chore(deps): update CLI to v3.0.1

[github-actions]

Bumps scripts/update-cli.ps1 from 2.58.2 to 3.0.1.

Auto-generated by a dependency updater.

Changelog

3.0.1

Performance Improvements

• We switch to a faster compression algorithm (zstd) for uploading size analysis builds (sentry build upload) in preparation for this week's beta release! (#3038)

3.0.0

New Sentry Support Policy

sentry-cli 3.0.0 and above only officially supports Sentry SaaS and Sentry self-hosted versions 25.11.1 and higher. While many Sentry CLI features may, in practice, continue working with some older Sentry versions, continued support for Sentry versions older than 25.11.1 is not guaranteed. Changes which break support for Sentry versions below 25.11.1 may occur in minor or patch releases.

New Versioning Policy

Sentry CLI now defines a semantic versioning policy. We did not explicitly define a versioning policy before, but the new versioning policy contains some notable changes versus the previous implicit policy we had been following. The main change is that dropping support for self-hosted Sentry versions now only requires a minor version bump, although such changes will be clearly communicated in the changelog.

Important

Self-hosted users: We strongly recommend pinning your Sentry CLI version, since Sentry CLI may drop support for your self-hosted Sentry version in any future minor release. Always check the changelog before upgrading Sentry CLI.

Breaking Changes

• Removed all sentry-cli files ... and sentry-cli releases files ... subcommands (#2956). These commands provided functionality for managing release files, a feature that has been deprecated in Sentry. Users still using sentry-cli files upload to upload source maps should migrate to sentry-cli sourcemaps upload.
• Removed the sentry-cli sourcemaps explain command (#2947). The command had been deprecated for some time, since Sentry now has a better in-product debugging flow for source map problems via the "Unminify Code" button, which is displayed on any JavaScript issues which could not be unminified.
• Removed the sentry-cli send-metric ... subcommands (#3006). These commands have been deprecated, and the data they send is no longer accepted by Sentry.
• Removed support for the legacy API key authentication method (#2935). Sentry CLI now only supports authenticating with Auth Tokens. If you are using API key authentication via any of the following methods, you need to generate and use an Auth Token, instead:
  • --api-key CLI flag
  • SENTRY_API_KEY environment variable
  • api_key configuration file field
  • apiKey option in the JavaScript API
• Removed the upload-proguard subcommand's --app-id, --version, --version-code, --android-manifest, and --platform arguments (#2876, #2940, #2948). Users using these arguments should stop using them, as they are unnecessary. The information passed to these arguments is no longer visible in Sentry.
• Removed the --started argument from the sentry-cli releases finalize command (#2972). This argument is a no-op, so any users using it should simply stop using it.
• Removed the --use-artifact-bundle flag from sentry-cli sourcemaps upload (#3002). The flag was a no-op that only emitted a deprecation warning.

Node.js Wrapper Breakages

The following changes only apply when using sentry-cli via the npm package sentry/cli:

• The SentryCli.execute method's live parameter now only takes boolean values (#2971). Setting live to true now behaves like 'rejectOnError' did previously, with a zero exit status resolving the returned promise with "success (live mode)" and a non-zero status rejecting the promise with an error message.

• The option parameter to Releases.uploadSourceMaps no longer takes a live property (#2971). We now always execute the command with live set to true.

• Removed the apiKey option from SentryCliOptions (#2935). If you are using apiKey, you need to generate and use an Auth Token via the authToken option, instead.

• Removed the useArtifactBundle option from SentryCliUploadSourceMapsOptions (#3002). This deprecated option was a no-op that users should simply stop passing.

• Drop support for Node.js <18. The minimum required Node.js version is now 18.0.0 (#2985).

• The type export SentryCliReleases has been removed.

• The JavaScript wrapper now uses named exports instead of default exports (#2989). You need to update your imports:

  // Old (default import)
  const SentryCli = require('sentry/cli');
  
  // New (named import)
  const { SentryCli } = require('sentry/cli');

  For ESM imports:

  // Old
  import SentryCli from 'sentry/cli';
  
  // New
  import { SentryCli } from 'sentry/cli';

Improvements

• The sentry-cli upload-proguard command now uses chunked uploading by default (#2918). Users who previously set the SENTRY_EXPERIMENTAL_PROGUARD_CHUNK_UPLOAD environment variable to opt into this behavior no longer need to set the variable.
• We now place source map debug IDs under the source map's debugId field, per the TC39 Debug ID proposal (#3005). This change affects the sentry-cli sourcemaps inject command and, unless --no-rewrite is passed, the sentry-cli sourcemaps upload command. Sentry CLI can still read the debug_id field, but whenever the CLI writes or rewrites a source map, we always use debugId.
• The sentry-cli build upload command now automatically tracks Sentry plugin versions from the SENTRY_PIPELINE environment variable (#2994). When SENTRY_PIPELINE contains a recognized Sentry plugin (e.g., sentry-gradle-plugin/4.12.0 or sentry-fastlane-plugin/1.2.3), the plugin version is written to the .sentry-cli-metadata.txt file in uploaded build archives, enabling the backend to store metadata for size analysis and build distribution tracking.

Fixes

• Fixed misleading error message claiming the server doesn't support chunk uploading when the actual error was a non-existent organization (#2930).

2.58.4

Fixes

• Use node directly in the postinstall script, instead of using npm run (#3030). This change ensures the postinstall script remains compatible with package managers other than npm.

2.58.3

Improvements

• For the sentry-cli build upload command, we now only auto-detect Git metadata when we detect we are running in a CI environment, unless the user manually overrides this behavior (#2974). This change prevents local development builds from triggiering GitHub status checks for size analysis.
  • We can detect most common CI environments based on the environment variables these set.
  • We introduced two new arguments, --force-git-metadata and --no-git-metadata, which force-enable and force-disable automatic Git data collection, respectively, overriding the default behavior.
• The sentry-cli build upload command now automatically detects the correct branch or tag reference in non-PR GitHub Actions workflows (#2976). Previously, --head-ref was only auto-detected for pull request workflows. Now it works for push, release, and other workflow types by using the GITHUB_REF_NAME environment variable.

Fixes

• Fixed a bug where the sentry-cli sourcemaps inject command could inject JavaScript code into certain incorrectly formatted source map files, corrupting their JSON structure (#3003).

Internal changes

• Migrated JavaScript wrapper to TypeScript for better type safety (#2910)

Full CHANGELOG.md diff

 -1,5 +1,95 
 # Changelog
 
+## 3.0.1
+
+### Performance Improvements
+
+- We switch to a faster compression algorithm (zstd) for uploading size analysis builds (`sentry build upload`) in preparation for this week's beta release! ([#3038](https://github-redirect.dependabot.com/getsentry/sentry-cli/pull/3038))
+
+## 3.0.0
+
+### New Sentry Support Policy
+
+`sentry-cli` 3.0.0 and above only officially supports Sentry SaaS and Sentry self-hosted versions [25.11.1](https://github-redirect.dependabot.com/getsentry/sentry/releases/tag/25.11.1) and higher. While many Sentry CLI features may, in practice, continue working with some older Sentry versions, continued support for Sentry versions older than 25.11.1 is not guaranteed. Changes which break support for Sentry versions below 25.11.1 may occur in minor or patch releases.
+
+### New Versioning Policy
+
+Sentry CLI now defines a [semantic versioning policy](VERSIONING.md). We did not explicitly define a versioning policy before, but the new versioning policy contains some notable changes versus the previous implicit policy we had been following. The main change is that dropping support for self-hosted Sentry versions now only requires a minor version bump, although such changes will be clearly communicated in the changelog.
+
+> [!IMPORTANT]
+> **Self-hosted users**: We strongly recommend pinning your Sentry CLI version, since Sentry CLI may drop support for your self-hosted Sentry version in any future minor release. Always check the changelog before upgrading Sentry CLI.
+
+### Breaking Changes
+
+- Removed all `sentry-cli files ...` and `sentry-cli releases files ...` subcommands ([#2956](https://github-redirect.dependabot.com/getsentry/sentry-cli/pull/2956)). These commands provided functionality for managing release files, a feature that has been deprecated in Sentry. Users still using `sentry-cli files upload` to upload source maps should migrate to `sentry-cli sourcemaps upload`.
+- Removed the `sentry-cli sourcemaps explain` command ([#2947](https://github-redirect.dependabot.com/getsentry/sentry-cli/pull/2947)). The command had been deprecated for some time, since Sentry now has a better in-product debugging flow for source map problems via the "Unminify Code" button, which is displayed on any JavaScript issues which could not be unminified.
+- Removed the `sentry-cli send-metric ...` subcommands ([#3006](https://github-redirect.dependabot.com/getsentry/sentry-cli/pull/3006)). These commands have been deprecated, and the data they send is no longer accepted by Sentry.
+- Removed support for the legacy API key authentication method ([#2935](https://github-redirect.dependabot.com/getsentry/sentry-cli/pull/2935)). Sentry CLI now only supports authenticating with Auth Tokens. If you are using API key authentication via any of the following methods, you need to generate and use an [Auth Token](https://docs.sentry.io/account/auth-tokens/), instead:
+  - `--api-key` CLI flag
+  - `SENTRY_API_KEY` environment variable
+  - `api_key` configuration file field
+  - `apiKey` option in the JavaScript API
+- Removed the `upload-proguard` subcommand's `--app-id`, `--version`, `--version-code`, `--android-manifest`, and `--platform` arguments ([#2876](https://github-redirect.dependabot.com/getsentry/sentry-cli/pull/2876), [#2940](https://github-redirect.dependabot.com/getsentry/sentry-cli/pull/2940), [#2948](https://github-redirect.dependabot.com/getsentry/sentry-cli/pull/2948)). Users using these arguments should stop using them, as they are unnecessary. The information passed to these arguments is no longer visible in Sentry.
+- Removed the `--started` argument from the `sentry-cli releases finalize` command ([#2972](https://github-redirect.dependabot.com/getsentry/sentry-cli/pull/2972)). This argument is a no-op, so any users using it should simply stop using it.
+- Removed the `--use-artifact-bundle` flag from `sentry-cli sourcemaps upload` ([#3002](https://github-redirect.dependabot.com/getsentry/sentry-cli/pull/3002)). The flag was a no-op that only emitted a deprecation warning.
+
+#### Node.js Wrapper Breakages
+
+The following changes only apply when using `sentry-cli` via the npm package [`sentry/cli`](https://www.npmjs.com/package/sentry/cli):
+
+- The `SentryCli.execute` method's `live` parameter now only takes boolean values ([#2971](https://github-redirect.dependabot.com/getsentry/sentry-cli/pull/2971)). Setting `live` to `true` now behaves like `'rejectOnError'` did previously, with a zero exit status resolving the returned promise with `"success (live mode)"` and a non-zero status rejecting the promise with an error message.
+- The `option` parameter to `Releases.uploadSourceMaps` no longer takes a `live` property ([#2971](https://github-redirect.dependabot.com/getsentry/sentry-cli/pull/2971)). We now always execute the command with `live` set to `true`.
+- Removed the `apiKey` option from `SentryCliOptions` ([#2935](https://github-redirect.dependabot.com/getsentry/sentry-cli/pull/2935)). If you are using `apiKey`, you need to generate and use an [Auth Token](https://docs.sentry.io/account/auth-tokens/) via the `authToken` option, instead.
+- Removed the `useArtifactBundle` option from `SentryCliUploadSourceMapsOptions` ([#3002](https://github-redirect.dependabot.com/getsentry/sentry-cli/pull/3002)). This deprecated option was a no-op that users should simply stop passing.
+- Drop support for Node.js <18. The minimum required Node.js version is now 18.0.0 ([#2985](https://github-redirect.dependabot.com/getsentry/sentry-cli/issues/2985)).
+- The type export `SentryCliReleases` has been removed.
+- The JavaScript wrapper now uses named exports instead of default exports ([#2989](https://github-redirect.dependabot.com/getsentry/sentry-cli/pull/2989)). You need to update your imports:
+  ```js
+  // Old (default import)
+  const SentryCli = require('sentry/cli');
+
+  // New (named import)
+  const { SentryCli } = require('sentry/cli');
+  ```
+
+  For ESM imports:
+  ```js
+  // Old
+  import SentryCli from 'sentry/cli';
+
+  // New
+  import { SentryCli } from 'sentry/cli';
+  ```
+
+
+### Improvements
+
+- The `sentry-cli upload-proguard` command now uses chunked uploading by default ([#2918](https://github-redirect.dependabot.com/getsentry/sentry-cli/pull/2918)). Users who previously set the `SENTRY_EXPERIMENTAL_PROGUARD_CHUNK_UPLOAD` environment variable to opt into this behavior no longer need to set the variable.
+- We now place source map debug IDs under the source map's `debugId` field, per the [TC39 Debug ID proposal](https://github-redirect.dependabot.com/tc39/ecma426/blob/main/proposals/debug-id.md#debug-ids-in-source-maps) ([#3005](https://github-redirect.dependabot.com/getsentry/sentry-cli/pull/3005)). This change affects the `sentry-cli sourcemaps inject` command and, unless `--no-rewrite` is passed, the `sentry-cli sourcemaps upload` command. Sentry CLI can still read the `debug_id` field, but whenever the CLI writes or rewrites a source map, we always use `debugId`.
+- The `sentry-cli build upload` command now automatically tracks Sentry plugin versions from the `SENTRY_PIPELINE` environment variable ([#2994](https://github-redirect.dependabot.com/getsentry/sentry-cli/pull/2994)). When `SENTRY_PIPELINE` contains a recognized Sentry plugin (e.g., `sentry-gradle-plugin/4.12.0` or `sentry-fastlane-plugin/1.2.3`), the plugin version is written to the `.sentry-cli-metadata.txt` file in uploaded build archives, enabling the backend to store metadata for size analysis and build distribution tracking.
+
+### Fixes
+
+- Fixed misleading error message claiming the server doesn't support chunk uploading when the actual error was a non-existent organization ([#2930](https://github-redirect.dependabot.com/getsentry/sentry-cli/pull/2930)).
+
+## 2.58.4
+
+### Fixes
+
+- Use node directly in the postinstall script, instead of using `npm run` ([#3030](https://github-redirect.dependabot.com/getsentry/sentry-cli/pull/3030)). This change ensures the postinstall script remains compatible with package managers other than `npm`.
+
+## 2.58.3
+
+### Improvements
+
+- For the `sentry-cli build upload` command, we now only auto-detect Git metadata when we detect we are running in a CI environment, unless the user manually overrides this behavior ([#2974](https://github-redirect.dependabot.com/getsentry/sentry-cli/pull/2974)). This change prevents local development builds from triggiering GitHub status checks for size analysis.
+  - We can detect most common CI environments based on the environment variables these set.
+  - We introduced two new arguments, `--force-git-metadata` and `--no-git-metadata`, which force-enable and force-disable automatic Git data collection, respectively, overriding the default behavior.
+- The `sentry-cli build upload` command now automatically detects the correct branch or tag reference in non-PR GitHub Actions workflows ([#2976](https://github-redirect.dependabot.com/getsentry/sentry-cli/pull/2976)). Previously, `--head-ref` was only auto-detected for pull request workflows. Now it works for push, release, and other workflow types by using the `GITHUB_REF_NAME` environment variable.
+
+### Fixes
+- Fixed a bug where the `sentry-cli sourcemaps inject` command could inject JavaScript code into certain incorrectly formatted source map files, corrupting their JSON structure ([#3003](https://github-redirect.dependabot.com/getsentry/sentry-cli/pull/3003)).
+
 ## 2.58.2
 
 ### Improvements
 -46,6 +136,10 
 
 - Slightly sped up the `sentry-cli sourcemaps upload` command by eliminating an HTTP request to the Sentry server, which was not required in most cases ([#2913](https://github-redirect.dependabot.com/getsentry/sentry-cli/pull/2913)).
 
+### Internal changes
+
+- Migrated JavaScript wrapper to TypeScript for better type safety ([#2910](https://github-redirect.dependabot.com/getsentry/sentry-cli/pull/2910))
+
 ## 2.57.0
 
 ### New Features
 -503,7 +597,7  We made several refactors and added several tests in this release. These changes
 
 <details>
 <summary><h3>Changes to tests</h3></summary>
-  
+
 - ref(test): Broaden `with_header_matcher` types ([#2261](https://github-redirect.dependabot.com/getsentry/sentry-cli/issues/2261)) by szokeasaurusrex
 - ref(test): Accept `impl Into<Matcher>` for `with_matcher` ([#2260](https://github-redirect.dependabot.com/getsentry/sentry-cli/issues/2260)) by szokeasaurusrex
 - ref(test): Align `with_reponse_body` parameter to `mockito` ([#2259](https://github-redirect.dependabot.com/getsentry/sentry-cli/issues/2259)) by szokeasaurusrex

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 73.80%. Comparing base (18bfa9e) to head (54294a4).

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4805      +/-   ##
==========================================
+ Coverage   73.79%   73.80%   +0.01%     
==========================================
  Files         483      483              
  Lines       17547    17547              
  Branches     3460     3460              
==========================================
+ Hits        12948    12950       +2     
+ Misses       3747     3746       -1     
+ Partials      852      851       -1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[cursor]

Bug: CLI upgrade breaks API key authentication support

The upgrade to sentry-cli 3.0.0 removes support for the --api-key flag, but src/Sentry/buildTransitive/Sentry.targets still uses this flag when SentryApiKey is set. Users who have configured SentryApiKey will experience CLI failures because sentry-cli 3.0.0 no longer recognizes --api-key. The code at line 111 in Sentry.targets needs to be removed or the property needs to be deprecated with appropriate migration guidance.

 

[sentry]

Bug: The build scripts reference the --api-key flag via the SentryApiKey property, but this flag was removed in the updated sentry-cli version, which will cause silent failures.
_{Severity: CRITICAL | Confidence: High}

🔍 Detailed Analysis

The PR updates sentry-cli to a version that no longer supports authentication via the --api-key flag. However, the build scripts in Sentry.targets still conditionally add this flag if the SentryApiKey property is set. Because the CLI execution tasks use IgnoreExitCode="true", any authentication attempts using the old SentryApiKey method will fail silently. This will prevent symbol uploads and release creation for users relying on this legacy authentication method, without causing a build failure.

💡 Suggested Fix

Remove the logic that adds the --api-key flag from Sentry.targets. Consider adding a build warning if the SentryApiKey property is detected, instructing users to migrate to the SentryAuthToken property instead.

🤖 Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: Directory.Build.props#L102

Potential issue: The PR updates `sentry-cli` to a version that no longer supports
authentication via the `--api-key` flag. However, the build scripts in `Sentry.targets`
still conditionally add this flag if the `SentryApiKey` property is set. Because the CLI
execution tasks use `IgnoreExitCode="true"`, any authentication attempts using the old
`SentryApiKey` method will fail silently. This will prevent symbol uploads and release
creation for users relying on this legacy authentication method, without causing a build
failure.

_{Did we get this right? 👍 / 👎 to inform future reviews.
Reference ID: 7682594}