[pull] master from getsentry:master #2
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![pull[bot]](https://avatars.githubusercontent.com/in/12910?s=60&v=4){kind=small}
[Gitflow] Merge master into develop
This PR adds the external contributor to the CHANGELOG.md file, so that they are credited for their contribution. See #14629 Co-authored-by: mydea <2411343+mydea@users.noreply.github.com>
It was noticed that we were creating breadcrumbs for sentry-internal requests, which is not desired. This was introduced by us moving breadcrumb generation out of the base http/fetch instrumentation into our own, where we did not look at `suppressTracing`. Now, when tracing is suppressed, no fetch/http breadcrumbs will be created.
Resolves: #16309 I tried to make as few modifications as possible for easier updates from the original implementation in the future. - Converted `require`s and `module.export`s to `import`s and `exports` - Created a local `eslint` configuration - Hard-coded `name` and `version` to the vendored version instead of reading from `package.json`
Just a small refactor, noticed this while working on other browser sdk stuff. Moving this into a dedicated file decouples this from the core SDK functionality, which this IMHO is not (anymore). Also, we can streamline the code slightly for efficiency.
meta(changelog): Update changelog for 9.21.0
Bumps [@sentry/rollup-plugin](https://github.com/getsentry/sentry-javascript-bundler-plugins) from 3.1.2 to 3.2.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/getsentry/sentry-javascript-bundler-plugins/releases"><code>@sentry/rollup-plugin</code>'s releases</a>.</em></p> <blockquote> <h2>3.2.1</h2> <ul> <li>deps: Bump <code>@sentry/cli</code> to 2.42.2 (<a href="https://redirect.github.com/getsentry/sentry-javascript-bundler-plugins/issues/685">#685</a>)</li> </ul> <h2>3.2.0</h2> <ul> <li>feat(core): Accept and await a promise in <code>sourcemaps.filesToDeleteAfterUpload</code> (<a href="https://redirect.github.com/getsentry/sentry-javascript-bundler-plugins/issues/677">#677</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/getsentry/sentry-javascript-bundler-plugins/blob/main/CHANGELOG.md"><code>@sentry/rollup-plugin</code>'s changelog</a>.</em></p> <blockquote> <h2>3.2.1</h2> <ul> <li>deps: Bump <code>@sentry/cli</code> to 2.42.2 (<a href="https://redirect.github.com/getsentry/sentry-javascript-bundler-plugins/issues/685">#685</a>)</li> </ul> <h2>3.2.0</h2> <ul> <li>feat(core): Accept and await a promise in <code>sourcemaps.filesToDeleteAfterUpload</code> (<a href="https://redirect.github.com/getsentry/sentry-javascript-bundler-plugins/issues/677">#677</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/getsentry/sentry-javascript-bundler-plugins/commit/4c79586f5a6092a9f36041e4b5ea5438a3886759"><code>4c79586</code></a> release: 3.2.1</li> <li><a href="https://github.com/getsentry/sentry-javascript-bundler-plugins/commit/0968db9da0eab9408dfc4eaea129a81ee14a16b7"><code>0968db9</code></a> deps: Bump <code>@sentry/cli</code> to <code>2.42.2</code> (<a href="https://redirect.github.com/getsentry/sentry-javascript-bundler-plugins/issues/685">#685</a>)</li> <li><a href="https://github.com/getsentry/sentry-javascript-bundler-plugins/commit/c72d4dfbbdd907c74aa85b0fc8838a90cf828447"><code>c72d4df</code></a> docs: Add react component name to readme feature list (<a href="https://redirect.github.com/getsentry/sentry-javascript-bundler-plugins/issues/684">#684</a>)</li> <li><a href="https://github.com/getsentry/sentry-javascript-bundler-plugins/commit/ac96af1ca4fd045f846067769b3cc4e21058c810"><code>ac96af1</code></a> Merge branch 'release/3.2.0'</li> <li><a href="https://github.com/getsentry/sentry-javascript-bundler-plugins/commit/9ce301a018a577093c9758dca409f7204938c278"><code>9ce301a</code></a> release: 3.2.0</li> <li><a href="https://github.com/getsentry/sentry-javascript-bundler-plugins/commit/a65087806e84ea683408a87f2c67a263b24ebb63"><code>a650878</code></a> meta: Update changelog for 3.2.0 (<a href="https://redirect.github.com/getsentry/sentry-javascript-bundler-plugins/issues/678">#678</a>)</li> <li><a href="https://github.com/getsentry/sentry-javascript-bundler-plugins/commit/425501238b0d08f5404d2c5b71e711a78a16cdc5"><code>4255012</code></a> feat(core): Accept and await a promise in `sourcemaps.filesToDeleteAfterUploa...</li> <li><a href="https://github.com/getsentry/sentry-javascript-bundler-plugins/commit/7e71b59e4b915a1f576213b525c290a9ba0659ea"><code>7e71b59</code></a> Merge branch 'release/3.1.2'</li> <li>See full diff in <a href="https://github.com/getsentry/sentry-javascript-bundler-plugins/compare/3.1.2...3.2.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> > **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Extracted this out of #15307 This PR: 1. Moves things around in the `sdk.ts` file a bit, moving types & consts to the top of the file 2. Removes an "unecessary" log around fetch not being supported: This log has two problems. First, it is not actually logged, because we do `logger.log()` before running `init()`, which would actually set the logger up. So the log would never show up. Second, the log is superfluous, if the (default) fetch transport fails to send because fetch is not available, you get a warning anyhow for this. 3. Streamlines the browser extension check code slightly. Closes #16284
…16336) Closes: #15615 Ref: #15615 (comment) Looks like `createRequestHandler` exported from `@shopify/remix-oxygen` does not accept a function that returns/resolves a `ServerBuild`. [It only accepts a plain `ServerBuild`](https://github.com/Shopify/hydrogen/blob/a7e33c1dd45e3c7c27ab2e1125851468051cee0b/packages/remix-oxygen/src/server.ts#L20).
[Gitflow] Merge master into develop
It seems like this change introduced a problem where accessing `event.detail` causes a `DOMException` to be thrown (only on firefox?). This is causing the SDK to crash if someone has tracing enabled. Until we figure out a reproduction and a more formal fix (with some e2e tests) let's revert the problematic PR and move forward. Reverts #16240 ref #16347
meta(changelog): Update changelog for 9.22.0
[Gitflow] Merge master into develop
It was confirmed that static pre-renders don't pick up Sentry trace meta tags — this just adds a quick test. More context: https://linear.app/getsentry/issue/JS-392/rr7-evaluate-static-pre-rendering P.S. Not a priority, but for some reason, I had to add a trailing / to fetch the correct transactions and pass the tests. I’ll look into why this is happening for transaction route names and whether this behavior is expected in a later PR. --------- Co-authored-by: Charly Gomez <charly.gomez@sentry.io>
This PR just fixes incorrect JSDoc where I missed a mix-up of incoming and outgoing requests for the `ignoreIncomingRequestBody` option while reviewing. Raised in https://github.com/getsentry/sentry-docs/pull/13698/files#r2088760944
meta(changelog): Update changelog for 9.32.0
) While we eventually want to move the cloudflare SDK over to use OTEL fully under the hood, this PR is an attempt for an intermediate solution to allow us to still get access to e.g. the vercelAi integration, which emits spans via `@opentelemetry/core`. For this, we register a custom trace provider in the cloudflare SDK which then just calls our own `startSpan` APIs. This should translate spans to Sentry spans. The only downside is that it does not handle a `context` being passed in for spans, so this will _not_ work for all integrations and cases etc. But it should work for simple cases like the `ai` package using `trace.startActiveSpan`. TODO: Test this, verify this makes sense, ...
Adding a test for a support case, to ensure that new trace are correctly sampled. --------- Co-authored-by: Sigrid Huemer <32902192+s1gr1d@users.noreply.github.com>
chore: Manual develop sync
) resolves https://github.com/getsentry/sentry-javascript/security/dependabot/538 resolves https://github.com/getsentry/sentry-javascript/security/dependabot/534 resolves https://github.com/getsentry/sentry-javascript/security/dependabot/533 Next.js dependencies were upgraded to address a security vulnerability concerning authorization bypass in middleware. * The `next` dependency in `packages/nextjs/package.json` was updated from `13.2.0` to `13.5.9`. * Test applications were also patched: * `dev-packages/e2e-tests/test-applications/create-next-app/package.json` had `next` upgraded from `14.0.0` to `14.2.25`. * `dev-packages/e2e-tests/test-applications/nextjs-13/package.json` had `next` upgraded from `13.5.7` to `13.5.9`. * The `yarn.lock` file was subsequently updated by running `yarn install` to reflect these new dependency versions and their transitive updates, including `@swc/helpers` and `postcss`. * Code formatting issues were resolved with `yarn fix`. Validation checks were run, confirming the upgrades while noting pre-existing, unrelated failures in other packages. This directly addresses the vulnerability, ensuring the codebase uses patched Next.js versions. --------- Co-authored-by: Cursor Agent <cursoragent@cursor.com>
We have added the 'ai' package to our list of externalized packages for instrumentation purposes. Unfortunately this causes Next.js to incorrectly evaluate the Vercel AI SDK's conditional exports - specifically the `react-server` export condition isn't properly handled when the package is externalized, resulting in client-side code being loaded in server components instead of the server-side functions.
This adds a `modules` and `composables` folder to the Nuxt 4 E2E test. The main purpose is to check, that the build runs through without problems. Additionally, the versions were updated (as this is the Nuxt 4 test and it should use the latest versions for the compatibility mode). Related to this: #15204 (comment)
…16732) This is on top of #16714. This adds the `vercelAiIntegration` to the cloudflare SDK, as well as to the vercel-edge SDK. I moved the critical code from node to core package, so we can reuse this (the code to process spans). The integration is not added by default, but needs to be added manually. then it will "force" add the event processors etc. We cannot auto-detect the `ai` package, sadly, because this does not work in workers 😢 so for now it needs to be added manually to avoid overhead for users that don't need this. @andreiborza let's verify that this works when deployed to cloudflare, esp. also the auto-enablement via the modules integration etc 🤔 --------- Co-authored-by: Andrei Borza <andrei.borza@sentry.io> Co-authored-by: Andrei <168741329+andreiborza@users.noreply.github.com>
Resolves: #15621 Adds instrumentation for https://github.com/porsager/postgres Sampled event: (Emitted from the integration tests added here): [Link](https://sentry-sdks.sentry.io/insights/backend/summary/trace/72c94a37c9907cc2c7f4bef9c56b0196/?fov=0%2C32.09936037659645&node=span-b3505cfada7dea73&project=5429215&query=transaction.op%3Atransaction&referrer=insights-backend-overview&source=performance_transaction_summary&statsPeriod=5m×tamp=1750718572&transaction=Test%20Transaction) This implementation patches `connection` and `query` classes to create database transactions: - From `connection`, we pick up the database `name`, `url` and `port` to use in the db query spans - For each `query` instance, we create a `db` span - This implementation does not create a separate span for each `cursor` used Initially, I implemented a way to capture `db.operation` (as `command` is available when the query resolves) but it seems the ingestion extracts the operation anyway, so I removed it. Also added sanitization/normalization for raw query, which we use as the span description, also seems to be normalized by the ingestion engine. We can remove it too if it's not worth having, as it creates a possibly-unnecessary performance overhead on the SDK side. --------- Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
This PR adds the external contributor to the CHANGELOG.md file, so that they are credited for their contribution. See #16681 Co-authored-by: AbhiPrasad <18689448+AbhiPrasad@users.noreply.github.com>
meta(changelog): Update changelog for 9.33.0
[Gitflow] Merge master into develop
Also bump pnpm to the latest v9 version (used for E2E tests) and remove the hard-pinned 24.x version for matrix tests, which should be fine by now I guess? note: react router in SPA mode is not working in this node version, unrelated to Sentry: remix-run/react-router#13828
No need to overwrite to a specific version here anymore, I believe.
This PR implements sending standalone LCP spans as an opt-in feature. Behaviour-wise, it's mostly aligned with our prior implementation of sending CLS standalone spans (#13056): - add an `_experiments.enableStandaloneLcpSpans` option and treat it as opt-in - keep collecting LCP values until users soft-navigate or the page is hidden - then, send the LCP span once - adds all `lcp.*` span attributes as well as the `lcp` measurement to the span (depending on if we merge #16589 or this first, we might need to readjust size limit) closes #13063 --------- Co-authored-by: s1gr1d <sigrid.huemer@posteo.at> Co-authored-by: Sigrid Huemer <32902192+s1gr1d@users.noreply.github.com>
Nuxt starts releasing official Nuxt 4 versions which we can use for the E2E test.
A Nitro plugin which initializes Sentry when deployed to Cloudflare.
1. Remove the previous server config file: `sentry.server.config.ts`
2. Add a plugin in `server/plugins` (e.g.
`server/plugins/sentry-cloudflare-setup.ts`)
3. Add this code in your plugin file
```javascript
// server/plugins/sentry-cloudflare-setup.ts (filename does not matter)
import { sentryCloudflareNitroPlugin } from
'@sentry/nuxt/module/plugins'
export default defineNitroPlugin(sentryCloudflareNitroPlugin({
dsn: 'https://dsn',
tracesSampleRate: 1.0,
}))
```
or with access to `nitroApp`:
```javascript
export default defineNitroPlugin(sentryCloudflareNitroPlugin((nitroApp:
NitroApp) => {
return ({
dsn:
'https://417c51af5466942533c989cdec3036b8@o447951.ingest.us.sentry.io/4508873430466560',
tracesSampleRate: 1.0,
})
}))
```
meta(changelog): Update changelog for 9.34.0
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )