meta(changelog): Update changelog for 10.50.0#20461
Merged
Conversation
[Gitflow] Merge master into develop
This PR handles stateless MCP wrappers by using the connected transport instance as the stable MCP correlation key across wrapper layers. I verified the issue and the fix by adding a regression test for stateless wrapper transports where the request path runs on the inner transport and the response path runs on the wrapper. Closes #20290 --------- Co-authored-by: GPT-5 <noreply@anthropic.com>
## Summary - add an LCP plausibility guard to drop implausible browser-reported values above 60 seconds - apply the guard to both pageload LCP measurements and standalone LCP spans - add focused unit tests for valid and invalid LCP values --------- Co-authored-by: GPT-5 <noreply@anthropic.com>
This was broken and blocked upstream. closes #19485
Bumps [protobufjs](https://github.com/protobufjs/protobuf.js) from 7.5.4 to 7.5.5. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md">protobufjs's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2><a href="https://github.com/protobufjs/protobuf.js/compare/protobufjs-v8.0.0...protobufjs-v8.0.1">8.0.1</a> (2026-03-11)</h2> <h3>Bug Fixes</h3> <ul> <li>bump protobufjs dependency version for cli package (<a href="https://redirect.github.com/protobufjs/protobuf.js/issues/2128">#2128</a>) (<a href="https://github.com/protobufjs/protobuf.js/commit/549b05ecd95e23da40fa1a36a9336c57946b8377">549b05e</a>)</li> <li>correct json syntax in tsconfig.json (<a href="https://redirect.github.com/protobufjs/protobuf.js/issues/2120">#2120</a>) (<a href="https://github.com/protobufjs/protobuf.js/commit/80656255c75000f3e954e036cdfcb5bfd0a8c687">8065625</a>)</li> <li><strong>descriptor:</strong> guard oneof index for non-Type parents (<a href="https://redirect.github.com/protobufjs/protobuf.js/issues/2122">#2122</a>) (<a href="https://github.com/protobufjs/protobuf.js/commit/1cac5cf811d0855b27dcde73a3a04d15efde3728">1cac5cf</a>)</li> <li>do not allow setting <strong>proto</strong> in Message constructor (<a href="https://redirect.github.com/protobufjs/protobuf.js/issues/2126">#2126</a>) (<a href="https://github.com/protobufjs/protobuf.js/commit/f05e3c3bdd0b3c2cddbf8540bb5bd4d394a693ad">f05e3c3</a>)</li> <li>filter invalid characters from the type name (<a href="https://redirect.github.com/protobufjs/protobuf.js/issues/2127">#2127</a>) (<a href="https://github.com/protobufjs/protobuf.js/commit/535df444ac060243722ac5d672db205e5c531d75">535df44</a>)</li> </ul> <h2><a href="https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v8.0.0">8.0.0</a> (2025-12-16)</h2> <h3>⚠ BREAKING CHANGES</h3> <ul> <li>add Edition 2024 Support (<a href="https://redirect.github.com/protobufjs/protobuf.js/issues/2060">#2060</a>)</li> </ul> <h3>Features</h3> <ul> <li>add Edition 2024 Support (<a href="https://redirect.github.com/protobufjs/protobuf.js/issues/2060">#2060</a>) (<a href="https://github.com/protobufjs/protobuf.js/commit/53e8492cbaae2c741801fa50b5f908ff5129c3d7">53e8492</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/protobufjs/protobuf.js/commit/b7bdfaf91d7bf279326f2d043b633da0a2dbfe47"><code>b7bdfaf</code></a> chore: release 7.5.5</li> <li><a href="https://github.com/protobufjs/protobuf.js/commit/ff7b2afef8754837cc6dc64c864cd111ab477956"><code>ff7b2af</code></a> fix: filter invalid characters from the type name (<a href="https://redirect.github.com/protobufjs/protobuf.js/issues/2127">#2127</a>)</li> <li><a href="https://github.com/protobufjs/protobuf.js/commit/086b19d00d1d01e801d6ccc2ae3f207bb1b06482"><code>086b19d</code></a> fix: do not allow setting <strong>proto</strong> in Message constructor (<a href="https://redirect.github.com/protobufjs/protobuf.js/issues/2126">#2126</a>)</li> <li>See full diff in <a href="https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~fenster">fenster</a>, a new releaser for protobufjs since your current version.</p> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/getsentry/sentry-javascript/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…20336) Extracted out from #20270 This rewrites how we run verdaccio to run this as node process instead of via docker. For this, I pinned the latest verdaccio version in the e2e package, and run it via node APIs as a detached process. This also means no more docker requirement to run this stuff locally. Works both with `yarn test:run xxx` for local usage as well as with `yarn test:prepare` for CI usage.
