Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade @sentry/nextjs from 8.2.1 to 8.4.0 #121

Closed

Conversation

koushikpuppala
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)

Snyk has created this PR to upgrade @sentry/nextjs from 8.2.1 to 8.4.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 2 versions ahead of your current version.

  • The recommended version was released on 21 days ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Uncontrolled resource consumption
SNYK-JS-BRACES-6838727
482 Proof of Concept
high severity Inefficient Regular Expression Complexity
SNYK-JS-MICROMATCH-6838728
482 No Known Exploit
medium severity Improper Control of Dynamically-Managed Code Resources
SNYK-JS-EJS-6689533
482 No Known Exploit
medium severity Uncontrolled Resource Consumption ('Resource Exhaustion')
SNYK-JS-TAR-6476909
482 Proof of Concept
Release notes
Package name: @sentry/nextjs
  • 8.4.0 - 2024-05-23

    Important Changes

    • feat(nextjs): Trace pageloads in App Router (#12157)

    If you are using Next.js version 14.3.0-canary.64 or above, the Sentry Next.js SDK will now trace clientside pageloads
    with React Server Components. This means, that client-side errors like
    Error: An error occurred in the Server Components render., which previously didn't give you much information on how
    that error was caused, can now be traced back to a specific error in a server component.

    • feat(angular): Add Support for Angular 18 (#12183)

    This release guarantees support for Angular 18 with @ sentry/angular.

    Other Changes

    • feat(deps): Bump @ opentelemetry/instrumentation-aws-lambda from 0.41.0 to 0.41.1 (#12078)
    • fix(metrics): Ensure string values are interpreted for metrics (#12165)

    Bundle size 📦

    Path Size
    @ sentry/browser 21.74 KB
    @ sentry/browser (incl. Tracing) 32.88 KB
    @ sentry/browser (incl. Tracing, Replay) 68.25 KB
    @ sentry/browser (incl. Tracing, Replay) - with treeshaking flags 61.66 KB
    @ sentry/browser (incl. Tracing, Replay with Canvas) 72.28 KB
    @ sentry/browser (incl. Tracing, Replay, Feedback) 84.33 KB
    @ sentry/browser (incl. Feedback) 37.75 KB
    @ sentry/browser (incl. sendFeedback) 26.31 KB
    @ sentry/browser (incl. FeedbackAsync) 30.73 KB
    @ sentry/react 24.43 KB
    @ sentry/react (incl. Tracing) 35.88 KB
    @ sentry/vue 25.68 KB
    @ sentry/vue (incl. Tracing) 34.7 KB
    @ sentry/svelte 21.88 KB
    CDN Bundle 24.28 KB
    CDN Bundle (incl. Tracing) 34.35 KB
    CDN Bundle (incl. Tracing, Replay) 68.04 KB
    CDN Bundle (incl. Tracing, Replay, Feedback) 73.03 KB
    CDN Bundle - uncompressed 71.46 KB
    CDN Bundle (incl. Tracing) - uncompressed 101.87 KB
    CDN Bundle (incl. Tracing, Replay) - uncompressed 211.5 KB
    CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed 223.85 KB
    @ sentry/nextjs (client) 35.14 KB
    @ sentry/sveltekit (client) 33.48 KB
    @ sentry/node 114.31 KB
    @ sentry/aws-serverless 103.2 KB
  • 8.3.0 - 2024-05-22

    Important Changes

    • Better Node Framework Span Data

    This release improves data quality of spans emitted by Express, Fastify, Connect, Koa, Nest.js and Hapi.

    • feat(node): Ensure connect spans have better data (#12130)

    • feat(node): Ensure express spans have better data (#12107)

    • feat(node): Ensure fastify spans have better data (#12106)

    • feat(node): Ensure hapi spans have better data (#12140)

    • feat(node): Ensure koa spans have better data (#12108)

    • feat(node): Ensure Nest.js spans have better data (#12139)

    • feat(deps): Bump @ opentelemetry/instrumentation-express from 0.38.0 to 0.39.0 (#12079)

    • feat(node): No-code init via --import=@ sentry/node/init (#11999)

    When using Sentry in ESM mode, you can now use Sentry without manually calling init like this:

     SENTRY_DSN=https://[email protected]/0 node --import=@ sentry/node/init app.mjs

    When using CommonJS, you can do:

     SENTRY_DSN=https://[email protected]/0 node --require=@ sentry/node/init app.js

    Other Changes

    • chore: Align and update MIT license dates (#12143)
    • chore: Resolve or postpone a random assortment of TODOs (#11977)
    • doc(migration): Add entry for runWithAsyncContext (#12153)
    • docs: Add migration docs to point out that default import does not work (#12100)
    • docs(sveltekit): process.env.SENTRY_AUTH_TOKEN (#12118)
    • feat(browser): Ensure browserProfilingIntegration is published to CDN (#12158)
    • feat(google-cloud): Expose ESM build (#12149)
    • feat(nextjs): Ignore Prisma critical dependency warnings (#12144)
    • feat(node): Add app.free_memory info to events (#12150)
    • feat(node): Do not create GraphQL resolver spans by default (#12097)
    • feat(node): Use node: prefix for node built-ins (#11895)
    • feat(replay): Use unwrapped setTimeout to avoid e.g. angular change detection (#11924)
    • fix(core): Add dsn to span envelope header (#12096)
    • fix(feedback): Improve feedback border color in dark-mode, and prevent auto-dark mode when a theme is picked (#12126)
    • fix(feedback): Set optionOverrides to be optional in TS definition (#12125)
    • fix(nextjs): Don't put undefined values in props (#12131)
    • fix(nextjs): Fix legacy configuration method detection for emitting warning (#12136)
    • fix(node): Ensure fetch/http breadcrumbs are created correctly (#12137)
    • fix(node): Update @ prisma/instrumentation from 5.13.0 to 5.14.0 (#12081)
    • ref(node): Add log for running in ESM/CommonJS mode (#12134)
    • ref(node): Handle failing hook registration gracefully (#12135)
    • ref(node): Only show instrumentation warning when tracing is enabled (#12141)

    Work in this release contributed by @ pboling. Thank you for your contribution!

    Bundle size 📦

    Path Size
    @ sentry/browser 21.77 KB
    @ sentry/browser (incl. Tracing) 32.92 KB
    @ sentry/browser (incl. Tracing, Replay) 68.26 KB
    @ sentry/browser (incl. Tracing, Replay) - with treeshaking flags 61.68 KB
    @ sentry/browser (incl. Tracing, Replay with Canvas) 72.29 KB
    @ sentry/browser (incl. Tracing, Replay, Feedback) 84.35 KB
    @ sentry/browser (incl. Feedback) 37.78 KB
    @ sentry/browser (incl. sendFeedback) 26.34 KB
    @ sentry/browser (incl. FeedbackAsync) 30.76 KB
    @ sentry/react 24.45 KB
    @ sentry/react (incl. Tracing) 35.89 KB
    @ sentry/vue 25.72 KB
    @ sentry/vue (incl. Tracing) 34.74 KB
    @ sentry/svelte 21.91 KB
    CDN Bundle 24.29 KB
    CDN Bundle (incl. Tracing) 34.35 KB
    CDN Bundle (incl. Tracing, Replay) 68.05 KB
    CDN Bundle (incl. Tracing, Replay, Feedback) 73.05 KB
    CDN Bundle - uncompressed 71.47 KB
    CDN Bundle (incl. Tracing) - uncompressed 101.88 KB
    CDN Bundle (incl. Tracing, Replay) - uncompressed 211.51 KB
    CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed 223.86 KB
    @ sentry/nextjs (client) 35.17 KB
    @ sentry/sveltekit (client) 33.52 KB
    @ sentry/node 114.09 KB
    @ sentry/aws-serverless 103 KB
  • 8.2.1 - 2024-05-16
    • fix(aws-serverless): Fix build of lambda layer (#12083)
    • fix(nestjs): Broaden nest.js type (#12076)

    Bundle size 📦

    Path Size
    @ sentry/browser 21.72 KB
    @ sentry/browser (incl. Tracing) 32.86 KB
    @ sentry/browser (incl. Tracing, Replay) 68.21 KB
    @ sentry/browser (incl. Tracing, Replay) - with treeshaking flags 61.6 KB
    @ sentry/browser (incl. Tracing, Replay with Canvas) 72.25 KB
    @ sentry/browser (incl. Tracing, Replay, Feedback) 84.25 KB
    @ sentry/browser (incl. Feedback) 37.68 KB
    @ sentry/browser (incl. sendFeedback) 26.29 KB
    @ sentry/browser (incl. FeedbackAsync) 30.66 KB
    @ sentry/react 24.41 KB
    @ sentry/react (incl. Tracing) 35.85 KB
    @ sentry/vue 25.65 KB
    @ sentry/vue (incl. Tracing) 34.68 KB
    @ sentry/svelte 21.86 KB
    CDN Bundle 24.26 KB
    CDN Bundle (incl. Tracing) 34.29 KB
    CDN Bundle (incl. Tracing, Replay) 67.99 KB
    CDN Bundle (incl. Tracing, Replay, Feedback) 72.95 KB
    CDN Bundle - uncompressed 71.33 KB
    CDN Bundle (incl. Tracing) - uncompressed 101.68 KB
    CDN Bundle (incl. Tracing, Replay) - uncompressed 211.3 KB
    CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed 223.6 KB
    @ sentry/nextjs (client) 35.07 KB
    @ sentry/sveltekit (client) 33.44 KB
    @ sentry/node 141.32 KB
    @ sentry/aws-serverless 128.07 KB
from @sentry/nextjs GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

Snyk has created this PR to upgrade @sentry/nextjs from 8.2.1 to 8.4.0.

See this package in npm:
@sentry/nextjs

See this project in Snyk:
https://app.snyk.io/org/koushikpuppala/project/69ab681a-4d42-4597-8d7c-5da798c32e90?utm_source=github&utm_medium=referral&page=upgrade-pr
Copy link

vercel bot commented Jun 13, 2024

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Updated (UTC)
koushikpuppala ❌ Failed (Inspect) Jun 13, 2024 8:46pm

@koushikpuppala koushikpuppala deleted the snyk-upgrade-0f330ab03de1dc584883a852bb2c1427 branch July 13, 2024 16:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants