fix(deps): update dependency @sentry/node to v8.49.0 [security] #261
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Plan Result (corpus-scheduler-lambda-cdk-production)
Change Result (Click me) # aws_lambda_function.corpus-scheduler-sqs-lambda_F2ECDF9F will be updated in-place
~ resource "aws_lambda_function" "corpus-scheduler-sqs-lambda_F2ECDF9F" {
id = "CorpusSchedulerLambda-Prod-SQS-Function"
~ qualified_arn = "arn:aws:lambda:us-east-1:996905175585:function:CorpusSchedulerLambda-Prod-SQS-Function:268" -> (known after apply)
~ qualified_invoke_arn = "arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:996905175585:function:CorpusSchedulerLambda-Prod-SQS-Function:268/invocations" -> (known after apply)
tags = {
"app_code" = "content"
"component_code" = "content-corpusschedulerlambda"
"env_code" = "prod"
"environment" = "Prod"
"service" = "CorpusSchedulerLambda"
}
~ version = "268" -> (known after apply)
# (20 unchanged attributes hidden)
~ environment {
~ variables = {
~ "GIT_SHA" = (sensitive value)
# (7 unchanged elements hidden)
}
}
# (4 unchanged blocks hidden)
}
Plan: 0 to add, 1 to change, 0 to destroy.
|
Plan Result (prospect-translation-lambda-cdk-production)
Change Result (Click me) # aws_lambda_function.translation-lambda_translation-sqs-lambda_B9BDF6BA will be updated in-place
~ resource "aws_lambda_function" "translation-lambda_translation-sqs-lambda_B9BDF6BA" {
id = "ProspectAPI-Prod-Sqs-Translation-Function"
tags = {
"app_code" = "content"
"component_code" = "content-prospectapi"
"env_code" = "prod"
"environment" = "Prod"
"service" = "ProspectAPI-Sqs-Translation"
}
# (22 unchanged attributes hidden)
~ environment {
~ variables = {
~ "GIT_SHA" = (sensitive value)
# (5 unchanged elements hidden)
}
}
# (4 unchanged blocks hidden)
}
Plan: 0 to add, 1 to change, 0 to destroy.
|
Plan Result (prospect-api-cdk-production)
Change Result (Click me) # data.aws_iam_policy_document.application_ecs_service_ecs-iam_data-ecs-task-role-policy_090CC3AD will be read during apply
# (depends on a resource or a module with changes pending)
<= data "aws_iam_policy_document" "application_ecs_service_ecs-iam_data-ecs-task-role-policy_090CC3AD" {
+ id = (known after apply)
+ json = (known after apply)
+ minified_json = (known after apply)
+ version = "2012-10-17"
+ statement {
+ actions = [
+ "dynamodb:BatchGet*",
+ "dynamodb:DescribeTable",
+ "dynamodb:Get*",
+ "dynamodb:Query",
+ "dynamodb:Scan",
+ "dynamodb:UpdateItem",
]
+ effect = "Allow"
+ resources = [
+ "arn:aws:dynamodb:us-east-1:996905175585:table/PROAPI-Prod-Prospects",
+ "arn:aws:dynamodb:us-east-1:996905175585:table/PROAPI-Prod-Prospects/*",
]
}
+ statement {
+ actions = [
+ "s3:*",
]
+ effect = "Allow"
+ resources = [
+ "arn:aws:s3:::pocket-prospectapi-prod-images",
+ "arn:aws:s3:::pocket-prospectapi-prod-images/*",
]
}
+ statement {
+ actions = [
+ "logs:CreateLogGroup",
+ "logs:CreateLogStream",
+ "logs:DescribeLogGroups",
+ "logs:DescribeLogStreams",
+ "logs:PutLogEvents",
]
+ effect = "Allow"
+ resources = [
+ "*",
]
}
}
# aws_dynamodb_table.dynamodb_prospects_dynamodb_table_9854E41E will be updated in-place
~ resource "aws_dynamodb_table" "dynamodb_prospects_dynamodb_table_9854E41E" {
id = "PROAPI-Prod-Prospects"
name = "PROAPI-Prod-Prospects"
tags = {
"app_code" = "content"
"component_code" = "content-prospectapi"
"env_code" = "prod"
"environment" = "Prod"
"service" = "ProspectAPI"
}
# (9 unchanged attributes hidden)
- global_secondary_index {
- hash_key = "scheduledSurfaceGuid" -> null
- name = "scheduledSurfaceGuid-prospectType" -> null
- non_key_attributes = [] -> null
- projection_type = "ALL" -> null
- range_key = "prospectType" -> null
- read_capacity = 0 -> null
- write_capacity = 0 -> null
}
+ global_secondary_index {
+ hash_key = "scheduledSurfaceGuid"
+ name = "scheduledSurfaceGuid-prospectType"
+ non_key_attributes = []
+ projection_type = "ALL"
+ range_key = "prospectType"
+ read_capacity = 5
+ write_capacity = 5
}
# (5 unchanged blocks hidden)
}
# aws_iam_policy.application_ecs_service_ecs-iam_ecs-task-role-policy_6FC89FB6 will be updated in-place
~ resource "aws_iam_policy" "application_ecs_service_ecs-iam_ecs-task-role-policy_6FC89FB6" {
id = "arn:aws:iam::996905175585:policy/ProspectAPI-Prod-TaskRolePolicy"
name = "ProspectAPI-Prod-TaskRolePolicy"
~ policy = jsonencode(
{
- Statement = [
- {
- Action = [
- "dynamodb:UpdateItem",
- "dynamodb:Scan",
- "dynamodb:Query",
- "dynamodb:Get*",
- "dynamodb:DescribeTable",
- "dynamodb:BatchGet*",
]
- Effect = "Allow"
- Resource = [
- "arn:aws:dynamodb:us-east-1:996905175585:table/PROAPI-Prod-Prospects/*",
- "arn:aws:dynamodb:us-east-1:996905175585:table/PROAPI-Prod-Prospects",
]
},
- {
- Action = "s3:*"
- Effect = "Allow"
- Resource = [
- "arn:aws:s3:::pocket-prospectapi-prod-images/*",
- "arn:aws:s3:::pocket-prospectapi-prod-images",
]
},
- {
- Action = [
- "logs:PutLogEvents",
- "logs:DescribeLogStreams",
- "logs:DescribeLogGroups",
- "logs:CreateLogStream",
- "logs:CreateLogGroup",
]
- Effect = "Allow"
- Resource = "*"
},
]
- Version = "2012-10-17"
}
) -> (known after apply)
tags = {
"app_code" = "content"
"component_code" = "content-prospectapi"
"env_code" = "prod"
"environment" = "Prod"
"service" = "ProspectAPI"
}
# (5 unchanged attributes hidden)
}
Plan: 0 to add, 2 to change, 0 to destroy. |
renovate
bot
force-pushed
the
renovate/npm-@sentry/node-vulnerability
branch
from
a2319a7 to
e2f4a1f
Compare
renovate
bot
force-pushed
the
renovate/npm-@sentry/node-vulnerability
branch
5 times, most recently
from
50988b6 to
3c0f902
Compare
renovate
bot
force-pushed
the
renovate/npm-@sentry/node-vulnerability
branch
from
3c0f902 to
c7a0714
Compare
renovate
bot
force-pushed
the
renovate/npm-@sentry/node-vulnerability
branch
3 times, most recently
from
ea59375 to
7b25401
Compare
renovate
bot
force-pushed
the
renovate/npm-@sentry/node-vulnerability
branch
from
7b25401 to
bbef79d
Compare
renovate
bot
force-pushed
the
renovate/npm-@sentry/node-vulnerability
branch
from
bbef79d to
a3fbd2d
Compare
renovate
bot
force-pushed
the
renovate/npm-@sentry/node-vulnerability
branch
2 times, most recently
from
ddcde47 to
7a0613d
Compare
renovate
bot
force-pushed
the
renovate/npm-@sentry/node-vulnerability
branch
4 times, most recently
from
922357c to
3dec11e
Compare
renovate
bot
force-pushed
the
renovate/npm-@sentry/node-vulnerability
branch
3 times, most recently
from
f3ac051 to
971b31c
Compare
renovate
bot
force-pushed
the
renovate/npm-@sentry/node-vulnerability
branch
2 times, most recently
from
ea279ac to
9e79b5c
Compare
renovate
bot
force-pushed
the
renovate/npm-@sentry/node-vulnerability
branch
3 times, most recently
from
9f7cda8 to
3d65760
Compare
renovate
bot
force-pushed
the
renovate/npm-@sentry/node-vulnerability
branch
3 times, most recently
from
e554e57 to
e476557
Compare
renovate
bot
force-pushed
the
renovate/npm-@sentry/node-vulnerability
branch
from
e476557 to
567eac3
Compare
renovate
bot
force-pushed
the
renovate/npm-@sentry/node-vulnerability
branch
3 times, most recently
from
6ced78f to
2843d25
Compare
renovate
bot
force-pushed
the
renovate/npm-@sentry/node-vulnerability
branch
from
2843d25 to
66acff6
Compare
renovate
bot
force-pushed
the
renovate/npm-@sentry/node-vulnerability
branch
4 times, most recently
from
91e068d to
aef9a91
Compare
renovate
bot
force-pushed
the
renovate/npm-@sentry/node-vulnerability
branch
6 times, most recently
from
90d8897 to
6e91d79
Compare
renovate
bot
force-pushed
the
renovate/npm-@sentry/node-vulnerability
branch
from
6e91d79 to
6587725
Compare
renovate
bot
force-pushed
the
renovate/npm-@sentry/node-vulnerability
branch
from
6587725 to
c3a9d6b
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
8.37.1→8.49.0GitHub Vulnerability Alerts
GHSA-r5w7-f542-q2j4
Impact
The ContextLines integration uses readable streams to more efficiently use memory when reading files. The ContextLines integration is used to attach source context to outgoing events.
The stream was not explicitly closed after use. This could lead to excessive amounts of file handles open on the system and potentially lead to a Denial of Service (DoS).
The ContextLines integration is enabled by default in the Node SDK (
@sentry/node) and SDKs that run in Node.js environments (@sentry/astro,@sentry/aws-serverless,@sentry/bun,@sentry/google-cloud-serverless,@sentry/nestjs,@sentry/nextjs,@sentry/nuxt,@sentry/remix,@sentry/solidstart,@sentry/sveltekit).Patches
Users should upgrade to version
8.49.0or higher.Workarounds
To remediate this issue in affected versions without upgrading to version
8.49.0and above you can disable the ContextLines integration. See the docs for more details.If you disable the ContextLines integration, you will lose source context on your error events.
References
Release Notes
getsentry/sentry-javascript (@sentry/node)
v8.49.0Compare Source
handledprop to ErrorBoundary (#14978)require,__filenameand__dirnameon global object (#14952)Work in this release was contributed by @HHK1 and @mstrokin. Thank you for your contribution!
Bundle size 📦
v8.48.0Compare Source
Deprecations
feat(v8/core): Deprecate
getDomElementmethod (#14799)Deprecates
getDomElement. There is no replacement.Other changes
continueTraceimplementation in core (#14819)NODE_OPTIONSis not passed to worker threads (#14825)tagNamewhen name is not provided toTraceDirective(#14828)openTelemetrySpanProcessorsoption (#14853)Setas theallRoutescontainer. (#14878) (#14884)normalizedRequesttosamplingContext(#14903)syncFeedbackIntegration(#14918)Work in this release was contributed by @arturovt. Thank you for your contribution!
Bundle size 📦
v8.47.0Compare Source
updateSpanNamehelper function (#14736)db.systemin newer Prisma versions (#14772)Work in this release was contributed by @aloisklink and @benjick. Thank you for your contributions!
Bundle size 📦
v8.46.0Compare Source
Work in this release was contributed by @conor-ob. Thank you for your contribution!
Bundle size 📦
v8.45.1Compare Source
sendFeedbackpromise resolves (#14683)Work in this release was contributed by @antonis. Thank you for your contribution!
Bundle size 📦
v8.45.0Compare Source
handledoption tocaptureConsoleIntegration(#14664)HttpClientevents (#14515)captureMessagewithattachStacktrace: trueas synthetic (#14668)captureMessagewithattatchStackTrace: trueas synthetic (#14670)levelin server runtimecaptureException(#10587)Work in this release was contributed by @anonrig and @Zih0. Thank you for your contributions!
Bundle size 📦
v8.44.0Compare Source
Deprecations
feat: Deprecate
autoSessionTracking(#14640)Deprecates
autoSessionTracking.To enable session tracking, it is recommended to unset
autoSessionTrackingand ensure that either, in browser environmentsthe
browserSessionIntegrationis added, or in server environments thehttpIntegrationis added.To disable session tracking, it is recommended to unset
autoSessionTrackingand to remove thebrowserSessionIntegrationinbrowser environments, or in server environments configure the
httpIntegrationwith thetrackIncomingRequestsAsSessionsoption set tofalse.Other Changes
responsecontext for http.server spans (#14634)Work in this release was contributed by @robinvw1. Thank you for your contribution!
Bundle size 📦
v8.43.0Compare Source
Important Changes
feat(nuxt): Add option autoInjectServerSentry (no default import()) (#14553)
Using the dynamic
import()as the default behavior for initializing the SDK on the server-side did not work for every project.The default behavior of the SDK has been changed, and you now need to use the
--importflag to initialize Sentry on the server-side to leverage full functionality.Example with
--import:In case you are not able to use the
--importflag, you can enable auto-injecting Sentry in thenuxt.config.ts(comes with limitations):feat(browser): Adds LaunchDarkly and OpenFeature integrations (#14207)
Adds browser SDK integrations for tracking feature flag evaluations through the LaunchDarkly JS SDK and OpenFeature Web SDK:
feat(browser): Add
featureFlagsIntegrationfor custom tracking of flag evaluations (#14582)Adds a browser integration to manually track feature flags with an API. Feature flags are attached to subsequent error events:
feat(astro): Add Astro 5 support (#14613)
With this release, the Sentry Astro SDK officially supports Astro 5.
Deprecations
feat(nextjs): Deprecate typedef for
hideSourceMaps(#14594)The functionality of
hideSourceMapswas removed in version 8 but was forgotten to be deprecated and removed.It will be completely removed in the next major version.
feat(core): Deprecate APIs around
RequestSessions (#14566)The APIs around
RequestSessions are mostly used internally.Going forward the SDK will not expose concepts around
RequestSessions.Instead, functionality around server-side Release Health will be managed in integrations.
Other Changes
browserSessionIntegration(#14551)raw_securityenvelope types (#14562)disableAnrDetectionForCallbackfunction (#14359)trackIncomingRequestsAsSessionsoption to http integration (#14567)autoInjectServerSentry(no defaultimport()) (#14553)^1.29.0(#14590)1.28.0(#14547)filenameandmodulestack frame properties in Node stack parser (#14544)maxSpanWaitDurationvalues (#14632)parseSearchoption in TanStack Router instrumentation (#14328)Work in this release was contributed by @lsmurray. Thank you for your contribution!
Bundle size 📦
v8.42.0Compare Source
Important Changes
feat(react): React Router v7 support (library) (#14513)
This release adds support for React Router v7 (library mode).
Check out the docs on how to set up the integration: Sentry React Router v7 Integration Docs
Deprecations
feat: Warn about source-map generation (#14533)
In the next major version of the SDK we will change how source maps are generated when the SDK is added to an application.
Currently, the implementation varies a lot between different SDKs and can be difficult to understand.
Moving forward, our goal is to turn on source maps for every framework, unless we detect that they are explicitly turned off.
Additionally, if we end up enabling source maps, we will emit a log message that we did so.
With this particular release, we are emitting warnings that source map generation will change in the future and we print instructions on how to prepare for the next major.
feat(nuxt): Deprecate
tracingOptionsin favor ofvueIntegration(#14530)Currently it is possible to configure tracing options in two places in the Sentry Nuxt SDK:
Sentry.init()tracingOptionsinSentry.init()For tree-shaking purposes and alignment with the Vue SDK, it is now recommended to instead use the newly exported
vueIntegration()and itstracingOptionsoption to configure tracing options in the Nuxt SDK:Other Changes
web-vitalsto v4.2.4 (#14439)vueIntegration(#14526)Bundle size 📦
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.