New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update dependency sentry-sdk to v1.14.0 [SECURITY] #16
Open
renovate
wants to merge
1
commit into
main
Choose a base branch
from
renovate/pypi-sentry-sdk-vulnerability
base: main
Could not load branches
Branch not found: {{ refName }}
Could not load tags
Nothing to show
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
renovate
bot
changed the title
Update dependency sentry-sdk to v1.17.0 [SECURITY]
Update dependency sentry-sdk to v1.14.0 [SECURITY]
Mar 22, 2023
renovate
bot
force-pushed
the
renovate/pypi-sentry-sdk-vulnerability
branch
from
May 29, 2023 17:50
9bcb318
to
75745a5
Compare
renovate
bot
changed the title
Update dependency sentry-sdk to v1.14.0 [SECURITY]
Update dependency sentry-sdk to v1.24.0 [SECURITY]
May 29, 2023
renovate
bot
force-pushed
the
renovate/pypi-sentry-sdk-vulnerability
branch
from
June 1, 2023 16:13
75745a5
to
af3d563
Compare
renovate
bot
changed the title
Update dependency sentry-sdk to v1.24.0 [SECURITY]
Update dependency sentry-sdk to v1.14.0 [SECURITY]
Jun 1, 2023
renovate
bot
force-pushed
the
renovate/pypi-sentry-sdk-vulnerability
branch
from
June 18, 2023 14:56
af3d563
to
3c5481d
Compare
renovate
bot
changed the title
Update dependency sentry-sdk to v1.14.0 [SECURITY]
Update dependency sentry-sdk to v1.25.1 [SECURITY]
Jun 18, 2023
renovate
bot
force-pushed
the
renovate/pypi-sentry-sdk-vulnerability
branch
from
June 23, 2023 05:10
3c5481d
to
ed716cf
Compare
renovate
bot
changed the title
Update dependency sentry-sdk to v1.25.1 [SECURITY]
Update dependency sentry-sdk to v1.14.0 [SECURITY]
Jun 23, 2023
renovate
bot
force-pushed
the
renovate/pypi-sentry-sdk-vulnerability
branch
from
July 11, 2023 02:51
ed716cf
to
1df8073
Compare
renovate
bot
changed the title
Update dependency sentry-sdk to v1.14.0 [SECURITY]
Update dependency sentry-sdk to v1.28.0 [SECURITY]
Jul 11, 2023
renovate
bot
force-pushed
the
renovate/pypi-sentry-sdk-vulnerability
branch
from
July 12, 2023 20:43
1df8073
to
95c84c0
Compare
renovate
bot
changed the title
Update dependency sentry-sdk to v1.28.0 [SECURITY]
Update dependency sentry-sdk to v1.14.0 [SECURITY]
Jul 12, 2023
renovate
bot
force-pushed
the
renovate/pypi-sentry-sdk-vulnerability
branch
from
August 23, 2023 05:38
95c84c0
to
770ec37
Compare
renovate
bot
changed the title
Update dependency sentry-sdk to v1.14.0 [SECURITY]
Update dependency sentry-sdk to v1.29.2 [SECURITY]
Aug 23, 2023
renovate
bot
force-pushed
the
renovate/pypi-sentry-sdk-vulnerability
branch
from
August 26, 2023 12:00
770ec37
to
e85ebb8
Compare
renovate
bot
changed the title
Update dependency sentry-sdk to v1.29.2 [SECURITY]
Update dependency sentry-sdk to v1.14.0 [SECURITY]
Aug 26, 2023
renovate
bot
force-pushed
the
renovate/pypi-sentry-sdk-vulnerability
branch
from
September 20, 2023 02:44
e85ebb8
to
444a677
Compare
renovate
bot
changed the title
Update dependency sentry-sdk to v1.14.0 [SECURITY]
Update dependency sentry-sdk to v1.31.0 [SECURITY]
Sep 20, 2023
renovate
bot
force-pushed
the
renovate/pypi-sentry-sdk-vulnerability
branch
from
September 21, 2023 05:43
444a677
to
d52aa2b
Compare
renovate
bot
changed the title
Update dependency sentry-sdk to v1.31.0 [SECURITY]
Update dependency sentry-sdk to v1.14.0 [SECURITY]
Sep 21, 2023
renovate
bot
force-pushed
the
renovate/pypi-sentry-sdk-vulnerability
branch
from
September 26, 2023 11:48
d52aa2b
to
569f9c3
Compare
renovate
bot
changed the title
Update dependency sentry-sdk to v1.14.0 [SECURITY]
Update dependency sentry-sdk to v1.31.0 [SECURITY]
Sep 26, 2023
renovate
bot
force-pushed
the
renovate/pypi-sentry-sdk-vulnerability
branch
from
September 27, 2023 05:17
569f9c3
to
9dbe66f
Compare
renovate
bot
changed the title
Update dependency sentry-sdk to v1.31.0 [SECURITY]
Update dependency sentry-sdk to v1.14.0 [SECURITY]
Sep 27, 2023
renovate
bot
force-pushed
the
renovate/pypi-sentry-sdk-vulnerability
branch
from
November 17, 2023 12:03
9dbe66f
to
09e9a2d
Compare
renovate
bot
changed the title
Update dependency sentry-sdk to v1.14.0 [SECURITY]
Update dependency sentry-sdk to v1.35.0 [SECURITY]
Nov 17, 2023
renovate
bot
force-pushed
the
renovate/pypi-sentry-sdk-vulnerability
branch
from
November 18, 2023 11:15
09e9a2d
to
b189974
Compare
renovate
bot
changed the title
Update dependency sentry-sdk to v1.35.0 [SECURITY]
Update dependency sentry-sdk to v1.14.0 [SECURITY]
Nov 18, 2023
renovate
bot
force-pushed
the
renovate/pypi-sentry-sdk-vulnerability
branch
from
December 5, 2023 02:20
b189974
to
4159cb2
Compare
renovate
bot
changed the title
Update dependency sentry-sdk to v1.14.0 [SECURITY]
Update dependency sentry-sdk to v1.38.0 [SECURITY]
Dec 5, 2023
renovate
bot
force-pushed
the
renovate/pypi-sentry-sdk-vulnerability
branch
from
December 6, 2023 08:26
4159cb2
to
cff3b94
Compare
renovate
bot
changed the title
Update dependency sentry-sdk to v1.38.0 [SECURITY]
Update dependency sentry-sdk to v1.14.0 [SECURITY]
Dec 6, 2023
renovate
bot
force-pushed
the
renovate/pypi-sentry-sdk-vulnerability
branch
from
January 5, 2024 05:12
cff3b94
to
06b839d
Compare
renovate
bot
changed the title
Update dependency sentry-sdk to v1.14.0 [SECURITY]
Update dependency sentry-sdk to v1.39.1 [SECURITY]
Jan 5, 2024
renovate
bot
force-pushed
the
renovate/pypi-sentry-sdk-vulnerability
branch
from
January 6, 2024 11:54
06b839d
to
2c87031
Compare
renovate
bot
changed the title
Update dependency sentry-sdk to v1.39.1 [SECURITY]
Update dependency sentry-sdk to v1.14.0 [SECURITY]
Jan 6, 2024
renovate
bot
force-pushed
the
renovate/pypi-sentry-sdk-vulnerability
branch
from
January 9, 2024 08:50
2c87031
to
dd3313e
Compare
renovate
bot
changed the title
Update dependency sentry-sdk to v1.14.0 [SECURITY]
Update dependency sentry-sdk to v1.39.1 [SECURITY]
Jan 9, 2024
renovate
bot
force-pushed
the
renovate/pypi-sentry-sdk-vulnerability
branch
from
January 10, 2024 05:48
dd3313e
to
1b71458
Compare
renovate
bot
changed the title
Update dependency sentry-sdk to v1.39.1 [SECURITY]
Update dependency sentry-sdk to v1.14.0 [SECURITY]
Jan 10, 2024
renovate
bot
force-pushed
the
renovate/pypi-sentry-sdk-vulnerability
branch
from
January 18, 2024 05:27
1b71458
to
1583d78
Compare
renovate
bot
changed the title
Update dependency sentry-sdk to v1.14.0 [SECURITY]
Update dependency sentry-sdk to v1.39.2 [SECURITY]
Jan 18, 2024
renovate
bot
force-pushed
the
renovate/pypi-sentry-sdk-vulnerability
branch
from
January 19, 2024 20:39
1583d78
to
68db562
Compare
renovate
bot
changed the title
Update dependency sentry-sdk to v1.39.2 [SECURITY]
Update dependency sentry-sdk to v1.14.0 [SECURITY]
Jan 19, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
None yet
0 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
==1.4.3
->==1.14.0
Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
GitHub Vulnerability Alerts
CVE-2023-28117
Impact
When using the Django integration of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitive cookies could then be used by someone with access to your Sentry issues to impersonate or escalate their privileges within your application.
