meta(changelog): Update changelog for 9.36.0 #16854
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[Gitflow] Merge master into develop
In order to be able to publish an alpha release of `@sentry/node-core`, we need a craft target on the default branch (develop). This should not do anything on develop because the package doesn't exist so craft will skip it.
We used to rely on a somewhat complex heuristic to determine if a router change is a pageload or not. This somehow did not work anymore here: #16783 in nuxt-3-min. Likely some vue router difference... However, I think this can be simplified anyhow, by just checking if we have an active pageload span. That seems to work reliably enough.
This PR updates our E2E test runner to run the apps from an isolated tmp directory, instead of running them inside the monorepo. The reason to do this is that running them inside the monorepo leads to slightly different behavior, as dependencies can be looked up from parent node_modules folders. This leads to behavior that differs from actual standalone apps. Now, the whole app is moved into a folder in the system tmp directory. The package.json is adjusted to make it work there (e.g. rewriting volta `extends` file paths etc), then normally run from there. Some things had to be changed/fixed to make tests work here properly: * Ensure all dependencies are actually defined. E.g. we sometimes used `@sentry/core` in tests but did not have it as dependency. * Ensure every test app has a volta config to ensure consistent versions. * Update wrangler in cloudflare apps as v3 had some issues * align playwright version used to ensure browsers are always installed * removed some unnecessary usage of `@sentry/core` in tests * nuxt & solidstart tests do not need to copy iitm around anymore, this just works now. I also got to remove almost all the overrides of the nft package etc.
…16436) Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token) from 1.12.0 to 2.0.6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/create-github-app-token/releases">actions/create-github-app-token's releases</a>.</em></p> <blockquote> <h2>v2.0.6</h2> <h2><a href="https://github.com/actions/create-github-app-token/compare/v2.0.5...v2.0.6">2.0.6</a> (2025-05-03)</h2> <h3>Bug Fixes</h3> <ul> <li>replace <code>-</code> with <code>_</code> (<a href="https://redirect.github.com/actions/create-github-app-token/issues/246">#246</a>) (<a href="https://github.com/actions/create-github-app-token/commit/333678481b1f02ee31fa1443aba4f1f7cb5b08b5">3336784</a>)</li> </ul> <h2>v2.0.5</h2> <h2><a href="https://github.com/actions/create-github-app-token/compare/v2.0.4...v2.0.5">2.0.5</a> (2025-05-02)</h2> <h3>Bug Fixes</h3> <ul> <li><strong>deps:</strong> bump the production-dependencies group with 3 updates (<a href="https://redirect.github.com/actions/create-github-app-token/issues/240">#240</a>) (<a href="https://github.com/actions/create-github-app-token/commit/d64d7d73555d3f2cb08ce64bdd812e49308a2905">d64d7d7</a>)</li> </ul> <h2>v2.0.4</h2> <h2><a href="https://github.com/actions/create-github-app-token/compare/v2.0.3...v2.0.4">2.0.4</a> (2025-05-02)</h2> <h3>Bug Fixes</h3> <ul> <li>permission input handling (<a href="https://redirect.github.com/actions/create-github-app-token/issues/243">#243</a>) (<a href="https://github.com/actions/create-github-app-token/commit/2950cbc446a8d3030ea17d3f7cbdd3c0fce4b0f5">2950cbc</a>)</li> </ul> <h2>v2.0.3</h2> <h2><a href="https://github.com/actions/create-github-app-token/compare/v2.0.2...v2.0.3">2.0.3</a> (2025-05-01)</h2> <h3>Bug Fixes</h3> <ul> <li><strong>README:</strong> use <code>v2</code> in examples (<a href="https://redirect.github.com/actions/create-github-app-token/issues/234">#234</a>) (<a href="https://github.com/actions/create-github-app-token/commit/9ba274d954c9af64fbf4cec63082d0e3f57e9b5f">9ba274d</a>), closes <a href="https://redirect.github.com/actions/create-github-app-token/issues/232">#232</a></li> <li>use <code>core.getBooleanInput()</code> to retrieve boolean input values (<a href="https://redirect.github.com/actions/create-github-app-token/issues/223">#223</a>) (<a href="https://github.com/actions/create-github-app-token/commit/c3c17c79ccedec31f588e88d6ad5ff9036afe580">c3c17c7</a>)</li> </ul> <h2>v2.0.2</h2> <h2><a