meta(changelog): Update changelog for 8.36.0

.github/dependabot.yml

@@ -13,13 +13,10 @@ updates:
     schedule:
       interval: 'weekly'
     allow:
-      - dependency-name: "@sentry/cli"
-      - dependency-name: "@sentry/vite-plugin"
-      - dependency-name: "@sentry/webpack-plugin"
-      - dependency-name: "@sentry/rollup-plugin"
-      - dependency-name: "@sentry/esbuild-plugin"
+      - dependency-name: "@sentry/*"
       - dependency-name: "@opentelemetry/*"
       - dependency-name: "@prisma/instrumentation"
+      - dependency-name: "opentelemetry-instrumentation-remix"
     versioning-strategy: increase
     commit-message:
       prefix: feat

.github/dependency-review-config.yml

@@ -0,0 +1,7 @@
+fail-on-severity: 'high'
+allow-ghsas:
+  # dependency review does not allow specific file exclusions
+  # we use an older version of NextJS in our tests and thus need to 
+  # exclude this
+  # once our minimum supported version is over 14.1.1 this can be removed
+  - GHSA-fr5h-rqp8-mj6g

.github/workflows/build.yml

@@ -437,7 +437,7 @@ jobs:
         with:
           node-version-file: 'package.json'
       - name: Set up Deno
-        uses: denoland/setup-deno@v1.5.1
+        uses: denoland/setup-deno@v2.0.1
         with:
           deno-version: v1.38.5
       - name: Restore caches
@@ -858,7 +858,7 @@ jobs:
     if: always() && needs.job_e2e_prepare.result == 'success'
     needs: [job_get_metadata, job_build, job_e2e_prepare]
     runs-on: ubuntu-20.04
-    timeout-minutes: 10
+    timeout-minutes: 15
     env:
       # We just use a dummy DSN here, only send to the tunnel anyhow
       E2E_TEST_DSN: 'https://username@domain/123'
@@ -904,6 +904,7 @@ jobs:
             'nextjs-13',
             'nextjs-14',
             'nextjs-15',
+            'nextjs-turbo',
             'nextjs-t3',
             'react-17',
             'react-19',
@@ -1018,12 +1019,12 @@ jobs:
 
       - name: Build E2E app
         working-directory: dev-packages/e2e-tests/test-applications/${{ matrix.test-application }}
-        timeout-minutes: 5
+        timeout-minutes: 7
         run: pnpm ${{ matrix.build-command || 'test:build' }}
 
       - name: Run E2E test
         working-directory: dev-packages/e2e-tests/test-applications/${{ matrix.test-application }}
-        timeout-minutes: 5
+        timeout-minutes: 10
         run: pnpm test:assert
 
       - name: Upload Playwright Traces
@@ -1035,14 +1036,20 @@ jobs:
           overwrite: true
           retention-days: 7
 
+      - name: Pre-process E2E Test Dumps
+        if: always()
+        run: |
+          node ./scripts/normalize-e2e-test-dump-transaction-events.js
+
       - name: Upload E2E Test Event Dumps
         uses: actions/upload-artifact@v4
         if: always()
         with:
-          name: playwright-event-dumps-job_e2e_playwright_tests-${{ matrix.test-application }}
+          name: E2E Test Dump (${{ matrix.label || matrix.test-application }})
           path: dev-packages/e2e-tests/test-applications/${{ matrix.test-application }}/event-dumps
           overwrite: true
           retention-days: 7
+          if-no-files-found: ignore
 
       - name: Upload test results to Codecov
         if: cancelled() == false
@@ -1063,7 +1070,7 @@ jobs:
       github.actor != 'dependabot[bot]'
     needs: [job_get_metadata, job_build, job_e2e_prepare]
     runs-on: ubuntu-20.04
-    timeout-minutes: 10
+    timeout-minutes: 15
     env:
       E2E_TEST_AUTH_TOKEN: ${{ secrets.E2E_TEST_AUTH_TOKEN }}
       E2E_TEST_DSN: ${{ secrets.E2E_TEST_DSN }}
@@ -1083,10 +1090,6 @@ jobs:
             'react-send-to-sentry',
             'node-express-send-to-sentry',
             'debug-id-sourcemaps',
-            'nextjs-app-dir',
-            'nextjs-13',
-            'nextjs-14',
-            'nextjs-15',
           ]
         build-command:
           - false
@@ -1125,6 +1128,12 @@ jobs:
           - test-application: 'nextjs-15'
             build-command: 'test:build-latest'
             label: 'nextjs-15 (latest)'
+          - test-application: 'nextjs-turbo'
+            build-command: 'test:build-canary'
+            label: 'nextjs-turbo (canary)'
+          - test-application: 'nextjs-turbo'
+            build-command: 'test:build-latest'
+            label: 'nextjs-turbo (latest)'
 
     steps:
       - name: Check out current commit (${{ needs.job_get_metadata.outputs.commit_label }})
@@ -1176,14 +1185,29 @@ jobs:
 
       - name: Build E2E app
         working-directory: dev-packages/e2e-tests/test-applications/${{ matrix.test-application }}
-        timeout-minutes: 5
+        timeout-minutes: 7
         run: pnpm ${{ matrix.build-command || 'test:build' }}
 
       - name: Run E2E test
         working-directory: dev-packages/e2e-tests/test-applications/${{ matrix.test-application }}
-        timeout-minutes: 5
+        timeout-minutes: 10
         run: pnpm ${{ matrix.assert-command || 'test:assert' }}
 
+      - name: Pre-process E2E Test Dumps
+        if: always()
+        run: |
+          node ./scripts/normalize-e2e-test-dump-transaction-events.js
+
+      - name: Upload E2E Test Event Dumps
+        uses: actions/upload-artifact@v4
+        if: always()
+        with:
+          name: E2E Test Dump (${{ matrix.label || matrix.test-application }})
+          path: dev-packages/e2e-tests/test-applications/${{ matrix.test-application }}/event-dumps
+          overwrite: true
+          retention-days: 7
+          if-no-files-found: ignore
+
       - name: Deploy Astro to Cloudflare
         uses: cloudflare/pages-action@v1
         if: matrix.test-application == 'cloudflare-astro'
@@ -1210,7 +1234,7 @@ jobs:
       )
     needs: [job_get_metadata, job_build, job_e2e_prepare]
     runs-on: ubuntu-20.04
-    timeout-minutes: 10
+    timeout-minutes: 15
     env:
       E2E_TEST_AUTH_TOKEN: ${{ secrets.E2E_TEST_AUTH_TOKEN }}
       E2E_TEST_DSN: ${{ secrets.E2E_TEST_DSN }}
@@ -1282,12 +1306,12 @@ jobs:
 
       - name: Build E2E app
         working-directory: dev-packages/e2e-tests/test-applications/${{ matrix.test-application }}
-        timeout-minutes: 5
+        timeout-minutes: 7
         run: yarn ${{ matrix.build-command || 'test:build' }}
 
       - name: Run E2E test
         working-directory: dev-packages/e2e-tests/test-applications/${{ matrix.test-application }}
-        timeout-minutes: 5
+        timeout-minutes: 10
         run: yarn test:assert
 
   job_required_jobs_passed:
@@ -1321,48 +1345,6 @@ jobs:
         run: |
           echo "One of the dependent jobs have failed. You may need to re-run it." && exit 1
 
-  overhead_metrics:
-    name: Overhead metrics
-    needs: [job_get_metadata, job_build]
-    runs-on: ubuntu-20.04
-    timeout-minutes: 30
-    if: |
-      contains(github.event.pull_request.labels.*.name, 'ci-overhead-measurements')
-    steps:
-      - name: Check out current commit (${{ needs.job_get_metadata.outputs.commit_label }})
-        uses: actions/checkout@v4
-        with:
-          ref: ${{ env.HEAD_COMMIT }}
-      - name: Set up Node
-        uses: actions/setup-node@v4
-        with:
-          node-version-file: 'package.json'
-      - name: Restore caches
-        uses: ./.github/actions/restore-cache
-        with:
-          dependency_cache_key: ${{ needs.job_build.outputs.dependency_cache_key }}
-
-      - name: Collect
-        run: yarn ci:collect
-        working-directory: dev-packages/overhead-metrics
-
-      - name: Process
-        id: process
-        run: yarn ci:process
-        working-directory: dev-packages/overhead-metrics
-        # Don't run on forks - the PR comment cannot be added.
-        if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository
-        env:
-          GITHUB_TOKEN: ${{ github.token }}
-
-      - name: Upload results
-        uses: actions/upload-artifact@v4
-        if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository
-        with:
-          name: ${{ steps.process.outputs.artifactName }}
-          path: ${{ steps.process.outputs.artifactPath }}
-          retention-days: 7
-
   job_compile_bindings_profiling_node:
     name: Compile & Test Profiling Bindings (v${{ matrix.node }}) ${{ matrix.target_platform || matrix.os }}, ${{ matrix.node || matrix.container }}, ${{ matrix.arch || matrix.container }}, ${{ contains(matrix.container, 'alpine') && 'musl' || 'glibc'  }}
     needs: [job_get_metadata, job_build]

.github/workflows/canary.yml

@@ -96,6 +96,12 @@ jobs:
           - test-application: 'nextjs-15'
             build-command: 'test:build-latest'
             label: 'nextjs-15 (latest)'
+          - test-application: 'nextjs-turbo'
+            build-command: 'test:build-canary'
+            label: 'nextjs-turbo (canary)'
+          - test-application: 'nextjs-turbo'
+            build-command: 'test:build-latest'
+            label: 'nextjs-turbo (latest)'
           - test-application: 'react-create-hash-router'
             build-command: 'test:build-canary'
             label: 'react-create-hash-router (canary)'
@@ -140,7 +146,7 @@ jobs:
 
       - name: Build E2E app
         working-directory: dev-packages/e2e-tests/test-applications/${{ matrix.test-application }}
-        timeout-minutes: 5
+        timeout-minutes: 7
         run: yarn ${{ matrix.build-command }}
 
       - name: Run E2E test

.github/workflows/codeql-analysis.yml

@@ -33,6 +33,8 @@ jobs:
   analyze:
     name: Analyze
     runs-on: ubuntu-latest
+    # Skip for pushes from dependabot, which is not supported
+    if: github.event_name == 'pull_request' || github.actor != 'dependabot[bot]'
 
     strategy:
       fail-fast: false
@@ -48,7 +50,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@v3
         with:
           config-file: ./.github/codeql/codeql-config.yml
           queries: security-extended
@@ -61,7 +63,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v2
+        uses: github/codeql-action/autobuild@v3
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions
@@ -75,4 +77,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@v3

.size-limit.js

@@ -224,7 +224,7 @@ module.exports = [
     import: createImport('init'),
     ignore: ['next/router', 'next/constants'],
     gzip: true,
-    limit: '39 KB',
+    limit: '39.1 KB',
   },
   // SvelteKit SDK (ESM)
   {

CHANGELOG.md

@@ -10,6 +10,56 @@
 
 - "You miss 100 percent of the chances you don't take. — Wayne Gretzky" — Michael Scott
 
+## 8.36.0
+
+### Important Changes
+
+- **feat(nuxt): Add Sentry Pinia plugin ([#14047](https://github.com/getsentry/sentry-javascript/pull/14047))**
+
+The Nuxt SDK now allows you to track Pinia state for captured errors. To enable the Pinia plugin, set the `trackPinia` option to `true` in your client config:
+
+```ts
+// sentry.client.config.ts
+
+Sentry.init({
+  trackPinia: true,
+});
+```
+
+Read more about the Pinia plugin in the [Sentry Pinia Documentation](https://docs.sentry.io/platforms/javascript/guides/nuxt/features/pinia/).
+
+- **feat(nextjs/vercel-edge/cloudflare): Switch to OTEL for performance monitoring ([#13889](https://github.com/getsentry/sentry-javascript/pull/13889))**
+
+With this release, the Sentry Next.js, and Cloudflare SDKs will now capture performance data based on OpenTelemetry.
+Some exceptions apply in cases where Next.js captures inaccurate data itself.
+
+NOTE: You may experience minor differences in transaction names in Sentry.
+Most importantly transactions for serverside pages router invocations will now be named `GET /[param]/my/route` instead of `/[param]/my/route`.
+This means that those transactions are now better aligned with the OpenTelemetry semantic conventions.
+
+### Other Changes
+
+- deps: Bump bundler plugins and CLI to 2.22.6 and 2.37.0 respectively ([#14050](https://github.com/getsentry/sentry-javascript/pull/14050))
+- feat(deps): bump @opentelemetry/instrumentation-aws-sdk from 0.44.0 to 0.45.0 ([#14099](https://github.com/getsentry/sentry-javascript/pull/14099))
+- feat(deps): bump @opentelemetry/instrumentation-connect from 0.39.0 to 0.40.0 ([#14101](https://github.com/getsentry/sentry-javascript/pull/14101))
+- feat(deps): bump @opentelemetry/instrumentation-express from 0.43.0 to 0.44.0 ([#14102](https://github.com/getsentry/sentry-javascript/pull/14102))
+- feat(deps): bump @opentelemetry/instrumentation-fs from 0.15.0 to 0.16.0 ([#14098](https://github.com/getsentry/sentry-javascript/pull/14098))
+- feat(deps): bump @opentelemetry/instrumentation-kafkajs from 0.3.0 to 0.4.0 ([#14100](https://github.com/getsentry/sentry-javascript/pull/14100))
+- feat(nextjs): Add method and url to route handler request data ([#14084](https://github.com/getsentry/sentry-javascript/pull/14084))
+- feat(node): Add breadcrumbs for `child_process` and `worker_thread` ([#13896](https://github.com/getsentry/sentry-javascript/pull/13896))
+- fix(core): Ensure standalone spans are not sent if SDK is disabled ([#14088](https://github.com/getsentry/sentry-javascript/pull/14088))
+- fix(nextjs): Await flush in api handlers ([#14023](https://github.com/getsentry/sentry-javascript/pull/14023))
+- fix(nextjs): Don't leak webpack types into exports ([#14116](https://github.com/getsentry/sentry-javascript/pull/14116))
+- fix(nextjs): Fix matching logic for file convention type for root level components ([#14038](https://github.com/getsentry/sentry-javascript/pull/14038))
+- fix(nextjs): Respect directives in value injection loader ([#14083](https://github.com/getsentry/sentry-javascript/pull/14083))
+- fix(nuxt): Only wrap `.mjs` entry files in rollup ([#14060](https://github.com/getsentry/sentry-javascript/pull/14060))
+- fix(nuxt): Re-export all exported bindings ([#14086](https://github.com/getsentry/sentry-javascript/pull/14086))
+- fix(nuxt): Server-side setup in readme ([#14049](https://github.com/getsentry/sentry-javascript/pull/14049))
+- fix(profiling-node): Always warn when running on incompatible major version of Node.js ([#14043](https://github.com/getsentry/sentry-javascript/pull/14043))
+- fix(replay): Fix `onError` callback ([#14002](https://github.com/getsentry/sentry-javascript/pull/14002))
+- perf(otel): Only calculate current timestamp once ([#14094](https://github.com/getsentry/sentry-javascript/pull/14094))
+- test(browser-integration): Add sentry DSN route handler by default ([#14095](https://github.com/getsentry/sentry-javascript/pull/14095))
+
 ## 8.35.0
 
 ### Beta release of the official Nuxt Sentry SDK

dev-packages/browser-integration-tests/loader-suites/loader/noOnLoad/replay/test.ts

@@ -11,14 +11,6 @@ sentryTest('should capture a replay', async ({ getLocalTestUrl, page }) => {
     sentryTest.skip();
   }
 
-  await page.route('https://dsn.ingest.sentry.io/**/*', route => {
-    return route.fulfill({
-      status: 200,
-      contentType: 'application/json',
-      body: JSON.stringify({ id: 'test-id' }),
-    });
-  });
-
   const req = waitForReplayRequest(page);
 
   const url = await getLocalTestUrl({ testDir: __dirname });

dev-packages/browser-integration-tests/loader-suites/loader/noOnLoad/replayError/test.ts

@@ -9,14 +9,6 @@ sentryTest('should capture a replay & attach an error', async ({ getLocalTestUrl
     sentryTest.skip();
   }
 
-  await page.route('https://dsn.ingest.sentry.io/**/*', route => {
-    return route.fulfill({
-      status: 200,
-      contentType: 'application/json',
-      body: JSON.stringify({ id: 'test-id' }),
-    });
-  });
-
   const req = waitForReplayRequest(page);
 
   const url = await getLocalTestUrl({ testDir: __dirname });

dev-packages/browser-integration-tests/loader-suites/loader/noOnLoad/sdkLoadedInMeanwhile/test.ts

@@ -28,7 +28,7 @@ sentryTest('it does not download the SDK if the SDK was loaded in the meanwhile'
     });
   });
 
-  const tmpDir = await getLocalTestUrl({ testDir: __dirname, skipRouteHandler: true });
+  const tmpDir = await getLocalTestUrl({ testDir: __dirname, skipRouteHandler: true, skipDsnRouteHandler: true });
 
   await page.route(`${TEST_HOST}/*.*`, route => {
     const file = route.request().url().split('/').pop();