Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

fix(deps): update dependency @sentry/node to v8.49.0 [security] #212

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix(deps): update dependency @sentry/node to v8.49.0 [security] #212

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jan 28, 2025

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
@sentry/node (source) 8.48.0 -> 8.49.0 age adoption passing confidence

GitHub Vulnerability Alerts

GHSA-r5w7-f542-q2j4

Impact

The ContextLines integration uses readable streams to more efficiently use memory when reading files. The ContextLines integration is used to attach source context to outgoing events.

The stream was not explicitly closed after use. This could lead to excessive amounts of file handles open on the system and potentially lead to a Denial of Service (DoS).

The ContextLines integration is enabled by default in the Node SDK (@sentry/node) and SDKs that run in Node.js environments (@sentry/astro, @sentry/aws-serverless, @sentry/bun, @sentry/google-cloud-serverless, @sentry/nestjs, @sentry/nextjs, @sentry/nuxt, @sentry/remix, @sentry/solidstart, @sentry/sveltekit).

Patches

Users should upgrade to version 8.49.0 or higher.

Workarounds

To remediate this issue in affected versions without upgrading to version 8.49.0 and above you can disable the ContextLines integration. See the docs for more details.

Sentry.init({
  // ...
  integrations: function (integrations) {
    // integrations will be all default integrations
    return integrations.filter(function (integration) {
      return integration.name !== "ContextLines";
    });
  },
});

If you disable the ContextLines integration, you will lose source context on your error events.

References

Release Notes

getsentry/sentry-javascript (@​sentry/node)

v8.49.0

Compare Source

  • feat(v8/browser): Flush offline queue on flush and browser online event (#​14969)
  • feat(v8/react): Add a handled prop to ErrorBoundary (#​14978)
  • fix(profiling/v8): Don't put require, __filename and __dirname on global object (#​14952)
  • fix(v8/node): Enforce that ContextLines integration does not leave open file handles (#​14997)
  • fix(v8/replay): Disable mousemove sampling in rrweb for iOS browsers (#​14944)
  • fix(v8/sveltekit): Ensure source maps deletion is called after source ma… (#​14963)
  • fix(v8/vue): Re-throw error when no errorHandler exists (#​14943)

Work in this release was contributed by @​HHK1 and @​mstrokin. Thank you for your contribution!

Bundle size 📦

Path Size
@​sentry/browser 23.29 KB
@​sentry/browser - with treeshaking flags 21.96 KB
@​sentry/browser (incl. Tracing) 35.85 KB
@​sentry/browser (incl. Tracing, Replay) 73.19 KB
@​sentry/browser (incl. Tracing, Replay) - with treeshaking flags 63.58 KB
@​sentry/browser (incl. Tracing, Replay with Canvas) 77.5 KB
@​sentry/browser (incl. Tracing, Replay, Feedback) 89.44 KB
@​sentry/browser (incl. Feedback) 39.5 KB
@​sentry/browser (incl. sendFeedback) 27.89 KB
@​sentry/browser (incl. FeedbackAsync) 32.69 KB
@​sentry/react 25.97 KB
@​sentry/react (incl. Tracing) 38.67 KB
@​sentry/vue 27.57 KB
@​sentry/vue (incl. Tracing) 37.71 KB
@​sentry/svelte 23.45 KB
CDN Bundle 24.49 KB
CDN Bundle (incl. Tracing) 37.56 KB
CDN Bundle (incl. Tracing, Replay) 72.84 KB
CDN Bundle (incl. Tracing, Replay, Feedback) 78.2 KB
CDN Bundle - uncompressed 71.93 KB
CDN Bundle (incl. Tracing) - uncompressed 111.42 KB
CDN Bundle (incl. Tracing, Replay) - uncompressed 225.68 KB
CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed 238.78 KB
@​sentry/nextjs (client) 38.92 KB
@​sentry/sveltekit (client) 36.36 KB
@​sentry/node 162.82 KB
@​sentry/node - without tracing 98.95 KB
@​sentry/aws-serverless 126.65 KB

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the security label Jan 28, 2025
@renovate renovate bot force-pushed the renovate/npm-sentry-node-vulnerability branch from 14f5959 to f55cf24 Compare February 9, 2025 14:41
@renovate renovate bot force-pushed the renovate/npm-sentry-node-vulnerability branch from f55cf24 to 10aadc2 Compare March 3, 2025 17:54
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants