deps(minimatch): Upgrade patch version to use new `brace-expansion` peer-dep by s1gr1d · Pull Request #20198 · getsentry/sentry-javascript

s1gr1d · 2026-04-10T11:53:43Z

brace-expansion package causes zero-step sequence causes process hang and memory exhaustion (range: >=4.0.0 <5.0.5).

Updating the patch version of minimatch uses the newer version.

Related GHSA: GHSA-f886-m6hf-6m8v
Related issue (comment): #19447 (comment)

…eer-dep

github-actions · 2026-04-10T11:54:10Z

Semver Impact of This PR

⚪ None (no version bump detected)

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).

New Features ✨

Core

Add enableTruncation option to Google GenAI integration by andreiborza in #20184
Add enableTruncation option to Anthropic AI integration by andreiborza in #20181
Add enableTruncation option to LangGraph integration by andreiborza in #20183
Add enableTruncation option to LangChain integration by andreiborza in #20182
Add enableTruncation option to OpenAI integration by andreiborza in #20167
Export a reusable function to add tracing headers by JPeer264 in #20076

Deps

Bump axios from 1.13.5 to 1.15.0 by dependabot in #20180
Bump hono from 4.12.7 to 4.12.12 by dependabot in #20118
Bump defu from 6.1.4 to 6.1.6 by dependabot in #20104

Other

(cloudflare) Propagate traceparent to RPC calls - via fetch by JPeer264 in #19991

Bug Fixes 🐛

(deno) Avoid inferring invalid span op from Deno tracer by Lms24 in #20128
(e2e) Add op check to waitForTransaction in React Router e2e tests by copilot-swe-agent in #20193

Internal Changes 🔧

Deps

Bump hono from 4.12.7 to 4.12.12 in /dev-packages/e2e-tests/test-applications/cloudflare-hono by dependabot in #20119
Bump axios from 1.13.5 to 1.15.0 in /dev-packages/e2e-tests/test-applications/nestjs-basic by dependabot in #20179

Other

(bugbot) Add rules to flag test-flake-provoking patterns by Lms24 in #20192
(deps-dev) Bump vite from 7.2.0 to 7.3.2 in /dev-packages/e2e-tests/test-applications/tanstackstart-react by dependabot in #20107
(react) Remove duplicated test mock by s1gr1d in #20200
(size-limit) Bump failing size limit scenario by Lms24 in #20186

Other

deps(minimatch): Upgrade patch version to use new brace-expansion peer-dep by s1gr1d in #20198

_{🤖 This preview updates automatically when you update the PR.}

github-actions · 2026-04-10T12:06:30Z

size-limit report 📦

⚠️ Warning: Base artifact is not the latest one, because the latest workflow run is not done yet. This may lead to incorrect results. Try to re-run all tests to get up to date results.

Path	Size	% Change	Change
@sentry/browser	25.72 kB	-	-
@sentry/browser - with treeshaking flags	24.21 kB	-	-
@sentry/browser (incl. Tracing)	42.73 kB	-	-
@sentry/browser (incl. Tracing, Profiling)	47.35 kB	-	-
@sentry/browser (incl. Tracing, Replay)	81.54 kB	-	-
@sentry/browser (incl. Tracing, Replay) - with treeshaking flags	71.11 kB	-	-
@sentry/browser (incl. Tracing, Replay with Canvas)	86.25 kB	-	-
@sentry/browser (incl. Tracing, Replay, Feedback)	98.45 kB	-	-
@sentry/browser (incl. Feedback)	42.51 kB	-	-
@sentry/browser (incl. sendFeedback)	30.39 kB	-	-
@sentry/browser (incl. FeedbackAsync)	35.38 kB	-	-
@sentry/browser (incl. Metrics)	27.04 kB	-	-
@sentry/browser (incl. Logs)	27.18 kB	-	-
@sentry/browser (incl. Metrics & Logs)	27.86 kB	-	-
@sentry/react	27.48 kB	-	-
@sentry/react (incl. Tracing)	45.05 kB	-	-
@sentry/vue	30.56 kB	-	-
@sentry/vue (incl. Tracing)	44.59 kB	-	-
@sentry/svelte	25.74 kB	-	-
CDN Bundle	28.41 kB	-	-
CDN Bundle (incl. Tracing)	43.75 kB	-	-
CDN Bundle (incl. Logs, Metrics)	29.78 kB	-	-
CDN Bundle (incl. Tracing, Logs, Metrics)	44.83 kB	-	-
CDN Bundle (incl. Replay, Logs, Metrics)	68.59 kB	-	-
CDN Bundle (incl. Tracing, Replay)	80.64 kB	-	-
CDN Bundle (incl. Tracing, Replay, Logs, Metrics)	81.66 kB	-	-
CDN Bundle (incl. Tracing, Replay, Feedback)	86.17 kB	-	-
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics)	87.2 kB	-	-
CDN Bundle - uncompressed	82.99 kB	-	-
CDN Bundle (incl. Tracing) - uncompressed	129.77 kB	-	-
CDN Bundle (incl. Logs, Metrics) - uncompressed	87.14 kB	-	-
CDN Bundle (incl. Tracing, Logs, Metrics) - uncompressed	133.19 kB	-	-
CDN Bundle (incl. Replay, Logs, Metrics) - uncompressed	210.12 kB	-	-
CDN Bundle (incl. Tracing, Replay) - uncompressed	246.65 kB	-	-
CDN Bundle (incl. Tracing, Replay, Logs, Metrics) - uncompressed	250.05 kB	-	-
CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed	259.56 kB	-	-
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics) - uncompressed	262.95 kB	-	-
@sentry/nextjs (client)	47.47 kB	-	-
@sentry/sveltekit (client)	43.2 kB	-	-
@sentry/node-core	57.86 kB	+0.02%	+6 B 🔺
@sentry/node	174.84 kB	+0.02%	+25 B 🔺
@sentry/node - without tracing	97.97 kB	+0.03%	+20 B 🔺
@sentry/aws-serverless	115.22 kB	+0.02%	+19 B 🔺

View base workflow run

github-actions · 2026-04-10T12:08:00Z

node-overhead report 🧳

Note: This is a synthetic benchmark with a minimal express app and does not necessarily reflect the real-world performance impact in an application.

Scenario	Requests/s	% of Baseline	Prev. Requests/s	Change %
GET Baseline	9,031	-	9,190	-2%
GET With Sentry	1,721	19%	1,711	+1%
GET With Sentry (error only)	5,975	66%	6,115	-2%
POST Baseline	1,191	-	1,202	-1%
POST With Sentry	595	50%	584	+2%
POST With Sentry (error only)	1,036	87%	1,032	+0%
MYSQL Baseline	3,170	-	3,247	-2%
MYSQL With Sentry	490	15%	431	+14%
MYSQL With Sentry (error only)	2,613	82%	2,603	+0%

View base workflow run

deps(minimatch): Upgrade patch version to use new brace-expansion p…

9a2ee61

…eer-dep

s1gr1d requested a review from isaacs April 10, 2026 11:53

s1gr1d mentioned this pull request Apr 10, 2026

Replace SDK package dependencies #19447

Open

Merge branch 'develop' into sig/brace-expansion-update

ccf6bac

s1gr1d mentioned this pull request Apr 10, 2026

Bump @fastify/otel to 0.18.1 to avoid vulnerability issue #20204

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

deps(minimatch): Upgrade patch version to use new `brace-expansion` peer-dep#20198

deps(minimatch): Upgrade patch version to use new `brace-expansion` peer-dep#20198
s1gr1d wants to merge 2 commits intodevelopfrom
sig/brace-expansion-update

s1gr1d commented Apr 10, 2026 •

edited

Loading

Uh oh!

github-actions bot commented Apr 10, 2026 •

edited

Loading

New Features ✨

Core

Deps

Other

Bug Fixes 🐛

Internal Changes 🔧

Deps

Other

Other

Uh oh!

github-actions bot commented Apr 10, 2026 •

edited

Loading

Uh oh!

github-actions bot commented Apr 10, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

Conversation

s1gr1d commented Apr 10, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

github-actions bot commented Apr 10, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Semver Impact of This PR

New Features ✨

Core

Deps

Other

Bug Fixes 🐛

Internal Changes 🔧

Deps

Other

Other

Uh oh!

github-actions bot commented Apr 10, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

size-limit report 📦

Uh oh!

github-actions bot commented Apr 10, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

node-overhead report 🧳

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

s1gr1d commented Apr 10, 2026 •

edited

Loading

github-actions bot commented Apr 10, 2026 •

edited

Loading

github-actions bot commented Apr 10, 2026 •

edited

Loading

github-actions bot commented Apr 10, 2026 •

edited

Loading