meta(changelog): Update changelog for 10.31.0 #18526

andreiborza · 2025-12-16T14:30:10Z

No description provided.

This PR adds some rules to bugbot's rulest to flag some testing-related issues we'd like to avoid. Like with all AI rules, there are for sure exceptions to the new rules, so no problem with us ignoring any of these flags. But I think having an additional reminder that testing is necessary would be a good change. LMK what you think!

Parse each individual cookie header and filter sensitive cookies to at least know which keys the cookie string included. Follow-up on #18311 Closes #18441

Until we find a way to automatically instrument OpenAI in Nextjs, we shouldn't block users from using the manual instrumentation. Docs for this are in review already. Closes #18462 (added automatically)

(closes #18428) (closes [JS-1266](https://linear.app/getsentry/issue/JS-1266/sentry-prune-profiler-binaries-does-not-recognize-nodejs-24-as-a-valid)) This adds support for Node v24 in the prune script. On top this also adds a test that is testing against the current Node version (as suggested in #14491 (review)). Since we have [a matrix](https://github.com/getsentry/sentry-javascript/blob/a906759fd8769d264498598dc16dab8af26377ea/.github/workflows/build.yml#L747) for our integration tests, this test would fail once we add Node v26 - where we are forced to update the ABI manually. Theoretically we could also use [node-abi](https://www.npmjs.com/package/node-abi), but decided against it to keep the dependencies low.

(closes #18419) (closes [JS-1261](https://linear.app/getsentry/issue/JS-1261/add-support-for-spotlight-in-sentrybun)) It seems that for Bun we are already using the init function of `@sentry/node`, so all the options are passed do satisfy the `NodeOptions`. This is now re-exporting `spotlight` as an option. (related: #17349)

…ting pageload (#18463) Bad condition which short circuits the web vitals from being reported, I included a test anyways even though it doesn't reproduce it. closes #18425 Closes #18464 (added automatically)???

…8471) Fixes an issue where VercelAI integration span operations were not being set correctly because the validation was too restrictive. I relaxed the condition to only require `ai.model.id` attribute instead of both `ai.model.id` and `ai.model.provider` as provider attribute is optional and may not always be present on spans Closes https://linear.app/getsentry/issue/JS-1280

[Gitflow] Merge master into develop

This PR adds the external contributor to the CHANGELOG.md file, so that they are credited for their contribution. See #17835 Co-authored-by: andreiborza <168741329+andreiborza@users.noreply.github.com> Co-authored-by: Nicolas Hrubec <nico.hrubec@sentry.io>

Closes #18469 (added automatically)

I have been running a lot of Next.js tests and needed to run specific variants against my changes, so I made these changes to our test runner script and thought to share it with everyone. ``` yarn test:run <app-name> --variant <variant-name> ``` Closes #18459 (added automatically)

Move the message reformatting into a separate util for google-genai, and add unit test coverage for that file. Add an integration test scenario to ensure that the system message will be included if provided in the config params. Related to getsentry/testing-ai-sdk-integrations#10 Fix JS-1218

…ts/test-applications/nextjs-15-intl (#18483) Bumps [next](https://github.com/vercel/next.js) from 15.5.7 to 15.5.9. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vercel/next.js/releases">next's releases</a>.</em></p> <blockquote> <h2>v15.5.9</h2> <p>Please see the <a href="https://nextjs.org/blog/security-update-2025-12-11">Next.js Security Update</a> for information about this security patch.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vercel/next.js/commit/c5de33e93ccccaf3bee60cf50603e2152f9886e1"><code>c5de33e</code></a> v15.5.9</li> <li><a href="https://github.com/vercel/next.js/commit/dd233994aeb24e906cdb9aedca5447cdef401792"><code>dd23399</code></a> Backport <a href="https://redirect.github.com/facebook/react/issues/35351">facebook/react#35351</a> for 15.5.8 (<a href="https://redirect.github.com/vercel/next.js/issues/87086">#87086</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/7526cd6f24300726964eaba78927fe2a9c3fed5e"><code>7526cd6</code></a> v15.5.8</li> <li><a href="https://github.com/vercel/next.js/commit/1e9ec4133af3657964833bfcc9abb0ee73fb19f0"><code>1e9ec41</code></a> Update React Version (<a href="https://redirect.github.com/vercel/next.js/issues/41">#41</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/16141e5df9ce51136ba42988b574981f89d01081"><code>16141e5</code></a> Update React Version (<a href="https://redirect.github.com/vercel/next.js/issues/30">#30</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/e01e589e181d66d48c57698238b8b7f59218dfef"><code>e01e589</code></a> Backport Next.js changes to v15.5.8 (<a href="https://redirect.github.com/vercel/next.js/issues/23">#23</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/b2706db1e62c261ddfddaa040b2b26d93a091eca"><code>b2706db</code></a> lock binaries</li> <li>See full diff in <a href="https://github.com/vercel/next.js/compare/v15.5.7...v15.5.9">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=next&package-manager=npm_and_yarn&previous-version=15.5.7&new-version=15.5.9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/getsentry/sentry-javascript/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…etsentry/sentry-javascript into timfish/feat/node-propagateTraceparent

…ts/test-applications/nextjs-15 (#18482) Bumps [next](https://github.com/vercel/next.js) from 15.5.7 to 15.5.9. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vercel/next.js/releases">next's releases</a>.</em></p> <blockquote> <h2>v15.5.9</h2> <p>Please see the <a href="https://nextjs.org/blog/security-update-2025-12-11">Next.js Security Update</a> for information about this security patch.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vercel/next.js/commit/c5de33e93ccccaf3bee60cf50603e2152f9886e1"><code>c5de33e</code></a> v15.5.9</li> <li><a href="https://github.com/vercel/next.js/commit/dd233994aeb24e906cdb9aedca5447cdef401792"><code>dd23399</code></a> Backport <a href="https://redirect.github.com/facebook/react/issues/35351">facebook/react#35351</a> for 15.5.8 (<a href="https://redirect.github.com/vercel/next.js/issues/87086">#87086</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/7526cd6f24300726964eaba78927fe2a9c3fed5e"><code>7526cd6</code></a> v15.5.8</li> <li><a href="https://github.com/vercel/next.js/commit/1e9ec4133af3657964833bfcc9abb0ee73fb19f0"><code>1e9ec41</code></a> Update React Version (<a href="https://redirect.github.com/vercel/next.js/issues/41">#41</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/16141e5df9ce51136ba42988b574981f89d01081"><code>16141e5</code></a> Update React Version (<a href="https://redirect.github.com/vercel/next.js/issues/30">#30</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/e01e589e181d66d48c57698238b8b7f59218dfef"><code>e01e589</code></a> Backport Next.js changes to v15.5.8 (<a href="https://redirect.github.com/vercel/next.js/issues/23">#23</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/b2706db1e62c261ddfddaa040b2b26d93a091eca"><code>b2706db</code></a> lock binaries</li> <li>See full diff in <a href="https://github.com/vercel/next.js/compare/v15.5.7...v15.5.9">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=next&package-manager=npm_and_yarn&previous-version=15.5.7&new-version=15.5.9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/getsentry/sentry-javascript/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…ts/test-applications/nextjs-16-tunnel (#18481) [//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [next](https://github.com/vercel/next.js) from 16.0.7 to 16.0.9. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vercel/next.js/releases">next's releases</a>.</em></p> <blockquote> <h2>v16.0.8</h2> <blockquote> <p>[!NOTE] This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>Update react version in cna templates (<a href="https://redirect.github.com/vercel/next.js/issues/86950">#86950</a>)</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/huozhi"><code>@huozhi</code></a> for helping!</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vercel/next.js/commit/3f6a39f6f75781f16e1cae0b122ae86150f375be"><code>3f6a39f</code></a> v16.0.9</li> <li><a href="https://github.com/vercel/next.js/commit/75e136ad1e90949ba0e8288bdd1e03a52ecc2b7f"><code>75e136a</code></a> Update React Versions (<a href="https://redirect.github.com/vercel/next.js/issues/40">#40</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/4e20596af880838bf6c40fc235e639b142116a7d"><code>4e20596</code></a> Update React Version (<a href="https://redirect.github.com/vercel/next.js/issues/22">#22</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/fa858489446628dfe9387c54078ebb1de1fbd243"><code>fa85848</code></a> Backport Next.js changes to v16.0.9 (<a href="https://redirect.github.com/vercel/next.js/issues/20">#20</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/817ee56da939545d4b77cc54542f4c45a524e60a"><code>817ee56</code></a> v16.0.8</li> <li><a href="https://github.com/vercel/next.js/commit/b298173dba914e55bc25aa6bdc37d418d587830e"><code>b298173</code></a> Update react version in cna templates (<a href="https://redirect.github.com/vercel/next.js/issues/86950">#86950</a>)</li> <li>See full diff in <a href="https://github.com/vercel/next.js/compare/v16.0.7...v16.0.9">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=next&package-manager=npm_and_yarn&previous-version=16.0.7&new-version=16.0.9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/getsentry/sentry-javascript/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…ts/test-applications/nextjs-16 (#18480) [//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [next](https://github.com/vercel/next.js) from 16.0.7 to 16.0.9. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vercel/next.js/releases">next's releases</a>.</em></p> <blockquote> <h2>v16.0.8</h2> <blockquote> <p>[!NOTE] This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>Update react version in cna templates (<a href="https://redirect.github.com/vercel/next.js/issues/86950">#86950</a>)</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/huozhi"><code>@huozhi</code></a> for helping!</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vercel/next.js/commit/3f6a39f6f75781f16e1cae0b122ae86150f375be"><code>3f6a39f</code></a> v16.0.9</li> <li><a href="https://github.com/vercel/next.js/commit/75e136ad1e90949ba0e8288bdd1e03a52ecc2b7f"><code>75e136a</code></a> Update React Versions (<a href="https://redirect.github.com/vercel/next.js/issues/40">#40</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/4e20596af880838bf6c40fc235e639b142116a7d"><code>4e20596</code></a> Update React Version (<a href="https://redirect.github.com/vercel/next.js/issues/22">#22</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/fa858489446628dfe9387c54078ebb1de1fbd243"><code>fa85848</code></a> Backport Next.js changes to v16.0.9 (<a href="https://redirect.github.com/vercel/next.js/issues/20">#20</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/817ee56da939545d4b77cc54542f4c45a524e60a"><code>817ee56</code></a> v16.0.8</li> <li><a href="https://github.com/vercel/next.js/commit/b298173dba914e55bc25aa6bdc37d418d587830e"><code>b298173</code></a> Update react version in cna templates (<a href="https://redirect.github.com/vercel/next.js/issues/86950">#86950</a>)</li> <li>See full diff in <a href="https://github.com/vercel/next.js/compare/v16.0.7...v16.0.9">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=next&package-manager=npm_and_yarn&previous-version=16.0.7&new-version=16.0.9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/getsentry/sentry-javascript/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…ts/test-applications/nextjs-16-cacheComponents (#18479) [//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [next](https://github.com/vercel/next.js) from 16.0.7 to 16.0.9. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vercel/next.js/releases">next's releases</a>.</em></p> <blockquote> <h2>v16.0.8</h2> <blockquote> <p>[!NOTE] This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>Update react version in cna templates (<a href="https://redirect.github.com/vercel/next.js/issues/86950">#86950</a>)</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/huozhi"><code>@huozhi</code></a> for helping!</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vercel/next.js/commit/3f6a39f6f75781f16e1cae0b122ae86150f375be"><code>3f6a39f</code></a> v16.0.9</li> <li><a href="https://github.com/vercel/next.js/commit/75e136ad1e90949ba0e8288bdd1e03a52ecc2b7f"><code>75e136a</code></a> Update React Versions (<a href="https://redirect.github.com/vercel/next.js/issues/40">#40</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/4e20596af880838bf6c40fc235e639b142116a7d"><code>4e20596</code></a> Update React Version (<a href="https://redirect.github.com/vercel/next.js/issues/22">#22</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/fa858489446628dfe9387c54078ebb1de1fbd243"><code>fa85848</code></a> Backport Next.js changes to v16.0.9 (<a href="https://redirect.github.com/vercel/next.js/issues/20">#20</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/817ee56da939545d4b77cc54542f4c45a524e60a"><code>817ee56</code></a> v16.0.8</li> <li><a href="https://github.com/vercel/next.js/commit/b298173dba914e55bc25aa6bdc37d418d587830e"><code>b298173</code></a> Update react version in cna templates (<a href="https://redirect.github.com/vercel/next.js/issues/86950">#86950</a>)</li> <li>See full diff in <a href="https://github.com/vercel/next.js/compare/v16.0.7...v16.0.9">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=next&package-manager=npm_and_yarn&previous-version=16.0.7&new-version=16.0.9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/getsentry/sentry-javascript/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

… 4.6.1 (#18349) #18270 bumps just the rollup plugin but we should bump both simultaneously.

…sts/test-applications/nextjs-16-tunnel (#18487) Bumps [next](https://github.com/vercel/next.js) from 16.0.9 to 16.0.10. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vercel/next.js/releases">next's releases</a>.</em></p> <blockquote> <h2>v16.0.10</h2> <p>Please see the <a href="https://nextjs.org/blog/security-update-2025-12-11">Next.js Security Update</a> for information about this security patch.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vercel/next.js/commit/581dee67e280b96c0766172cbd5477102c03342b"><code>581dee6</code></a> v16.0.10</li> <li><a href="https://github.com/vercel/next.js/commit/9a0dc9c55582c1936fa2b0df36cff16518a8d126"><code>9a0dc9c</code></a> Backport <a href="https://redirect.github.com/facebook/react/issues/35351">facebook/react#35351</a> for 16.0.9 (<a href="https://redirect.github.com/vercel/next.js/issues/87085">#87085</a>)</li> <li>See full diff in <a href="https://github.com/vercel/next.js/compare/v16.0.9...v16.0.10">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=next&package-manager=npm_and_yarn&previous-version=16.0.9&new-version=16.0.10)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/getsentry/sentry-javascript/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

This is the functional portion addressing JS-1002. Prior to truncating text messages for their byte length, any inline base64-encoded media properties are filtered out. This allows the message to possibly be included in the span, indicating to the user that a media object was present, without overflowing the allotted buffer for sending data. If a media message is not removed, the fallback is still to simply remove it if its overhead grows too large. Re JS-1002 Re GH-17810

…ests/test-applications/nextjs-pages-dir (#18496) Bumps [next](https://github.com/vercel/next.js) from 14.2.32 to 14.2.35. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vercel/next.js/releases">next's releases</a>.</em></p> <blockquote> <h2>v14.2.35</h2> <p>Please see the <a href="https://nextjs.org/blog/security-update-2025-12-11">Next.js Security Update</a> for information about this security patch.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vercel/next.js/commit/7b940d9ce96faddb9f92ff40f5e35c34ace04eb2"><code>7b940d9</code></a> v14.2.35</li> <li><a href="https://github.com/vercel/next.js/commit/7c1be85a2eb9bd704140ea0dca7a6fdf93e854a7"><code>7c1be85</code></a> Backport <a href="https://redirect.github.com/facebook/react/issues/35351">facebook/react#35351</a> for 14.2.34 (<a href="https://redirect.github.com/vercel/next.js/issues/87095">#87095</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/f3073688ce18878a674fdb9954da68e9d626a930"><code>f307368</code></a> v14.2.34</li> <li><a href="https://github.com/vercel/next.js/commit/8e43882798208066d8fb4c44f9d4362bb4900a1b"><code>8e43882</code></a> Update React Version (<a href="https://redirect.github.com/vercel/next.js/issues/36">#36</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/385e8c286c21db9a15f4ec7bb68c8860caa08e3d"><code>385e8c2</code></a> Backport Next.js changes to v14.2.34 (<a href="https://redirect.github.com/vercel/next.js/issues/29">#29</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/7a2cf51e785225c9dd94969dff80f75b41001708"><code>7a2cf51</code></a> update version script</li> <li><a href="https://github.com/vercel/next.js/commit/778e7bf1211106a4a98298be219e29a28f05df10"><code>778e7bf</code></a> lock swc binaries</li> <li><a href="https://github.com/vercel/next.js/commit/5a97b408c2d8668bed1642d382fc1d78ed3731cc"><code>5a97b40</code></a> v14.2.33</li> <li><a href="https://github.com/vercel/next.js/commit/cb8882437c44f6d8c11f0c09ee4192afc3014a32"><code>cb88824</code></a> backport(v14): omit searchParam data from FlightRouterState before transport ...</li> <li>See full diff in <a href="https://github.com/vercel/next.js/compare/v14.2.32...v14.2.35">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=next&package-manager=npm_and_yarn&previous-version=14.2.32&new-version=14.2.35)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/getsentry/sentry-javascript/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…18376) I came upon this log `Sentry Logger [log]: Adding previous_trace [object Object] link to span [object Object]` and this PR fixes this by stringifying the context. One concern I have with that is that the object could be too large (stringifying takes too long) or circular. But this should be very unlikely in this case. However, if someone else shares this concerns we might change the log to either limit the depth or to only log specific entries of the object (might add bundle size). Closes #18377

Closes: #18499 --------- Co-authored-by: tbeeren <tbeeren@bol.com> Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com> Co-authored-by: Andrei Borza <andrei.borza@sentry.io>

…ests/test-applications/create-next-app (#18494) Bumps [next](https://github.com/vercel/next.js) from 14.2.25 to 14.2.35. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vercel/next.js/releases">next's releases</a>.</em></p> <blockquote> <h2>v14.2.35</h2> <p>Please see the <a href="https://nextjs.org/blog/security-update-2025-12-11">Next.js Security Update</a> for information about this security patch.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vercel/next.js/commit/7b940d9ce96faddb9f92ff40f5e35c34ace04eb2"><code>7b940d9</code></a> v14.2.35</li> <li><a href="https://github.com/vercel/next.js/commit/7c1be85a2eb9bd704140ea0dca7a6fdf93e854a7"><code>7c1be85</code></a> Backport <a href="https://redirect.github.com/facebook/react/issues/35351">facebook/react#35351</a> for 14.2.34 (<a href="https://redirect.github.com/vercel/next.js/issues/87095">#87095</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/f3073688ce18878a674fdb9954da68e9d626a930"><code>f307368</code></a> v14.2.34</li> <li><a href="https://github.com/vercel/next.js/commit/8e43882798208066d8fb4c44f9d4362bb4900a1b"><code>8e43882</code></a> Update React Version (<a href="https://redirect.github.com/vercel/next.js/issues/36">#36</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/385e8c286c21db9a15f4ec7bb68c8860caa08e3d"><code>385e8c2</code></a> Backport Next.js changes to v14.2.34 (<a href="https://redirect.github.com/vercel/next.js/issues/29">#29</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/7a2cf51e785225c9dd94969dff80f75b41001708"><code>7a2cf51</code></a> update version script</li> <li><a href="https://github.com/vercel/next.js/commit/778e7bf1211106a4a98298be219e29a28f05df10"><code>778e7bf</code></a> lock swc binaries</li> <li><a href="https://github.com/vercel/next.js/commit/5a97b408c2d8668bed1642d382fc1d78ed3731cc"><code>5a97b40</code></a> v14.2.33</li> <li><a href="https://github.com/vercel/next.js/commit/cb8882437c44f6d8c11f0c09ee4192afc3014a32"><code>cb88824</code></a> backport(v14): omit searchParam data from FlightRouterState before transport ...</li> <li><a href="https://github.com/vercel/next.js/commit/89ee5615520d593e328be994b30cd445ef5d5c17"><code>89ee561</code></a> v14.2.32</li> <li>Additional commits viewable in <a href="https://github.com/vercel/next.js/compare/v14.2.25...v14.2.35">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=next&package-manager=npm_and_yarn&previous-version=14.2.25&new-version=14.2.35)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/getsentry/sentry-javascript/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…e-propagateTraceparent

Small log improvement as the log message was not quite clear. Before, it read like it's related to the whole session, but this log is about each span. Closes #18508 (added automatically)

#18452) (closes #18438) (closes [JS-1273](https://linear.app/getsentry/issue/JS-1273/bump-typesexpress-to-v5-for-sentrygoogle-cloud-serverless)) This moves the express types as optional peerDependencies. Since we are only relying on `Request` and `Response` and nothing more, this should be a save update. In order to also test against this - I updated the the local types to v5. The pattern of having the types as optional peerDependencies is already given for our Cloudflare SDK: https://github.com/getsentry/sentry-javascript/blob/2ef3938fecf872b3d09006538484e5de97123ac5/packages/cloudflare/package.json#L55-L62