href="https://github.com/actions/create-github-app-token/compare/v2.0.1...v2.0.2">2.0.2</a> (2025-04-03)</h2> <h3>Bug Fixes</h3> <ul> <li>improve log messages for token creation (<a href="https://redirect.github.com/actions/create-github-app-token/issues/226">#226</a>) (<a href="https://github.com/actions/create-github-app-token/commit/eaef29498fbc63724aabd0a6e832efd41baf2cc7">eaef294</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/create-github-app-token/commit/df432ceedc7162793a195dd1713ff69aefc7379e"><code>df432ce</code></a> build(release): 2.0.6 [skip ci]</li> <li><a href="https://github.com/actions/create-github-app-token/commit/333678481b1f02ee31fa1443aba4f1f7cb5b08b5"><code>3336784</code></a> fix: replace <code>-</code> with <code>_</code> (<a href="https://redirect.github.com/actions/create-github-app-token/issues/246">#246</a>)</li> <li><a href="https://github.com/actions/create-github-app-token/commit/db3cdf40984fe6fd25ae19ac2bf2f4886ae8d959"><code>db3cdf4</code></a> build(release): 2.0.5 [skip ci]</li> <li><a href="https://github.com/actions/create-github-app-token/commit/d64d7d73555d3f2cb08ce64bdd812e49308a2905"><code>d64d7d7</code></a> fix(deps): bump the production-dependencies group with 3 updates (<a href="https://redirect.github.com/actions/create-github-app-token/issues/240">#240</a>)</li> <li><a href="https://github.com/actions/create-github-app-token/commit/1b6f53e48e3bd5e9fbd610599fc41fca986c51e9"><code>1b6f53e</code></a> build(deps-dev): bump the development-dependencies group across 1 directory w...</li> <li><a href="https://github.com/actions/create-github-app-token/commit/061a84d5f55008a6dfb441735e1568fcb8da8b50"><code>061a84d</code></a> build(deps-dev): bump <code>@octokit/openapi</code> from 18.2.0 to 19.0.0 (<a href="https://redirect.github.com/actions/create-github-app-token/issues/242">#242</a>)</li> <li><a href="https://github.com/actions/create-github-app-token/commit/c8f34a61a85667dfbbbc74c5468935fc8a369720"><code>c8f34a6</code></a> build(deps): bump stefanzweifel/git-auto-commit-action from 5.1.0 to 5.2.0 in...</li> <li><a href="https://github.com/actions/create-github-app-token/commit/4821f52fa7a8e45784f1d99cdb1c27bec9f00720"><code>4821f52</code></a> build(release): 2.0.4 [skip ci]</li> <li><a href="https://github.com/actions/create-github-app-token/commit/2950cbc446a8d3030ea17d3f7cbdd3c0fce4b0f5"><code>2950cbc</code></a> fix: permission input handling (<a href="https://redirect.github.com/actions/create-github-app-token/issues/243">#243</a>)</li> <li><a href="https://github.com/actions/create-github-app-token/commit/30bf6253fa41bdc8d1501d202ad15287582246b4"><code>30bf625</code></a> build(release): 2.0.3 [skip ci]</li> <li>Additional commits viewable in <a href="https://github.com/actions/create-github-app-token/compare/d72941d797fd3113feb6b93fd0dec494b13a2547...df432ceedc7162793a195dd1713ff69aefc7379e">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> > **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…6824) This PR updates the SvelteKit Readme, as it contained outdated information (reported via #16818). I decided to remove most of the manual setup and adapter requirements because this is just duplicated information bound to diverge again from docs. The readme is now more minimal, aligning it with the NextJS readme mostly.
This option allows to configure a selector list of elements to not
capture mutation for.
This is under `_experiments` for now:
```js
Sentry.replayIntegration({
_experiments: {
ignoreMutations: ['.dragging']
}
});
```
Fixes #16797
This PR adds the external contributor to the CHANGELOG.md file, so that they are credited for their contribution. See #16794 Co-authored-by: chargome <[email protected]>
fixes #16804 Although `PerformanceResourceTiming.nextHopProtocol` is available in all the [browsers we support](https://docs.sentry.io/platforms/javascript/troubleshooting/supported-browsers/) in v9, I think adding an extra guard is reasonable to make it easier for older browser support (it's hard to polyfill some of the performance apis). This PR just adds a condition `if (resourceTiming.nextHopProtocol != undefined)`. Used cursor to generate some tests for the `resourceTimingToSpanAttributes` I extracted out.
resolves #16808 --------- Co-authored-by: Cursor Agent <[email protected]>
While working on route parametrization, [it came up in this PR](#16785) that there are different transactions/spans which should be parametrized: - `pageload` transaction -> it's already parametrized because of the `vueIntegration` - SSR `http.server` transaction -> not parametrized - `http.client` span when doing an extra server request -> not parametrized - `http.server` span when doing an extra server request -> not parametrized This test is added to have a visualization of the current state of parametrization to be able to iterate on it. **The PR is quite long but the test case and the tests are just copy-pasted to all Nuxt E2E tests.**
…ty` request (#16840) Our browser SDKs expose a `diagnoseSdkConnectivity` function, whose primary purpose is to be called by the example pages injected via the wizard. As reported in #16226, even a successful request to Sentry (i.e. no ad blockers or other parties blocked the request) gets logged to the console because the previous URL included an invalid public key (as well as org id). This did not cause a `fetch` error but just a 400 (bad request) response. However, browsers log 4xx fetch requests to the console and users mistook this console log for an incorrectly configured SDK setup. This patch now changes the key to a valid but deactivated public key in a new project in the `sentry-sdks` org. All of the information in this URL is public and as safe to share as any DSN. So from this perspective, I don't see concerns (happy to reconsider if reviewers have concerns). It seems like we return 200 even for deactivated keys, which means that now, there's no console log anymore for successful requests. closes #16226
The `message.attempts` property starts at 1 so we were calculating the number of attempts not the number of retries. Attempt 2 is the first retry not attempt 1. Currently the retry count is the same as the number of messages in the batch this way:  Additionally this causes the error rate to be quite nice and I have been assured my code is not THAT bad:  See: https://developers.cloudflare.com/queues/configuration/javascript-apis/
Adds route parametrization for server API routes for production builds. part of #16684
This PR adds the external contributor to the CHANGELOG.md file, so that they are credited for their contribution. See #16834 Co-authored-by: AbhiPrasad <[email protected]>
…pageload span LCP attributes (#16844) Small follow-up from #16591: As identified by cursor (lol), our way of setting the `lcp.*` attributes wasn't 100% aligned with how and when we set these attributes on the pageload span. This PR changes two things: - only set attributes if the respective LCP entry values are defined - truncate `lcp.url` if it is longer than 200 characters Also: - re-added comments, since we'll likely remove the pageload-based logic at some point - also add `lcp.size` if `entry.size === 0` (which previously was falsy and hence not added) - added unit tests
This PR adds a new `@sentry/node-core` SDK and refactors `@sentry/node`
to build on it. It provides the core functionality of the Node SDK with
a few key differences
- it ships without any OpenTelemetry core dependencies
- it ships without any OpenTelemetry instrumentation
(`@opentelemetry/instrumentation-X`)
- it does not automatically set up OpenTelemetry
- it widens the OpenTelemetry dependencies version ranges and marks them
as peer dependencies, allowing setup with OpenTelemetry v1 and v2
- preserves all existing `@sentry/node` APIs (minus the OpenTelemetry
instrumentations)
### When to Use Each
This SDK is **not** intended to be used by most users directly
(similarly to `@sentry/core`). It provides core functionality and makes
it possible to be used in setups where OpenTelemetry dependencies that
do not match those we set up in the more opinionated `@sentry/node` SDK.
Use `@sentry/node-core` when:
- You already have OpenTelemetry set up
- You need custom OpenTelemetry configuration
- You want minimal dependencies
- You need fine-grained control over instrumentation
Use `@sentry/node` when:
- You want automatic setup
- You're new to OpenTelemetry
- You want sensible defaults
- You prefer convenience over control
### Example setup
1. Installation
```bash
npm install @sentry/node-core \
@opentelemetry/api \
@opentelemetry/context-async-hooks \
@opentelemetry/core \
@opentelemetry/instrumentation \
@opentelemetry/resources \
@opentelemetry/sdk-trace-base \
@opentelemetry/semantic-conventions
```
2. Setup
Sentry should be initialized as early in your app as possible. It is
essential that you call `Sentry.init` before you
require any other modules in your application, otherwise any
auto-instrumentation will **not** work.
You also need to set up OpenTelemetry, if you prefer not to, consider
using the `@sentry/node` SDK instead.
You need to create a file named `instrument.js` that imports and
initializes Sentry:
```js
// CJS Syntax
const { trace, propagation, context } = require('@opentelemetry/api');
const { NodeTracerProvider } = require('@opentelemetry/sdk-trace-node');
const Sentry = require('@sentry/node-core');
const { SentrySpanProcessor, SentryPropagator, SentrySampler } = require('@sentry/opentelemetry');
// ESM Syntax
import { context, propagation, trace } from '@opentelemetry/api';
import { NodeTracerProvider } from '@opentelemetry/sdk-trace-node';
import * as Sentry from '@sentry/node-core';
import { SentrySpanProcessor, SentryPropagator, SentrySampler } from '@sentry/opentelemetry';
const sentryClient = Sentry.init({
dsn: '__DSN__',
// ...
});
if (sentryClient) {
// Note: This could be BasicTracerProvider or any other provider depending on how you want to use the
// OpenTelemetry SDK
const provider = new NodeTracerProvider({
// Ensure the correct subset of traces is sent to Sentry
// This also ensures trace propagation works as expected
sampler: new SentrySampler(sentryClient),
spanProcessors: [
// Ensure spans are correctly linked & sent to Sentry
new SentrySpanProcessor(),
// Add additional processors here
],
});
trace.setGlobalTracerProvider(provider);
propagation.setGlobalPropagator(new SentryPropagator());
context.setGlobalContextManager(new Sentry.SentryContextManager());
}
// Set up the OpenTelemetry logger to use Sentry's logger
Sentry.setupOpenTelemetryLogger();
// validate your setup
Sentry.validateOpenTelemetrySetup();
```
---------
Co-authored-by: Abhijeet Prasad <[email protected]>
size-limit report 📦
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.