Sourced from body-parser's releases.
1.20.3
What's Changed
Important
- deps: qs@6.13.0
- add
depth
option to customize the depth level in the parser- IMPORTANT: The default
depth
level for parsing URL-encoded data is now32
(previously wasInfinity
). DocumentationOther changes
- chore: add support for OSSF scorecard reporting by
@inigomarquinez
in expressjs/body-parser#522- ci: fix errors in ci github action for node 8 and 9 by
@inigomarquinez
in expressjs/body-parser#523- fix: pin to node@22.4.1 by
@wesleytodd
in expressjs/body-parser#527- deps: qs@6.12.3 by
@melikhov-dev
in expressjs/body-parser#521- Add OSSF Scorecard badge by
@bjohansebas
in expressjs/body-parser#531- Linter by
@UlisesGascon
in expressjs/body-parser#534- Release: 1.20.3 by
@UlisesGascon
in expressjs/body-parser#535New Contributors
@inigomarquinez
made their first contribution in expressjs/body-parser#522@melikhov-dev
made their first contribution in expressjs/body-parser#521@bjohansebas
made their first contribution in expressjs/body-parser#531@UlisesGascon
made their first contribution in expressjs/body-parser#534Full Changelog: https://github.com/expressjs/body-parser/compare/1.20.2...1.20.3
Sourced from body-parser's changelog.
1.20.3 / 2024-09-10
- deps: qs@6.13.0
- add
depth
option to customize the depth level in the parser- IMPORTANT: The default
depth
level for parsing URL-encoded data is now32
(previously wasInfinity
)
1752951
1.20.339744cf
chore: linter (#534)b2695c4
Merge commit from forkade0f3f
add scorecard to readme (#531)99a1bd6
deps: qs@6.12.3 (#521)9478591
fix: pin to node@22.4.183db46a
ci: fix errors in ci github action for node 8 and 9 (#523)9d4e212
chore: add support for OSSF scorecard reporting (#522)This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.
Sourced from express's releases.
4.21.0
What's Changed
- Deprecate
"back"
magic string in redirects by@blakeembrey
in expressjs/express#5935- finalhandler@1.3.1 by
@wesleytodd
in expressjs/express#5954- fix(deps): serve-static@1.16.2 by
@wesleytodd
in expressjs/express#5951- Upgraded dependency qs to 6.13.0 to match qs in body-parser by
@agadzinski93
in expressjs/express#5946New Contributors
@agadzinski93
made their first contribution in expressjs/express#5946Full Changelog: https://github.com/expressjs/express/compare/4.20.0...4.21.0
4.20.0
What's Changed
Important
- IMPORTANT: The default
depth
level for parsing URL-encoded data is now32
(previously wasInfinity
)- Remove link renderization in html while using
res.redirect
Other Changes
- 4.19.2 Staging by
@wesleytodd
in expressjs/express#5561- remove duplicate location test for data uri by
@wesleytodd
in expressjs/express#5562- feat: document beta releases expectations by
@marco-ippolito
in expressjs/express#5565- Cut down on duplicated CI runs by
@jonchurch
in expressjs/express#5564- Add a Threat Model by
@UlisesGascon
in expressjs/express#5526- Assign captain of encodeurl by
@blakeembrey
in expressjs/express#5579- Nominate jonchurch as repo captain for
http-errors
,expressjs.com
,morgan
,cors
,body-parser
by@jonchurch
in expressjs/express#5587- docs: update Security.md by
@inigomarquinez
in expressjs/express#5590- docs: update triage nomination policy by
@UlisesGascon
in expressjs/express#5600- Add CodeQL (SAST) by
@UlisesGascon
in expressjs/express#5433- docs: add UlisesGascon as triage initiative captain by
@UlisesGascon
in expressjs/express#5605- deps: encodeurl@~2.0.0 by
@blakeembrey
in expressjs/express#5569- skip QUERY method test by
@jonchurch
in expressjs/express#5628- ignore ETAG query test on 21 and 22, reuse skip util by
@jonchurch
in expressjs/express#5639- add support Node.js@22 in the CI by
@mertcanaltin
in expressjs/express#5627- doc: add table of contents, tc/triager lists to readme by
@mertcanaltin
in expressjs/express#5619- List and sort all projects, add captains by
@blakeembrey
in expressjs/express#5653- docs: add
@UlisesGascon
as captain for cookie-parser by@UlisesGascon
in expressjs/express#5666- ✨ bring back query tests for node 21 by
@ctcpip
in expressjs/express#5690- [v4] Deprecate
res.clearCookie
acceptingoptions.maxAge
andoptions.expires
by@jonchurch
in expressjs/express#5672- skip QUERY tests for Node 21 only, still not supported by
@jonchurch
in expressjs/express#5695- 📝 update people, add ctcpip to TC by
@ctcpip
in expressjs/express#5683- remove minor version pinning from ci by
@jonchurch
in expressjs/express#5722- Fix link variable use in attribution section of CODE OF CONDUCT by
@IamLizu
in expressjs/express#5762- Replace Appveyor windows testing with GHA by
@jonchurch
in expressjs/express#5599- Add OSSF Scorecard badge by
@UlisesGascon
in expressjs/express#5436- update scorecard link by
@bjohansebas
in expressjs/express#5814- Nominate
@IamLizu
to the triage team by@UlisesGascon
in expressjs/express#5836- deps: path-to-regexp@0.1.8 by
@blakeembrey
in expressjs/express#5603
... (truncated)
Sourced from express's changelog.
4.21.0 / 2024-09-11
- Deprecate
res.location("back")
andres.redirect("back")
magic string- deps: serve-static@1.16.2
- includes send@0.19.0
- deps: finalhandler@1.3.1
- deps: qs@6.13.0
4.20.0 / 2024-09-10
- deps: serve-static@0.16.0
- Remove link renderization in html while redirecting
- deps: send@0.19.0
- Remove link renderization in html while redirecting
- deps: body-parser@0.6.0
- add
depth
option to customize the depth level in the parser- IMPORTANT: The default
depth
level for parsing URL-encoded data is now32
(previously wasInfinity
)- Remove link renderization in html while using
res.redirect
- deps: path-to-regexp@0.1.10
- Adds support for named matching groups in the routes using a regex
- Adds backtracking protection to parameters without regexes defined
- deps: encodeurl@~2.0.0
- Removes encoding of
\
,|
, and^
to align better with URL spec- Deprecate passing
options.maxAge
andoptions.expires
tores.clearCookie
- Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie
7e562c6
4.21.01bcde96
fix(deps): qs@6.13.0 (#5946)7d36477
fix(deps): serve-static@1.16.2 (#5951)40d2d8f
fix(deps): finalhandler@1.3.177ada90
Deprecate "back"
magic string in redirects (#5935)21df421
4.20.04c9ddc1
feat: upgrade to serve-static@0.16.09ebe5d5
feat: upgrade to send@0.19.0 (#5928)ec4a01b
feat: upgrade to body-parser@1.20.3 (#5926)54271f6
fix: don't render redirect values in anchor hrefThis version was pushed to npm by antfu, a new releaser for eslint-plugin-unused-imports since your current version.
Sourced from webpack's releases.
v5.95.0
Bug Fixes
- Fixed hanging when attempting to read a symlink-like file that it can't read
- Handle
default
for import context element dependency- Merge duplicate chunks call after split chunks
- Generate correctly code for dynamically importing the same file twice and destructuring
- Use content hash as [base] and [name] for extracted DataURI's
- Distinguish
module
andimport
inmodule-import
for externalsimport
's- [Types] Make
EnvironmentPlugin
default values types less strict- [Types] Typescript 5.6 compatibility
New Features
- Add new
optimization.avoidEntryIife
option (true
by default for theproduction
mode)- Pass output.hash* options to loader context
Performance
- Avoid unneeded re-visit in build chunk graph
v5.94.0
Bug Fixes
- Added runtime condition for harmony reexport checked
- Handle properly
data
/http
/https
protocols in source maps- Make
bigint
optimistic when browserslist not found- Move
@types/eslint-scope
to dev deps- Related in asset stats is now always an array when no related found
- Handle ASI for export declarations
- Mangle destruction incorrect with export named default properly
- Fixed unexpected asi generation with sequence expression
- Fixed a lot of types
New Features
- Added new external type "module-import"
- Support
webpackIgnore
fornew URL()
construction- [CSS]
@import
pathinfo supportSecurity
- Fixed DOM clobbering in auto public path
v5.93.0
Bug Fixes
- Generate correct relative path to runtime chunks
- Makes
DefinePlugin
quieter under default log level- Fixed mangle destructuring default in namespace import
... (truncated)
e20fd63
chore(release): 5.95.04866b0d
feat: added new optimization.entryIife
optiond90f692
fix: merge duplicate chunks after split chunks90dec30
fix(externals): distinguish “module” and “import” in
“module-import”c1a0a46
fix(externals): distinguish “module” and “import” in
“module-import”14d8fa8
fix: all tests casesdae16ad
feat: pass output.hash* options to loader context75d185d
feat: pass output.hash*
options to loader context46e0b9c
test: update8e62f9f
testSourced from cross-spawn's changelog.
7.0.6 (2024-11-18)
Bug Fixes
- update cross-spawn version to 7.0.5 in package-lock.json (f700743)
7.0.5 (2024-11-07)
Bug Fixes
- fix escaping bug introduced by backtracking (640d391)
7.0.4 (2024-11-07)
Bug Fixes
77cd97f
chore(release): 7.0.66717de4
chore: upgrade standard-versionf700743
fix: update cross-spawn version to 7.0.5 in package-lock.json9a7e3b2
chore: fix build status badge0852683
chore(release): 7.0.5640d391
fix: fix escaping bug introduced by backtrackingbff0c87
chore: remove codecova7c6abc
chore: replace travis with github workflows9b9246e
chore(release): 7.0.45ff3a07
fix: disable regexp backtracking (#160)b8a7edd
6.6.034c8534
fix: signature verification due to leading zeros3e46a48
6.5.7accb61e
lib: DER signature decoding correctionSourced from cookie's releases.
0.7.1
Fixed
- Allow leading dot for domain (#174)
- Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec
- Add fast path for
serialize
without options, useobj.hasOwnProperty
when parsing (#172)https://github.com/jshttp/cookie/compare/v0.7.0...v0.7.1
0.7.0
- perf: parse cookies ~10% faster (#144 by
@kurtextrem
and #170)- fix: narrow the validation of cookies to match RFC6265 (#167 by
@bewinsnw
)- fix: add
main
topackage.json
for rspack (#166 by@proudparrot2
)
cf4658f
0.7.16a8b8f5
Allow leading dot for domain (#174)58015c0
Remove more code and perf wins (#172)ab057d6
0.7.05f02ca8
Migrate history to GitHub releasesa5d591c
Migrate history to GitHub releases51968f9
Skip isNaN9e7ca51
perf(parse): cache length, return early (#144)d6f39b0
Fix tests for old node6bb701f
Remove failing scorecardThis version was pushed to npm by blakeembrey, a new releaser for cookie since your current version.
Sourced from express's releases.
4.21.1
What's Changed
- Backport a fix for CVE-2024-47764 to the 4.x branch by
@joshbuker
in expressjs/express#6029- Release: 4.21.1 by
@UlisesGascon
in expressjs/express#6031Full Changelog: https://github.com/expressjs/express/compare/4.21.0...4.21.1
4.21.0
What's Changed
- Deprecate
"back"
magic string in redirects by@blakeembrey
in expressjs/express#5935- finalhandler@1.3.1 by
@wesleytodd
in expressjs/express#5954- fix(deps): serve-static@1.16.2 by
@wesleytodd
in expressjs/express#5951- Upgraded dependency qs to 6.13.0 to match qs in body-parser by
@agadzinski93
in expressjs/express#5946New Contributors
@agadzinski93
made their first contribution in expressjs/express#5946Full Changelog: https://github.com/expressjs/express/compare/4.20.0...4.21.0
4.20.0
What's Changed
Important
- IMPORTANT: The default
depth
level for parsing URL-encoded data is now32
(previously wasInfinity
)- Remove link renderization in html while using
res.redirect
Other Changes
- 4.19.2 Staging by
@wesleytodd
in expressjs/express#5561- remove duplicate location test for data uri by
@wesleytodd
in expressjs/express#5562- feat: document beta releases expectations by
@marco-ippolito
in expressjs/express#5565- Cut down on duplicated CI runs by
@jonchurch
in expressjs/express#5564- Add a Threat Model by
@UlisesGascon
in expressjs/express#5526- Assign captain of encodeurl by
@blakeembrey
in expressjs/express#5579- Nominate jonchurch as repo captain for
http-errors
,expressjs.com
,morgan
,cors
,body-parser
by@jonchurch
in expressjs/express#5587- docs: update Security.md by
@inigomarquinez
in expressjs/express#5590- docs: update triage nomination policy by
@UlisesGascon
in expressjs/express#5600- Add CodeQL (SAST) by
@UlisesGascon
in expressjs/express#5433- docs: add UlisesGascon as triage initiative captain by
@UlisesGascon
in expressjs/express#5605- deps: encodeurl@~2.0.0 by
@blakeembrey
in expressjs/express#5569- skip QUERY method test by
@jonchurch
in expressjs/express#5628- ignore ETAG query test on 21 and 22, reuse skip util by
@jonchurch
in expressjs/express#5639- add support Node.js@22 in the CI by
@mertcanaltin
in expressjs/express#5627- doc: add table of contents, tc/triager lists to readme by
@mertcanaltin
in expressjs/express#5619- List and sort all projects, add captains by
@blakeembrey
in expressjs/express#5653- docs: add
@UlisesGascon
as captain for cookie-parser by@UlisesGascon
in expressjs/express#5666- ✨ bring back query tests for node 21 by
@ctcpip
in expressjs/express#5690- [v4] Deprecate
res.clearCookie
acceptingoptions.maxAge
andoptions.expires
by@jonchurch
in expressjs/express#5672- skip QUERY tests for Node 21 only, still not supported by
@jonchurch
in expressjs/express#5695
... (truncated)
Sourced from express's changelog.
4.21.1 / 2024-10-08
- Backported a fix for CVE-2024-47764
4.21.0 / 2024-09-11
- Deprecate
res.location("back")
andres.redirect("back")
magic string- deps: serve-static@1.16.2
- includes send@0.19.0
- deps: finalhandler@1.3.1
- deps: qs@6.13.0
4.20.0 / 2024-09-10
- deps: serve-static@0.16.0
- Remove link renderization in html while redirecting
- deps: send@0.19.0
- Remove link renderization in html while redirecting
- deps: body-parser@0.6.0
- add
depth
option to customize the depth level in the parser- IMPORTANT: The default
depth
level for parsing URL-encoded data is now32
(previously wasInfinity
)- Remove link renderization in html while using
res.redirect
- deps: path-to-regexp@0.1.10
- Adds support for named matching groups in the routes using a regex
- Adds backtracking protection to parameters without regexes defined
- deps: encodeurl@~2.0.0
- Removes encoding of
\
,|
, and^
to align better with URL spec- Deprecate passing
options.maxAge
andoptions.expires
tores.clearCookie
- Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie
8e229f9
4.21.1a024c8a
fix(deps): cookie@0.7.17e562c6
4.21.01bcde96
fix(deps): qs@6.13.0 (#5946)7d36477
fix(deps): serve-static@1.16.2 (#5951)40d2d8f
fix(deps): finalhandler@1.3.177ada90
Deprecate "back"
magic string in redirects (#5935)21df421
4.20.04c9ddc1
feat: upgrade to serve-static@0.16.09ebe5d5
feat: upgrade to send@0.19.0 (#5928)Sourced from @sentry/nextjs
's
releases.
8.41.0
Important Changes
meta(nuxt): Require minimum Nuxt v3.7.0 (#14473)
We formalized that the Nuxt SDK is at minimum compatible with Nuxt version 3.7.0 and above. Additionally, the SDK requires the implicit
nitropack
dependency to satisfy version^2.10.0
andofetch
to satisfy^1.4.0
. It is recommended to check your lock-files and manually upgrade these dependencies if they don't match the version ranges.Deprecations
We are deprecating a few APIs which will be removed in the next major.
The following deprecations will potentially affect you:
feat(core): Update & deprecate
undefined
option handling (#14450)In the next major version we will change how passing
undefined
totracesSampleRate
/tracesSampler
/enableTracing
will behave.Currently, doing the following:
Sentry.init({ tracesSampleRate: undefined, });
Will result in tracing being enabled (although no spans will be generated) because the
tracesSampleRate
key is present in the options object. In the next major version, this behavior will be changed so that passingundefined
(or rather having atracesSampleRate
key) will result in tracing being disabled, the same as not passing the option at all. If you are currently relying onundefined
being passed, and and thus have tracing enabled, it is recommended to update your config to set e.g.tracesSampleRate: 0
instead, which will also enable tracing in v9.The same applies to
tracesSampler
andenableTracing
.feat(core): Log warnings when returning
null
inbeforeSendSpan
(#14433)Currently, the
beforeSendSpan
option inSentry.init()
allows you to drop individual spans from a trace by returningnull
from the hook. Since this API lends itself to creating "gaps" inside traces, we decided to change how this API will work in the next major version.With the next major version the
beforeSendSpan
API can only be used to mutate spans, but no longer to drop them. With this release the SDK will warn you if you are using this API to drop spans. Instead, it is recommended to configure instrumentation (i.e. integrations) directly to control what spans are created.Additionally, with the next major version, root spans will also be passed to
beforeSendSpan
.feat(utils): Deprecate
@sentry/utils
(#14431)With the next major version the
@sentry/utils
package will be merged into the@sentry/core
package. It is therefore no longer recommended to use the@sentry/utils
package.feat(vue): Deprecate configuring Vue tracing options anywhere else other than through the
vueIntegration
'stracingOptions
option (#14385)
... (truncated)
Sourced from @sentry/nextjs
's
changelog.
8.41.0
Important Changes
meta(nuxt): Require minimum Nuxt v3.7.0 (#14473)
We formalized that the Nuxt SDK is at minimum compatible with Nuxt version 3.7.0 and above. Additionally, the SDK requires the implicit
nitropack
dependency to satisfy version^2.10.0
andofetch
to satisfy^1.4.0
. It is recommended to check your lock-files and manually upgrade these dependencies if they don't match the version ranges.Deprecations
We are deprecating a few APIs which will be removed in the next major.
The following deprecations will potentially affect you:
feat(core): Update & deprecate
undefined
option handling (#14450)In the next major version we will change how passing
undefined
totracesSampleRate
/tracesSampler
/enableTracing
will behave.Currently, doing the following:
Sentry.init({ tracesSampleRate: undefined, });
Will result in tracing being enabled (although no spans will be generated) because the
tracesSampleRate
key is present in the options object. In the next major version, this behavior will be changed so that passingundefined
(or rather having atracesSampleRate
key) will result in tracing being disabled, the same as not passing the option at all. If you are currently relying onundefined
being passed, and and thus have tracing enabled, it is recommended to update your config to set e.g.tracesSampleRate: 0
instead, which will also enable tracing in v9.The same applies to
tracesSampler
andenableTracing
.feat(core): Log warnings when returning
null
inbeforeSendSpan
(#14433)Currently, the
beforeSendSpan
option inSentry.init()
allows you to drop individual spans from a trace by returningnull
from the hook. Since this API lends itself to creating "gaps" inside traces, we decided to change how this API will work in the next major version.With the next major version the
beforeSendSpan
API can only be used to mutate spans, but no longer to drop them. With this release the SDK will warn you if you are using this API to drop spans. Instead, it is recommended to configure instrumentation (i.e. integrations) directly to control what spans are created.Additionally, with the next major version, root spans will also be passed to
beforeSendSpan
.feat(utils): Deprecate
@sentry/utils
(#14431)With the next major version the
@sentry/utils
package will be merged into the@sentry/core
package. It is therefore no longer recommended to use the@sentry/utils
package.
... (truncated)
df843cc
release: 8.41.0470d4ec
Merge pull request #14502
from getsentry/prepare-release/8.41.0f7289c4
meta(changelog): Update changelog for 8.41.0a4138e9
perf(opentelemetry): Bucket spans for cleanup (#14154)3e7969f
feat: Deprecate registerEsmLoaderHooks.include
and
`registerEsmLoaderHooks....1e0cb04
ref(core): Do not check baggage validity (#14479)de65590
feat(core): Further optimize debug ID parsing (#14365)09a31d1
feat(node): Add openTelemetryInstrumentations
option (#14484)23e3783
meta(nuxt): Require minimum Nuxt v3.7.0 (#14473)973ef9c
chore: Add GHSA entry for nuxt e2e test (#14490)Sourced from @sentry/nextjs
's
releases.
8.41.0
Important Changes
meta(nuxt): Require minimum Nuxt v3.7.0 (#14473)
We formalized that the Nuxt SDK is at minimum compatible with Nuxt version 3.7.0 and above. Additionally, the SDK requires the implicit
nitropack
dependency to satisfy version^2.10.0
andofetch
to satisfy^1.4.0
. It is recommended to check your lock-files and manually upgrade these dependencies if they don't match the version ranges.Deprecations
We are deprecating a few APIs which will be removed in the next major.
The following deprecations will potentially affect you:
feat(core): Update & deprecate
undefined
option handling (#14450)In the next major version we will change how passing
undefined
totracesSampleRate
/tracesSampler
/enableTracing
will behave.Currently, doing the following:
Sentry.init({ tracesSampleRate: undefined, });
Will result in tracing being enabled (although no spans will be generated) because the
tracesSampleRate
key is present in the options object. In the next major version, this behavior will be changed so that passingundefined
(or rather having atracesSampleRate
key) will result in tracing being disabled, the same as not passing the option at all. If you are currently relying onundefined
being passed, and and thus have tracing enabled, it is recommended to update your config to set e.g.tracesSampleRate: 0
instead, which will also enable tracing in v9.The same applies to
tracesSampler
andenableTracing
.feat(core): Log warnings when returning
null
inbeforeSendSpan
(#14433)Currently, the
beforeSendSpan
option inSentry.init()
allows you to drop individual spans from a trace by returningnull
from the hook. Since this API lends itself to creating "gaps" inside traces, we decided to change how this API will work in the next major version.With the next major version the
beforeSendSpan
API can only be used to mutate spans, but no longer to drop them. With this release the SDK will warn you if you are using this API to drop spans. Instead, it is recommended to configure instrumentation (i.e. integrations) directly to control what spans are created.Additionally, with the next major version, root spans will also be passed to
beforeSendSpan
.feat(utils): Deprecate
@sentry/utils
(#14431)With the next major version the
@sentry/utils
package will be merged into the@sentry/core
package. It is therefore no longer recommended to use the@sentry/utils
package.feat(vue): Deprecate configuring Vue tracing options anywhere else other than through the
vueIntegration
'stracingOptions
option (#14385)
... (truncated)
Sourced from @sentry/nextjs
's
changelog.
8.41.0
Important Changes
meta(nuxt): Require minimum Nuxt v3.7.0 (#14473)
We formalized that the Nuxt SDK is at minimum compatible with Nuxt version 3.7.0 and above. Additionally, the SDK requires the implicit
nitropack
dependency to satisfy version^2.10.0
andofetch
to satisfy^1.4.0
. It is recommended to check your lock-files and manually upgrade these dependencies if they don't match the version ranges.Deprecations
We are deprecating a few APIs which will be removed in the next major.
The following deprecations will potentially affect you:
feat(core): Update & deprecate
undefined
option handling (#14450)In the next major version we will change how passing
undefined
totracesSampleRate
/tracesSampler
/enableTracing
will behave.Currently, doing the following:
Sentry.init({ tracesSampleRate: undefined, });
Will result in tracing being enabled (although no spans will be generated) because the
tracesSampleRate
key is present in the options object. In the next major version, this behavior will be changed so that passingundefined
(or rather having atracesSampleRate
key) will result in tracing being disabled, the same as not passing the option at all. If you are currently relying onundefined
being passed, and and thus have tracing enabled, it is recommended to update your config to set e.g.tracesSampleRate: 0
instead, which will also enable tracing in v9.The same applies to
tracesSampler
andenableTracing
.feat(core): Log warnings when returning
null
inbeforeSendSpan
(#14433)Currently, the
beforeSendSpan
option inSentry.init()
allows you to drop individual spans from a trace by returningnull
from the hook. Since this API lends itself to creating "gaps" inside traces, we decided to change how this API will work in the next major version.With the next major version the
beforeSendSpan
API can only be used to mutate spans, but no longer to drop them. With this release the SDK will warn you if you are using this API to drop spans. Instead, it is recommended to configure instrumentation (i.e. integrations) directly to control what spans are created.Additionally, with the next major version, root spans will also be passed to
beforeSendSpan
.feat(utils): Deprecate
@sentry/utils
(#14431)With the next major version the
@sentry/utils
package will be merged into the@sentry/core
package. It is therefore no longer recommended to use the@sentry/utils
package.
... (truncated)
df843cc
release: 8.41.0470d4ec
Merge pull request #14502
from getsentry/prepare-release/8.41.0f7289c4
meta(changelog): Update changelog for 8.41.0a4138e9
perf(opentelemetry): Bucket spans for cleanup (#14154)3e7969f
feat: Deprecate registerEsmLoaderHooks.include
and
`registerEsmLoaderHooks....1e0cb04
ref(core): Do not check baggage validity (#14479)de65590
feat(core): Further optimize debug ID parsing (#14365)09a31d1
feat(node): Add openTelemetryInstrumentations
option (#14484)23e3783
meta(nuxt): Require minimum Nuxt v3.7.0 (#14473)973ef9c
chore: Add GHSA entry for nuxt e2e test (#14490)Sourced from @sentry/browser
's
releases.
8.41.0
Important Changes
meta(nuxt): Require minimum Nuxt v3.7.0 (#14473)
We formalized that the Nuxt SDK is at minimum compatible with Nuxt version 3.7.0 and above. Additionally, the SDK requires the implicit
nitropack
dependency to satisfy version^2.10.0
andofetch
to satisfy^1.4.0
. It is recommended to check your lock-files and manually upgrade these dependencies if they don't match the version ranges.Deprecations
We are deprecating a few APIs which will be removed in the next major.
The following deprecations will potentially affect you:
feat(core): Update & deprecate
undefined
option handling (#14450)In the next major version we will change how passing
undefined
totracesSampleRate
/tracesSampler
/enableTracing
will behave.Currently, doing the following:
Sentry.init({ tracesSampleRate: undefined, });
Will result in tracing being enabled (although no spans will be generated) because the
tracesSampleRate
key is present in the options object. In the next major version, this behavior will be changed so that passingundefined
(or rather having atracesSampleRate
key) will result in tracing being disabled, the same as not passing the option at all. If you are currently relying onundefined
being passed, and and thus have tracing enabled, it is recommended to update your config to set e.g.tracesSampleRate: 0
instead, which will also enable tracing in v9.The same applies to
tracesSampler
andenableTracing
.feat(core): Log warnings when returning
null
inbeforeSendSpan
(#14433)Currently, the
beforeSendSpan
option inSentry.init()
allows you to drop individual spans from a trace by returningnull
from the hook. Since this API lends itself to creating "gaps" inside traces, we decided to change how this API will work in the next major version.With the next major version the
beforeSendSpan
API can only be used to mutate spans, but no longer to drop them. With this release the SDK will warn you if you are using this API to drop spans. Instead, it is recommended to configure instrumentation (i.e. integrations) directly to control what spans are created.Additionally, with the next major version, root spans will also be passed to
beforeSendSpan
.feat(utils): Deprecate
@sentry/utils
(#14431)With the next major version the
@sentry/utils
package will be merged into the@sentry/core
package. It is therefore no longer recommended to use the@sentry/utils
package.feat(vue): Deprecate configuring Vue tracing options anywhere else other than through the
vueIntegration
'stracingOptions
option (#14385)
... (truncated)
Sourced from @sentry/browser
's
changelog.
8.41.0
Important Changes
meta(nuxt): Require minimum Nuxt v3.7.0 (#14473)
We formalized that the Nuxt SDK is at minimum compatible with Nuxt version 3.7.0 and above. Additionally, the SDK requires the implicit
nitropack
dependency to satisfy version^2.10.0
andofetch
to satisfy^1.4.0
. It is recommended to check your lock-files and manually upgrade these dependencies if they don't match the version ranges.Deprecations
We are deprecating a few APIs which will be removed in the next major.
The following deprecations will potentially affect you:
feat(core): Update & deprecate
undefined
option handling (#14450)In the next major version we will change how passing
undefined
totracesSampleRate
/tracesSampler
/enableTracing
will behave.Currently, doing the following:
Sentry.init({ tracesSampleRate: undefined, });
Will result in tracing being enabled (although no spans will be generated) because the
tracesSampleRate
key is present in the options object. In the next major version, this behavior will be changed so that passingundefined
(or rather having atracesSampleRate
key) will result in tracing being disabled, the same as not passing the option at all. If you are currently relying onundefined
being passed, and and thus have tracing enabled, it is recommended to update your config to set e.g.tracesSampleRate: 0
instead, which will also enable tracing in v9.The same applies to
tracesSampler
andenableTracing
.feat(core): Log warnings when returning
null
inbeforeSendSpan
(#14433)Currently, the
beforeSendSpan
option inSentry.init()
allows you to drop individual spans from a trace by returningnull
from the hook. Since this API lends itself to creating "gaps" inside traces, we decided to change how this API will work in the next major version.With the next major version the
beforeSendSpan
API can only be used to mutate spans, but no longer to drop them. With this release the SDK will warn you if you are using this API to drop spans. Instead, it is recommended to configure instrumentation (i.e. integrations) directly to control what spans are created.Additionally, with the next major version, root spans will also be passed to
beforeSendSpan
.feat(utils): Deprecate
@sentry/utils
(#14431)With the next major version the
@sentry/utils
package will be merged into the@sentry/core
package. It is therefore no longer recommended to use the@sentry/utils
package.
... (truncated)
df843cc
release: 8.41.0470d4ec
Merge pull request #14502
from getsentry/prepare-release/8.41.0f7289c4
meta(changelog): Update changelog for 8.41.0a4138e9
perf(opentelemetry): Bucket spans for cleanup (#14154)3e7969f
feat: Deprecate registerEsmLoaderHooks.include
and
`registerEsmLoaderHooks....1e0cb04
ref(core): Do not check baggage validity (#14479)de65590
feat(core): Further optimize debug ID parsing (#14365)09a31d1
feat(node): Add openTelemetryInstrumentations
option (#14484)23e3783
meta(nuxt): Require minimum Nuxt v3.7.0 (#14473)973ef9c
chore: Add GHSA entry for nuxt e2e test (#14490)Sourced from cookie's releases.
0.7.1
Fixed
- Allow leading dot for domain (#174)
- Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec
- Add fast path for
serialize
without options, useobj.hasOwnProperty
when parsing (#172)https://github.com/jshttp/cookie/compare/v0.7.0...v0.7.1
0.7.0
- perf: parse cookies ~10% faster (#144 by
@kurtextrem
and #170)- fix: narrow the validation of cookies to match RFC6265 (#167 by
@bewinsnw
)- fix: add
main
topackage.json
for rspack (#166 by@proudparrot2
)
cf4658f
0.7.16a8b8f5
Allow leading dot for domain (#174)58015c0
Remove more code and perf wins (#172)ab057d6
0.7.05f02ca8
Migrate history to GitHub releasesa5d591c
Migrate history to GitHub releases51968f9
Skip isNaN9e7ca51
perf(parse): cache length, return early (#144)d6f39b0
Fix tests for old node6bb701f
Remove failing scorecardThis version was pushed to npm by blakeembrey, a new releaser for cookie since your current version.
Sourced from express's releases.
4.21.1
What's Changed
- Backport a fix for CVE-2024-47764 to the 4.x branch by
@joshbuker
in expressjs/express#6029- Release: 4.21.1 by
@UlisesGascon
in expressjs/express#6031Full Changelog: https://github.com/expressjs/express/compare/4.21.0...4.21.1
8e229f9
4.21.1a024c8a
fix(deps): cookie@0.7.1Sourced from express's releases.
4.21.1
What's Changed
- Backport a fix for CVE-2024-47764 to the 4.x branch by
@joshbuker
in expressjs/express#6029- Release: 4.21.1 by
@UlisesGascon
in expressjs/express#6031Full Changelog: https://github.com/expressjs/express/compare/4.21.0...4.21.1
8e229f9
4.21.1a024c8a
fix(deps): cookie@0.7.1Sourced from rollup's releases.
v3.29.5
3.29.5
2024-09-21
Bug Fixes
- Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)
Pull Requests
- #5671: Fix DOM Clobbering CVE (
@lukastaegert
)
Sourced from rollup's changelog.
3.29.5
2024-09-21
Bug Fixes
- Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)
Pull Requests
- #5671: Fix DOM Clobbering CVE (
@lukastaegert
)4.22.4
2024-09-21
Bug Fixes
- Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)
Pull Requests
- #5670: refactor: Use object.prototype to check for reserved properties (
@YuHyeonWook
)- #5671: Fix DOM Clobbering CVE (
@lukastaegert
)4.22.3
2024-09-21
Bug Fixes
- Ensure that mutations in modules without side effects are observed while properly handling transitive dependencies (#5669)
Pull Requests
- #5669: Ensure impure dependencies of pure modules are added (
@lukastaegert
)4.22.2
2024-09-20
Bug Fixes
- Revert fix for side effect free modules until other issues are investigated (#5667)
Pull Requests
- #5667: Partially revert #5658 and re-apply #5644 (
@lukastaegert
)4.22.1
... (truncated)
dfd233d
3.29.52ef77c0
Fix DOM Clobbering CVE