-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Snyk] Upgrade @sentry/react from 7.16.0 to 8.17.0 #791
base: main
Are you sure you want to change the base?
Conversation
Snyk has created this PR to upgrade @sentry/react from 7.16.0 to 8.17.0. See this package in npm: @sentry/react See this project in Snyk: https://app.snyk.io/org/q1blue-rxw/project/5b430cad-b455-40c7-a7ff-af5a8804e8ca?utm_source=github&utm_medium=referral&page=upgrade-pr
|
🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎ To accept the risk, merge this PR and you will not be notified again.
Next stepsWhat is an install script?Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts. Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead. Take a deeper look at the dependencyTake a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev. Remove the packageIf you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency. Mark a package as acceptable riskTo ignore an alert, reply with a comment starting with
|
Snyk has created this PR to upgrade @sentry/react from 7.16.0 to 8.17.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 191 versions ahead of your current version.
The recommended version was released on 22 days ago.
Release notes
Package name: @sentry/react
Bundle size 📦
Important Changes
Previously, the
@ sentry/nextjs
SDK automatically recorded spans in the form of transactions for each of your top-levelserver components (pages, layouts, ...). This approach had a few drawbacks, the main ones being that traces didn't have
a root span, and more importantly, if you had data stream to the client, its duration was not captured because the
server component spans had finished before the data could finish streaming.
With this release, we will capture the duration of App Router requests in their entirety as a single transaction with
server component spans being descendants of that transaction. This means you will get more data that is also more
accurate. Note that this does not apply to the Edge runtime. For the Edge runtime, the SDK will emit transactions as it
has before.
Generally speaking, this change means that you will see less transactions and more spans in Sentry. You will no
longer receive server component transactions like
Page Server Component (/path/to/route)
(unless using the Edgeruntime), and you will instead receive transactions for your App Router SSR requests that look like
GET /path/to/route
.If you are on Sentry SaaS, this may have an effect on your quota consumption: Less transactions, more spans.
The
@ sentry/nestjs
SDK now includes a@ SentryCron
decorator that can be used to augment the native NestJS@ Cron
decorator to send check-ins to Sentry before and after each cron job run:
import { SentryCron, MonitorConfig } from '@ sentry/nestjs';
import type { MonitorConfig } from '@ sentry/types';
const monitorConfig: MonitorConfig = {
schedule: {
type: 'crontab',
value: '* * * * *',
},
checkinMargin: 2, // In minutes. Optional.
maxRuntime: 10, // In minutes. Optional.
timezone: 'America/Los_Angeles', // Optional.
};
export class MyCronService {
@Cron('* * * * *')
@SentryCron('my-monitor-slug', monitorConfig)
handleCron() {
// Your cron job logic here
}
}
Other Changes
httpIntegration
(#12761)addPluginTemplate
(#12760)h
import inScreenshotEditor
(#12784)autoSessionTracking
is enabled by default (#12790)Bundle size 📦
on
(#11710)spanTimeInputToSeconds
for otel span exporter (#12699)lazyLoadIntegration
(#12766)jsxRuntime: 'classic'
to prevent breaking react 17 (#12775)getStack()
(#12737)Work in this release was contributed by @ arturovt and @ jaulz. Thank you for your contributions!
Bundle size 📦
Important Changes
The
@ sentry/nestjs
SDK no longer captures 4xx errors automatically.Other Changes
JSX
(#12691)registerEsmLoaderHooks
option (#12684)afterAllSetup
instead of next tick (#12709)Work in this release was contributed by @ quisido. Thank you for your contribution!
Bundle size 📦
Important Changes
@ sentry/nestjs
)in alpha state. The SDK is a drop-in replacement for the Sentry Node SDK (
@ sentry/node
) supporting the same set offeatures. See the docs for how to use the SDK.
Other Changes
2.20.1
(#12641)Bundle size 📦
Important Changes
This release introduces breaking changes to the
@ sentry/solid
package (which is currently out in alpha).We've made it easier to get started with the solid router integration by removing the need to pass use* hooks
explicitly to
solidRouterBrowserTracingIntegration
. ImportsolidRouterBrowserTracingIntegration
from@ sentry/solid/solidrouter
and add it toSentry.init
import { solidRouterBrowserTracingIntegration, withSentryRouterRouting } from '@ sentry/solid/solidrouter';
import { Router } from '@ solidjs/router';
Sentry.init({
dsn: 'PUBLIC_DSN',
integrations: [solidRouterBrowserTracingIntegration()],
tracesSampleRate: 1.0, // Capture 100% of the transactions
});
const SentryRouter = withSentryRouterRouting(Router);
Sentry.init()
now returns a client directly, so you don't need to explicitly callgetClient()
anymore:deleteSourcemapsAfterUpload
option (#12457)This adds an easy way to delete sourcemaps immediately after uploading them:
maxSpanWaitDuration
(#12610)Adds configuration option for the max. duration in seconds that the SDK will wait for parent spans to be finished before
discarding a span. The SDK will automatically clean up spans that have no finished parent after this duration. This is
necessary to prevent memory leaks in case of parent spans that are never finished or otherwise dropped/missing. However,
if you have very long-running spans in your application, a shorter duration might cause spans to be discarded too early.
In this case, you can increase this duration to a value that fits your expected data.
Other Changes
window.Sentry
(#12580)isRemixV2
as optional in exposed types. (#12614)Work in this release was contributed by @ n4bb12. Thank you for your contribution!
Bundle size 📦
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information: