Update module github.com/getsentry/sentry-go to v0.28.0

renovate[bot] commented 2 months ago

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
github.com/getsentry/sentry-go	`v0.27.0` -> `v0.28.0`

Release Notes

getsentry/sentry-go (github.com/getsentry/sentry-go)

### [`v0.28.0`](https://togithub.com/getsentry/sentry-go/releases/tag/v0.28.0): 0.28.0 [Compare Source](https://togithub.com/getsentry/sentry-go/compare/v0.27.0...v0.28.0) The Sentry SDK team is happy to announce the immediate availability of Sentry Go SDK v0.28.0. ##### Features - Add a `Fiber` performance tracing & error reporting integration ([#795](https://togithub.com/getsentry/sentry-go/pull/795)) - Add performance tracing to the `Echo` integration ([#722](https://togithub.com/getsentry/sentry-go/pull/722)) - Add performance tracing to the `FastHTTP` integration ([#732](https://togithub.com/getsentry/sentry-go/pull/723)) - Add performance tracing to the `Iris` integration ([#809](https://togithub.com/getsentry/sentry-go/pull/809)) - Add performance tracing to the `Negroni` integration ([#808](https://togithub.com/getsentry/sentry-go/pull/808)) - Add `FailureIssueThreshold` & `RecoveryThreshold` to `MonitorConfig` ([#775](https://togithub.com/getsentry/sentry-go/pull/775)) - Use `errors.Unwrap()` to create exception groups ([#792](https://togithub.com/getsentry/sentry-go/pull/792)) - Add support for matching on strings for `ClientOptions.IgnoreErrors` & `ClientOptions.IgnoreTransactions` ([#819](https://togithub.com/getsentry/sentry-go/pull/819)) - Add `http.request.method` attribute for performance span data ([#786](https://togithub.com/getsentry/sentry-go/pull/786)) - Accept `interface{}` for span data values ([#784](https://togithub.com/getsentry/sentry-go/pull/784)) ##### Fixes - Fix missing stack trace for parsing error in `logrusentry` ([#689](https://togithub.com/getsentry/sentry-go/pull/689))

Configuration

📅 Schedule: Branch creation - " 0-4 * 3" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

[ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

renovate[bot] commented 2 months ago

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

2 additional dependencies were updated

Details:	Package	Change
`golang.org/x/crypto`	`v0.17.0` -> `v0.19.0`
`golang.org/x/sys`	`v0.16.0` -> `v0.18.0`

github-actions[bot] commented 2 months ago

[puLL-Merge] - getsentry/sentry-go@otel/v0.27.0..otel/v0.28.0

Here is my review of the PR:

Description

This PR makes several changes and additions to the Sentry Go SDK:

Adds performance tracing support to the Echo, FastHTTP, Iris, Negroni and Fiber integrations
Allows matching errors/transactions to ignore using string contains in addition to regexes
Improves error grouping by unwrapping errors using Go 1.13+ errors.Unwrap()
Adds new fields to the MonitorConfig struct for check-in monitoring
Introduces initial support for sending metrics data to Sentry
Updates dependencies, Go version matrix and documentation

The motivation seems to be enhancing the SDK's capabilities, especially around performance tracing, error grouping, and metrics. The changes look reasonable and well-scoped.

Changes

### Changes - Multiple integrations: - Add performance tracing instrumentation - Add GetSpan/TransactionFromContext() helper methods - Update README and add examples for tracing - client.go: - Allow strings for IgnoreErrors/IgnoreTransactions matching - Update tests - interfaces.go: - Improve SetException to use errors.Unwrap and add grouping - Add Metrics field to Event struct - metrics.go, metrics_test.go: Add initial implementation for sending metric data - check_in.go: Add new FailureIssueThreshold and RecoveryThreshold fields - Bump Go version matrix to 1.18-1.22 - Update CHANGELOGs, READMEs and links to Go package docs - Update dependencies including Fiber and Iris - Other test additions and improvements The changes are spread across multiple packages but are fairly isolated. The metrics implementation, error grouping improvements, and performance instrumentation make up the bulk of the PR.

Possible Issues

No major issues jump out. A few minor notes:

The ignore matching change could change behavior for some users relying on the previous regex-only matching
Metrics support is behind a feature flag, but something to keep an eye on in terms of resource usage at scale
As always, the instrumentation changes could have some overhead, but it looks to be kept minimal

Security Hotspots

I didn't see any obvious security risks introduced by this change. A few areas that handle untrusted input, but they look to be adequately sanitized:

The new metrics implementation sanitizes metric names, tag keys/values
The transaction/error ignore matching changes don't seem to allow any injection
The added instrumentation is primarily reading data, not writing

Let me know if you have any other questions!

brave / go-sync