Skip to content

Update dependency @sentry/node to v8.49.0 [SECURITY] #4777

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jan 31, 2025
Merged

Update dependency @sentry/node to v8.49.0 [SECURITY] #4777

merged 1 commit into from
Jan 31, 2025

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jan 30, 2025

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
@sentry/node (source) 8.47.0 -> 8.49.0 age adoption passing confidence

GitHub Vulnerability Alerts

GHSA-r5w7-f542-q2j4

Impact

The ContextLines integration uses readable streams to more efficiently use memory when reading files. The ContextLines integration is used to attach source context to outgoing events.

The stream was not explicitly closed after use. This could lead to excessive amounts of file handles open on the system and potentially lead to a Denial of Service (DoS).

The ContextLines integration is enabled by default in the Node SDK (@sentry/node) and SDKs that run in Node.js environments (@sentry/astro, @sentry/aws-serverless, @sentry/bun, @sentry/google-cloud-serverless, @sentry/nestjs, @sentry/nextjs, @sentry/nuxt, @sentry/remix, @sentry/solidstart, @sentry/sveltekit).

Patches

Users should upgrade to version 8.49.0 or higher.

Workarounds

To remediate this issue in affected versions without upgrading to version 8.49.0 and above you can disable the ContextLines integration. See the docs for more details.

Sentry.init({
  // ...
  integrations: function (integrations) {
    // integrations will be all default integrations
    return integrations.filter(function (integration) {
      return integration.name !== "ContextLines";
    });
  },
});

If you disable the ContextLines integration, you will lose source context on your error events.

References

Release Notes

getsentry/sentry-javascript (@​sentry/node)

v8.49.0

Compare Source

  • feat(v8/browser): Flush offline queue on flush and browser online event (#​14969)
  • feat(v8/react): Add a handled prop to ErrorBoundary (#​14978)
  • fix(profiling/v8): Don't put require, __filename and __dirname on global object (#​14952)
  • fix(v8/node): Enforce that ContextLines integration does not leave open file handles (#​14997)
  • fix(v8/replay): Disable mousemove sampling in rrweb for iOS browsers (#​14944)
  • fix(v8/sveltekit): Ensure source maps deletion is called after source ma… (#​14963)
  • fix(v8/vue): Re-throw error when no errorHandler exists (#​14943)

Work in this release was contributed by @​HHK1 and @​mstrokin. Thank you for your contribution!

Bundle size 📦

Path Size
@​sentry/browser 23.29 KB
@​sentry/browser - with treeshaking flags 21.96 KB
@​sentry/browser (incl. Tracing) 35.85 KB
@​sentry/browser (incl. Tracing, Replay) 73.19 KB
@​sentry/browser (incl. Tracing, Replay) - with treeshaking flags 63.58 KB
@​sentry/browser (incl. Tracing, Replay with Canvas) 77.5 KB
@​sentry/browser (incl. Tracing, Replay, Feedback) 89.44 KB
@​sentry/browser (incl. Feedback) 39.5 KB
@​sentry/browser (incl. sendFeedback) 27.89 KB
@​sentry/browser (incl. FeedbackAsync) 32.69 KB
@​sentry/react 25.97 KB
@​sentry/react (incl. Tracing) 38.67 KB
@​sentry/vue 27.57 KB
@​sentry/vue (incl. Tracing) 37.71 KB
@​sentry/svelte 23.45 KB
CDN Bundle 24.49 KB
CDN Bundle (incl. Tracing) 37.56 KB
CDN Bundle (incl. Tracing, Replay) 72.84 KB
CDN Bundle (incl. Tracing, Replay, Feedback) 78.2 KB
CDN Bundle - uncompressed 71.93 KB
CDN Bundle (incl. Tracing) - uncompressed 111.42 KB
CDN Bundle (incl. Tracing, Replay) - uncompressed 225.68 KB
CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed 238.78 KB
@​sentry/nextjs (client) 38.92 KB
@​sentry/sveltekit (client) 36.36 KB
@​sentry/node 162.82 KB
@​sentry/node - without tracing 98.95 KB
@​sentry/aws-serverless 126.65 KB

v8.48.0

Compare Source

Deprecations

  • feat(v8/core): Deprecate getDomElement method (#​14799)

    Deprecates getDomElement. There is no replacement.

Other changes
  • fix(nestjs/v8): Use correct main/module path in package.json (#​14791)
  • fix(v8/core): Use consistent continueTrace implementation in core (#​14819)
  • fix(v8/node): Correctly resolve debug IDs for ANR events with custom appRoot (#​14823)
  • fix(v8/node): Ensure NODE_OPTIONS is not passed to worker threads (#​14825)
  • fix(v8/angular): Fall back to element tagName when name is not provided to TraceDirective (#​14828)
  • fix(aws-lambda): Remove version suffix from lambda layer (#​14843)
  • fix(v8/node): Ensure express requests are properly handled (#​14851)
  • feat(v8/node): Add openTelemetrySpanProcessors option (#​14853)
  • fix(v8/react): Use Set as the allRoutes container. (#​14878) (#​14884)
  • fix(v8/react): Improve handling of routes nested under path="/" (#​14897)
  • feat(v8/core): Add normalizedRequest to samplingContext (#​14903)
  • fix(v8/feedback): Avoid lazy loading code for syncFeedbackIntegration (#​14918)

Work in this release was contributed by @​arturovt. Thank you for your contribution!

Bundle size 📦
Path Size
@​sentry/browser 23.29 KB
@​sentry/browser - with treeshaking flags 21.96 KB
@​sentry/browser (incl. Tracing) 35.85 KB
@​sentry/browser (incl. Tracing, Replay) 73.09 KB
@​sentry/browser (incl. Tracing, Replay) - with treeshaking flags 63.48 KB
@​sentry/browser (incl. Tracing, Replay with Canvas) 77.4 KB
@​sentry/browser (incl. Tracing, Replay, Feedback) 89.34 KB
@​sentry/browser (incl. Feedback) 39.5 KB
@​sentry/browser (incl. sendFeedback) 27.89 KB
@​sentry/browser (incl. FeedbackAsync) 32.69 KB
@​sentry/react 25.96 KB
@​sentry/react (incl. Tracing) 38.66 KB
@​sentry/vue 27.56 KB
@​sentry/vue (incl. Tracing) 37.69 KB
@​sentry/svelte 23.45 KB
CDN Bundle 24.49 KB
CDN Bundle (incl. Tracing) 37.56 KB
CDN Bundle (incl. Tracing, Replay) 72.75 KB
CDN Bundle (incl. Tracing, Replay, Feedback) 78.11 KB
CDN Bundle - uncompressed 71.93 KB
CDN Bundle (incl. Tracing) - uncompressed 111.42 KB
CDN Bundle (incl. Tracing, Replay) - uncompressed 225.5 KB
CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed 238.6 KB
@​sentry/nextjs (client) 38.92 KB
@​sentry/sveltekit (client) 36.36 KB
@​sentry/node 162.8 KB
@​sentry/node - without tracing 98.94 KB
@​sentry/aws-serverless 126.63 KB

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested a review from a team as a code owner January 30, 2025 14:35
@renovate renovate bot added the Dependencies Pull requests that update a dependency file label Jan 30, 2025
@renovate renovate bot requested review from moz-dfeller and removed request for a team January 30, 2025 14:35
@github-actions GitHub Actions
Copy link