The below must be true in order for these sensitive values to be leaked:
sendDefaultPII
set toTrue
SESSION_COOKIE_NAME
orCSRF_COOKIE_NAME
Django settingsPatches
As of version
1.14.0
, the Django integration of thesentry-sdk
will detect the custom cookie names based on your Django settings and will remove the values from the payload before sending the data to Sentry.Workarounds
If you can not update your
sentry-sdk
to a patched version than you can use the SDKs filtering mechanism to remove the cookies from the payload that is sent to Sentry. For error events this can be done with the before_send callback method and for performance related events (transactions) you can use the before_send_transaction callback method.If you'd like to handle filtering of these values on the server-side, you can also use our advanced data scrubbing feature to account for the custom cookie names. Look for the
$http.cookies
,$http.headers
,$request.cookies
, or$request.headers
fields to target with your scrubbing rule.References
Credits
Release Notes
getsentry/sentry-python (sentry-sdk)
v1.14.0
Compare Source
Various fixes & improvements
Add
before_send_transaction
(#1840) by @antonpirkerAdds a hook (similar to
before_send
) that is called for all transaction events (performance releated data).Usage:
modify event here (or return
None
if you want to drop the event entirely)...
v1.13.0
Compare Source
Various fixes & improvements
Add Starlite integration (#1748) by @gazorby
Adding support for the Starlite framework. Unhandled errors are captured. Performance spans for Starlite middleware are also captured. Thanks @gazorby for the great work!
Usage:
Profiling: Remove sample buffer from profiler (#1791) by @Zylphrex
Profiling: Performance tweaks to profile sampler (#1789) by @Zylphrex
Add span for Django SimpleTemplateResponse rendering (#1818) by @chdsbd
Use @wraps for Django Signal receivers (#1815) by @meanmail
Add enqueued_at and started_at to rq job extra (#1024) by @kruvasyan
Remove sanic v22 pin (#1819) by @sl0thentr0py
Add support for
byterray
andmemoryview
built-in types (#1833) by @TartyHandle
"rc"
in SQLAlchemy version. (#1812) by @peterschuttDoc: Use .venv (not .env) as a virtual env location in CONTRIBUTING.md (#1790) by @tonyo
Auto publish to internal pypi on release (#1823) by @asottile-sentry
Added Python 3.11 to test suite (#1795) by @antonpirker
Update test/linting dependencies (#1801) by @antonpirker
Deps: bump sphinx from 5.2.3 to 5.3.0 (#1686) by @dependabot
v1.12.1
Compare Source
Various fixes & improvements
v1.12.0
Compare Source
Basic OTel support
This adds support to automatically integrate OpenTelemetry performance tracing with Sentry.
See the documentation on how to set it up:
https://docs.sentry.io/platforms/python/performance/instrumentation/opentelemetry/
Give it a try and let us know if you have any feedback or problems with using it.
By: @antonpirker (#1772, #1766, #1765)
Various fixes & improvements
v1.11.1
Compare Source
Various fixes & improvements
v1.11.0
Compare Source
Various fixes & improvements
a214fbc
to20ff3b9
(#1703) by @dependabotv1.10.1
Compare Source
Various fixes & improvements
v1.10.0
Compare Source
Various fixes & improvements
Unified naming for span ops (#1661) by @antonpirker
We have unified the strings of our span operations. See https://develop.sentry.dev/sdk/performance/span-operations/
WARNING: If you have Sentry Dashboards or Sentry Discover queries that use
transaction.op
in their fields, conditions, aggregates or columns this change could potentially break your Dashboards/Discover setup.Here is a list of the changes we made to the
op
s. Please adjust your dashboards and Discover queries accordingly:op
)op
)asgi.server
http.server
aws.request
http.client
aws.request.stream
http.client.stream
celery.submit
queue.submit.celery
celery.task
queue.task.celery
django.middleware
middleware.django
django.signals
event.django
django.template.render
template.render
django.view
view.render
http
http.client
redis
db.redis
rq.task
queue.task.rq
serverless.function
function.aws
serverless.function
function.gcp
starlette.middleware
middleware.starlette
Include framework in SDK name (#1662) by @antonpirker
Asyncio integration (#1671) by @antonpirker
Add exception handling to Asyncio Integration (#1695) by @antonpirker
Fix asyncio task factory (#1689) by @antonpirker
Have instrumentation for ASGI middleware receive/send callbacks. (#1673) by @antonpirker
Use Django internal ASGI handling from Channels version 4.0.0. (#1688) by @antonpirker
fix(integrations): Fix http putrequest when url is None (#1693) by @MattFlower
build(deps): bump checkouts/data-schemas from
f0a57f2
toa214fbc
(#1627) by @dependabotbuild(deps): bump flake8-bugbear from 22.9.11 to 22.9.23 (#1637) by @dependabot
build(deps): bump sphinx from 5.1.1 to 5.2.3 (#1653) by @dependabot
build(deps): bump actions/stale from 5 to 6 (#1638) by @dependabot
build(deps): bump black from 22.8.0 to 22.10.0 (#1670) by @dependabot
Remove unused node setup from ci. (#1681) by @antonpirker
Check for Decimal is in_valid_sample_rate (#1672) by @Arvind2222
Add session for aiohttp integration (#1605) by @denys-pidlisnyi
feat(profiling): Extract qualified name for each frame (#1669) by @Zylphrex
feat(profiling): Attach thread metadata to profiles (#1660) by @Zylphrex
ref(profiling): Rename profiling frame keys (#1680) by @Zylphrex
fix(profiling): get_frame_name only look at arguments (#1684) by @Zylphrex
fix(profiling): Need to sample profile correctly (#1679) by @Zylphrex
fix(profiling): Race condition spawning multiple profiling threads (#1676) by @Zylphrex
tests(profiling): Add basic profiling tests (#1677) by @Zylphrex
tests(profiling): Add tests for thread schedulers (#1683) by @Zylphrex
v1.9.10
Compare Source
Various fixes & improvements
v1.9.9
Compare Source
Django update (ongoing)
Various fixes & improvements
v1.9.8
Compare Source
Various fixes & improvements
v1.9.7
Compare Source
Various fixes & improvements
Note: The last version 1.9.6 introduced a breaking change where projects that used Starlette or FastAPI
and had manually setup
SentryAsgiMiddleware
could not start. This versions fixes this behaviour.With this version if you have a manual
SentryAsgiMiddleware
setup and are using Starlette or FastAPIeverything just works out of the box.
Sorry for any inconveniences the last version might have brought to you.
We can do better and in the future we will do our best to not break your code again.
v1.9.6
Compare Source
Various fixes & improvements
v1.9.5
Compare Source
Various fixes & improvements
v1.9.4
Compare Source
Various fixes & improvements
v1.9.3
Compare Source
Various fixes & improvements
v1.9.2
Compare Source
Various fixes & improvements
v1.9.1
Compare Source
Various fixes & improvements
v1.9.0
Compare Source
Various fixes & improvements
v1.8.0
Compare Source
Various fixes & improvements
feat(starlette): add Starlette integration (#1441) by @sl0thentr0py
Important: Remove manual usage of
SentryAsgiMiddleware
! This is now done by the Starlette integration.Usage:
feat(fastapi): add FastAPI integration (#829) by @antonpirker
Important: Remove manual usage of
SentryAsgiMiddleware
! This is now done by the FastAPI integration.Usage:
Yes, you have to add both, the
StarletteIntegration
AND theFastApiIntegration
!fix: avoid sending empty Baggage header (#1507) by @intgr
fix: properly freeze Baggage object (#1508) by @intgr
docs: fix simple typo, collecter | collector (#1505) by @timgates42
v1.7.2
Compare Source
Various fixes & improvements
v1.7.1
Compare Source
Various fixes & improvements
v1.7.0
Compare Source
Various fixes & improvements
feat(tracing): Dynamic Sampling Context / Baggage continuation (#1485) by @sl0thentr0py
The SDK now propagates the W3C Baggage Header from
incoming transactions to outgoing requests.
It also extracts Sentry specific sampling information
and adds it to the transaction headers to enable Dynamic Sampling in the product.
v1.6.0
Compare Source
Various fixes & improvements
v1.5.12
Compare Source
Various fixes & improvements
v1.5.11
Compare Source
Various fixes & improvements
v1.5.10
Compare Source
Various fixes & improvements
v1.5.9
Compare Source
Various fixes & improvements
v1.5.8
Compare Source
Various fixes & improvements
v1.5.7
Compare Source
Various fixes & improvements
v1.5.6
Compare Source
Various fixes & improvements
sentry_trace()
template helper (#1336) by @BYKv1.5.5
Compare Source
sentry_repr
(#1322)Work in this release contributed by @tomchuk. Thank you for your contribution!
v1.5.4
Compare Source
got_request_exception
as well (#1317)v1.5.3
Compare Source
v1.5.2
Compare Source
Work in this release contributed by @johnzeringue, @pgjones and @ahopkins. Thank you for your contribution!
v1.5.1
Compare Source
Various fixes & improvements
v1.5.0
Compare Source
Work in this release contributed by @galuszkak, @kianmeng, @ahopkins, @razumeiko, @tomscytale, and @seedofjoy. Thank you for your contribution!
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.