Release/v8.9.0

[SB-priyankap]

Added

• (delivery-react-native) Handle request and response parameters #2667

Changed

• (plugin-inline-script-content) Add support for additional event target constructors including MediaSource, MediaRecorder, ServiceWorker, RTCPeerConnection, and others #2700
• (plugin-network-instrumentation) Manually parse URLs to improve React Native compatibility #2674
• (plugin-network-instrumentation) Refactor URL parsing to improve performance #2667

Fixed

• (plugin-network-instrumentation) Report HTTP Errors as handled #2662
• (plugin-network-instrumentation) Omit stacktraces from HTTP Error events #2684
• (react-native) Report error cause with native stacktrace for Turbo Module exceptions [Report error cause with native stacktrace for Turbo Module exceptions #2686] (Report error cause with native stacktrace for Turbo Module exceptions #2686)

[github-actions]

@bugsnag/browser bundle size diff

	Minified	Minfied + Gzipped
Before	50.69 kB	15.03 kB
After	51.65 kB	15.26 kB
±	⚠️ +957 bytes	⚠️ +234 bytes

code coverage diff

Ok	File	Lines	Branches	Functions	Statements
✅	/home/runner/work/bugsnag-js/bugsnag-js/packages/delivery-react-native/delivery.js	96.29% (+2.96%)	88% (+6.19%)	66.66% (+6.66%)	96.66% (+2.55%)
🔴	/home/runner/work/bugsnag-js/bugsnag-js/packages/plugin-network-instrumentation/network-instrumentation.js	96.92% (-0.09%)	88.57% (+0%)	100% (+0%)	97.01% (-0.09%)
✅	/home/runner/work/bugsnag-js/bugsnag-js/packages/plugin-network-instrumentation/lib/parse-query-string.js	100% (+100%)	100% (+100%)	100% (+100%)	100% (+100%)
✅	/home/runner/work/bugsnag-js/bugsnag-js/packages/plugin-network-instrumentation/lib/parse-url.js	93.33% (+93.33%)	96.42% (+96.42%)	100% (+100%)	93.33% (+93.33%)

Total:

Lines	Branches	Functions	Statements
84.95%(-0.18%)	77.16%(+0.19%)	85.17%(-0.08%)	84.23%(-0.19%)

Generated by 🚫 dangerJS against 356222b

[Copilot]

Pull request overview

Release v8.9.0 updates React Native delivery/native parsing, improves network instrumentation behavior (URL parsing, HTTP error handling/redaction), and refreshes CI/test infrastructure (Node 22, Maze Runner v11, workflows).

Changes:

• React Native: include request/response in native delivery and improve native “cause” stack handling; add/adjust e2e fixtures/features.
• Network instrumentation: replace URL/param handling with manual parsing, move query into request.params, mark HTTP errors handled, and omit stacktraces.
• Tooling/infra: bump Node images to 22, update GitHub Actions/Buildkite pipelines, bump Maze Runner, add coverage diff reporting, and update dependencies (e.g. @bugsnag/cuid).

Reviewed changes

Copilot reviewed 75 out of 78 changed files in this pull request and generated 6 comments.

Show a summary per file

File	Description
test/react-native/Gemfile	Maze Runner v11 for RN tests
test/react-native/features/onerror_callback.feature	New RN callback feature coverage
test/react-native/features/native-stack-ios.feature	New iOS native stack scenarios
test/react-native/features/native-stack-android.feature	Adjust Android native stack scenarios/tags
test/react-native/features/http_errors.feature	New RN HTTP error feature scenarios
test/react-native/features/fixtures/scenario-launcher/scenarios/core/OnErrorCallbackScenario.js	New RN fixture scenario
test/react-native/features/fixtures/scenario-launcher/scenarios/core/NetworkRequestScenario.js	New RN HTTP error fixture scenario
test/react-native/features/fixtures/scenario-launcher/scenarios/core/NetworkBreadcrumbsJsScenario.js	New RN network breadcrumb fixture
test/react-native/features/fixtures/scenario-launcher/scenarios/core/index.js	Export new RN fixture scenarios
test/react-native/features/fixtures/scenario-launcher/scenarios/core/AddOnErrorCallbackScenario.js	New RN addOnError fixture scenario
test/react-native/features/fixtures/expected_http_errors/500/response.json	Expected RN HTTP error response fixture
test/react-native/features/fixtures/expected_http_errors/500/request.json	Expected RN HTTP error request fixture
test/react-native/features/fixtures/expected_http_errors/500/exceptions.json	Expected RN HTTP error exception fixture
test/react-native/features/fixtures/expected_http_errors/401/response.json	Expected RN HTTP error response fixture
test/react-native/features/fixtures/expected_http_errors/401/request.json	Expected RN HTTP error request fixture
test/react-native/features/fixtures/expected_http_errors/401/exceptions.json	Expected RN HTTP error exception fixture
test/react-native/features/fixtures/expected_breadcrumbs/NetworkJsScenario.json	Expected RN network breadcrumb fixture
test/react-native/features/breadcrumbs.feature	Add RN network breadcrumb scenario
test/react-native-cli/Gemfile	Maze Runner v11 for RN CLI tests
test/node/Gemfile	Maze Runner v11 for node maze tests
test/node/features/steps/server_fixture_request_steps.rb	Set Content-Type for URL-encoded POST step
test/local-npm-config.yml	Allow local proxying for @bugsnag/cli
test/cloudflare-workers/Gemfile	Maze Runner v11 for workers tests
test/browser/features/http_errors.feature	Update browser HTTP error expectations (handled + empty stack)
test/aws-lambda/Gemfile	Maze Runner v11 for lambda tests
scripts/generate-react-native-fixture.js	Ensure plugin-network-instrumentation installed in RN fixture
packages/react-native/test/index.test.ts	Add unit test for addOnError callbacks
packages/react-native/prepare-android-vendor.config	Bump vendored Android version to 6.25.0
packages/react-native/ios/BugsnagReactNative/BugsnagEventDeserializer.m	Deserialize multiple errors + request/response; native stack handling
packages/react-native/CONTRIBUTING.md	Update local npm (verdaccio) dev workflow
packages/react-native/android/build.gradle	Bump bugsnag-android/plugin-react-native to 6.25.0
packages/plugin-network-instrumentation/test/redact-query-parameters.test.ts	Remove URL redaction tests (behavior changed)
packages/plugin-network-instrumentation/test/parse-url.test.ts	New parseUrl unit tests
packages/plugin-network-instrumentation/test/parse-query-string.test.ts	New parseQueryString unit tests
packages/plugin-network-instrumentation/test/network-instrumentation.test.ts	Update/add tests for redaction, URL changes, handled state, stack omission
packages/plugin-network-instrumentation/test/network-instrumentation-xhr.test.ts	Update XHR tests for handled state/stack omission; remove redaction test
packages/plugin-network-instrumentation/network-instrumentation.js	Manual URL parsing; params redaction; handled HTTP errors; omit stacktraces
packages/plugin-network-instrumentation/lib/redact-query-parameters.js	Remove URLSearchParams-based redaction helper
packages/plugin-network-instrumentation/lib/parse-url.js	Add manual URL parsing helper
packages/plugin-network-instrumentation/lib/parse-query-string.js	Add manual query parsing helper
packages/plugin-network-instrumentation/lib/parse-query-params.js	Remove URL-based query param parser
packages/plugin-network-instrumentation/lib/extract-domain.js	Remove URL-based domain extraction
packages/plugin-inline-script-content/inline-script-content.js	Expand supported event target constructors
packages/plugin-electron-ipc/preload.js	Wrap preload in IIFE + formatting cleanup
packages/plugin-browser-device/package.json	Bump @bugsnag/cuid dependency
packages/plugin-browser-device/device.js	Use cuid.isCuid and hoist require
packages/plugin-aws-lambda/test/serverless-express.test.js	Silence console.debug in tests
packages/node/test/notifier.test.ts	Add console.log spy + listener cleanup in tests
packages/in-flight/package.json	Bump @bugsnag/cuid dependency
packages/delivery-react-native/test/delivery.test.ts	Add request/response + native cause stack tests
packages/delivery-react-native/delivery.js	Attach native stack to specific error; include request/response in payload
packages/core/package.json	Bump @bugsnag/cuid dependency
package.json	Update verdaccio config path; local npm scripts
package-lock.json	Lockfile updates for dependency bumps + metadata
jest.config.js	Ignore verdaccio/dist/examples/fixtures in module resolution
dockerfiles/Dockerfile.release	Update base image to Node 22
dockerfiles/Dockerfile.node	Update builder Node 22; Maze Runner v11 image
dockerfiles/Dockerfile.ci	Update CI base image to Node 22
dockerfiles/Dockerfile.browser	Update builder Node 22; Maze Runner v11 image
docker-compose.yml	Use Maze Runner v11 images for RN
dangerfile.js	Enable coverage diff output via coverage-diff
CHANGELOG.md	Add 8.9.0 release notes + formatting changes
.github/workflows/update-dependencies.yml	Bump pinned action SHAs
.github/workflows/test-electron.yml	Run electron tests on Node 22; bump action SHAs
.github/workflows/scorecard.yml	Bump pinned action SHAs
.github/workflows/pr-diff.yml	Add coverage capture; run on Node 22
.github/workflows/codeql.yml	Bump CodeQL + checkout action SHAs
.github/workflows/aws-lambda.yml	Run lambda workflow on Node 22; bump action SHAs
.buildkite/pipeline.yml	Move mac queues/env to Node 22
.buildkite/package_manifest.json	Add plugin-network-instrumentation to manifests
.buildkite/basic/react-native-ios-pipeline.yml	Update RN matrix + set Node 22
.buildkite/basic/react-native-ios-full-pipeline.yml	Update RN matrix + set Node 22
.buildkite/basic/react-native-cli-pipeline.yml	Update RN matrix versions
.buildkite/basic/react-native-android-pipeline.yml	Update RN matrix + set Node 22
.buildkite/basic/react-native-android-full-pipeline.yml	Update RN matrix + move queues/env to Node 22
.buildkite/basic/node-pipeline.yml	Add Node 22 to test matrix
.buildkite/basic/electron-pipeline.yml	Run electron pipeline on Node 22

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

parseQueryString splits on every "=" and only uses the first two parts, which will truncate values that themselves contain "=" (e.g. base64/JWT payloads). It also calls decodeURIComponent without guarding against malformed percent-encoding, which can throw and break HTTP error reporting. Consider splitting on the first "=" only and wrapping decoding in a try/catch (falling back to the raw substring on decode errors).

[Copilot]

client._config.redactedKeys can include RegExp entries (per core config validation in packages/core/config.js:148-155), but redactValues assumes every key is a string (calls toLowerCase()), which will throw if a regex is present. Either filter redactedKeys to strings here or update redactValues to support regexes to avoid crashing the plugin at runtime.

[Copilot]

process.removeAllListeners('unhandledRejection'|'uncaughtException') will also remove Jest's own listeners (and any other listeners registered by the test runner), which can cause tests to silently miss failures or behave inconsistently across files. Prefer removing only the listeners added by Bugsnag (e.g. snapshot process.listeners(...) before start and restore the difference, or call a plugin/client teardown API if available) instead of clearing all listeners.

[Copilot]

This section references test/local-npm.config.yml, but the repo uses test/local-npm-config.yml (dash, not dot), so following the instructions will fail. Also there are a couple of typos/format issues: "create an a .npmrc" and the numbered steps jump from 2 to 4.

[Copilot]

Several markdown links in the new 8.9.0 changelog section are malformed: there is an extra space between ] and ( (e.g. [#2686] ( ... )), and multiple dependency links use https// instead of https://, which will render as broken links.

Suggested change

	- (react-native) Report error cause with native stacktrace for Turbo Module exceptions [#2686] (https://github.com/bugsnag/bugsnag-js/pull/2686)
	### Dependencies
	- Update @bugsnag/cuid to [v3.2.1] (https://github.com/bugsnag/cuid/releases/tag/v3.2.1) [#2706](https://github.com/bugsnag/bugsnag-js/pull/2706)
	- Update bugsnag-cocoa to [v6.35.0](https//github.com/bugsnag/bugsnag-cocoa/releases/tag/v6.35.0) [#2663](https://github.com/bugsnag/bugsnag-js/pull/2663)
	- Update bugsnag-android to [v6.22.0](https//github.com/bugsnag/bugsnag-android/releases/tag/v6.22.0) [#2656](https://github.com/bugsnag/bugsnag-js/pull/2656)
	- Update bugsnag-android to [v6.23.0](https//github.com/bugsnag/bugsnag-android/releases/tag/v6.23.0) [#2673](https://github.com/bugsnag/bugsnag-js/pull/2673)
	- Update bugsnag-android to [v6.25.0](https//github.com/bugsnag/bugsnag-android/releases/tag/v6.25.0) [#2689](https://github.com/bugsnag/bugsnag-js/pull/2689)
	- Update bugsnag-cocoa to [v6.36.0](https//github.com/bugsnag/bugsnag-cocoa/releases/tag/v6.36.0) [#2707](https://github.com/bugsnag/bugsnag-js/pull/2707)
	- (react-native) Report error cause with native stacktrace for Turbo Module exceptions [#2686](https://github.com/bugsnag/bugsnag-js/pull/2686)
	### Dependencies
	- Update @bugsnag/cuid to [v3.2.1](https://github.com/bugsnag/cuid/releases/tag/v3.2.1) [#2706](https://github.com/bugsnag/bugsnag-js/pull/2706)
	- Update bugsnag-cocoa to [v6.35.0](https://github.com/bugsnag/bugsnag-cocoa/releases/tag/v6.35.0) [#2663](https://github.com/bugsnag/bugsnag-js/pull/2663)
	- Update bugsnag-android to [v6.22.0](https://github.com/bugsnag/bugsnag-android/releases/tag/v6.22.0) [#2656](https://github.com/bugsnag/bugsnag-js/pull/2656)
	- Update bugsnag-android to [v6.23.0](https://github.com/bugsnag/bugsnag-android/releases/tag/v6.23.0) [#2673](https://github.com/bugsnag/bugsnag-js/pull/2673)
	- Update bugsnag-android to [v6.25.0](https://github.com/bugsnag/bugsnag-android/releases/tag/v6.25.0) [#2689](https://github.com/bugsnag/bugsnag-js/pull/2689)
	- Update bugsnag-cocoa to [v6.36.0](https://github.com/bugsnag/bugsnag-cocoa/releases/tag/v6.36.0) [#2707](https://github.com/bugsnag/bugsnag-js/pull/2707)

[Copilot]

The XHR suite no longer has any assertions covering query-param redaction (config.redactedKeys) after removing the previous test. Since URL handling has changed (query string now moved into request.params), it would be good to add an XHR-specific test that verifies sensitive params are redacted in event.request.params for parity with the fetch tests.