Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency @sentry/nuxt to v8.49.0 [SECURITY] #5357

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update dependency @sentry/nuxt to v8.49.0 [SECURITY] #5357

wants to merge 1 commit into from
+812 −330

Conversation

openverse-bot
Copy link
Collaborator

@openverse-bot openverse-bot commented Jan 28, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change
@sentry/nuxt (source) dependencies minor 8.45.0 -> 8.49.0

GitHub Vulnerability Alerts

GHSA-r5w7-f542-q2j4

Impact

The ContextLines integration uses readable streams to more efficiently use memory when reading files. The ContextLines integration is used to attach source context to outgoing events.

The stream was not explicitly closed after use. This could lead to excessive amounts of file handles open on the system and potentially lead to a Denial of Service (DoS).

The ContextLines integration is enabled by default in the Node SDK (@sentry/node) and SDKs that run in Node.js environments (@sentry/astro, @sentry/aws-serverless, @sentry/bun, @sentry/google-cloud-serverless, @sentry/nestjs, @sentry/nextjs, @sentry/nuxt, @sentry/remix, @sentry/solidstart, @sentry/sveltekit).

Patches

Users should upgrade to version 8.49.0 or higher.

Workarounds

To remediate this issue in affected versions without upgrading to version 8.49.0 and above you can disable the ContextLines integration. See the docs for more details.

Sentry.init({
  // ...
  integrations: function (integrations) {
    // integrations will be all default integrations
    return integrations.filter(function (integration) {
      return integration.name !== "ContextLines";
    });
  },
});

If you disable the ContextLines integration, you will lose source context on your error events.

References

Release Notes

getsentry/sentry-javascript (@​sentry/nuxt)

v8.49.0

Compare Source

  • feat(v8/browser): Flush offline queue on flush and browser online event (#​14969)
  • feat(v8/react): Add a handled prop to ErrorBoundary (#​14978)
  • fix(profiling/v8): Don't put require, __filename and __dirname on global object (#​14952)
  • fix(v8/node): Enforce that ContextLines integration does not leave open file handles (#​14997)
  • fix(v8/replay): Disable mousemove sampling in rrweb for iOS browsers (#​14944)
  • fix(v8/sveltekit): Ensure source maps deletion is called after source ma… (#​14963)
  • fix(v8/vue): Re-throw error when no errorHandler exists (#​14943)

Work in this release was contributed by @​HHK1 and @​mstrokin. Thank you for your contribution!

Bundle size 📦

Path Size
@​sentry/browser 23.29 KB
@​sentry/browser - with treeshaking flags 21.96 KB
@​sentry/browser (incl. Tracing) 35.85 KB
@​sentry/browser (incl. Tracing, Replay) 73.19 KB
@​sentry/browser (incl. Tracing, Replay) - with treeshaking flags 63.58 KB
@​sentry/browser (incl. Tracing, Replay with Canvas) 77.5 KB
@​sentry/browser (incl. Tracing, Replay, Feedback) 89.44 KB
@​sentry/browser (incl. Feedback) 39.5 KB
@​sentry/browser (incl. sendFeedback) 27.89 KB
@​sentry/browser (incl. FeedbackAsync) 32.69 KB
@​sentry/react 25.97 KB
@​sentry/react (incl. Tracing) 38.67 KB
@​sentry/vue 27.57 KB
@​sentry/vue (incl. Tracing) 37.71 KB
@​sentry/svelte 23.45 KB
CDN Bundle 24.49 KB
CDN Bundle (incl. Tracing) 37.56 KB
CDN Bundle (incl. Tracing, Replay) 72.84 KB
CDN Bundle (incl. Tracing, Replay, Feedback) 78.2 KB
CDN Bundle - uncompressed 71.93 KB
CDN Bundle (incl. Tracing) - uncompressed 111.42 KB
CDN Bundle (incl. Tracing, Replay) - uncompressed 225.68 KB
CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed 238.78 KB
@​sentry/nextjs (client) 38.92 KB
@​sentry/sveltekit (client) 36.36 KB
@​sentry/node 162.82 KB
@​sentry/node - without tracing 98.95 KB
@​sentry/aws-serverless 126.65 KB

v8.48.0

Compare Source

Deprecations

  • feat(v8/core): Deprecate getDomElement method (#​14799)

    Deprecates getDomElement. There is no replacement.

