..77053960334e --- /dev/null +++ b/dev-packages/e2e-tests/test-applications/nextjs-16-tunnel/public/vercel.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/dev-packages/e2e-tests/test-applications/nextjs-16-tunnel/public/window.svg b/dev-packages/e2e-tests/test-applications/nextjs-16-tunnel/public/window.svg new file mode 100644 index 000000000000..b2b2a44f6ebc --- /dev/null +++ b/dev-packages/e2e-tests/test-applications/nextjs-16-tunnel/public/window.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/dev-packages/e2e-tests/test-applications/nextjs-16-tunnel/sentry.edge.config.ts b/dev-packages/e2e-tests/test-applications/nextjs-16-tunnel/sentry.edge.config.ts new file mode 100644 index 000000000000..8ba3a3bf2faa --- /dev/null +++ b/dev-packages/e2e-tests/test-applications/nextjs-16-tunnel/sentry.edge.config.ts @@ -0,0 +1,11 @@ +import * as Sentry from '@sentry/nextjs'; + +Sentry.init({ + environment: 'qa', // dynamic sampling bias to keep transactions + // Use a fake but properly formatted Sentry SaaS DSN for tunnel route testing + dsn: 'https://public@o12345.ingest.us.sentry.io/67890', + // No tunnel option - using tunnelRoute from withSentryConfig + tracesSampleRate: 1.0, + sendDefaultPii: true, + // debug: true, +}); diff --git a/dev-packages/e2e-tests/test-applications/nextjs-16-tunnel/sentry.server.config.ts b/dev-packages/e2e-tests/test-applications/nextjs-16-tunnel/sentry.server.config.ts new file mode 100644 index 000000000000..8ba3a3bf2faa --- /dev/null +++ b/dev-packages/e2e-tests/test-applications/nextjs-16-tunnel/sentry.server.config.ts @@ -0,0 +1,11 @@ +import * as Sentry from '@sentry/nextjs'; + +Sentry.init({ + environment: 'qa', // dynamic sampling bias to keep transactions + // Use a fake but properly formatted Sentry SaaS DSN for tunnel route testing + dsn: 'https://public@o12345.ingest.us.sentry.io/67890', + // No tunnel option - using tunnelRoute from withSentryConfig + tracesSampleRate: 1.0, + sendDefaultPii: true, + // debug: true, +}); diff --git a/dev-packages/e2e-tests/test-applications/nextjs-16-tunnel/start-event-proxy.mjs b/dev-packages/e2e-tests/test-applications/nextjs-16-tunnel/start-event-proxy.mjs new file mode 100644 index 000000000000..976073d3d2c4 --- /dev/null +++ b/dev-packages/e2e-tests/test-applications/nextjs-16-tunnel/start-event-proxy.mjs @@ -0,0 +1,14 @@ +import * as fs from 'fs'; +import * as path from 'path'; +import { startEventProxyServer } from '@sentry-internal/test-utils'; + +const packageJson = JSON.parse(fs.readFileSync(path.join(process.cwd(), 'package.json'))); + +startEventProxyServer({ + port: 3031, + proxyServerName: 'nextjs-16-tunnel', + envelopeDumpPath: path.join( + process.cwd(), + `event-dumps/nextjs-16-tunnel-v${packageJson.dependencies.next}-${process.env.TEST_ENV}.dump`, + ), +}); diff --git a/dev-packages/e2e-tests/test-applications/nextjs-16-tunnel/tests/tunnel-route.test.ts b/dev-packages/e2e-tests/test-applications/nextjs-16-tunnel/tests/tunnel-route.test.ts new file mode 100644 index 000000000000..a8bd7b4d925e --- /dev/null +++ b/dev-packages/e2e-tests/test-applications/nextjs-16-tunnel/tests/tunnel-route.test.ts @@ -0,0 +1,132 @@ +import { expect, test } from '@playwright/test'; +import { waitForTransaction } from '@sentry-internal/test-utils'; + +test('Tunnel route should proxy pageload transaction to Sentry', async ({ page }) => { + // Wait for the pageload transaction to be sent through the tunnel + const pageloadTransactionPromise = waitForTransaction('nextjs-16-tunnel', async transactionEvent => { + return transactionEvent?.contexts?.trace?.op === 'pageload' && transactionEvent?.transaction === '/'; + }); + + // Navigate to the page + await page.goto('/'); + + const pageloadTransaction = await pageloadTransactionPromise; + + // Verify the pageload transaction was received successfully + expect(pageloadTransaction).toBeDefined(); + expect(pageloadTransaction.transaction).toBe('/'); + expect(pageloadTransaction.contexts?.trace?.op).toBe('pageload'); + expect(pageloadTransaction.contexts?.trace?.status).toBe('ok'); + expect(pageloadTransaction.type).toBe('transaction'); +}); + +test('Tunnel route should send multiple pageload transactions consistently', async ({ page }) => { + // This test verifies that the tunnel route remains consistent across multiple page loads + // (important for Turbopack which could generate different tunnel routes for client/server) + + // First pageload + const firstPageloadPromise = waitForTransaction('nextjs-16-tunnel', async transactionEvent => { + return transactionEvent?.contexts?.trace?.op === 'pageload' && transactionEvent?.transaction === '/'; + }); + + await page.goto('/'); + const firstPageload = await firstPageloadPromise; + + expect(firstPageload).toBeDefined(); + expect(firstPageload.transaction).toBe('/'); + expect(firstPageload.contexts?.trace?.op).toBe('pageload'); + expect(firstPageload.contexts?.trace?.status).toBe('ok'); + + // Second pageload (reload) + const secondPageloadPromise = waitForTransaction('nextjs-16-tunnel', async transactionEvent => { + return transactionEvent?.contexts?.trace?.op === 'pageload' && transactionEvent?.transaction === '/'; + }); + + await page.reload(); + const secondPageload = await secondPageloadPromise; + + expect(secondPageload).toBeDefined(); + expect(secondPageload.transaction).toBe('/'); + expect(secondPageload.contexts?.trace?.op).toBe('pageload'); + expect(secondPageload.contexts?.trace?.status).toBe('ok'); +}); + +test('Tunnel requests should not create middleware or fetch spans', async ({ page }) => { + // This test verifies that our span filtering logic works correctly + // The proxy runs on all routes, so we'll get a middleware transaction for `/` + // But we should NOT get middleware or fetch transactions for the tunnel route itself + + const allTransactions: any[] = []; + + // Collect all transactions + const collectPromise = (async () => { + // Keep collecting for 3 seconds after pageload + const endTime = Date.now() + 3000; + while (Date.now() < endTime) { + try { + const tx = await Promise.race([ + waitForTransaction('nextjs-16-tunnel', () => true), + new Promise((_, reject) => setTimeout(() => reject(), 500)), + ]); + allTransactions.push(tx); + } catch { + // Timeout, continue collecting + } + } + })(); + + // Wait for pageload transaction + const pageloadPromise = waitForTransaction('nextjs-16-tunnel', async transactionEvent => { + return transactionEvent?.contexts?.trace?.op === 'pageload'; + }); + + await page.goto('/'); + const pageloadTransaction = await pageloadPromise; + + // Trigger errors to force tunnel POST requests + await page + .evaluate(() => { + throw new Error('Test tunnel error 1'); + }) + .catch(() => { + // Expected to throw + }); + + await page + .evaluate(() => { + throw new Error('Test tunnel error 2'); + }) + .catch(() => { + // Expected to throw + }); + + // Wait for events to be sent through tunnel + await page.waitForTimeout(2000); + + // Continue collecting for a bit + await collectPromise; + + // We should have received the pageload transaction + expect(pageloadTransaction).toBeDefined(); + expect(pageloadTransaction.contexts?.trace?.op).toBe('pageload'); + + const middlewareTransactions = allTransactions.filter(tx => tx.contexts?.trace?.op === 'http.server.middleware'); + + // We WILL have a middleware transaction for GET / (the pageload) + // But we should NOT have middleware transactions for POST requests (tunnel route) + const postMiddlewareTransactions = middlewareTransactions.filter( + tx => tx.transaction?.includes('POST') || tx.contexts?.trace?.data?.['http.request.method'] === 'POST', + ); + + expect(postMiddlewareTransactions).toHaveLength(0); + + // We should NOT have any fetch transactions to Sentry ingest + const sentryFetchTransactions = allTransactions.filter( + tx => + tx.contexts?.trace?.op === 'http.client' && + (tx.contexts?.trace?.data?.['url.full']?.includes('sentry.io') || + tx.contexts?.trace?.data?.['url.full']?.includes('ingest')), + ); + + expect(sentryFetchTransactions).toHaveLength(0); +}); diff --git a/dev-packages/e2e-tests/test-applications/nextjs-16-tunnel/tsconfig.json b/dev-packages/e2e-tests/test-applications/nextjs-16-tunnel/tsconfig.json new file mode 100644 index 000000000000..cc9ed39b5aa2 --- /dev/null +++ b/dev-packages/e2e-tests/test-applications/nextjs-16-tunnel/tsconfig.json @@ -0,0 +1,27 @@ +{ + "compilerOptions": { + "target": "ES2017", + "lib": ["dom", "dom.iterable", "esnext"], + "allowJs": true, + "skipLibCheck": true, + "strict": true, + "noEmit": true, + "esModuleInterop": true, + "module": "esnext", + "moduleResolution": "bundler", + "resolveJsonModule": true, + "isolatedModules": true, + "jsx": "react-jsx", + "incremental": true, + "plugins": [ + { + "name": "next" + } + ], + "paths": { + "@/*": ["./*"] + } + }, + "include": ["next-env.d.ts", "**/*.ts", "**/*.tsx", ".next/types/**/*.ts", ".next/dev/types/**/*.ts", "**/*.mts"], + "exclude": ["node_modules"] +} diff --git a/packages/nextjs/src/common/utils/dropMiddlewareTunnelRequests.ts b/packages/nextjs/src/common/utils/dropMiddlewareTunnelRequests.ts new file mode 100644 index 000000000000..6f8b4eb96603 --- /dev/null +++ b/packages/nextjs/src/common/utils/dropMiddlewareTunnelRequests.ts @@ -0,0 +1,59 @@ +import { SEMATTRS_HTTP_TARGET } from '@opentelemetry/semantic-conventions'; +import { type Span, type SpanAttributes, GLOBAL_OBJ, SEMANTIC_ATTRIBUTE_SENTRY_ORIGIN } from '@sentry/core'; +import { isSentryRequestSpan } from '@sentry/opentelemetry'; +import { ATTR_NEXT_SPAN_TYPE } from '../nextSpanAttributes'; +import { TRANSACTION_ATTR_SHOULD_DROP_TRANSACTION } from '../span-attributes-with-logic-attached'; + +const globalWithInjectedValues = GLOBAL_OBJ as typeof GLOBAL_OBJ & { + _sentryRewritesTunnelPath?: string; +}; + +/** + * Drops spans for tunnel requests from middleware or fetch instrumentation. + * This catches both: + * 1. Requests to the local tunnel route (before rewrite) + * 2. Requests to Sentry ingest (after rewrite) + */ +export function dropMiddlewareTunnelRequests(span: Span, attrs: SpanAttributes | undefined): void { + // Only filter middleware spans or HTTP fetch spans + const isMiddleware = attrs?.[ATTR_NEXT_SPAN_TYPE] === 'Middleware.execute'; + // The fetch span could be originating from rewrites re-writing a tunnel request + // So we want to filter it out + const isFetchSpan = attrs?.[SEMANTIC_ATTRIBUTE_SENTRY_ORIGIN] === 'auto.http.otel.node_fetch'; + + // If the span is not a middleware span or a fetch span, return + if (!isMiddleware && !isFetchSpan) { + return; + } + + // Check if this is either a tunnel route request or a Sentry ingest request + const isTunnel = isTunnelRouteSpan(attrs || {}); + const isSentry = isSentryRequestSpan(span); + + if (isTunnel || isSentry) { + // Mark the span to be dropped + span.setAttribute(TRANSACTION_ATTR_SHOULD_DROP_TRANSACTION, true); + } +} + +/** + * Checks if a span's HTTP target matches the tunnel route. + */ +function isTunnelRouteSpan(spanAttributes: Record
+
+
+Work in this release was contributed by @bignoncedric and @adam-kov. Thank you for your contributions!
+
## 10.26.0
### Important Changes