…ration` (#20352) This PR adds span processing support for the `cultureContextIntegration` plus a few integration API additions to make span processing on an integration level easier: - `Integration::processSegmentSpan` - `Integration::processSpan` - register a `processSegmentSpan` callback on `cultureContextIntegration` that adds the attributes. All attributes are already registered in sentry conventions: https://getsentry.github.io/sentry-conventions/attributes/culture/ - adds a span streaming-specific integration test in addition to the already existing error/event-based integration test closes #20353 closes #20354
The `graphqlClientIntegration` didn’t enrich spans for GraphQL requests to relative URLs because the handler used `url.full` or `http.url` to identify the request URL. However, in `packages/core/src/fetch.ts:382-386`, the fetch instrumentation only sets `http.url` for non-relative URLs and never sets `url.full`. Therefore, for relative endpoints, `httpUrl` was `undefined`, failed the `isString` guard, and the enrichment bailed out silently. By adding`spanAttributes['url']` as a third option. Scoped to the graphqlClient integration, this ensures enrichment happens and it's only scoped to the gql integration. The alternative was to populate `http.url` (or `url.full`) for relative URLs in `getFetchSpanAttributes` which is dangerous because `http.url` is a span attribute many users filter, group, alert, and build dashboards on. With this change, the `endpoints` matcher now sees the relative path (e.g. `/graphql`) instead of an absolute URL. If a user configured `endpoints` with an absolute-URL regex and uses relative fetches, that pattern won't match the relative form. However this changes nothing today because it never worked before (was `undefined`). closes #20292 Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…on (#20358) - Vendors and adapts [`otel-tracing-channel`](https://github.com/logaretm/otel-tracing-channel) into `@sentry/opentelemetry` - Provides a drop-in `tracingChannel()` wrapper around Node.js `TracingChannel` that automatically binds OTel context propagation via `bindStore` - Uses our public `getAsyncLocalStorageLookup()` API to access the ALS instead of relying on OTel private `_asyncLocalStorage` internals - `subscribe`/`unsubscribe` accept partial subscriber objects so callers only provide handlers they need The util is exposed in a subpath export because nextjs does not externalize `node:diagnostic_channels` and will crash. --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Adds a Hono subexport for the Bun runtime Internal Linear issue: https://linear.app/getsentry/issue/JS-2038/hono-add-bun-support-3
… requiring a parent (#20350) This PR adds reporting a client discard outcome for spans we skip because they require a parent span to be active. This happens when `onlyIfParent: true` is set when starting spans, or in custom logic for `http.client` spans. With this PR, we should now get a much clearer picture of how many spans users are missing out on. In span streaming, we'll always emit them (see #17932) spans. closes https://linear.app/getsentry/issue/SDK-1123/add-client-report-outcome-for-dropped-spans-because-of-missing-parent --------- Co-authored-by: s1gr1d <32902192+s1gr1d@users.noreply.github.com>
Expose replay lifecycle events on the client so external consumers can observe when recording starts and stops. This includes internal stops (session expiry, send errors, mutation limit, event buffer overflow) that today are invisible to wrapper libraries. Closes #20281. ## API ```ts getClient()?.on('replayStart', ({ sessionId, recordingMode }) => { // recordingMode: 'session' | 'buffer' }); getClient()?.on('replayEnd', ({ sessionId, reason }) => { // reason: 'manual' | 'sessionExpired' | 'sendError' | 'mutationLimit' // | 'eventBufferError' | 'eventBufferOverflow' }); ``` The typed `reason` union lets consumers distinguish a user-initiated `replay.stop()` from an internally triggered stop, so wrapper state can stay in sync with actual replay state. --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Each `test` run in the node-integration-tests runs a new node process so it should be avoided to have multiple `test` calls within one scenario. The tests for the `honoIntegration` in Node were especially long-running because there were 480 test cases running a `test`. This was now changed to just two `test` scenarios while running the test matrix within this one test. All 12 tests now pass in about 8 seconds. **Before:** 480 test cases (2 routes x 5 methods x 3 paths x 8 tests x 2 modes), each spawning a separate Node process. **After:** 12 test cases (6 per mode x 2 modes): 1. **Transaction tests** (1 test per mode) — loops through all 90 route/method/path/type combinations inside a single test, making 90 sequential requests against one running server process. 2. **500 error tests** (1 test per mode) — loops through all 30 combinations, ignoring transactions and asserting error events. 3. **4xx ignored error tests** (4 tests per mode) — tests each error sub-path (`/401`, `/402`, `/403`, `/does-not-exist`) with a single representative combination (`GET /sync`) instead of all 120 combinations. The 4xx error-filtering behavior (`statusCode >= 500` check in `defaultShouldHandleError`) is method/route/path-agnostic, so full matrix coverage isn't needed here.
