fix(deps): update sentry-javascript monorepo to v8 (major)

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@sentry/node (source)	~7.118.0 -> ~8.13.0
@sentry/profiling-node (source)	~7.118.0 -> ~8.13.0

---

Release Notes

getsentry/sentry-javascript (@​sentry/node)

v8.13.0

Compare Source

Important Changes

• feat(nestjs): Add Nest SDK This release adds a dedicated SDK for NestJS (@sentry/nestjs)
  in alpha state. The SDK is a drop-in replacement for the Sentry Node SDK (@sentry/node) supporting the same set of
  features. See the docs for how to use the SDK.

Other Changes

• deps: Bump bundler plugins to 2.20.1 (#​12641)
• deps(nextjs): Remove react peer dep and allow rc (#​12670)
• feat: Update OTEL deps (#​12635)
• feat(deps): bump @​prisma/instrumentation from 5.15.0 to 5.15.1 (#​12627)
• feat(node): Add context info for missing instrumentation (#​12639)
• fix(feedback): Improve feedback error message (#​12647)

v8.12.0

Compare Source

Important Changes

• feat(solid): Remove need to pass router hooks to solid integration (breaking)

This release introduces breaking changes to the @sentry/solid package (which is currently out in alpha).

We've made it easier to get started with the solid router integration by removing the need to pass use* hooks
explicitly to solidRouterBrowserTracingIntegration. Import solidRouterBrowserTracingIntegration from
@sentry/solid/solidrouter and add it to Sentry.init

import * as Sentry from '@​sentry/solid';
import { solidRouterBrowserTracingIntegration, withSentryRouterRouting } from '@​sentry/solid/solidrouter';
import { Router } from '@​solidjs/router';

Sentry.init({
  dsn: '__PUBLIC_DSN__',
  integrations: [solidRouterBrowserTracingIntegration()],
  tracesSampleRate: 1.0, //  Capture 100% of the transactions
});

const SentryRouter = withSentryRouterRouting(Router);

• feat(core): Return client from init method (#​12585)

Sentry.init() now returns a client directly, so you don't need to explicitly call getClient() anymore:

const client = Sentry.init();

• feat(nextjs): Add deleteSourcemapsAfterUpload option (#​12457)

This adds an easy way to delete sourcemaps immediately after uploading them:

module.exports = withSentryConfig(nextConfig, {
  sourcemaps: {
    deleteSourcemapsAfterUpload: true,
  },
});

• feat(node): Allow to configure maxSpanWaitDuration (#​12610)

Adds configuration option for the max. duration in seconds that the SDK will wait for parent spans to be finished before
discarding a span. The SDK will automatically clean up spans that have no finished parent after this duration. This is
necessary to prevent memory leaks in case of parent spans that are never finished or otherwise dropped/missing. However,
if you have very long-running spans in your application, a shorter duration might cause spans to be discarded too early.
In this case, you can increase this duration to a value that fits your expected data.

Other Changes

• feat(feedback): Extra check for iPad in screenshot support (#​12593)
• fix(bundle): Ensure CDN bundles do not overwrite window.Sentry (#​12580)
• fix(feedback): Inject preact from feedbackModal into feedbackScreenshot integration (#​12535)
• fix(node): Re-throw errors from koa middleware (#​12609)
• fix(remix): Mark isRemixV2 as optional in exposed types. (#​12614)
• ref(node): Add error message to NodeFetch log (#​12612)

Work in this release was contributed by @​n4bb12. Thank you for your contribution!

v8.11.0

Compare Source

Important Changes

• feat(core): Add parentSpan option to startSpan* APIs (#​12567)

We've made it easier to create a span as a child of a specific span via the startSpan* APIs. This should allow you to
explicitly manage the parent-child relationship of your spans better.

Sentry.startSpan({ name: 'root' }, parent => {
  const span = Sentry.startInactiveSpan({ name: 'xxx', parentSpan: parent });

  Sentry.startSpan({ name: 'xxx', parentSpan: parent }, () => {});

  Sentry.startSpanManual({ name: 'xxx', parentSpan: parent }, () => {});
});

Other Changes

• feat(node): Detect release from more providers (#​12529)
• fix(profiling-node): Use correct getGlobalScope import (#​12564)
• fix(profiling-node) sample timestamps need to be in seconds (#​12563)
• ref: Align @sentry/node exports from framework SDKs. (#​12589)

Bundle size 📦

Path	Size
@​sentry/browser	22.22 KB
@​sentry/browser (incl. Tracing)	33.31 KB
@​sentry/browser (incl. Tracing, Replay)	69.09 KB
@​sentry/browser (incl. Tracing, Replay) - with treeshaking flags	62.41 KB
@​sentry/browser (incl. Tracing, Replay with Canvas)	73.14 KB
@​sentry/browser (incl. Tracing, Replay, Feedback)	85.31 KB
@​sentry/browser (incl. Tracing, Replay, Feedback, metrics)	87.17 KB
@​sentry/browser (incl. metrics)	26.5 KB
@​sentry/browser (incl. Feedback)	38.42 KB
@​sentry/browser (incl. sendFeedback)	26.85 KB
@​sentry/browser (incl. FeedbackAsync)	31.42 KB
@​sentry/react	24.96 KB
@​sentry/react (incl. Tracing)	36.35 KB
@​sentry/vue	26.32 KB
@​sentry/vue (incl. Tracing)	35.16 KB
@​sentry/svelte	22.35 KB
CDN Bundle	23.41 KB
CDN Bundle (incl. Tracing)	35.04 KB
CDN Bundle (incl. Tracing, Replay)	69.17 KB
CDN Bundle (incl. Tracing, Replay, Feedback)	74.34 KB
CDN Bundle - uncompressed	68.76 KB
CDN Bundle (incl. Tracing) - uncompressed	103.61 KB
CDN Bundle (incl. Tracing, Replay) - uncompressed	214.08 KB
CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed	226.67 KB
@​sentry/nextjs (client)	36.23 KB
@​sentry/sveltekit (client)	33.95 KB
@​sentry/node	112.99 KB
@​sentry/node - without tracing	90.4 KB
@​sentry/aws-serverless	99.48 KB

v8.10.0

Compare Source

Important Changes

• feat(remix): Migrate to opentelemetry-instrumentation-remix. (#​12110)

You can now simplify your remix instrumentation by opting-in like this:

const Sentry = require('@​sentry/remix');

Sentry.init({
  dsn: YOUR_DSN
  // opt-in to new auto instrumentation
  autoInstrumentRemix: true,
});

With this setup, you do not need to add e.g. wrapExpressCreateRequestHandler anymore. Additionally, the quality of the
captured data improves. The old way to use @sentry/remix continues to work, but it is encouraged to use the new setup.

Other Changes

• feat(browser): Export thirdPartyErrorFilterIntegration from @sentry/browser (#​12512)
• feat(feedback): Allow passing tags field to any feedback config param (#​12197)
• feat(feedback): Improve screenshot quality for retina displays (#​12487)
• feat(feedback): Screenshots don't resize after cropping (#​12481)
• feat(node) add max lineno and colno limits (#​12514)
• feat(profiling) add global profile context while profiler is running (#​12394)
• feat(react): Add React version to events (#​12390)
• feat(replay): Add url to replay hydration error breadcrumb type (#​12521)
• fix(core): Ensure standalone spans respect sampled flag (#​12533)
• fix(core): Use maxValueLength in extra error data integration (#​12174)
• fix(feedback): Fix scrolling after feedback submission (#​12499)
• fix(feedback): Send feedback rejects invalid responses (#​12518)
• fix(nextjs): Update @​rollup/plugin-commonjs (#​12527)
• fix(node): Ensure status is correct for http server span errors (#​12477)
• fix(node): UnifygetDynamicSamplingContextFromSpan (#​12522)
• fix(profiling): continuous profile chunks should be in seconds (#​12532)
• fix(remix): Add nativeFetch support for accessing request headers (#​12479)
• fix(remix): Export no-op as captureRemixServerException from client SDK (#​12497)
• ref(node) refactor contextlines to use readline (#​12221)

Work in this release was contributed by @​AndreyKovanov and @​kiliman. Thank you for your contributions!

v8.9.2

Compare Source

• fix(profiling): Update exports so types generate properly (#​12469)

v8.9.1

Important changes

• feat(solid): Add Solid SDK

  This release adds a dedicated SDK for Solid JS in alpha state with instrumentation for
  Solid Router and a custom ErrorBoundary. See the
  package README for how to use
  the SDK.

Other changes

• feat(deps): bump @​opentelemetry/instrumentation-express from 0.40.0 to 0.40.1 (#​12438)
• feat(deps): bump @​opentelemetry/instrumentation-mongodb from 0.44.0 to 0.45.0 (#​12439)
• feat(deps): bump @​opentelemetry/propagator-aws-xray from 1.24.1 to 1.25.0 (#​12437)
• feat(nextjs): Allow for suppressing warning about missing global error handler file (#​12369)
• feat(redis): Add cache logic for redis-4 (#​12429)
• feat(replay): Replay Web Vital Breadcrumbs (#​12296)
• fix: Fix types export order (#​12404)
• fix(astro): Ensure server-side exports work correctly (#​12453)
• fix(aws-serverless): Add op to Otel-generated lambda function root span (#​12430)
• fix(aws-serverless): Only auto-patch handler in CJS when loading awslambda-auto (#​12392)
• fix(aws-serverless): Only start root span in Sentry wrapper if Otel didn't wrap handler (#​12407)
• fix(browser): Fix INP span creation & transaction tagging (#​12372)
• fix(nextjs): correct types conditional export ordering (#​12355)
• fix(replay): Fix guard for exception event (#​12441)
• fix(vue): Handle span name assignment for nested routes in VueRouter (#​12398)

Work in this release was contributed by @​soch4n. Thank you for your contribution!

v8.9.0

This release failed to publish correctly, please use 8.9.1 instead.

v8.8.0

Compare Source

• feat: Upgrade OTEL dependencies (#​12388)

This upgrades the OpenTelemetry dependencies to the latest versions and makes OTEL use import-in-the-middle v1.8.0.
This should fix numerous issues with using OTEL instrumentation with ESM.

High level issues fixed with OTEL + ESM:

• incompatibilities with using multiple loaders, commonly encountered while using tsx or similar libraries.
• incompatibilities with libraries that use duplicate namespace exports like date-fns.
• incompatibilities with libraries that use self-referencing namespace imports like openai.
• incompatibilities with dynamic export patterns like exports with function calls.
• ENOENT: no such file or directory bugs that libraries like discord.js
  surface.

If you are still encountering issues with OpenTelemetry instrumentation and ESM, please let us know.

• deps: Bump Sentry bundler plugins to version 2.18.0 (#​12381)
• feat: Add thirdPartyErrorFilterIntegration (#​12267)
• feat(core): Filter out error events with exception values and no stacktraces, values, or types (#​12387)
• feat(core): Ignore additional common but inactionable errors (#​12384)
• feat(deps): Bump @​opentelemetry/propagator-aws-xray from 1.3.1 to 1.24.1 (#​12333)
• feat(deps): Bump @​sentry/cli from 2.31.2 to 2.32.1 (#​12332)
• feat(redis): Support mget command in caching functionality (#​12380)
• feat(vercel-edge): Export core integrations from Vercel edge SDK (#​12308)
• fix(browser): Fix idle span ending (#​12306)
• fix(browser): Fix parenthesis parsing logic for chromium (#​12373)
• fix(browser): Fix types export path for CJS (#​12305)
• fix(feedback): Override TriggerLabel Option (#​12316)
• fix(feedback): Wait for document to be ready before doing autoinject (#​12294)
• fix(nextjs): Fix memory leak (#​12335)
• fix(nextjs): Fix version detection and option insertion logic for clientTraceMetadata option (#​12323)
• fix(nextjs): Update argument name in log message about sentry property on Next.js config object (#​12366)
• fix(node): Do not manually finish / update root Hapi spans. (#​12287)
• fix(node): Fix virtual parent span ID handling & update create-next-app E2E test (#​12368)
• fix(node): Skip capturing Hapi Boom responses v8. (#​12288)
• fix(performance): Fix LCP not getting picked up on initial pageload transaction by setting reportAllChanges to true
  (#​12360)
• fix(replay): Avoid infinite loop of logs (#​12309)
• fix(replay): Ignore old events when manually starting replay (#​12349)
• ref(browser): Ensure idle span ending is consistent (#​12310)
• ref(profiling): unref timer (#​12340)

v8.7.0

Important Changes

• feat(react): Add TanStack Router integration (#​12095)

  This release adds instrumentation for TanStack router with a new tanstackRouterBrowserTracingIntegration in the
  @sentry/react SDK:

  import * as Sentry from '@​sentry/react';
  import { createRouter } from '@​tanstack/react-router';
  
  const router = createRouter({
    // Your router options...
  });
  
  Sentry.init({
    dsn: '___PUBLIC_DSN___',
    integrations: [Sentry.tanstackRouterBrowserTracingIntegration(router)],
    tracesSampleRate: 1.0,
  });

Other Changes

• fix(nextjs): Do not hide sourceMappingURL comment on client when nextConfig.productionBrowserSourceMaps: true is
  set (#​12278)

v8.6.0

Important Changes

• feat(metrics): Add timings method to metrics (#​12226)

  This introduces a new method, metrics.timing(), which can be used in two ways:

  1. With a numeric value, to simplify creating a distribution metric. This will default to second as unit:

  Sentry.metrics.timing('myMetric', 100);

  2. With a callback, which will wrap the duration of the callback. This can accept a sync or async callback. It will
     create an inactive span around the callback and at the end emit a metric with the duration of the span in seconds:

  const returnValue = Sentry.metrics.timing('myMetric', measureThisFunction);

• feat(react): Add Sentry.reactErrorHandler (#​12147)

  This PR introduces Sentry.reactErrorHandler, which you can use in React 19 as follows:

  import * as Sentry from '@​sentry/react';
  import { hydrateRoot } from 'react-dom/client';
  
  ReactDOM.hydrateRoot(
    document.getElementById('root'),
    <React.StrictMode>
      <App />
    </React.StrictMode>,
    {
      onUncaughtError: Sentry.reactErrorHandler(),
      onCaughtError: Sentry.reactErrorHandler((error, errorInfo) => {
        // optional callback if users want custom config.
      }),
    },
  );

  For more details, take a look at the PR. Our
  documentation will be updated soon!

Other Changes

• feat(sveltekit): Add request data to server-side events (#​12254)
• fix(core): Pass in cron monitor config correctly (#​12248)
• fix(nextjs): Don't capture suspense errors in server components (#​12261)
• fix(tracing): Ensure sent spans are limited to 1000 (#​12252)
• ref(core): Use versioned carrier on global object (#​12206)

v8.5.0

Compare Source

Important Changes

• feat(react): Add React 19 to peer deps (#​12207)

This release adds support for React 19 in the @sentry/react SDK package.

• feat(node): Add @sentry/node/preload hook (#​12213)

This release adds a new way to initialize @sentry/node, which allows you to use the SDK with performance
instrumentation even if you cannot call Sentry.init() at the very start of your app.

First, run the SDK like this:

node --require @​sentry/node/preload ./app.js

Now, you can initialize and import the rest of the SDK later or asynchronously:

const express = require('express');
const Sentry = require('@​sentry/node');

const dsn = await getSentryDsn();
Sentry.init({ dsn });

For more details, head over to the
PR Description of the new feature. Our docs will be updated
soon with a new guide.

Other Changes

• feat(browser): Do not include metrics in base CDN bundle (#​12230)
• feat(core): Add startNewTrace API (#​12138)
• feat(core): Allow to pass custom scope to captureFeedback() (#​12216)
• feat(core): Only allow SerializedSession in session envelope items (#​11979)
• feat(nextjs): Use Vercel's waitUntil to defer freezing of Vercel Lambdas (#​12133)
• feat(node): Ensure manual OTEL setup works (#​12214)
• fix(aws-serverless): Avoid minifying Module._resolveFilename in Lambda layer bundle (#​12232)
• fix(aws-serverless): Ensure lambda layer uses default export from ImportInTheMiddle (#​12233)
• fix(browser): Improve browser extension error message check (#​12146)
• fix(browser): Remove optional chaining in INP code (#​12196)
• fix(nextjs): Don't report React postpone errors (#​12194)
• fix(nextjs): Use global scope for generic event filters (#​12205)
• fix(node): Add origin to redis span (#​12201)
• fix(node): Change import of @prisma/instrumentation to use default import (#​12185)
• fix(node): Only import inspector asynchronously (#​12231)
• fix(replay): Update matcher for hydration error detection to new React docs (#​12209)
• ref(profiling-node): Add warning when using non-LTS node (#​12211)

v8.4.0

Compare Source

Important Changes

• feat(nextjs): Trace pageloads in App Router (#​12157)

If you are using Next.js version 14.3.0-canary.64 or above, the Sentry Next.js SDK will now trace clientside pageloads
with React Server Components. This means, that client-side errors like
Error: An error occurred in the Server Components render., which previously didn't give you much information on how
that error was caused, can now be traced back to a specific error in a server component.

• feat(angular): Add Support for Angular 18 (#​12183)

This release guarantees support for Angular 18 with @sentry/angular.

Other Changes

• feat(deps): Bump @​opentelemetry/instrumentation-aws-lambda from 0.41.0 to 0.41.1 (#​12078)
• fix(metrics): Ensure string values are interpreted for metrics (#​12165)

v8.3.0

Compare Source

Important Changes

• Better Node Framework Span Data

This release improves data quality of spans emitted by Express, Fastify, Connect, Koa, Nest.js and Hapi.

• feat(node): Ensure connect spans have better data (#​12130)

• feat(node): Ensure express spans have better data (#​12107)

• feat(node): Ensure fastify spans have better data (#​12106)

• feat(node): Ensure hapi spans have better data (#​12140)

• feat(node): Ensure koa spans have better data (#​12108)

• feat(node): Ensure Nest.js spans have better data (#​12139)

• feat(deps): Bump @​opentelemetry/instrumentation-express from 0.38.0 to 0.39.0 (#​12079)

• feat(node): No-code init via --import=@​sentry/node/init (#​11999)

When using Sentry in ESM mode, you can now use Sentry without manually calling init like this:

 SENTRY_DSN=https://[email protected]/0 node --import=@​sentry/node/init app.mjs

When using CommonJS, you can do:

 SENTRY_DSN=https://[email protected]/0 node --require=@​sentry/node/init app.js

Other Changes

• chore: Align and update MIT license dates (#​12143)
• chore: Resolve or postpone a random assortment of TODOs (#​11977)
• doc(migration): Add entry for runWithAsyncContext (#​12153)
• docs: Add migration docs to point out that default import does not work (#​12100)
• docs(sveltekit): process.env.SENTRY_AUTH_TOKEN (#​12118)
• feat(browser): Ensure browserProfilingIntegration is published to CDN (#​12158)
• feat(google-cloud): Expose ESM build (#​12149)
• feat(nextjs): Ignore Prisma critical dependency warnings (#​12144)
• feat(node): Add app.free_memory info to events (#​12150)
• feat(node): Do not create GraphQL resolver spans by default (#​12097)
• feat(node): Use node: prefix for node built-ins (#​11895)
• feat(replay): Use unwrapped setTimeout to avoid e.g. angular change detection (#​11924)
• fix(core): Add dsn to span envelope header (#​12096)
• fix(feedback): Improve feedback border color in dark-mode, and prevent auto-dark mode when a theme is picked (#​12126)
• fix(feedback): Set optionOverrides to be optional in TS definition (#​12125)
• fix(nextjs): Don't put undefined values in props (#​12131)
• fix(nextjs): Fix legacy configuration method detection for emitting warning (#​12136)
• fix(node): Ensure fetch/http breadcrumbs are created correctly (#​12137)
• fix(node): Update @prisma/instrumentation from 5.13.0 to 5.14.0 (#​12081)
• ref(node): Add log for running in ESM/CommonJS mode (#​12134)
• ref(node): Handle failing hook registration gracefully (#​12135)
• ref(node): Only show instrumentation warning when tracing is enabled (#​12141)

Work in this release contributed by @​pboling. Thank you for your contribution!

v8.2.1

Compare Source

• fix(aws-serverless): Fix build of lambda layer (#​12083)
• fix(nestjs): Broaden nest.js type (#​12076)

v8.2.0

Compare Source

• feat(redis-cache): Create cache-span with prefixed keys (get/set commands) (#​12070)
• feat(core): Add beforeSendSpan hook (#​11886)
• feat(browser): Improve idle span handling (#​12065)
• fix(node): Set transactionName for unsampled spans in httpIntegration (#​12071)
• fix(core): Export Scope interface as Scope (#​12067)
• fix(core): Avoid looking up client for hasTracingEnabled() if possible (#​12066)
• fix(browser): Use consistent timestamps (#​12063)
• fix(node): Fix check for performance integrations (#​12043)
• ref(sveltekit): Warn to delete source maps if Sentry plugin enabled source maps generation (#​12072)

v8.1.0

Compare Source

This release mainly fixes a couple of bugs from the initial 8.0.0 release. In addition to the changes below, we
updated some initially missed points in our migration guides and documentation.

• feat(aws-serverless): Fix tree-shaking for aws-serverless package (#​12017)
• feat(node): Bump opentelemetry instrumentation to latest version (#​12028)
• feat(scope): Bring back lastEventId on isolation scope (#​11951) (#​12022)
• fix(aws-serverless): Export awslambda-auto
• fix(node): Do not warn for missing instrumentation if SDK is disabled (#​12041)
• fix(react): Set dependency-injected functions as early as possible (#​12019)
• fix(react): Warn and fall back gracefully if dependency injected functions are not available (#​12026)
• ref(core): Streamline parseSampleRate utility function (#​12024)
• ref(feedback): Make eventId optional and use lastEventId in report dialog (#​12029)

v8.0.0

Compare Source

Important Changes

• feat(bun): Add Bun Global Unhandled Handlers (#​11960)

The Bun SDK will now capture global unhandled errors.

Other Changes

• feat(node): Log process and thread info on initialisation (#​11972)
• fix(aws-serverless): Include ESM artifacts in package (#​11973)
• fix(browser): Only start http.client spans if there is an active parent span (#​11974)
• fix(feedback): Improve CSS theme variable names and layout (#​11964)
• fix(node): Ensure execArgv are not sent to worker threads (#​11963)
• ref(feedback): Simplify feedback function params (#​11957)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@sentry/[email protected]	environment, unsafe Transitive: filesystem, network, shell	+78	17.2 MB	benvinegar, billyvg, evanpurkhiser, ...8 more

View full report↗︎

[deepsource-io]

Here's the code health analysis summary for commits e2df565..712587d. View details on DeepSource ↗.

Analysis Summary

Analyzer	Status	Summary	Link
JavaScript	✅ Success		View Check ↗
Test coverage	⚠️ Artifact not reported	Timed out: Artifact was never reported	View Check ↗

---

💡 If you’re a repository administrator, you can configure the quality gates from the settings.

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source	CI
Install scripts	npm/@sentry/[email protected]	Install script: install Source: node scripts/check-build.js	orphan: npm/@sentry/[email protected]	🚫

View full report↗︎

Next steps

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/@sentry/[email protected]

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[renovate]

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update. You will not get PRs for any future 8.x releases. But if you manually upgrade to 8.x then Renovate will re-enable minor and patch updates automatically.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.