fix(browser): Ensure wrap() only returns functions
#13838
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
size-limit report 📦
|
chargome
approved these changes
Oct 1, 2024
lforst
changed the title
wrap() only returns functions
alexandresoro
pushed a commit
to alexandresoro/ouca-backend
that referenced
this pull request
Oct 3, 2024
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [@sentry/node](https://github.com/getsentry/sentry-javascript/tree/master/packages/node) ([source](https://github.com/getsentry/sentry-javascript)) | dependencies | minor | [`8.32.0` -> `8.33.1`](https://renovatebot.com/diffs/npm/@sentry%2fnode/8.32.0/8.33.1) | | [@sentry/react](https://github.com/getsentry/sentry-javascript/tree/master/packages/react) ([source](https://github.com/getsentry/sentry-javascript)) | dependencies | minor | [`8.32.0` -> `8.33.1`](https://renovatebot.com/diffs/npm/@sentry%2freact/8.32.0/8.33.1) | --- ### Release Notes <details> <summary>getsentry/sentry-javascript (@​sentry/node)</summary> ### [`v8.33.1`](https://github.com/getsentry/sentry-javascript/releases/tag/8.33.1) [Compare Source](getsentry/sentry-javascript@8.33.0...8.33.1) - fix(core): Update trpc middleware types ([#​13859](getsentry/sentry-javascript#13859)) - fix(fetch): Fix memory leak when handling endless streaming ([#​13809](getsentry/sentry-javascript#13809)) Work in this release was contributed by [@​soapproject](https://github.com/soapproject). Thank you for your contribution! ##### Bundle size 📦 | Path | Size | | ---------------------------------------------------------------- | ----------------- | | [@​sentry/browser](https://github.com/sentry/browser) | 22.64 KB | | [@​sentry/browser](https://github.com/sentry/browser) - with treeshaking flags | 21.42 KB | | [@​sentry/browser](https://github.com/sentry/browser) (incl. Tracing) | 34.87 KB | | [@​sentry/browser](https://github.com/sentry/browser) (incl. Tracing, Replay) | 71.38 KB | | [@​sentry/browser](https://github.com/sentry/browser) (incl. Tracing, Replay) - with treeshaking flags | 61.81 KB | | [@​sentry/browser](https://github.com/sentry/browser) (incl. Tracing, Replay with Canvas) | 75.73 KB | | [@​sentry/browser](https://github.com/sentry/browser) (incl. Tracing, Replay, Feedback) | 88.5 KB | | [@​sentry/browser](https://github.com/sentry/browser) (incl. Tracing, Replay, Feedback, metrics) | 90.38 KB | | [@​sentry/browser](https://github.com/sentry/browser) (incl. metrics) | 26.91 KB | | [@​sentry/browser](https://github.com/sentry/browser) (incl. Feedback) | 39.78 KB | | [@​sentry/browser](https://github.com/sentry/browser) (incl. sendFeedback) | 27.3 KB | | [@​sentry/browser](https://github.com/sentry/browser) (incl. FeedbackAsync) | 32.08 KB | | [@​sentry/react](https://github.com/sentry/react) | 25.39 KB | | [@​sentry/react](https://github.com/sentry/react) (incl. Tracing) | 37.86 KB | | [@​sentry/vue](https://github.com/sentry/vue) | 26.8 KB | | [@​sentry/vue](https://github.com/sentry/vue) (incl. Tracing) | 36.77 KB | | [@​sentry/svelte](https://github.com/sentry/svelte) | 22.77 KB | | CDN Bundle | 23.95 KB | | CDN Bundle (incl. Tracing) | 36.66 KB | | CDN Bundle (incl. Tracing, Replay) | 71.15 KB | | CDN Bundle (incl. Tracing, Replay, Feedback) | 76.45 KB | | CDN Bundle - uncompressed | 70.17 KB | | CDN Bundle (incl. Tracing) - uncompressed | 108.68 KB | | CDN Bundle (incl. Tracing, Replay) - uncompressed | 220.58 KB | | CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed | 233.79 KB | | [@​sentry/nextjs](https://github.com/sentry/nextjs) (client) | 37.82 KB | | [@​sentry/sveltekit](https://github.com/sentry/sveltekit) (client) | 35.45 KB | | [@​sentry/node](https://github.com/sentry/node) | 125.13 KB | | [@​sentry/node](https://github.com/sentry/node) - without tracing | 93.58 KB | | [@​sentry/aws-serverless](https://github.com/sentry/aws-serverless) | 103.28 KB | ### [`v8.33.0`](https://github.com/getsentry/sentry-javascript/blob/HEAD/CHANGELOG.md#8330) [Compare Source](getsentry/sentry-javascript@8.32.0...8.33.0) ##### Important Changes - **feat(nextjs): Support new async APIs (`headers()`, `params`, `searchParams`) ([#​13828](getsentry/sentry-javascript#13828 Adds support for [new dynamic Next.js APIs](vercel/next.js#68812). - **feat(node): Add `lru-memoizer` instrumentation ([#​13796](getsentry/sentry-javascript#13796 Adds integration for lru-memoizer using [@​opentelemetry/instrumentation-lru-memoizer](https://github.com/opentelemetry/instrumentation-lru-memoizer). - **feat(nuxt): Add `unstable_sentryBundlerPluginOptions` to module options ([#​13811](getsentry/sentry-javascript#13811 Allows passing other options from the bundler plugins (vite and rollup) to Nuxt module options. ##### Other Changes - fix(browser): Ensure `wrap()` only returns functions ([#​13838](getsentry/sentry-javascript#13838)) - fix(core): Adapt trpc middleware input attachment ([#​13831](getsentry/sentry-javascript#13831)) - fix(core): Don't return trace data in `getTraceData` and `getTraceMetaTags` if SDK is disabled ([#​13760](getsentry/sentry-javascript#13760)) - fix(nuxt): Don't restrict source map assets upload ([#​13800](getsentry/sentry-javascript#13800)) - fix(nuxt): Use absolute path for client config ([#​13798](getsentry/sentry-javascript#13798)) - fix(replay): Stop global event handling for paused replays ([#​13815](getsentry/sentry-javascript#13815)) - fix(sveltekit): add url param to source map upload options ([#​13812](getsentry/sentry-javascript#13812)) - fix(types): Add jsdocs to cron types ([#​13776](getsentry/sentry-javascript#13776)) - fix(nextjs): Loosen [@​sentry/nextjs](https://github.com/sentry/nextjs) webpack peer dependency ([#​13826](getsentry/sentry-javascript#13826)) Work in this release was contributed by [@​joshuajaco](https://github.com/joshuajaco). Thank you for your contribution! </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4xMDYuNCIsInVwZGF0ZWRJblZlciI6IjM4LjEwNy4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> Reviewed-on: https://git.tristess.app/alexandresoro/ouca/pulls/186 Reviewed-by: Alexandre Soro <[email protected]> Co-authored-by: renovate <[email protected]> Co-committed-by: renovate <[email protected]>
legobeat
pushed a commit
to legobeat/sentry-javascript
that referenced
this pull request
Oct 3, 2024
2 tasks
legobeat
pushed a commit
to legobeat/sentry-javascript
that referenced
this pull request
Oct 3, 2024
|
@legobeat for sure. Thanks for bringing it up. |
lforst
added a commit
that referenced
this pull request
Oct 4, 2024
…ort) (#13864) Co-authored-by: Luca Forstner <[email protected]>
|
@lforst is it possible please for this to also be backported to v6? Or would it be too much work, unnecessary? Just wondering because it would make our lives easier to not have to upgrade, since v6 comes with a bundle and we don't have bundling setup ourselves just yet =) |
|
@henrahmagix good point! We discussed this internally and concluded that we will not backport the change to v6. Part of the decision was that this was technically a weakness, not a vulnerability. We think v6 is too old to justify any change. I encourage you to upgrade. I will also note that we have no strict policy for which versions receive security fixes. Generally the latest major will receive fixes, for versions before that we will decide on a case-per-case basis. |
This was referenced Oct 27, 2024
This was referenced Oct 27, 2024
This was referenced Oct 28, 2024
This was referenced Nov 3, 2024
This was referenced Nov 4, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
__sentry_wrapped__may be overwritten by libraries, causing subsequent code to crash if the new value is not a function.