Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(deps): update dependency @sentry/nextjs to v7.77.0 [security] - autoclosed #596

Closed
wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Nov 15, 2023

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
@sentry/nextjs (source) 7.74.1 -> 7.77.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2023-46729

Impact

An unsanitized input of Next.js SDK tunnel endpoint allows sending HTTP requests to arbitrary URLs and reflecting the response back to the user. This could open door for other attack vectors:

  • client-side vulnerabilities: XSS/CSRF in the context of the trusted domain;
  • interaction with internal network;
  • read cloud metadata endpoints (AWS, Azure, Google Cloud, etc.);
  • local/remote port scan.

This issue only affects users who have Next.js SDK tunneling feature enabled.

Patches

The problem has been fixed in sentry/nextjs@7.77.0

Workarounds

Disable tunneling by removing the tunnelRoute option from Sentry Next.js SDK config — next.config.js or next.config.mjs.

References

Credits


Release Notes

getsentry/sentry-javascript (@​sentry/nextjs)

v7.77.0

Compare Source

  • feat: Move LinkedErrors integration to @​sentry/core (#​9404)
  • feat(remix): Update sentry-cli version to ^2.21.2 (#​9401)
  • feat(replay): Allow to treeshake & configure compression worker URL (#​9409)
  • fix(angular-ivy): Adjust package entry points to support Angular 17 with SSR config (#​9412)
  • fix(feedback): Fixing feedback import (#​9403)
  • fix(nextjs): Match only numbers as orgid in tunnelRoute (#​9416)
  • fix(nextjs): Strictly validate tunnel target parameters (#​9415)
  • fix(utils): Avoid keeping a reference of last used event (#​9387)

v7.76.0

Compare Source

Important Changes
  • feat(core): Add cron monitor wrapper helper (#​9395)

This release adds Sentry.withMonitor(), a wrapping function that wraps a callback with a cron monitor that will automatically report completions and failures:

import * as Sentry from '@​sentry/node';

// withMonitor() will send checkin when callback is started/finished
// works with async and sync callbacks.
const result = Sentry.withMonitor(
  'dailyEmail',
  () => {
    // withCheckIn return value is same return value here
    return sendEmail();
  },
  // Optional upsert options
  {
    schedule: {
      type: 'crontab',
      value: '0 * * * *',
    },
    // 🇨🇦🫡
    timezone: 'Canada/Eastern',
  },
);
Other Changes
  • chore(angular-ivy): Allow Angular 17 in peer dependencies (#​9386)
  • feat(nextjs): Instrument SSR page components (#​9346)
  • feat(nextjs): Trace errors in page component SSR (#​9388)
  • fix(nextjs): Instrument route handlers with jsx and tsx file extensions (#​9362)
  • fix(nextjs): Trace with performance disabled (#​9389)
  • fix(replay): Ensure replay_id is not added to DSC if session expired (#​9359)
  • fix(replay): Remove unused parts of pako from build (#​9369)
  • fix(serverless): Don't mark all errors as unhandled (#​9368)
  • fix(tracing-internal): Fix case when middleware contain array of routes with special chars as @​ (#​9375)
  • meta(nextjs): Bump peer deps for Next.js 14 (#​9390)

Work in this release contributed by @​LubomirIgonda1. Thank you for your contribution!

v7.75.1

Compare Source

  • feat(browser): Allow collecting of pageload profiles (#​9317)
  • fix(browser): Correct timestamp on pageload profiles (#​9350)
  • fix(nextjs): Use webpack plugin release value to inject release (#​9348)

v7.75.0

Compare Source

Important Changes
  • feat(opentelemetry): Add new @sentry/opentelemetry package (#​9238)

This release publishes a new package, @sentry/opentelemetry. This is a runtime agnostic replacement for @sentry/opentelemetry-node and exports a couple of useful utilities which can be used to use Sentry together with OpenTelemetry.

You can read more about @​sentry/opentelemetry in the Readme.

