Bump sentry-sdk[django] from 2.47.0 to 2.48.0#555
Bump sentry-sdk[django] from 2.47.0 to 2.48.0#555dependabot[bot] wants to merge 1 commit intomasterfrom
Conversation
Bumps [sentry-sdk[django]](https://github.com/getsentry/sentry-python) from 2.47.0 to 2.48.0. - [Release notes](https://github.com/getsentry/sentry-python/releases) - [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md) - [Commits](getsentry/sentry-python@2.47.0...2.48.0) --- updated-dependencies: - dependency-name: sentry-sdk[django] dependency-version: 2.48.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
| "django-crum==0.7.9", | ||
| "sentry-sdk[django]==2.47.0", | ||
| "sentry-sdk[django]==2.48.0", | ||
| "redis==7.1.0", |
There was a problem hiding this comment.
Bug: Upgrading sentry-sdk to 2.48.0 will silently disable middleware performance monitoring because it's no longer enabled by default and the current configuration doesn't explicitly enable it.
Severity: HIGH | Confidence: High
🔍 Detailed Analysis
The upgrade of sentry-sdk to version 2.48.0 introduces a breaking change where middleware performance monitoring is disabled by default. The application's current Sentry initialization in prs2/settings.py uses DjangoIntegration without explicitly setting the middleware_spans parameter. As a result of this dependency update, performance data for all middleware components will no longer be captured. This will cause a silent loss of observability into the performance of critical middleware like authentication and sessions, without raising any application errors.
💡 Suggested Fix
In prs2/settings.py, update the sentry_sdk.init call to explicitly enable middleware spans within the DjangoIntegration. The configuration should be integrations=[DjangoIntegration(cache_spans=True, middleware_spans=True)].
🤖 Prompt for AI Agent
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.
Location: pyproject.toml#L36
Potential issue: The upgrade of `sentry-sdk` to version 2.48.0 introduces a breaking
change where middleware performance monitoring is disabled by default. The application's
current Sentry initialization in `prs2/settings.py` uses `DjangoIntegration` without
explicitly setting the `middleware_spans` parameter. As a result of this dependency
update, performance data for all middleware components will no longer be captured. This
will cause a silent loss of observability into the performance of critical middleware
like authentication and sessions, without raising any application errors.
Did we get this right? 👍 / 👎 to inform future reviews.
Reference ID: 7840753
Bumps sentry-sdk[django] from 2.47.0 to 2.48.0.
Release notes
Sourced from sentry-sdk[django]'s releases.
... (truncated)
Changelog
Sourced from sentry-sdk[django]'s changelog.
... (truncated)
Commits
32e9cacPhrasing and code formatting in changelogbf30403Call out new default for middleware spans and fix formatting in changelog19e0d1fFix changelog6516b8brelease: 2.48.0e275c9eConvert all remaining type annotations to PEP-526 format (#5239)a29b421fix(logs): Setspan_idinstead ofsentry.trace.parent_span_idattribute (...a9d89f2fix(pydantic-ai): Stop capturing internal exceptions (#5237)5606bb3fix(logs, metrics): Gate metrics, logs user attributes behind `send_default_p...6046f2dci: Unpin Python version for LiteLLM tests (#5238)42ed87aci: 🤖 Update test matrix with new releases (12/15) (#5229)You can trigger a rebase of this PR by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)