meta: Update CHANGELOG for 8.27.0

.github/actions/install-dependencies/action.yml

@@ -9,11 +9,9 @@ outputs:
 runs:
   using: "composite"
   steps:
-      # we use a hash of yarn.lock as our cache key, because if it hasn't changed, our dependencies haven't changed,
-      # so no need to reinstall them
     - name: Compute dependency cache key
       id: compute_lockfile_hash
-      run: echo "hash=dependencies-${{ hashFiles('yarn.lock', 'packages/*/package.json', 'dev-packages/*/package.json') }}" >> "$GITHUB_OUTPUT"
+      run: node ./scripts/dependency-hash-key.js >> "$GITHUB_OUTPUT"
       shell: bash
 
     - name: Check dependency cache

.github/workflows/build.yml

@@ -127,7 +127,9 @@ jobs:
     runs-on: ubuntu-20.04
     timeout-minutes: 15
     if: |
-      needs.job_get_metadata.outputs.changed_any_code == 'true' &&
+      needs.job_get_metadata.outputs.changed_any_code == 'true' ||
+      needs.job_get_metadata.outputs.is_develop == 'true' ||
+      needs.job_get_metadata.outputs.is_release == 'true' ||
       (needs.job_get_metadata.outputs.is_gitflow_sync == 'false' && needs.job_get_metadata.outputs.has_gitflow_label == 'false')
     steps:
       - name: Check out base commit (${{ github.event.pull_request.base.sha }})
@@ -344,7 +346,7 @@ jobs:
           name: ${{ github.sha }}
           path: |
             ${{ github.workspace }}/packages/browser/build/bundles/**
-            ${{ github.workspace }}/packages/replay/build/bundles/**
+            ${{ github.workspace }}/packages/replay-internal/build/bundles/**
             ${{ github.workspace }}/packages/replay-canvas/build/bundles/**
             ${{ github.workspace }}/packages/feedback/build/bundles/**
             ${{ github.workspace }}/packages/**/*.tgz
@@ -1416,31 +1418,29 @@ jobs:
         with:
           ref: ${{ env.HEAD_COMMIT }}
 
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ matrix.node }}
+
       - name: Restore dependency cache
         uses: actions/cache/restore@v4
         id: restore-dependencies
         with:
           path: ${{ env.CACHED_DEPENDENCY_PATHS }}
           key: ${{ needs.job_build.outputs.dependency_cache_key }}
           enableCrossOsArchive: true
-          fail-on-cache-miss: true
 
-      - name: Restore build cache
-        uses: actions/cache/restore@v4
-        id: restore-build
-        with:
-          path: ${{ env.CACHED_BUILD_PATHS }}
-          key: ${{ needs.job_build.outputs.dependency_cache_key }}
-          enableCrossOsArchive: true
-          fail-on-cache-miss: true
+      - name: Install dependencies
+        env:
+          SKIP_PLAYWRIGHT_BROWSER_INSTALL: "1"
+        if: steps.restore-dependencies.outputs.cache-hit != 'true'
+        run: yarn install --ignore-engines --frozen-lockfile
 
       - name: Configure safe directory
         run: |
           git config --global --add safe.directory "*"
 
-      - name: Install yarn
-        run: npm i -g yarn@1.22.19 --force
-
       - name: Increase yarn network timeout on Windows
         if: contains(matrix.os, 'windows')
         run: yarn config set network-timeout 600000 -g
@@ -1452,15 +1452,6 @@ jobs:
         with:
           python-version: '3.8.10'
 
-      - name: Setup Node
-        uses: actions/setup-node@v4
-        with:
-          node-version: ${{ matrix.node }}
-
-      - name: Install Dependencies
-        if: steps.restore-dependencies.outputs.cache-hit != 'true'
-        run: yarn install --frozen-lockfile --ignore-engines --ignore-scripts
-
       - name: Setup (arm64| ${{ contains(matrix.container, 'alpine') && 'musl' || 'glibc'  }})
         if: matrix.arch == 'arm64' && !contains(matrix.container, 'alpine') && matrix.target_platform != 'darwin'
         run: |