  • feat(replay): Allow to treeshake rrweb features (#​9274)

Starting with this release, you can configure the following build-time flags in order to reduce the SDK bundle size:

  • __RRWEB_EXCLUDE_CANVAS__
  • __RRWEB_EXCLUDE_IFRAME__
  • __RRWEB_EXCLUDE_SHADOW_DOM__

You can read more about tree shaking in our docs.

Other Changes
  • build(deno): Prepare Deno SDK for release on npm (#​9281)
  • feat: Remove tslib (#​9299)
  • feat(node): Add abnormal session support for ANR (#​9268)
  • feat(node): Remove lru_map dependency (#​9300)
  • feat(node): Vendor cookie module (#​9308)
  • feat(replay): Share performance instrumentation with tracing (#​9296)
  • feat(types): Add missing Profiling types (macho debug image, profile measurements, stack frame properties) (#​9277)
  • feat(types): Add statsd envelope types (#​9304)
  • fix(astro): Add integration default export to types entry point (#​9337)
  • fix(astro): Convert SDK init file import paths to POSIX paths (#​9336)
  • fix(astro): Make Replay and BrowserTracing integrations tree-shakeable (#​9287)
  • fix(integrations): Fix transaction integration (#​9334)
  • fix(nextjs): Restore autoInstrumentMiddleware functionality (#​9323)
  • fix(nextjs): Guard for case where getInitialProps may return undefined (#​9342)
  • fix(node-experimental): Make node-fetch support optional (#​9321)
  • fix(node): Check buffer length when attempting to parse ANR frame (#​9314)
  • fix(replay): Fix xhr start timestamps (#​9341)
  • fix(tracing-internal): Remove query params from urls with a trailing slash (#​9328)
  • fix(types): Remove typo with CheckInEnvelope (#​9303)

Bundle size 📦

Path Size
@​sentry/browser (incl. Tracing, Replay) - Webpack (gzipped) 82.66 KB
@​sentry/browser (incl. Tracing, Replay) - Webpack with treeshaking flags (gzipped) 71.77 KB
@​sentry/browser (incl. Tracing) - Webpack (gzipped) 30.94 KB
@​sentry/browser - Webpack (gzipped) 21.26 KB
@​sentry/browser (incl. Tracing, Replay) - ES6 CDN Bundle (gzipped) 73.03 KB
@​sentry/browser (incl. Tracing) - ES6 CDN Bundle (gzipped) 28.93 KB
@​sentry/browser - ES6 CDN Bundle (gzipped) 21.09 KB
@​sentry/browser (incl. Tracing, Replay) - ES6 CDN Bundle (minified & uncompressed) 233.81 KB
@​sentry/browser (incl. Tracing) - ES6 CDN Bundle (minified & uncompressed) 87.77 KB
@​sentry/browser - ES6 CDN Bundle (minified & uncompressed) 62.76 KB
@​sentry/browser (incl. Tracing) - ES5 CDN Bundle (gzipped) 31.71 KB
@​sentry/react (incl. Tracing, Replay) - Webpack (gzipped) 83.05 KB
@​sentry/react - Webpack (gzipped) 21.29 KB
@​sentry/nextjs Client (incl. Tracing, Replay) - Webpack (gzipped) 99.43 KB
@​sentry/nextjs Client - Webpack (gzipped) 47.83 KB

Configuration

📅 Schedule: Branch creation - "" in timezone Europe/Paris, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/npm-@sentry/nextjs-vulnerability branch from 55a1773 to 92b65f9 Compare December 3, 2023 10:15
Copy link

sonarqubecloud bot commented Dec 3, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@renovate renovate bot force-pushed the renovate/npm-@sentry/nextjs-vulnerability branch from 92b65f9 to b2d80d6 Compare January 28, 2024 13:00
@renovate renovate bot force-pushed the renovate/npm-@sentry/nextjs-vulnerability branch from b2d80d6 to 203a581 Compare February 4, 2024 10:56
@renovate renovate bot changed the title fix(deps): update dependency @sentry/nextjs to v7.77.0 [security] fix(deps): update dependency @sentry/nextjs to v7.77.0 [security] - autoclosed Feb 23, 2024
@renovate renovate bot closed this Feb 23, 2024
@renovate renovate bot deleted the renovate/npm-@sentry/nextjs-vulnerability branch February 23, 2024 23:31
@renovate renovate bot changed the title fix(deps): update dependency @sentry/nextjs to v7.77.0 [security] - autoclosed fix(deps): update dependency @sentry/nextjs to v7.77.0 [security] Feb 24, 2024
@renovate renovate bot reopened this Feb 24, 2024
@renovate renovate bot restored the renovate/npm-@sentry/nextjs-vulnerability branch February 24, 2024 01:37
Copy link

socket-security bot commented Feb 24, 2024

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@ampproject/remapping@2.2.1 None 0 76 kB jridgewell
npm/@babel/compat-data@7.23.2 None 0 64.1 kB nicolo-ribaudo
npm/@babel/core@7.23.2 environment, filesystem, unsafe 0 778 kB nicolo-ribaudo
npm/@babel/helper-compilation-targets@7.22.15 None 0 52.1 kB nicolo-ribaudo
npm/@babel/helper-module-transforms@7.23.0 None 0 157 kB nicolo-ribaudo
npm/@babel/helper-simple-access@7.22.5 None 0 14.1 kB nicolo-ribaudo
npm/@babel/helper-validator-option@7.22.15 None 0 11.6 kB nicolo-ribaudo
npm/@babel/helpers@7.23.2 None 0 584 kB nicolo-ribaudo
npm/@babel/plugin-syntax-async-generators@7.8.4 None 0 2.52 kB nicolo-ribaudo
npm/@babel/plugin-syntax-bigint@7.8.3 None 0 2.42 kB nicolo-ribaudo
npm/@babel/plugin-syntax-class-properties@7.12.13 None 0 2.68 kB nicolo-ribaudo
npm/@babel/plugin-syntax-import-meta@7.10.4 None 0 2.56 kB jlhwung
npm/@babel/plugin-syntax-json-strings@7.8.3 None 0 2.58 kB nicolo-ribaudo
npm/@babel/plugin-syntax-logical-assignment-operators@7.10.4 None 0 2.74 kB jlhwung
npm/@babel/plugin-syntax-nullish-coalescing-operator@7.8.3 None 0 2.63 kB nicolo-ribaudo
npm/@babel/plugin-syntax-numeric-separator@7.10.4 None 0 2.75 kB jlhwung
npm/@babel/plugin-syntax-object-rest-spread@7.8.3 None 0 2.53 kB nicolo-ribaudo
npm/@babel/plugin-syntax-optional-catch-binding@7.8.3 None 0 2.57 kB nicolo-ribaudo
npm/@babel/plugin-syntax-optional-chaining@7.8.3 None 0 2.52 kB nicolo-ribaudo
npm/@babel/plugin-syntax-top-level-await@7.14.5 None 0 2.74 kB nicolo-ribaudo
npm/@babel/plugin-syntax-typescript@7.22.5 None 0 6.86 kB nicolo-ribaudo
npm/@babel/runtime-corejs3@7.23.2 None 0 325 kB nicolo-ribaudo
npm/@bcoe/v8-coverage@0.2.3 None 0 277 kB bcoe
npm/@cspotcode/source-map-support@0.8.1 filesystem 0 102 kB cspotcode
npm/@eslint-community/eslint-utils@4.4.0 None 0 379 kB eslint-community-bot
npm/@eslint/eslintrc@0.4.3 filesystem, unsafe 0 158 kB eslintbot
npm/@humanwhocodes/config-array@0.5.0 None 0 34.9 kB nzakas
npm/@istanbuljs/load-nyc-config@1.1.0 environment, filesystem 0 10.9 kB coreyfarrell
npm/@istanbuljs/schema@0.1.3 None 0 17.2 kB coreyfarrell
npm/@jest/console@27.5.1 None 0 21.6 kB simenb
npm/@jest/core@27.5.1 unsafe 0 174 kB simenb
npm/@jest/environment@27.5.1 None 0 12.4 kB simenb
npm/@jest/fake-timers@27.5.1 None 0 26.5 kB simenb
npm/@jest/globals@27.5.1 None 0 3.56 kB simenb
npm/@jest/reporters@27.5.1 environment, unsafe 0 103 kB simenb
npm/@jest/source-map@27.5.1 None 0 5.65 kB simenb
npm/@jest/test-result@27.5.1 None 0 17.1 kB simenb
npm/@jest/test-sequencer@27.5.1 None 0 10.5 kB simenb
npm/@jest/transform@27.5.1 None 0 51.5 kB simenb
npm/@jest/types@27.5.1 None 0 27.6 kB simenb