Rewrite the `postgresjs` instrumentation with a new architecture: - Added ESM support via `replaceExports` - Moved to main export wrapping instead of internal module patching - Previously, we were patching `connection.js` and `query.js` internal modules - New approach: We are wrapping the main postgres module export to intercept sql instance creation - Connection context is now stored directly on sql instances using `CONNECTION_CONTEXT_SYMBOL` - `Query.prototype` fallback (CJS only) - Patches `Query.prototype.handle` as a fallback for pre-existing sql instances - Uses `QUERY_FROM_INSTRUMENTED_SQL` marker to prevent duplicate spans Also, - Improved SQL sanitization - `port` attribute is now stored as a number per OTEL semantic conventions - Added fallback regex extraction for operation name when `command` isn't available

…sts/test-applications/nextjs-16 (#18514) Bumps [next](https://github.com/vercel/next.js) from 16.0.9 to 16.0.10. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vercel/next.js/releases">next's releases</a>.</em></p> <blockquote> <h2>v16.0.10</h2> <p>Please see the <a href="https://nextjs.org/blog/security-update-2025-12-11">Next.js Security Update</a> for information about this security patch.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vercel/next.js/commit/581dee67e280b96c0766172cbd5477102c03342b"><code>581dee6</code></a> v16.0.10</li> <li><a href="https://github.com/vercel/next.js/commit/9a0dc9c55582c1936fa2b0df36cff16518a8d126"><code>9a0dc9c</code></a> Backport <a href="https://redirect.github.com/facebook/react/issues/35351">facebook/react#35351</a> for 16.0.9 (<a href="https://redirect.github.com/vercel/next.js/issues/87085">#87085</a>)</li> <li>See full diff in <a href="https://github.com/vercel/next.js/compare/v16.0.9...v16.0.10">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=next&package-manager=npm_and_yarn&previous-version=16.0.9&new-version=16.0.10)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/getsentry/sentry-javascript/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…types (#18509) Add exports for `ExclusiveEventHintOrCaptureContext` and `CaptureContext` closes #18503

Our CI was failing with v1.25.0. Pinned to 1.24.0. More info: modelcontextprotocol/typescript-sdk#1302 Closes #18525 (added automatically)

…ests/test-applications/nextjs-orpc (#18520) Bumps [next](https://github.com/vercel/next.js) from 14.2.32 to 14.2.35. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vercel/next.js/releases">next's releases</a>.</em></p> <blockquote> <h2>v14.2.35</h2> <p>Please see the <a href="https://nextjs.org/blog/security-update-2025-12-11">Next.js Security Update</a> for information about this security patch.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vercel/next.js/commit/7b940d9ce96faddb9f92ff40f5e35c34ace04eb2"><code>7b940d9</code></a> v14.2.35</li> <li><a href="https://github.com/vercel/next.js/commit/7c1be85a2eb9bd704140ea0dca7a6fdf93e854a7"><code>7c1be85</code></a> Backport <a href="https://redirect.github.com/facebook/react/issues/35351">facebook/react#35351</a> for 14.2.34 (<a href="https://redirect.github.com/vercel/next.js/issues/87095">#87095</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/f3073688ce18878a674fdb9954da68e9d626a930"><code>f307368</code></a> v14.2.34</li> <li><a href="https://github.com/vercel/next.js/commit/8e43882798208066d8fb4c44f9d4362bb4900a1b"><code>8e43882</code></a> Update React Version (<a href="https://redirect.github.com/vercel/next.js/issues/36">#36</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/385e8c286c21db9a15f4ec7bb68c8860caa08e3d"><code>385e8c2</code></a> Backport Next.js changes to v14.2.34 (<a href="https://redirect.github.com/vercel/next.js/issues/29">#29</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/7a2cf51e785225c9dd94969dff80f75b41001708"><code>7a2cf51</code></a> update version script</li> <li><a href="https://github.com/vercel/next.js/commit/778e7bf1211106a4a98298be219e29a28f05df10"><code>778e7bf</code></a> lock swc binaries</li> <li><a href="https://github.com/vercel/next.js/commit/5a97b408c2d8668bed1642d382fc1d78ed3731cc"><code>5a97b40</code></a> v14.2.33</li> <li><a href="https://github.com/vercel/next.js/commit/cb8882437c44f6d8c11f0c09ee4192afc3014a32"><code>cb88824</code></a> backport(v14): omit searchParam data from FlightRouterState before transport ...</li> <li>See full diff in <a href="https://github.com/vercel/next.js/compare/v14.2.32...v14.2.35">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=next&package-manager=npm_and_yarn&previous-version=14.2.32&new-version=14.2.35)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/getsentry/sentry-javascript/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…eMessage` parameter types (#18521) Extends these exports to node, cf and bun ref #18509 Closes #18522 (added automatically)

github-actions · 2025-12-16T14:44:23Z

size-limit report 📦

Path	Size	% Change	Change
@sentry/browser	24.81 kB	added	added
@sentry/browser - with treeshaking flags	23.3 kB	added	added
@sentry/browser (incl. Tracing)	41.55 kB	added	added
@sentry/browser (incl. Tracing, Profiling)	46.16 kB	added	added
@sentry/browser (incl. Tracing, Replay)	79.97 kB	added	added
@sentry/browser (incl. Tracing, Replay) - with treeshaking flags	69.7 kB	added	added
@sentry/browser (incl. Tracing, Replay with Canvas)	84.65 kB	added	added
@sentry/browser (incl. Tracing, Replay, Feedback)	96.89 kB	added	added
@sentry/browser (incl. Feedback)	41.52 kB	added	added
@sentry/browser (incl. sendFeedback)	29.49 kB	added	added
@sentry/browser (incl. FeedbackAsync)	34.48 kB	added	added
@sentry/react	26.52 kB	added	added
@sentry/react (incl. Tracing)	43.76 kB	added	added
@sentry/vue	29.27 kB	added	added
@sentry/vue (incl. Tracing)	43.36 kB	added	added
@sentry/svelte	24.82 kB	added	added
CDN Bundle	27.23 kB	added	added
CDN Bundle (incl. Tracing)	42.22 kB	added	added
CDN Bundle (incl. Tracing, Replay)	78.75 kB	added	added
CDN Bundle (incl. Tracing, Replay, Feedback)	84.2 kB	added	added
CDN Bundle - uncompressed	80.02 kB	added	added
CDN Bundle (incl. Tracing) - uncompressed	125.37 kB	added	added
CDN Bundle (incl. Tracing, Replay) - uncompressed	241.41 kB	added	added
CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed	254.17 kB	added	added
@sentry/nextjs (client)	45.98 kB	added	added
@sentry/sveltekit (client)	41.93 kB	added	added
@sentry/node-core	51.6 kB	added	added
@sentry/node	161.48 kB	added	added
@sentry/node - without tracing	93.03 kB	added	added
@sentry/aws-serverless	108.54 kB	added	added

github-actions · 2025-12-16T14:46:42Z

node-overhead report 🧳

Note: This is a synthetic benchmark with a minimal express app and does not necessarily reflect the real-world performance impact in an application.

Scenario	Requests/s	% of Baseline	Prev. Requests/s	Change %
GET Baseline	9,400	-	-	added
GET With Sentry	1,769	19%	-	added
GET With Sentry (error only)	6,163	66%	-	added
POST Baseline	1,188	-	-	added
POST With Sentry	582	49%	-	added
POST With Sentry (error only)	1,033	87%	-	added
MYSQL Baseline	3,283	-	-	added
MYSQL With Sentry	456	14%	-	added
MYSQL With Sentry (error only)	2,679	82%	-	added

Lms24 and others added 30 commits December 10, 2025 14:29

feat(core): Parse individual cookies from cookie header (#18325)

ec8c8c6

Parse each individual cookie header and filter sensitive cookies to at least know which keys the cookie string included. Follow-up on #18311 Closes #18441

feat(node): Add instrument OpenAI export to node (#18461)

5c5c7d4

Until we find a way to automatically instrument OpenAI in Nextjs, we shouldn't block users from using the manual instrumentation. Docs for this are in review already. Closes #18462 (added automatically)

fix(tanstack-router): Check for fromLocation existence before repor…

5affac5

…ting pageload (#18463) Bad condition which short circuits the web vitals from being reported, I included a test anyways even though it doesn't reproduce it. closes #18425 Closes #18464 (added automatically)???

