storm-software / stormstack

⚡The StormStack monorepo contains utility applications, tools, and various libraries used to create modern, scalable web applications⚡
https://stormstack.github.io/stormstack/
Apache License 2.0
6 stars 0 forks source link

chore(deps): update dependency @sentry/nextjs to v7.77.0 [security] - autoclosed #30

Closed renovate[bot] closed 3 months ago

renovate[bot] commented 8 months ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
@sentry/nextjs (source) 7.73.0 -> 7.77.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2023-46729

Impact

An unsanitized input of Next.js SDK tunnel endpoint allows sending HTTP requests to arbitrary URLs and reflecting the response back to the user. This could open door for other attack vectors:

This issue only affects users who have Next.js SDK tunneling feature enabled.

Patches

The problem has been fixed in sentry/nextjs@7.77.0

Workarounds

Disable tunneling by removing the tunnelRoute option from Sentry Next.js SDK config — next.config.js or next.config.mjs.

References

Credits


Release Notes

getsentry/sentry-javascript (@​sentry/nextjs) ### [`v7.77.0`](https://togithub.com/getsentry/sentry-javascript/blob/HEAD/CHANGELOG.md#7770) [Compare Source](https://togithub.com/getsentry/sentry-javascript/compare/7.76.0...7.77.0) - feat: Move LinkedErrors integration to [@​sentry/core](https://togithub.com/sentry/core) ([#​9404](https://togithub.com/getsentry/sentry-javascript/issues/9404)) - feat(remix): Update sentry-cli version to ^2.21.2 ([#​9401](https://togithub.com/getsentry/sentry-javascript/issues/9401)) - feat(replay): Allow to treeshake & configure compression worker URL ([#​9409](https://togithub.com/getsentry/sentry-javascript/issues/9409)) - fix(angular-ivy): Adjust package entry points to support Angular 17 with SSR config ([#​9412](https://togithub.com/getsentry/sentry-javascript/issues/9412)) - fix(feedback): Fixing feedback import ([#​9403](https://togithub.com/getsentry/sentry-javascript/issues/9403)) - fix(nextjs): Match only numbers as orgid in tunnelRoute ([#​9416](https://togithub.com/getsentry/sentry-javascript/issues/9416)) - fix(nextjs): Strictly validate tunnel target parameters ([#​9415](https://togithub.com/getsentry/sentry-javascript/issues/9415)) - fix(utils): Avoid keeping a reference of last used event ([#​9387](https://togithub.com/getsentry/sentry-javascript/issues/9387)) ### [`v7.76.0`](https://togithub.com/getsentry/sentry-javascript/blob/HEAD/CHANGELOG.md#7760) [Compare Source](https://togithub.com/getsentry/sentry-javascript/compare/7.75.1...7.76.0) ##### Important Changes - **feat(core): Add cron monitor wrapper helper ([#​9395](https://togithub.com/getsentry/sentry-javascript/issues/9395))** This release adds `Sentry.withMonitor()`, a wrapping function that wraps a callback with a cron monitor that will automatically report completions and failures: ```ts import * as Sentry from '@​sentry/node'; // withMonitor() will send checkin when callback is started/finished // works with async and sync callbacks. const result = Sentry.withMonitor( 'dailyEmail', () => { // withCheckIn return value is same return value here return sendEmail(); }, // Optional upsert options { schedule: { type: 'crontab', value: '0 * * * *', }, // 🇨🇦🫡 timezone: 'Canada/Eastern', }, ); ``` ##### Other Changes - chore(angular-ivy): Allow Angular 17 in peer dependencies ([#​9386](https://togithub.com/getsentry/sentry-javascript/issues/9386)) - feat(nextjs): Instrument SSR page components ([#​9346](https://togithub.com/getsentry/sentry-javascript/issues/9346)) - feat(nextjs): Trace errors in page component SSR ([#​9388](https://togithub.com/getsentry/sentry-javascript/issues/9388)) - fix(nextjs): Instrument route handlers with `jsx` and `tsx` file extensions ([#​9362](https://togithub.com/getsentry/sentry-javascript/issues/9362)) - fix(nextjs): Trace with performance disabled ([#​9389](https://togithub.com/getsentry/sentry-javascript/issues/9389)) - fix(replay): Ensure `replay_id` is not added to DSC if session expired ([#​9359](https://togithub.com/getsentry/sentry-javascript/issues/9359)) - fix(replay): Remove unused parts of pako from build ([#​9369](https://togithub.com/getsentry/sentry-javascript/issues/9369)) - fix(serverless): Don't mark all errors as unhandled ([#​9368](https://togithub.com/getsentry/sentry-javascript/issues/9368)) - fix(tracing-internal): Fix case when middleware contain array of routes with special chars as @​ ([#​9375](https://togithub.com/getsentry/sentry-javascript/issues/9375)) - meta(nextjs): Bump peer deps for Next.js 14 ([#​9390](https://togithub.com/getsentry/sentry-javascript/issues/9390)) Work in this release contributed by [@​LubomirIgonda1](https://togithub.com/LubomirIgonda1). Thank you for your contribution! ### [`v7.75.1`](https://togithub.com/getsentry/sentry-javascript/blob/HEAD/CHANGELOG.md#7751) [Compare Source](https://togithub.com/getsentry/sentry-javascript/compare/7.75.0...7.75.1) - feat(browser): Allow collecting of pageload profiles ([#​9317](https://togithub.com/getsentry/sentry-javascript/issues/9317)) - fix(browser): Correct timestamp on pageload profiles ([#​9350](https://togithub.com/getsentry/sentry-javascript/issues/9350)) - fix(nextjs): Use webpack plugin release value to inject release ([#​9348](https://togithub.com/getsentry/sentry-javascript/issues/9348)) ### [`v7.75.0`](https://togithub.com/getsentry/sentry-javascript/releases/tag/7.75.0) [Compare Source](https://togithub.com/getsentry/sentry-javascript/compare/7.74.1...7.75.0) ##### Important Changes - **feat(opentelemetry): Add new `@sentry/opentelemetry` package ([#​9238](https://togithub.com/getsentry/sentry-javascript/issues/9238))** This release publishes a new package, `@sentry/opentelemetry`. This is a runtime agnostic replacement for `@sentry/opentelemetry-node` and exports a couple of useful utilities which can be used to use Sentry together with OpenTelemetry. You can read more about [@​sentry/opentelemetry in the Readme](https://togithub.com/getsentry/sentry-javascript/tree/develop/packages/opentelemetry). - **feat(replay): Allow to treeshake rrweb features ([#​9274](https://togithub.com/getsentry/sentry-javascript/issues/9274))** Starting with this release, you can configure the following build-time flags in order to reduce the SDK bundle size: - `__RRWEB_EXCLUDE_CANVAS__` - `__RRWEB_EXCLUDE_IFRAME__` - `__RRWEB_EXCLUDE_SHADOW_DOM__` You can read more about [tree shaking in our docs](https://docs.sentry.io/platforms/javascript/configuration/tree-shaking/). ##### Other Changes - build(deno): Prepare Deno SDK for release on npm ([#​9281](https://togithub.com/getsentry/sentry-javascript/issues/9281)) - feat: Remove tslib ([#​9299](https://togithub.com/getsentry/sentry-javascript/issues/9299)) - feat(node): Add abnormal session support for ANR ([#​9268](https://togithub.com/getsentry/sentry-javascript/issues/9268)) - feat(node): Remove `lru_map` dependency ([#​9300](https://togithub.com/getsentry/sentry-javascript/issues/9300)) - feat(node): Vendor `cookie` module ([#​9308](https://togithub.com/getsentry/sentry-javascript/issues/9308)) - feat(replay): Share performance instrumentation with tracing ([#​9296](https://togithub.com/getsentry/sentry-javascript/issues/9296)) - feat(types): Add missing Profiling types (macho debug image, profile measurements, stack frame properties) ([#​9277](https://togithub.com/getsentry/sentry-javascript/issues/9277)) - feat(types): Add statsd envelope types ([#​9304](https://togithub.com/getsentry/sentry-javascript/issues/9304)) - fix(astro): Add integration default export to types entry point ([#​9337](https://togithub.com/getsentry/sentry-javascript/issues/9337)) - fix(astro): Convert SDK init file import paths to POSIX paths ([#​9336](https://togithub.com/getsentry/sentry-javascript/issues/9336)) - fix(astro): Make `Replay` and `BrowserTracing` integrations tree-shakeable ([#​9287](https://togithub.com/getsentry/sentry-javascript/issues/9287)) - fix(integrations): Fix transaction integration ([#​9334](https://togithub.com/getsentry/sentry-javascript/issues/9334)) - fix(nextjs): Restore `autoInstrumentMiddleware` functionality ([#​9323](https://togithub.com/getsentry/sentry-javascript/issues/9323)) - fix(nextjs): Guard for case where `getInitialProps` may return undefined ([#​9342](https://togithub.com/getsentry/sentry-javascript/issues/9342)) - fix(node-experimental): Make node-fetch support optional ([#​9321](https://togithub.com/getsentry/sentry-javascript/issues/9321)) - fix(node): Check buffer length when attempting to parse ANR frame ([#​9314](https://togithub.com/getsentry/sentry-javascript/issues/9314)) - fix(replay): Fix xhr start timestamps ([#​9341](https://togithub.com/getsentry/sentry-javascript/issues/9341)) - fix(tracing-internal): Remove query params from urls with a trailing slash ([#​9328](https://togithub.com/getsentry/sentry-javascript/issues/9328)) - fix(types): Remove typo with CheckInEnvelope ([#​9303](https://togithub.com/getsentry/sentry-javascript/issues/9303)) #### Bundle size 📦 | Path | Size | | ---------------------------------------------------------------------------------- | ----------------- | | [@​sentry/browser](https://togithub.com/sentry/browser) (incl. Tracing, Replay) - Webpack (gzipped) | 82.66 KB | | [@​sentry/browser](https://togithub.com/sentry/browser) (incl. Tracing, Replay) - Webpack with treeshaking flags (gzipped) | 71.77 KB | | [@​sentry/browser](https://togithub.com/sentry/browser) (incl. Tracing) - Webpack (gzipped) | 30.94 KB | | [@​sentry/browser](https://togithub.com/sentry/browser) - Webpack (gzipped) | 21.26 KB | | [@​sentry/browser](https://togithub.com/sentry/browser) (incl. Tracing, Replay) - ES6 CDN Bundle (gzipped) | 73.03 KB | | [@​sentry/browser](https://togithub.com/sentry/browser) (incl. Tracing) - ES6 CDN Bundle (gzipped) | 28.93 KB | | [@​sentry/browser](https://togithub.com/sentry/browser) - ES6 CDN Bundle (gzipped) | 21.09 KB | | [@​sentry/browser](https://togithub.com/sentry/browser) (incl. Tracing, Replay) - ES6 CDN Bundle (minified & uncompressed) | 233.81 KB | | [@​sentry/browser](https://togithub.com/sentry/browser) (incl. Tracing) - ES6 CDN Bundle (minified & uncompressed) | 87.77 KB | | [@​sentry/browser](https://togithub.com/sentry/browser) - ES6 CDN Bundle (minified & uncompressed) | 62.76 KB | | [@​sentry/browser](https://togithub.com/sentry/browser) (incl. Tracing) - ES5 CDN Bundle (gzipped) | 31.71 KB | | [@​sentry/react](https://togithub.com/sentry/react) (incl. Tracing, Replay) - Webpack (gzipped) | 83.05 KB | | [@​sentry/react](https://togithub.com/sentry/react) - Webpack (gzipped) | 21.29 KB | | [@​sentry/nextjs](https://togithub.com/sentry/nextjs) Client (incl. Tracing, Replay) - Webpack (gzipped) | 99.43 KB | | [@​sentry/nextjs](https://togithub.com/sentry/nextjs) Client - Webpack (gzipped) | 47.83 KB | ### [`v7.74.1`](https://togithub.com/getsentry/sentry-javascript/blob/HEAD/CHANGELOG.md#7741) [Compare Source](https://togithub.com/getsentry/sentry-javascript/compare/7.74.0...7.74.1) - chore(astro): Add `astro-integration` keyword ([#​9265](https://togithub.com/getsentry/sentry-javascript/issues/9265)) - fix(core): Narrow filters for health check transactions ([#​9257](https://togithub.com/getsentry/sentry-javascript/issues/9257)) - fix(nextjs): Fix HMR by inserting new entrypoints at the end ([#​9267](https://togithub.com/getsentry/sentry-javascript/issues/9267)) - fix(nextjs): Fix resolution of request async storage module ([#​9259](https://togithub.com/getsentry/sentry-javascript/issues/9259)) - fix(node-experimental): Guard against missing `fetch` ([#​9275](https://togithub.com/getsentry/sentry-javascript/issues/9275)) - fix(remix): Update `defer` injection logic. ([#​9242](https://togithub.com/getsentry/sentry-javascript/issues/9242)) - fix(tracing-internal): Parameterize express middleware parameters ([#​8668](https://togithub.com/getsentry/sentry-javascript/issues/8668)) - fix(utils): Move Node specific ANR impl. out of utils ([#​9258](https://togithub.com/getsentry/sentry-javascript/issues/9258)) Work in this release contributed by [@​LubomirIgonda1](https://togithub.com/LubomirIgonda1). Thank you for your contribution! ### [`v7.74.0`](https://togithub.com/getsentry/sentry-javascript/releases/tag/7.74.0) [Compare Source](https://togithub.com/getsentry/sentry-javascript/compare/7.73.0...7.74.0) ##### Important Changes - **feat(astro): Add `sentryAstro` integration ([#​9218](https://togithub.com/getsentry/sentry-javascript/issues/9218))** This Release introduces the first alpha version of our new SDK for Astro. At this time, the SDK is considered experimental and things might break and change in future versions. The core of the SDK is an Astro integration which you easily add to your Astro config: ```js // astro.config.js import { defineConfig } from "astro/config"; import sentry from "@​sentry/astro"; export default defineConfig({ integrations: [ sentry({ dsn: "__DSN__", sourceMapsUploadOptions: { project: "astro", authToken: process.env.SENTRY_AUTH_TOKEN, }, }), ], }); ``` Check out the [README](./packages/astro/README.md) for usage instructions and what to expect from this alpha release. ##### Other Changes - feat(core): Add `addIntegration` utility ([#​9186](https://togithub.com/getsentry/sentry-javascript/issues/9186)) - feat(core): Add `continueTrace` method ([#​9164](https://togithub.com/getsentry/sentry-javascript/issues/9164)) - feat(node-experimental): Add NodeFetch integration ([#​9226](https://togithub.com/getsentry/sentry-javascript/issues/9226)) - feat(node-experimental): Use native OTEL Spans ([#​9161](https://togithub.com/getsentry/sentry-javascript/issues/9161), [#​9214](https://togithub.com/getsentry/sentry-javascript/issues/9214)) - feat(node-experimental): Sample in OTEL Sampler ([#​9203](https://togithub.com/getsentry/sentry-javascript/issues/9203)) - feat(serverlesss): Allow disabling transaction traces ([#​9154](https://togithub.com/getsentry/sentry-javascript/issues/9154)) - feat(tracing): Allow direct pg module to enable esbuild support ([#​9227](https://togithub.com/getsentry/sentry-javascript/issues/9227)) - feat(utils): Move common node ANR code to utils ([#​9191](https://togithub.com/getsentry/sentry-javascript/issues/9191)) - feat(vue): Expose `VueIntegration` to initialize vue app later ([#​9180](https://togithub.com/getsentry/sentry-javascript/issues/9180)) - fix: Don't set `referrerPolicy` on serverside fetch transports ([#​9200](https://togithub.com/getsentry/sentry-javascript/issues/9200)) - fix: Ensure we never mutate options passed to `init` ([#​9162](https://togithub.com/getsentry/sentry-javascript/issues/9162)) - fix(ember): Avoid pulling in utils at build time ([#​9221](https://togithub.com/getsentry/sentry-javascript/issues/9221)) - fix(ember): Drop undefined config values ([#​9175](https://togithub.com/getsentry/sentry-javascript/issues/9175)) - fix(node): Ensure mysql integration works without callback ([#​9222](https://togithub.com/getsentry/sentry-javascript/issues/9222)) - fix(node): Only require `inspector` when needed ([#​9149](https://togithub.com/getsentry/sentry-javascript/issues/9149)) - fix(node): Remove ANR `debug` option and instead add logger.isEnabled() ([#​9230](https://togithub.com/getsentry/sentry-javascript/issues/9230)) - fix(node): Strip `.mjs` and `.cjs` extensions from module name ([#​9231](https://togithub.com/getsentry/sentry-javascript/issues/9231)) - fix(replay): bump rrweb to 2.0.1 ([#​9240](https://togithub.com/getsentry/sentry-javascript/issues/9240)) - fix(replay): Fix potential broken CSS in styled-components ([#​9234](https://togithub.com/getsentry/sentry-javascript/issues/9234)) - fix(sveltekit): Flush in server wrappers before exiting ([#​9153](https://togithub.com/getsentry/sentry-javascript/issues/9153)) - fix(types): Update signature of `processEvent` integration hook ([#​9151](https://togithub.com/getsentry/sentry-javascript/issues/9151)) - fix(utils): Dereference DOM events after they have servered their purpose ([#​9224](https://togithub.com/getsentry/sentry-javascript/issues/9224)) - ref(integrations): Refactor pluggable integrations to use `processEvent` ([#​9021](https://togithub.com/getsentry/sentry-javascript/issues/9021)) - ref(serverless): Properly deprecate `rethrowAfterCapture` option ([#​9159](https://togithub.com/getsentry/sentry-javascript/issues/9159)) - ref(utils): Deprecate `walk` method ([#​9157](https://togithub.com/getsentry/sentry-javascript/issues/9157)) Work in this release contributed by [@​aldenquimby](https://togithub.com/aldenquimby). Thank you for your contributions! ##### Bundle size 📦 | Path | Size | | ---------------------------------------------------------------------------------- | ----------------- | | [@​sentry/browser](https://togithub.com/sentry/browser) (incl. Tracing, Replay) - Webpack (gzipped) | 84.27 KB | | [@​sentry/browser](https://togithub.com/sentry/browser) (incl. Tracing) - Webpack (gzipped) | 31.43 KB | | [@​sentry/browser](https://togithub.com/sentry/browser) - Webpack (gzipped) | 22.02 KB | | [@​sentry/browser](https://togithub.com/sentry/browser) (incl. Tracing, Replay) - ES6 CDN Bundle (gzipped) | 78.79 KB | | [@​sentry/browser](https://togithub.com/sentry/browser) (incl. Tracing) - ES6 CDN Bundle (gzipped) | 28.6 KB | | [@​sentry/browser](https://togithub.com/sentry/browser) - ES6 CDN Bundle (gzipped) | 21.02 KB | | [@​sentry/browser](https://togithub.com/sentry/browser) (incl. Tracing, Replay) - ES6 CDN Bundle (minified & uncompressed) | 254.51 KB | | [@​sentry/browser](https://togithub.com/sentry/browser) (incl. Tracing) - ES6 CDN Bundle (minified & uncompressed) | 86.76 KB | | [@​sentry/browser](https://togithub.com/sentry/browser) - ES6 CDN Bundle (minified & uncompressed) | 62.45 KB | | [@​sentry/browser](https://togithub.com/sentry/browser) (incl. Tracing) - ES5 CDN Bundle (gzipped) | 31.48 KB | | [@​sentry/react](https://togithub.com/sentry/react) (incl. Tracing, Replay) - Webpack (gzipped) | 84.3 KB | | [@​sentry/react](https://togithub.com/sentry/react) - Webpack (gzipped) | 22.06 KB | | [@​sentry/nextjs](https://togithub.com/sentry/nextjs) Client (incl. Tracing, Replay) - Webpack (gzipped) | 102.21 KB | | [@​sentry/nextjs](https://togithub.com/sentry/nextjs) Client - Webpack (gzipped) | 50.96 KB |

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.



This PR was generated by Mend Renovate. View the repository job log.

sonarcloud[bot] commented 8 months ago

Quality Gate Passed Quality Gate passed

Issues
0 New issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

socket-security[bot] commented 8 months ago

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@noble/hashes@1.3.2 None 0 747 kB paulmillr
npm/@nx-plus/docusaurus@15.0.0-rc.0 Transitive: environment, filesystem, shell, unsafe +2 942 kB zachjw34
npm/@nx/cypress@16.9.1 Transitive: environment, filesystem, shell, unsafe +50 9.56 MB nrwl-jason
npm/@nx/devkit@16.7.0 environment, filesystem, shell, unsafe +1 189 kB nrwl-jason
npm/@nx/devkit@16.9.1 environment, filesystem, shell, unsafe +1 158 kB nrwl-jason
npm/@nx/esbuild@16.9.1 Transitive: environment, filesystem, shell, unsafe +46 8.83 MB nrwl-jason
npm/@nx/eslint-plugin@16.9.1 filesystem Transitive: environment, shell, unsafe +46 8.91 MB nrwl-jason
npm/@nx/jest@16.9.1 unsafe Transitive: environment, filesystem, shell +53 9.44 MB nrwl-jason
npm/@nx/linter@16.9.1 shell Transitive: environment, filesystem, unsafe +48 9.36 MB nrwl-jason
npm/@nx/next@16.9.1 environment, filesystem Transitive: shell, unsafe +54 10.3 MB nrwl-jason
npm/@nx/node@16.9.1 Transitive: environment, filesystem, shell, unsafe +59 10.1 MB nrwl-jason
npm/@nx/plugin@16.9.1 Transitive: environment, filesystem, shell, unsafe +59 10.2 MB nrwl-jason
npm/@nx/react@16.9.1 Transitive: environment, filesystem, shell, unsafe +52 10 MB nrwl-jason
npm/@nx/rollup@16.9.1 environment, filesystem Transitive: shell, unsafe +46 8.83 MB nrwl-jason
npm/@nx/storybook@16.9.1 filesystem Transitive: environment, shell, unsafe +52 9.8 MB nrwl-jason
npm/@nx/vite@16.9.1 environment Transitive: filesystem, shell, unsafe +46 9.19 MB nrwl-jason
npm/@nx/web@16.9.1 Transitive: environment, filesystem, shell, unsafe +46 8.93 MB nrwl-jason
npm/@nx/webpack@16.9.1 environment, filesystem Transitive: shell, unsafe +46 8.97 MB nrwl-jason
npm/@nx/workspace@16.9.1 environment, filesystem Transitive: shell, unsafe +3 442 kB nrwl-jason
npm/@nxkit/style-dictionary@3.0.2 filesystem 0 945 kB sebastiandg7
npm/@opentelemetry/api@1.6.0 None 0 780 kB pichlermarc

🚮 Removed packages: npm/@angular-devkit/architect@0.1602.5, npm/@angular-devkit/core@16.2.5, npm/@angular-devkit/schematics@16.2.5, npm/fsevents@2.3.3, npm/lodash@4.17.21, npm/pluralize@8.0.0, npm/semver@7.5.4, npm/tslib@2.6.2

View full report↗︎