Merge branch 'develop' into billy/feat-reset-dsc-on-handle-global-event

Author: billyvg

.agents/skills/fix-security-vulnerability/SKILL.md

@@ -92,7 +92,7 @@ git pull origin develop
 git checkout -b fix/dependabot-alert-<alert-number>
 ```
 
-Then apply the fix commands from Step 5 of the single-alert workflow (edit `package.json`, `yarn install`, `yarn dedupe-deps:fix`, verify) — but **skip the "Do NOT commit" instruction**, since user approval was already obtained in Step 2b. After applying:
+Then apply the fix commands from Step 5 of the single-alert workflow (`npx yarn-update-dependency@latest <package>`, `yarn dedupe-deps:fix`, verify) — but **skip the "Do NOT commit" instruction**, since user approval was already obtained in Step 2b. After applying:
 
 ```bash
 # 3. Stage and commit the changes
@@ -263,8 +263,8 @@ Present findings and **wait for user approval** before making changes:
 <One of: Safe to bump / Version-specific test - do not bump / Bump parent package>
 
 ### Proposed Fix
-1. Update <file>: "<package>": "<new-version>"
-2. yarn install && yarn dedupe-deps:fix
+1. npx yarn-update-dependency@latest <package>
+2. yarn dedupe-deps:fix
 3. Verify with: yarn why <package>
 
 Proceed?
@@ -273,15 +273,14 @@ Proceed?
 ### Step 5: Apply Fix (After Approval)
 
 ```bash
-# 1. Edit package.json
-# 2. Update lockfile
-yarn install
-# 3. Deduplicate
+# 1. Upgrade the package (updates package.json + lockfile)
+npx yarn-update-dependency@latest <package>
+# 2. Deduplicate
 yarn dedupe-deps:fix
-# 4. Verify
+# 3. Verify
 yarn dedupe-deps:check
 yarn why <package>
-# 5. Show changes
+# 4. Show changes
 git diff
 ```
 
@@ -325,6 +324,7 @@ gh api --method PATCH repos/getsentry/sentry-javascript/dependabot/alerts/<numbe
 
 | Command                                                                                                      | Purpose                      |
 | ------------------------------------------------------------------------------------------------------------ | ---------------------------- |
+| `npx yarn-update-dependency@latest <pkg>`                                                                    | Upgrade package across repo  |
 | `yarn why <pkg>`                                                                                             | Show dependency tree         |
 | `yarn dedupe-deps:fix`                                                                                       | Fix duplicates in yarn.lock  |
 | `yarn dedupe-deps:check`                                                                                     | Verify no duplicate issues   |

.github/FLAKY_CI_FAILURE_TEMPLATE.md

@@ -1,6 +1,6 @@
 ---
 title: '[Flaky CI]: {{ env.JOB_NAME }} - {{ env.TEST_NAME }}'
-labels: Tests
+labels: Tests, Bug
 ---
 
 ### Flakiness Type

.github/workflows/auto-release.yml

@@ -19,7 +19,7 @@ jobs:
     steps:
       - name: Get auth token
         id: token
-        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
+        uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
         with:
           app-id: ${{ vars.SENTRY_RELEASE_BOT_CLIENT_ID }}
           private-key: ${{ secrets.SENTRY_RELEASE_BOT_PRIVATE_KEY }}
@@ -51,7 +51,7 @@ jobs:
           node-version-file: 'package.json'
 
       - name: Prepare release
-        uses: getsentry/craft@013a7b2113c2cac0ff32d5180cfeaefc7c9ce5b6 # v2.24.1
+        uses: getsentry/craft@3dc647fee3586e57c7c31eb900fdec7cbb44f23f # v2.26.2
         if:
           github.event.pull_request.merged == true && steps.version-regex.outputs.match != '' &&
           steps.get_version.outputs.version != ''

.github/workflows/build.yml

@@ -274,7 +274,7 @@ jobs:
       pull-requests: write
     steps:
       - name: PR is opened against master
-        uses: mshick/add-pr-comment@e7516d74559b5514092f5b096ed29a629a1237c6
+        uses: mshick/add-pr-comment@8e4927817251f1ff60c001f04568532b38e0b4a0
         if: ${{ github.base_ref == 'master' && !startsWith(github.head_ref, 'prepare-release/') }}
         with:
           message: |
@@ -533,7 +533,7 @@ jobs:
         with:
           node-version-file: 'package.json'
       - name: Set up Deno
-        uses: denoland/setup-deno@v2.0.3
+        uses: denoland/setup-deno@v2.0.4
         with:
           deno-version: v2.1.5
       - name: Restore caches
@@ -1057,7 +1057,7 @@ jobs:
           token: ${{ secrets.GITHUB_TOKEN }}
       - name: Set up Deno
         if: matrix.test-application == 'deno' || matrix.test-application == 'deno-streamed'
-        uses: denoland/setup-deno@v2.0.3
+        uses: denoland/setup-deno@v2.0.4
         with:
           deno-version: v2.1.5
       - name: Restore caches

.github/workflows/bump-size-limits.yml

@@ -29,7 +29,7 @@ jobs:
     steps:
       - name: Generate GitHub App token
         id: app-token
-        uses: actions/create-github-app-token@v2
+        uses: actions/create-github-app-token@v3
         with:
           app-id: ${{ vars.GITFLOW_APP_ID }}
           private-key: ${{ secrets.GITFLOW_APP_PRIVATE_KEY }}

.github/workflows/external-contributors.yml

@@ -37,7 +37,7 @@ jobs:
 
       - name: Generate GitHub App token
         id: app-token
-        uses: actions/create-github-app-token@v2
+        uses: actions/create-github-app-token@v3
         with:
           app-id: ${{ vars.GITFLOW_APP_ID }}
           private-key: ${{ secrets.GITFLOW_APP_PRIVATE_KEY }}

.github/workflows/gitflow-sync-develop.yml

@@ -27,7 +27,7 @@ jobs:
 
       - name: Generate GitHub App token
         id: app-token
-        uses: actions/create-github-app-token@v2
+        uses: actions/create-github-app-token@v3
         with:
           app-id: ${{ vars.GITFLOW_APP_ID }}
           private-key: ${{ secrets.GITFLOW_APP_PRIVATE_KEY }}

.github/workflows/pr-review-reminder.yml

@@ -25,7 +25,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Remind pending reviewers
         uses: actions/github-script@v7

.github/workflows/release.yml

@@ -23,7 +23,7 @@ jobs:
     steps:
       - name: Get auth token
         id: token
-        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
+        uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
         with:
           app-id: ${{ vars.SENTRY_RELEASE_BOT_CLIENT_ID }}
           private-key: ${{ secrets.SENTRY_RELEASE_BOT_PRIVATE_KEY }}
@@ -36,7 +36,7 @@ jobs:
         with:
           node-version-file: 'package.json'
       - name: Prepare release
-        uses: getsentry/craft@013a7b2113c2cac0ff32d5180cfeaefc7c9ce5b6 # v2.24.1
+        uses: getsentry/craft@3dc647fee3586e57c7c31eb900fdec7cbb44f23f # v2.26.2
         env:
           GITHUB_TOKEN: ${{ steps.token.outputs.token }}
         with:

.oxlintrc.base.json

@@ -131,13 +131,17 @@
       }
     },
     {
-      "files": [
-        "**/scenarios/**",
-        "**/rollup-utils/**",
-        "**/bundle-analyzer-scenarios/**",
-        "**/bundle-analyzer-scenarios/*.cjs",
-        "**/bundle-analyzer-scenarios/*.js"
-      ],
+      "files": ["**/integrations/tracing/redis/vendored/**/*.ts"],
+      "rules": {
+        "typescript/no-explicit-any": "off",
+        "typescript/no-unsafe-member-access": "off",
+        "typescript/no-this-alias": "off",
+        "max-lines": "off",
+        "no-bitwise": "off"
+      }
+    },
+    {
+      "files": ["**/scenarios/**", "**/rollup-utils/**"],
       "rules": {
         "no-console": "off"
       }