meta(changelog): Update changelog for 10.60.0#21703
Merged
Merged
Conversation
…terUpload` (#677) Widen the accepted type for `filesToDeleteAfterSourcemaps` to allow us (as well as users) to pass in a `Promise<string | string[]>` to do so. This promise can resolve whenever we know what to set and we await the promise before calling `glob` to get all file paths to delete.
Update changelog for 3.2.0
…PROJECT` in `passThroughEnv` when using Turborepo (#675)
* meta: Update CHANGELOG for 3.2.2 * add #690
Co-authored-by: Charly Gomez <charly.gomez@sentry.io>
* typo: Turbo instead of Trubo Co-authored-by: Caio Lins <caio@soundraw.co.jp> * typo: Turborepo not TurboRepo Co-authored-by: Caio Lins <caio@soundraw.co.jp> --------- Co-authored-by: Caio Lins <dev@clins.me>
These are not in direct use.
… dep (#21688) The vendored `addSqlCommenterComment` helper (from `@opentelemetry/sql-common`) was never wired into any instrumentation. The `pg` integration explicitly dropped the `addSqlCommenterCommentToQueries` option in #21583, leaving it dead code whose only consumer is its own unit test. It was also the sole user of `W3CTraceContextPropagator`, so we can drop the direct `@opentelemetry/core` dependency.
The bundled `BasicTracerProvider` from `@opentelemetry/sdk-trace-base` statically imports `defaultResource` from `@opentelemetry/resources` as a fallback (`mergedConfig.resource ?? defaultResource()`).But we always supply our own ownresource via `getSentryResource()`, so the fallback never runs. The import only needs to resolve. So we shim `@opentelemetry/resources` to a tiny inlined stub during bundling so the real package is never bundled, then remove it from `dependencies`. This also avoids pulling OTel's node-only resource detectors into the edge runtime. Closes: #20983
…ependency (#21691) `@sentry/vercel-edge` declared `@opentelemetry/semantic-conventions` as a devDependency, but nothing in the package imports it (no usage in `src/`, tests, or build config). Remove the stale dependency. This is the last published-package declaration of `@opentelemetry/semantic-conventions` not already covered by the ongoing migration to `@sentry/conventions` (`@sentry/node`'s remaining source imports are handled in #21635). The dependency is still required elsewhere, so `yarn.lock` is unchanged. _Root cause_: the dependency was carried over but never used. Co-authored-by: Opus 4.8 <noreply@anthropic.com>
…me values on `http.client` spans (#21660) #21639 came from a bug where our browser fetch instrumentation didn't explicitly set `url.full` causing it to be set by the `httpContextIntegration` which writes this attribute onto segment spans (but the value in said case is from `window.location`). If streaming is enabled, `http.client` spans can become segment spans if they happen outside of an ongoing segment span, causing the previous mismatch. I'll deprecate `http.url` in a follow-up PR. We should remove this in v11 in favour of `url.full`. closes #21639
Making `@sentry/bundler-plugins` releasable.
| minify: false, | ||
| format: "iife", | ||
| plugins: [sentryEsbuildPlugin(sentryConfig)], | ||
| }); |
There was a problem hiding this comment.
Unawaited esbuild build race
Medium Severity
The CJS esbuild fixture calls esbuild.build() without await, while the ESM configs in the same suite use top-level await. runBundler runs the config with execSync and expects the Node process to finish only after the build completes, so the bundler can finish after the process exits and produce missing or stale output under load.
Reviewed by Cursor Bugbot for commit 5bb310d. Configure here.
| @@ -37,7 +39,7 @@ export const httpContextIntegration = defineIntegration(() => { | |||
| safeSetSpanJSONAttributes(span, { | |||
| // Coerce empty string to undefined so the helper's nullish check drops it, | |||
| // rather than writing an empty `url.full` attribute onto the span. | |||
| 'url.full': reqData.url || undefined, | |||
| 'url.full': spanOp !== 'http.client' ? reqData.url : undefined, | |||
Contributor
There was a problem hiding this comment.
Bug: The change removes the || undefined coercion for non-http.client spans, which can cause an empty string '' to be set for the url.full attribute in environments where getLocationHref() returns ''.
Severity: LOW
Suggested Fix
Restore the || undefined coercion for the non-http.client path to ensure empty strings are dropped. The line could be changed to 'url.full': spanOp !== 'http.client' ? reqData.url || undefined : undefined,. This will align the behavior with the existing comment and prevent empty url.full attributes from being set.
Prompt for AI Agent
Review the code at the location below. A potential bug has been identified by an AI
agent. Verify if this is a real issue. If it is, propose a fix; if not, explain why it's
not valid.
Location: packages/browser/src/integrations/httpcontext.ts#L42
Potential issue: The code modification removes the `|| undefined` coercion for
non-`http.client` spans. In specific environments like browser extensions or service
workers, `getLocationHref()` can return an empty string (`''`) when
`document.location.href` is inaccessible. Previously, this empty string was coerced to
`undefined`, causing the `url.full` attribute to be omitted. The new code will now
incorrectly set `'url.full': ''` on the span in these edge cases, as the
`safeSetSpanJSONAttributes` function does not filter out empty strings. This contradicts
the intent described in a nearby code comment.
Did we get this right? 👍 / 👎 to inform future reviews.
Contributor
size-limit report 📦
|
Lms24
approved these changes
Jun 23, 2026
nicohrubec
approved these changes
Jun 23, 2026
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
5bb310d to
bcef5d9
Compare
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
There are 2 total unresolved issues (including 1 from previous review).
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit bcef5d9. Configure here.
| Sentry.startSpan({ name: 'child-bound' }, () => { | ||
| // noop | ||
| }); | ||
| }); |
There was a problem hiding this comment.
Subject bundle missing Sentry reference
High Severity
The Playwright subject.js calls Sentry.startInactiveSpan, Sentry.withActiveSpan, and related APIs without importing @sentry/browser or using window.Sentry. Integration tests build init and subject as separate webpack entries, so Sentry is not in scope in the subject bundle under the default npm build path this test targets (CDN runs are skipped).
Reviewed by Cursor Bugbot for commit bcef5d9. Configure here.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.