fix(deps): update dependency @sentry/nextjs to v7.77.0 [security]

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	OpenSSF
@sentry/nextjs (source)	dependencies	minor	7.70.0 → 7.77.0

GitHub Vulnerability Alerts

CVE-2023-46729

Impact

An unsanitized input of Next.js SDK tunnel endpoint allows sending HTTP requests to arbitrary URLs and reflecting the response back to the user. This could open door for other attack vectors:

• client-side vulnerabilities: XSS/CSRF in the context of the trusted domain;
• interaction with internal network;
• read cloud metadata endpoints (AWS, Azure, Google Cloud, etc.);
• local/remote port scan.

This issue only affects users who have Next.js SDK tunneling feature enabled.

Patches

The problem has been fixed in sentry/nextjs@7.77.0

Workarounds

Disable tunneling by removing the tunnelRoute option from Sentry Next.js SDK config — next.config.js or next.config.mjs.

References

• Sentry Next.js tunneling feature
• The fix
• More Information

Credits

• Praveen Kumar

---

Sentry Next.js vulnerable to SSRF via Next.js SDK tunnel endpoint

CVE-2023-46729 / GHSA-2rmr-xw8m-22q9

More information

Details

Impact

An unsanitized input of Next.js SDK tunnel endpoint allows sending HTTP requests to arbitrary URLs and reflecting the response back to the user. This could open door for other attack vectors:

• client-side vulnerabilities: XSS/CSRF in the context of the trusted domain;
• interaction with internal network;
• read cloud metadata endpoints (AWS, Azure, Google Cloud, etc.);
• local/remote port scan.

This issue only affects users who have Next.js SDK tunneling feature enabled.

Patches

The problem has been fixed in sentry/nextjs@7.77.0

Workarounds

Disable tunneling by removing the tunnelRoute option from Sentry Next.js SDK config — next.config.js or next.config.mjs.

References

• Sentry Next.js tunneling feature
• The fix
• More Information

Credits

• Praveen Kumar

Severity

• CVSS Score: Unknown
• Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References

• https://github.com/getsentry/sentry-javascript/security/advisories/GHSA-2rmr-xw8m-22q9
• https://nvd.nist.gov/vuln/detail/CVE-2023-46729
• https://github.com/getsentry/sentry-javascript/pull/9415
• https://github.com/getsentry/sentry-javascript/commit/ddbda3c02c35aba8c5235e0cf07fc5bf656f81be
• https://blog.sentry.io/next-js-sdk-security-advisory-cve-2023-46729
• https://docs.sentry.io/platforms/javascript/guides/nextjs/manual-setup/#configure-tunneling-to-avoid-ad-blockers
• https://github.com/getsentry/sentry-javascript
• https://www.npmjs.com/package/@​sentry/nextjs/v/7.77.0

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

---

Release Notes

getsentry/sentry-javascript (@​sentry/nextjs)

v7.77.0

Compare Source

Security Fixes

• fix(nextjs): Match only numbers as orgid in tunnelRoute (#​9416) (CVE-2023-46729)
• fix(nextjs): Strictly validate tunnel target parameters (#​9415) (CVE-2023-46729)

Other Changes

• feat: Move LinkedErrors integration to @​sentry/core (#​9404)
• feat(remix): Update sentry-cli version to ^2.21.2 (#​9401)
• feat(replay): Allow to treeshake & configure compression worker URL (#​9409)
• fix(angular-ivy): Adjust package entry points to support Angular 17 with SSR config (#​9412)
• fix(feedback): Fixing feedback import (#​9403)
• fix(utils): Avoid keeping a reference of last used event (#​9387)

