meta: Update CHANGELOG for 8.28.0 #13560

…-tests/test-applications/tanstack-router (#13472) Bumps [micromatch](https://github.com/micromatch/micromatch) from 4.0.7 to 4.0.8. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/micromatch/micromatch/releases">micromatch's releases</a>.</em></p> <blockquote> <h2>4.0.8</h2> <p>Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md">micromatch's changelog</a>.</em></p> <blockquote> <h2>[4.0.8] - 2024-08-22</h2> <ul> <li>backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/micromatch/micromatch/commit/8bd704ec0d9894693d35da425d827819916be920"><code>8bd704e</code></a> 4.0.8</li> <li><a href="https://github.com/micromatch/micromatch/commit/a0e68416a44da10f3e4e30845ab95af4fd286d5a"><code>a0e6841</code></a> run verb to generate README documentation</li> <li><a href="https://github.com/micromatch/micromatch/commit/4ec288484f6e8cccf597ad3d43529c31d0f7a02a"><code>4ec2884</code></a> Merge branch 'v4' into hauserkristof-feature/v4.0.8</li> <li><a href="https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade"><code>03aa805</code></a> Merge pull request <a href="https://redirect.github.com/micromatch/micromatch/issues/266">#266</a> from hauserkristof/feature/v4.0.8</li> <li><a href="https://github.com/micromatch/micromatch/commit/814f5f70efcd100ca9d29198867812a3d6ab91a8"><code>814f5f7</code></a> lint</li> <li><a href="https://github.com/micromatch/micromatch/commit/67fcce6a1077c2faf5ad0c5f998fa70202cc5dae"><code>67fcce6</code></a> fix: CHANGELOG about braces & CVE-2024-4068, v4.0.5</li> <li><a href="https://github.com/micromatch/micromatch/commit/113f2e3fa7cb30b429eda7c4c38475a8e8ba1b30"><code>113f2e3</code></a> fix: CVE numbers in CHANGELOG</li> <li><a href="https://github.com/micromatch/micromatch/commit/d9dbd9a266686f44afb38da26fe016f96d1ec04f"><code>d9dbd9a</code></a> feat: updated CHANGELOG</li> <li><a href="https://github.com/micromatch/micromatch/commit/2ab13157f416679f54e3a32b1425e184bd16749e"><code>2ab1315</code></a> fix: use actions/setup-node@v4</li> <li><a href="https://github.com/micromatch/micromatch/commit/1406ea38f3e24b29f4d4f46908d5cffcb3e6c4ce"><code>1406ea3</code></a> feat: rework test to work on macos with node 10,12 and 14</li> <li>Additional commits viewable in <a href="https://github.com/micromatch/micromatch/compare/4.0.7...4.0.8">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=micromatch&package-manager=npm_and_yarn&previous-version=4.0.7&new-version=4.0.8)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/getsentry/sentry-javascript/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

To be able to use `useRuntimeConfig()` in the user-defined Sentry config file, it needs to be wrapped in a Nuxt context. Right now, this is only done on the client-side because the server-side is currently still in the `public` folder (this will be changed) and cannot use the virtual `#imports` import (`useRuntimeConfig` is imported from `#imports`)

@lforst

There's a bug in Node 22.7.0 with protobuf which we're running into: protobufjs/protobuf.js#2025 Once the bug is fixed, we should revert this PR. h/t @lforst for figuring this out; I'm just merging it into develop 😅

whoops

@ShinyChang

* [fix(rrdom): Ignore invalid DOM attributes when diffing](getsentry/rrweb#213) * [fix: manual snapshot in rAF loop](getsentry/rrweb#210) (thanks @ShinyChang) * [feat: Fix blocking dynamically added iframes](getsentry/rrweb#212)

Noticed that this is mangled on the `options` in the CDN, which it probably shouldn't be...

Previously, we had a CI action to manually clear all caches. This PR adjusts this so this action can be used in a more granular way: * By default, the action will now delete caches of any PR runs that are successful, as well as any caches of release branches. * You can configure to also delete caches on the develop branch, and/or to also delete non-successful PR branches. Additionally, this action will run every midnight, to automatically clear completed/outdated stuff. The goal is to keep develop caches as long as possible, and clear out other caches, unless they failed (which indicates you may want to re-run some of the tests) and unless they are currently running (to not break ongoing tests). Ideally, we do not need to manually run this, but can rely on automated cleanup over night.

This PR changes it so that the build output is kept as an artifact, not a cache. This way, this should never be lost on us. We keep the NX cache as before. I chose a retention period of 7 days, which means that after 7 days you could no longer re-run a workflow partially. IMHO that's a reasonable start, we can adjust this if needed.

--------- Co-authored-by: nicohrubec <nicolas.hrubec@outlook.com> Co-authored-by: Luca Forstner <luca.forstner@sentry.io> Co-authored-by: getsentry-bot <bot@sentry.io> Co-authored-by: getsentry-bot <bot@getsentry.com>

It keeps complaining that this is deprecated, so bumping this to v4.

This PR updates CI to never fail on cache misses. Instead, we rerun install or rebuild the tarballs, if necessary. One tricky aspect of this is that `yarn install` will fail when running on node 14, because some dependencies do not work with it. We "fix" this by temporarily installing the default node version in this case, run `yarn install`, then revert to node 14.

We used to replace `__SENTRY_SDK_SOURCE__` when we built `@sentry/utils`, which means that we could not overwrite it anymore for the CDN bundles, resulting in the SDK source being `npm` for the CDN bundles. This PR changes this so that this is correct now. Closes #13435

) ⚠️ This is a breaking change ⚠️ Simplifies the package by getting rid of the `@sentry/solidstart/middleware` subexport in favor of a regular export. The middleware now needs to be imported like this: ```js import { sentryBeforeResponseMiddleware } from '@sentry/solidstart'; ```

Config example fix. env.DSN was missing process prefix.

Noticed e.g. here: https://github.com/getsentry/sentry-javascript/actions/runs/10594383971/job/29358138105 that this was timing out some times, so increasing the timeout a bit...

Noticed e.g. here: https://github.com/getsentry/sentry-javascript/actions/runs/10594383971/job/29359100222 that saving of the cache was not working. I guess this only works for the combined restore/save step, but here it expects that the cached data is there immediately (which makes sense!).

…an transport creation (#13491) #13466 (comment) correctly points out that we are suppressing tracing for the transport creation instead of the transport execution. This PR wraps the code that is actually conducting the request with `suppressTracing` instead of the transport creation. Fixes #13466

Noticed here: https://github.com/getsentry/sentry-javascript/actions/runs/10594383971/job/29358133582 that this was sometimes failing. While looking into this, we actually did unnecessary work here - we had two levels of symlinks. Now we simply have a single symlink, and since we have unique dirs now we can skip checking for existing files etc.

This PR adds the external contributor to the CHANGELOG.md file, so that they are credited for their contribution. See #13496 Co-authored-by: mydea <2411343+mydea@users.noreply.github.com>

This just skips a flaky E2E solidstart test. It is not a super critical test, so I'd skip this for now until we have time to investigate the flakiness - e.g. see https://github.com/getsentry/sentry-javascript/actions/runs/10596825068/job/29365892465

In some cases, Vue components do not have `options.name` defined, but instead have `options.__name`. Such components will be displayed as anonymous in Sentry and currently won't be matched in `trackComponents`. The same fix was also done in Vue devtools (vuejs/devtools-v6#2020). In my case, the problem were components from my own project, but this change also fixes that.

…route execution (#13264) Adding a span 'Interceptor - After Span' to improve instrumentation for operations happening after the route execution is done. Tracking what happens in individual interceptors after the route is hard, so currently we create one span to trace everything that happens after the route is executed.

Just moving the decorators to improve the structure of the nest SDK package a bit.

We want to show the score for each layout shift as well as the all the nodes that contributed to the score, so we're adding a new `attributions` object to our web vitals data Relates to getsentry/sentry#69881 --------- Co-authored-by: Billy Vong <billyvg@users.noreply.github.com>

This PR adds the external contributor to the CHANGELOG.md file, so that they are credited for their contribution. See #13484 Co-authored-by: Lms24 <8420481+Lms24@users.noreply.github.com>

Includes a few fixes and stuff. Fixes #13504

#13461) Adds two simple custom rules to ignore `(it|test|describe).(skip|only)`. These rules now also flag vitest-based `skip` and `only` functions but led to duplications with the two rules from `eslint-plugin-jest`. So this patch also disables the jest versions in favour of the custom rules. To be clear, the custom rules are likely a bit less robust than the jest/vitest version but until we can use the actual vitest plugin, I think it's fine to stay with our custom version.

…13518) Previously, we only considered `Mutation` style changes of rrweb as "DOM mutations" for dead click detection. However, after closer inspection, there are also some other types of changes that we may consider as DOM mutations. By including these we can hopefully reduce some false positives. Not quite sure how to test this 🤔 It's probably also OK to just ship this, as the worst-case scenario is that we have some false-negatives and do not capture certain things, but our general goal here is to be rather on the cautious side, so I think that is acceptable. Possibly fixes #9755

Remove incorrect normalization logic we applied to LCP, FCP and FP web vital measurements. With this change, we no longer alter the three web vital values but report directly what we received from the web-vitals library. Add a span attribute, `performance.timeOrigin` (feel free to suggest better names) to the pageload root span. This attribute contains the `timeOrigin` value we determine in the SDK. This value [should be used](https://developer.mozilla.org/en-US/docs/Web/API/Performance/timeOrigin) to base performance measurements on.

This takes a lot of resources, and is only very rarely needed. Now, it only always runs profiling node compilation on release branches, and on dedicated profiling-node changes.

…13524)

This flaked e.g. here: https://github.com/getsentry/sentry-javascript/actions/runs/10629179350/job/29465889113

This PR adds the external contributor to the CHANGELOG.md file, so that they are credited for their contribution. See #13524 Co-authored-by: lforst <8118419+lforst@users.noreply.github.com>

We are about to enter a public beta for continuous profiling, which means it is time to expose this from under the wraps of the integration and align it with how the profiler is exposed in python and iOS SDKs --------- Co-authored-by: Luca Forstner <luca.forstner@sentry.io>

Extend options that can be added to `withSentryConfig` part of #13012 --------- Co-authored-by: Luca Forstner <luca.forstner@sentry.io>

Before submitting a pull request, please take a look at our [Contributing](https://github.com/getsentry/sentry-javascript/blob/master/CONTRIBUTING.md) guidelines and verify: - [x] If you've added code that should be tested, please add tests. - [x] Ensure your code lints and the test suite passes (`yarn lint`) & (`yarn test`).

`BaseExceptionFilter` should not be used in GraphQL applications ([ref](nestjs/nest#5958 (comment))). Currently the `SentryGlobalFilter` extends the `BaseExceptionFilter`, which is why GraphQL applications break if an exception is thrown. By default, NestJS + GraphQL environments use the `ExternalExceptionFilter` ([ref](https://github.com/nestjs/nest/blob/master/packages/core/exceptions/external-exception-filter.ts)), which essentially just rethrows the error. So adding a new `SentryGlobalGraphQLFilter` that captures the exception in Sentry and then simply rethrows the error. Additionally, added a new e2e test app to test GraphQL applications. Added a test to verify that basic error reporting works correctly now.

…13544) Before this fix, calling a `use` method on a service that does not implement the `NestMiddleware` interface resulted in an error. This is because we try to proxy the third argument to the function, which in middleware is an express `NextFunction`, but in other classes can be anything, potentially even undefined. This fix introduces further guards to early-return in non-middleware targets. Added a test to verify that services with `use` work fine now. Also added additional tests to verify that this behavior does not occur for `canActivate` (guard), `intercept` (interceptor) and `transform` (pipe) methods.

…EADME (#13554) Forgot to update the README.

This PR adds the external contributor to the CHANGELOG.md file, so that they are credited for their contribution. See #13540

…sing @WithSentry (#13564) Also adds the `nestjs-with-submodules-decorator` e2e test app to be run on CI.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

meta: Update CHANGELOG for 8.28.0 #13560

meta: Update CHANGELOG for 8.28.0 #13560

Commits on Aug 27, 2024

Commits on Aug 28, 2024

Commits on Aug 29, 2024

Commits on Aug 30, 2024

Commits on Sep 2, 2024

Commits on Sep 3, 2024