meta: Update CHANGELOG for 8.28.0 #13560
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…-tests/test-applications/tanstack-router (#13472) Bumps [micromatch](https://github.com/micromatch/micromatch) from 4.0.7 to 4.0.8. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/micromatch/micromatch/releases">micromatch's releases</a>.</em></p> <blockquote> <h2>4.0.8</h2> <p>Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md">micromatch's changelog</a>.</em></p> <blockquote> <h2>[4.0.8] - 2024-08-22</h2> <ul> <li>backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/micromatch/micromatch/commit/8bd704ec0d9894693d35da425d827819916be920"><code>8bd704e</code></a> 4.0.8</li> <li><a href="https://github.com/micromatch/micromatch/commit/a0e68416a44da10f3e4e30845ab95af4fd286d5a"><code>a0e6841</code></a> run verb to generate README documentation</li> <li><a href="https://github.com/micromatch/micromatch/commit/4ec288484f6e8cccf597ad3d43529c31d0f7a02a"><code>4ec2884</code></a> Merge branch 'v4' into hauserkristof-feature/v4.0.8</li> <li><a href="https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade"><code>03aa805</code></a> Merge pull request <a href="https://redirect.github.com/micromatch/micromatch/issues/266">#266</a> from hauserkristof/feature/v4.0.8</li> <li><a href="https://github.com/micromatch/micromatch/commit/814f5f70efcd100ca9d29198867812a3d6ab91a8"><code>814f5f7</code></a> lint</li> <li><a href="https://github.com/micromatch/micromatch/commit/67fcce6a1077c2faf5ad0c5f998fa70202cc5dae"><code>67fcce6</code></a> fix: CHANGELOG about braces & CVE-2024-4068, v4.0.5</li> <li><a href="https://github.com/micromatch/micromatch/commit/113f2e3fa7cb30b429eda7c4c38475a8e8ba1b30"><code>113f2e3</code></a> fix: CVE numbers in CHANGELOG</li> <li><a href="https://github.com/micromatch/micromatch/commit/d9dbd9a266686f44afb38da26fe016f96d1ec04f"><code>d9dbd9a</code></a> feat: updated CHANGELOG</li> <li><a href="https://github.com/micromatch/micromatch/commit/2ab13157f416679f54e3a32b1425e184bd16749e"><code>2ab1315</code></a> fix: use actions/setup-node@v4</li> <li><a href="https://github.com/micromatch/micromatch/commit/1406ea38f3e24b29f4d4f46908d5cffcb3e6c4ce"><code>1406ea3</code></a> feat: rework test to work on macos with node 10,12 and 14</li> <li>Additional commits viewable in <a href="https://github.com/micromatch/micromatch/compare/4.0.7...4.0.8">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/getsentry/sentry-javascript/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
To be able to use `useRuntimeConfig()` in the user-defined Sentry config file, it needs to be wrapped in a Nuxt context. Right now, this is only done on the client-side because the server-side is currently still in the `public` folder (this will be changed) and cannot use the virtual `#imports` import (`useRuntimeConfig` is imported from `#imports`)
There's a bug in Node 22.7.0 with protobuf which we're running into: protobufjs/protobuf.js#2025 Once the bug is fixed, we should revert this PR. h/t @lforst for figuring this out; I'm just merging it into develop 😅
* [fix(rrdom): Ignore invalid DOM attributes when diffing](getsentry/rrweb#213) * [fix: manual snapshot in rAF loop](getsentry/rrweb#210) (thanks @ShinyChang) * [feat: Fix blocking dynamically added iframes](getsentry/rrweb#212)
Noticed that this is mangled on the `options` in the CDN, which it probably shouldn't be...
Previously, we had a CI action to manually clear all caches. This PR adjusts this so this action can be used in a more granular way: * By default, the action will now delete caches of any PR runs that are successful, as well as any caches of release branches. * You can configure to also delete caches on the develop branch, and/or to also delete non-successful PR branches. Additionally, this action will run every midnight, to automatically clear completed/outdated stuff. The goal is to keep develop caches as long as possible, and clear out other caches, unless they failed (which indicates you may want to re-run some of the tests) and unless they are currently running (to not break ongoing tests). Ideally, we do not need to manually run this, but can rely on automated cleanup over night.
This PR changes it so that the build output is kept as an artifact, not a cache. This way, this should never be lost on us. We keep the NX cache as before. I chose a retention period of 7 days, which means that after 7 days you could no longer re-run a workflow partially. IMHO that's a reasonable start, we can adjust this if needed.
--------- Co-authored-by: nicohrubec <nicolas.hrubec@outlook.com> Co-authored-by: Luca Forstner <luca.forstner@sentry.io> Co-authored-by: getsentry-bot <bot@sentry.io> Co-authored-by: getsentry-bot <bot@getsentry.com>
It keeps complaining that this is deprecated, so bumping this to v4.
This PR updates CI to never fail on cache misses. Instead, we rerun install or rebuild the tarballs, if necessary. One tricky aspect of this is that `yarn install` will fail when running on node 14, because some dependencies do not work with it. We "fix" this by temporarily installing the default node version in this case, run `yarn install`, then revert to node 14.
We used to replace `__SENTRY_SDK_SOURCE__` when we built `@sentry/utils`, which means that we could not overwrite it anymore for the CDN bundles, resulting in the SDK source being `npm` for the CDN bundles. This PR changes this so that this is correct now. Closes #13435
Config example fix. env.DSN was missing process prefix.
Noticed e.g. here: https://github.com/getsentry/sentry-javascript/actions/runs/10594383971/job/29358138105 that this was timing out some times, so increasing the timeout a bit...
Noticed e.g. here: https://github.com/getsentry/sentry-javascript/actions/runs/10594383971/job/29359100222 that saving of the cache was not working. I guess this only works for the combined restore/save step, but here it expects that the cached data is there immediately (which makes sense!).
…an transport creation (#13491) #13466 (comment) correctly points out that we are suppressing tracing for the transport creation instead of the transport execution. This PR wraps the code that is actually conducting the request with `suppressTracing` instead of the transport creation. Fixes #13466
Noticed here: https://github.com/getsentry/sentry-javascript/actions/runs/10594383971/job/29358133582 that this was sometimes failing. While looking into this, we actually did unnecessary work here - we had two levels of symlinks. Now we simply have a single symlink, and since we have unique dirs now we can skip checking for existing files etc.
This PR adds the external contributor to the CHANGELOG.md file, so that they are credited for their contribution. See #13496 Co-authored-by: mydea <2411343+mydea@users.noreply.github.com>
This just skips a flaky E2E solidstart test. It is not a super critical test, so I'd skip this for now until we have time to investigate the flakiness - e.g. see https://github.com/getsentry/sentry-javascript/actions/runs/10596825068/job/29365892465
In some cases, Vue components do not have `options.name` defined, but instead have `options.__name`. Such components will be displayed as anonymous in Sentry and currently won't be matched in `trackComponents`. The same fix was also done in Vue devtools (vuejs/devtools-v6#2020). In my case, the problem were components from my own project, but this change also fixes that.
…route execution (#13264) Adding a span 'Interceptor - After Span' to improve instrumentation for operations happening after the route execution is done. Tracking what happens in individual interceptors after the route is hard, so currently we create one span to trace everything that happens after the route is executed.
Just moving the decorators to improve the structure of the nest SDK package a bit.
We want to show the score for each layout shift as well as the all the nodes that contributed to the score, so we're adding a new `attributions` object to our web vitals data Relates to getsentry/sentry#69881 --------- Co-authored-by: Billy Vong <billyvg@users.noreply.github.com>
This PR adds the external contributor to the CHANGELOG.md file, so that they are credited for their contribution. See #13484 Co-authored-by: Lms24 <8420481+Lms24@users.noreply.github.com>
Includes a few fixes and stuff. Fixes #13504
#13461) Adds two simple custom rules to ignore `(it|test|describe).(skip|only)`. These rules now also flag vitest-based `skip` and `only` functions but led to duplications with the two rules from `eslint-plugin-jest`. So this patch also disables the jest versions in favour of the custom rules. To be clear, the custom rules are likely a bit less robust than the jest/vitest version but until we can use the actual vitest plugin, I think it's fine to stay with our custom version.
…13518) Previously, we only considered `Mutation` style changes of rrweb as "DOM mutations" for dead click detection. However, after closer inspection, there are also some other types of changes that we may consider as DOM mutations. By including these we can hopefully reduce some false positives. Not quite sure how to test this 🤔 It's probably also OK to just ship this, as the worst-case scenario is that we have some false-negatives and do not capture certain things, but our general goal here is to be rather on the cautious side, so I think that is acceptable. Possibly fixes #9755
Remove incorrect normalization logic we applied to LCP, FCP and FP web vital measurements. With this change, we no longer alter the three web vital values but report directly what we received from the web-vitals library. Add a span attribute, `performance.timeOrigin` (feel free to suggest better names) to the pageload root span. This attribute contains the `timeOrigin` value we determine in the SDK. This value [should be used](https://developer.mozilla.org/en-US/docs/Web/API/Performance/timeOrigin) to base performance measurements on.
This takes a lot of resources, and is only very rarely needed. Now, it only always runs profiling node compilation on release branches, and on dedicated profiling-node changes.
Bumps [denoland/setup-deno](https://github.com/denoland/setup-deno) from 1.1.4 to 1.4.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/denoland/setup-deno/releases">denoland/setup-deno's releases</a>.</em></p> <blockquote> <h2>1.4.0</h2> <h2>What's Changed</h2> <ul> <li>fix: use dl.deno.land for downloading binaries by <a href="https://github.com/crowlKats"><code>@crowlKats</code></a> in <a href="https://redirect.github.com/denoland/setup-deno/pull/67">denoland/setup-deno#67</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/denoland/setup-deno/compare/v1.3.0...1.4.0">https://github.com/denoland/setup-deno/compare/v1.3.0...1.4.0</a></p> <h2>v1.3.0</h2> <h2>What's Changed</h2> <ul> <li>feat: add "latest" as possible version by <a href="https://github.com/crowlKats"><code>@crowlKats</code></a> in <a href="https://redirect.github.com/denoland/setup-deno/pull/65">denoland/setup-deno#65</a></li> <li>1.3.0 by <a href="https://github.com/crowlKats"><code>@crowlKats</code></a> in <a href="https://redirect.github.com/denoland/setup-deno/pull/66">denoland/setup-deno#66</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/denoland/setup-deno/compare/v1.2.0...v1.3.0">https://github.com/denoland/setup-deno/compare/v1.2.0...v1.3.0</a></p> <h2>v1.2.0</h2> <h2>What's Changed</h2> <ul> <li>Add .tool-versions and .dvmrc support by <a href="https://github.com/jessedijkstra"><code>@jessedijkstra</code></a> in <a href="https://redirect.github.com/denoland/setup-deno/pull/61">denoland/setup-deno#61</a></li> <li>1.2.0 by <a href="https://github.com/kt3k"><code>@kt3k</code></a> in <a href="https://redirect.github.com/denoland/setup-deno/pull/63">denoland/setup-deno#63</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/jessedijkstra"><code>@jessedijkstra</code></a> made their first contribution in <a href="https://redirect.github.com/denoland/setup-deno/pull/61">denoland/setup-deno#61</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/denoland/setup-deno/compare/v1.1.4...v1.2.0">https://github.com/denoland/setup-deno/compare/v1.1.4...v1.2.