Remove unused @sentry/browser

[julietshen]

Summary

@sentry/browser@5.12.1 is affected by GHSA-3wmh-h74j-q3p6 (medium-severity prototype-pollution gadget). On investigation, the package is not actually used:

• Sentry.init({ dsn }) is the only API called anywhere in osprey_ui/.
• The call is guarded by if (process.env.REACT_APP_SENTRY_DSN).
• REACT_APP_SENTRY_DSN= is empty in .env.production and unset everywhere else, so init never runs.
• No captureException, no error boundaries, no Sentry wiring anywhere else in the source.

This appears to be leftover from Osprey's pre-OSS Discord-internal use, where a DSN was injected at deploy time. ROOST hasn't used it.

Removes:

• @sentry/browser from osprey_ui/package.json + package-lock.json (~12 packages drop from the lockfile)
• osprey_ui/src/utils/ErrorReporting.tsx — the 4-line wrapper that was the only call site
• The import in osprey_ui/src/index.tsx
• The empty REACT_APP_SENTRY_DSN= entry in .env.production

The Python-side sentry-sdk is heavily used in the worker (10+ call sites) and is not affected by this change — only the JS browser SDK is being removed.

Closes #320. Part of the Dependabot triage tracked in #219.

Test plan

• npm install — package-lock regenerates cleanly, 12 packages removed
• npm run build — production bundle builds successfully
• grep -rn "sentry\|Sentry" src — zero remaining references
• Prettier passes
• CI integration suite — will run in CI

Follow-up

There are several other packages pinned but never imported in Osprey (likely also Discord vestiges — erlpack, nostril, several google-cloud-*). Tracking issue to follow.

🤖 Generated with Claude Code

Summary by CodeRabbit

Release Notes

• Chores
  • Removed error tracking integration and associated dependencies from the application.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 73e7b73e-5b4f-46d7-977f-aababc7a6130

📥 Commits

Reviewing files that changed from the base of the PR and between cf452c9 and 992d731.

⛔ Files ignored due to path filters (1)

• osprey_ui/package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (4)

• osprey_ui/.env.production
• osprey_ui/package.json
• osprey_ui/src/index.tsx
• osprey_ui/src/utils/ErrorReporting.tsx

💤 Files with no reviewable changes (4)

• osprey_ui/.env.production
• osprey_ui/package.json
• osprey_ui/src/utils/ErrorReporting.tsx
• osprey_ui/src/index.tsx

---

📝 Walkthrough

Walkthrough

The PR removes Sentry error reporting from osprey_ui by eliminating the @sentry/browser dependency, removing the Sentry DSN environment variable from production configuration, and removing the ErrorReporting import from the application entry point.

Changes

Sentry integration removal

Layer / File(s)	Summary
Sentry integration removal osprey_ui/.env.production, osprey_ui/package.json, osprey_ui/src/index.tsx	@sentry/browser dependency removed; REACT_APP_SENTRY_DSN environment variable removed from production builds; ErrorReporting import removed from entry point and replaced with DayjsSetup import.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Linked Issues check	⚠️ Warning	The PR does not meet the linked issue #320 objective, which requires upgrading @sentry/browser to 7.119.1+ to fix the vulnerability. Instead, the PR completely removes the dependency.	Either upgrade @sentry/browser to 7.119.1+ as specified in issue #320, or update the issue scope if removal is the intended approach.
Out of Scope Changes check	⚠️ Warning	The PR removes @sentry/browser entirely rather than upgrading it as required by issue #320. While the removal approach is reasonable, it diverges from the explicitly stated objective of upgrading to 7.119.1+.	Clarify with the team whether complete removal is acceptable, or realign the PR to upgrade rather than remove the dependency per issue #320.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title 'Remove unused @sentry/browser' accurately and concisely describes the main change: removing the unused Sentry browser SDK from the codebase.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch remove-sentry-browser

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}