-
-
Notifications
You must be signed in to change notification settings - Fork 1.7k
meta(changelog): Update changelog for 10.17.0 #17827
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
`GoogleGenerativeAI` could be mistaken for a different SDK, and the package name is also incorrect. It’s best to refer to this as the Google Gen AI SDK, as described in the official documentation: https://cloud.google.com/vertex-ai/generative-ai/docs/sdks/overview . <!-- CURSOR_SUMMARY --> --- > [!NOTE] > Updates CHANGELOG wording to use "Google Gen AI", rename `GoogleGenerativeAI` to `GoogleGenAI`, and correct package from `@google/generative-ai` to `@google/genai`. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 872d223. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY -->
...r Vercel AI gen spans (#17811) This PR fixes a mismatch between ai.telemetry.functionId and gen_ai.function_id. Function ids were ignored unless the span name contained exactly one dot. This caused: - gen_ai.function_id to be missing or inconsistent for valid generation spans. - Mismatch between ai.telemetry.functionId and gen_ai.function_id, making trace exploration and metrics harder to interpret. We now always respect experimental_telemetry.functionId when present, where function id could be set as part of request. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > Always update Vercel AI generate span names and set `gen_ai.function_id` when `experimental_telemetry.functionId` is present, removing the dot-count check. > > - **Core (Vercel AI span processing)**: > - In `packages/core/src/utils/vercel-ai/index.ts` `processGenerateSpan`: > - Remove `name.split('.')` dot-count check; always apply `experimental_telemetry.functionId`. > - When present, append function ID to the operation name and set `gen_ai.function_id`. > - Clarify comments on telemetry function ID usage. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 4b9fa48. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY -->
[Gitflow] Merge master into develop
Not sure if this will also avoid these warnings from security alerts, but it's worth a try.
This is a first step to de-compose the node/node-core `httpIntegration` into multiple composable parts: * `httpServerIntegration` - handles request isolation, sessions, trace continuation, so core Sentry functionality * `httpServerSpansIntegration` - emits `http.server` spans for incoming requests The `httpIntegration` sets these up under the hood, and for now it is not really recommended for users to use these stand-alone (though it is possible if users opt-out of the `httpIntegration`). The reason is to remain backwards compatible with users using/customizing the `httpIntegration`. We can revisit this in a later major. These new integrations have a much slimmer API surface, and also allows us to avoid having to prefix all the options etc. with what they are about (e.g. `incomingXXX` or `outgoingXXX`). It also means you can actually tree-shake certain features (span creation) out, in theory. Outgoing request handling remains the same for the time being, once we decoupled this from the otel http instrumentation we can do something similar there. The biggest challenge was how to make it possible to de-compose this without having to monkey patch the http server twice. I opted to allow to add callbacks to the `httpServerIntegration` which it will call on any request. So the `httpServerSpansIntegration` can register a callback for itself and plug into this with little overhead.
Spotted that we still documented that the root span does not go through `beforeSendSpan`. This is outdated. Since v9, we also pass the root span to the callback.
...eLayerExtension` default (#17817) The default setting for `useLayerExtension` now considers the `http_proxy` environment variable. When `http_proxy` is set, `useLayerExtension` will be off by default. If you use a `http_proxy` but would still like to make use of the Sentry Lambda extension, exempt `localhost` in a `no_proxy` environment variable. Fixes: #17804 <!-- CURSOR_SUMMARY --> --- > [!NOTE] > Disable `useLayerExtension` by default when `http_proxy` is set (unless `no_proxy` exempts localhost), add debug warnings, tests, and changelog entry. > > - **aws-serverless**: > - Consider proxy env vars when defaulting `useLayerExtension` in `packages/aws-serverless/src/init.ts`. > - New `shouldDisableLayerExtensionForProxy()` checks `http_proxy` and `no_proxy` (localhost exemptions). > - Update default: enable only if using Lambda layer, no custom tunnel, and no proxy interference. > - Add debug warnings when disabling due to proxy and when tunneling via extension. > - **Tests**: > - Expand `packages/aws-serverless/test/init.test.ts` to cover proxy/no_proxy scenarios, explicit overrides, and env cleanup. > - **Docs/Changelog**: > - Add Important Changes note explaining new default behavior and how to re-enable with `no_proxy` exemptions. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 53e333f. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY -->
@Lms24
Lms24
changed the title
(削除) Prepare release/10.17.0 (削除ここまで)
(追記) meta(changelog): Update changelog for 10.17.0 (追記ここまで)
Sep 30, 2025
@Lms24
Lms24
force-pushed
the
prepare-release/10.17.0
branch
from
September 30, 2025 09:22
50c4802 to
21760c1
Compare
size-limit report 📦
|
node-overhead report 🧳Note: This is a synthetic benchmark with a minimal express app and does not necessarily reflect the real-world performance impact in an application.
|
This pull request introduces instrumentation for Nuxt middleware,
ensuring that all middleware handlers are automatically wrapped with
tracing and error reporting functionality. The integration is achieved
through build-time transformation.
recap:
* Adds a new build-time Rollup plugin
(`middlewareInstrumentationPlugin`) that automatically wraps all
detected middleware handlers with Sentry instrumentation during the
Nitro build process.
* Implements the `wrapMiddlewareHandler` utility, which wraps middleware
handlers to start a Sentry span, capture request data, record
exceptions, and flush events in serverless environments.
* Updates the Nuxt module setup to inject Sentry middleware imports and
instrumentation hooks during initialization, ensuring the new tracing
logic is included in server builds.
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> Adds build-time wrapping of Nuxt server middleware with Sentry spans
and error capture, plus Nuxt 3/4 e2e and unit tests.
>
> - **SDK/Runtime**:
> - Implement `wrapMiddlewareHandlerWithSentry` in
`packages/nuxt/src/runtime/hooks/wrapMiddlewareHandler.ts` to start
spans, set attributes (op, origin, route, method, headers), handle hook
arrays (`onRequest`, `onBeforeResponse`), and capture errors.
> - Add middleware build-time transformation via
`packages/nuxt/src/vite/middlewareConfig.ts` (server import + Rollup
plugin to wrap `defineEventHandler`/`eventHandler`).
> - Integrate instrumentation in `packages/nuxt/src/module.ts` by
calling `addMiddlewareImports` and `addMiddlewareInstrumentation` during
Nitro init when server config is present.
> - **Tests**:
> - Add e2e apps and Playwright tests for Nuxt 3 and Nuxt 4
(`dev-packages/e2e-tests/test-applications/nuxt-{3,4}`) covering span
creation, attributes, parent-child relationships, and error propagation
across hooks and arrays.
> - Add unit tests for wrapper behavior in
`packages/nuxt/test/runtime/hooks/wrapMiddlewareHandler.test.ts`.
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
9a4a1f3. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
@Lms24
Lms24
force-pushed
the
prepare-release/10.17.0
branch
from
September 30, 2025 10:02
21760c1 to
7b7ba0d
Compare
@Lms24
Lms24
requested review from
a team,
mydea,
andreiborza and
logaretm
and removed request for
a team
September 30, 2025 10:03
debug.error(
'It seems that you have manually added `httpServerSpansIntergation` without adding `httpServerIntegration`. This is a requiement for spans to be created - please add the `httpServerIntegration` integration.',
);
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Bug: Debug Message Typo Errors
There are a few typos in the debug messages. "httpServerSpansIntergation" appears twice instead of "httpServerSpansIntegration", and "requiement" is used instead of "requirement" in one of the error messages.
*/
export function addStartSpanCallback(request: RequestWithOptionalStartSpanCallback, callback: StartSpanCallback): void {
addNonEnumerableProperty(request, '_startSpanCallback', new WeakRef(callback));
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Bug: Callback Garbage Collection Causes Missing Spans
The addStartSpanCallback function stores a WeakRef to the callback. If the callback is garbage collected before invocation, _startSpanCallback?.deref() returns undefined, preventing the callback from executing and potentially leading to missing spans.
.replace(/defineEventHandler\(/g, 'defineInstrumentedEventHandler(')
.replace(/eventHandler\(/g, 'instrumentedEventHandler(')}
`;
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Bug: Global Regex Replacements Risk Code Corruption
The wrapMiddlewareCode function uses global regex replacements for defineEventHandler and eventHandler. This approach is unsafe as it can incorrectly modify code within comments, strings, or variable names, potentially breaking user middleware.
Comment on lines
+166
to
+168
requestHook?.(span, request);
responseHook?.(span, response);
applyCustomAttributesOnSpan?.(span, request, response);
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Potential bug: User-provided hooks like requestHook and onSpanCreated are called without error handling, which could crash the server if a hook throws an exception.
-
Description: In
httpServerSpansIntegration, user-provided callback hooks such asrequestHook,responseHook,applyCustomAttributesOnSpan, andonSpanCreatedare executed via optional chaining but are not wrapped in try-catch blocks. If any of these user-defined hooks throw an error, the exception will be unhandled. This can interrupt and crash the HTTP request processing flow, potentially taking down the Node.js server. This behavior is inconsistent with other parts of the codebase where similar hooks are safely executed, and it violates OpenTelemetry's principle of not letting instrumentation disrupt the application's core logic. -
Suggested fix: Wrap the calls to
requestHook,responseHook,applyCustomAttributesOnSpan, andonSpanCreatedin a try-catch block or use a utility function likesafeExecuteInTheMiddleto ensure any exceptions thrown by user code are caught and handled gracefully, preventing them from crashing the request handler.
severity: 0.8, confidence: 0.95
Did we get this right? 👍 / 👎 to inform future reviews.
logaretm
logaretm
approved these changes
Sep 30, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.
Note
Adds Nuxt server middleware tracing with error capture, refactors Node HTTP server instrumentation into new httpServer/httpServerSpans integrations (exported across SDKs), and adjusts AWS Lambda extension behavior based on proxy env vars, plus small fixes/tests and changelog updates.
httpServerIntegration(request isolation/body capture/sessions) andhttpServerSpansIntegration(server spans + status-code filtering); addclient.on/emit('httpServerRequest', ...)hook.SentryHttpInstrumentation(keeps outgoing breadcrumbs/propagation); updatehttpIntegrationto use new integrations.@sentry/node,node-core, and server SDKs (astro, bun, gcp, remix, solidstart); add TS lib for WeakRef.http.servertransactions via event processor.useLayerExtensionnow respectshttp_proxy/no_proxy; extensive tests added.ai.telemetry.functionIdfor naming; make promise buffer test less flaky.Written by Cursor Bugbot for commit 7b7ba0d. This will update automatically on new commits. Configure here.