CHANGELOG.md

@@ -10,6 +10,27 @@
 
 - "You miss 100 percent of the chances you don't take. — Wayne Gretzky" — Michael Scott
 
+## 8.27.0
+
+### Important Changes
+
+- **fix(nestjs): Exception filters in main app module are not being executed (#13278)**
+
+  With this release nestjs error monitoring is no longer automatically set up after adding the `SentryModule` to your
+  application, which led to issues in certain scenarios. You will now have to either add the `SentryGlobalFilter` to
+  your main module providers or decorate the `catch()` method in your existing global exception filters with the newly
+  released `@WithSentry()` decorator. See the [docs](https://docs.sentry.io/platforms/javascript/guides/nestjs/) for
+  more details.
+
+### Other Changes
+
+- feat: Add options for passing nonces to feedback integration (#13347)
+- feat: Add support for SENTRY_SPOTLIGHT env var in Node (#13325)
+- feat(deps): bump @prisma/instrumentation from 5.17.0 to 5.18.0 (#13327)
+- feat(feedback): Improve error message for 403 errors (#13441)
+- fix(deno): Don't rely on `Deno.permissions.querySync` (#13378)
+- fix(replay): Ensure we publish replay CDN bundles (#13437)
+
 Work in this release was contributed by @charpeni. Thank you for your contribution!
 
 ## 8.26.0

dev-packages/browser-integration-tests/package.json

@@ -9,7 +9,7 @@
   "private": true,
   "scripts": {
     "clean": "rimraf -g suites/**/dist loader-suites/**/dist tmp",
-    "install-browsers": "npx playwright install --with-deps",
+    "install-browsers": "[[ -z \"$SKIP_PLAYWRIGHT_BROWSER_INSTALL\" ]] && yarn install-browsers || echo 'Skipping browser installation'",
     "lint": "eslint . --format stylish",
     "fix": "eslint . --format stylish --fix",
     "type-check": "tsc",

dev-packages/browser-integration-tests/suites/feedback/captureFeedbackCsp/init.js

@@ -10,10 +10,3 @@ Sentry.init({
     feedbackIntegration({ tags: { from: 'integration init' }, styleNonce: 'foo1234', scriptNonce: 'foo1234' }),
   ],
 });
-
-document.addEventListener('securitypolicyviolation', () => {
-  const container = document.querySelector('#csp-violation');
-  if (container) {
-    container.innerText = 'CSP Violation';
-  }
-});

dev-packages/browser-integration-tests/suites/feedback/captureFeedbackCsp/subject.js

@@ -0,0 +1,4 @@
+window.__CSPVIOLATION__ = false;
+document.addEventListener('securitypolicyviolation', () => {
+  window.__CSPVIOLATION__ = true;
+});

dev-packages/browser-integration-tests/suites/feedback/captureFeedbackCsp/template.html

@@ -7,7 +7,5 @@
       content="style-src 'nonce-foo1234'; script-src sentry-test.io 'nonce-foo1234';"
     />
   </head>
-  <body>
-    <div id="csp-violation" />
-  </body>
+  <body></body>
 </html>

dev-packages/browser-integration-tests/suites/feedback/captureFeedbackCsp/test.ts

@@ -79,6 +79,6 @@ sentryTest('should capture feedback', async ({ getLocalTestUrl, page }) => {
     },
     platform: 'javascript',
   });
-  const cspContainer = await page.locator('#csp-violation');
-  expect(cspContainer).not.toContainText('CSP Violation');
+  const cspViolation = await page.evaluate<boolean>('window.__CSPVIOLATION__');
+  expect(cspViolation).toBe(false);
 });

packages/cloudflare/README.md

@@ -114,16 +114,16 @@ Currently only ESM handlers are supported.
 import * as Sentry from '@sentry/cloudflare';
 
 export default withSentry(
-	(env) => ({
-		dsn: env.SENTRY_DSN,
+  env => ({
+    dsn: env.SENTRY_DSN,
     // Set tracesSampleRate to 1.0 to capture 100% of spans for tracing.
-		tracesSampleRate: 1.0,
-	}),
-	{
-		async fetch(request, env, ctx) {
-			return new Response('Hello World!');
-		},
-	} satisfies ExportedHandler<Env>
+    tracesSampleRate: 1.0,
+  }),
+  {
+    async fetch(request, env, ctx) {
+      return new Response('Hello World!');
+    },
+  } satisfies ExportedHandler<Env>,
 );
 ```
 

packages/feedback/src/core/sendFeedback.ts

@@ -64,6 +64,12 @@ export const sendFeedback: SendFeedback = (
         );
       }
 
+      if (response && typeof response.statusCode === 'number' && response.statusCode === 403) {
+        return reject(
+          'Unable to send Feedback. This could be because this domain is not in your list of allowed domains.',
+        );
+      }
+
       return reject(
         'Unable to send Feedback. This could be because of network issues, or because you are using an ad-blocker',
       );

scripts/dependency-hash-key.js

@@ -0,0 +1,73 @@
+const crypto = require('crypto');
+const fs = require('fs');
+const path = require('path');
+
+/**
+ * Build a cache key for the dependencies of the monorepo.
+ * In addition to the content of the yarn.lock file, we also include
+ * dependencies of all workspace packages in the cache key.
+ * This ensures that we get a consistent cache key even if a dependency change does not affect
+ * the yarn.lock file.
+ */
+function outputDependencyCacheKey() {
+  const lockfileContent = fs.readFileSync(path.join(process.cwd(), 'yarn.lock'), 'utf8');
+
+  const hashParts = [lockfileContent];
+
+  const packageJson = require(path.join(process.cwd(), 'package.json'));
+
+  const workspacePackages = packageJson.workspaces || [];
+
+  // Get the package name (e.g. @sentry/browser) of all workspace packages
+  // we want to ignore their version numbers later
+  const workspacePackageNames = getWorkspacePackageNames(workspacePackages);
+
+  // Add the dependencies of the workspace itself
+  hashParts.push(getNormalizedDependencies(packageJson, workspacePackageNames));
+
+  // Now for each workspace package, add the dependencies
+  workspacePackages.forEach(workspace => {
+    const packageJsonPath = path.join(process.cwd(), workspace, 'package.json');
+    const packageJson = require(packageJsonPath);
+    hashParts.push(getNormalizedDependencies(packageJson, workspacePackageNames));
+  });
+
+  const hash = crypto.createHash('md5').update(hashParts.join('\n')).digest('hex');
+  // We log the output in a way that the GitHub Actions can append it to the output
+  // We prefix it with `dependencies-` so it is easier to identify in the logs
+  // eslint-disable-next-line no-console
+  console.log(`hash=dependencies-${hash}`);
+}
+
+function getNormalizedDependencies(packageJson, workspacePackageNames) {
+  const { dependencies, devDependencies } = packageJson;
+
+  const mergedDependencies = {
+    ...devDependencies,
+    ...dependencies,
+  };
+
+  const normalizedDependencies = {};
+
+  // Sort the keys to ensure a consistent order
+  Object.keys(mergedDependencies)
+    .sort()
+    .forEach(key => {
+      // If the dependency is a workspace package, ignore the version
+      // No need to invalidate a cache after every release
+      const version = workspacePackageNames.includes(key) ? '**workspace**' : mergedDependencies[key];
+      normalizedDependencies[key] = version;
+    });
+
+  return JSON.stringify(normalizedDependencies);
+}
+
+function getWorkspacePackageNames(workspacePackages) {
+  return workspacePackages.map(workspace => {
+    const packageJsonPath = path.join(process.cwd(), workspace, 'package.json');
+    const packageJson = require(packageJsonPath);
+    return packageJson.name;
+  });
+}
+
+outputDependencyCacheKey();