fix(deps): update dependency @sentry/react-native to v5.19.1 [security] #1235
+156
−104
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
5.16.0
->5.19.1
GitHub Vulnerability Alerts
GHSA-68c2-4mpx-qh95
Impact
SDK versions between and including 5.16.0 and 5.19.0 allowed Sentry auth tokens to be set in the optional authToken configuration parameter, for debugging purposes. Doing so would result in the auth token being built into the application bundle, and therefore the auth token could be potentially exposed in case the application bundle is subsequently published.
You may ignore this notification if you are not using
authToken
configuration parameter in your React Native SDK configuration or did not publish apps using this way of configuring theauthToken
.If you had set the
authToken
in the plugin config previously, and built and published an app with that config, you should rotate your token.Patches
The behavior that allowed setting an
authToken
parameter was fixed in SDK version 5.19.1 where, if this parameter was set, you will see a warning and theauthToken
would be removed before bundling the application.Workarounds
authToken
from the plugin configuration.authToken
in the plugin config previously, and built and published an app with that config, you should rotate your token.References
Release Notes
getsentry/sentry-react-native (@sentry/react-native)
v5.19.1
Compare Source
Fixes
authToken
to application bundle (#3630)SENTRY_AUTH_TOKEN
env variable, as pointed out in our docs.authToken
from the plugin config if it was set.v5.19.0
Compare Source
This release contains upgrade of
sentry-android
dependency to major version 7. There are no breaking changes in the JS API. If you are using the Android API please check the migration guide.Features
Add Android profiles to React Native Profiling (#3397)
Add
Sentry.metrics
(#3590)To learn more, see the Set Up Metrics guide.
Fixes
node
not found inWITH_ENVIRONMENT
(#3573)proguardUuid
loading on Android (#3591)Dependencies
v5.18.0
Compare Source
Features
Add
@spotlightjs/spotlight
support (#3550)Download the
Spotlight
desktop application and add the integration to yourSentry.init
.Only upload Expo artifact if source map exists (#3568)
Read
.env
file insentry-expo-upload-sourcemaps
(#3571)Fixes
@sentry/react-native/expo
config when uploading artifacts (#3557)v5.17.0
Compare Source
Features
New Sentry Metro configuration function
withSentryConfig
(#3478)createSentryMetroSerializer
Add experimental visionOS support (#3467)
react-native-visionos
with the Sentry React Native SDK follow the standardiOS
guides.visionos
folder instead ofios
.Fixes
WITH_ENVIRONMENT
overwrite insentry-xcode-debug-files.sh
(#3525)$NODE_BINARY
to execute Sentry CLI in Xcode scripts (#3493)Dependencies
Configuration
📅 Schedule: Branch creation - "" in timezone Europe/Paris, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.