Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): bump @sentry/node from 7.109.0 to 8.18.0 #2046

Open
wants to merge 1 commit into
base: dev
Choose a base branch
from
Open

chore(deps): bump @sentry/node from 7.109.0 to 8.18.0 #2046

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jul 17, 2024

Bumps @sentry/node from 7.109.0 to 8.18.0.

Release notes

Sourced from @​sentry/node's releases.

8.18.0

Important Changes

  • ref: Deprecate enableTracing (12897)

The enableTracing option has been deprecated and will be removed in the next major version. We recommend removing it in favor of the tracesSampleRate and tracesSampler options. If you want to enable performance monitoring, please set the tracesSampleRate to a sample rate of your choice, or provide a sampling function as tracesSampler option instead. If you want to disable performance monitoring, remove the tracesSampler and tracesSampleRate options.

Other Changes

  • feat(node): Expose exclude and include options for ESM loader (#12910)
  • feat(browser): Add user agent to INP standalone span attributes (#12896)
  • feat(nextjs): Add experimental_captureRequestError for onRequestError hook (#12885)
  • feat(replay): Bump rrweb to 2.25.0 (#12478)
  • feat(tracing): Add long animation frame tracing (#12646)
  • fix: Cleanup hooks when they are not used anymore (#12852)
  • fix(angular): Guard ErrorEvent check in ErrorHandler to avoid throwing in Node environments (#12892)
  • fix(inp): Ensure INP spans have correct transaction (#12871)
  • fix(nestjs): Do not make SentryTraced() decorated functions async (#12879)
  • fix(nextjs): Support automatic instrumentation for app directory with custom page extensions (#12858)
  • fix(node): Ensure correct URL is passed to ignoreIncomingRequests callback (#12929)
  • fix(otel): Do not add otel.kind: INTERNAL attribute (#12841)
  • fix(solidstart): Set proper sentry origin for solid router integration when used in solidstart sdk (#12919)
  • fix(sveltekit): Add Vite peer dep for proper type resolution (#12926)
  • fix(tracing): Ensure you can pass null as parentSpan in startSpan* (#12928)
  • ref(core): Small bundle size improvement (#12830)

Work in this release was contributed by @​GitSquared and @​mcous. Thank you for your contributions!

Bundle size 📦

Path Size
@​sentry/browser 22.3 KB
@​sentry/browser (incl. Tracing) 33.69 KB
@​sentry/browser (incl. Tracing, Replay) 69.77 KB
@​sentry/browser (incl. Tracing, Replay) - with treeshaking flags 63.08 KB
@​sentry/browser (incl. Tracing, Replay with Canvas) 74.17 KB
@​sentry/browser (incl. Tracing, Replay, Feedback) 86.49 KB
@​sentry/browser (incl. Tracing, Replay, Feedback, metrics) 88.36 KB
@​sentry/browser (incl. metrics) 26.59 KB
@​sentry/browser (incl. Feedback) 38.98 KB
@​sentry/browser (incl. sendFeedback) 26.93 KB
@​sentry/browser (incl. FeedbackAsync) 31.54 KB
@​sentry/react 25.06 KB
@​sentry/react (incl. Tracing) 36.75 KB
@​sentry/vue 26.41 KB
@​sentry/vue (incl. Tracing) 35.57 KB

... (truncated)

Changelog

Sourced from @​sentry/node's changelog.

8.18.0

Important Changes

  • ref: Deprecate enableTracing (12897)

The enableTracing option has been deprecated and will be removed in the next major version. We recommend removing it in favor of the tracesSampleRate and tracesSampler options. If you want to enable performance monitoring, please set the tracesSampleRate to a sample rate of your choice, or provide a sampling function as tracesSampler option instead. If you want to disable performance monitoring, remove the tracesSampler and tracesSampleRate options.

