meta(changelog): Update changelog for 9.31.0 #16688
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ts/test-applications/nextjs-14 (#16583) Bumps [next](https://github.com/vercel/next.js) from 14.1.3 to 14.2.30. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vercel/next.js/releases">next's releases</a>.</em></p> <blockquote> <h2>v14.2.30</h2> <blockquote> <p>[!NOTE]<br /> This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>Backport <code>config.allowedDevOrigins</code> (<a href="https://redirect.github.com/vercel/next.js/issues/80410">#80410</a>) (<a href="https://nextjs.org/docs/app/api-reference/config/next-config-js/allowedDevOrigins">Learn More</a>)</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/ijjk"><code>@ijjk</code></a> and <a href="https://github.com/ztanner"><code>@ztanner</code></a> for helping!</p> <h2>v14.2.29</h2> <blockquote> <p>[!NOTE]<br /> This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>Only share incremental cache for edge in next start (<a href="https://redirect.github.com/vercel/next.js/issues/79389">#79389</a>)</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/ijjk"><code>@ijjk</code></a> for helping!</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vercel/next.js/commit/243072b7a8b7fb3be74a8d9256847669b131ea7e"><code>243072b</code></a> v14.2.30</li> <li><a href="https://github.com/vercel/next.js/commit/f523d4a142913fa9f9f743241cc6132a39f6883b"><code>f523d4a</code></a> [backport]: config.allowedDevOrigins (<a href="https://redirect.github.com/vercel/next.js/issues/80410">#80410</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/ca9211576c9a21c15980dcc6f022c2cd21542561"><code>ca92115</code></a> v14.2.29</li> <li><a href="https://github.com/vercel/next.js/commit/ec9ee8749e9c6820148ead09a20983afd7ba9482"><code>ec9ee87</code></a> Only share incremental cache for edge in next start (<a href="https://redirect.github.com/vercel/next.js/issues/79389">#79389</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/e65628a237ea76d77d911aedb12d5137fddd90fb"><code>e65628a</code></a> v14.2.28</li> <li><a href="https://github.com/vercel/next.js/commit/3f5d77418da40d1e7766cbf46668dae0db268776"><code>3f5d774</code></a> fix: node.js module import error when using middleware (<a href="https://redirect.github.com/vercel/next.js/issues/77945">#77945</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/43f10b8ead008ba36ddf0a955353949e200c409a"><code>43f10b8</code></a> v14.2.27</li> <li><a href="https://github.com/vercel/next.js/commit/649ba863b3ea92436ff1136231d38138535853a9"><code>649ba86</code></a> backport: fix dynamic route interception not working when deployed with middl...</li> <li><a href="https://github.com/vercel/next.js/commit/10a042cdca294fd1c6852b320954bc6ccc6064e7"><code>10a042c</code></a> v14.2.26</li> <li><a href="https://github.com/vercel/next.js/commit/8a511d6a22d38132c79b8f70ee29713d42225802"><code>8a511d6</code></a> Match subrequest handling for edge and node (<a href="https://redirect.github.com/vercel/next.js/issues/77476">#77476</a>)</li> <li>Additional commits viewable in <a href="https://github.com/vercel/next.js/compare/v14.1.3...v14.2.30">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/getsentry/sentry-javascript/network/alerts). </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Follow up to #16416, slightly moving things around and making some small improvements to performance and logic (some not related to that PR but another improvement we noticed when BYK looked int this): 1. Actually debounce the flushing properly, including a maxWait of 100ms. Previously, it was technically possible to debounce flushing forever, if a span was flushed every ms. Now, at least after 100ms it should _always_ flush. 2. Simplify overhead by avoid checking for the 5min timeout of sent spans. As this check `isSpanAlreadySent` has been called for every single span that ended, it is quite high impact, and meant a little bit of additional work (although it should not necessarily run _too_ often, but still). Instead, we now simply check for `map.has(id)` which should be good enough for what we want to achieve, IMHO. We still clean up the sent spans when flushing, so old stuff should still go away eventually. 3. Made stuff that is not needed as public API private on the span exporter class. this is technically breaking but I think it is OK, this should not be public API surface as it does not need to be called from outside. For this I moved the already existing `debounce` function from replay to core. We re-implement this in replay with a different setTimeout impl. which is needed for some angular stuff. --------- Co-authored-by: Abhijeet Prasad <[email protected]>
Replaces #16532 Updates the comment in the browser fetch transport to explain why we do not need to suppress tracing there.
Based off https://github.com/getsentry/sentry-python/pull/4280/files Reopened from #16475 This PR updates our 5 browser FF integrations to capture flag evaluations on spans. This implementation avoids changes to the `Span` class, saving bundle size. - on eval, flags are added to span attributes. A global WeakMap is used to track the unique flags for a span. Updates to a flag's value is allowed. - staying consistent with the python PR: - we only capture values for the **first 10 unique flags** per span. Subsequent flags are dropped. - attribute keys have the format `flag.evaluation.{flagKey}` From @AbhiPrasad : > A method on the span break our compat with OTEL spans, which we use for duck typing in some scenarios. From @cmanallen : > For spans the oldest flag evaluations are the most important because they're likely to have the largest performance impact. We drop late arrivals due to request size concerns.
… move utils to core (#16585) The `featureFlagsIntegration` is an integration to manually buffer feature flags on evaluation, and capture them in event contexts and span attributes. This PR moves it from browser to core, as well as the shared functionality/utils of all FF integrations (no browser specific logic). Browser exports and functionality is unchanged. Per @AbhiPrasad 's recommendation I've manually exported the integration in all the packages `zodErrorsIntegration` is exported. Note many backend pkgs use a wildcard (*) export from node. TODO: - [x] add node-integration-tests - [ ] update platform docs Part of - getsentry/team-replay#510
This seems flaky (e.g. https://github.com/getsentry/sentry-javascript/actions/runs/15727905218/job/44322221132?pr=16633), likely because they may be flushed at the same time I suppose!
…instances (#16638) This is not really ideal, but there is no great alternative for this that I can think of to handle this generically 😬 Now at least we have a test showing the current behavior!
…16620) This refactor helps clean up redundant code. ref #16580 (comment)
This was a leftover from migrating of the `@sentry/utils` package to core. This PR merges the former utils together into the `core/src/utils` directory, which should make this a bit easier to follow/find.
This PR adds support for auto-generated tunnel paths to avoid ad-blocker detection. - Random paths are less likely to be blocked than `/monitoring` - Users can just set `tunnelRoute: true` for an auto-generated route - Existing configs will still work **Note that every build will now create a different random path which should be quite unpredictable for ad-blockers**
) Extracted this out of #16644, for clarity
## Summary - Add comprehensive development guide for Claude Code - Include build commands, testing, and repository architecture - Document package management and monorepo structure ## Changes - Added `CLAUDE.md` with development workflows - Added Claude Code local settings configuration --------- Co-authored-by: Claude <[email protected]> Co-authored-by: Abhijeet Prasad <[email protected]>
resolves #16653 As per the google cloud SDK (https://github.com/cloudevents/sdk-javascript/blob/c07afa9b774deefa137a960d2d11adee0bf3674a/src/event/interfaces.ts#L10-L31), `id` and `specversion` should be mandatory. --------- Co-authored-by: Cursor Agent <[email protected]>
Sentry SDK supported browsers: https://docs.sentry.io/platforms/javascript/troubleshooting/supported-browsers/ `.at` is ES2022: https://blog.saeloun.com/2022/02/24/ecmascript2022-adds-add-method/ The browser SDK supports ES2021 at the current moment, so we need to change this. Resolves #16646
…16658) resolves #16657 ## Background In the `consoleLoggingIntegration` (which sends logs to Sentry from console calls), we use a utility called `safeJoin` to join together the console args. https://github.com/getsentry/sentry-javascript/blob/b94f65279c8341a7176fe68186feef58af57e2cb/packages/core/src/utils/string.ts#L68-L94 This utility calls `String(value)` to convert items to a string, which results in objects and arrays being turned into the dreaded `[Object Object]` or `[Array]`. https://github.com/getsentry/sentry-javascript/blob/b94f65279c8341a7176fe68186feef58af57e2cb/packages/core/src/utils/string.ts#L86 A user wrote in with feedback that this was annoying, and I agree! ## Solution Instead of using `String(value)` I chose to create a new helper that uses `JSON.stringify(normalize(X))`, which should result in the entire object or array being properly shown. This required me to grab `normalizeDepth` and `normalizeMaxBreadth` from the client options, but that feels fine because it's easily explainable to users. I added tests to validate this. ## Next Steps We should really refactor our overall `safeJoin` usage. This should be safe in breadcrumbs, but will be a breaking change in `capture-console` as it'll cause issue grouping changes if console calls are being captured as messages/errors.
We should give this a try next time we want to publish a release (ideally just kick off a background agent that does it). --------- Co-authored-by: Andrei <[email protected]>
ref #15952 resolves #16621 We've gotten a lot of feedback about supporting pino. This PR kicks that off by creating a new pino package, specifically for the pino transport. All pino transports need to use https://github.com/pinojs/pino-abstract-transport, which we don't want to add as a dep to `@sentry/node`. Hopefully keeping the versions in sync shouldn't be too bad, although I'll force a peer dep range.
…ack Screenshot previews (#16648) Before we would see a blank screenshot in the feedback modal when using firefox. After resizing the screenshot would appear. I debugged and foundout that the clientWidth/clientHeight wasn't being set right away, therefore the elements were on the page properly, and contained the correct pixel information drawn into the canvas, but the canvas wasn't sized correctly on the page, so you couldn't see anything. This triggers a resize after a tick, giving the browser a chance first set the width/height before we measure it and set the scale factor. **Before:** <img width="1282" alt="SCR-20250618-kgwr" src="https://github.com/user-attachments/assets/c95f82f1-8468-4640-86ec-ca30874ce841" /> After: <img width="1282" alt="SCR-20250618-kgrm" src="https://github.com/user-attachments/assets/e79e62df-ed53-4933-b42c-abd2ce520dd1" /> Fixes REPLAY-420
…ges (#16641) If a version is released with a buggy bundler plugin dependency pinned, it can lead to problems. IMHO it should be fine to allow `^` ranges there to ensure bugfixes etc. are pulled in? Or is there a good reason not to do that here? API should be stable in this regard. Note: Astro& solidstart remain on `@sentry/vite-plugin` v2.x as that has more stuff exposed, did not want to get into that right now... something for v10?
Remove the unused dependency in: * nuxt * solidstart * remix * bun * sveltekit * tanstackstart-react Closes #16676
size-limit report 📦
|
chargome
approved these changes
Jun 23, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.