fix(node-core): passthrough node-cron context (#17835)

4b18ffd

Merge pull request #18470 from getsentry/master

0617362

[Gitflow] Merge master into develop

chore: upgrade Playwright to ~1.56.0 for WSL2 compatibility (#18468)

d4301fd

Closes #18469 (added automatically)

feat(node): Support propagateTraceparent

9c2ebf3

Merge branch 'develop' into timfish/feat/node-propagateTraceparent

2abba7d

less otel changes

80d5f5e

Merge branch 'timfish/feat/node-propagateTraceparent' of github.com:g…

805f8dc

…etsentry/sentry-javascript into timfish/feat/node-propagateTraceparent

Revert

c448386

Test http

89f1ee2

More tests and bump size limit

d9fa8ba

feat(nuxt): Bump @sentry/vite-plugin and @sentry/rollup-plugin to…

e9b2df9

… 4.6.1 (#18349) #18270 bumps just the rollup plugin but we should bump both simultaneously.

TBeeren and others added 18 commits December 15, 2025 16:10

feat(browser): Add support for GraphQL persisted operations (#18505)

d1b86bd

Closes: #18499 --------- Co-authored-by: tbeeren <tbeeren@bol.com> Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com> Co-authored-by: Andrei Borza <andrei.borza@sentry.io>

Fix

51b1b89

Merge remote-tracking branch 'upstream/develop' into timfish/feat/nod…

025b5af

…e-propagateTraceparent

Improve logic

4134dab

Include in fields

3cd6b36

Oops

8ce9ede

ref(browser): Improve profiling debug statement (#18507)

c73437f

Small log improvement as the log message was not quite clear. Before, it read like it's related to the whole session, but this log is about each span. Closes #18508 (added automatically)

Merge branch 'develop' into timfish/feat/node-propagateTraceparent

b0c4b09

feat(core): Export captureException and captureMessage parameter …

e42e912

…types (#18509) Add exports for `ExclusiveEventHintOrCaptureContext` and `CaptureContext` closes #18503

test(cloudflare-mcp): Pin mcp sdk to 1.24.0 (#18524)

4068b57

Our CI was failing with v1.25.0. Pinned to 1.24.0. More info: modelcontextprotocol/typescript-sdk#1302 Closes #18525 (added automatically)

feat(core): Add additional exports for captureException and `captur…

6f0b8b4

…eMessage` parameter types (#18521) Extends these exports to node, cf and bun ref #18509 Closes #18522 (added automatically)

Merge branch 'develop' into timfish/feat/node-propagateTraceparent

87d04c4

feat(node): Support propagateTraceparent

8acba7f

andreiborza requested a review from a team as a code owner December 16, 2025 14:30

andreiborza requested review from JPeer264, chargome and nicohrubec December 16, 2025 14:30

meta(changelog): Update changelog for 10.31.0

47e82e3

andreiborza force-pushed the prepare-release/10.31.0 branch from 50ba7f5 to 47e82e3 Compare December 16, 2025 14:31

JPeer264 approved these changes Dec 16, 2025

View reviewed changes

Lms24 approved these changes Dec 16, 2025

View reviewed changes

andreiborza merged commit f2574f9 into master Dec 16, 2025
203 checks passed

andreiborza deleted the prepare-release/10.31.0 branch December 16, 2025 14:53

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

meta(changelog): Update changelog for 10.31.0 #18526

meta(changelog): Update changelog for 10.31.0 #18526

Uh oh!

andreiborza commented Dec 16, 2025

Uh oh!

github-actions bot commented Dec 16, 2025

Uh oh!

github-actions bot commented Dec 16, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

15 participants

Uh oh!

meta(changelog): Update changelog for 10.31.0 #18526

meta(changelog): Update changelog for 10.31.0 #18526

Uh oh!

Conversation

andreiborza commented Dec 16, 2025

Uh oh!

github-actions bot commented Dec 16, 2025

size-limit report 📦

Uh oh!

github-actions bot commented Dec 16, 2025

node-overhead report 🧳

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

15 participants