fix(deps): update dependency @sentry/nextjs to v8.49.0 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@sentry/nextjs (source)	8.48.0 -> 8.49.0

GitHub Vulnerability Alerts

GHSA-r5w7-f542-q2j4

Impact

The ContextLines integration uses readable streams to more efficiently use memory when reading files. The ContextLines integration is used to attach source context to outgoing events.

The stream was not explicitly closed after use. This could lead to excessive amounts of file handles open on the system and potentially lead to a Denial of Service (DoS).

The ContextLines integration is enabled by default in the Node SDK (@sentry/node) and SDKs that run in Node.js environments (@sentry/astro, @sentry/aws-serverless, @sentry/bun, @sentry/google-cloud-serverless, @sentry/nestjs, @sentry/nextjs, @sentry/nuxt, @sentry/remix, @sentry/solidstart, @sentry/sveltekit).

Patches

Users should upgrade to version 8.49.0 or higher.

Workarounds

To remediate this issue in affected versions without upgrading to version 8.49.0 and above you can disable the ContextLines integration. See the docs for more details.

Sentry.init({
  // ...
  integrations: function (integrations) {
    // integrations will be all default integrations
    return integrations.filter(function (integration) {
      return integration.name !== "ContextLines";
    });
  },
});

If you disable the ContextLines integration, you will lose source context on your error events.

References

• Reported issue: https://github.com/getsentry/sentry-javascript/issues/14892
• PR Fix: https://github.com/getsentry/sentry-javascript/pull/14997

---

Release Notes

getsentry/sentry-javascript (@​sentry/nextjs)

v8.49.0

Compare Source

• feat(v8/browser): Flush offline queue on flush and browser online event (#​14969)
• feat(v8/react): Add a handled prop to ErrorBoundary (#​14978)
• fix(profiling/v8): Don't put require, __filename and __dirname on global object (#​14952)
• fix(v8/node): Enforce that ContextLines integration does not leave open file handles (#​14997)
• fix(v8/replay): Disable mousemove sampling in rrweb for iOS browsers (#​14944)
• fix(v8/sveltekit): Ensure source maps deletion is called after source ma… (#​14963)
• fix(v8/vue): Re-throw error when no errorHandler exists (#​14943)

Work in this release was contributed by @​HHK1 and @​mstrokin. Thank you for your contribution!

Bundle size 📦

Path	Size
@​sentry/browser	23.29 KB
@​sentry/browser - with treeshaking flags	21.96 KB
@​sentry/browser (incl. Tracing)	35.85 KB
@​sentry/browser (incl. Tracing, Replay)	73.19 KB
@​sentry/browser (incl. Tracing, Replay) - with treeshaking flags	63.58 KB
@​sentry/browser (incl. Tracing, Replay with Canvas)	77.5 KB
@​sentry/browser (incl. Tracing, Replay, Feedback)	89.44 KB
@​sentry/browser (incl. Feedback)	39.5 KB
@​sentry/browser (incl. sendFeedback)	27.89 KB
@​sentry/browser (incl. FeedbackAsync)	32.69 KB
@​sentry/react	25.97 KB
@​sentry/react (incl. Tracing)	38.67 KB
@​sentry/vue	27.57 KB
@​sentry/vue (incl. Tracing)	37.71 KB
@​sentry/svelte	23.45 KB
CDN Bundle	24.49 KB
CDN Bundle (incl. Tracing)	37.56 KB
CDN Bundle (incl. Tracing, Replay)	72.84 KB
CDN Bundle (incl. Tracing, Replay, Feedback)	78.2 KB
CDN Bundle - uncompressed	71.93 KB
CDN Bundle (incl. Tracing) - uncompressed	111.42 KB
CDN Bundle (incl. Tracing, Replay) - uncompressed	225.68 KB
CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed	238.78 KB
@​sentry/nextjs (client)	38.92 KB
@​sentry/sveltekit (client)	36.36 KB
@​sentry/node	162.82 KB
@​sentry/node - without tracing	98.95 KB
@​sentry/aws-serverless	126.65 KB

---

Configuration

📅 Schedule: Branch creation - "" in timezone Europe/Paris, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[socket-security]

New, updated, and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@meilisearch/[email protected]	network	0	1.06 MB	meili-bot
npm/@next/[email protected]	None	0	3.38 kB	vercel-release-bot
npm/@sentry/[email protected]	environment, filesystem, network Transitive: shell, unsafe	+116	137 MB	sentry-bot
npm/@socialgouv/[email protected]	Transitive: environment, eval, filesystem, network, unsafe	+90	16 MB	socialgroovybot
npm/@storybook/[email protected]	Transitive: filesystem, unsafe	+18	3.47 MB	storybook-bot
npm/@storybook/[email protected]	Transitive: environment, eval	+32	7.17 MB	storybook-bot
npm/@storybook/[email protected]	None	+2	73.2 kB	storybook-bot
npm/@storybook/[email protected]	environment, eval	+2	1.9 MB	storybook-bot
npm/@storybook/[email protected]	environment Transitive: eval, filesystem, network, shell, unsafe	+216	28.5 MB	storybook-bot
npm/@storybook/[email protected]	environment Transitive: eval	+37	7.98 MB	storybook-bot
npm/@testing-library/[email protected]	Transitive: environment	+11	3.33 MB	testing-library-bot
npm/@testing-library/[email protected]	None	+8	768 kB	testing-library-bot
npm/@testing-library/[email protected]	environment	+11	3.61 MB	testing-library-bot
npm/@testing-library/[email protected]	Transitive: environment	+11	3.72 MB	testing-library-bot
npm/@types/[email protected]	None	0	1.74 kB	types
npm/@types/[email protected]	None	+1	2.8 MB	types
npm/@types/[email protected]	None	+4	702 kB	types
npm/@types/[email protected]	None	+1	871 kB	types
npm/@types/[email protected]	None	+2	92.5 kB	types
npm/@types/[email protected] 🔁 npm/@types/[email protected]	None	0	2.29 MB	types
npm/@types/[email protected]	None	0	13.6 kB	types
npm/@types/[email protected]	None	0	37.9 kB	types
npm/@types/[email protected]	None	0	7.82 kB	types
npm/@typescript-eslint/[email protected]	Transitive: environment, filesystem	+23	8.11 MB	bradzacher, jameshenry
npm/[email protected]	None	+2	1.29 MB	hazork
npm/[email protected]	network Transitive: filesystem	+5	2.24 MB	jasonsaayman
npm/[email protected]	None	0	23.6 kB	jedwatson
npm/[email protected]	Transitive: environment, eval, filesystem, network, shell, unsafe	+57	11.5 MB	cypress-npm-publisher
npm/[email protected]	None	+1	314 kB	cure53
npm/[email protected]	unsafe Transitive: environment, eval, filesystem, network, shell	+84	13.6 MB	timer, timneutkens, vercel-release-bot
npm/[email protected]	None	0	85.8 kB	cypress-npm-publisher
npm/[email protected]	Transitive: environment, eval, filesystem	+42	4.42 MB	ljharb, yannickcr
npm/[email protected]	filesystem Transitive: environment	+13	1.95 MB	rafaelrozon, yannbf
npm/[email protected]	filesystem Transitive: environment	+12	2.03 MB	testing-library-bot
npm/[email protected]	environment, filesystem Transitive: eval, shell, unsafe	+44	9.14 MB	eslintbot
npm/[email protected]	None	0	174 kB	amitgupta
npm/[email protected]	environment, filesystem Transitive: eval, shell	+20	8.97 MB	ext

🚮 Removed packages: npm/@docusaurus/[email protected], npm/@docusaurus/[email protected], npm/@docusaurus/[email protected], npm/@docusaurus/[email protected], npm/@tsconfig/[email protected], npm/[email protected]

View full report↗︎