…igation have correct trace id (#11610)

Adds two tests to ensure errors thrown during pageload or navigations
have the correct traceId.

---------

Co-authored-by: Luca Forstner <[email protected]>

[Gitflow] Merge master into develop

…tch` requests (#11614)

Add test for `sentry-trace` and `baggage` header values so that the
headers contain the correct traceId in the folllowing four scenarios:

* request during pageload span
* request after pageload span
* request during navigation span
* request after navigation span

…` tag pageload transactions (#11622)

Add a couple of tests to our `trace-lifetime` integration test
suite to test `<meta>` tag continued pageload traces. These differ from
"normal" pageload traces in the sense that they should pick up and
continue the trace from the service that added the meta tags to the HTML
response.

So in our suite:
- `trace-lifetime/pageload` - pageload is head of trace
- `trace-lifetime/pageload-meta` - pageload continues trace from server

This needs exporting so that the `NodeClient` can be used without
calling the Node `init`.

There is a lot called in the Node init that is a hard requirement for
the `NodeClient` to function. Should these not be called in the
constructor?

Our Local Variables integration is limited by the fact that it executes
debugger commands from the main app thread. This means that no async
work can be completed while the debugger is paused and local variables
are being collected. This in turn means that all the synchronous work
needs to be queued which risks stack overflows. For this reason we've
limited local variable collection to the 5 frames closest to the top of
the stack.

When debugging from a worker thread, there are no such limitations
around performing async work during debugger pause.

This PR adds a worker thread which is tasked with collecting local
variables when the debugger pauses. It passes these back to the main
thread via IPC which are then later added to event stack frames.

## Possible Improvements

It's possible to combine both ANR and Local Variables into a single
worker thread.

…ods (#11630)

Should save some bundle size...! I also moved stuff around a bit so we
don't have so much somewhat unrelated stuff packed into the former
`hub.ts` file - needed some work to avoid circular dependencies, but I
think it's fine now.

I left the stuff we actually need in, and renamed it for clarity so this
is not confusing anymore.

closes #11482

This was not correctly set before when we had an active span - the
`error-active-span` & `error-active-span-unsampled` scenarios failed
before and had no `trace` set on the envelope headers.

The fix was to actually fix our `setupEventContextTrace` utility for
OTEL, where we now just set the dsc on the event sdkProcessingMetadata,
which is picked up when event processing. I also moved this to
`preprocessEvent` to ensure this runs before other stuff.

This should fix
https://github.com/getsentry/sentry-javascript-examples/pull/7/files#r1561220216
which @s1gr1d found in her example app. 🚀

…ests (#11624)

Add tests that check that XHR request headers propagate the
correct traceId, as spec'd out in #11599.

We now skip any OTEL spans that Next.js emits, unless we already have a
parent span that was created elsewhere (e.g. by our auto
instrumentation). This way, we should be able to ensure consistent root
spans for all cases.

Added a comment for
#11630 (comment)!

…#11580)

This bumps all our OTEL dependencies to require the most up to date
versions as of today for all the core packages.

This allows us to use the new semantic attributes, which esp. also some
instrumentation uses in newer versions. By requiring this as a minimum
version, we can ensure that we can update all our instrumentation.

This also relaxes all of the core packages to `^` range, so users can
easier use `@sentry/node` together with their own otel instrumentation.
The instrumentation we add remains hard-pinned.

To avoid deprecation warnings I updated all the semantic attributes
usage to the new syntax.

The timeout id wasn't getting reset to null after submission which was
causing additional clicks on the feedback button to pop up the success
message instead. Now, a click on the success message brings back the
feedback button, which brings up the dialog when clicked.

Fixes [#418](getsentry/team-replay#418)

…39.0 (#11495)

Bumps
[@opentelemetry/instrumentation-koa](https://github.com/open-telemetry/opentelemetry-js-contrib)
from 0.37.0 to 0.39.0.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/open-telemetry/opentelemetry-js-contrib/compare/contrib-test-utils-v0.37.0...instrumentation-pg-v0.39.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@opentelemetry/instrumentation-koa&package-manager=npm_and_yarn&previous-version=0.37.0&new-version=0.39.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…0.0 (#11494)

Bumps
[@opentelemetry/instrumentation-pg](https://github.com/open-telemetry/opentelemetry-js-contrib)
from 0.38.0 to 0.40.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/open-telemetry/opentelemetry-js-contrib/commit/f81f8a76a8f0af2101c62dbc73cde442f875d833"><code>f81f8a7</code></a>
chore: release main (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/1539">#1539</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-js-contrib/commit/8d9687d89e4a80dbf2a5e8be6fb027ff20824593"><code>8d9687d</code></a>
feat(fastify): Skip update HTTP's span name and update RpcMetadata's
route in...</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-js-contrib/commit/bf25eb112b458ddab330dad2ad3d77bcb14bced2"><code>bf25eb1</code></a>
chore(renovate): change strategy for <code>@​opentelemetry/api</code>,
run experimental upd...</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-js-contrib/commit/3139dbf5e07a4d58ff06d2f67870b1bb2e1de0cd"><code>3139dbf</code></a>
chore: update renovate.json (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/1575">#1575</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-js-contrib/commit/273993b8d438c0caf6d7b933af611d45ef770e0e"><code>273993b</code></a>
chore: re-enable instrumentation-fastify unit test on node@18 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/1568">#1568</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-js-contrib/commit/84a2377845c313f0ca68b4de7f3e7a464be68885"><code>84a2377</code></a>
fix(deps): update otel core experimental to ^0.41.0 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/1566">#1566</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-js-contrib/commit/ffb45fe8c9319bc28e35b09540b0d1e6cbace9df"><code>ffb45fe</code></a>
chore(renovate): split patch and minor rules (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/1572">#1572</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-js-contrib/commit/8e2f518d668bb5e0382e1e071bac0213b57142a0"><code>8e2f518</code></a>
feat(express): Skip update HTTP's span name and update RpcMetadata's
route in...</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-js-contrib/commit/774d25463bdbf7f290d99a07f627237888137e24"><code>774d254</code></a>
fix(document-load): compatibility issue with
<code>@​opentelemetry/sdk-trace-web</code><a
href="https://github.com/1"><code>@​1</code></a>.1...</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-js-contrib/commit/a18b0749ac2d43758e6378c4bd41f52e8eca5c89"><code>a18b074</code></a>
docs: document merge reqiurements (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/1553">#1553</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/open-telemetry/opentelemetry-js-contrib/compare/contrib-test-utils-v0.38.0...sql-common-v0.40.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@opentelemetry/instrumentation-pg&package-manager=npm_and_yarn&previous-version=0.38.0&new-version=0.40.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

….36.0 (#11496)

Closes #11632

… consistent (#11631)

As spec'd out in #11599 and agreed upon in internal discussions, a trace
should to stay consistent over the entire time span of one route.
Therefore, when the initial pageload or navigation span ends, we update
the scope's propagation context to keep span-specific attributes like
the `sampled` decision and the dynamic sampling context on the scope's
propagation context, even after the transaction has ended.

This ensures that the trace data is consistent for the entire duration
of the route. Subsequent navigations will reset the propagation context
(see #11377).

…ario (#11636)

Adds a couple of tests to cover the "Tracing Without Performance" use
case where no spans will be created but we nevertheless attach tracing
headers to outgoing requests and attach a trace id to errors. Also, we
expect these traceIds to be different/new for each subsequent navigation

ref #11599

[Gitflow] Merge master into develop

… vercel-edge sub-packages (#11649)

…a file (#11653)

Add a test detection heuristic to the detector to roughly
count the number of tests in a file. This should reduce the number of
times each test is running in case files with multiple tests have
changed. Furthermore, this PR also refactors the run count determination
logic a bit to make it easier to understand.

The list in https://github.com/getsentry/sentry-javascript/actions is a
bit hard to parse, maybe streamlining this makes this easier...