chore(deps): update dependency @sentry/browser to v7 [security] #5150
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
5.21.4
->7.119.1
Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
GitHub Vulnerability Alerts
GHSA-593m-55hh-j8gv
Impact
In case a Prototype Pollution vulnerability is present in a user's application or bundled libraries, the Sentry SDK could potentially serve as a gadget to exploit that vulnerability. The exploitability depends on the specific details of the underlying Prototype Pollution issue.
Note
This advisory does not indicate the presence of a Prototype Pollution within the Sentry SDK itself. Users are strongly advised to first address any Prototype Pollution vulnerabilities in their application, as they pose a more critical security risk.
Patches
The issue was patched in all Sentry JavaScript SDKs starting from the 8.33.0 version.
Also, the fix was backported to SDK v7 in 7.119.1.
References
Release Notes
getsentry/sentry-javascript (@sentry/browser)
v7.119.1
Compare Source
Work in this release contributed by @legobeat. Thank you for your contribution!
v7.119.0
Compare Source
Bundle size 📦
v7.118.0
Compare Source
window.Sentry
(#12579)v7.117.0
Compare Source
v7
tag to@sentry/replay
(#12304)v7.116.0
Compare Source
This release publishes a new AWS Lambda layer under the name
SentryNodeServerlessSDKv7
that users still running v7 canuse instead of pinning themselves to
SentryNodeServerlessSDK:235
.Bundle size 📦
v7.115.0
Compare Source
start()
(#12003)lastEventId
deprecation warnings (#12042)Bundle size 📦
v7.114.0
Compare Source
Important Changes
This release fixes a bug that caused the cumulative layout shift (CLS) web vital not to be reported in a majority of the
cases where it should have been reported. With this change, the CLS web vital should now always be reported for
pageloads with layout shift. If a pageload did not have layout shift, no CLS web vital should be reported.
Please note that upgrading the SDK to this version may cause data in your dashboards to drastically change.
Other Changes
tunnel
support to multiplexed transport (#11851)HTTP_REQUEST_METHOD
attribute (#11929)v7.113.0
Compare Source
Important Changes
This release adds support for Node 22! 🎉
It also adds prebuilt-binaries for Node 22 to
@sentry/profiling-node
.Other Changes
v7.112.2
Compare Source
browserTracingIntegration
(#11765)v7.112.1
Compare Source
v7.112.0
Compare Source
Important Changes
Instead of installing
@sentry/integrations
, you can now import the pluggable integrations directly from your SDKpackage:
Note that only the functional integrations (e.g.
xxxIntegration()
) are re-exported.Other Changes
Bundle size 📦
v7.111.0
Compare Source
server.address
to browserhttp.client
spans (#11663)browserTracingIntegration
(#11647)Bundle size 📦
v7.110.1
Compare Source
tunnelRoute
matching logic for hybrid cloud (#11577)Bundle size 📦
v7.110.0
Compare Source
Important Changes
You can now use a
interactionsSampleRate
to control the sample rate of INP spans.interactionsSampleRate
is appliedon top of the global
tracesSampleRate
. Therefore ifinteractionsSampleRate
is0.5
andtracesSampleRate
is0.1
,then the actual sample rate for interactions is
0.05
.This release deprecates the
Hub
class, as well as theaddRequestDataToTransaction
method. ThetrpcMiddleware
method is no longer on the
Handlers
export, but instead is a standalone export.Please see the detailed Migration docs on how to migrate to the new APIs.
trpcMiddleware
(#11389)Hub
class (#11528)Hub
interface (#11530)addRequestDataToTransaction
(#11368)Other Changes
OPTIONS
andHEAD
request. (#11485)statsd
tometric_bucket
(#11505)Bundle size 📦
v7.109.0
Compare Source
This release deprecates some exports from the
@sentry/replay
package. These exports have been moved to the browser SDK(or related framework SDKs like
@sentry/react
).rrweb
to 2.12.0 (#11317)@sentry/replay
exports (#11242)Work in this release contributed by @soerface. Thank you for your contribution!
Bundle size 📦
v7.108.0
Compare Source
This release fixes issues with Time to First Byte (TTFB) calculation in the SDK that was introduced with
7.95.0
. Italso fixes some bugs with Interaction to First Paint (INP) instrumentation. This may impact your Sentry Performance
Score calculation.
ResizeObserver
andgoogletag
default filters (#11210)cron
(#11225)sampled
type onTransaction
(#11146)Work in this release contributed by @quisido and @joshkel. Thank you for your contributions!
Bundle size 📦
v7.107.0
Compare Source
This release fixes issues with INP instrumentation with the Next.js SDK and adds support for the
enableInp
option inthe deprecated
BrowserTracing
integration for backwards compatibility.handled
value in ErrorBoundary depending on fallback [v7] (#11037)Bundle size 📦
v7.106.1
Compare Source
createReduxEnhancer
on server (#11010)Bundle size 📦
v7.106.0
Compare Source
tunnelRoute
option (#10958)setTransactionName
global
(#10925)AttachmentType
and use for envelopeattachment_type
property ([#10946](Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.