fix(deps): update dependency @sentry/bun to v8.49.0 [security] - autoclosed

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@sentry/bun (source)	8.35.0 -> 8.49.0

GitHub Vulnerability Alerts

GHSA-r5w7-f542-q2j4

Impact

The ContextLines integration uses readable streams to more efficiently use memory when reading files. The ContextLines integration is used to attach source context to outgoing events.

The stream was not explicitly closed after use. This could lead to excessive amounts of file handles open on the system and potentially lead to a Denial of Service (DoS).

The ContextLines integration is enabled by default in the Node SDK (@sentry/node) and SDKs that run in Node.js environments (@sentry/astro, @sentry/aws-serverless, @sentry/bun, @sentry/google-cloud-serverless, @sentry/nestjs, @sentry/nextjs, @sentry/nuxt, @sentry/remix, @sentry/solidstart, @sentry/sveltekit).

Patches

Users should upgrade to version 8.49.0 or higher.

Workarounds

To remediate this issue in affected versions without upgrading to version 8.49.0 and above you can disable the ContextLines integration. See the docs for more details.

Sentry.init({
  // ...
  integrations: function (integrations) {
    // integrations will be all default integrations
    return integrations.filter(function (integration) {
      return integration.name !== "ContextLines";
    });
  },
});

If you disable the ContextLines integration, you will lose source context on your error events.

References

• Reported issue: https://github.com/getsentry/sentry-javascript/issues/14892
• PR Fix: https://github.com/getsentry/sentry-javascript/pull/14997

---

Release Notes

getsentry/sentry-javascript (@​sentry/bun)

v8.49.0

Compare Source

• feat(v8/browser): Flush offline queue on flush and browser online event (#​14969)
• feat(v8/react): Add a handled prop to ErrorBoundary (#​14978)
• fix(profiling/v8): Don't put require, __filename and __dirname on global object (#​14952)
• fix(v8/node): Enforce that ContextLines integration does not leave open file handles (#​14997)
• fix(v8/replay): Disable mousemove sampling in rrweb for iOS browsers (#​14944)
• fix(v8/sveltekit): Ensure source maps deletion is called after source ma… (#​14963)
• fix(v8/vue): Re-throw error when no errorHandler exists (#​14943)

Work in this release was contributed by @​HHK1 and @​mstrokin. Thank you for your contributions!

v8.48.0

Compare Source

Deprecations

• feat(v8/core): Deprecate getDomElement method (#​14799)

  Deprecates getDomElement. There is no replacement.

Other changes

• fix(nestjs/v8): Use correct main/module path in package.json (#​14791)
• fix(v8/core): Use consistent continueTrace implementation in core (#​14819)
• fix(v8/node): Correctly resolve debug IDs for ANR events with custom appRoot (#​14823)
• fix(v8/node): Ensure NODE_OPTIONS is not passed to worker threads (#​14825)
• fix(v8/angular): Fall back to element tagName when name is not provided to TraceDirective (#​14828)
• fix(aws-lambda): Remove version suffix from lambda layer (#​14843)
• fix(v8/node): Ensure express requests are properly handled (#​14851)
• feat(v8/node): Add openTelemetrySpanProcessors option (#​14853)
• fix(v8/react): Use Set as the allRoutes container. (#​14878) (#​14884)
• fix(v8/react): Improve handling of routes nested under path="/" (#​14897)
• feat(v8/core): Add normalizedRequest to samplingContext (#​14903)
• fix(v8/feedback): Avoid lazy loading code for syncFeedbackIntegration (#​14918)

Work in this release was contributed by @​arturovt. Thank you for your contribution!

v8.47.0

Compare Source

• feat(v8/core): Add updateSpanName helper function (#​14736)
• feat(v8/node): Do not overwrite prisma db.system in newer Prisma versions (#​14772)
• feat(v8/node/deps): Bump @​prisma/instrumentation from 5.19.1 to 5.22.0 (#​14755)
• feat(v8/replay): Mask srcdoc iframe contents per default (#​14779)
• ref(v8/nextjs): Fix typo in source maps deletion warning (#​14776)

Work in this release was contributed by @​aloisklink and @​benjick. Thank you for your contributions!

v8.46.0

Compare Source

• feat: Allow capture of more than 1 ANR event [v8] (#​14713)
• feat(node): Detect Railway release name [v8] (#​14714)
• fix: Normalise ANR debug image file paths if appRoot was supplied [v8] (#​14709)
• fix(nuxt): Remove build config from tsconfig (#​14737)

Work in this release was contributed by @​conor-ob. Thank you for your contribution!

v8.45.1

Compare Source

• fix(feedback): Return when the sendFeedback promise resolves (#​14683)

Work in this release was contributed by @​antonis. Thank you for your contribution!

v8.45.0

Compare Source

• feat(core): Add handled option to captureConsoleIntegration (#​14664)
• feat(browser): Attach virtual stack traces to HttpClient events (#​14515)
• feat(replay): Upgrade rrweb packages to 2.31.0 (#​14689)
• fix(aws-serverless): Remove v8 layer as it overwrites the current layer for docs (#​14679)
• fix(browser): Mark stack trace from captureMessage with attachStacktrace: true as synthetic (#​14668)
• fix(core): Mark stack trace from captureMessage with attatchStackTrace: true as synthetic (#​14670)
• fix(core): Set level in server runtime captureException (#​10587)
• fix(profiling-node): Guard invocation of native profiling methods (#​14676)
• fix(nuxt): Inline nitro-utils function (#​14680)
• fix(profiling-node): Ensure profileId is added to transaction event (#​14681)
• fix(react): Add React Router Descendant Routes support (#​14304)
• fix: Disable ANR and Local Variables if debugger is enabled via CLI args (#​14643)

Work in this release was contributed by @​anonrig and @​Zih0. Thank you for your contributions!

v8.44.0

Compare Source

Deprecations

• feat: Deprecate autoSessionTracking (#​14640)

  Deprecates autoSessionTracking.
  To enable session tracking, it is recommended to unset autoSessionTracking and ensure that either, in browser environments
  the browserSessionIntegration is added, or in server environments the httpIntegration is added.

  To disable session tracking, it is recommended to unset autoSessionTracking and to remove the browserSessionIntegration in
  browser environments, or in server environments configure the httpIntegration with the trackIncomingRequestsAsSessions option set to false.

Other Changes

• feat: Reword log message around unsent spans (#​14641)
• feat(opentelemetry): Set response context for http.server spans (#​14634)
• fix(google-cloud-serverless): Update homepage link in package.json (#​14411)
• fix(nuxt): Add unbuild config to not fail on warn (#​14662)

Work in this release was contributed by @​robinvw1. Thank you for your contribution!

v8.43.0

Compare Source

Important Changes

• feat(nuxt): Add option autoInjectServerSentry (no default import()) (#​14553)

  Using the dynamic import() as the default behavior for initializing the SDK on the server-side did not work for every project.
  The default behavior of the SDK has been changed, and you now need to use the --import flag to initialize Sentry on the server-side to leverage full functionality.

  Example with --import:

  node --import ./.output/server/sentry.server.config.mjs .output/server/index.mjs

  In case you are not able to use the --import flag, you can enable auto-injecting Sentry in the nuxt.config.ts (comes with limitations):

  sentry: {
    autoInjectServerSentry: 'top-level-import', // or 'experimental_dynamic-import'
  },

• feat(browser): Adds LaunchDarkly and OpenFeature integrations (#​14207)

  Adds browser SDK integrations for tracking feature flag evaluations through the LaunchDarkly JS SDK and OpenFeature Web SDK:

  import * as Sentry from '@​sentry/browser';
  
  Sentry.init({
    integrations: [
      // Track LaunchDarkly feature flags
      Sentry.launchDarklyIntegration(),
      // Track OpenFeature feature flags
      Sentry.openFeatureIntegration(),
    ],
  });

  • Read more about the Feature Flags feature in Sentry.
  • Read more about the LaunchDarkly SDK Integration.
  • Read more about the OpenFeature SDK Integration.

• feat(browser): Add featureFlagsIntegration for custom tracking of flag evaluations (#​14582)

  Adds a browser integration to manually track feature flags with an API. Feature flags are attached to subsequent error events:

  import * as Sentry from '@​sentry/browser';
  
  const featureFlagsIntegrationInstance = Sentry.featureFlagsIntegration();
  
  Sentry.init({
    // Initialize the SDK with the feature flag integration
    integrations: [featureFlagsIntegrationInstance],
  });
  
  // Manually track a feature flag
  featureFlagsIntegrationInstance.addFeatureFlag('my-feature', true);

• feat(astro): Add Astro 5 support (#​14613)

  With this release, the Sentry Astro SDK officially supports Astro 5.

Deprecations

• feat(nextjs): Deprecate typedef for hideSourceMaps (#​14594)

  The functionality of hideSourceMaps was removed in version 8 but was forgotten to be deprecated and removed.
  It will be completely removed in the next major version.

• feat(core): Deprecate APIs around RequestSessions (#​14566)

  The APIs around RequestSessions are mostly used internally.
  Going forward the SDK will not expose concepts around RequestSessions.
  Instead, functionality around server-side Release Health will be managed in integrations.

Other Changes

• feat(browser): Add browserSessionIntegration (#​14551)
• feat(core): Add raw_security envelope types (#​14562)
• feat(deps): Bump @​opentelemetry/instrumentation from 0.55.0 to 0.56.0 (#​14625)
• feat(deps): Bump @​sentry/cli from 2.38.2 to 2.39.1 (#​14626)
• feat(deps): Bump @​sentry/rollup-plugin from 2.22.6 to 2.22.7 (#​14622)
• feat(deps): Bump @​sentry/webpack-plugin from 2.22.6 to 2.22.7 (#​14623)
• feat(nestjs): Add fastify support (#​14549)
• feat(node): Add @​vercel/ai instrumentation (#​13892)
• feat(node): Add disableAnrDetectionForCallback function (#​14359)
• feat(node): Add trackIncomingRequestsAsSessions option to http integration (#​14567)
• feat(nuxt): Add option autoInjectServerSentry (no default import()) (#​14553)
• feat(nuxt): Add warning when Netlify or Vercel build is discovered (#​13868)
• feat(nuxt): Improve serverless event flushing and scope isolation (#​14605)
• feat(opentelemetry): Stop looking at propagation context for span creation (#​14481)
• feat(opentelemetry): Update OpenTelemetry dependencies to ^1.29.0 (#​14590)
• feat(opentelemetry): Update OpenTelemetry dependencies to 1.28.0 (#​14547)
• feat(replay): Upgrade rrweb packages to 2.30.0 (#​14597)
• fix(core): Decode filename and module stack frame properties in Node stack parser (#​14544)
• fix(core): Filter out unactionable CEFSharp promise rejection error by default (#​14595)
• fix(nextjs): Don't show warning about devtool option (#​14552)
• fix(nextjs): Only apply tracing metadata to data fetcher data when data is an object (#​14575)
• fix(node): Guard against invalid maxSpanWaitDuration values (#​14632)
• fix(react): Match routes with parseSearch option in TanStack Router instrumentation (#​14328)
• fix(sveltekit): Fix git SHA not being picked up for release (#​14540)
• fix(types): Fix generic exports with default (#​14576)

Work in this release was contributed by @​lsmurray. Thank you for your contribution!

v8.42.0

Compare Source

Important Changes

• feat(react): React Router v7 support (library) (#​14513)

  This release adds support for React Router v7 (library mode).
  Check out the docs on how to set up the integration: Sentry React Router v7 Integration Docs

Deprecations

• feat: Warn about source-map generation (#​14533)

  In the next major version of the SDK we will change how source maps are generated when the SDK is added to an application.
  Currently, the implementation varies a lot between different SDKs and can be difficult to understand.
  Moving forward, our goal is to turn on source maps for every framework, unless we detect that they are explicitly turned off.
  Additionally, if we end up enabling source maps, we will emit a log message that we did so.

  With this particular release, we are emitting warnings that source map generation will change in the future and we print instructions on how to prepare for the next major.

• feat(nuxt): Deprecate tracingOptions in favor of vueIntegration (#​14530)

  Currently it is possible to configure tracing options in two places in the Sentry Nuxt SDK:

  • In Sentry.init()
  • Inside tracingOptions in Sentry.init()

  For tree-shaking purposes and alignment with the Vue SDK, it is now recommended to instead use the newly exported vueIntegration() and its tracingOptions option to configure tracing options in the Nuxt SDK:

  // sentry.client.config.ts
  import * as Sentry from '@​sentry/nuxt';
  
  Sentry.init({
    // ...
    integrations: [
      Sentry.vueIntegration({
        tracingOptions: {
          trackComponents: true,
        },
      }),
    ],
  });

Other Changes

• feat(browser-utils): Update web-vitals to v4.2.4 (#​14439)
• feat(nuxt): Expose vueIntegration (#​14526)
• fix(feedback): Handle css correctly in screenshot mode (#​14535)

v8.41.0

Compare Source

Important Changes

• meta(nuxt): Require minimum Nuxt v3.7.0 (#​14473)

  We formalized that the Nuxt SDK is at minimum compatible with Nuxt version 3.7.0 and above.
  Additionally, the SDK requires the implicit nitropack dependency to satisfy version ^2.10.0 and ofetch to satisfy ^1.4.0.
  It is recommended to check your lock-files and manually upgrade these dependencies if they don't match the version ranges.

Deprecations

We are deprecating a few APIs which will be removed in the next major.

The following deprecations will potentially affect you:

• feat(core): Update & deprecate undefined option handling (#​14450)

  In the next major version we will change how passing undefined to tracesSampleRate / tracesSampler / enableTracing will behave.

  Currently, doing the following:

  Sentry.init({
    tracesSampleRate: undefined,
  });

  Will result in tracing being enabled (although no spans will be generated) because the tracesSampleRate key is present in the options object.
  In the next major version, this behavior will be changed so that passing undefined (or rather having a tracesSampleRate key) will result in tracing being disabled, the same as not passing the option at all.
  If you are currently relying on undefined being passed, and and thus have tracing enabled, it is recommended to update your config to set e.g. tracesSampleRate: 0 instead, which will also enable tracing in v9.

  The same applies to tracesSampler and enableTracing.

• feat(core): Log warnings when returning null in beforeSendSpan (#​14433)

  Currently, the beforeSendSpan option in Sentry.init() allows you to drop individual spans from a trace by returning null from the hook.
  Since this API lends itself to creating "gaps" inside traces, we decided to change how this API will work in the next major version.

  With the next major version the beforeSendSpan API can only be used to mutate spans, but no longer to drop them.
  With this release the SDK will warn you if you are using this API to drop spans.
  Instead, it is recommended to configure instrumentation (i.e. integrations) directly to control what spans are created.

  Additionally, with the next major version, root spans will also be passed to beforeSendSpan.

• feat(utils): Deprecate @sentry/utils (#​14431)

  With the next major version the @sentry/utils package will be merged into the @sentry/core package.
  It is therefore no longer recommended to use the @sentry/utils package.

• feat(vue): Deprecate configuring Vue tracing options anywhere else other than through the vueIntegration's tracingOptions option (#​14385)

  Currently it is possible to configure tracing options in various places in the Sentry Vue SDK:

  • In Sentry.init()
  • Inside tracingOptions in Sentry.init()
  • In the vueIntegration() options
  • Inside tracingOptions in the vueIntegration() options

  Because this is a bit messy and confusing to document, the only recommended way to configure tracing options going forward is through the tracingOptions in the vueIntegration().
  The other means of configuration will be removed in the next major version of the SDK.

• feat: Deprecate registerEsmLoaderHooks.include and registerEsmLoaderHooks.exclude (#​14486)

  Currently it is possible to define registerEsmLoaderHooks.include and registerEsmLoaderHooks.exclude options in Sentry.init() to only apply ESM loader hooks to a subset of modules.
  This API served as an escape hatch in case certain modules are incompatible with ESM loader hooks.

  Since this API was introduced, a way was found to only wrap modules that there exists instrumentation for (meaning a vetted list).
  To only wrap modules that have instrumentation, it is recommended to instead set registerEsmLoaderHooks.onlyIncludeInstrumentedModules to true.

  Note that onlyIncludeInstrumentedModules: true will become the default behavior in the next major version and the registerEsmLoaderHooks will no longer accept fine-grained options.

The following deprecations will most likely not affect you unless you are building an SDK yourself:

• feat(core): Deprecate arrayify (#​14405)
• feat(core): Deprecate flatten (#​14454)
• feat(core): Deprecate urlEncode (#​14406)
• feat(core): Deprecate validSeverityLevels (#​14407)
• feat(core/utils): Deprecate getNumberOfUrlSegments (#​14458)
• feat(utils): Deprecate memoBuilder, BAGGAGE_HEADER_NAME, and makeFifoCache (#​14434)
• feat(utils/core): Deprecate addRequestDataToEvent and extractRequestData (#​14430)

Other Changes

• feat: Streamline sentry-trace, baggage and DSC handling (#​14364)
• feat(core): Further optimize debug ID parsing (#​14365)
• feat(node): Add openTelemetryInstrumentations option (#​14484)
• feat(nuxt): Add filter for not found source maps (devtools) (#​14437)
• feat(nuxt): Only delete public source maps (#​14438)
• fix(nextjs): Don't report NEXT_REDIRECT from browser (#​14440)
• perf(opentelemetry): Bucket spans for cleanup (#​14154)

Work in this release was contributed by @​NEKOYASAN and @​fmorett. Thank you for your contributions!

v8.40.0

Compare Source

Important Changes

• feat(angular): Support Angular 19 (#​14398)

  The @sentry/angular SDK can now be used with Angular 19. If you're upgrading to the new Angular version, you might want to migrate from the now deprecated APP_INITIALIZER token to provideAppInitializer.
  In this case, change the Sentry TraceService initialization in app.config.ts:

  // Angular 18
  export const appConfig: ApplicationConfig = {
    providers: [
      // other providers
      {
        provide: TraceService,
        deps: [Router],
      },
      {
        provide: APP_INITIALIZER,
        useFactory: () => () => {},
        deps: [TraceService],
        multi: true,
      },
    ],
  };
  
  // Angular 19
  export const appConfig: ApplicationConfig = {
    providers: [
      // other providers
      {
        provide: TraceService,
        deps: [Router],
      },
      provideAppInitializer(() => {
        inject(TraceService);
      }),
    ],
  };

• feat(core): Deprecate debugIntegration and sessionTimingIntegration (#​14363)

  The debugIntegration was deprecated and will be removed in the next major version of the SDK.
  To log outgoing events, use Hook Options (beforeSend, beforeSendTransaction, ...).

  The sessionTimingIntegration was deprecated and will be removed in the next major version of the SDK.
  To capture session durations alongside events, use Context (Sentry.setContext()).

• feat(nestjs): Deprecate @WithSentry in favor of @SentryExceptionCaptured (#​14323)

  The @WithSentry decorator was deprecated. Use @SentryExceptionCaptured instead. This is a simple renaming and functionality stays identical.

• feat(nestjs): Deprecate SentryTracingInterceptor, SentryService, SentryGlobalGenericFilter, SentryGlobalGraphQLFilter (#​14371)

  The SentryTracingInterceptor was deprecated. If you are using @sentry/nestjs you can safely remove any references to the SentryTracingInterceptor. If you are using another package migrate to @sentry/nestjs and remove the SentryTracingInterceptor afterwards.

  The SentryService was deprecated and its functionality was added to Sentry.init. If you are using @sentry/nestjs you can safely remove any references to the SentryService. If you are using another package migrate to @sentry/nestjs and remove the SentryService afterwards.

  The SentryGlobalGenericFilter was deprecated. Use the SentryGlobalFilter instead which is a drop-in replacement.

  The SentryGlobalGraphQLFilter was deprecated. Use the SentryGlobalFilter instead which is a drop-in replacement.

• feat(node): Deprecate nestIntegration and setupNestErrorHandler in favor of using @sentry/nestjs (#​14374)

  The nestIntegration and setupNestErrorHandler functions from @sentry/node were deprecated and will be removed in the next major version of the SDK. If you're using @sentry/node in a NestJS application, we recommend switching to our new dedicated @sentry/nestjs package.

Other Changes

• feat(browser): Send additional LCP timing info (#​14372)
• feat(replay): Clear event buffer when full and in buffer mode (#​14078)
• feat(core): Ensure normalizedRequest on sdkProcessingMetadata is merged (#​14315)
• feat(core): Hoist everything from @sentry/utils into @sentry/core (#​14382)
• fix(core): Do not throw when trying to fill readonly properties (#​14402)
• fix(feedback): Fix __self and __source attributes on feedback nodes (#​14356)
• fix(feedback): Fix non-wrapping form title (#​14355)
• fix(nextjs): Update check for not found navigation error (#​14378)

v8.39.0

Compare Source

Important Changes

• feat(nestjs): Instrument event handlers (#​14307)

The @sentry/nestjs SDK will now capture performance data for NestJS Events (@nestjs/event-emitter)

Other Changes

• feat(nestjs): Add alias @SentryExceptionCaptured for @WithSentry (#​14322)
• feat(nestjs): Duplicate SentryService behaviour into @sentry/nestjs SDK init() (#​14321)
• feat(nestjs): Handle GraphQL contexts in SentryGlobalFilter (#​14320)
• feat(node): Add alias childProcessIntegration for processThreadBreadcrumbIntegration and deprecate it (#​14334)
• feat(node): Ensure request bodies are reliably captured for http requests (#​13746)
• feat(replay): Upgrade rrweb packages to 2.29.0 (#​14160)
• fix(cdn): Ensure _sentryModuleMetadata is not mangled (#​14344)
• fix(core): Set sentry.source attribute to custom when calling span.updateName on SentrySpan (#​14251)
• fix(mongo): rewrite Buffer as ? during serialization (#​14071)
• fix(replay): Remove replay id from DSC on expired sessions (#​14342)
• ref(profiling) Fix electron crash (#​14216)
• ref(types): Deprecate Request type in favor of RequestEventData (#​14317)
• ref(utils): Stop setting transaction in requestDataIntegration (#​14306)
• ref(vue): Reduce bundle size for starting application render span (#​14275)

v8.38.0

Compare Source

• docs: Improve docstrings for node otel integrations (#​14217)
• feat(browser): Add moduleMetadataIntegration lazy loading support (#​13817)
• feat(core): Add trpc path to context in trpcMiddleware (#​14218)
• feat(deps): Bump @​opentelemetry/instrumentation-amqplib from 0.42.0 to 0.43.0 (#​14230)
• feat(deps): Bump @​sentry/cli from 2.37.0 to 2.38.2 (#​14232)
• feat(node): Add knex integration (#​13526)
• feat(node): Add tedious integration (#​13486)
• feat(utils): Single implementation to fetch debug ids (#​14199)
• fix(browser): Avoid recording long animation frame spans starting before their parent span (#​14186)
• fix(node): Include debug_meta with ANR events (#​14203)
• fix(nuxt): Fix dynamic import rollup plugin to work with latest nitro (#​14243)
• fix(react): Support wildcard routes on React Router 6 (#​14205)
• fix(spotlight): Export spotlightBrowserIntegration from the main browser package (#​14208)
• ref(browser): Ensure start time of interaction root and child span is aligned (#​14188)
• ref(nextjs): Make build-time value injection turbopack compatible (#​14081)

Work in this release was contributed by @​grahamhency, @​Zen-cronic, @​gilisho and @​phuctm97. Thank you for your contributions!

v8.37.1

Compare Source

• feat(deps): Bump @​opentelemetry/instrumentation from 0.53.0 to 0.54.0 for @​sentry/opentelemetry (#​14187)

v8.37.0

Compare Source

Important Changes

• feat(nuxt): Add piniaIntegration (#​14138)

The Nuxt SDK now allows you to track Pinia state for captured errors. To enable the Pinia plugin, add the piniaIntegration to your client config:

// sentry.client.config.ts
import { usePinia } from '#imports';

Sentry.init({
  integrations: [
    Sentry.piniaIntegration(usePinia(), {
      /* optional Pinia plugin options */
    }),
  ],
});

• feat: Deprecate metrics API (#​14157)

The Sentry Metrics beta has ended in favour of revisiting metrics in another form at a later date.

This new approach will include different APIs, making the current metrics API unnecessary. This release
deprecates the metrics API with the plan to remove in the next SDK major version. If you currently use the
metrics API in your code, you can safely continue to do so but sent data will no longer be processed by Sentry.

Learn more about the end of the Metrics beta.

Other Changes

• feat(browser): Add http.response_delivery_type attribute to resource spans (#​14056)
• feat(browser): Add skipBrowserExtensionCheck escape hatch option (#​14147)
• feat(deps): Bump @​opentelemetry/instrumentation from 0.53.0 to 0.54.0 (#​14174)
• feat(deps): Bump @​opentelemetry/instrumentation-fastify from 0.40.0 to 0.41.0 (#​14175)
• feat(deps): Bump @​opentelemetry/instrumentation-graphql from 0.43.0 to 0.44.0 (#​14173)
• feat(deps): Bump @​opentelemetry/instrumentation-mongodb from 0.47.0 to 0.48.0 (#​14171)
• feat(deps): Bump @​opentelemetry/propagator-aws-xray from 1.25.1 to 1.26.0 (#​14172)
• feat(nuxt): Add asyncFunctionReExports to define re-exported server functions (#​14104)
• feat(nuxt): Add piniaIntegration (#​14138)
• fix(browser): Avoid recording long task spans starting before their parent span (#​14183)
• fix(core): Ensure errors thrown in async cron jobs bubble up (#​14182)
• fix(core): Silently fail maybeInstrument (#​14140)
• fix(nextjs): Resolve path for dynamic webpack import (#​13751)
• fix(node): Make sure modulesIntegration does not crash esm apps (#​14169)

Work in this release was contributed by @​rexxars. Thank you for your contribution!

v8.36.0

Compare Source

Important Changes

• feat(nextjs/vercel-edge/cloudflare): Switch to OTEL for performance monitoring (#​13889)

With this release, the Sentry Next.js, and Cloudflare SDKs will now capture performance data based on OpenTelemetry.
Some exceptions apply in cases where Next.js captures inaccurate data itself.

NOTE: You may experience minor differences in transaction names in Sentry.
Most importantly transactions for serverside pages router invocations will now be named GET /[param]/my/route instead of /[param]/my/route.
This means that those transactions are now better aligned with the OpenTelemetry semantic conventions.

Other Changes

• deps: Bump bundler plugins and CLI to 2.22.6 and 2.37.0 respectively (#​14050)
• feat(deps): bump @​opentelemetry/instrumentation-aws-sdk from 0.44.0 to 0.45.0 (#​14099)
• feat(deps): bump @​opentelemetry/instrumentation-connect from 0.39.0 to 0.40.0 (#​14101)
• feat(deps): bump @​opentelemetry/instrumentation-express from 0.43.0 to 0.44.0 (#​14102)
• feat(deps): bump @​opentelemetry/instrumentation-fs from 0.15.0 to 0.16.0 (#​14098)
• feat(deps): bump @​opentelemetry/instrumentation-kafkajs from 0.3.0 to 0.4.0 (#​14100)
• feat(nextjs): Add method and url to route handler request data (#​14084)
• feat(node): Add breadcrumbs for child_process and worker_thread (#​13896)
• fix(core): Ensure standalone spans are not sent if SDK is disabled (#​14088)
• fix(nextjs): Await flush in api handlers (#​14023)
• fix(nextjs): Don't leak webpack types into exports (#​14116)
• fix(nextjs): Fix matching logic for file convention type for root level components (#​14038)
• fix(nextjs): Respect directives in value injection loader (#​14083)
• fix(nuxt): Only wrap .mjs entry files in rollup (#​14060)
• fix(nuxt): Re-export all exported bindings (#​14086)
• fix(nuxt): Server-side setup in readme (#​14049)
• fix(profiling-node): Always warn when running on incompatible major version of Node.js (#​14043)
• fix(replay): Fix onError callback (#​14002)
• perf(otel): Only calculate current timestamp once (#​14094)
• test(browser-integration): Add sentry DSN route handler by default (#​14095)

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.