Critical Security - Upgrade @sentry/react-native to 1.3.9

[celandro]

I received an email just now:

Last week we were notified of a security issue related to our React Native iOS SDK that could potentially lead to access to your source map in applications that use this iOS SDK. This vulnerability does not impact Android users.

As a matter of best practice, Sentry strongly encourages you update your app to protect your source maps, updating your React Native SDK to 1.3.9.

Update @sentry/react-native to 1.3.9, which you can find here: https://github.com/getsentry/sentry-react-native/releases/tag/1.3.9

[chrismin]

Our team would really appreciate this being handled asap!

[mkveksas]

Thanks for filling out this issue, @celandro.

It would be highly appreciated if the Expo team could follow up on this as soon as possible. Thanks!

[fractalgelfo]

update on npm?

[rvieceli]

After update (from 2.0.0 to 2.0.4) expo install sentry-expo I got this message:
Sentry Logger [Log]: Failed to get device context from native: SentryError: Native Client is not available, can't start on native.

[tevonsb]

I'm getting the same error as @rvieceli after upgrading from 2.0.1 to 2.0.4.

[jvivaspatternag]

Same error on a fresh installation. It breaks the app as it is instantiated.

[cruzach]

if you clear your yarn.lock file, this will be updated. sentry-expov2.0.4 uses "@sentry/react-native": "^1.0.0", which will resolve up to version 1.9.9. That said, we've merged a PR that upgrades this to ^1.3.9, and will publish a new version soon.

@rvieceli what does your sentry config look like? It's really helpful if you can provide a method to reproduce your error, rather than just the message. That probably belongs in a new issue

[rvieceli]

@cruzach Sorry for that, the config is the simple. but we're using npm (I will test deleting package-lock.json)

  const config = {
    dsn: environment.sentryDsn,
    debug: true,
    environment: `${environment.environment}`
  }

and then

Sentry.init(config)

[cruzach]

@rvieceli it looks like that's caused by Sentry's Device context integration, which is added by default (although it's not listed in their default integrations). This is not particular to [email protected], i tested 2.0.0 and the same occurs, so it's related to the version of sentry-react-native. Just committed a fix that will fix that issue

[andrewkryshtal]

"@sentry/react-native": {
       "version": "1.4.3",
},

with

"sentry-expo": {
        "version": "2.1.0",
},

still not working for me. Should i wait for further fix?

[cruzach]

what, exactly, isn't working?

[outaTiME]

@cruzach same here using the following version with Expo SDK36:

sentry-expo: ^2.1.1
@sentry/react-native: 1.4.4

i cant make it work, i try to rollback and im stuck here: #120

[davidwadge]

Also having this issue.

[obviouscreations]

Same issue here

[cruzach]

if you use @sentry/[email protected], this error won't occur. It looks like this may have been introduced in getsentry/sentry-react-native#902

[cruzach]

just published sentry-expo v2.1.2 which comes with that version pinned ^

note that you'll need to remove node_modules and yarn.lock and then reinstall

[andrewkryshtal]

still have an on-start error after updating sentry-expo package, version of @sentry/react-native still 1.4.2. The fix is in a 1.4.5 version, isn't it?

[cruzach]

The issue was introduced in v1.4.3, now that it's fixed we can upgrade in the next release, but @sentry/react-nativev1.4.2 is okay

@andrewkryshtal you'll need to remove node_modules and your lock file to update appropriately. If you still hit the issue, please create a new ticket including a minimal reproducible demo, thanks!

[special-character]

Just ran into this and I am using expo. I fixed it by updating sentry-expo to: "sentry-expo": "^2.1.2",.

[luizjr]

I have the last version and this appear for me:
Failed to get device context from native: SentryError: Native Client is not available, can't start on native.

[davidwadge]

Hi @luizjr. I had the same issue and had to do the clear cache dance to get it working:

watchman watch-del-all && rm -rf node_modules/ && yarn cache clean && yarn install && yarn start -- --reset-cache

[luizjr]

Hi @luizjr. I had the same issue and had to do the clear cache dance to get it working:

watchman watch-del-all && rm -rf node_modules/ && yarn cache clean && yarn install && yarn start -- --reset-cache

I ran the commands you recommended to me, and it doesn't seem to have worked.

Thanks for listening, if anyone else could help.

[davidwadge]

@luizjr I definitely had this error and resolved it somehow. The only other thing I did was reset the iPhone simulator (erase all data). Perhaps that will help?

[ovidiuch]

FYI I just followed the guide at https://docs.expo.io/guides/using-sentry, installed latest sentry-expo (2.1.2) and am getting the same error:

Sentry Logger [Log]: Failed to get device context from native: SentryError: Native Client is not available, can't start on native.

Reset caches, even though I had just installed sentry related packages, but to no avail.

Is there some linking required?

Would definitely appreciate if this was looked into.

[ovidiuch]

Note that errors do get reported to Sentry, even though the Sentry Logger error is printed on every Sentry.captureException call.

[luizjr]

@luizjr I definitely had this error and resolved it somehow. The only other thing I did was reset the iPhone simulator (erase all data). Perhaps that will help?

I reinstalled the package, cleared caches, checked the version ... but so far, nothing has really solved that.

[xmflsct]

Same here. Reinstalled dependencies doesn't help. It happens after first app start.

[allandiego]

Got this same error after ejecting expo, using "sentry-expo": "^3.0.4". With managed workflow it was working fine, and fixed after add "@sentry/react-native": "^2.2.0", clear app data / uninstall app and reinstall apk