Merge remote-tracking branch 'upstream/develop' into timfish/feat/new-anr

Author: timfish

.cursor/rules/publishing_release.mdc

@@ -3,6 +3,7 @@ description: Use this rule if you are looking to publish a release for the Sentr
 globs:
 alwaysApply: false
 ---
+
 # Publishing a Release
 
 Use these guidelines when publishing a new Sentry JavaScript SDK release.

.cursor/rules/sdk_dependency_upgrades.mdc

@@ -0,0 +1,163 @@
+---
+description: Use this rule if you are looking to upgrade a dependency in the Sentry JavaScript SDKs
+globs:
+alwaysApply: false
+---
+# Yarn v1 Dependency Upgrades
+
+## Upgrade Process
+
+### Dependency Analysis
+
+```bash
+# Check dependency tree
+yarn list --depth=0
+
+# Find why package is installed
+yarn why [package-name]
+```
+
+### Root Workspace vs. Package Dependencies
+
+**CRITICAL**: Understand the difference between dependency types:
+
+- **Root Workspace dependencies**: Shared dev tools, build tools, testing frameworks
+- **Package dependencies**: Package-specific runtime and dev dependencies
+- Always check if dependency should be in root workspace or package level
+
+### Upgrade Dependencies
+
+**MANDATORY**: Only ever upgrade a single package at a time.
+
+**CRITICAL RULE**: If a dependency is not defined in `package.json` anywhere, the upgrade must be run in the root workspace as the `yarn.lock` file is contained there.
+
+```bash
+# Upgrade specific package to latest compatible version
+npx yarn-update-dependency@latest [package-name]
+```
+
+Avoid upgrading top-level dependencies (defined in `package.json`), especially if they are used for tests. If you are going to upgrade them, ask the user before proceeding.
+
+**REQUIREMENT**: If a `package.json` file is updated, make sure it has a new line at the end.
+
+#### CRITICAL: OpenTelemetry Dependency Constraint
+
+**STOP UPGRADE IMMEDIATELY** if upgrading any dependency with `opentelemetry` in the name and the new version or any of its dependencies uses forbidden OpenTelemetry versions.
+
+**FORBIDDEN VERSION PATTERNS:**
+- `2.x.x` versions (e.g., `2.0.0`, `2.1.0`)
+- `0.2xx.x` versions (e.g., `0.200.0`, `0.201.0`)
+
+When upgrading OpenTelemetry dependencies:
+1. Check the dependency's `package.json` after upgrade
+2. Verify the package itself doesn't use forbidden version patterns
+3. Verify none of its dependencies use `@opentelemetry/*` packages with forbidden version patterns
+4. **Example**: `@opentelemetry/instrumentation-pg@0.52.0` is forbidden because it bumped to core `2.0.0` and instrumentation `0.200.0`
+5. If forbidden OpenTelemetry versions are detected, **ABORT the upgrade** and notify the user that this upgrade cannot proceed due to OpenTelemetry v2+ compatibility constraints
+
+#### CRITICAL: E2E Test Dependencies
+
+**DO NOT UPGRADE** the major version of dependencies in test applications where the test name explicitly mentions a dependency version.
+
+**RULE**: For `dev-packages/e2e-tests/test-applications/*`, if the test directory name mentions a specific version (e.g., `nestjs-8`), do not upgrade that dependency beyond the mentioned major version.
+
+**Example**: Do not upgrade the nestjs version of `dev-packages/e2e-tests/test-applications/nestjs-8` to nestjs 9 or above because the test name mentions nestjs 8.
+
+## Safety Protocols
+
+### Pre-Upgrade Checklist
+
+**COMPLETE ALL STEPS** before proceeding with any upgrade:
+
+1. **Backup**: Ensure clean git state or create backup branch
+2. **CI Status**: Verify all tests are passing
+3. **Lockfile works**: Confirm `yarn.lock` is in a good state (no merge conflicts)
+4. **OpenTelemetry Check**: For OpenTelemetry dependencies, verify no forbidden version patterns (`2.x.x` or `0.2xx.x`) will be introduced
+
+### Post-Upgrade Verification
+
+```bash
+# rebuild everything
+yarn install
+
+# Build the project
+yarn build:dev
+
+# Make sure dependencies are deduplicated
+yarn dedupe-deps:fix
+
+# Fix any linting issues
+yarn fix
+
+# Check circular dependencies
+yarn circularDepCheck
+```
+
+## Version Management
+
+### Pinning Strategies
+
+- **Exact versions** (`1.2.3`): Use for critical dependencies
+- **Caret versions** (`^1.2.3`): Allow minor updates only
+- **Latest tag**: Avoid as much as possible other than in certain testing and development scenarios
+
+## Troubleshooting
+
+- **Yarn Version**: Run `yarn --version` - must be yarn v1 (not v2/v3/v4)
+- **Lockfile Issues**: Verify yarn.lock exists and is properly maintained. Fix merge conflicts by running `yarn install`
+
+## Best Practices
+
+### Security Audits
+
+```bash
+# Check for security vulnerabilities
+yarn audit
+
+# Fix automatically fixable vulnerabilities
+yarn audit fix
+
+# Install security patches only
+yarn upgrade --security-only
+```
+
+### Check for Outdated Dependencies
+
+```bash
+# Check all outdated dependencies
+yarn outdated
+
+# Check specific package
+yarn outdated [package-name]
+
+# Check dependencies in specific workspace
+yarn workspace [workspace-name] outdated
+```
+
+### Using yarn info for Dependency Inspection
+
+Use `yarn info` to inspect package dependencies before and after upgrades:
+
+```bash
+# Check current version and dependencies
+yarn info <package-name>
+
+# Check specific version dependencies
+yarn info <package-name>@<version>
+
+# Check dependencies field specifically
+yarn info <package-name>@<version> dependencies
+
+# Check all available versions
+yarn info <package-name> versions
+```
+
+The `yarn info` command provides detailed dependency information without requiring installation, making it particularly useful for:
+- Verifying OpenTelemetry packages don't introduce forbidden version patterns (`2.x.x` or `0.2xx.x`)
+- Checking what dependencies a package will bring in before upgrading
+- Understanding package version history and compatibility
+
+### Documentation
+
+- Update README or code comments if dependency change affects usage of the SDK or its integrations
+- Notify team of significant changes

.github/ISSUE_TEMPLATE/bug.yml

@@ -37,6 +37,7 @@ body:
         - '@sentry/node - koa'
         - '@sentry/node - hapi'
         - '@sentry/node - connect'
+        - '@sentry/node-native'
         - '@sentry/angular'
         - '@sentry/astro'
         - '@sentry/aws-serverless'

dev-packages/browser-integration-tests/suites/tracing/metrics/web-vitals-cls-standalone-spans/test.ts

@@ -68,6 +68,7 @@ sentryTest('captures a "GOOD" CLS vital with its source as a standalone span', a
       transaction: expect.stringContaining('index.html'),
       'user_agent.original': expect.stringContaining('Chrome'),
       'sentry.pageload.span_id': expect.stringMatching(/[a-f0-9]{16}/),
+      'cls.source.1': expect.stringContaining('body > div#content > p'),
     },
     description: expect.stringContaining('body > div#content > p'),
     exclusive_time: 0,
@@ -136,6 +137,7 @@ sentryTest('captures a "MEH" CLS vital with its source as a standalone span', as
       transaction: expect.stringContaining('index.html'),
       'user_agent.original': expect.stringContaining('Chrome'),
       'sentry.pageload.span_id': expect.stringMatching(/[a-f0-9]{16}/),
+      'cls.source.1': expect.stringContaining('body > div#content > p'),
     },
     description: expect.stringContaining('body > div#content > p'),
     exclusive_time: 0,
@@ -202,6 +204,7 @@ sentryTest('captures a "POOR" CLS vital with its source as a standalone span.',
       transaction: expect.stringContaining('index.html'),
       'user_agent.original': expect.stringContaining('Chrome'),
       'sentry.pageload.span_id': expect.stringMatching(/[a-f0-9]{16}/),
+      'cls.source.1': expect.stringContaining('body > div#content > p'),
     },
     description: expect.stringContaining('body > div#content > p'),
     exclusive_time: 0,

dev-packages/e2e-tests/test-applications/create-remix-app-express/package.json

@@ -48,6 +48,7 @@
     "eslint-plugin-react-hooks": "^4.6.0",
     "tsx": "4.7.2",
     "typescript": "^5.1.6",
+    "vite": "^5.4.11",
     "vite-tsconfig-paths": "^4.2.1"
   },
   "volta": {

dev-packages/e2e-tests/test-applications/create-remix-app-v2/package.json

@@ -30,7 +30,8 @@
     "@types/react-dom": "^18.2.34",
     "@types/prop-types": "15.7.7",
     "eslint": "^8.38.0",
-    "typescript": "^5.1.6"
+    "typescript": "^5.1.6",
+    "vite": "^5.4.11"
   },
   "resolutions": {
     "@types/react": "18.2.22"

dev-packages/e2e-tests/test-applications/nextjs-15/tests/ai-test.test.ts

@@ -21,7 +21,7 @@ test('should create AI spans with correct attributes', async ({ page }) => {
   // TODO: For now, this is sadly not fully working - the monkey patching of the ai package is not working
   // because of this, only spans that are manually opted-in at call time will be captured
   // this may be fixed by https://github.com/vercel/ai/pull/6716 in the future
-  const aiPipelineSpans = spans.filter(span => span.op === 'ai.pipeline.generate_text');
+  const aiPipelineSpans = spans.filter(span => span.op === 'gen_ai.invoke_agent');
   const aiGenerateSpans = spans.filter(span => span.op === 'gen_ai.generate_text');
   const toolCallSpans = spans.filter(span => span.op === 'gen_ai.execute_tool');
 

dev-packages/node-integration-tests/suites/tracing/amqplib/test.ts

@@ -30,7 +30,7 @@ describe('amqplib auto-instrumentation', () => {
   });
 
   createEsmAndCjsTests(__dirname, 'scenario.mjs', 'instrument.mjs', (createTestRunner, test) => {
-    test('should be able to send and receive messages', async () => {
+    test('should be able to send and receive messages', { timeout: 60_000 }, async () => {
       await createTestRunner()
         .withDockerCompose({
           workingDirectory: [__dirname],

dev-packages/node-integration-tests/suites/tracing/vercelai/test.ts

@@ -26,11 +26,11 @@ describe('Vercel AI integration', () => {
           'gen_ai.usage.output_tokens': 20,
           'gen_ai.usage.total_tokens': 30,
           'operation.name': 'ai.generateText',
-          'sentry.op': 'ai.pipeline.generate_text',
+          'sentry.op': 'gen_ai.invoke_agent',
           'sentry.origin': 'auto.vercelai.otel',
         },
         description: 'generateText',
-        op: 'ai.pipeline.generate_text',
+        op: 'gen_ai.invoke_agent',
         origin: 'auto.vercelai.otel',
         status: 'ok',
       }),
@@ -83,11 +83,11 @@ describe('Vercel AI integration', () => {
           'gen_ai.usage.output_tokens': 20,
           'gen_ai.usage.total_tokens': 30,
           'operation.name': 'ai.generateText',
-          'sentry.op': 'ai.pipeline.generate_text',
+          'sentry.op': 'gen_ai.invoke_agent',
           'sentry.origin': 'auto.vercelai.otel',
         },
         description: 'generateText',
-        op: 'ai.pipeline.generate_text',
+        op: 'gen_ai.invoke_agent',
         origin: 'auto.vercelai.otel',
         status: 'ok',
       }),
@@ -140,11 +140,11 @@ describe('Vercel AI integration', () => {
           'gen_ai.usage.output_tokens': 25,
           'gen_ai.usage.total_tokens': 40,
           'operation.name': 'ai.generateText',
-          'sentry.op': 'ai.pipeline.generate_text',
+          'sentry.op': 'gen_ai.invoke_agent',
           'sentry.origin': 'auto.vercelai.otel',
         },
         description: 'generateText',
-        op: 'ai.pipeline.generate_text',
+        op: 'gen_ai.invoke_agent',
         origin: 'auto.vercelai.otel',
         status: 'ok',
       }),
@@ -220,11 +220,11 @@ describe('Vercel AI integration', () => {
           'gen_ai.usage.output_tokens': 20,
           'gen_ai.usage.total_tokens': 30,
           'operation.name': 'ai.generateText',
-          'sentry.op': 'ai.pipeline.generate_text',
+          'sentry.op': 'gen_ai.invoke_agent',
           'sentry.origin': 'auto.vercelai.otel',
         },
         description: 'generateText',
-        op: 'ai.pipeline.generate_text',
+        op: 'gen_ai.invoke_agent',
         origin: 'auto.vercelai.otel',
         status: 'ok',
       }),
@@ -280,11 +280,11 @@ describe('Vercel AI integration', () => {
           'gen_ai.usage.output_tokens': 20,
           'gen_ai.usage.total_tokens': 30,
           'operation.name': 'ai.generateText',
-          'sentry.op': 'ai.pipeline.generate_text',
+          'sentry.op': 'gen_ai.invoke_agent',
           'sentry.origin': 'auto.vercelai.otel',
         },
         description: 'generateText',
-        op: 'ai.pipeline.generate_text',
+        op: 'gen_ai.invoke_agent',
         origin: 'auto.vercelai.otel',
         status: 'ok',
       }),
@@ -341,11 +341,11 @@ describe('Vercel AI integration', () => {
           'gen_ai.usage.output_tokens': 25,
           'gen_ai.usage.total_tokens': 40,
           'operation.name': 'ai.generateText',
-          'sentry.op': 'ai.pipeline.generate_text',
+          'sentry.op': 'gen_ai.invoke_agent',
           'sentry.origin': 'auto.vercelai.otel',
         },
         description: 'generateText',
-        op: 'ai.pipeline.generate_text',
+        op: 'gen_ai.invoke_agent',
         origin: 'auto.vercelai.otel',
         status: 'ok',
       }),

packages/browser-utils/src/metrics/cls.ts

@@ -106,6 +106,14 @@ function sendStandaloneClsSpan(clsValue: number, entry: LayoutShift | undefined,
     'sentry.pageload.span_id': pageloadSpanId,
   };
 
+  // Add CLS sources as span attributes to help with debugging layout shifts
+  // See: https://developer.mozilla.org/en-US/docs/Web/API/LayoutShift/sources
+  if (entry?.sources) {
+    entry.sources.forEach((source, index) => {
+      attributes[`cls.source.${index + 1}`] = htmlTreeAsString(source.node);
+    });
+  }
+
   const span = startStandaloneWebVitalSpan({
     name,
     transaction: routeName,