npm/@next/eslint-plugin-next@14.0.1 filesystem 0 79.9 kB vercel-release-bot
npm/@one-ini/wasm@0.1.1 filesystem 0 98 kB hildjj
npm/@pkgr/utils@2.4.2 environment 0 34.2 kB jounqin
npm/@sentry-internal/feedback@7.118.0 None 0 363 kB sentry-bot
npm/@sentry-internal/replay-canvas@7.118.0 None 0 504 kB sentry-bot
npm/@sentry-internal/tracing@7.118.0 network 0 1.39 MB sentry-bot
npm/@sentry/browser@7.118.0 network 0 743 kB sentry-bot
npm/@sentry/cli@1.77.3 environment, filesystem, network, shell 0 87.2 kB sentry-bot
npm/@sentry/core@7.118.0 None 0 1.92 MB sentry-bot
npm/@sentry/integrations@7.118.0 None 0 276 kB sentry-bot
npm/@sentry/nextjs@7.118.0 environment, filesystem, network 0 1.95 MB sentry-bot
npm/@sentry/node@7.118.0 environment, filesystem, network, shell, unsafe 0 2.13 MB sentry-bot
npm/@sentry/react@7.118.0 None 0 341 kB sentry-bot
npm/@sentry/replay@7.118.0 None 0 3.78 MB sentry-bot
npm/@sentry/types@7.118.0 None 0 314 kB sentry-bot
npm/@sentry/utils@7.118.0 network 0 1.28 MB sentry-bot
npm/@sentry/vercel-edge@7.118.0 environment, network 0 142 kB sentry-bot
npm/@sentry/webpack-plugin@1.21.0 environment, filesystem 0 55.3 kB sentry-bot
npm/@sinonjs/commons@1.8.6 None 0 38.7 kB mrgnrdrck
npm/@sinonjs/fake-timers@8.1.0 eval 0 89.1 kB fatso83
npm/@socialgouv/eslint-config-typescript@1.131.0 None 0 16.3 kB socialgroovybot
npm/@tsconfig/node10@1.0.9 None 0 2.39 kB typescript-deploys
npm/@tsconfig/node12@1.0.11 None 0 2.5 kB typescript-deploys
npm/@tsconfig/node14@1.0.3 None 0 2.39 kB typescript-deploys
npm/@tsconfig/node16@1.0.4 None 0 2.45 kB typescript-deploys
npm/@types/babel__core@7.20.3 None 0 33 kB types
npm/@types/babel__generator@7.6.6 None 0 11.1 kB types
npm/@types/babel__template@7.4.3 None 0 6.41 kB types
npm/@types/babel__traverse@7.20.3 None 0 84.1 kB types
npm/@types/faker@5.5.9 None 0 22.2 kB types
npm/@types/graceful-fs@4.1.8 None 0 3.9 kB types
npm/@types/istanbul-lib-coverage@2.0.5 None 0 5.45 kB types
npm/@types/istanbul-lib-report@3.0.2 None 0 7.92 kB types
npm/@types/istanbul-reports@3.0.3 None 0 6.68 kB types
npm/@types/json-schema@7.0.14 None 0 31.7 kB types
npm/@types/prettier@2.7.3 None 0 49.8 kB types
npm/@types/react-datepicker@4.19.0 None 0 14.8 kB types
npm/@types/react@17.0.37 None 0 177 kB types
npm/@types/semver@7.5.3 None 0 23.8 kB types
npm/@types/stack-utils@2.0.1 None 0 6.97 kB types
npm/@types/yargs-parser@21.0.1 None 0 8.93 kB types
npm/@types/yargs@16.0.6 None 0 54.1 kB types
npm/@typescript-eslint/eslint-plugin@4.33.0 None 0 2.36 MB jameshenry
npm/@typescript-eslint/experimental-utils@4.33.0 None 0 422 kB jameshenry
npm/@typescript-eslint/parser@4.33.0 None 0 71.5 kB jameshenry
npm/@typescript-eslint/utils@5.62.0 None 0 501 kB jameshenry
npm/abab@2.0.6 None 0 10.4 kB jeffcarp
npm/accepts@1.3.8 None 0 16.8 kB dougwilson
npm/acorn-globals@6.0.0 None 0 9.1 kB timothygu
npm/acorn-walk@7.2.0 None 0 100 kB marijn
npm/acorn@7.4.1 None 0 1.21 MB marijn
npm/addressparser@1.0.1 None 0 11.7 kB andris
npm/after@0.8.2 None 0 7.19 kB raynos
npm/ansi-colors@4.1.3 environment 0 26.1 kB jonschlinkert
npm/ansi-escapes@4.3.2 None 0 16.4 kB sindresorhus
npm/arg@4.1.3 None 0 12.9 kB qix
npm/argparse@1.0.10 environment, filesystem 0 116 kB vitaly
npm/array-flatten@1.1.1 None 0 4.42 kB blakeembrey
npm/arraybuffer.slice@0.0.7 None 0 10 kB rase-
npm/astral-regex@2.0.0 None 0 3.4 kB kevva
npm/async@3.2.4 None 0 821 kB hargasinski
npm/babel-jest@27.5.1 environment 0 14.4 kB simenb
npm/babel-plugin-istanbul@6.1.1 environment, filesystem, shell 0 25.7 kB oss-bot
npm/babel-plugin-jest-hoist@27.5.1 None 0 13.7 kB simenb
npm/babel-preset-current-node-syntax@1.0.1 eval 0 5.46 kB nicolo-ribaudo
npm/babel-preset-jest@27.5.1 None 0 2.73 kB simenb
npm/backo2@1.0.2 None 0 3.1 kB mokesmokes
npm/base32.js@0.1.0 None 0 62.3 kB mikepb
npm/base64id@1.0.0 None 0 4.26 kB darrachequesne
npm/better-assert@1.0.2 environment, filesystem 0 3.91 kB tony_ado
npm/blob@0.0.5 None 0 30.6 kB amitport
npm/body-parser@1.20.1 network 0 60.3 kB dougwilson
npm/bplist-parser@0.2.0 filesystem 0 47.9 kB joeferner
npm/browser-process-hrtime@1.0.0 None 0 3.52 kB kumavis
npm/bser@2.1.1 None 0 18 kB wez
npm/bundle-name@3.0.0 None 0 3.13 kB sindresorhus
npm/callsite@1.0.0 None 0 1.47 kB tjholowaychuk
npm/camel-case@3.0.0 None 0 2.99 kB blakeembrey
npm/camelcase@6.3.0 None 0 11.7 kB sindresorhus
npm/char-regex@1.0.2 None 0 4.96 kB richienb
npm/cheerio@0.18.0 None 0 691 kB jugglinmike
npm/ci-info@3.9.0 environment 0 26.1 kB sibiraj-s
npm/cjs-module-lexer@1.2.3 None 0 139 kB guybedford
npm/clean-css@4.2.4 environment, filesystem, network 0 438 kB jakub.pawlowicz
npm/cli-cursor@3.1.0 None 0 4.37 kB sindresorhus
npm/cli-truncate@3.1.0 None 0 11.4 kB sindresorhus
npm/cliui@7.0.4 None 0 30.6 kB oss-bot
npm/co@4.6.0 None 0 16 kB jongleberry
npm/collect-v8-coverage@1.0.2 unsafe 0 5.14 kB simenb
npm/commander@9.5.0 environment, filesystem, shell 0 173 kB abetomo
npm/component-bind@1.0.0 None 0 2.43 kB tootallnate
npm/component-emitter@1.3.0 None 0 8 kB nami-doc
npm/component-inherit@0.0.3 None 0 1.65 kB coreh
npm/config-chain@1.1.13 environment, filesystem, network 0 15 kB isaacs
npm/content-disposition@0.5.4 None 0 19.1 kB dougwilson
npm/content-type@1.0.5 None 0 10.5 kB dougwilson
npm/cookie-signature@1.0.6 None 0 3.94 kB natevw
npm/core-js-pure@3.33.0 environment, eval, filesystem 0 1.06 MB zloirock
npm/cors@2.8.5 None 0 20 kB dougwilson
npm/create-require@1.1.1 filesystem, unsafe 0 6.25 kB pi0
npm/cssom@0.4.4 None 0 48.7 kB nv
npm/cssselect@0.4.1 None 0 0 B
npm/cssstyle@2.3.0 None 0 176 kB jon.sakas
npm/csswhat@0.4.7 None 0 0 B
npm/csv-parse@5.5.2 None 0 1.4 MB david
npm/csv-stringify@6.4.4 None 0 921 kB david
npm/data-urls@2.0.0 None 0 8.08 kB domenic
npm/decimal.js@10.4.3 None 0 283 kB mikemcl
npm/dedent@0.7.0 None 0 4.85 kB dmnd
npm/deepmerge@4.3.1 None 0 31.2 kB tehshrike
npm/default-browser-id@3.0.0 filesystem 0 3.46 kB sindresorhus
npm/default-browser@4.0.0 None 0 5.2 kB sindresorhus
npm/define-lazy-prop@3.0.0 None 0 4.42 kB sindresorhus
npm/destroy@1.2.0 filesystem 0 9.02 kB dougwilson
npm/detect-newline@3.1.0 None 0 3.77 kB sindresorhus
npm/detect-node@2.0.4 None 0 2.55 kB iliakan
npm/diff-sequences@27.5.1 None 0 53 kB simenb
npm/diff@4.0.2 None 0 335 kB kpdecker
npm/domexception@2.0.1 None 0 15.5 kB domenic
npm/editorconfig@1.0.4 filesystem 0 35 kB hildjj
npm/emittery@0.8.1 None 0 35.5 kB sindresorhus
npm/encodeurl@1.0.2 None 0 7.86 kB dougwilson
npm/engine.io-client@3.3.3 None 0 176 kB darrachequesne
npm/engine.io-parser@2.1.3 None 0 39.2 kB darrachequesne
npm/engine.io@3.3.2 environment, network 0 69.1 kB darrachequesne
npm/enquirer@2.4.1 environment 0 189 kB jonschlinkert
npm/error-ex@1.3.2 None 0 9.04 kB qix
npm/escape-goat@3.0.0 None 0 6.36 kB sindresorhus
npm/escape-html@1.0.3 None 0 3.66 kB dougwilson
npm/escodegen@2.1.0 None 0 109 kB michaelficarra
npm/eslint-config-next@14.0.1 unsafe 0 4.84 kB vercel-release-bot
npm/eslint-import-resolver-typescript@3.5.5 None 0 46.8 kB jounqin
npm/eslint-scope@5.1.1 None 0 78.4 kB eslintbot
npm/eslint@7.32.0 filesystem 0 3.19 MB eslintbot
npm/espree@6.2.1 None 0 68.8 kB eslintbot
npm/esprima@4.0.1 None 0 314 kB ariya
npm/execa@7.2.0 environment 0 78.9 kB sindresorhus
npm/exit@0.1.2 None 0 59.8 kB cowboy
npm/expect@27.5.1 eval 0 172 kB simenb
npm/express@4.18.2 environment, filesystem, network 0 214 kB dougwilson
npm/extend@3.0.2 None 0 23.5 kB ljharb
npm/faker@5.5.3 None 0 10.1 MB marak
npm/fast-diff@1.3.0 None 0 52.3 kB luin
npm/fb-watchman@2.0.2 environment, network, shell 0 11 kB bolinfest
npm/finalhandler@1.2.0 environment 0 18.6 kB dougwilson
npm/forwarded@0.2.0 None 0 5.88 kB dougwilson
npm/fresh@0.5.2 None 0 10.1 kB dougwilson
npm/functional-red-black-tree@1.0.1 None 0 43.5 kB mikolalysenko
npm/gensync@1.0.0-beta.2 None 0 28.9 kB loganfsmyth
npm/get-caller-file@2.0.5 None 0 4.72 kB stefanpenner
npm/get-package-type@0.1.0 filesystem 0 6.01 kB coreyfarrell
npm/get-stream@6.0.1 None 0 12.2 kB sindresorhus
npm/globals@11.12.0 None 0 39.8 kB sindresorhus
npm/has-binary2@1.0.3 None 0 5.01 kB darrachequesne
npm/has-cors@1.1.0 None 0 2.71 kB shtylman
npm/html-encoding-sniffer@2.0.1 None 0 11.5 kB domenic
npm/html-escaper@2.0.2 None 0 13.1 kB webreflection
npm/html-minifier@4.0.0 None 0 96.8 kB alexlamsl

🚮 Removed packages: npm/@sentry-internal/tracing@7.74.1, npm/@sentry/browser@7.74.1, npm/@sentry/core@7.74.1, npm/@sentry/integrations@7.74.1, npm/@sentry/nextjs@7.74.1, npm/@sentry/node@7.74.1, npm/@sentry/react@7.74.1, npm/@sentry/replay@7.74.1, npm/@sentry/types@7.74.1, npm/@sentry/utils@7.74.1, npm/@sentry/vercel-edge@7.74.1, npm/@sentry/webpack-plugin@1.20.0, npm/html2canvas@1.4.1, npm/htmlparser2@7.2.0, npm/http-errors@1.7.3, npm/https-browserify@1.0.0, npm/iconv-lite@0.4.24, npm/ieee754@1.2.1, npm/image-size@1.0.0, npm/inline-style-parser@0.1.1, npm/is-arguments@1.1.1, npm/is-nan@1.3.2, npm/isarray@1.0.0, npm/javascript-state-machine@3.1.0, npm/jest-worker@27.0.0-next.5, npm/js-base64@3.7.5, npm/jspdf-autotable@3.7.0, npm/jspdf@2.5.1, npm/jszip@3.10.1, npm/language-tags@1.0.9, npm/loader-utils@1.2.3, npm/locate-path@5.0.0, npm/lru-cache@6.0.0, npm/lru_map@0.3.3, npm/make-dir@3.1.0, npm/md5.js@1.3.5, npm/merge-stream@2.0.0, npm/miller-rabin@4.0.1, npm/mini-svg-data-uri@1.4.4, npm/minimalistic-assert@1.0.1, npm/minimalistic-crypto-utils@1.0.1, npm/minimatch@3.1.2, npm/multer@1.4.4, npm/native-url@0.3.4, npm/next-auth@4.0.2, npm/next@11.1.4, npm/node-html-parser@1.4.9, npm/node-libs-browser@2.2.1, npm/node-releases@1.1.77, npm/object-is@1.1.5, npm/on-finished@2.4.1, npm/os-browserify@0.3.0, npm/p-locate@4.1.0, npm/pako@1.0.11, npm/parse-asn1@5.1.6, npm/path-browserify@0.0.1, npm/path-is-absolute@1.0.1, npm/pbkdf2@3.1.2, npm/performance-now@2.1.0, npm/pkg-dir@4.2.0, npm/platform@1.3.6, npm/pnp-webpack-plugin@1.6.4, npm/postcss@8.2.15, npm/process-nextick-args@2.0.1, npm/process@0.11.10, npm/public-encrypt@4.0.3, npm/punycode@1.4.1, npm/querystring-es3@0.2.1, npm/querystring@0.2.1, npm/queue@6.0.2, npm/raf@3.4.1, npm/randombytes@2.1.0, npm/randomfill@1.0.4, npm/raw-body@2.4.1, npm/react-chartjs-2@4.3.1, npm/react-dom@17.0.2, npm/react-property@2.0.0, npm/react-refresh@0.8.3, npm/react@17.0.2, npm/readable-stream@2.3.8, npm/readdirp@3.5.0, npm/remixicon@2.5.0, npm/rgbcolor@1.0.1, npm/ripemd160@2.0.2, npm/safe-buffer@5.1.2, npm/sax@1.3.0, npm/scheduler@0.20.2, npm/setprototypeof@1.1.1, npm/sha.js@2.4.11, npm/shell-quote@1.7.2, npm/source-map@0.7.3, npm/stackblur-canvas@2.6.0, npm/statuses@1.5.0, npm/stream-browserify@2.0.2, npm/stream-http@2.8.3, npm/stream-parser@0.3.1, npm/streamsearch@0.1.2, npm/string-hash@1.1.3, npm/string_decoder@1.1.1, npm/strip-ansi@6.0.0, npm/style-to-js@1.1.1, npm/style-to-object@0.3.0, npm/styled-jsx@4.0.1, npm/stylis-rule-sheet@0.0.10, npm/stylis@3.5.4, npm/svg-pathdata@6.0.3, npm/swr@1.3.0, npm/text-segmentation@1.0.3, npm/timers-browserify@2.0.12, npm/to-arraybuffer@1.0.1, npm/toidentifier@1.0.0, npm/ts-pnp@1.2.0, npm/tslib@2.6.2, npm/tty-browserify@0.0.0, npm/unpipe@1.0.0, npm/url@0.11.3, npm/use-debounce@7.0.1, npm/use-subscription@1.5.1, npm/util@0.11.1, npm/utrie@1.0.2, npm/uuid@8.3.2, npm/vm-browserify@1.1.2, npm/watchpack@2.1.1, npm/xml-js@1.6.11, npm/xml@1.0.1

View full report↗︎

@renovate renovate bot force-pushed the renovate/npm-@sentry/nextjs-vulnerability branch from 203a581 to abe7676 Compare February 24, 2024 01:49
@renovate renovate bot force-pushed the renovate/npm-@sentry/nextjs-vulnerability branch from abe7676 to c258817 Compare March 12, 2024 11:51
Copy link

socket-security bot commented Mar 12, 2024

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert Package NoteSourceCI
Install scripts npm/core-js-pure@3.33.0
  • Install script: postinstall
  • Source: node -e "try{require('./postinstall')}catch(e){}"
🚫

View full report↗︎

Next steps

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

  • @SocketSecurity ignore npm/core-js-pure@3.33.0

@renovate renovate bot force-pushed the renovate/npm-@sentry/nextjs-vulnerability branch from c258817 to 274767c Compare March 20, 2024 13:38
@renovate renovate bot force-pushed the renovate/npm-@sentry/nextjs-vulnerability branch from 274767c to a7a6778 Compare March 24, 2024 13:50
@renovate renovate bot force-pushed the renovate/npm-@sentry/nextjs-vulnerability branch from a7a6778 to d64ef31 Compare April 14, 2024 12:00
@renovate renovate bot force-pushed the renovate/npm-@sentry/nextjs-vulnerability branch from d64ef31 to 29e8afc Compare April 21, 2024 08:47
@renovate renovate bot force-pushed the renovate/npm-@sentry/nextjs-vulnerability branch from 29e8afc to 4407323 Compare April 25, 2024 07:42
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

@renovate renovate bot force-pushed the renovate/npm-@sentry/nextjs-vulnerability branch from 4407323 to 8d8d708 Compare June 4, 2024 12:55
Copy link

sonarqubecloud bot commented Jun 4, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

@renovate renovate bot force-pushed the renovate/npm-@sentry/nextjs-vulnerability branch from 8d8d708 to 79d039e Compare July 21, 2024 12:36
Copy link

@renovate renovate bot changed the title fix(deps): update dependency @sentry/nextjs to v7.77.0 [security] fix(deps): update dependency @sentry/nextjs to v7.77.0 [security] - autoclosed Aug 6, 2024
@renovate renovate bot closed this Aug 6, 2024
@renovate renovate bot deleted the renovate/npm-@sentry/nextjs-vulnerability branch August 6, 2024 06:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants