[pull] master from getsentry:master#1835
Merged
Merged
Conversation
…09360) Completes the form migration started in the previous PR by replacing the custom `formContext`-based form in `projectSampling` with `useScrapsForm`. **What changed:** - `projectSampling.tsx` — replaces `useFormState`/`FormProvider` with `useScrapsForm`. A `useEffect` on the query data mirrors the old `enableReInitialize: true` behaviour, resetting the form (and `savedProjectRates`) whenever server data arrives or changes. Per-project rate validity is checked inline in the `AppField` render prop to disable the Apply Changes button, since `z.record(z.string(), z.string())` is used for the schema (type safety only — Zod's `ZodEffects` chained on record values isn't assignable to `FormValidateOrFn`). - `projectsEditTable.tsx` — removes the `useFormField('projectRates')` context consumer and instead receives `projectRates`, `savedProjectRates`, and `onProjectRatesChange` as explicit props. Per-project validation errors are now computed locally via `getProjectRateErrors`, keeping the validation logic co-located with the table that displays it. - `utils/projectSamplingForm.tsx` — deleted. - `utils/formContext.tsx` — deleted; this was the shared custom form context, now fully unused. Stacks on top of #109356. --------- Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: Priscila Oliveira <priscila.oliveira@sentry.io>
The goal of this PR is to actually validate that the keys the user is querying for actually exist in their projects. The problem with the initial implementation is that it seems to have just checked to see if the passed keys "fit" what an attribute key would look like and not if it actually existed 🤦 To do this validation we check each of the different types (`boolean`, `number`, and `string`) behind a thread pool kicking one RPC call for each time to a max of 3 so that we can validate in parallel. Also made some modifications to the endpoint: - Added support for `statsPeriod` so we can search smaller time windows and ensure that the attributes exist when the user thinks they should - Moved `itemType` from the post body to a query param. It's not something that we're validating against so i think it's better to live in the query params. --------- Co-authored-by: Claude Sonnet 4 <noreply@example.com> Co-authored-by: OpenAI Codex <noreply@openai.com> Co-authored-by: Claude Sonnet 4 <noreply@anthropic.com>
~Assigning this directory to `app-frontend`.~ ~Not sure if it should go to @getsentry/design-engineering but i'll let them give their input.~ @TkDodo agreed, and assigning this directory to the design-eng team.
Adding a flag in so that we can initially restrict calling the validation before fully rolling this feature out. Ticket: EXP-857
_"Why run many unit test when few do trick?"_ – Kevin Malone, Senior Frontend Developer Changes the Frontend > Jest jobs to use Jest's [`--changedSince` option](https://jestjs.io/docs/cli#--changedsince) when possible. That has them only run test suites that are impacted by the changes in a PR based on the module dependency graph. Jest requires the commit history since the base commit, so this adds a second _"run only necessary Jest tests"_ flow in `frontend-optional.yml`. Specifically, that: 1. Increases the frontend-optional fetch-depth in PRs to `100`, which should get most PRs' commits pretty quickly 2. Tries to compute a `MERGE_BASE` using `git merge-base` * Note that this also clears `MERGE_BASE` if the PR touches any non-`static/` files. 3. If `MERGE_BASE` could be computed, passes it as a process env var to test scripts for use as Jest's `changedSince` * If `MERGE_BASE` couldn't be computed, the new _"run only necessary Jest tests"_ flow is skipped My plan (thanks to reviewer feedback) is to keep this running as a secondary, optional test flow on `master` for a couple weeks. If all seems well, we can remove the original _"run all Jest tests"_ logic and only run the _"run only necessary Jest tests"_ logic. The following PRs exercise different scales of changes: | PR | Source Files | Test Files | Interconnectivity | Ran Suites | / 1,881 suites | |---|---|---|---|---|---| | [#110624](#110624) | 0 | 1 | ⬜️ None | 1 | 0.05% | | [#111073](#111073) | 0 | 6 | ⬜️ None | 6 | 0.32% | | [#111122](#111122) | 0 | 100 | ⬜️ None | 100 | 5.3% | | [#111074](#111074) | 1 | 0 | 🟦 Low | 5 | 0.27% | | [#111075](#111075) | 4 | 0 | 🟦 Low | 7 | 0.37% | | [#111076](#111076) | 3 | 3 | 🟦 Low | 13 | 0.69% | | [#111110](#111110) | 20 | 20 | 🟦 Low | 74 | 3.9% | | [#111111](#111111) | 100 | 100 | 🟦 Low | 196 | 10.4% | | [#111119](#111119) | 1 | 1 | 🟨 Medium | 30 | 1.6% | | [#111628](#111628) | 3 | 3 | 🟨 Medium | 78 | 4.1% | | [#111629](#111629) | 10 | 10 | 🟨 Medium | 167 | 8.9% | | [#111633](#111633) | 25 | 25 | 🟨 Medium | 227 | 12.1% | | [#111652](#111652) | 100 | 100 | 🟨 Medium | 549 | 29.2% | | [#111115](#111115) | 3 | 3 | 🟧 High | 1,652 | 87.8% | | [#111083](#111083) | 20 | 20 | 🟧 High | 1,660 | 88.3% | | [#111086](#111086) | 100 | 100 | 🟧 High | 1,721 | 91.5% | | [#110568](#110568) | 0 | 0 | 🟥 Config (Full) | 1,881 | 100% | For low-connectivity changes (isolated components, feature-specific views), `--changedSince` provides pretty great savings: even 100 low-connectivity files only trigger ~10% of suites. Medium-connectivity files still scale pretty well, with 100 files hitting ~29%. High-connectivity files (widely-imported utils, core components) sadly trigger 85-90% of suites, which is inevitable given Sentry's highly connected module graph. Fixes ENG-7103
…ker (#111639) We don't want to trip the breaker when the proxied requests fail with 500s. We're mostly interested in preventing resource exhaustion from slow requests/connection errors here. Refs INFRENG-275
The metric selector was calling `scrollToIndex` whenever the focused option changed. That caused the dropdown list to jump while hovering items or moving through highlighted options. Co-authored-by: GPT-5.4 <noreply@openai.com>
Fixing this three year old weakness 14a6b2c. `had_release permission` was granting access if a user had any project on a release, which was nasty for mutations where a member shouldn't be able modify a release they don't have access to. We had a number of downstream code vulnerability fixes that stemmed from this, but I'm solving it upstream now. Changes: - `has_release_permission` Added `require_all_projects_param` with a false default so it's backward compatible with the previous fixes -- when true, checks against `request.access.has_projects_access()` - Org release details PUT/DELETE, release file details PT/DELETE, release files POST, release assembly POST, and release deploys POST are all happy - bunch of regression tests No changes to the read-only endpoints here nor artifactbundle assembly which we recently added explicit project scoping to.
…111500) ## Summary - Flip the early-return guard `if not artifact.commit_comparison: return` into an `if artifact.commit_comparison: ... else: log` block - Pure structural change — no behavior difference - Prepares for a follow-up PR that adds logic to the else branch and after the if/else block ## Test plan - No-op refactor; existing tests pass unchanged --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: getsantry[bot] <66042841+getsantry[bot]@users.noreply.github.com>
Update the stats page link in `MissingReplayAlert` from `/stats/` to `/settings/stats/`. The `navigation-sidebar-v2` feature flag has been GA'd and removed, but this link was still pointing to the old `/stats/` route, causing unnecessary redirects logged as `Unexpected navigation redirect` in Sentry. The `last_known_route` was `/issues/:groupId/`, confirming users hit this from the issue detail page.
Show the device authorization and verification URLs on the OAuth application details page for public clients. Public clients can use device flow today, but the settings UI only exposes the authorize and token endpoints. This adds the static device-flow URLs to the same credentials block so CLI and native app setups do not need to bounce back to the auth docs. This keeps the extra fields scoped to public apps and normalizes `urlPrefix` before composing the OAuth URLs so copied values do not contain duplicate slashes.
Bumps [orjson](https://github.com/ijl/orjson) from 3.10.10 to 3.11.6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/ijl/orjson/releases">orjson's releases</a>.</em></p> <blockquote> <h2>3.11.6</h2> <h3>Changed</h3> <ul> <li>orjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).</li> <li>Drop support for Python 3.9.</li> <li>ABI compatibility with CPython 3.15 alpha 5.</li> <li>Build now depends on Rust 1.89 or later instead of 1.85.</li> </ul> <h3>Fixed</h3> <ul> <li>Fix sporadic crash serializing deeply nested <code>list</code> of <code>dict</code>.</li> </ul> <h2>3.11.5</h2> <h3>Changed</h3> <ul> <li>Show simple error message instead of traceback when attempting to build on unsupported Python versions.</li> </ul> <h2>3.11.4</h2> <h3>Changed</h3> <ul> <li>ABI compatibility with CPython 3.15 alpha 1.</li> <li>Publish PyPI wheels for 3.14 and manylinux i686, manylinux arm7, manylinux ppc64le, manylinux s390x.</li> <li>Build now requires a C compiler.</li> </ul> <h2>3.11.3</h2> <h3>Fixed</h3> <ul> <li>Fix PyPI project metadata when using maturin 1.9.2 or later.</li> </ul> <h2>3.11.2</h2> <h3>Fixed</h3> <ul> <li>Fix build using Rust 1.89 on amd64.</li> </ul> <h3>Changed</h3> <ul> <li>Build now depends on Rust 1.85 or later instead of 1.82.</li> </ul> <h2>3.11.1</h2> <h3>Changed</h3> <ul> <li>Publish PyPI wheels for CPython 3.14.</li> </ul> <h3>Fixed</h3> <ul> <li>Fix <code>str</code> on big-endian architectures.</li> </ul> <h2>3.11.0</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/ijl/orjson/blob/master/CHANGELOG.md">orjson's changelog</a>.</em></p> <blockquote> <h2>3.11.6 - 2026-01-29</h2> <h3>Changed</h3> <ul> <li>orjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).</li> <li>Drop support for Python 3.9.</li> <li>ABI compatibility with CPython 3.15 alpha 5.</li> <li>Build now depends on Rust 1.89 or later instead of 1.85.</li> </ul> <h3>Fixed</h3> <ul> <li>Fix sporadic crash serializing deeply nested <code>list</code> of <code>dict</code>.</li> </ul> <h2>3.11.5 - 2025-12-06</h2> <h3>Changed</h3> <ul> <li>Show simple error message instead of traceback when attempting to build on unsupported Python versions.</li> </ul> <h2>3.11.4 - 2025-10-24</h2> <h3>Changed</h3> <ul> <li>ABI compatibility with CPython 3.15 alpha 1.</li> <li>Publish PyPI wheels for 3.14 and manylinux i686, manylinux arm7, manylinux ppc64le, manylinux s390x.</li> <li>Build now requires a C compiler.</li> </ul> <h2>3.11.3 - 2025-08-26</h2> <h3>Fixed</h3> <ul> <li>Fix PyPI project metadata when using maturin 1.9.2 or later.</li> </ul> <h2>3.11.2 - 2025-08-12</h2> <h3>Fixed</h3> <ul> <li>Fix build using Rust 1.89 on amd64.</li> </ul> <h3>Changed</h3> <ul> <li>Build now depends on Rust 1.85 or later instead of 1.82.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ijl/orjson/commit/ec02024c3837255064f248c0d2d331319b75e9ad"><code>ec02024</code></a> 3.11.6</li> <li><a href="https://github.com/ijl/orjson/commit/d58168733189f82b3fd0c058dff73e05d09202e6"><code>d581687</code></a> build, clippy misc</li> <li><a href="https://github.com/ijl/orjson/commit/4105b29b2275f200f6fae01349bef02ccf1bc2e2"><code>4105b29</code></a> writer::num</li> <li><a href="https://github.com/ijl/orjson/commit/62bb185b70785ded49c79c26f8c9781f1e6fe370"><code>62bb185</code></a> Fix sporadic crash on serializing object close</li> <li><a href="https://github.com/ijl/orjson/commit/d860078a973f44401265c5c4ad12a7dbe4f839ad"><code>d860078</code></a> PyRef idiom refactors</li> <li><a href="https://github.com/ijl/orjson/commit/343ae2f148197918aba9f8562db42c364620e4b8"><code>343ae2f</code></a> Deserializer, Utf8Buffer</li> <li><a href="https://github.com/ijl/orjson/commit/7835f58d1c56947d1cf7a18acdfc07a2bca9b0f2"><code>7835f58</code></a> PyBytesRef and other input refactor</li> <li><a href="https://github.com/ijl/orjson/commit/71e0516424ce1e11613eb1780f18e8cde83989fd"><code>71e0516</code></a> PyStrRef</li> <li><a href="https://github.com/ijl/orjson/commit/1096df42dc585fde837ed0c930a346f5ef7dbb94"><code>1096df4</code></a> MSRV 1.89</li> <li><a href="https://github.com/ijl/orjson/commit/b718e75b8ba18a707c2b44b6de14d52547573771"><code>b718e75</code></a> Drop support for python3.9</li> <li>Additional commits viewable in <a href="https://github.com/ijl/orjson/compare/3.10.10...3.11.6">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/getsentry/sentry/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: michelletran-sentry <167130096+michelletran-sentry@users.noreply.github.com>
## Summary - Add `SeerExplorerOperator` class with `trigger_explorer()` method that starts or continues Explorer runs via `SeerExplorerClient`, checking for existing runs by category (e.g. Slack thread) and routing to `continue_run()` or `start_run()` accordingly - Handle errors through entrypoint callbacks (`on_trigger_explorer_error`) and cache payload for the `ExplorerOnCompletionHook` via `SeerOperatorExplorerCache` - Add Explorer-specific interaction types (`OPERATOR_TRIGGER_EXPLORER`, `ENTRYPOINT_ON_TRIGGER_EXPLORER`, `ENTRYPOINT_CREATE_EXPLORER_CACHE_PAYLOAD`, `ENTRYPOINT_ON_EXPLORER_UPDATE`) to `SeerOperatorInteractionType` for metrics instrumentation - Widen `SeerExplorerClient` and `collect_user_org_context` to accept `RpcUser` in addition to `User`/`AnonymousUser`, enabling use from cross-silo contexts like Slack - Harden `SeerOperatorCompletionHook.execute()`: fetch-run-status errors now log instead of aborting, add org-id mismatch guard on cache payloads, and wrap `on_explorer_update` calls with per-entrypoint lifecycle metrics Refs ISWF-2022 --------- Co-authored-by: Leander Rodrigues <me@leander.xyz> Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: Claude Opus 4.6 <noreply@example.com>
) Updated the language here to match existing docs a bit more. See https://sentry-docs-git-bot-bump-api-schema-to-ad6b9fd6.sentry.dev/api/replays/
github-actions
Bot
added
Scope: Frontend
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
12 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )