[Snyk] Upgrade @sentry/react from 7.16.0 to 8.29.0 #904

q1blue · 2024-09-30T20:49:46Z

Snyk has created this PR to upgrade @sentry/react from 7.16.0 to 8.29.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

The recommended version is 204 versions ahead of your current version.
The recommended version was released on 22 days ago.

Release notes

Package name: @sentry/react

8.29.0 - 2024-09-09
Important Changes
- Beta releases of official Solid and SolidStart Sentry SDKs
This release marks the beta releases of the @ sentry/solid and @ sentry/solidstart Sentry SDKs. For details on how to
use them, check out the
Sentry Solid SDK README and the
Sentry SolidStart SDK README
respectively. Please reach out on GitHub if you have
any feedback or concerns.
- feat(node): Option to only wrap instrumented modules (#13139)
Adds the SDK option to only wrap ES modules with import-in-the-middle that specifically need to be instrumented.

import * as Sentry from '@ sentry/node';

Sentry.init({
dsn: 'PUBLIC_DSN',
registerEsmLoaderHooks: { onlyIncludeInstrumentedModules: true },
});
- feat(node): Update OpenTelemetry packages to instrumentation v0.53.0 (#13587)
All internal OpenTelemetry instrumentation was updated to their latest version. This adds support for Mongoose v7 and v8
and fixes various bugs related to ESM mode.

Other Changes
- feat(nextjs): Emit warning when using turbopack (#13566)
- feat(nextjs): Future-proof Next.js config options overriding (#13586)
- feat(node): Add generic-pool integration (#13465)
- feat(nuxt): Upload sourcemaps generated by Nitro (#13382)
- feat(solidstart): Add browserTracingIntegration by default (#13561)
- feat(solidstart): Add sentrySolidStartVite plugin to simplify source maps upload (#13493)
- feat(vue): Only start UI spans if parent is available (#13568)
- fix(cloudflare): Guard context.waitUntil call in request handler (#13549)
- fix(gatsby): Fix assets path for sourcemaps upload (#13592)
- fix(nextjs): Use posix paths for sourcemap uploads (#13603)
- fix(node-fetch): Use stringified origin url (#13581)
- fix(node): Replace dashes in generic-pool span origins with underscores (#13579)
- fix(replay): Fix types in WebVitalData (#13573)
- fix(replay): Improve replay web vital types (#13602)
- fix(utils): Keep logger on carrier (#13570)
Work in this release was contributed by @ Zen-cronic. Thank you for your contribution!
8.28.0 - 2024-09-03
Important Changes
- Beta release of official NestJS SDK
This release contains the beta version of @ sentry/nestjs! For details on how to use it, check out the
README. Any feedback/bug reports
are greatly appreciated, please reach out on GitHub.
- fix(browser): Remove faulty LCP, FCP and FP normalization logic (#13502)
This release fixes a bug in the @ sentry/browser package and all SDKs depending on this package (e.g. @ sentry/react
or @ sentry/nextjs) that caused the SDK to send incorrect web vital values for the LCP, FCP and FP vitals. The SDK
previously incorrectly processed the original values as they were reported from the browser. When updating your SDK to
this version, you might experience an increase in LCP, FCP and FP values, which potentially leads to a decrease in your
performance score in the Web Vitals Insights module in Sentry. This is because the previously reported values were
smaller than the actually measured values. We apologize for the inconvenience!

Other Changes
- feat(nestjs): Add SentryGlobalGraphQLFilter (#13545)
- feat(nestjs): Automatic instrumentation of nestjs interceptors after route execution (#13264)
- feat(nextjs): Add bundleSizeOptimizations to build options (#13323)
- feat(nextjs): Stabilize captureRequestError (#13550)
- feat(nuxt): Wrap config in nuxt context (#13457)
- feat(profiling): Expose profiler as top level primitive (#13512)
- feat(replay): Add layout shift to CLS replay data (#13386)
- feat(replay): Upgrade rrweb packages to 2.26.0 (#13483)
- fix(cdn): Do not mangle _metadata (#13426)
- fix(cdn): Fix SDK source for CDN bundles (#13475)
- fix(nestjs): Check arguments before instrumenting with @ Injectable (#13544)
- fix(nestjs): Ensure exception and host are correctly passed on when using @ WithSentry (#13564)
- fix(node): Suppress tracing for transport request execution rather than transport creation (#13491)
- fix(replay): Consider more things as DOM mutations for dead clicks (#13518)
- fix(vue): Correctly obtain component name (#13484)
Work in this release was contributed by @ leopoldkristjansson, @ mhuggins and @ filips123. Thank you for your
contributions!
8.27.0 - 2024-08-27
Important Changes
- fix(nestjs): Exception filters in main app module are not being executed (#13278)
  
  With this release nestjs error monitoring is no longer automatically set up after adding the SentryModule to your
  application, which led to issues in certain scenarios. You will now have to either add the SentryGlobalFilter to
  your main module providers or decorate the catch() method in your existing global exception filters with the newly
  released @ WithSentry() decorator. See the docs for
  more details.
Other Changes
- feat: Add options for passing nonces to feedback integration (#13347)
- feat: Add support for SENTRY_SPOTLIGHT env var in Node (#13325)
- feat(deps): bump @ prisma/instrumentation from 5.17.0 to 5.18.0 (#13327)
- feat(feedback): Improve error message for 403 errors (#13441)
- fix(deno): Don't rely on Deno.permissions.querySync (#13378)
- fix(replay): Ensure we publish replay CDN bundles (#13437)
Work in this release was contributed by @ charpeni. Thank you for your contribution!
8.26.0 - 2024-08-14
Important Changes
- feat(node): Add fsInstrumentation (#13291)
  
  This release adds fsIntegration, an integration that instruments the fs API to the Sentry Node SDK. The
  integration creates spans with naming patterns of fs.readFile, fs.unlink, and so on.
  
  This integration is not enabled by default and needs to be registered in your Sentry.init call. You can configure
  via options whether to include path arguments or error messages as span attributes when an fs call fails:
```
Sentry.init({
  integrations: [
    Sentry.fsIntegration({
      recordFilePaths: true,
      recordErrorMessagesAsSpanAttributes: true,
    }),
  ],
});
```
  WARNING: This integration may add significant overhead to your application. Especially in scenarios with a lot of
  file I/O, like for example when running a framework dev server, including this integration can massively slow down
  your application.
Other Changes
- feat(browser): Add spotlightBrowser integration (#13263)
- feat(browser): Allow sentry in safari extension background page (#13209)
- feat(browser): Send CLS as standalone span (experimental) (#13056)
- feat(core): Add OpenTelemetry-specific getTraceData implementation (#13281)
- feat(nextjs): Always add browserTracingIntegration (#13324)
- feat(nextjs): Always transmit trace data to the client (#13337)
- feat(nextjs): export SentryBuildOptions (#13296)
- feat(nextjs): Update experimental_captureRequestError to reflect RequestInfo.path change in Next.js canary
  (#13344)
- feat(nuxt): Always add tracing meta tags (#13273)
- feat(nuxt): Set transaction name for server error (#13292)
- feat(replay): Add a replay-specific logger (#13256)
- feat(sveltekit): Add bundle size optimizations to plugin options (#13318)
- feat(sveltekit): Always add browserTracingIntegration (#13322)
- feat(tracing): Make long animation frames opt-out (#13255)
- fix(astro): Correctly extract request data (#13315)
- fix(astro): Only track access request headers in dynamic page requests (#13306)
- fix(nuxt): Add import line for disabled autoImport (#13342)
- fix(nuxt): Add vue to excludeEsmLoaderHooks array (#13346)
- fix(opentelemetry): Do not overwrite http span name if kind is internal (#13282)
- fix(remix): Ensure origin is correctly set for remix server spans (#13305)
Work in this release was contributed by @ MonstraG, @ undead-voron and @ Zen-cronic. Thank you for your contributions!
8.25.0 - 2024-08-09
Important Changes
- Alpha release of Official Solid Start SDK
This release contains the alpha version of @ sentry/solidstart, our SDK for Solid Start!
For details on how to use it, please see the README. Any feedback/bug reports are
greatly appreciated, please reach out on GitHub.

Other Changes
- feat(astro): Add bundleSizeOptimizations vite options to integration (#13250)
- feat(astro): Always add BrowserTracing (#13244)
- feat(core): Add getTraceMetaTags function (#13201)
- feat(nestjs): Automatic instrumentation of nestjs exception filters (#13230)
- feat(node): Add useOperationNameForRootSpan tographqlIntegration (#13248)
- feat(sveltekit): Add wrapServerRouteWithSentry wrapper (#13247)
- fix(aws-serverless): Extract sentry trace data from handler context over event (#13266)
- fix(browser): Initialize default integration if defaultIntegrations: undefined (#13261)
- fix(utils): Streamline IP capturing on incoming requests (#13272)
8.24.0 - 2024-08-06
8.23.0 - 2024-08-05
8.22.0 - 2024-08-01
8.21.0 - 2024-07-31
8.20.0 - 2024-07-24
8.19.0 - 2024-07-19
8.18.0 - 2024-07-16
8.17.0 - 2024-07-10
8.16.0 - 2024-07-09
8.15.0 - 2024-07-05
8.14.0 - 2024-07-04
8.13.0 - 2024-06-27
8.12.0 - 2024-06-25
8.12.0-beta.0 - 2024-06-24
8.11.0 - 2024-06-21
8.10.0 - 2024-06-19
8.9.2 - 2024-06-12
8.9.1 - 2024-06-11
8.9.0 - 2024-06-11
8.8.0 - 2024-06-07
8.7.0 - 2024-05-29
8.6.0 - 2024-05-29
8.5.0 - 2024-05-27
8.4.0 - 2024-05-23
8.3.0 - 2024-05-22
8.2.1 - 2024-05-16
8.2.0 - 2024-05-16
8.1.0 - 2024-05-16
8.0.0 - 2024-05-13
8.0.0-rc.3 - 2024-05-10
8.0.0-rc.2 - 2024-05-08
8.0.0-rc.1 - 2024-05-07
8.0.0-rc.0 - 2024-05-06
8.0.0-beta.6 - 2024-05-03
8.0.0-beta.5 - 2024-04-30
8.0.0-beta.4 - 2024-04-24
8.0.0-beta.3 - 2024-04-19
8.0.0-beta.2 - 2024-04-17
8.0.0-beta.1 - 2024-04-15
8.0.0-alpha.9 - 2024-04-08
8.0.0-alpha.8 - 2024-04-08
8.0.0-alpha.7 - 2024-03-27
8.0.0-alpha.5 - 2024-03-22
8.0.0-alpha.4 - 2024-03-14
8.0.0-alpha.3 - 2024-03-14
8.0.0-alpha.2 - 2024-03-05

7.119.0 - 2024-08-14

backport(tracing): Report dropped spans for transactions (#13343)

Bundle size 📦

Path	Size
@ sentry/browser (incl. Tracing, Replay, Feedback) - Webpack (gzipped)	80.96 KB
@ sentry/browser (incl. Tracing, Replay) - Webpack (gzipped)	71.89 KB
@ sentry/browser (incl. Tracing, Replay with Canvas) - Webpack (gzipped)	76.14 KB
@ sentry/browser (incl. Tracing, Replay) - Webpack with treeshaking flags (gzipped)	65.52 KB
@ sentry/browser (incl. Tracing) - Webpack (gzipped)	35.77 KB
@ sentry/browser (incl. browserTracingIntegration) - Webpack (gzipped)	35.66 KB
@ sentry/browser (incl. Feedback) - Webpack (gzipped)	31.71 KB
@ sentry/browser (incl. sendFeedback) - Webpack (gzipped)	31.72 KB
@ sentry/browser - Webpack (gzipped)	22.91 KB
@ sentry/browser (incl. Tracing, Replay, Feedback) - ES6 CDN Bundle (gzipped)	79.17 KB
@ sentry/browser (incl. Tracing, Replay) - ES6 CDN Bundle (gzipped)	70.49 KB
@ sentry/browser (incl. Tracing) - ES6 CDN Bundle (gzipped)	36.17 KB
@ sentry/browser - ES6 CDN Bundle (gzipped)	25.41 KB
@ sentry/browser (incl. Tracing, Replay) - ES6 CDN Bundle (minified & uncompressed)	221.92 KB
@ sentry/browser (incl. Tracing) - ES6 CDN Bundle (minified & uncompressed)	109.52 KB
@ sentry/browser - ES6 CDN Bundle (minified & uncompressed)	76.24 KB
@ sentry/browser (incl. Tracing) - ES5 CDN Bundle (gzipped)	39.45 KB
@ sentry/react (incl. Tracing, Replay) - Webpack (gzipped)	72.4 KB
@ sentry/react - Webpack (gzipped)	22.94 KB
@ sentry/nextjs Client (incl. Tracing, Replay) - Webpack (gzipped)	90.16 KB
@ sentry/nextjs Client - Webpack (gzipped)	54.27 KB
@ sentry-internal/feedback - Webpack (gzipped)	17.34 KB

7.118.0 - 2024-06-21
7.117.0 - 2024-06-10
7.116.0 - 2024-05-17
7.115.0 - 2024-05-16
7.114.0 - 2024-05-08
7.113.0 - 2024-05-02
7.112.2 - 2024-04-24
7.112.1 - 2024-04-23
7.112.0 - 2024-04-23
7.111.0 - 2024-04-18
7.110.1 - 2024-04-15
7.110.0 - 2024-04-11
7.109.0 - 2024-03-28
7.108.0 - 2024-03-22
7.107.0 - 2024-03-14
7.106.1 - 2024-03-11
7.106.0 - 2024-03-08
7.105.0 - 2024-03-04
7.104.0 - 2024-02-29
7.103.0 - 2024-02-27
7.102.1 - 2024-02-22
7.102.0 - 2024-02-20
7.101.1 - 2024-02-15
7.101.0 - 2024-02-13
7.100.1 - 2024-02-07
7.100.0 - 2024-02-06
7.99.0 - 2024-01-30
7.98.0 - 2024-01-25
7.97.0 - 2024-01-25
7.95.0 - 2024-01-23
7.94.1 - 2024-01-19
7.93.0 - 2024-01-10
7.92.0 - 2024-01-04
7.91.0 - 2023-12-22
7.90.0 - 2023-12-20
7.89.0 - 2023-12-19
7.88.0 - 2023-12-14
7.87.0 - 2023-12-13
7.86.0 - 2023-12-07
7.85.0 - 2023-12-04
7.84.0 - 2023-11-30
7.83.0 - 2023-11-28
7.82.0 - 2023-11-27
7.81.1 - 2023-11-21
7.81.0 - 2023-11-20
7.80.2-alpha.1 - 2023-11-15
7.80.2-alpha.0 - 2023-11-14
7.80.1 - 2023-11-14
7.80.0 - 2023-11-09
7.79.0 - 2023-11-08
7.78.0 - 2023-11-08
7.77.0 - 2023-10-31
7.76.0 - 2023-10-27
7.75.1 - 2023-10-25
7.75.0 - 2023-10-24
7.74.2-alpha.1 - 2023-10-23
7.74.2-alpha.0 - 2023-10-19
7.74.1 - 2023-10-17
7.74.0 - 2023-10-13
7.73.0 - 2023-10-02
7.72.0 - 2023-09-26
7.71.0 - 2023-09-25
7.70.0 - 2023-09-20
7.70.0-beta.1 - 2023-09-15
7.70.0-beta.0 - 2023-09-14
7.69.0 - 2023-09-13
7.68.0 - 2023-09-06
7.67.0 - 2023-09-05
7.67.0-beta.0 - 2023-08-31
7.66.0 - 2023-08-30
7.66.0-alpha.0 - 2023-08-29
7.65.0 - 2023-08-28
7.65.0-alpha.0 - 2023-08-16
7.64.0 - 2023-08-14
7.64.0-alpha.0 - 2023-08-11
7.63.0 - 2023-08-10
7.62.0 - 2023-08-09
7.61.1 - 2023-08-04
7.61.0 - 2023-07-31
7.60.1 - 2023-07-26
7.60.0 - 2023-07-21
7.59.3 - 2023-07-19
7.59.2 - 2023-07-18
7.59.1 - 2023-07-18
7.59.0-beta.1 - 2023-07-17
7.59.0-beta.0 - 2023-07-13
7.58.1 - 2023-07-13
7.58.0 - 2023-07-12
7.57.0 - 2023-06-28
7.57.0-beta.0 - 2023-06-21
7.56.0 - 2023-06-19
7.55.2 - 2023-06-14
7.55.1 - 2023-06-14
7.55.0 - 2023-06-13
7.54.0 - 2023-06-01
7.53.1 - 2023-05-24
7.53.0 - 2023-05-23
7.52.1 - 2023-05-15
7.52.0 - 2023-05-15
7.51.2 - 2023-05-08
7.51.1 - 2023-05-08
7.51.0 - 2023-05-04
7.50.0 - 2023-04-27
7.49.0 - 2023-04-20
7.48.0 - 2023-04-14
7.47.0 - 2023-04-05
7.46.0 - 2023-03-30
7.45.0 - 2023-03-24
7.44.2 - 2023-03-21
7.44.1 - 2023-03-20
7.44.0 - 2023-03-20
7.43.0 - 2023-03-13
7.42.0 - 2023-03-09
7.41.0 - 2023-03-06
7.40.0 - 2023-03-01
7.39.0 - 2023-02-27
7.38.0 - 2023-02-17
7.37.2 - 2023-02-13
7.37.1 - 2023-02-10
7.37.0 - 2023-02-09
7.36.0 - 2023-02-02
7.35.0 - 2023-02-01
7.34.0 - 2023-01-26
7.34.0-beta.0 - 2023-01-25
7.33.0 - 2023-01-24
7.32.1 - 2023-01-23
7.32.0 - 2023-01-23
7.31.1 - 2023-01-17
7.31.0 - 2023-01-16
7.30.0 - 2023-01-10
7.29.0 - 2023-01-04
7.28.1 - 2022-12-22
7.28.0 - 2022-12-20
7.27.0 - 2022-12-16
7.26.0 - 2022-12-13
7.25.0 - 2022-12-12
7.24.2 - 2022-12-07
7.24.1 - 2022-12-07
7.24.0 - 2022-12-07
7.23.0 - 2022-12-01
7.22.0 - 2022-11-29
7.21.1 - 2022-11-23
7.21.0 - 2022-11-22
7.20.1 - 2022-11-21
7.20.0 - 2022-11-17
7.19.0 - 2022-11-10
7.18.0 - 2022-11-08
7.17.4 - 2022-11-03
7.17.3 - 2022-10-31
7.17.2 - 2022-10-28
7.17.1 - 2022-10-27
7.17.0 - 2022-10-27
7.16.0 - 2022-10-19

from @sentry/react GitHub release notes

Important

Warning: This PR contains a major version upgrade, and may be a breaking change.
Check the changes in this PR to ensure they won't cause issues with your project.
This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

📜 Customise PR templates

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade @sentry/react from 7.16.0 to 8.29.0. See this package in npm: @sentry/react See this project in Snyk: https://app.snyk.io/org/q1blue-rxw/project/5b430cad-b455-40c7-a7ff-af5a8804e8ca?utm_source=github&utm_medium=referral&page=upgrade-pr

changeset-bot · 2024-09-30T20:49:51Z

⚠️ No Changeset found

Latest commit: 08358aa

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

socket-security · 2024-09-30T20:51:01Z

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@djagger/[email protected]	None	`+1`	59.7 kB	djagger
npm/@docusaurus/[email protected]	Transitive: environment, eval, filesystem, network, shell, unsafe	`+324`	32.8 MB	slorber
npm/@docusaurus/[email protected]	Transitive: filesystem, shell	`+16`	2.23 MB	slorber
npm/@docusaurus/[email protected]	filesystem Transitive: environment, eval, shell, unsafe	`+215`	20.9 MB	slorber
npm/@docusaurus/[email protected]	environment Transitive: eval, filesystem, shell, unsafe	`+213`	20.5 MB	slorber
npm/@docusaurus/[email protected]	environment Transitive: eval, filesystem, network, shell, unsafe	`+270`	25.6 MB	slorber
npm/@docusaurus/[email protected]	filesystem Transitive: environment, eval, network, shell, unsafe	`+287`	27.2 MB	slorber
npm/@emotion/[email protected]	environment Transitive: filesystem, unsafe	`+68`	13.7 MB	emotion-release-bot
npm/@emotion/[email protected]	environment	`+8`	197 kB	emotion-release-bot
npm/@emotion/[email protected]	environment Transitive: filesystem, unsafe	`+65`	13.2 MB	emotion-release-bot
npm/@geo-maps/[email protected]	None	`0`	1.06 MB	simonepri
npm/@makotot/[email protected]	environment	`0`	151 kB	makotot
npm/@mdx-js/[email protected]	None	`0`	15.5 kB	johno
npm/@mui/[email protected]	None	`+5`	20 MB	hbjorbj
npm/@mui/[email protected]	environment	`+20`	9.92 MB	michaldudak
npm/@mui/[email protected]	environment	`+22`	18.1 MB	michaldudak
npm/@mui/[email protected]	environment	`+16`	9.71 MB	alexandrefauquette
npm/@primer/[email protected]	None	`0`	1.22 MB	primer-css
npm/@sentry/[email protected]	Transitive: network	`+9`	10.4 MB	sentry-bot
npm/@sentry/[email protected]	None	`+4`	2.83 MB	sentry-bot
npm/@stackql/[email protected]	environment	`0`	3.73 kB	jeffreyaven
npm/@tidb-community/[email protected]	None	`+1`	148 kB	hustkiwi
npm/@tsconfig/[email protected]	None	`0`	2.69 kB	typescript-deploys
npm/@types/[email protected]	None	`0`	39.7 kB	types
npm/@types/[email protected]	None	`0`	8.75 kB	types
npm/@types/[email protected]	None	`0`	6.23 kB	types
npm/@types/[email protected]	None	`0`	113 kB	types
npm/@types/[email protected]	None	`+4`	1.38 MB	types
npm/@types/[email protected]	None	`0`	17.1 kB	types
npm/@typescript-eslint/[email protected]	Transitive: environment, filesystem	`+28`	5.13 MB	jameshenry
npm/[email protected]	None	`0`	49.1 MB	nightwing
npm/[email protected]	None	`+6`	2.95 MB	taoweng
npm/[email protected]	None	`0`	279 kB	eltonmesquita
npm/[email protected]	environment, network	`+1`	427 kB	jasonsaayman
npm/[email protected]	filesystem	`0`	27.2 kB	umidbekk
npm/[email protected]	None	`0`	21.1 MB	chartjs-ci
npm/[email protected]	None	`0`	92.4 kB	chartjs-ci
npm/[email protected]	None	`0`	5.67 kB	lukeed
npm/[email protected]	None	`0`	11.3 kB	thekelvinliu
npm/[email protected]	None	`0`	136 kB	mbostock
npm/[email protected]	None	`0`	6.87 MB	leshakoss
npm/[email protected]	None	`0`	30.1 kB	tehshrike
npm/[email protected]	None	`+1`	87.6 kB	atool
npm/[email protected]	Transitive: eval	`+1`	17.9 MB	lang
npm/[email protected]	environment, eval, network	`+1`	41.6 MB	100pah
npm/[email protected]	Transitive: environment, filesystem	`+20`	1.77 MB	mightyiam
npm/[email protected]	filesystem, unsafe Transitive: environment, eval	`+33`	3.21 MB	ljharb
npm/[email protected]	filesystem	`+10`	1.35 MB	weiran.zsd
npm/[email protected]	None	`0`	67.1 kB	eslint-community-bot
npm/[email protected]	filesystem Transitive: environment, eval	`+30`	3.09 MB	ljharb
npm/[email protected]	filesystem Transitive: environment, eval, shell, unsafe	`+52`	8.84 MB	eslintbot
npm/[email protected]	None	`0`	14.4 kB	julien-f
npm/[email protected]	None	`0`	20 kB	ianstormtaylor
npm/[email protected]	None	`0`	3.87 MB	icambron

View full report↗︎

socket-security · 2024-09-30T20:51:03Z

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source	CI
Critical CVE	npm/@babel/[email protected]	CVE: GHSA-67hx-6x53-jw92 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code (CRITICAL) Affected versions: < 7.23.2 Patched version: 7.23.2	`web/package-lock.json` `web/package.json`	⚠︎

View full report↗︎

Next steps

What is a critical CVE?

Contains a Critical Common Vulnerability and Exposure (CVE).

Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

@SocketSecurity ignore npm/@babel/[email protected]

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade @sentry/react from 7.16.0 to 8.29.0 #904

[Snyk] Upgrade @sentry/react from 7.16.0 to 8.29.0 #904

q1blue commented Sep 30, 2024

Important Changes

Other Changes

Important Changes

Other Changes

Important Changes

Other Changes

Important Changes

Other Changes

Important Changes

Other Changes

Bundle size 📦

changeset-bot bot commented Sep 30, 2024

socket-security bot commented Sep 30, 2024

socket-security bot commented Sep 30, 2024

[Snyk] Upgrade @sentry/react from 7.16.0 to 8.29.0 #904

Are you sure you want to change the base?

[Snyk] Upgrade @sentry/react from 7.16.0 to 8.29.0 #904

Conversation

q1blue commented Sep 30, 2024

Snyk has created this PR to upgrade @sentry/react from 7.16.0 to 8.29.0.

Important Changes

Other Changes

Important Changes

Other Changes

Important Changes

Other Changes

Important Changes

Other Changes

Important Changes

Other Changes

Bundle size 📦

changeset-bot bot commented Sep 30, 2024

⚠️ No Changeset found

socket-security bot commented Sep 30, 2024

socket-security bot commented Sep 30, 2024

Next steps