Other changes
  • fix(nestjs/v8): Use correct main/module path in package.json (#​14791)
  • fix(v8/core): Use consistent continueTrace implementation in core (#​14819)
  • fix(v8/node): Correctly resolve debug IDs for ANR events with custom appRoot (#​14823)
  • fix(v8/node): Ensure NODE_OPTIONS is not passed to worker threads (#​14825)
  • fix(v8/angular): Fall back to element tagName when name is not provided to TraceDirective (#​14828)
  • fix(aws-lambda): Remove version suffix from lambda layer (#​14843)
  • fix(v8/node): Ensure express requests are properly handled (#​14851)
  • feat(v8/node): Add openTelemetrySpanProcessors option (#​14853)
  • fix(v8/react): Use Set as the allRoutes container. (#​14878) (#​14884)
  • fix(v8/react): Improve handling of routes nested under path="/" (#​14897)
  • feat(v8/core): Add normalizedRequest to samplingContext (#​14903)
  • fix(v8/feedback): Avoid lazy loading code for syncFeedbackIntegration (#​14918)

Work in this release was contributed by @​arturovt. Thank you for your contribution!

Bundle size 📦

Path Size
@​sentry/browser 23.29 KB
@​sentry/browser - with treeshaking flags 21.96 KB
@​sentry/browser (incl. Tracing) 35.85 KB
@​sentry/browser (incl. Tracing, Replay) 73.09 KB
@​sentry/browser (incl. Tracing, Replay) - with treeshaking flags 63.48 KB
@​sentry/browser (incl. Tracing, Replay with Canvas) 77.4 KB
@​sentry/browser (incl. Tracing, Replay, Feedback) 89.34 KB
@​sentry/browser (incl. Feedback) 39.5 KB
@​sentry/browser (incl. sendFeedback) 27.89 KB
@​sentry/browser (incl. FeedbackAsync) 32.69 KB
@​sentry/react 25.96 KB
@​sentry/react (incl. Tracing) 38.66 KB
@​sentry/vue 27.56 KB
@​sentry/vue (incl. Tracing) 37.69 KB
@​sentry/svelte 23.45 KB
CDN Bundle 24.49 KB
CDN Bundle (incl. Tracing) 37.56 KB
CDN Bundle (incl. Tracing, Replay) 72.75 KB
CDN Bundle (incl. Tracing, Replay, Feedback) 78.11 KB
CDN Bundle - uncompressed 71.93 KB
CDN Bundle (incl. Tracing) - uncompressed 111.42 KB
CDN Bundle (incl. Tracing, Replay) - uncompressed 225.5 KB
CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed 238.6 KB
@​sentry/nextjs (client) 38.92 KB
@​sentry/sveltekit (client) 36.36 KB
@​sentry/node 162.8 KB
@​sentry/node - without tracing 98.94 KB
@​sentry/aws-serverless 126.63 KB

v8.47.0

Compare Source

  • feat(v8/core): Add updateSpanName helper function (#​14736)
  • feat(v8/node): Do not overwrite prisma db.system in newer Prisma versions (#​14772)
  • feat(v8/node/deps): Bump @​prisma/instrumentation from 5.19.1 to 5.22.0 (#​14755)
  • feat(v8/replay): Mask srcdoc iframe contents per default (#​14779)
  • ref(v8/nextjs): Fix typo in source maps deletion warning (#​14776)

Work in this release was contributed by @​aloisklink and @​benjick. Thank you for your contributions!

Bundle size 📦

Path Size
@​sentry/browser 23.29 KB
@​sentry/browser - with treeshaking flags 21.96 KB
@​sentry/browser (incl. Tracing) 35.81 KB
@​sentry/browser (incl. Tracing, Replay) 73.06 KB
@​sentry/browser (incl. Tracing, Replay) - with treeshaking flags 63.45 KB
@​sentry/browser (incl. Tracing, Replay with Canvas) 77.37 KB
@​sentry/browser (incl. Tracing, Replay, Feedback) 89.85 KB
@​sentry/browser (incl. Feedback) 40.04 KB
@​sentry/browser (incl. sendFeedback) 27.89 KB
@​sentry/browser (incl. FeedbackAsync) 32.68 KB
@​sentry/react 25.96 KB
@​sentry/react (incl. Tracing) 38.64 KB
@​sentry/vue 27.52 KB
@​sentry/vue (incl. Tracing) 37.67 KB
@​sentry/svelte 23.45 KB
CDN Bundle 24.47 KB
CDN Bundle (incl. Tracing) 37.51 KB
CDN Bundle (incl. Tracing, Replay) 72.71 KB
CDN Bundle (incl. Tracing, Replay, Feedback) 78.1 KB
CDN Bundle - uncompressed 71.85 KB
CDN Bundle (incl. Tracing) - uncompressed 111.23 KB
CDN Bundle (incl. Tracing, Replay) - uncompressed 225.3 KB
CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed 238.52 KB
@​sentry/nextjs (client) 38.9 KB
@​sentry/sveltekit (client) 36.32 KB
@​sentry/node 162.7 KB
@​sentry/node - without tracing 98.87 KB
@​sentry/aws-serverless 126.53 KB

v8.46.0

Compare Source

  • feat: Allow capture of more than 1 ANR event [v8] (#​14713)
  • feat(node): Detect Railway release name [v8] (#​14714)
  • fix: Normalise ANR debug image file paths if appRoot was supplied [v8] (#​14709)
  • fix(nuxt): Remove build config from tsconfig (#​14737)

Work in this release was contributed by @​conor-ob. Thank you for your contribution!

Bundle size 📦

Path Size
@​sentry/browser 23.29 KB
@​sentry/browser - with treeshaking flags 21.96 KB
@​sentry/browser (incl. Tracing) 35.79 KB
@​sentry/browser (incl. Tracing, Replay) 73.01 KB
@​sentry/browser (incl. Tracing, Replay) - with treeshaking flags 63.41 KB
@​sentry/browser (incl. Tracing, Replay with Canvas) 77.32 KB
@​sentry/browser (incl. Tracing, Replay, Feedback) 89.81 KB
@​sentry/browser (incl. Feedback) 40.04 KB
@​sentry/browser (incl. sendFeedback) 27.89 KB
@​sentry/browser (incl. FeedbackAsync) 32.68 KB
@​sentry/react 25.96 KB
@​sentry/react (incl. Tracing) 38.6 KB
@​sentry/vue 27.49 KB
@​sentry/vue (incl. Tracing) 37.63 KB
@​sentry/svelte 23.45 KB
CDN Bundle 24.43 KB
CDN Bundle (incl. Tracing) 37.46 KB
CDN Bundle (incl. Tracing, Replay) 72.64 KB
CDN Bundle (incl. Tracing, Replay, Feedback) 78.01 KB
CDN Bundle - uncompressed 71.74 KB
CDN Bundle (incl. Tracing) - uncompressed 111.05 KB
CDN Bundle (incl. Tracing, Replay) - uncompressed 225.1 KB
CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed 238.32 KB
@​sentry/nextjs (client) 38.88 KB
@​sentry/sveltekit (client) 36.29 KB
@​sentry/node 162.53 KB
@​sentry/node - without tracing 98.72 KB
@​sentry/aws-serverless 126.4 KB

v8.45.1

Compare Source

  • fix(feedback): Return when the sendFeedback promise resolves (#​14683)

Work in this release was contributed by @​antonis. Thank you for your contribution!

Bundle size 📦

Path Size
@​sentry/browser 23.29 KB
@​sentry/browser - with treeshaking flags 21.96 KB
@​sentry/browser (incl. Tracing) 35.79 KB
@​sentry/browser (incl. Tracing, Replay) 73.01 KB
@​sentry/browser (incl. Tracing, Replay) - with treeshaking flags 63.41 KB
@​sentry/browser (incl. Tracing, Replay with Canvas) 77.32 KB
@​sentry/browser (incl. Tracing, Replay, Feedback) 89.81 KB
@​sentry/browser (incl. Feedback) 40.04 KB
@​sentry/browser (incl. sendFeedback) 27.89 KB
@​sentry/browser (incl. FeedbackAsync) 32.68 KB
@​sentry/react 25.96 KB
@​sentry/react (incl. Tracing) 38.6 KB
@​sentry/vue 27.49 KB
@​sentry/vue (incl. Tracing) 37.63 KB
@​sentry/svelte 23.45 KB
CDN Bundle 24.43 KB
CDN Bundle (incl. Tracing) 37.46 KB
CDN Bundle (incl. Tracing, Replay) 72.64 KB
CDN Bundle (incl. Tracing, Replay, Feedback) 78.01 KB
CDN Bundle - uncompressed 71.74 KB
CDN Bundle (incl. Tracing) - uncompressed 111.05 KB
CDN Bundle (incl. Tracing, Replay) - uncompressed 225.1 KB
CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed 238.32 KB
@​sentry/nextjs (client) 38.88 KB
@​sentry/sveltekit (client) 36.29 KB
@​sentry/node 162.52 KB
@​sentry/node - without tracing 98.71 KB
@​sentry/aws-serverless 126.39 KB

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@openverse-bot openverse-bot requested a review from a team as a code owner January 28, 2025 21:06
@openverse-bot openverse-bot added dependencies Pull requests that update a dependency file 💻 aspect: code Concerns the software code in the repository 🟨 tech: javascript Involves JavaScript 🟩 priority: low Low priority and doesn't need to be rushed 🧰 goal: internal improvement Improvement that benefits maintainers, not users 🧱 stack: frontend Related to the Nuxt frontend labels Jan 28, 2025
@github-actions GitHub Actions
Copy link

github-actions bot commented Jan 28, 2025
edited
Loading

Latest k6 run output1

     ✓ status was 200

     checks.........................: 100.00% ✓ 414      ✗ 0   
     data_received..................: 101 MB  418 kB/s
     data_sent......................: 54 kB   224 B/s
     http_req_blocked...............: avg=68.16µs  min=2.19µs   med=4.75µs   max=1.35ms   p(90)=152.03µs p(95)=340.64µs
     http_req_connecting............: avg=54.74µs  min=0s       med=0s       max=1.27ms   p(90)=106.47µs p(95)=271.41µs
     http_req_duration..............: avg=160.08ms min=18.38ms  med=99.35ms  max=1.01s    p(90)=353.99ms p(95)=464.71ms
       { expected_response:true }...: avg=160.08ms min=18.38ms  med=99.35ms  max=1.01s    p(90)=353.99ms p(95)=464.71ms
   ✓ http_req_failed................: 0.00%   ✓ 0        ✗ 414 
     http_req_receiving.............: avg=172.06µs min=51.89µs  med=140.76µs max=1.83ms   p(90)=276.1µs  p(95)=343.85µs
     http_req_sending...............: avg=27.03µs  min=8.95µs   med=22.57µs  max=160.89µs p(90)=38.3µs   p(95)=59.63µs 
     http_req_tls_handshaking.......: avg=0s       min=0s       med=0s       max=0s       p(90)=0s       p(95)=0s      
     http_req_waiting...............: avg=159.88ms min=18.28ms  med=99.17ms  max=1.01s    p(90)=353.81ms p(95)=464.39ms
     http_reqs......................: 414     1.717074/s
     iteration_duration.............: avg=867.77ms min=407.51ms med=863.7ms  max=1.76s    p(90)=1.15s    p(95)=1.4s    
     iterations.....................: 77      0.319359/s
     vus............................: 3       min=0      max=6 
     vus_max........................: 60      min=60     max=60

Footnotes

  1. This comment will automatically update with new output each time k6 runs for this PR

@openverse-bot openverse-bot force-pushed the gha-renovatenpm-sentry-nuxt-vulnerability branch 20 times, most recently from 8273103 to dbf03db Compare January 29, 2025 12:46
@openverse-bot openverse-bot force-pushed the gha-renovatenpm-sentry-nuxt-vulnerability branch 27 times, most recently from d444cca to 44bad82 Compare February 2, 2025 04:07
@openverse-bot openverse-bot force-pushed the gha-renovatenpm-sentry-nuxt-vulnerability branch from 44bad82 to 8562171 Compare February 2, 2025 04:36
@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 2, 2025

Playwright failure test results: https://github.com/WordPress/openverse/actions/runs/13095625706

It looks like some of the Playwright tests failed. If you made changes to the frontend UI without updating snapshots, this might be the cause. You can download zipped patches containing the updated snapshots alongside a general trace of the tests under the "Artifacts" section in the above page. They're named in the form *_snapshot_diff and *_test_results respectively.

You can read more on how to use these artifacts in the docs.

If the test is flaky, follow the flaky test triage procedure.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@obulat obulat Awaiting requested review from obulat obulat is a code owner automatically assigned from WordPress/openverse-frontend

@dhruvkb dhruvkb Awaiting requested review from dhruvkb dhruvkb is a code owner automatically assigned from WordPress/openverse-frontend

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
💻 aspect: code Concerns the software code in the repository dependencies Pull requests that update a dependency file 🧰 goal: internal improvement Improvement that benefits maintainers, not users 🟩 priority: low Low priority and doesn't need to be rushed 🧱 stack: frontend Related to the Nuxt frontend 🟨 tech: javascript Involves JavaScript
Projects
Openverse PRs
Status: 👀 Needs Review
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@openverse-bot