chore(e2e-tests): Add a pnpm-lock file to every e2e test folder

[JPeer264]

This adds a lock file in every e2e test folder. The motivation behind this is that we know exactly which dependency has been updated when our e2e tests are failing, which reduces the amount of debugging transitive dependency updates.

Test run: https://github.com/getsentry/sentry-javascript/actions/runs/23796959377

FAQ

When do they get updated?

• After every release it triggers an update of only the sentry packages. This is done by checking the label Dev: Gitflow and see if the new versions have been resynced to develop.
  • Theoretically it wouldn't make any difference when they are updated - as locally the e2e tests would update to the latest version anyways if someone has an old version for a short time.
• Every midnight via cron

Who approves?

A PR will be created and enabled as auto-squashmerge, and approved. So nobody needs to do anything, it should be updated automatically (as long as the PR has a green CI)

A PR fails. What to do?

Once a PR fails, e.g. over the weekend, then it could be that nobody merges/fixes it and it stays open for a while. The peter-evans/create-pull-request action actually reuses a PR and it would rebase and force push the changes, so there will always be only one open.

I didn't reuse repo-sync/pull-request from gitflow-sync-develop, as it is not maintained and peter-evans is officially at GitHub and still maintains these actions.

master/develop - would they benefit from this?

No. master and develop are excluded from this lock file logic so there everything should be as before. It done with the E2E_IGNORE_LOCKFILE env variable, which has also been added to the documentation

Open issues

• I think once a PR fails and gets reopened/reused on the next day, the PR description updates and the automatic generated issue would be recreated, which means that the previous created generated issue would then be open forever. Not sure how we should handle that

[github-actions]

Semver Impact of This PR

🟢 Patch (bug fixes)

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).

---

New Features ✨

Deps

• Bump OpenTelemetry dependencies by andreiborza in #20046
• Bump babel-loader from 10.0.0 to 10.1.1 by dependabot in #19997
• Bump handlebars from 4.7.7 to 4.7.9 by dependabot in #20008

Nuxt

• Add middleware instrumentation compatibility for Nuxt 5 by s1gr1d in #19968
• Support parametrized SSR routes in Nuxt 5 by s1gr1d in #19977

Other

• (browser) Replace element timing spans with metrics by logaretm in #19869
• (bun) Add bunRuntimeMetricsIntegration by chargome in #19979
• (core) Support embedding APIs in google-genai by nicohrubec in #19797
• (node) Add nodeRuntimeMetricsIntegration by chargome in #19923
• (node-core) Add OTLP integration for node-core/light by andreiborza in #19729
• (solid) Add route parametrization for Solid Router by andreiborza in #20031

Bug Fixes 🐛

Ci

• Update validate-pr action to remove draft enforcement by stephanie-anderson in #20037
• Update validate-pr action to remove draft enforcement by stephanie-anderson in #20035

Node

• Deduplicate sentry-trace and baggage headers on outgoing requests by Lms24 in #19960
• Ensure startNewTrace propagates traceId in OTel environments by logaretm in #19963

Other

• (browser-tests) Pin axios to 1.13.5 to avoid compromised 1.14.1 by andreiborza in #20047
• (core) Guard nullish response in supabase PostgREST handler by antonis in #20033
• (e2e) Pin @opentelemetry/api to 1.9.0 in ts3.8 test app by logaretm in #19992
• (nuxt) Use virtual module for Nuxt pages data (SSR route parametrization) by s1gr1d in #20020
• (opentelemetry) Convert seconds timestamps in span.end() to milliseconds by logaretm in #19958
• (profiling) Disable profiling in worker threads by chargome in #20040
• (react-router) Disable debug ID injection in Vite plugin to prevent double injection by isaacs in #19890

Documentation 📚

• (release) Update publishing-a-release.md by nicohrubec in #19982

Internal Changes 🔧

Core

• Remove provider-specific AI span attributes in favor of gen_ai attributes in sentry conventions by nicohrubec in #20011
• Introduce instrumented method registry for AI integrations by nicohrubec in #19981
• Consolidate getOperationName into one shared utility by nicohrubec in #19971

Deps

• Bump amqplib from 0.10.7 to 0.10.9 by dependabot in #20000
• Bump actions/upload-artifact from 6 to 7 by dependabot in #19569
• Bump srvx from 0.11.12 to 0.11.13 by dependabot in #20001
• Bump @apollo/server from 5.4.0 to 5.5.0 by dependabot in #20007

Deps Dev

• Remove esbuild override in astro-5-cf-workers E2E test by isaacs in #20024
• Bump node-forge from 1.3.2 to 1.4.0 by dependabot in #20012
• Bump yaml from 2.8.2 to 2.8.3 by dependabot in #19985

Other

• (browser) Reduce browser package bundle size by HazAT in #19856
• (browser-tests) Add waitForMetricRequest helper by logaretm in #20002
• (changelog) Update changelog for 10.47.0 by chargome in #20050
• (deno) Expand Deno E2E test coverage by chargome in #19957
• (e2e) Add e2e tests for nodeRuntimeMetricsIntegration by chargome in #19989

• (e2e-tests) Add a pnpm-lock file to every e2e test folder by JPeer264 in #20056

• (gitflow) Sync master with develop by chargome in #20054

---

_{🤖 This preview updates automatically when you update the PR.}

[sentry]

Bug: The code uses the environment variable E2E_IGNORE_LOCKFILE, but the PR description incorrectly refers to it as E2E_FRESH_LOCKFILE.
_{Severity: LOW}

Suggested Fix

Update the pull request description to refer to the correct environment variable, E2E_IGNORE_LOCKFILE, to match the implementation and avoid confusion.

Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: dev-packages/e2e-tests/lib/copyToTemp.ts#L23-L25

Potential issue: The code checks for the environment variable `E2E_IGNORE_LOCKFILE` to
decide whether to delete a lockfile. However, the pull request description incorrectly
refers to this variable as `E2E_FRESH_LOCKFILE`. This inconsistency between the
implementation and the documentation can lead to confusion and configuration errors, as
a developer might set the wrong variable based on the description, causing the feature
to not work as intended.

[JPeer264]

My bad

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

There are 2 total unresolved issues (including 1 from previous review).

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

[github-actions]

size-limit report 📦

Path	Size	% Change	Change
@sentry/browser	25.64 kB	-	-
@sentry/browser - with treeshaking flags	24.13 kB	-	-
@sentry/browser (incl. Tracing)	42.15 kB	-0.01%	-1 B 🔽
@sentry/browser (incl. Tracing, Profiling)	46.76 kB	-	-
@sentry/browser (incl. Tracing, Replay)	80.94 kB	-	-
@sentry/browser (incl. Tracing, Replay) - with treeshaking flags	70.56 kB	-	-
@sentry/browser (incl. Tracing, Replay with Canvas)	85.65 kB	-0.01%	-1 B 🔽
@sentry/browser (incl. Tracing, Replay, Feedback)	97.91 kB	-	-
@sentry/browser (incl. Feedback)	42.42 kB	-	-
@sentry/browser (incl. sendFeedback)	30.3 kB	-	-
@sentry/browser (incl. FeedbackAsync)	35.28 kB	-	-
@sentry/browser (incl. Metrics)	26.95 kB	-	-
@sentry/browser (incl. Logs)	27.1 kB	-	-
@sentry/browser (incl. Metrics & Logs)	27.77 kB	-	-
@sentry/react	27.41 kB	-	-
@sentry/react (incl. Tracing)	44.48 kB	-	-
@sentry/vue	30.08 kB	-	-
@sentry/vue (incl. Tracing)	44.05 kB	-0.01%	-2 B 🔽
@sentry/svelte	25.66 kB	-	-
CDN Bundle	28.31 kB	-0.01%	-1 B 🔽
CDN Bundle (incl. Tracing)	43.1 kB	-	-
CDN Bundle (incl. Logs, Metrics)	29.68 kB	-	-
CDN Bundle (incl. Tracing, Logs, Metrics)	44.16 kB	-0.01%	-1 B 🔽
CDN Bundle (incl. Replay, Logs, Metrics)	68.48 kB	-0.01%	-1 B 🔽
CDN Bundle (incl. Tracing, Replay)	80 kB	-0.01%	-1 B 🔽
CDN Bundle (incl. Tracing, Replay, Logs, Metrics)	81.04 kB	-	-
CDN Bundle (incl. Tracing, Replay, Feedback)	85.54 kB	-	-
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics)	86.58 kB	-	-
CDN Bundle - uncompressed	82.66 kB	-	-
CDN Bundle (incl. Tracing) - uncompressed	127.81 kB	-	-
CDN Bundle (incl. Logs, Metrics) - uncompressed	86.81 kB	-	-
CDN Bundle (incl. Tracing, Logs, Metrics) - uncompressed	131.22 kB	-	-
CDN Bundle (incl. Replay, Logs, Metrics) - uncompressed	209.79 kB	-	-
CDN Bundle (incl. Tracing, Replay) - uncompressed	244.68 kB	-	-
CDN Bundle (incl. Tracing, Replay, Logs, Metrics) - uncompressed	248.08 kB	-	-
CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed	257.59 kB	-	-
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics) - uncompressed	260.98 kB	-	-
@sentry/nextjs (client)	46.89 kB	-0.01%	-1 B 🔽
@sentry/sveltekit (client)	42.62 kB	-	-
@sentry/node-core	55.76 kB	+0.02%	+8 B 🔺
@sentry/node	172.76 kB	+0.01%	+10 B 🔺
@sentry/node - without tracing	96.02 kB	+0.01%	+5 B 🔺
@sentry/aws-serverless	112.78 kB	+0.01%	+6 B 🔺

View base workflow run

[github-actions]

node-overhead report 🧳

Note: This is a synthetic benchmark with a minimal express app and does not necessarily reflect the real-world performance impact in an application.

Scenario	Requests/s	% of Baseline	Prev. Requests/s	Change %
GET Baseline	11,169	-	9,026	+24%
GET With Sentry	1,896	17%	1,695	+12%
GET With Sentry (error only)	7,504	67%	6,154	+22%
POST Baseline	1,301	-	1,210	+8%
POST With Sentry	635	49%	595	+7%
POST With Sentry (error only)	1,143	88%	1,066	+7%
MYSQL Baseline	3,536	-	3,232	+9%
MYSQL With Sentry	471	13%	441	+7%
MYSQL With Sentry (error only)	2,970	84%	2,682	+11%

View base workflow run

[JPeer264]

Back to draft as it isn't as fluent as thought