github-actions bot commented Jan 30, 2025
edited
Loading

Size Change: 0 B

Total Size: 8.28 MB

ℹ️ View Unchanged
Filename Size
web/dist/1-1.****************.png 9.92 kB
web/dist/1-2.****************.png 7.71 kB
web/dist/1-3.****************.png 14.2 kB
web/dist/1-4.****************.png 24.5 kB
web/dist/1-5.****************.png 15.8 kB
web/dist/1-6.****************.png 12.4 kB
web/dist/1-red-copy.****************.svg 9.1 kB
web/dist/171.****************.js 5.99 kB
web/dist/171.****************.css 2.39 kB
web/dist/178.****************.css 4.18 kB
web/dist/178.****************.js 3.38 kB
web/dist/2-1.****************.png 7.14 kB
web/dist/2-2.****************.png 14.2 kB
web/dist/2-3.****************.png 10.4 kB
web/dist/2-4.****************.png 9.92 kB
web/dist/2-5.****************.png 8.49 kB
web/dist/227.****************.css 391 B
web/dist/227.****************.js 630 B
web/dist/275.****************.js 15.8 kB
web/dist/275.****************.css 9.7 kB
web/dist/290.****************.js 6.65 kB
web/dist/303.****************.css 1.34 kB
web/dist/303.****************.js 1.68 kB
web/dist/357.****************.js 16.5 kB
web/dist/357.****************.css 4.73 kB
web/dist/397.****************.css 1.27 kB
web/dist/397.****************.js 913 B
web/dist/41.****************.js 8.65 kB
web/dist/41.****************.css 3.36 kB
web/dist/425.****************.css 3.12 kB
web/dist/425.****************.js 5.61 kB
web/dist/457.****************.js 5.5 kB
web/dist/457.****************.css 3.28 kB
web/dist/483.****************.css 817 B
web/dist/483.****************.js 3.14 kB
web/dist/513.****************.js 8.39 kB
web/dist/513.****************.css 5.45 kB
web/dist/616.****************.css 765 B
web/dist/629.****************.js 1.47 kB
web/dist/629.****************.css 493 B
web/dist/659.****************.css 4.23 kB
web/dist/659.****************.js 8.47 kB
web/dist/752.****************.js 6.39 kB
web/dist/752.****************.css 2.78 kB
web/dist/778.****************.css 493 B
web/dist/778.****************.js 494 B
web/dist/833.****************.css 2.82 kB
web/dist/833.****************.js 6.06 kB
web/dist/846.****************.css 2.23 kB
web/dist/846.****************.js 3.43 kB
web/dist/909.****************.js 5.39 kB
web/dist/alert.****************.svg 745 B
web/dist/award.****************.svg 334 B
web/dist/background-wave-error.****************.svg 402 B
web/dist/background-wave-success.****************.svg 550 B
web/dist/background-wave.****************.svg 284 B
web/dist/bbc.****************.svg 5.4 kB
web/dist/certificate-of-contribution-to-open-source-multilingual-technology.****************.png 484 kB
web/dist/challenge-mtn-post.****************.svg 3.3 kB
web/dist/challenge-mtn-pre.****************.svg 3.36 kB
web/dist/checkmark.****************.svg 313 B
web/dist/chevron-left.****************.svg 292 B
web/dist/chevron-right.****************.svg 294 B
web/dist/chrome-color.****************.svg 1.96 kB
web/dist/close-black.****************.svg 820 B
web/dist/close.****************.svg 145 B
web/dist/common-voice-mars-neutral.****************.png 126 kB
web/dist/contact.****************.svg 971 B
web/dist/contribute.****************.png 600 kB
web/dist/cv-logo-black.****************.svg 2.33 kB
web/dist/cv-logo-white.****************.svg 2.85 kB
web/dist/dashboard.****************.png 955 kB
web/dist/datasets-intro-background-triangle.****************.svg 446 B
web/dist/datasets-intro-background.****************.svg 505 B
web/dist/deepspeech.****************.png 10.7 kB
web/dist/deepspeech@2x.****************.png 31.6 kB
web/dist/deepspeech@3x.****************.png 63.2 kB
web/dist/discord.****************.svg 18.4 kB
web/dist/discourse.****************.png 16.4 kB
web/dist/discourse.****************.svg 473 B
web/dist/discourse@2x.****************.png 44.8 kB
web/dist/discourse@3x.****************.png 74 kB
web/dist/donate-banner-desktop-coral.****************.svg 600 B
web/dist/donate-banner-desktop-pink.****************.svg 600 B
web/dist/donate-bg1.****************.png 57.8 kB
web/dist/donate-bg2.****************.png 43.4 kB
web/dist/down-arrow.****************.svg 399 B
web/dist/dropdown-arrow.****************.svg 165 B
web/dist/email-bg-light.****************.png 12.7 kB
web/dist/email-bg-md-light.****************.svg 919 B
web/dist/email-bg-md.****************.svg 1.11 kB
web/dist/email-bg-partnerships.****************.png 287 kB
web/dist/email-bg.****************.png 4.27 kB
web/dist/exclamation.****************.svg 534 B
web/dist/fast-company.****************.svg 19.8 kB
web/dist/feedback.****************.png 26.4 kB
web/dist/feedback@2x.****************.png 82.8 kB
web/dist/feedback@3x.****************.png 269 kB
web/dist/ff-color.****************.svg 4.21 kB
web/dist/ff-logo.****************.svg 392 kB
web/dist/financial-times.****************.svg 42.3 kB
web/dist/github.****************.svg 851 B
web/dist/globe_black.****************.svg 930 B
web/dist/grid.****************.svg 387 B
web/dist/guidelines-waves-footer-small.****************.png 11.8 kB
web/dist/guidelines-waves-footer.****************.png 154 kB
web/dist/guidelines-waves.****************.png 225 kB
web/dist/happy-mars@2x.****************.png 23 kB
web/dist/hex-done.****************.svg 336 B
web/dist/hex.****************.svg 300 B
web/dist/home-bg-waves.****************.png 824 kB
web/dist/home.****************.svg 506 B
web/dist/ibm.****************.svg 498 B
web/dist/idea-light-bulb.****************.svg 285 B
web/dist/keyboard.****************.svg 354 B
web/dist/languages/test.json 20 B
web/dist/lenovo.****************.svg 912 B
web/dist/librispeech.****************.png 161 B
web/dist/listen-bg.****************.svg 1.91 kB
web/dist/mail.****************.svg 998 B
web/dist/main.****************.js 50.4 kB
web/dist/main.****************.css 10.3 kB
web/dist/mars-avatar.****************.svg 1.35 kB
web/dist/mars-email-success.****************.svg 7.66 kB
web/dist/mars-request.****************.svg 6.94 kB
web/dist/mars-sad.****************.svg 6.14 kB
web/dist/mars.****************.svg 2.63 kB
web/dist/mesh.****************.svg 492 B
web/dist/mic.****************.svg 435 B
web/dist/MIT-technology-review.****************.svg 14.4 kB
web/dist/mozilla-common-voice_foundation-academia.****************.png 10.2 kB
web/dist/mozilla-common-voice_foundation-community.****************.png 10.9 kB
web/dist/mozilla-common-voice_foundation-corporates.****************.png 11.9 kB
web/dist/mozilla-common-voice_foundation-foundations.****************.png 12.3 kB
web/dist/mozilla-common-voice_foundation-governments.****************.png 7.51 kB
web/dist/mozilla-common-voice_foundation-mars_small.****************.png 24 kB
web/dist/mozilla-common-voice_foundation-mars.****************.png 49.3 kB
web/dist/mozilla-common-voice_foundation-small-business.****************.png 10.6 kB
web/dist/mozilla-logo.****************.svg 880 B
web/dist/mozilla.****************.svg 468 B
web/dist/nvidia-logo.****************.svg 23.8 kB
web/dist/play.****************.svg 2.1 kB
web/dist/plus.****************.svg 333 B
web/dist/question-mark.****************.svg 755 B
web/dist/red-robot.****************.svg 1.1 MB
web/dist/releases/cv-corpus-1.json 2.91 kB
web/dist/releases/cv-corpus-10.0-2022-07-04.json 14.5 kB
web/dist/releases/cv-corpus-10.0-delta-2022-07-04.json 7.49 kB
web/dist/releases/cv-corpus-11.0-2022-09-21.json 15 kB
web/dist/releases/cv-corpus-2.json 4.32 kB
web/dist/releases/cv-corpus-3.json 4.42 kB
web/dist/releases/cv-corpus-4-2019-12-10.json 5.48 kB
web/dist/releases/cv-corpus-5-2020-06-22.json 9.77 kB
web/dist/releases/cv-corpus-5-singleword.json 2.53 kB
web/dist/releases/cv-corpus-5.1-2020-06-22.json 9.78 kB
web/dist/releases/cv-corpus-5.1-singleword.json 2.51 kB
web/dist/releases/cv-corpus-6.0-2020-12-11.json 10.5 kB
web/dist/releases/cv-corpus-6.0-singleword.json 3.42 kB
web/dist/releases/cv-corpus-6.1-2020-12-11.json 10.7 kB
web/dist/releases/cv-corpus-6.1-singleword.json 3.51 kB
web/dist/releases/cv-corpus-7.0-2021-07-21.json 13.1 kB
web/dist/releases/cv-corpus-7.0-singleword.json 3.63 kB
web/dist/releases/cv-corpus-8.0-2022-01-19.json 13.2 kB
web/dist/releases/cv-corpus-9.0-2022-04-27.json 14.4 kB
web/dist/review-waves.****************.png 20.4 kB
web/dist/robot.****************.png 52.1 kB
web/dist/runtime.****************.js 2.6 kB
web/dist/safari-color.****************.svg 8.6 kB
web/dist/sap.****************.svg 842 B
web/dist/search.****************.svg 432 B
web/dist/segment-dots.****************.svg 474 B
web/dist/sodedif.****************.png 1.96 kB
web/dist/sound-waves-1.****************.png 54.7 kB
web/dist/sound-waves-2.****************.png 20.9 kB
web/dist/speak-bg.****************.svg 1.92 kB
web/dist/star.****************.svg 562 B
web/dist/stars-disabled.****************.svg 2.06 kB
web/dist/stars.****************.svg 2.1 kB
web/dist/success.****************.svg 1.44 kB
web/dist/support.****************.svg 1.9 kB
web/dist/table.****************.png 217 kB
web/dist/tatoeba.****************.png 21 kB
web/dist/ted.****************.png 178 B
web/dist/upload.****************.svg 546 B
web/dist/vendors.****************.js 400 kB
web/dist/venture-beat.****************.svg 61.7 kB
web/dist/voxforge.****************.png 10.5 kB
web/dist/wave-1.****************.svg 446 B
web/dist/wave-2.****************.svg 809 B
web/dist/wave-3.****************.svg 468 B
web/dist/wave-blue.****************.svg 4.39 kB
web/dist/wave-eq.****************.svg 1.03 kB
web/dist/wave-fading.****************.svg 346 B
web/dist/wave-grey.****************.svg 1.83 kB
web/dist/wave-top.****************.png 5.3 kB
web/dist/wave.****************.png 196 kB
web/dist/wave.****************.svg 1.04 kB
web/dist/waves-md.****************.svg 1.65 kB
web/dist/waves-small.****************.png 35.1 kB
web/dist/waves.****************.svg 1.78 kB
web/dist/waves.****************.png 33.4 kB
web/dist/waves@2x.****************.png 114 kB
web/dist/waves@3x.****************.png 228 kB

compressed-size-action

@renovate renovate bot force-pushed the renovate/npm-sentry-node-vulnerability branch from 02908b0 to bcc6e0f Compare January 30, 2025 18:36
@renovate renovate bot force-pushed the renovate/npm-sentry-node-vulnerability branch from bcc6e0f to ac75755 Compare January 30, 2025 22:23
@renovate renovate bot merged commit d647b33 into main Jan 31, 2025
2 checks passed
@renovate renovate bot deleted the renovate/npm-sentry-node-vulnerability branch January 31, 2025 02:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@moz-dfeller moz-dfeller Awaiting requested review from moz-dfeller moz-dfeller is a code owner automatically assigned from common-voice/cv-engineers

Assignees
No one assigned
Labels
Dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants