[Snyk] Upgrade @sentry/react from 7.16.0 to 8.31.0 #934

q1blue · 2024-10-14T22:55:43Z

Snyk has created this PR to upgrade @sentry/react from 7.16.0 to 8.31.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

The recommended version is 209 versions ahead of your current version.
The recommended version was released 22 days ago, on 2024-09-23.

Release notes

Package name: @sentry/react

8.31.0 - 2024-09-23

Important Changes

feat(node): Add dataloader integration (#13664)

This release adds a new integration for the dataloader package. The Node
SDK (and all SDKs that depend on it) will now automatically instrument dataloader instances. You can also add it
manually:

Sentry.init({
  integrations: [Sentry.dataloaderIntegration()],
});

Other Changes

feat(browser): Add navigation activationStart timestamp to pageload span (#13658)
feat(gatsby): Add optional deleteSourcemapsAfterUpload (#13610)
feat(nextjs): Give app router prefetch requests a http.server.prefetch op (#13600)
feat(nextjs): Improve Next.js serverside span data quality (#13652)
feat(node): Add disableInstrumentationWarnings option (#13693)
feat(nuxt): Adding experimental_basicServerTracing option to Nuxt module (#13643)
feat(nuxt): Improve logs about adding Node option 'import' (#13726)
feat(replay): Add onError callback + other small improvements to debugging (#13721)
feat(replay): Add experimental option to allow for a checkout every 6 minutes (#13069)
feat(wasm): Unconditionally parse instruction addresses (#13655)
fix: Ensure all logs are wrapped with consoleSandbox (#13690)
fix(browser): Try multiple options for lazyLoadIntegration script parent element lookup (#13717)
fix(feedback): Actor color applies to feedback icon (#13702)
fix(feedback): Fix form width on mobile devices (#13068)
fix(nestjs): Preserve original function name on SentryTraced functions (#13684)
fix(node): Don't overwrite local variables for re-thrown errors (#13644)
fix(normalize): Treat Infinity as NaN both are non-serializable numbers (#13406)
fix(nuxt): Use correct server output file path (#13725)
fix(opentelemetry): Always use active span in Propagator.inject (#13381)
fix(replay): Fixes potential out-of-order segments (#13609)

Work in this release was contributed by @ KyGuy2002, @ artzhookov, and @ julianCast. Thank you for your contributions!

Bundle size 📦

Path	Size
@ sentry/browser	22.52 KB
@ sentry/browser - with treeshaking flags	21.3 KB
@ sentry/browser (incl. Tracing)	34.8 KB
@ sentry/browser (incl. Tracing, Replay)	71.3 KB
@ sentry/browser (incl. Tracing, Replay) - with treeshaking flags	61.75 KB
@ sentry/browser (incl. Tracing, Replay with Canvas)	75.64 KB
@ sentry/browser (incl. Tracing, Replay, Feedback)	88.43 KB
@ sentry/browser (incl. Tracing, Replay, Feedback, metrics)	90.28 KB
@ sentry/browser (incl. metrics)	26.83 KB
@ sentry/browser (incl. Feedback)	39.66 KB
@ sentry/browser (incl. sendFeedback)	27.19 KB
@ sentry/browser (incl. FeedbackAsync)	31.96 KB
@ sentry/react	25.28 KB
@ sentry/react (incl. Tracing)	37.77 KB
@ sentry/vue	26.72 KB
@ sentry/vue (incl. Tracing)	36.67 KB
@ sentry/svelte	22.66 KB
CDN Bundle	23.83 KB
CDN Bundle (incl. Tracing)	36.56 KB
CDN Bundle (incl. Tracing, Replay)	71.06 KB
CDN Bundle (incl. Tracing, Replay, Feedback)	76.38 KB
CDN Bundle - uncompressed	69.81 KB
CDN Bundle (incl. Tracing) - uncompressed	108.44 KB
CDN Bundle (incl. Tracing, Replay) - uncompressed	220.31 KB
CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed	233.53 KB
@ sentry/nextjs (client)	37.53 KB
@ sentry/sveltekit (client)	35.37 KB
@ sentry/node	121.77 KB
@ sentry/node - without tracing	93.41 KB
@ sentry/aws-serverless	103.11 KB

8.31.0-beta.0 - 2024-09-23
Important Changes
- Upgrades rrweb library to version 2.28.0
8.30.0 - 2024-09-10
Important Changes
- feat(node): Add kafkajs integration (#13528)
This release adds a new integration that instruments kafkajs library with spans and traces. This integration is
automatically enabled by default, but can be included with the Sentry.kafkaIntegration() import.
```
Sentry.init({
  integrations: [Sentry.kafkaIntegration()],
});
```
Other Changes
- feat(core): Allow adding measurements without global client (#13612)
- feat(deps): Bump @ opentelemetry/instrumentation-undici from 0.5.0 to 0.6.0 (#13622)
- feat(deps): Bump @ sentry/cli from 2.33.0 to 2.35.0 (#13624)
- feat(node): Use @ opentelemetry/instrumentation-undici for fetch tracing (#13485)
- feat(nuxt): Add server config to root folder (#13583)
- feat(otel): Upgrade @ opentelemetry/semantic-conventions to 1.26.0 (#13631)
- fix(browser): check supportedEntryTypes before caling the function (#13541)
- fix(browser): Ensure Standalone CLS span timestamps are correct (#13649)
- fix(nextjs): Widen removal of 404 transactions (#13628)
- fix(node): Remove ambiguity and race conditions when matching local variables to exceptions (#13501)
- fix(node): Update OpenTelemetry instrumentation package for solidstart and opentelemetry (#13640)
- fix(node): Update OpenTelemetry instrumentation package for solidstart and opentelemetry (#13642)
- fix(vue): Ensure Vue trackComponents list matches components with or without <> (#13543)
- ref(profiling): Conditionally shim cjs globals (#13267)
Work in this release was contributed by @ Zen-cronic and @ odanado. Thank you for your contributions!
8.29.0 - 2024-09-09
8.28.0 - 2024-09-03
8.27.0 - 2024-08-27
8.26.0 - 2024-08-14
8.25.0 - 2024-08-09
8.24.0 - 2024-08-06
8.23.0 - 2024-08-05
8.22.0 - 2024-08-01
8.21.0 - 2024-07-31
8.20.0 - 2024-07-24
8.19.0 - 2024-07-19
8.18.0 - 2024-07-16
8.17.0 - 2024-07-10
8.16.0 - 2024-07-09
8.15.0 - 2024-07-05
8.14.0 - 2024-07-04
8.13.0 - 2024-06-27
8.12.0 - 2024-06-25
8.12.0-beta.0 - 2024-06-24
8.11.0 - 2024-06-21
8.10.0 - 2024-06-19
8.9.2 - 2024-06-12
8.9.1 - 2024-06-11
8.9.0 - 2024-06-11
8.8.0 - 2024-06-07
8.7.0 - 2024-05-29
8.6.0 - 2024-05-29
8.5.0 - 2024-05-27
8.4.0 - 2024-05-23
8.3.0 - 2024-05-22
8.2.1 - 2024-05-16
8.2.0 - 2024-05-16
8.1.0 - 2024-05-16
8.0.0 - 2024-05-13
8.0.0-rc.3 - 2024-05-10
8.0.0-rc.2 - 2024-05-08
8.0.0-rc.1 - 2024-05-07
8.0.0-rc.0 - 2024-05-06
8.0.0-beta.6 - 2024-05-03
8.0.0-beta.5 - 2024-04-30
8.0.0-beta.4 - 2024-04-24
8.0.0-beta.3 - 2024-04-19
8.0.0-beta.2 - 2024-04-17
8.0.0-beta.1 - 2024-04-15
8.0.0-alpha.9 - 2024-04-08
8.0.0-alpha.8 - 2024-04-08
8.0.0-alpha.7 - 2024-03-27
8.0.0-alpha.5 - 2024-03-22
8.0.0-alpha.4 - 2024-03-14
8.0.0-alpha.3 - 2024-03-14
8.0.0-alpha.2 - 2024-03-05
7.119.2 - 2024-10-10
Read more
7.119.1 - 2024-10-04
- fix(browser/v7): Ensure wrap() only returns functions (#13838 backport)
Work in this release contributed by @ legobeat. Thank you for your contribution!
7.119.0 - 2024-08-14
7.118.0 - 2024-06-21
7.117.0 - 2024-06-10
7.116.0 - 2024-05-17
7.115.0 - 2024-05-16
7.114.0 - 2024-05-08
7.113.0 - 2024-05-02
7.112.2 - 2024-04-24
7.112.1 - 2024-04-23
7.112.0 - 2024-04-23
7.111.0 - 2024-04-18
7.110.1 - 2024-04-15
7.110.0 - 2024-04-11
7.109.0 - 2024-03-28
7.108.0 - 2024-03-22
7.107.0 - 2024-03-14
7.106.1 - 2024-03-11
7.106.0 - 2024-03-08
7.105.0 - 2024-03-04
7.104.0 - 2024-02-29
7.103.0 - 2024-02-27
7.102.1 - 2024-02-22
7.102.0 - 2024-02-20
7.101.1 - 2024-02-15
7.101.0 - 2024-02-13
7.100.1 - 2024-02-07
7.100.0 - 2024-02-06
7.99.0 - 2024-01-30
7.98.0 - 2024-01-25
7.97.0 - 2024-01-25
7.95.0 - 2024-01-23
7.94.1 - 2024-01-19
7.93.0 - 2024-01-10
7.92.0 - 2024-01-04
7.91.0 - 2023-12-22
7.90.0 - 2023-12-20
7.89.0 - 2023-12-19
7.88.0 - 2023-12-14
7.87.0 - 2023-12-13
7.86.0 - 2023-12-07
7.85.0 - 2023-12-04
7.84.0 - 2023-11-30
7.83.0 - 2023-11-28
7.82.0 - 2023-11-27
7.81.1 - 2023-11-21
7.81.0 - 2023-11-20
7.80.2-alpha.1 - 2023-11-15
7.80.2-alpha.0 - 2023-11-14
7.80.1 - 2023-11-14
7.80.0 - 2023-11-09
7.79.0 - 2023-11-08
7.78.0 - 2023-11-08
7.77.0 - 2023-10-31
7.76.0 - 2023-10-27
7.75.1 - 2023-10-25
7.75.0 - 2023-10-24
7.74.2-alpha.1 - 2023-10-23
7.74.2-alpha.0 - 2023-10-19
7.74.1 - 2023-10-17
7.74.0 - 2023-10-13
7.73.0 - 2023-10-02
7.72.0 - 2023-09-26
7.71.0 - 2023-09-25
7.70.0 - 2023-09-20
7.70.0-beta.1 - 2023-09-15
7.70.0-beta.0 - 2023-09-14
7.69.0 - 2023-09-13
7.68.0 - 2023-09-06
7.67.0 - 2023-09-05
7.67.0-beta.0 - 2023-08-31
7.66.0 - 2023-08-30
7.66.0-alpha.0 - 2023-08-29
7.65.0 - 2023-08-28
7.65.0-alpha.0 - 2023-08-16
7.64.0 - 2023-08-14
7.64.0-alpha.0 - 2023-08-11
7.63.0 - 2023-08-10
7.62.0 - 2023-08-09
7.61.1 - 2023-08-04
7.61.0 - 2023-07-31
7.60.1 - 2023-07-26
7.60.0 - 2023-07-21
7.59.3 - 2023-07-19
7.59.2 - 2023-07-18
7.59.1 - 2023-07-18
7.59.0-beta.1 - 2023-07-17
7.59.0-beta.0 - 2023-07-13
7.58.1 - 2023-07-13
7.58.0 - 2023-07-12
7.57.0 - 2023-06-28
7.57.0-beta.0 - 2023-06-21
7.56.0 - 2023-06-19
7.55.2 - 2023-06-14
7.55.1 - 2023-06-14
7.55.0 - 2023-06-13
7.54.0 - 2023-06-01
7.53.1 - 2023-05-24
7.53.0 - 2023-05-23
7.52.1 - 2023-05-15
7.52.0 - 2023-05-15
7.51.2 - 2023-05-08
7.51.1 - 2023-05-08
7.51.0 - 2023-05-04
7.50.0 - 2023-04-27
7.49.0 - 2023-04-20
7.48.0 - 2023-04-14
7.47.0 - 2023-04-05
7.46.0 - 2023-03-30
7.45.0 - 2023-03-24
7.44.2 - 2023-03-21
7.44.1 - 2023-03-20
7.44.0 - 2023-03-20
7.43.0 - 2023-03-13
7.42.0 - 2023-03-09
7.41.0 - 2023-03-06
7.40.0 - 2023-03-01
7.39.0 - 2023-02-27
7.38.0 - 2023-02-17
7.37.2 - 2023-02-13
7.37.1 - 2023-02-10
7.37.0 - 2023-02-09
7.36.0 - 2023-02-02
7.35.0 - 2023-02-01
7.34.0 - 2023-01-26
7.34.0-beta.0 - 2023-01-25
7.33.0 - 2023-01-24
7.32.1 - 2023-01-23
7.32.0 - 2023-01-23
7.31.1 - 2023-01-17
7.31.0 - 2023-01-16
7.30.0 - 2023-01-10
7.29.0 - 2023-01-04
7.28.1 - 2022-12-22
7.28.0 - 2022-12-20
7.27.0 - 2022-12-16
7.26.0 - 2022-12-13
7.25.0 - 2022-12-12
7.24.2 - 2022-12-07
7.24.1 - 2022-12-07
7.24.0 - 2022-12-07
7.23.0 - 2022-12-01
7.22.0 - 2022-11-29
7.21.1 - 2022-11-23
7.21.0 - 2022-11-22
7.20.1 - 2022-11-21
7.20.0 - 2022-11-17
7.19.0 - 2022-11-10
7.18.0 - 2022-11-08
7.17.4 - 2022-11-03
7.17.3 - 2022-10-31
7.17.2 - 2022-10-28
7.17.1 - 2022-10-27
7.17.0 - 2022-10-27
7.16.0 - 2022-10-19

from @sentry/react GitHub release notes

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade @sentry/react from 7.16.0 to 8.31.0. See this package in npm: https://www.npmjs.com/package/@sentry/react See this project in Snyk: https://app.snyk.io/org/q1blue-rxw/project/5b430cad-b455-40c7-a7ff-af5a8804e8ca?utm_source=github&utm_medium=referral&page=upgrade-pr

changeset-bot · 2024-10-14T22:55:46Z

⚠️ No Changeset found

Latest commit: f3c306d

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

socket-security · 2024-10-14T22:56:40Z

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/[email protected]	filesystem	`0`	41.7 kB	nicolo-ribaudo
npm/[email protected]	None	`0`	12.4 kB	ljharb
npm/[email protected]	None	`0`	35.9 kB	kentcdodds
npm/[email protected]	None	`0`	81.2 kB	nicolo-ribaudo
npm/[email protected]	None	`0`	152 kB	nicolo-ribaudo
npm/[email protected]	None	`0`	6.81 kB	nicolo-ribaudo
npm/[email protected]	None	`0`	25.9 kB	urthen
npm/[email protected]	None	`0`	41.3 kB	evilebottnawi
npm/[email protected]	filesystem	`0`	10.3 kB	thlorenz
npm/[email protected]	environment, eval, filesystem	`0`	818 kB	zloirock
npm/[email protected]	None	`+1`	121 kB	evilebottnawi
npm/[email protected]	environment	`0`	41.3 kB	qix
npm/[email protected]	None	`0`	38.1 kB	evilebottnawi
npm/[email protected]	None	`0`	78.6 kB	webreflection
npm/[email protected]	filesystem	`0`	54.7 kB	isaacs
npm/[email protected]	None	`0`	242 kB	jordanbtucker
npm/[email protected]	unsafe	`+1`	90.5 kB	evilebottnawi
npm/[email protected]	None	`0`	17.8 kB	nmfr
npm/[email protected]	None	`0`	12.5 kB	ruyadorno
npm/[email protected]	None	`0`	12.8 kB	arcanis
npm/[email protected]	None	`0`	8.03 kB	luisrudge
npm/[email protected]	Transitive: filesystem	`+2`	168 kB	ryanzim
npm/[email protected]	None	`0`	33.8 kB	michael-ciniawsky
npm/[email protected]	filesystem Transitive: environment	`+1`	682 kB	jonathantneal
npm/[email protected]	None	`0`	17.4 kB	ai
npm/[email protected]	None	`0`	128 kB	benjamn
npm/[email protected]	environment	`0`	69.3 kB	evilebottnawi
npm/[email protected]	None	`0`	4.21 MB	sassbot
npm/[email protected]	None	`0`	67.1 kB	isaacs
npm/[email protected]	None	`0`	766 kB	tromey
npm/[email protected]	None	`0`	40.4 kB	satazor
npm/[email protected]	None	`0`	57 kB	evilebottnawi
npm/[email protected]	eval	`0`	75.3 kB	evilebottnawi
npm/[email protected]	filesystem	`+2`	83.2 kB	webdeveric
npm/[email protected]	environment, filesystem, shell, unsafe	`0`	224 kB	evilebottnawi
npm/[email protected]	environment, filesystem, unsafe	`+1`	1.77 MB	sokra

View full report↗︎

socket-security · 2024-10-14T22:56:41Z

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source	CI
Critical CVE	npm/[email protected]	CVE: GHSA-76p3-8jx3-jpfq Prototype pollution in webpack loader-utils (CRITICAL) Affected versions: < 1.4.1 Patched version: 1.4.1	`etl/yarn.lock`	⚠︎

View full report↗︎

Next steps

What is a critical CVE?

Contains a Critical Common Vulnerability and Exposure (CVE).

Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

@SocketSecurity ignore npm/[email protected]

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade @sentry/react from 7.16.0 to 8.31.0 #934

[Snyk] Upgrade @sentry/react from 7.16.0 to 8.31.0 #934

q1blue commented Oct 14, 2024

Important Changes

Other Changes

Bundle size 📦

Important Changes

Important Changes

Other Changes

changeset-bot bot commented Oct 14, 2024

socket-security bot commented Oct 14, 2024

socket-security bot commented Oct 14, 2024

[Snyk] Upgrade @sentry/react from 7.16.0 to 8.31.0 #934

Are you sure you want to change the base?

[Snyk] Upgrade @sentry/react from 7.16.0 to 8.31.0 #934

Conversation

q1blue commented Oct 14, 2024

Snyk has created this PR to upgrade @sentry/react from 7.16.0 to 8.31.0.

Important Changes

Other Changes

Bundle size 📦

Important Changes

Important Changes

Other Changes

changeset-bot bot commented Oct 14, 2024

⚠️ No Changeset found

socket-security bot commented Oct 14, 2024

socket-security bot commented Oct 14, 2024

Next steps