-
Notifications
You must be signed in to change notification settings - Fork 46
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update all minor versions (master) (minor) #11559
Conversation
3455f93
to
0dc34bd
Compare
4bda994
to
346178b
Compare
@@ -324,7 +324,7 @@ | |||
@staticmethod | |||
def __encrypt_password_legacy(password: str) -> str: | |||
"""Hash the given password with SHA1.""" | |||
return sha1(password.encode("utf8")).hexdigest() # nosec | |||
return sha1(password.encode("utf8")).hexdigest() # noqa: S324 |
Check failure
Code scanning / CodeQL
Use of a broken or weak cryptographic hashing algorithm on sensitive data High
Sensitive data (password)
Sensitive data (password)
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 12 days ago
To fix the problem, we need to replace the use of the SHA-1 hashing algorithm in the __encrypt_password_legacy
method with a more secure algorithm. Since the __encrypt_password
method already uses SHA-512, we can update the legacy method to use the same algorithm. This ensures that all password hashing in the system is done using a secure algorithm.
- Replace the SHA-1 hashing algorithm in the
__encrypt_password_legacy
method with SHA-512. - Update the import statements to include the necessary modules for SHA-512 if not already present.
-
Copy modified lines R326-R327
@@ -325,4 +325,4 @@ | ||
def __encrypt_password_legacy(password: str) -> str: | ||
"""Hash the given password with SHA1.""" | ||
return sha1(password.encode("utf8")).hexdigest() # noqa: S324 | ||
"""Hash the given password with SHA-512.""" | ||
return crypt.crypt(password, crypt.METHOD_SHA512) | ||
|
346178b
to
bfa0279
Compare
7a74e6f
to
c5e0d9f
Compare
c5e0d9f
to
5c446f2
Compare
Edited/Blocked NotificationRenovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR. You can manually request rebase by checking the rebase/retry box above. |
@@ -254,7 +214,7 @@ | |||
resp = requests.get( | |||
self.project["checker_url"], | |||
headers=self.project.get("checker_headers"), | |||
verify=False, # nosec | |||
verify=False, # noqa: S501 |
Check failure
Code scanning / SonarCloud
Server certificates should be verified during SSL/TLS connections High
c485c04
to
4469d33
Compare
6a6642c
to
3aa1763
Compare
f1c19a7
to
65047cc
Compare
65047cc
to
ddfdc1e
Compare
This PR contains the following updates:
3.1.0
->3.2.0
9.14.0
->9.16.0
8.37.1
->8.42.0
0.15.2
->0.16.0
12.23.1
->12.24.0
1.21
->1.22
50.4.3
->50.6.0
1.6.0
->1.9.0
1.6.0
->1.9.0
1.9.1
->1.14.1
1.9.1
->1.14.1
23.7.1
->23.9.0
2.5
->2.6
1.80.7
->1.81.1
1.21.0
->1.22.0
75.3.0.20241112
->75.6.0.20241126
5.96.1
->5.97.0
Release Notes
eslint/eslintrc (@eslint/eslintrc)
v3.2.0
Compare Source
Features
eslint/eslint (@eslint/js)
v9.16.0
Compare Source
v9.15.0
Compare Source
getsentry/sentry-javascript (@sentry/browser)
v8.42.0
Compare Source
Important Changes
feat(react): React Router v7 support (library) (#14513)
This release adds support for React Router v7 (library mode).
Check out the docs on how to set up the integration: Sentry React Router v7 Integration Docs
Deprecations
feat: Warn about source-map generation (#14533)
In the next major version of the SDK we will change how source maps are generated when the SDK is added to an application.
Currently, the implementation varies a lot between different SDKs and can be difficult to understand.
Moving forward, our goal is to turn on source maps for every framework, unless we detect that they are explicitly turned off.
Additionally, if we end up enabling source maps, we will emit a log message that we did so.
With this particular release, we are emitting warnings that source map generation will change in the future and we print instructions on how to prepare for the next major.
feat(nuxt): Deprecate
tracingOptions
in favor ofvueIntegration
(#14530)Currently it is possible to configure tracing options in two places in the Sentry Nuxt SDK:
Sentry.init()
tracingOptions
inSentry.init()
For tree-shaking purposes and alignment with the Vue SDK, it is now recommended to instead use the newly exported
vueIntegration()
and itstracingOptions
option to configure tracing options in the Nuxt SDK:Other Changes
web-vitals
to v4.2.4 (#14439)vueIntegration
(#14526)Bundle size 📦
v8.41.0
Compare Source
Important Changes
meta(nuxt): Require minimum Nuxt v3.7.0 (#14473)
We formalized that the Nuxt SDK is at minimum compatible with Nuxt version 3.7.0 and above.