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/denoland/setup-deno/commit/916edb9a40fd86d1ff57b758807ebe57242f7407"><code>916edb9</code></a> 1.4.0 (<a href="https://redirect.github.com/denoland/setup-deno/issues/68">#68</a>)</li> <li><a href="https://github.com/denoland/setup-deno/commit/b8a676db36a0df315f7934abd107a3fae1aee484"><code>b8a676d</code></a> fix: use dl.deno.land for downloading binaries (<a href="https://redirect.github.com/denoland/setup-deno/issues/67">#67</a>)</li> <li><a href="https://github.com/denoland/setup-deno/commit/ba9dcf3bc3696623d1add6a2f5181ee1b5143de5"><code>ba9dcf3</code></a> 1.3.0 (<a href="https://redirect.github.com/denoland/setup-deno/issues/66">#66</a>)</li> <li><a href="https://github.com/denoland/setup-deno/commit/2bca7ce5232eae0d324444ef78afcdb87e0595ba"><code>2bca7ce</code></a> feat: add "latest" as possible version (<a href="https://redirect.github.com/denoland/setup-deno/issues/65">#65</a>)</li> <li><a href="https://github.com/denoland/setup-deno/commit/f99b7edee36540f7183c45aad62fbb93d6d41d9d"><code>f99b7ed</code></a> 1.2.0 (<a href="https://redirect.github.com/denoland/setup-deno/issues/63">#63</a>)</li> <li><a href="https://github.com/denoland/setup-deno/commit/edde9366ea490a8c3d0667ac856b03d4fa4207a4"><code>edde936</code></a> feat: add .tool-versions and .dvmrc support (<a href="https://redirect.github.com/denoland/setup-deno/issues/61">#61</a>)</li> <li>See full diff in <a href="https://github.com/denoland/setup-deno/compare/v1.1.4...1.4.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This PR adds the external contributor to the CHANGELOG.md file, so that they are credited for their contribution. See #13524 Co-authored-by: lforst <8118419+lforst@users.noreply.github.com>
We are about to enter a public beta for continuous profiling, which means it is time to expose this from under the wraps of the integration and align it with how the profiler is exposed in python and iOS SDKs --------- Co-authored-by: Luca Forstner <luca.forstner@sentry.io>
Extend options that can be added to `withSentryConfig` part of #13012 --------- Co-authored-by: Luca Forstner <luca.forstner@sentry.io>
Before submitting a pull request, please take a look at our [Contributing](https://github.com/getsentry/sentry-javascript/blob/master/CONTRIBUTING.md) guidelines and verify: - [x] If you've added code that should be tested, please add tests. - [x] Ensure your code lints and the test suite passes (`yarn lint`) & (`yarn test`).
`BaseExceptionFilter` should not be used in GraphQL applications ([ref](nestjs/nest#5958 (comment))). Currently the `SentryGlobalFilter` extends the `BaseExceptionFilter`, which is why GraphQL applications break if an exception is thrown. By default, NestJS + GraphQL environments use the `ExternalExceptionFilter` ([ref](https://github.com/nestjs/nest/blob/master/packages/core/exceptions/external-exception-filter.ts)), which essentially just rethrows the error. So adding a new `SentryGlobalGraphQLFilter` that captures the exception in Sentry and then simply rethrows the error. Additionally, added a new e2e test app to test GraphQL applications. Added a test to verify that basic error reporting works correctly now.
…13544) Before this fix, calling a `use` method on a service that does not implement the `NestMiddleware` interface resulted in an error. This is because we try to proxy the third argument to the function, which in middleware is an express `NextFunction`, but in other classes can be anything, potentially even undefined. This fix introduces further guards to early-return in non-middleware targets. Added a test to verify that services with `use` work fine now. Also added additional tests to verify that this behavior does not occur for `canActivate` (guard), `intercept` (interceptor) and `transform` (pipe) methods.
…EADME (#13554) Forgot to update the README.
This PR adds the external contributor to the CHANGELOG.md file, so that they are credited for their contribution. See #13540
size-limit report 📦
|
…sing @WithSentry (#13564) Also adds the `nestjs-with-submodules-decorator` e2e test app to be run on CI.
Lms24
approved these changes
Sep 3, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Updating the changelog for the
8.28.0release.