Skip to content

Bump API schema to ee34d268 #17241

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
sentry-api-schema-updater merged 1 commit into from
Apr 2, 2026
+1 −1
Merged

Bump API schema to ee34d268 #17241

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion src/build/resolveOpenAPI.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ import {DeRefedOpenAPI} from './open-api/types';

// SENTRY_API_SCHEMA_SHA is used in the sentry-docs GHA workflow in getsentry/sentry-api-schema.
// DO NOT change variable name unless you change it in the sentry-docs GHA workflow in getsentry/sentry-api-schema.
const SENTRY_API_SCHEMA_SHA = 'edac98f0b883a1416430ac0ebf0bc449bfc4091a';
const SENTRY_API_SCHEMA_SHA = 'ee34d268ce4d0b03d8f35a25b607cf78e0567a23';
Copy link
Copy Markdown

@sentry sentry bot Apr 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: The resolveOpenAPI function lacks error handling for failed fetch requests, causing a build failure if the OpenAPI schema URL returns a non-JSON response like a 404 page.
Severity: LOW

Suggested Fix

In resolveOpenAPI, check if response.ok is true before attempting to parse the JSON. If the response is not okay, throw an informative error to handle the failure gracefully instead of letting response.json() crash on invalid input.

Prompt for AI Agent 
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: src/build/resolveOpenAPI.ts#L9

Potential issue: The `resolveOpenAPI` function fetches a schema from a raw GitHub URL
without validating the HTTP response. If the `SENTRY_API_SCHEMA_SHA` points to a
non-existent commit, GitHub will return a 404 HTML page. The code then attempts to parse
this HTML as JSON by calling `response.json()`, which will throw a `SyntaxError` and
cause the build process to fail. While CI/CD checks are expected to prevent an invalid
SHA from being merged, the lack of defensive error handling in the code itself presents
a latent vulnerability.

Did we get this right? 👍 / 👎 to inform future reviews.


const activeEnv = process.env.GATSBY_ENV || process.env.NODE_ENV || 'development';

Expand Down
Loading