From b47de74928dc00cf5e0047f11b5d36550fc2e93c Mon Sep 17 00:00:00 2001 From: Abhijeet Prasad Date: Mon, 26 Aug 2024 10:45:36 -0400 Subject: [PATCH 1/8] docs(cloudflare): Fix spacing in README snippet (#13368) Fixes spacing in readme snippet --- packages/cloudflare/README.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/packages/cloudflare/README.md b/packages/cloudflare/README.md index f7de52a56e88..398153563f1c 100644 --- a/packages/cloudflare/README.md +++ b/packages/cloudflare/README.md @@ -114,16 +114,16 @@ Currently only ESM handlers are supported. import * as Sentry from '@sentry/cloudflare'; export default withSentry( - (env) => ({ - dsn: env.SENTRY_DSN, + env => ({ + dsn: env.SENTRY_DSN, // Set tracesSampleRate to 1.0 to capture 100% of spans for tracing. - tracesSampleRate: 1.0, - }), - { - async fetch(request, env, ctx) { - return new Response('Hello World!'); - }, - } satisfies ExportedHandler + tracesSampleRate: 1.0, + }), + { + async fetch(request, env, ctx) { + return new Response('Hello World!'); + }, + } satisfies ExportedHandler, ); ``` From e6861cfd08addb1bd1b661067af539fec9e699f9 Mon Sep 17 00:00:00 2001 From: Catherine Lee <55311782+c298lee@users.noreply.github.com> Date: Mon, 26 Aug 2024 10:58:41 -0400 Subject: [PATCH 2/8] feat(feedback): Improve error message for 403 errors (#13441) If the domain is not in `Allowed Domains` in the Sentry project settings, it would cause a 403 error. The default setting is `*` so this only occurs when the user changes these settings. Fixes https://github.com/getsentry/sentry-javascript/issues/9856 --- packages/feedback/src/core/sendFeedback.ts | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/packages/feedback/src/core/sendFeedback.ts b/packages/feedback/src/core/sendFeedback.ts index ca9875284c6e..c0b8ccaa2704 100644 --- a/packages/feedback/src/core/sendFeedback.ts +++ b/packages/feedback/src/core/sendFeedback.ts @@ -64,6 +64,12 @@ export const sendFeedback: SendFeedback = ( ); } + if (response && typeof response.statusCode === 'number' && response.statusCode === 403) { + return reject( + 'Unable to send Feedback. This could be because this domain is not in your list of allowed domains.', + ); + } + return reject( 'Unable to send Feedback. This could be because of network issues, or because you are using an ad-blocker', ); From 80a116bff448a86a7304fd3bc9156cf62d0746d0 Mon Sep 17 00:00:00 2001 From: Francesco Novy Date: Tue, 27 Aug 2024 10:38:12 +0200 Subject: [PATCH 3/8] fix(replay): Ensure we publish replay CDN bundles (#13437) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Oops, we stopped publishing this, just noticed this while working on my hackweek project... 😬 --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 516b1d47b624..dab69b7bd194 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -344,7 +344,7 @@ jobs: name: ${{ github.sha }} path: | ${{ github.workspace }}/packages/browser/build/bundles/** - ${{ github.workspace }}/packages/replay/build/bundles/** + ${{ github.workspace }}/packages/replay-internal/build/bundles/** ${{ github.workspace }}/packages/replay-canvas/build/bundles/** ${{ github.workspace }}/packages/feedback/build/bundles/** ${{ github.workspace }}/packages/**/*.tgz From 6cb699910b7766139c69a3cd68ec80dc200ac07b Mon Sep 17 00:00:00 2001 From: Charly Gomez Date: Tue, 27 Aug 2024 11:15:54 +0200 Subject: [PATCH 4/8] test: Fix flaky csp test (#13376) --- .../suites/feedback/captureFeedbackCsp/init.js | 7 ------- .../suites/feedback/captureFeedbackCsp/subject.js | 4 ++++ .../suites/feedback/captureFeedbackCsp/template.html | 4 +--- .../suites/feedback/captureFeedbackCsp/test.ts | 4 ++-- 4 files changed, 7 insertions(+), 12 deletions(-) create mode 100644 dev-packages/browser-integration-tests/suites/feedback/captureFeedbackCsp/subject.js diff --git a/dev-packages/browser-integration-tests/suites/feedback/captureFeedbackCsp/init.js b/dev-packages/browser-integration-tests/suites/feedback/captureFeedbackCsp/init.js index 067dbec23fd4..27e5495f66a8 100644 --- a/dev-packages/browser-integration-tests/suites/feedback/captureFeedbackCsp/init.js +++ b/dev-packages/browser-integration-tests/suites/feedback/captureFeedbackCsp/init.js @@ -10,10 +10,3 @@ Sentry.init({ feedbackIntegration({ tags: { from: 'integration init' }, styleNonce: 'foo1234', scriptNonce: 'foo1234' }), ], }); - -document.addEventListener('securitypolicyviolation', () => { - const container = document.querySelector('#csp-violation'); - if (container) { - container.innerText = 'CSP Violation'; - } -}); diff --git a/dev-packages/browser-integration-tests/suites/feedback/captureFeedbackCsp/subject.js b/dev-packages/browser-integration-tests/suites/feedback/captureFeedbackCsp/subject.js new file mode 100644 index 000000000000..66adfd0f87d4 --- /dev/null +++ b/dev-packages/browser-integration-tests/suites/feedback/captureFeedbackCsp/subject.js @@ -0,0 +1,4 @@ +window.__CSPVIOLATION__ = false; +document.addEventListener('securitypolicyviolation', () => { + window.__CSPVIOLATION__ = true; +}); diff --git a/dev-packages/browser-integration-tests/suites/feedback/captureFeedbackCsp/template.html b/dev-packages/browser-integration-tests/suites/feedback/captureFeedbackCsp/template.html index 919f372ef468..8039192f5787 100644 --- a/dev-packages/browser-integration-tests/suites/feedback/captureFeedbackCsp/template.html +++ b/dev-packages/browser-integration-tests/suites/feedback/captureFeedbackCsp/template.html @@ -7,7 +7,5 @@ content="style-src 'nonce-foo1234'; script-src sentry-test.io 'nonce-foo1234';" /> - -
- + diff --git a/dev-packages/browser-integration-tests/suites/feedback/captureFeedbackCsp/test.ts b/dev-packages/browser-integration-tests/suites/feedback/captureFeedbackCsp/test.ts index 95a8a2eacee8..bca9b498fed0 100644 --- a/dev-packages/browser-integration-tests/suites/feedback/captureFeedbackCsp/test.ts +++ b/dev-packages/browser-integration-tests/suites/feedback/captureFeedbackCsp/test.ts @@ -79,6 +79,6 @@ sentryTest('should capture feedback', async ({ getLocalTestUrl, page }) => { }, platform: 'javascript', }); - const cspContainer = await page.locator('#csp-violation'); - expect(cspContainer).not.toContainText('CSP Violation'); + const cspViolation = await page.evaluate('window.__CSPVIOLATION__'); + expect(cspViolation).toBe(false); }); From 195482c8e2811a84cb003845a64992c69b64237b Mon Sep 17 00:00:00 2001 From: Francesco Novy Date: Tue, 27 Aug 2024 12:37:03 +0200 Subject: [PATCH 5/8] ci: Stabilize CI dependency cache key (#13401) Ensure it only changes if actual dependencies change. Previously, we would invalidate the dependency cache every time a package.json of the workspace changed in any way. This is defensive, but it also means that we also invalidate if one of these things happen: 1. A script or similar is added/edited for workspace package 2. A release is made, bumping internal dependency versions This change updates this to calculate the hash with a slightly more sophisticated approach, which should hopefully ensure we only actually bust the cache when a dependency _actually_ changes. This should lead to the dependency cache being re-used much more, because only rarely is an actual dependency changed. --------- Co-authored-by: Charly Gomez --- .../actions/install-dependencies/action.yml | 4 +- scripts/dependency-hash-key.js | 73 +++++++++++++++++++ 2 files changed, 74 insertions(+), 3 deletions(-) create mode 100644 scripts/dependency-hash-key.js diff --git a/.github/actions/install-dependencies/action.yml b/.github/actions/install-dependencies/action.yml index 8cb80ac7440e..5fbf87c67d79 100644 --- a/.github/actions/install-dependencies/action.yml +++ b/.github/actions/install-dependencies/action.yml @@ -9,11 +9,9 @@ outputs: runs: using: "composite" steps: - # we use a hash of yarn.lock as our cache key, because if it hasn't changed, our dependencies haven't changed, - # so no need to reinstall them - name: Compute dependency cache key id: compute_lockfile_hash - run: echo "hash=dependencies-${{ hashFiles('yarn.lock', 'packages/*/package.json', 'dev-packages/*/package.json') }}" >> "$GITHUB_OUTPUT" + run: node ./scripts/dependency-hash-key.js >> "$GITHUB_OUTPUT" shell: bash - name: Check dependency cache diff --git a/scripts/dependency-hash-key.js b/scripts/dependency-hash-key.js new file mode 100644 index 000000000000..55e38e4a385e --- /dev/null +++ b/scripts/dependency-hash-key.js @@ -0,0 +1,73 @@ +const crypto = require('crypto'); +const fs = require('fs'); +const path = require('path'); + +/** + * Build a cache key for the dependencies of the monorepo. + * In addition to the content of the yarn.lock file, we also include + * dependencies of all workspace packages in the cache key. + * This ensures that we get a consistent cache key even if a dependency change does not affect + * the yarn.lock file. + */ +function outputDependencyCacheKey() { + const lockfileContent = fs.readFileSync(path.join(process.cwd(), 'yarn.lock'), 'utf8'); + + const hashParts = [lockfileContent]; + + const packageJson = require(path.join(process.cwd(), 'package.json')); + + const workspacePackages = packageJson.workspaces || []; + + // Get the package name (e.g. @sentry/browser) of all workspace packages + // we want to ignore their version numbers later + const workspacePackageNames = getWorkspacePackageNames(workspacePackages); + + // Add the dependencies of the workspace itself + hashParts.push(getNormalizedDependencies(packageJson, workspacePackageNames)); + + // Now for each workspace package, add the dependencies + workspacePackages.forEach(workspace => { + const packageJsonPath = path.join(process.cwd(), workspace, 'package.json'); + const packageJson = require(packageJsonPath); + hashParts.push(getNormalizedDependencies(packageJson, workspacePackageNames)); + }); + + const hash = crypto.createHash('md5').update(hashParts.join('\n')).digest('hex'); + // We log the output in a way that the GitHub Actions can append it to the output + // We prefix it with `dependencies-` so it is easier to identify in the logs + // eslint-disable-next-line no-console + console.log(`hash=dependencies-${hash}`); +} + +function getNormalizedDependencies(packageJson, workspacePackageNames) { + const { dependencies, devDependencies } = packageJson; + + const mergedDependencies = { + ...devDependencies, + ...dependencies, + }; + + const normalizedDependencies = {}; + + // Sort the keys to ensure a consistent order + Object.keys(mergedDependencies) + .sort() + .forEach(key => { + // If the dependency is a workspace package, ignore the version + // No need to invalidate a cache after every release + const version = workspacePackageNames.includes(key) ? '**workspace**' : mergedDependencies[key]; + normalizedDependencies[key] = version; + }); + + return JSON.stringify(normalizedDependencies); +} + +function getWorkspacePackageNames(workspacePackages) { + return workspacePackages.map(workspace => { + const packageJsonPath = path.join(process.cwd(), workspace, 'package.json'); + const packageJson = require(packageJsonPath); + return packageJson.name; + }); +} + +outputDependencyCacheKey(); From 5b9d3bbbadc728304e8a49bb17dd1d6e8d0bdc2e Mon Sep 17 00:00:00 2001 From: Francesco Novy Date: Tue, 27 Aug 2024 12:44:22 +0200 Subject: [PATCH 6/8] ci: Always run build on develop branch (#13404) Noticed this here: https://github.com/getsentry/sentry-javascript/actions/runs/10417249817, when merging a markdown-only PR into develop, CI will not fully run there. --- .github/workflows/build.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index dab69b7bd194..3196f5bf1ddd 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -127,7 +127,9 @@ jobs: runs-on: ubuntu-20.04 timeout-minutes: 15 if: | - needs.job_get_metadata.outputs.changed_any_code == 'true' && + needs.job_get_metadata.outputs.changed_any_code == 'true' || + needs.job_get_metadata.outputs.is_develop == 'true' || + needs.job_get_metadata.outputs.is_release == 'true' || (needs.job_get_metadata.outputs.is_gitflow_sync == 'false' && needs.job_get_metadata.outputs.has_gitflow_label == 'false') steps: - name: Check out base commit (${{ github.event.pull_request.base.sha }}) From ea847d158fdb434b07248f9cd0decdb69ff02160 Mon Sep 17 00:00:00 2001 From: Luca Forstner Date: Tue, 27 Aug 2024 13:13:06 +0200 Subject: [PATCH 7/8] ci: Don't fail profiling bindings job on cache miss (#13464) --- .github/workflows/build.yml | 31 ++++++------------- .../browser-integration-tests/package.json | 2 +- 2 files changed, 11 insertions(+), 22 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 3196f5bf1ddd..39b024bd77dd 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1418,6 +1418,11 @@ jobs: with: ref: ${{ env.HEAD_COMMIT }} + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version: ${{ matrix.node }} + - name: Restore dependency cache uses: actions/cache/restore@v4 id: restore-dependencies @@ -1425,24 +1430,17 @@ jobs: path: ${{ env.CACHED_DEPENDENCY_PATHS }} key: ${{ needs.job_build.outputs.dependency_cache_key }} enableCrossOsArchive: true - fail-on-cache-miss: true - - name: Restore build cache - uses: actions/cache/restore@v4 - id: restore-build - with: - path: ${{ env.CACHED_BUILD_PATHS }} - key: ${{ needs.job_build.outputs.dependency_cache_key }} - enableCrossOsArchive: true - fail-on-cache-miss: true + - name: Install dependencies + env: + SKIP_PLAYWRIGHT_BROWSER_INSTALL: "1" + if: steps.restore-dependencies.outputs.cache-hit != 'true' + run: yarn install --ignore-engines --frozen-lockfile - name: Configure safe directory run: | git config --global --add safe.directory "*" - - name: Install yarn - run: npm i -g yarn@1.22.19 --force - - name: Increase yarn network timeout on Windows if: contains(matrix.os, 'windows') run: yarn config set network-timeout 600000 -g @@ -1454,15 +1452,6 @@ jobs: with: python-version: '3.8.10' - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version: ${{ matrix.node }} - - - name: Install Dependencies - if: steps.restore-dependencies.outputs.cache-hit != 'true' - run: yarn install --frozen-lockfile --ignore-engines --ignore-scripts - - name: Setup (arm64| ${{ contains(matrix.container, 'alpine') && 'musl' || 'glibc' }}) if: matrix.arch == 'arm64' && !contains(matrix.container, 'alpine') && matrix.target_platform != 'darwin' run: | diff --git a/dev-packages/browser-integration-tests/package.json b/dev-packages/browser-integration-tests/package.json index 2e2e6cab12ab..dfd3b78c2c14 100644 --- a/dev-packages/browser-integration-tests/package.json +++ b/dev-packages/browser-integration-tests/package.json @@ -9,7 +9,7 @@ "private": true, "scripts": { "clean": "rimraf -g suites/**/dist loader-suites/**/dist tmp", - "install-browsers": "npx playwright install --with-deps", + "install-browsers": "[[ -z \"$SKIP_PLAYWRIGHT_BROWSER_INSTALL\" ]] && yarn install-browsers || echo 'Skipping browser installation'", "lint": "eslint . --format stylish", "fix": "eslint . --format stylish --fix", "type-check": "tsc", From 205f1275aaa0c25e63472d9d24125a8b30b011e9 Mon Sep 17 00:00:00 2001 From: nicohrubec Date: Tue, 27 Aug 2024 13:27:51 +0200 Subject: [PATCH 8/8] meta: Update CHANGELOG for 8.27.0 --- CHANGELOG.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7864efac6871..6fa005af46c5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,27 @@ - "You miss 100 percent of the chances you don't take. — Wayne Gretzky" — Michael Scott +## 8.27.0 + +### Important Changes + +- **fix(nestjs): Exception filters in main app module are not being executed (#13278)** + + With this release nestjs error monitoring is no longer automatically set up after adding the `SentryModule` to your + application, which led to issues in certain scenarios. You will now have to either add the `SentryGlobalFilter` to + your main module providers or decorate the `catch()` method in your existing global exception filters with the newly + released `@WithSentry()` decorator. See the [docs](https://docs.sentry.io/platforms/javascript/guides/nestjs/) for + more details. + +### Other Changes + +- feat: Add options for passing nonces to feedback integration (#13347) +- feat: Add support for SENTRY_SPOTLIGHT env var in Node (#13325) +- feat(deps): bump @prisma/instrumentation from 5.17.0 to 5.18.0 (#13327) +- feat(feedback): Improve error message for 403 errors (#13441) +- fix(deno): Don't rely on `Deno.permissions.querySync` (#13378) +- fix(replay): Ensure we publish replay CDN bundles (#13437) + Work in this release was contributed by @charpeni. Thank you for your contribution! ## 8.26.0