Merge branch 'develop' into cg/JS-1873/sentry-browsertracing-causes-googlebot-rendering-failures

Author: chargome

.agents/skills/bump-size-limit/SKILL.md

@@ -0,0 +1,61 @@
+---
+name: bump-size-limit
+description: Bump size limits in .size-limit.js when the size-limit CI check is failing. Use when the user mentions size limit failures, bundle size checks failing, CI size check errors, or needs to update size-limit thresholds. Also use when the user says "bumpSizeLimit", "fix size limit", "size check failing", or "update bundle size limits".
+---
+
+# Bump Size Limit
+
+When the size-limit GitHub Action fails, it means one or more bundle scenarios exceed their configured byte thresholds in `.size-limit.js`. This skill walks through building, measuring, and bumping only the limits that need it.
+
+## Workflow
+
+### Step 1: Build all packages (including CDN bundles)
+
+A full build is required because size-limit measures the actual compiled artifacts.
+
+```bash
+yarn build
+```
+
+This takes a few minutes. CDN bundles in `packages/browser/build/bundles/` must be up to date — a dev build is not sufficient.
+
+### Step 2: Run the size check in JSON mode
+
+```bash
+yarn test:size-limit
+```
+
+The JSON output is an array of objects. Each object has:
+
+- `name` — the scenario label
+- `passed` — whether it's within the limit
+- `size` — actual size in bytes
+- `sizeLimit` — configured limit in bytes
+
+### Step 3: Identify failed scenarios
+
+Filter for entries where `"passed": false`. These are the only ones that need bumping.
+
+### Step 4: Calculate new limits
+
+For each failed scenario, round the actual size **up to the next full KB** (1 KB = 1000 bytes in this context, matching how size-limit interprets the limits in `.size-limit.js`).
+
+**Example:** If actual size is `129,127` bytes, the new limit is `130 KB` (i.e. 130,000 bytes).
+
+The heuristic is intentionally conservative — it gives just enough headroom without inflating limits unnecessarily.
+
+### Step 5: Update `.size-limit.js`
+
+Open `.size-limit.js` at the repository root and update the `limit` field for each failed scenario. Limits are strings like `'130 KB'`.
+
+Only change limits for scenarios that actually failed. Do not touch passing scenarios.
+
+### Step 6: Verify the fix
+
+Re-run size-limit to confirm everything passes:
+
+```bash
+yarn test:size-limit
+```
+
+If any scenario still fails (e.g., due to rounding edge cases), bump that specific limit by another 1 KB and re-run.

.github/workflows/canary.yml

@@ -69,9 +69,9 @@ jobs:
       fail-fast: false
       matrix:
         include:
-          - test-application: 'angular-20'
+          - test-application: 'angular-21'
             build-command: 'test:build-canary'
-            label: 'angular-20 (next)'
+            label: 'angular-21 (next)'
           - test-application: 'create-react-app'
             build-command: 'test:build-canary'
             label: 'create-react-app (canary)'
@@ -130,7 +130,6 @@ jobs:
         with:
           version: 9.15.9
       - name: Set up Node
-        if: matrix.test-application != 'angular-20'
         uses: actions/setup-node@v6
         with:
           node-version-file: 'dev-packages/e2e-tests/test-applications/${{ matrix.test-application }}/package.json'

agents.toml

@@ -42,6 +42,10 @@ source = "path:.agents/skills/triage-issue"
 name = "upgrade-dep"
 source = "path:.agents/skills/upgrade-dep"
 
+[[skills]]
+name = "bump-size-limit"
+source = "path:.agents/skills/bump-size-limit"
+
 [[skills]]
 name = "upgrade-otel"
 source = "path:.agents/skills/upgrade-otel"

dev-packages/e2e-tests/test-applications/angular-20/package.json

@@ -10,7 +10,6 @@
     "watch": "ng build --watch --configuration development",
     "test": "playwright test",
     "test:build": "pnpm install && pnpm build",
-    "test:build-canary": "pnpm install && pnpm add @angular/animations@next @angular/common@next @angular/compiler@next @angular/core@next @angular/forms@next @angular/platform-browser@next @angular/platform-browser-dynamic@next @angular/router@next && pnpm add -D @angular-devkit/build-angular@next @angular/cli@next @angular/compiler-cli@next && pnpm build",
     "test:assert": "playwright test",
     "clean": "npx rimraf .angular node_modules pnpm-lock.yaml dist"
   },
@@ -48,13 +47,5 @@
   },
   "volta": {
     "extends": "../../package.json"
-  },
-  "sentryTest": {
-    "optionalVariants": [
-      {
-        "build-command": "pnpm test:build-canary",
-        "label": "angular (canary)"
-      }
-    ]
   }
 }

dev-packages/e2e-tests/test-applications/angular-21/package.json

@@ -47,6 +47,7 @@
     "typescript": "~5.9.0"
   },
   "volta": {
+    "node": "22.22.0",
     "extends": "../../package.json"
   },
   "sentryTest": {

dev-packages/e2e-tests/test-applications/nextjs-sourcemaps/assert-build.ts

@@ -1,43 +1,74 @@
+import * as assert from 'assert/strict';
 import {
-  loadSourcemapUploadRecords,
-  assertSourcemapUploadRequests,
-  getArtifactBundleManifests,
-  assertDebugIdPairs,
-  assertSourcemapMappings,
-  assertSourcemapSources,
-  assertArtifactBundleAssembly,
-  getSourcemapUploadSummary,
+  loadMockServerResults,
+  getArtifactBundles,
+  getDebugIdPairs,
+  getSourcemaps,
+  getChunkUploadPosts,
+  getAssembleRequests,
 } from '@sentry-internal/test-utils';
 
-const requests = loadSourcemapUploadRecords();
+const requests = loadMockServerResults();
 
 console.log(`Captured ${requests.length} requests to mock Sentry server:\n`);
 for (const req of requests) {
   console.log(`  ${req.method} ${req.url} (${req.bodySize} bytes)`);
 }
 console.log('');
 
-assertSourcemapUploadRequests(requests, 'fake-auth-token');
+// Auth token is present
+const authenticated = requests.filter(r => r.authorization.includes('fake-auth-token'));
+assert.ok(authenticated.length > 0, 'Expected requests with the configured auth token');
 
-const manifests = getArtifactBundleManifests(requests);
-console.log(`Found ${manifests.length} artifact bundle manifest(s):\n`);
+// Chunk uploads happened
+const chunkPosts = getChunkUploadPosts(requests);
+assert.ok(chunkPosts.length > 0, 'Expected at least one chunk upload POST');
+assert.ok(
+  chunkPosts.some(r => r.bodySize > 0),
+  'Expected at least one chunk upload with a non-empty body',
+);
 
-const debugIdPairs = assertDebugIdPairs(manifests);
-console.log(`Found ${debugIdPairs.length} JS/sourcemap pairs with debug IDs:`);
+// Release endpoint was called
+assert.ok(
+  requests.some(r => r.url?.includes('/releases/')),
+  'Expected at least one request to releases endpoint',
+);
+
+// Artifact bundles have manifests
+const bundles = getArtifactBundles(requests);
+assert.ok(bundles.length > 0, 'Expected at least one artifact bundle with a manifest');
+console.log(`Found ${bundles.length} artifact bundle(s)\n`);
+
+// Debug ID pairs exist and are valid UUIDs
+const debugIdPairs = getDebugIdPairs(bundles);
+assert.ok(debugIdPairs.length > 0, 'Expected at least one JS/sourcemap pair with matching debug IDs');
+
+const uuidRegex = /^[\da-f]{8}-[\da-f]{4}-[\da-f]{4}-[\da-f]{4}-[\da-f]{12}$/i;
 for (const pair of debugIdPairs) {
+  assert.match(pair.debugId, uuidRegex, `Invalid debug ID: ${pair.debugId}`);
   console.log(`  ${pair.debugId}  ${pair.jsUrl}`);
 }
 console.log('');
 
-assertSourcemapMappings(manifests);
-assertSourcemapSources(manifests, /client-page|page\.tsx/);
-assertArtifactBundleAssembly(requests, 'test-project');
+// Sourcemaps have real content
+const sourcemaps = getSourcemaps(bundles);
+assert.ok(
+  sourcemaps.some(s => s.sourcemap.mappings && s.sourcemap.mappings.length > 0),
+  'Expected at least one sourcemap with non-empty mappings',
+);
 
-const summary = getSourcemapUploadSummary(requests, manifests, debugIdPairs);
+// At least one sourcemap references app source files
+assert.ok(
+  sourcemaps.some(s => s.sourcemap.sources?.some(src => /client-page|page\.tsx/.test(src))),
+  'Expected at least one sourcemap referencing app source files',
+);
+
+// Assemble requests reference the correct project
+const assembleReqs = getAssembleRequests(requests);
+assert.ok(assembleReqs.length > 0, 'Expected at least one assemble request');
+for (const req of assembleReqs) {
+  assert.ok(req.assembleBody?.projects?.includes('test-project'), 'Expected assemble request to include test-project');
+  assert.ok((req.assembleBody?.chunks?.length ?? 0) > 0, 'Expected assemble request to have chunk checksums');
+}
 
-console.log('\nAll sourcemap upload assertions passed!');
-console.log(`  - ${summary.totalRequests} total requests captured`);
-console.log(`  - ${summary.chunkUploadPosts} chunk upload POST requests`);
-console.log(`  - ${summary.artifactBundles} artifact bundles with manifests`);
-console.log(`  - ${summary.debugIdPairs} JS/sourcemap pairs with debug IDs`);
-console.log(`  - ${summary.assembleRequests} artifact bundle assemble requests`);
+console.log('All sourcemap upload assertions passed!');

dev-packages/node-core-integration-tests/suites/tracing/requests/fetch-no-trace-propagation/instrument.mjs

@@ -0,0 +1,12 @@
+import * as Sentry from '@sentry/node-core';
+import { loggingTransport } from '@sentry-internal/node-integration-tests';
+import { setupOtel } from '../../../../utils/setupOtel.js';
+
+const client = Sentry.init({
+  dsn: 'https://public@dsn.ingest.sentry.io/1337',
+  release: '1.0',
+  integrations: [Sentry.nativeNodeFetchIntegration({ tracePropagation: false })],
+  transport: loggingTransport,
+});
+
+setupOtel(client);

dev-packages/node-core-integration-tests/suites/tracing/requests/fetch-no-trace-propagation/scenario.mjs

@@ -0,0 +1,12 @@
+import * as Sentry from '@sentry/node-core';
+
+async function run() {
+  Sentry.addBreadcrumb({ message: 'manual breadcrumb' });
+
+  await fetch(`${process.env.SERVER_URL}/api/v0`).then(res => res.text());
+  await fetch(`${process.env.SERVER_URL}/api/v1`).then(res => res.text());
+
+  Sentry.captureException(new Error('foo'));
+}
+
+run();

dev-packages/node-core-integration-tests/suites/tracing/requests/fetch-no-trace-propagation/test.ts

@@ -0,0 +1,66 @@
+import { createTestServer } from '@sentry-internal/test-utils';
+import { describe, expect } from 'vitest';
+import { createEsmAndCjsTests } from '../../../../utils/runner';
+
+describe('outgoing fetch with tracePropagation disabled', () => {
+  createEsmAndCjsTests(__dirname, 'scenario.mjs', 'instrument.mjs', (createRunner, test) => {
+    test('does not inject trace headers but still creates breadcrumbs', async () => {
+      expect.assertions(5);
+
+      const [SERVER_URL, closeTestServer] = await createTestServer()
+        .get('/api/v0', headers => {
+          expect(headers['sentry-trace']).toBeUndefined();
+          expect(headers['baggage']).toBeUndefined();
+        })
+        .get('/api/v1', headers => {
+          expect(headers['sentry-trace']).toBeUndefined();
+          expect(headers['baggage']).toBeUndefined();
+        })
+        .start();
+
+      await createRunner()
+        .withEnv({ SERVER_URL })
+        .expect({
+          event: {
+            breadcrumbs: [
+              {
+                message: 'manual breadcrumb',
+                timestamp: expect.any(Number),
+              },
+              {
+                category: 'http',
+                data: {
+                  'http.method': 'GET',
+                  url: `${SERVER_URL}/api/v0`,
+                  status_code: 200,
+                },
+                timestamp: expect.any(Number),
+                type: 'http',
+              },
+              {
+                category: 'http',
+                data: {
+                  'http.method': 'GET',
+                  url: `${SERVER_URL}/api/v1`,
+                  status_code: 200,
+                },
+                timestamp: expect.any(Number),
+                type: 'http',
+              },
+            ],
+            exception: {
+              values: [
+                {
+                  type: 'Error',
+                  value: 'foo',
+                },
+              ],
+            },
+          },
+        })
+        .start()
+        .completed();
+      closeTestServer();
+    });
+  });
+});

dev-packages/node-core-integration-tests/suites/tracing/requests/http-no-trace-propagation/instrument.mjs

@@ -0,0 +1,12 @@
+import * as Sentry from '@sentry/node-core';
+import { loggingTransport } from '@sentry-internal/node-integration-tests';
+import { setupOtel } from '../../../../utils/setupOtel.js';
+
+const client = Sentry.init({
+  dsn: 'https://public@dsn.ingest.sentry.io/1337',
+  release: '1.0',
+  integrations: [Sentry.httpIntegration({ tracePropagation: false, spans: false })],
+  transport: loggingTransport,
+});
+
+setupOtel(client);