Bundle size 📦

Path	Size
@​sentry/browser (incl. Tracing, Replay) - Webpack (gzipped)	77.46 KB
@​sentry/browser (incl. Tracing, Replay) - Webpack with treeshaking flags (gzipped)	56.69 KB
@​sentry/browser (incl. Tracing) - Webpack (gzipped)	30.97 KB
@​sentry/browser - Webpack (gzipped)	21.29 KB
@​sentry/browser (incl. Tracing, Replay) - ES6 CDN Bundle (gzipped)	67.83 KB
@​sentry/browser (incl. Tracing) - ES6 CDN Bundle (gzipped)	29.09 KB
@​sentry/browser - ES6 CDN Bundle (gzipped)	21.23 KB
@​sentry/browser (incl. Tracing, Replay) - ES6 CDN Bundle (minified & uncompressed)	216.89 KB
@​sentry/browser (incl. Tracing) - ES6 CDN Bundle (minified & uncompressed)	88.28 KB
@​sentry/browser - ES6 CDN Bundle (minified & uncompressed)	63.28 KB
@​sentry/browser (incl. Tracing) - ES5 CDN Bundle (gzipped)	31.8 KB
@​sentry/react (incl. Tracing, Replay) - Webpack (gzipped)	77.84 KB
@​sentry/react - Webpack (gzipped)	21.34 KB
@​sentry/nextjs Client (incl. Tracing, Replay) - Webpack (gzipped)	94.18 KB
@​sentry/nextjs Client - Webpack (gzipped)	47.86 KB

v7.76.0

Compare Source

Important Changes

• feat(core): Add cron monitor wrapper helper (#​9395)

This release adds Sentry.withMonitor(), a wrapping function that wraps a callback with a cron monitor that will automatically report completions and failures:

import * as Sentry from '@​sentry/node';

// withMonitor() will send checkin when callback is started/finished
// works with async and sync callbacks.
const result = Sentry.withMonitor(
  'dailyEmail',
  () => {
    // withMonitor return value is same return value here
    return sendEmail();
  },
  // Optional upsert options
  {
    schedule: {
      type: 'crontab',
      value: '0 * * * *',
    },
    // 🇨🇦🫡
    timezone: 'Canada/Eastern',
  },
);

Other Changes

• chore(angular-ivy): Allow Angular 17 in peer dependencies (#​9386)
• feat(nextjs): Instrument SSR page components (#​9346)
• feat(nextjs): Trace errors in page component SSR (#​9388)
• fix(nextjs): Instrument route handlers with jsx and tsx file extensions (#​9362)
• fix(nextjs): Trace with performance disabled (#​9389)
• fix(replay): Ensure replay_id is not added to DSC if session expired (#​9359)
• fix(replay): Remove unused parts of pako from build (#​9369)
• fix(serverless): Don't mark all errors as unhandled (#​9368)
• fix(tracing-internal): Fix case when middleware contain array of routes with special chars as @​ (#​9375)
• meta(nextjs): Bump peer deps for Next.js 14 (#​9390)

Work in this release contributed by @​LubomirIgonda1. Thank you for your contribution!

Bundle size 📦

Path	Size
@​sentry/browser (incl. Tracing, Replay) - Webpack (gzipped)	77.44 KB
@​sentry/browser (incl. Tracing, Replay) - Webpack with treeshaking flags (gzipped)	66.48 KB
@​sentry/browser (incl. Tracing) - Webpack (gzipped)	30.94 KB
@​sentry/browser - Webpack (gzipped)	21.26 KB
@​sentry/browser (incl. Tracing, Replay) - ES6 CDN Bundle (gzipped)	67.66 KB
@​sentry/browser (incl. Tracing) - ES6 CDN Bundle (gzipped)	28.93 KB
@​sentry/browser - ES6 CDN Bundle (gzipped)	21.09 KB
@​sentry/browser (incl. Tracing, Replay) - ES6 CDN Bundle (minified & uncompressed)	216.39 KB
@​sentry/browser (incl. Tracing) - ES6 CDN Bundle (minified & uncompressed)	87.77 KB
@​sentry/browser - ES6 CDN Bundle (minified & uncompressed)	62.76 KB
@​sentry/browser (incl. Tracing) - ES5 CDN Bundle (gzipped)	31.71 KB
@​sentry/react (incl. Tracing, Replay) - Webpack (gzipped)	77.83 KB
@​sentry/react - Webpack (gzipped)	21.29 KB
@​sentry/nextjs Client (incl. Tracing, Replay) - Webpack (gzipped)	94.16 KB
@​sentry/nextjs Client - Webpack (gzipped)	47.83 KB

v7.75.1

Compare Source

• feat(browser): Allow collecting of pageload profiles (#​9317)
• fix(browser): Correct timestamp on pageload profiles (#​9350)
• fix(nextjs): Use webpack plugin release value to inject release (#​9348)

Bundle size 📦

Path	Size
@​sentry/browser (incl. Tracing, Replay) - Webpack (gzipped)	82.66 KB
@​sentry/browser (incl. Tracing, Replay) - Webpack with treeshaking flags (gzipped)	71.77 KB
@​sentry/browser (incl. Tracing) - Webpack (gzipped)	30.94 KB
@​sentry/browser - Webpack (gzipped)	21.26 KB
@​sentry/browser (incl. Tracing, Replay) - ES6 CDN Bundle (gzipped)	73.03 KB
@​sentry/browser (incl. Tracing) - ES6 CDN Bundle (gzipped)	28.93 KB
@​sentry/browser - ES6 CDN Bundle (gzipped)	21.09 KB
@​sentry/browser (incl. Tracing, Replay) - ES6 CDN Bundle (minified & uncompressed)	233.81 KB
@​sentry/browser (incl. Tracing) - ES6 CDN Bundle (minified & uncompressed)	87.77 KB
@​sentry/browser - ES6 CDN Bundle (minified & uncompressed)	62.76 KB
@​sentry/browser (incl. Tracing) - ES5 CDN Bundle (gzipped)	31.71 KB
@​sentry/react (incl. Tracing, Replay) - Webpack (gzipped)	83.05 KB
@​sentry/react - Webpack (gzipped)	21.29 KB
@​sentry/nextjs Client (incl. Tracing, Replay) - Webpack (gzipped)	99.43 KB
@​sentry/nextjs Client - Webpack (gzipped)	47.83 KB

v7.75.0

Compare Source

Important Changes

• feat(opentelemetry): Add new @sentry/opentelemetry package (#​9238)

This release publishes a new package, @sentry/opentelemetry. This is a runtime agnostic replacement for @sentry/opentelemetry-node and exports a couple of useful utilities which can be used to use Sentry together with OpenTelemetry.

You can read more about @​sentry/opentelemetry in the Readme.

• feat(replay): Allow to treeshake rrweb features (#​9274)

Starting with this release, you can configure the following build-time flags in order to reduce the SDK bundle size:

• __RRWEB_EXCLUDE_CANVAS__
• __RRWEB_EXCLUDE_IFRAME__
• __RRWEB_EXCLUDE_SHADOW_DOM__

You can read more about tree shaking in our docs.

Other Changes

• build(deno): Prepare Deno SDK for release on npm (#​9281)
• feat: Remove tslib (#​9299)
• feat(node): Add abnormal session support for ANR (#​9268)
• feat(node): Remove lru_map dependency (#​9300)
• feat(node): Vendor cookie module (#​9308)
• feat(replay): Share performance instrumentation with tracing (#​9296)
• feat(types): Add missing Profiling types (macho debug image, profile measurements, stack frame properties) (#​9277)
• feat(types): Add statsd envelope types (#​9304)
• fix(astro): Add integration default export to types entry point (#​9337)
• fix(astro): Convert SDK init file import paths to POSIX paths (#​9336)
• fix(astro): Make Replay and BrowserTracing integrations tree-shakeable (#​9287)
• fix(integrations): Fix transaction integration (#​9334)
• fix(nextjs): Restore autoInstrumentMiddleware functionality (#​9323)
• fix(nextjs): Guard for case where getInitialProps may return undefined (#​9342)
• fix(node-experimental): Make node-fetch support optional (#​9321)
• fix(node): Check buffer length when attempting to parse ANR frame (#​9314)
• fix(replay): Fix xhr start timestamps (#​9341)
• fix(tracing-internal): Remove query params from urls with a trailing slash (#​9328)
• fix(types): Remove typo with CheckInEnvelope (#​9303)

Bundle size 📦

Path	Size
@​sentry/browser (incl. Tracing, Replay) - Webpack (gzipped)	82.66 KB
@​sentry/browser (incl. Tracing, Replay) - Webpack with treeshaking flags (gzipped)	71.77 KB
@​sentry/browser (incl. Tracing) - Webpack (gzipped)	30.94 KB
@​sentry/browser - Webpack (gzipped)	21.26 KB
@​sentry/browser (incl. Tracing, Replay) - ES6 CDN Bundle (gzipped)	73.03 KB
@​sentry/browser (incl. Tracing) - ES6 CDN Bundle (gzipped)	28.93 KB
@​sentry/browser - ES6 CDN Bundle (gzipped)	21.09 KB
@​sentry/browser (incl. Tracing, Replay) - ES6 CDN Bundle (minified & uncompressed)	233.81 KB
@​sentry/browser (incl. Tracing) - ES6 CDN Bundle (minified & uncompressed)	87.77 KB
@​sentry/browser - ES6 CDN Bundle (minified & uncompressed)	62.76 KB
@​sentry/browser (incl. Tracing) - ES5 CDN Bundle (gzipped)	31.71 KB
@​sentry/react (incl. Tracing, Replay) - Webpack (gzipped)	83.05 KB
@​sentry/react - Webpack (gzipped)	21.29 KB
@​sentry/nextjs Client (incl. Tracing, Replay) - Webpack (gzipped)	99.43 KB
@​sentry/nextjs Client - Webpack (gzipped)	47.83 KB

v7.74.1

Compare Source

• chore(astro): Add astro-integration keyword (#​9265)
• fix(core): Narrow filters for health check transactions (#​9257)
• fix(nextjs): Fix HMR by inserting new entrypoints at the end (#​9267)
• fix(nextjs): Fix resolution of request async storage module (#​9259)
• fix(node-experimental): Guard against missing fetch (#​9275)
• fix(remix): Update defer injection logic. (#​9242)
• fix(tracing-internal): Parameterize express middleware parameters (#​8668)
• fix(utils): Move Node specific ANR impl. out of utils (#​9258)

Work in this release contributed by @​LubomirIgonda1. Thank you for your contribution!

Bundle size 📦

Path	Size
@​sentry/browser (incl. Tracing, Replay) - Webpack (gzipped)	83.98 KB
@​sentry/browser (incl. Tracing) - Webpack (gzipped)	31.57 KB
@​sentry/browser - Webpack (gzipped)	21.75 KB
@​sentry/browser (incl. Tracing, Replay) - ES6 CDN Bundle (gzipped)	80.47 KB
@​sentry/browser (incl. Tracing) - ES6 CDN Bundle (gzipped)	29.51 KB
@​sentry/browser - ES6 CDN Bundle (gzipped)	21.69 KB
@​sentry/browser (incl. Tracing, Replay) - ES6 CDN Bundle (minified & uncompressed)	245.55 KB
@​sentry/browser (incl. Tracing) - ES6 CDN Bundle (minified & uncompressed)	85.53 KB
@​sentry/browser - ES6 CDN Bundle (minified & uncompressed)	61.45 KB
@​sentry/browser (incl. Tracing) - ES5 CDN Bundle (gzipped)	32.64 KB
@​sentry/react (incl. Tracing, Replay) - Webpack (gzipped)	84.05 KB
@​sentry/react - Webpack (gzipped)	21.79 KB
@​sentry/nextjs Client (incl. Tracing, Replay) - Webpack (gzipped)	102.18 KB
@​sentry/nextjs Client - Webpack (gzipped)	49.65 KB

v7.74.0

Compare Source

Important Changes

• feat(astro): Add sentryAstro integration (#​9218)

This Release introduces the first alpha version of our new SDK for Astro.
At this time, the SDK is considered experimental and things might break and change in future versions.

The core of the SDK is an Astro integration which you easily add to your Astro config:

// astro.config.js
import { defineConfig } from "astro/config";
import sentry from "@​sentry/astro";

export default defineConfig({
  integrations: [
    sentry({
      dsn: "__DSN__",
      sourceMapsUploadOptions: {
        project: "astro",
        authToken: process.env.SENTRY_AUTH_TOKEN,
      },
    }),
  ],
});

Check out the README for usage instructions and what to expect from this alpha release.

Other Changes

• feat(core): Add addIntegration utility (#​9186)
• feat(core): Add continueTrace method (#​9164)
• feat(node-experimental): Add NodeFetch integration (#​9226)
• feat(node-experimental): Use native OTEL Spans (#​9161, #​9214)
• feat(node-experimental): Sample in OTEL Sampler (#​9203)
• feat(serverlesss): Allow disabling transaction traces (#​9154)
• feat(tracing): Allow direct pg module to enable esbuild support (#​9227)
• feat(utils): Move common node ANR code to utils (#​9191)
• feat(vue): Expose VueIntegration to initialize vue app later (#​9180)
• fix: Don't set referrerPolicy on serverside fetch transports (#​9200)
• fix: Ensure we never mutate options passed to init (#​9162)
• fix(ember): Avoid pulling in utils at build time (#​9221)
• fix(ember): Drop undefined config values (#​9175)
• fix(node): Ensure mysql integration works without callback (#​9222)
• fix(node): Only require inspector when needed (#​9149)
• fix(node): Remove ANR debug option and instead add logger.isEnabled() (#​9230)
• fix(node): Strip .mjs and .cjs extensions from module name (#​9231)
• fix(replay): bump rrweb to 2.0.1 (#​9240)
• fix(replay): Fix potential broken CSS in styled-components (#​9234)
• fix(sveltekit): Flush in server wrappers before exiting (#​9153)
• fix(types): Update signature of processEvent integration hook (#​9151)
• fix(utils): Dereference DOM events after they have servered their purpose (#​9224)
• ref(integrations): Refactor pluggable integrations to use processEvent (#​9021)
• ref(serverless): Properly deprecate rethrowAfterCapture option (#​9159)
• ref(utils): Deprecate walk method (#​9157)

Work in this release contributed by @​aldenquimby. Thank you for your contributions!

Bundle size 📦

Path	Size
@​sentry/browser (incl. Tracing, Replay) - Webpack (gzipped)	84.27 KB
@​sentry/browser (incl. Tracing) - Webpack (gzipped)	31.43 KB
@​sentry/browser - Webpack (gzipped)	22.02 KB
@​sentry/browser (incl. Tracing, Replay) - ES6 CDN Bundle (gzipped)	78.79 KB
@​sentry/browser (incl. Tracing) - ES6 CDN Bundle (gzipped)	28.6 KB
@​sentry/browser - ES6 CDN Bundle (gzipped)	21.02 KB
@​sentry/browser (incl. Tracing, Replay) - ES6 CDN Bundle (minified & uncompressed)	254.51 KB
@​sentry/browser (incl. Tracing) - ES6 CDN Bundle (minified & uncompressed)	86.76 KB
@​sentry/browser - ES6 CDN Bundle (minified & uncompressed)	62.45 KB
@​sentry/browser (incl. Tracing) - ES5 CDN Bundle (gzipped)	31.48 KB
@​sentry/react (incl. Tracing, Replay) - Webpack (gzipped)	84.3 KB
@​sentry/react - Webpack (gzipped)	22.06 KB
@​sentry/nextjs Client (incl. Tracing, Replay) - Webpack (gzipped)	102.21 KB
@​sentry/nextjs Client - Webpack (gzipped)	50.96 KB

v7.73.0

Compare Source

Important Changes

• feat(replay): Upgrade to rrweb2

This is fully backwards compatible with prior versions of the Replay SDK. The only breaking change that we will making is to not be masking aria-label by default. The reason for this change is to align with our core SDK which also does not mask aria-label. This change also enables better support of searching by clicks.

Another change that needs to be highlighted is the 13% bundle size increase. This bundle size increase is necessary to bring improved recording performance and improved replay fidelity, especially in regards to web components and iframes. We will be investigating the reduction of the bundle size in this PR.

Here are benchmarks comparing the version 1 of rrweb to version 2

metric	v1	v2
lcp	1486.06 ms	1529.11 ms
cls	0.40 ms	0.40 ms
fid	1.53 ms	1.50 ms
tbt	3207.22 ms	3036.80 ms
memoryAvg	131.83 MB	124.84 MB
memoryMax	324.8 MB	339.03 MB
netTx	282.67 KB	272.51 KB
netRx	8.02 MB	8.07 MB

Other Changes

• feat: Always assemble Envelopes (#​9101)
• feat(node): Rate limit local variables for caught exceptions and enable captureAllExceptions by default (#​9102)
• fix(core): Ensure tunnel is considered for isSentryUrl checks (#​9130)
• fix(nextjs): Fix RequestAsyncStorage fallback path (#​9126)
• fix(node-otel): Suppress tracing for generated sentry spans (#​9142)
• fix(node): fill in span data from http request options object (#​9112)
• fix(node): Fixes and improvements to ANR detection (#​9128)
• fix(sveltekit): Avoid data invalidation in wrapped client-side load functions (#​9071)
• ref(core): Refactor InboundFilters integration to use processEvent (#​9020)
• ref(wasm): Refactor Wasm integration to use processEvent (#​9019)

Work in this release contributed by @​vlad-zhukov. Thank you for your contribution!

Bundle size 📦

Path	Size
@​sentry/browser (incl. Tracing, Replay) - Webpack (gzipped)	84.26 KB
@​sentry/browser (incl. Tracing) - Webpack (gzipped)	31.42 KB
@​sentry/browser - Webpack (gzipped)	22 KB
@​sentry/browser (incl. Tracing, Replay) - ES6 CDN Bundle (gzipped)	78.69 KB
@​sentry/browser (incl. Tracing) - ES6 CDN Bundle (gzipped)	28.52 KB
@​sentry/browser - ES6 CDN Bundle (gzipped)	20.59 KB
@​sentry/browser (incl. Tracing, Replay) - ES6 CDN Bundle (minified & uncompressed)	254.14 KB
@​sentry/browser (incl. Tracing) - ES6 CDN Bundle (minified & uncompressed)	86.42 KB
@​sentry/browser - ES6 CDN Bundle (minified & uncompressed)	61.23 KB
@​sentry/browser (incl. Tracing) - ES5 CDN Bundle (gzipped)	31.38 KB
@​sentry/react (incl. Tracing, Replay) - Webpack (gzipped)	84.28 KB
@​sentry/react - Webpack (gzipped)	22.03 KB
@​sentry/nextjs Client (incl. Tracing, Replay) - Webpack (gzipped)	102.2 KB
@​sentry/nextjs Client - Webpack (gzipped)	50.95 KB

v7.72.0

Compare Source

Important Changes

• feat(node): App Not Responding with stack traces (#​9079)

This release introduces support for Application Not Responding (ANR) errors for Node.js applications.
These errors are triggered when the Node.js main thread event loop of an application is blocked for more than five seconds.
The Node SDK reports ANR errors as Sentry events and can optionally attach a stacktrace of the blocking code to the ANR event.

To enable ANR detection, import and use the enableANRDetection function from the @sentry/node package before you run the rest of your application code.
Any event loop blocking before calling enableANRDetection will not be detected by the SDK.

Example (ESM):

import * as Sentry from "@​sentry/node";

Sentry.init({
  dsn: "___PUBLIC_DSN___",
  tracesSampleRate: 1.0,
});

await Sentry.enableANRDetection({ captureStackTrace: true });
// Function that runs your app
runApp();

Example (CJS):

const Sentry = require("@​sentry/node");

Sentry.init({
  dsn: "___PUBLIC_DSN___",
  tracesSampleRate: 1.0,
});

Sentry.enableANRDetection({ captureStackTrace: true }).then(() => {
  // Function that runs your app
  runApp();
});

Other Changes

• fix(nextjs): Filter RequestAsyncStorage locations by locations that webpack will resolve (#​9114)
• fix(replay): Ensure replay_id is not captured when session is expired (#​9109)

Bundle size 📦

Path	Size
@​sentry/browser (incl. Tracing, Replay) - Webpack (gzipped)	75.58 KB
@​sentry/browser (incl. Tracing) - Webpack (gzipped)	31.46 KB
@​sentry/browser - Webpack (gzipped)	22.06 KB
@​sentry/browser (incl. Tracing, Replay) - ES6 CDN Bundle (gzipped)	70.28 KB
@​sentry/browser (incl. Tracing) - ES6 CDN Bundle (gzipped)	28.57 KB
@​sentry/browser - ES6 CDN Bundle (gzipped)	20.65 KB
@​sentry/browser (incl. Tracing, Replay) - ES6 CDN Bundle (minified & uncompressed)	222.21 KB
@​sentry/browser (incl. Tracing) - ES6 CDN Bundle (minified & uncompressed)	86.57 KB
@​sentry/browser - ES6 CDN Bundle (minified & uncompressed)	61.42 KB
@​sentry/browser (incl. Tracing) - ES5 CDN Bundle (gzipped)	31.43 KB
@​sentry/react (incl. Tracing, Replay) - Webpack (gzipped)	75.61 KB
@​sentry/react - Webpack (gzipped)	22.09 KB
@​sentry/nextjs Client (incl. Tracing, Replay) - Webpack (gzipped)	93.48 KB
@​sentry/nextjs Client - Webpack (gzipped)	51.04 KB

v7.71.0

Compare Source

• feat(bun): Instrument Bun.serve (#​9080)
• fix(core): Ensure global event processors are always applied to event (#​9064)
• fix(core): Run client eventProcessors before global ones (#​9032)
• fix(nextjs): Use webpack module paths to attempt to resolve internal request async storage module (#​9100)
• fix(react): Add actual error name to boundary error name (#​9065)
• fix(react): Compare location against basename-prefixed route. (#​9076)
• ref(browser): Refactor browser integrations to use processEvent (#​9022)

Work in this release contributed by @​jorrit. Thank you for your contribution!

Bundle size 📦

Path	Size
@​sentry/browser (incl. Tracing, Replay) - Webpack (gzipped)	75.58 KB
@​sentry/browser (incl. Tracing) - Webpack (gzipped)	31.46 KB
@​sentry/browser - Webpack (gzipped)	22.06 KB
@​sentry/browser (incl. Tracing, Replay) - ES6 CDN Bundle (gzipped)	70.27 KB
@​sentry/browser (incl. Tracing) - ES6 CDN Bundle (gzipped)	28.57 KB
@​sentry/browser - ES6 CDN Bundle (gzipped)	20.64 KB
@​sentry/browser (incl. Tracing, Replay) - ES6 CDN Bundle (minified & uncompressed)	222.17 KB
@​sentry/browser (incl. Tracing) - ES6 CDN Bundle (minified & uncompressed)	86.57 KB
@​sentry/browser - ES6 CDN Bundle (minified & uncompressed)	61.42 KB
@​sentry/browser (incl. Tracing) - ES5 CDN Bundle (gzipped)	31.43 KB
@​sentry/react (incl. Tracing, Replay) - Webpack (gzipped)	75.6 KB
@​sentry/react - Webpack (gzipped)	22.09 KB
@​sentry/nextjs Client (incl. Tracing, Replay) - Webpack (gzipped)	93.48 KB
@​sentry/nextjs Client - Webpack (gzipped)	51.04 KB

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
inreach-bot	Ready	Preview, Comment	Feb 12, 2026 0:13am