…xception (#20366) This PR passes the rejection reason to `captureException` as `originalException`. Previously it was passing the promise which was useless to users. This aligns Node with browser/onUncaughtException behavior as well. closes #20325 Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Currently the size-limits are failing by ~40bytes on develop.
Rename `GoogleGenAIIstrumentedMethod` to `GoogleGenAIInstrumentedMethod` (previously missing an 'n'). The misspelled name is kept as a deprecated type alias and is still re-exported from `@sentry/core`, so existing consumers continue to work without changes. The deprecated alias will be removed in the next major version.
…d-method-typo fix(core): Correct GoogleGenAIIstrumentedMethod typo in type name
Adds a minimal E2E test setup. More tests are added later on - to keep reviewing this easier. Adds a testing matrix where each test uses a different entry point. This way, only one E2E application needs to be added and we have an easier time keeping the tests and functionality in sync across runtimes. Closes #20403
This PR is only renaming Effect v3 e2e tests, which had no versioning, to one with a version. This makes it easier in the future to distinguish between Effect v3 and v4 tests. So effectively this has changed: - `effect-node` -> `effect-3-node` - `effect-browser` -> `effect-3-browser`
This adds support to Effect v4, but also keeps the compatibility for v3.
There is no way that we can unit test against v3, as the
`devDependencies` need to use `effect@4` and an updated `@effect/vitest`
version, which is not compatible with Effect v3 (this is added in
The API for Effect v4 has changed a little, so there are safeguards to
detect if it is v3 or v4 and uses the correct API. The good part is that
for users nothing changed, so they still can use the same methods in
their app as before (ofc, respecting the new Effect v4 API).
Before (Effect v3):
```ts
const SentryLive = Layer.mergeAll(
Sentry.effectLayer({
dsn: '__DSN__',
tracesSampleRate: 1.0,
enableLogs: true,
}),
Layer.setTracer(Sentry.SentryEffectTracer),
Logger.replace(Logger.defaultLogger, Sentry.SentryEffectLogger),
Sentry.SentryEffectMetricsLayer,
);
```
After (Effect v4):
```js
const SentryLive = Layer.mergeAll(
Sentry.effectLayer({
dsn: '__DSN__',
tracesSampleRate: 1.0,
enableLogs: true,
}),
Layer.succeed(Tracer.Tracer, Sentry.SentryEffectTracer),
Logger.layer([Sentry.SentryEffectLogger]),
Sentry.SentryEffectMetricsLayer,
);
```
Both usages still work and are represented in the E2E tests.
- Export the integration from all CDN tracing bundles and shim for non-tracing bundles. - Remove the CDN test skips in the browser integration tests since this should work now. - Reserve `_streamed` in the terser mangler so `withStreamedSpan`'s marker survives minification in CDN bundles. - Some additional test changes were needed to make CI happy. Mostly cases where certain browsers don't emit some attributes but we check for strict equality with `toEqual`. Closes #20273
An interval is set to keep the scenario file running in the vercel/sigterm-flush integration test. Ensure that the interval is cleared once the SIGTERM signal arrives, so that the scenario process can exit normally.
…ccio (#20386) This PR completely removes verdaccio in favor of referencing the built tarballs directly. We rely on pnpm overrides which we inject into the test app to ensure that also transitive dependencies are correct. This is basically instant and reduces about 20s of verdaccio/registry preparation time we used to have before each e2e test app. ## How it works * We use a reference to a tarball for internal dependencies in our e2e tests. these are virtual files in /packed directory, e.g. `"@sentry/browser": "file:../../packed/sentry-browser-packed.tgz",` * `yarn test:prepare` will create/update those packed files with symlinks to the current tarballs (which have the version in their filename so we cannot just link to them directly consistently) * Additionally, we adjust the created test apps in the tmp dir by adding a `pnpm.overrides` section for all our apps pointing them to the packed folder, to ensure we get these as transitive dependencies as well Locally, you can continue to use `yarn test:run test-app-name` and it will do all of that under the hood, nothing else needed (except to generate the tarballs, as before). On CI I adjusted the places to run the necessary pieces in addition to ensure everything works as expected. ## Example generated test app It effectively creates a package.json for the test app that looks like this: ```json { "name": "node-hapi", "version": "1.0.0", "private": true, "scripts": { "build": "tsc", "start": "node src/app.js", "test": "playwright test", "clean": "npx rimraf node_modules pnpm-lock.yaml", "test:build": "pnpm install", "test:assert": "pnpm test" }, "dependencies": { "@hapi/boom": "10.0.1", "@hapi/hapi": "21.3.10", "@sentry/node": "file:../../packed/sentry-node-packed.tgz" }, "devDependencies": { "@playwright/test": "~1.56.0", "@sentry-internal/test-utils": "link:~/my-app/dev-packages/test-utils" }, "volta": { "extends": "~/my-app/dev-packages/e2e-tests/package.json" }, "pnpm": { "overrides": { "@sentry-internal/browser-utils": "file:~/my-app/dev-packages/e2e-tests/packed/sentry-internal-browser-utils-packed.tgz", "@sentry-internal/eslint-config-sdk": "file:~/my-app/dev-packages/e2e-tests/packed/sentry-internal-eslint-config-sdk-packed.tgz", "@sentry-internal/eslint-plugin-sdk": "file:~/my-app/dev-packages/e2e-tests/packed/sentry-internal-eslint-plugin-sdk-packed.tgz", "@sentry-internal/feedback": "file:~/my-app/dev-packages/e2e-tests/packed/sentry-internal-feedback-packed.tgz", "@sentry-internal/replay": "file:~/my-app/dev-packages/e2e-tests/packed/sentry-internal-replay-packed.tgz", "@sentry-internal/replay-canvas": "file:~/my-app/dev-packages/e2e-tests/packed/sentry-internal-replay-canvas-packed.tgz", "@sentry-internal/typescript": "file:~/my-app/dev-packages/e2e-tests/packed/sentry-internal-typescript-packed.tgz", "@sentry/angular": "file:~/my-app/dev-packages/e2e-tests/packed/sentry-angular-packed.tgz", "@sentry/astro": "file:~/my-app/dev-packages/e2e-tests/packed/sentry-astro-packed.tgz", "@sentry/aws-serverless": "file:~/my-app/dev-packages/e2e-tests/packed/sentry-aws-serverless-packed.tgz", "@sentry/browser": "file:~/my-app/dev-packages/e2e-tests/packed/sentry-browser-packed.tgz", "@sentry/bun": "file:~/my-app/dev-packages/e2e-tests/packed/sentry-bun-packed.tgz", "@sentry/cloudflare": "file:~/my-app/dev-packages/e2e-tests/packed/sentry-cloudflare-packed.tgz", "@sentry/core": "file:~/my-app/dev-packages/e2e-tests/packed/sentry-core-packed.tgz", "@sentry/deno": "file:~/my-app/dev-packages/e2e-tests/packed/sentry-deno-packed.tgz", "@sentry/effect": "file:~/my-app/dev-packages/e2e-tests/packed/sentry-effect-packed.tgz", "@sentry/elysia": "file:~/my-app/dev-packages/e2e-tests/packed/sentry-elysia-packed.tgz", "@sentry/ember": "file:~/my-app/dev-packages/e2e-tests/packed/sentry-ember-packed.tgz", "@sentry/gatsby": "file:~/my-app/dev-packages/e2e-tests/packed/sentry-gatsby-packed.tgz", "@sentry/google-cloud-serverless": "file:~/my-app/dev-packages/e2e-tests/packed/sentry-google-cloud-serverless-packed.tgz", "@sentry/hono": "file:~/my-app/dev-packages/e2e-tests/packed/sentry-hono-packed.tgz", "@sentry/nestjs": "file:~/my-app/dev-packages/e2e-tests/packed/sentry-nestjs-packed.tgz", "@sentry/nextjs": "file:~/my-app/dev-packages/e2e-tests/packed/sentry-nextjs-packed.tgz", "@sentry/node": "file:~/my-app/dev-packages/e2e-tests/packed/sentry-node-packed.tgz", "@sentry/node-core": "file:~/my-app/dev-packages/e2e-tests/packed/sentry-node-core-packed.tgz", "@sentry/node-native": "file:~/my-app/dev-packages/e2e-tests/packed/sentry-node-native-packed.tgz", "@sentry/nuxt": "file:~/my-app/dev-packages/e2e-tests/packed/sentry-nuxt-packed.tgz", "@sentry/opentelemetry": "file:~/my-app/dev-packages/e2e-tests/packed/sentry-opentelemetry-packed.tgz", "@sentry/profiling-node": "file:~/my-app/dev-packages/e2e-tests/packed/sentry-profiling-node-packed.tgz", "@sentry/react": "file:~/my-app/dev-packages/e2e-tests/packed/sentry-react-packed.tgz", "@sentry/react-router": "file:~/my-app/dev-packages/e2e-tests/packed/sentry-react-router-packed.tgz", "@sentry/remix": "file:~/my-app/dev-packages/e2e-tests/packed/sentry-remix-packed.tgz", "@sentry/solid": "file:~/my-app/dev-packages/e2e-tests/packed/sentry-solid-packed.tgz", "@sentry/solidstart": "file:~/my-app/dev-packages/e2e-tests/packed/sentry-solidstart-packed.tgz", "@sentry/svelte": "file:~/my-app/dev-packages/e2e-tests/packed/sentry-svelte-packed.tgz", "@sentry/sveltekit": "file:~/my-app/dev-packages/e2e-tests/packed/sentry-sveltekit-packed.tgz", "@sentry/tanstackstart": "file:~/my-app/dev-packages/e2e-tests/packed/sentry-tanstackstart-packed.tgz", "@sentry/tanstackstart-react": "file:~/my-app/dev-packages/e2e-tests/packed/sentry-tanstackstart-react-packed.tgz", "@sentry/types": "file:~/my-app/dev-packages/e2e-tests/packed/sentry-types-packed.tgz", "@sentry/vercel-edge": "file:~/my-app/dev-packages/e2e-tests/packed/sentry-vercel-edge-packed.tgz", "@sentry/vue": "file:~/my-app/dev-packages/e2e-tests/packed/sentry-vue-packed.tgz", "@sentry/wasm": "file:~/my-app/dev-packages/e2e-tests/packed/sentry-wasm-packed.tgz" } } } ``` then installs this normally with the regular registry.
ref #20165 This vendors the instrumentation in with no logic changes as a first step. Here we can likely do a lot of cleanup and possibly already refactor this away from using an OTEL instrumentation base at all even in v10, as this is fully diagnostics channel based already.
It's not needed to have all runtime-related dependencies installed. People should explicitly install the package needed for the respective runtime. Ref #15260
On AWS Lambda, the Node.js runtime replaces `console.*` methods [with its own loggers](https://github.com/aws/aws-lambda-nodejs-runtime-interface-client/blob/9ab0fac53c768d6d8901dca9788c729d8eba94ec/src/logging/log-patch.ts#L77-L83). This means Sentry's console instrumentation gets silently overwritten, and integrations like `consoleLoggingIntegration` stop capturing console output entirely. This PR fixes that by introducing a `defineProperty`-based patching strategy for Lambda environments. Instead of simply assigning a wrapper to `console.log` (which Lambda can overwrite), we define a getter/setter on the console property. When the Lambda runtime assigns its logger, the setter intercepts it, stores the new function as the underlying delegate, and keeps Sentry's wrapper in place. The handler continues to fire, and the Lambda logger still gets called underneath (I checked that manually - the log is still shown in the CloudWatch logs). This behavior is guarded behind `process.env.LAMBDA_TASK_ROOT`, so non-Lambda environments continue to use the existing `fill()`-based patching with zero behavioral change. If `defineProperty` fails for any reason, it falls back to `fill()`. The setter also handles `consoleSandbox` correctly (recognizes when it restores the original method and allows it through), and defers to other Sentry wrappers by checking for `__sentry_original__`. Closes #18238
Adds `--package` to binary scripts so the usage invokes the correct script. Closes #20422
…20437) The SDK buckets sessions by minute-rounded timestamp. When a test's sequential requests run across a minute boundary, the payload splits across two `aggregates` buckets and the existing single-bucket assertion fails. To resolve this, this PR replaces the single bucket check with a sum across all returned buckets to ensure the total count is correct even if events are split across buckets. The same pattern exists in our `node-core` and `node` integration tests. Closes #20283 Closes #20436 Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Removes `undefined` as users should always provide the options to at least provide the DSN. Reference #15260
…0429) Replace the stdout `readyMatches` approach in the node-integration-tests runner with Docker native healthchecks + `docker compose up -d --wait`. The old approach matched log substrings like `'port 5432'`, which can fire too early when the server is not actually yet accepting connections resulting in flakes. Each `docker-compose.yml` now defines a proper healthcheck (e.g. pg_isready) and the runner blocks on `--wait` until every service reports healthy. Also renames the redis-cache container to avoid collision with redis. Closes #20418 Closes #20335 --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
I noticed we have two e2e tests with variants that have no build/assert command. This will essentially run the same test twice, once normally and once with a different label. So just removing the variant cuts down two e2e tests.
#20197) The `sessions/route-lifecycle` Playwright test flakes because `getMultipleSentryEnvelopeRequests` starts a 4000ms timeout **before** `page.goto()`. By the time page load + selector wait + 3 sequential clicks complete, the timeout can expire with only 3 of 4 expected `init` sessions captured. This PR replaces the timeout-based collection approach with sequential `waitForSession` calls — the same deterministic pattern already used in `start-session`, `initial-scope`, and `user` session tests: --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Lms24 <8420481+Lms24@users.noreply.github.com>
…0441) I ran into a bunch of issues trying to run this locally. This adjusts things slightly so that it runs locally, taking care of setting up sam consistently. Relevant changes: * Renamed the e2e test application to be consistent with app name * Streamlined how/when we use a dedicated node version. Now, by default we use node 20 and a respective docker image. We also run variants on CI for node 18 and node 22. * Added a minimal samconfig.toml because I noticed locally it was loudly complaining about this missing * Streamlined the invocation of `sam` to be a bit more consistent. * Made sam stuff compatibler with macos arm setups, this failed locally for me. * Added a nicer error message if sam is not installed, as you need to manually install this locally to run this test.
The test asserted on values[0], which flakes when the error arrives as a chained exception. Match by mechanism type instead, so the assertion holds regardless of ordering. Closes #20446 Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
When creating worktrees within Claude Code they are created within `.claude/worktrees`. That PR ignores this folder
closes #20409 closes [JS-2233](https://linear.app/getsentry/issue/JS-2233/sentrycloudflare-root-httpserver-span-lost-on-streaming-responses) ## Problem The issue is that we had a `waitUntil?.(streamMonitor);` that waited until the stream was done. `streamMonitor` could [potentially live forever](https://developers.cloudflare.com/workflows/reference/limits/#wall-time-limits-by-invocation-type), while `waitUntil` has a limit of [30 seconds](https://developers.cloudflare.com/workers/runtime-apis/context/#waituntil) until it is getting cancelled. With the current approach we allow streams only being open for 30 seconds - then the `waitUntil` would cancel the request. This can only be reproduced when deployed, that is the reason why we didn't notice in our test cases. ## Solution By removing the `waitUntil` there is no hard limit, but we still have to wait until the stream is over in order to end our spans and flush accordingly. This can be achieved with [TransformStream](https://developers.cloudflare.com/workers/runtime-apis/streams/transformstream/), where we simply use the stream body from the client and pipe it through our transformer. With `flush` and `cancel` we know exactly when the stream would end or be cancelled - which is the only thing we need. There is btw no reason to add integration of E2E tests, as `miniflare` doesn't have this limitation and it couldn't be reproduced, so the tests would always succeed. The unit tests are kinda simulating that by checking if `waitUntil` is getting called or not. I also figured that the client isn't getting disposed and would leak memory - this PR is also fixing that (see screenshots). ## Some evidence repro: https://github.com/JPeer264/sentry-repros/tree/issue-20409 cloudflare logs before: <img width="878" height="580" alt="image" src="https://github.com/user-attachments/assets/82636c8f-5471-40d6-a058-9d60928f3359" /> cloudflare logs after: <img width="877" height="708" alt="image" src="https://github.com/user-attachments/assets/7cb8f96f-b1c5-40e5-a838-47eafe474223" /> Sentry trace: https://sentry-sdks.sentry.io/explore/traces/trace/29a307b1272e48dbb3a87c270c487e5a/ <img width="892" height="82" alt="Screenshot 2026-04-22 at 15 03 32" src="https://github.com/user-attachments/assets/c95097ee-8c58-428f-ad93-3dbc0b656ac7" />
…attributes (#20430) It appears that `httpVersion` can be `undefined` in some cases, and even tho the node types don't suggest that we do seem to treat it as such in other parts of the code so I assume we have run into this before. This PR guards against this specific usage here as this is the only place where it wasn't guarded. Fixes #20415 --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
## Summary Bumps `nx` from 22.5.0 (Feb 9) to 22.6.5 (Apr 10). This may (??) help with some cache restoration issues we have on CI, it's worth a try at least. ## Changelog (22.5.0 → 22.6.5) ### Potentially relevant to us - **⚠️ Vitest breaking change (22.6.0):** `reportsDirectory` is now resolved against workspace root instead of project root. We don't set a custom `reportsDirectory` in our vitest configs, so this should be a no-op. - **Batch executor fix (22.6.2):** Batch executor no longer errors on prematurely completed tasks — could improve reliability of our parallel builds. - **Prevent batch executor hang (22.6.5):** Fixes premature worker exit causing hangs — relevant since we use Nx's batch execution for build tasks. - **Infer extended tsconfig files as task inputs (22.6.2):** Tsconfig files referenced via `extends` are now automatically tracked as inputs. More accurate cache invalidation for our `build:types` tasks. - **Dangling symlinks handled during cache restore (22.6.0):** Could fix obscure cache restore failures in our yarn workspace setup. - **False positive loop detection with Bun resolved (22.6.0):** Relevant for `@sentry/bun` builds. - **Recursive FSEvents on macOS (22.6.0):** Fixes file watching to use recursive FSEvents instead of non-recursive kqueue — improves `build:watch` reliability on macOS dev machines. - **Shell metacharacters properly quoted in CLI args (22.6.1):** Fixes potential issues when task names or args contain special characters. - **Prevent DB corruption from concurrent initialization (22.6.1):** Fixes race conditions in Nx's task database. - **`windowsHide: true` on all child process spawns (22.6.1):** Cleaner CI on Windows (if applicable). - **TUI crash prevention (22.6.0, 22.6.2):** Multiple fixes for TUI panics/crashes. - **Misc perf fixes (22.6.5):** Multiple TUI performance improvements. - **Security: bumps axios to 1.15.0 (CVE-2026-25639), minimatch (CVE-2026-26996), ejs to 5.0.1, postcss-loader (yaml CVE)** ### Not relevant to us (for completeness) - Angular v21.2, ESLint v10, Vite 8 support - Gradle/Maven improvements - AI agent mode in `nx init` - `nx polygraph` command (cross-repo sessions) - Module federation fixes - React Native esbuild migration - Various `create-nx-workspace` improvements ## Test plan - [ ] CI build passes - [ ] `yarn build` works locally 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This PR splits the aws-serverless test app into two, aws-serverless, which tests the npm package directly, and aws-serverless-layer, which tests using the layer. This allowed to make the test app easier to understand and follow and make the dependency graph clearer as well. I choose to run the layer in different node versions and the npm stuff only in node 20, IMHO that should be good enough, I don't think we need to also run the npm stuff in all the node versions, so we can reduce the number of test apps a bit.
…lopes (#20208) There was one flaky test, which got me a little deeper into the `runner.ts` logic. This test was only passing when it was running / finishing first. With the `shuffle` flag it was consistently failing, this is why this is added in this PR as well. Furthermore a random port will be created for each runner by setting `--port 0`, this just makes sure that when running `wrangler dev` in another tab, while running the tests, the local development has the default `:8787` port. `.makeRequestAndWaitForEnvelope` has been added that is making a request and then waits for an envelope, with that we make sure that flush has been called before going to the next request. The issue is that miniflare might cancel ongoing `waitUntil` calls (where we flush)
Contributor
size-limit report 📦
|
s1gr1d
reviewed
Apr 23, 2026
|
|
||
| - **feat(hono): Add `@sentry/hono/bun` for Bun runtime ([#20355](https://github.com/getsentry/sentry-javascript/pull/20355))** | ||
|
|
||
| A new `@sentry/hono/bun` entry point adds first-class support for running Hono applications instrumented with Sentry on the Bun runtime. |
Member
There was a problem hiding this comment.
Maybe we can point them to the package docs here for explanation and people can also see it's still alpha
s1gr1d
approved these changes
Apr 23, 2026
JPeer264
force-pushed
the
prepare-release/10.50.0
branch
from
db07701 to
7b584c4
Compare
nicohrubec
approved these changes
Apr 23, 2026
![sentry[bot]](https://avatars.githubusercontent.com/in/12637?s=60&v=4){kind=small}
Comment on lines
+32
to
+39
| if (process.env.LAMBDA_TASK_ROOT) { | ||
| maybeInstrument('console', instrumentConsoleLambda); | ||
| } | ||
|
|
||
| // Delegate breadcrumb handling to the core console integration. | ||
| const core = coreConsoleIntegration(options); | ||
| core.setup?.(client); | ||
| }, |
There was a problem hiding this comment.
Bug: Reusing the same consoleIntegration instance across multiple client initializations will register duplicate global handlers, causing multiple breadcrumbs for each console log.
Severity: LOW
Suggested Fix
Add a deduplication check within the consoleIntegration's setup method. Before calling core.setup(), check a global flag or a property on the integration instance itself to ensure it has not been set up before. This would prevent the addConsoleInstrumentationHandler from being called multiple times for the same integration instance, even across different clients.
Prompt for AI Agent
Review the code at the location below. A potential bug has been identified by an AI
agent. Verify if this is a real issue. If it is, propose a fix; if not, explain why it's
not valid.
Location: packages/node-core/src/integrations/console.ts#L32-L39
Potential issue: The `consoleIntegration`'s `setup` method registers a handler in a
global array via `addHandler`. This function lacks deduplication, so if `setup` is
called multiple times, the handler is added multiple times. While the SDK prevents
re-setup of an integration for the same client, it does not prevent it globally. If a
user manually reuses the same `consoleIntegration` instance across multiple
`Sentry.init()` calls for different clients, the handler will be registered for each
client, resulting in duplicate breadcrumbs for every console message. This is an edge
case, as typical usage involves creating a new integration instance per `init()` call.
Did we get this right? 👍 / 👎 to inform future reviews.
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 7b584c4. Configure here.
| path: createCDNPath('bundle.tracing.min.js'), | ||
| gzip: true, | ||
| limit: '45 KB', | ||
| limit: '46.5 KB', |
There was a problem hiding this comment.
Browser bundle size limits increased across multiple packages
Low Severity
Multiple browser package bundle size limits were increased: gzipped CDN bundles grew by 1–1.5 KB (e.g., tracing bundle 45→46.5 KB), and uncompressed bundles grew by up to 4.5 KB (e.g., tracing+replay 251→255.5 KB). The review rules require flagging large bundle size increases in browser packages even when unavoidable. This is flagged because it was mentioned in the rules file.
Additional Locations (2)
Triggered by project rule: PR Review Guidelines for Cursor Bot
Reviewed by Cursor Bugbot for commit 7b584c4. Configure here.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.