Other Changes

  • feat(node): Expose exclude and include options for ESM loader (#12910)
  • feat(browser): Add user agent to INP standalone span attributes (#12896)
  • feat(nextjs): Add experimental_captureRequestError for onRequestError hook (#12885)
  • feat(replay): Bump rrweb to 2.25.0 (#12478)
  • feat(tracing): Add long animation frame tracing (#12646)
  • fix: Cleanup hooks when they are not used anymore (#12852)
  • fix(angular): Guard ErrorEvent check in ErrorHandler to avoid throwing in Node environments (#12892)
  • fix(inp): Ensure INP spans have correct transaction (#12871)
  • fix(nestjs): Do not make SentryTraced() decorated functions async (#12879)
  • fix(nextjs): Support automatic instrumentation for app directory with custom page extensions (#12858)
  • fix(node): Ensure correct URL is passed to ignoreIncomingRequests callback (#12929)
  • fix(otel): Do not add otel.kind: INTERNAL attribute (#12841)
  • fix(solidstart): Set proper sentry origin for solid router integration when used in solidstart sdk (#12919)
  • fix(sveltekit): Add Vite peer dep for proper type resolution (#12926)
  • fix(tracing): Ensure you can pass null as parentSpan in startSpan* (#12928)
  • ref(core): Small bundle size improvement (#12830)

Work in this release was contributed by @​GitSquared and @​mcous. Thank you for your contributions!

8.17.0

  • feat: Upgrade OTEL deps (#12809)
  • fix(nuxt): Add module to build:transpile script (#12843)
  • fix(browser): Allow SDK initialization in NW.js apps (#12846)

8.16.0

Important Changes

  • feat(nextjs): Use spans generated by Next.js for App Router (#12729)

Previously, the @sentry/nextjs SDK automatically recorded spans in the form of transactions for each of your top-level server components (pages, layouts, ...). This approach had a few drawbacks, the main ones being that traces didn't have a root span, and more importantly, if you had data stream to the client, its duration was not captured because the server component spans had finished before the data could finish streaming.

With this release, we will capture the duration of App Router requests in their entirety as a single transaction with

... (truncated)

Commits
  • c9ea6b8 release: 8.18.0
  • 9a25dad Merge pull request #12932 from getsentry/prepare-release/8.18.0
  • c57e363 meta: Update CHANGELOG for 8.18.0
  • 6f4c045 fix(node): Ensure correct URL is passed to ignoreIncomingRequests callback ...
  • 707afd6 fix(tracing): Ensure you can pass null as parentSpan in startSpan* (#12...
  • 475d66f fix(sveltekit): Add Vite peer dep for proper type resolution (#12926)
  • 9d1b35d feat(browser): Add user agent to INP standalone span attributes (#12896)
  • f9ab138 ci: Do not run external contributor job for bots (#12886)
  • 383743a fix(solidstart): Set proper sentry origin for solid router integration when u...
  • 1d3e208 feat: Expose exclude and include options for ESM loader (#12910)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump @sentry/node from 7.109.0 to 8.18.0
0d2f5bd 
Bumps [@sentry/node](https://github.com/getsentry/sentry-javascript) from 7.109.0 to 8.18.0.
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md)
- [Commits](getsentry/sentry-javascript@7.109.0...8.18.0)

---
updated-dependencies:
- dependency-name: "@sentry/node"
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot requested a review from Mittelblut9 as a code owner July 17, 2024 04:19
@dependabot dependabot bot added this to the Bugs & Maintaince milestone Jul 17, 2024
@dependabot dependabot bot mentioned this pull request Jul 17, 2024
Closed
@pull-request-checklist-buddy Pull Request Checklist Buddy
Copy link

👨‍💻 Dev Branch checks

  • All Code checks are successfully?
  • No sensetive data leaked?
  • Code works as expected?
  • Debug Code removed?
  • Code Review approved?

@pull-request-size pull-request-size bot added the size/XS Denotes a Pull Request that changes 0-9 lines. label Jul 17, 2024
@socket-security Socket Security
Copy link

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@sentry/[email protected] environment, unsafe Transitive: filesystem, network, shell +67 21.4 MB sentry-bot

🚮 Removed packages: npm/@sentry/[email protected]

View full report↗︎

@socket-security Socket Security
Copy link

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert Package NoteSourceCI
Shell access npm/@opentelemetry/[email protected] 🚫
Shell access npm/@opentelemetry/[email protected] 🚫

View full report↗︎

Next steps

What is shell access?

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Mittelblut9 Mittelblut9 Awaiting requested review from Mittelblut9 Mittelblut9 is a code owner

At least 0 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
npm dependencies size/XS Denotes a Pull Request that changes 0-9 lines.
Projects
@Mittelbot
Status: 🆕 Noted
Milestone
Bugs & Maintaince
Development

Successfully merging this pull request may close these issues.
0 participants