[Snyk] Upgrade @sentry/react from 7.16.0 to 8.45.0 #1072
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade @sentry/react from 7.16.0 to 8.45.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 238 versions ahead of your current version.
The recommended version was released 21 days ago.
Release notes
Package name: @sentry/react
handled
option tocaptureConsoleIntegration
(#14664)HttpClient
events (#14515)captureMessage
withattachStacktrace: true
as synthetic (#14668)captureMessage
withattatchStackTrace: true
as synthetic (#14670)level
in server runtimecaptureException
(#10587)Work in this release was contributed by @ anonrig and @ Zih0. Thank you for your contributions!
Bundle size 📦
Deprecations
feat: Deprecate
autoSessionTracking
(#14640)Deprecates
autoSessionTracking
.To enable session tracking, it is recommended to unset
autoSessionTracking
and ensure that either, in browser environmentsthe
browserSessionIntegration
is added, or in server environments thehttpIntegration
is added.To disable session tracking, it is recommended to unset
autoSessionTracking
and to remove thebrowserSessionIntegration
inbrowser environments, or in server environments configure the
httpIntegration
with thetrackIncomingRequestsAsSessions
option set tofalse
.Other Changes
response
context for http.server spans (#14634)Work in this release was contributed by @ robinvw1. Thank you for your contribution!
Bundle size 📦
Important Changes
feat(nuxt): Add option autoInjectServerSentry (no default import()) (#14553)
Using the dynamic
import()
as the default behavior for initializing the SDK on the server-side did not work for every project.The default behavior of the SDK has been changed, and you now need to use the
--import
flag to initialize Sentry on the server-side to leverage full functionality.Example with
--import
:In case you are not able to use the
--import
flag, you can enable auto-injecting Sentry in thenuxt.config.ts
(comes with limitations):feat(browser): Adds LaunchDarkly and OpenFeature integrations (#14207)
Adds browser SDK integrations for tracking feature flag evaluations through the LaunchDarkly JS SDK and OpenFeature Web SDK:
Sentry.init({
integrations: [
// Track LaunchDarkly feature flags
Sentry.launchDarklyIntegration(),
// Track OpenFeature feature flags
Sentry.openFeatureIntegration(),
],
});
feat(browser): Add
featureFlagsIntegration
for custom tracking of flag evaluations (#14582)Adds a browser integration to manually track feature flags with an API. Feature flags are attached to subsequent error events:
const featureFlagsIntegrationInstance = Sentry.featureFlagsIntegration();
Sentry.init({
// Initialize the SDK with the feature flag integration
integrations: [featureFlagsIntegrationInstance],
});
// Manually track a feature flag
featureFlagsIntegrationInstance.addFeatureFlag('my-feature', true);
feat(astro): Add Astro 5 support (#14613)
With this release, the Sentry Astro SDK officially supports Astro 5.
Deprecations
feat(nextjs): Deprecate typedef for
hideSourceMaps
(#14594)The functionality of
hideSourceMaps
was removed in version 8 but was forgotten to be deprecated and removed.It will be completely removed in the next major version.
feat(core): Deprecate APIs around
RequestSession
s (#14566)The APIs around
RequestSession
s are mostly used internally.Going forward the SDK will not expose concepts around
RequestSession
s.Instead, functionality around server-side Release Health will be managed in integrations.
Other Changes
browserSessionIntegration
(#14551)raw_security
envelope types (#14562)disableAnrDetectionForCallback
function (#14359)trackIncomingRequestsAsSessions
option to http integration (#14567)autoInjectServerSentry
(no defaultimport()
) (#14553)^1.29.0
(#14590)1.28.0
(#14547)filename
andmodule
stack frame properties in Node stack parser (#14544)maxSpanWaitDuration
values (#14632)parseSearch
option in TanStack Router instrumentation (#14328)Work in this release was contributed by @ lsmurray. Thank you for your contribution!
Bundle size 📦
Important Changes
feat(react): React Router v7 support (library) (#14513)
This release adds support for React Router v7 (library mode).
Check out the docs on how to set up the integration: Sentry React Router v7 Integration Docs
Deprecations
feat: Warn about source-map generation (#14533)
In the next major version of the SDK we will change how source maps are generated when the SDK is added to an application.
Currently, the implementation varies a lot between different SDKs and can be difficult to understand.
Moving forward, our goal is to turn on source maps for every framework, unless we detect that they are explicitly turned off.
Additionally, if we end up enabling source maps, we will emit a log message that we did so.
With this particular release, we are emitting warnings that source map generation will change in the future and we print instructions on how to prepare for the next major.
feat(nuxt): Deprecate
tracingOptions
in favor ofvueIntegration
(#14530)Currently it is possible to configure tracing options in two places in the Sentry Nuxt SDK:
Sentry.init()
tracingOptions
inSentry.init()
For tree-shaking purposes and alignment with the Vue SDK, it is now recommended to instead use the newly exported
vueIntegration()
and itstracingOptions
option to configure tracing options in the Nuxt SDK:import * as Sentry from '@ sentry/nuxt';
Sentry.init({
// ...
integrations: [
Sentry.vueIntegration({
tracingOptions: {
trackComponents: true,
},
}),
],
});
Other Changes
web-vitals
to v4.2.4 (#14439)vueIntegration
(#14526)Bundle size 📦
Important Changes
meta(nuxt): Require minimum Nuxt v3.7.0 (#14473)
We formalized that the Nuxt SDK is at minimum compatible with Nuxt version 3.7.0 and above.
Additionally, the SDK requires the implicit
nitropack
dependency to satisfy version^2.10.0
andofetch
to satisfy^1.4.0
.It is recommended to check your lock-files and manually upgrade these dependencies if they don't match the version ranges.
Deprecations
We are deprecating a few APIs which will be removed in the next major.
The following deprecations will potentially affect you:
feat(core): Update & deprecate
undefined
option handling (#14450)In the next major version we will change how passing
undefined
totracesSampleRate
/tracesSampler
/enableTracing
will behave.Currently, doing the following:
Will result in tracing being enabled (although no spans will be generated) because the
tracesSampleRate
key is present in the options object.In the next major version, this behavior will be changed so that passing
undefined
(or rather having atracesSampleRate
key) will result in tracing being disabled, the same as not passing the option at all.If you are currently relying on
undefined
being passed, and and thus have tracing enabled, it is recommended to update your config to set e.g.tracesSampleRate: 0
instead, which will also enable tracing in v9.The same applies to
tracesSampler
andenableTracing
.feat(core): Log warnings when returning
null
inbeforeSendSpan
(#14433)Currently, the
beforeSendSpan
option inSentry.init()
allows you to drop individual spans from a trace by returningnull
from the hook.Since this API lends itself to creating "gaps" inside traces, we decided to change how this API will work in the next major version.
With the next major version the
beforeSendSpan
API can only be used to mutate spans, but no longer to drop them.With this release the SDK will warn you if you are using this API to drop spans.
Instead, it is recommended to configure instrumentation (i.e. integrations) directly to control what spans are created.
Additionally, with the next major version, root spans will also be passed to
beforeSendSpan
.feat(utils): Deprecate
@ sentry/utils
(#14431)With the next major version the
@ sentry/utils
package will be merged into the@ sentry/core
package.It is therefore no longer recommended to use the
@ sentry/utils
package.feat(vue): Deprecate configuring Vue tracing options anywhere else other than through the
vueIntegration
'stracingOptions
option (#14385)Currently it is possible to configure tracing options in various places in the Sentry Vue SDK:
Sentry.init()
tracingOptions
inSentry.init()
vueIntegration()
optionstracingOptions
in thevueIntegration()
optionsBecause this is a bit messy and confusing to document, the only recommended way to configure tracing options going forward is through the
tracingOptions
in thevueIntegration()
.The other means of configuration will be removed in the next major version of the SDK.
feat: Deprecate
registerEsmLoaderHooks.include
andregisterEsmLoaderHooks.exclude
(#14486)Currently it is possible to define
registerEsmLoaderHooks.include
andregisterEsmLoaderHooks.exclude
options inSentry.init()
to only apply ESM loader hooks to a subset of modules.This API served as an escape hatch in case certain modules are incompatible with ESM loader hooks.
Since this API was introduced, a way was found to only wrap modules that there exists instrumentation for (meaning a vetted list).
To only wrap modules that have instrumentation, it is recommended to instead set
registerEsmLoaderHooks.onlyIncludeInstrumentedModules
totrue
.Note that
onlyIncludeInstrumentedModules: true
will become the default behavior in the next major version and theregisterEsmLoaderHooks
will no longer accept fine-grained options.The following deprecations will most likely not affect you unless you are building an SDK yourself:
arrayify
(#14405)flatten
(#14454)urlEncode
(#14406)validSeverityLevels
(#14407)getNumberOfUrlSegments
(#14458)memoBuilder
,BAGGAGE_HEADER_NAME
, andmakeFifoCache
(#14434)addRequestDataToEvent
andextractRequestData
(#14430)Other Changes
sentry-trace
,baggage
and DSC handling (#14364)openTelemetryInstrumentations
option (#14484)NEXT_REDIRECT
from browser (#14440)Work in this release was contributed by @ NEKOYASAN and @ fmorett. Thank you for your contributions!
Bundle size 📦
Work in this release contributed by @ LubomirIgonda1. Thank you for your contribution!
Bundle size 📦
_sentryModuleMetadata
is not mangled (#14357)Work in this release contributed by @ gilisho. Thank you for your contribution!
Bundle size 📦