Additionally, the SDK requires the implicit
nitropack
dependency to satisfy version^2.10.0
andofetch
to satisfy^1.4.0
.It is recommended to check your lock-files and manually upgrade these dependencies if they don't match the version ranges.
Deprecations
We are deprecating a few APIs which will be removed in the next major.
The following deprecations will potentially affect you:
feat(core): Update & deprecate
undefined
option handling (#14450)In the next major version we will change how passing
undefined
totracesSampleRate
/tracesSampler
/enableTracing
will behave.Currently, doing the following:
Will result in tracing being enabled (although no spans will be generated) because the
tracesSampleRate
key is present in the options object.In the next major version, this behavior will be changed so that passing
undefined
(or rather having atracesSampleRate
key) will result in tracing being disabled, the same as not passing the option at all.If you are currently relying on
undefined
being passed, and and thus have tracing enabled, it is recommended to update your config to set e.g.tracesSampleRate: 0
instead, which will also enable tracing in v9.The same applies to
tracesSampler
andenableTracing
.feat(core): Log warnings when returning
null
inbeforeSendSpan
(#14433)Currently, the
beforeSendSpan
option inSentry.init()
allows you to drop individual spans from a trace by returningnull
from the hook.Since this API lends itself to creating "gaps" inside traces, we decided to change how this API will work in the next major version.
With the next major version the
beforeSendSpan
API can only be used to mutate spans, but no longer to drop them.With this release the SDK will warn you if you are using this API to drop spans.
Instead, it is recommended to configure instrumentation (i.e. integrations) directly to control what spans are created.
Additionally, with the next major version, root spans will also be passed to
beforeSendSpan
.feat(utils): Deprecate
@sentry/utils
(#14431)With the next major version the
@sentry/utils
package will be merged into the@sentry/core
package.It is therefore no longer recommended to use the
@sentry/utils
package.feat(vue): Deprecate configuring Vue tracing options anywhere else other than through the
vueIntegration
'stracingOptions
option (#14385)Currently it is possible to configure tracing options in various places in the Sentry Vue SDK:
Sentry.init()
tracingOptions
inSentry.init()
vueIntegration()
optionstracingOptions
in thevueIntegration()
optionsBecause this is a bit messy and confusing to document, the only recommended way to configure tracing options going forward is through the
tracingOptions
in thevueIntegration()
.The other means of configuration will be removed in the next major version of the SDK.
feat: Deprecate
registerEsmLoaderHooks.include
andregisterEsmLoaderHooks.exclude
(#14486)Currently it is possible to define
registerEsmLoaderHooks.include
andregisterEsmLoaderHooks.exclude
options inSentry.init()
to only apply ESM loader hooks to a subset of modules.This API served as an escape hatch in case certain modules are incompatible with ESM loader hooks.
Since this API was introduced, a way was found to only wrap modules that there exists instrumentation for (meaning a vetted list).
To only wrap modules that have instrumentation, it is recommended to instead set
registerEsmLoaderHooks.onlyIncludeInstrumentedModules
totrue
.Note that
onlyIncludeInstrumentedModules: true
will become the default behavior in the next major version and theregisterEsmLoaderHooks
will no longer accept fine-grained options.The following deprecations will most likely not affect you unless you are building an SDK yourself:
arrayify
(#14405)flatten
(#14454)urlEncode
(#14406)validSeverityLevels
(#14407)getNumberOfUrlSegments
(#14458)memoBuilder
,BAGGAGE_HEADER_NAME
, andmakeFifoCache
(#14434)addRequestDataToEvent
andextractRequestData
(#14430)Other Changes
sentry-trace
,baggage
and DSC handling (#14364)openTelemetryInstrumentations
option (#14484)NEXT_REDIRECT
from browser (#14440)Work in this release was contributed by @NEKOYASAN and @fmorett. Thank you for your contributions!
Bundle size 📦
v8.40.0
Compare Source
Important Changes
feat(angular): Support Angular 19 (#14398)
The
@sentry/angular
SDK can now be used with Angular 19. If you're upgrading to the new Angular version, you might want to migrate from the now deprecatedAPP_INITIALIZER
token toprovideAppInitializer
.In this case, change the Sentry
TraceService
initialization inapp.config.ts
:feat(core): Deprecate
debugIntegration
andsessionTimingIntegration
(#14363)The
debugIntegration
was deprecated and will be removed in the next major version of the SDK.To log outgoing events, use Hook Options (
beforeSend
,beforeSendTransaction
, ...).The
sessionTimingIntegration
was deprecated and will be removed in the next major version of the SDK.To capture session durations alongside events, use Context (
Sentry.setContext()
).feat(nestjs): Deprecate
@WithSentry
in favor of@SentryExceptionCaptured
(#14323)The
@WithSentry
decorator was deprecated. Use@SentryExceptionCaptured
instead. This is a simple renaming and functionality stays identical.feat(nestjs): Deprecate
SentryTracingInterceptor
,SentryService
,SentryGlobalGenericFilter
,SentryGlobalGraphQLFilter
(#14371)The
SentryTracingInterceptor
was deprecated. If you are using@sentry/nestjs
you can safely remove any references to theSentryTracingInterceptor
. If you are using another package migrate to@sentry/nestjs
and remove theSentryTracingInterceptor
afterwards.The
SentryService
was deprecated and its functionality was added toSentry.init
. If you are using@sentry/nestjs
you can safely remove any references to theSentryService
. If you are using another package migrate to@sentry/nestjs
and remove theSentryService
afterwards.The
SentryGlobalGenericFilter
was deprecated. Use theSentryGlobalFilter
instead which is a drop-in replacement.The
SentryGlobalGraphQLFilter
was deprecated. Use theSentryGlobalFilter
instead which is a drop-in replacement.feat(node): Deprecate
nestIntegration
andsetupNestErrorHandler
in favor of using@sentry/nestjs
(#14374)The
nestIntegration
andsetupNestErrorHandler
functions from@sentry/node
were deprecated and will be removed in the next major version of the SDK. If you're using@sentry/node
in a NestJS application, we recommend switching to our new dedicated@sentry/nestjs
package.Other Changes
normalizedRequest
onsdkProcessingMetadata
is merged (#14315)@sentry/utils
into@sentry/core
(#14382)__self
and__source
attributes on feedback nodes (#14356)Bundle size 📦
v8.39.0
Compare Source
Important Changes
The
@sentry/nestjs
SDK will now capture performance data for NestJS Events (@nestjs/event-emitter
)Other Changes
@SentryExceptionCaptured
for@WithSentry
(#14322)SentryService
behaviour into@sentry/nestjs
SDKinit()
(#14321)SentryGlobalFilter
(#14320)childProcessIntegration
forprocessThreadBreadcrumbIntegration
and deprecate it (#14334)_sentryModuleMetadata
is not mangled (#14344)sentry.source
attribute tocustom
when callingspan.updateName
onSentrySpan
(#14251)Request
type in favor ofRequestEventData
(#14317)transaction
inrequestDataIntegration
(#14306)Bundle size 📦
v8.38.0
Compare Source
knex
integration (#13526)tedious
integration (#13486)debug_meta
with ANR events (#14203)Work in this release was contributed by @grahamhency, @Zen-cronic, @gilisho and @phuctm97. Thank you for your contributions!
geoalchemy/geoalchemy2 (GeoAlchemy2)
v0.16.0
Compare Source
Azure/azure-sdk-for-python (azure-storage-blob)
v12.24.0
Compare Source
12.24.0 (2024-11-13)
Features Added
gajus/eslint-plugin-jsdoc (eslint-plugin-jsdoc)
v50.6.0
Compare Source
Features
checkBlockStarts
option (#1341) (f9b102d)v50.5.0
Compare Source
Features
sbrunner/prospector-profile-duplicated (prospector-profile-duplicated)
v1.9.0
Compare Source
1.9.0 (2024-12-03)
New feature
61fec84
Use Ruff instead of multiple tools (@sbrunner)v1.8.1
Compare Source
1.8.1 (2024-12-03)
New feature
Dependency update
v1.8.0
Compare Source
1.8.0 (2024-11-15)
New feature
6c28c94
Add more rules dupplicated with PyLint (@sbrunner)v1.7.0
Compare Source
1.7.0 (2024-11-14)
New feature
Dependency update
sbrunner/prospector-profile-utils (prospector-profile-utils)
v1.14.1
Compare Source
1.14.1 (2024-12-03)
New feature
v1.14.0
Compare Source
1.14.0 (2024-12-03)
New feature
v1.13.0
Compare Source
1.13.0 (2024-12-02)
Fixed bugs
Dependency update
v1.12.2
Compare Source
1.12.2 (2024-11-18)
New feature
v1.11.1
Compare Source
1.11.1 (2024-11-14)
Fixed bugs
v1.11.0
Compare Source
1.11.0 (2024-11-14)
Fixed bugs
Configuration
📅 Schedule: Branch creation - "after 5pm on the first day of the month" in timezone Europe/Zurich, Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.