fix(core): Ensure fill only patches functions
#15632
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Lms24
commented
Mar 11, 2025
| @@ -61,7 +61,7 @@ export function supportsDOMException(): boolean { | |||
| * @returns Answer to the given question. | |||
| */ | |||
| export function supportsHistory(): boolean { | |||
| return 'history' in WINDOW; | |||
| return 'history' in WINDOW && !!WINDOW.history; | |||
There was a problem hiding this comment.
Improved this check so that if history was undefined or null we'd also return false here
size-limit report 📦
|
3 tasks
|
I will rework this to more generally fix the wird behaviour in our |
Lms24
commented
Mar 11, 2025
|
|
||
| expect(WINDOW.history).toEqual({ | ||
| replaceState: expect.any(Function), // patched function | ||
| pushState: undefined, // unpatched |
There was a problem hiding this comment.
prior to this PR, pushState would have become a Function, resulting in the wrapper function calling undefined.apply on the "original function".
Lms24
changed the title
window.history propertiesfill only patches functions
andreiborza
approved these changes
Mar 11, 2025
aviator-app bot
added a commit
to reisene/HulajDusza-serwis
that referenced
this pull request
Apr 10, 2025
![snyk-io[bot]](https://badgen.net/badge/icon/snyk-io%5Bbot%5D/green?label=)  [<img width="16" alt="Powered by Pull Request Badge" src="https://user-images.githubusercontent.com/1393946/111216524-d2bb8e00-85d4-11eb-821b-ed4c00989c02.png">](https://pullrequestbadge.com/?utm_medium=github&utm_source=reisene&utm_campaign=badge_info)<!-- PR-BADGE: PLEASE DO NOT REMOVE THIS COMMENT -->  <h3>Snyk has created this PR to upgrade @sentry/browser from 9.5.0 to 9.6.1.</h3> :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/> - The recommended version is **3 versions** ahead of your current version. - The recommended version was released **22 days ago**. <details> <summary><b>Release notes</b></summary> <br/> <details> <summary>Package name: <b>@sentry/browser</b></summary> <ul> <li> <b>9.6.1</b> - <a href="https://redirect.github.com/getsentry/sentry-javascript/releases/tag/9.6.1">2025-03-19</a></br><ul> <li>feat(deps): bump @ prisma/instrumentation from 6.4.1 to 6.5.0 (<a href="https://redirect.github.com/getsentry/sentry-javascript/pull/15714" data-hovercard-type="pull_request" data-hovercard-url="/getsentry/sentry-javascript/pull/15714/hovercard">#15714</a>)</li> <li>feat(deps): bump @ sentry/cli from 2.42.2 to 2.42.3 (<a href="https://redirect.github.com/getsentry/sentry-javascript/pull/15711" data-hovercard-type="pull_request" data-hovercard-url="/getsentry/sentry-javascript/pull/15711/hovercard">#15711</a>)</li> <li>fix(nextjs): Re-patch router if it is overridden by Next.js (<a href="https://redirect.github.com/getsentry/sentry-javascript/pull/15721" data-hovercard-type="pull_request" data-hovercard-url="/getsentry/sentry-javascript/pull/15721/hovercard">#15721</a>)</li> <li>fix(nuxt): Add Nitro Rollup plugin to inject Sentry server config (<a href="https://redirect.github.com/getsentry/sentry-javascript/pull/15710" data-hovercard-type="pull_request" data-hovercard-url="/getsentry/sentry-javascript/pull/15710/hovercard">#15710</a>)</li> <li>chore(deps): Bump rollup to 4.35.0 (<a href="https://redirect.github.com/getsentry/sentry-javascript/pull/15651" data-hovercard-type="pull_request" data-hovercard-url="/getsentry/sentry-javascript/pull/15651/hovercard">#15651</a>)</li> </ul> <h2>Bundle size 📦</h2> <table> <thead> <tr> <th>Path</th> <th>Size</th> </tr> </thead> <tbody> <tr> <td>@ sentry/browser</td> <td>23.15 KB</td> </tr> <tr> <td>@ sentry/browser - with treeshaking flags</td> <td>22.94 KB</td> </tr> <tr> <td>@ sentry/browser (incl. Tracing)</td> <td>36.21 KB</td> </tr> <tr> <td>@ sentry/browser (incl. Tracing, Replay)</td> <td>73.39 KB</td> </tr> <tr> <td>@ sentry/browser (incl. Tracing, Replay) - with treeshaking flags</td> <td>66.81 KB</td> </tr> <tr> <td>@ sentry/browser (incl. Tracing, Replay with Canvas)</td> <td>78.01 KB</td> </tr> <tr> <td>@ sentry/browser (incl. Tracing, Replay, Feedback)</td> <td>90.57 KB</td> </tr> <tr> <td>@ sentry/browser (incl. Feedback)</td> <td>40.3 KB</td> </tr> <tr> <td>@ sentry/browser (incl. sendFeedback)</td> <td>27.79 KB</td> </tr> <tr> <td>@ sentry/browser (incl. FeedbackAsync)</td> <td>32.58 KB</td> </tr> <tr> <td>@ sentry/react</td> <td>24.97 KB</td> </tr> <tr> <td>@ sentry/react (incl. Tracing)</td> <td>38.1 KB</td> </tr> <tr> <td>@ sentry/vue</td> <td>27.4 KB</td> </tr> <tr> <td>@ sentry/vue (incl. Tracing)</td> <td>37.9 KB</td> </tr> <tr> <td>@ sentry/svelte</td> <td>23.18 KB</td> </tr> <tr> <td>CDN Bundle</td> <td>24.36 KB</td> </tr> <tr> <td>CDN Bundle (incl. Tracing)</td> <td>36.26 KB</td> </tr> <tr> <td>CDN Bundle (incl. Tracing, Replay)</td> <td>71.27 KB</td> </tr> <tr> <td>CDN Bundle (incl. Tracing, Replay, Feedback)</td> <td>76.45 KB</td> </tr> <tr> <td>CDN Bundle - uncompressed</td> <td>71.19 KB</td> </tr> <tr> <td>CDN Bundle (incl. Tracing) - uncompressed</td> <td>107.57 KB</td> </tr> <tr> <td>CDN Bundle (incl. Tracing, Replay) - uncompressed</td> <td>218.83 KB</td> </tr> <tr> <td>CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed</td> <td>231.39 KB</td> </tr> <tr> <td>@ sentry/nextjs (client)</td> <td>39.38 KB</td> </tr> <tr> <td>@ sentry/sveltekit (client)</td> <td>36.63 KB</td> </tr> <tr> <td>@ sentry/node</td> <td>142.29 KB</td> </tr> <tr> <td>@ sentry/node - without tracing</td> <td>95.71 KB</td> </tr> <tr> <td>@ sentry/aws-serverless</td> <td>120.06 KB</td> </tr> </tbody> </table> </li> <li> <b>9.6.0</b> - <a href="https://redirect.github.com/getsentry/sentry-javascript/releases/tag/9.6.0">2025-03-17</a></br><h3>Important Changes</h3> <ul> <li> <p><strong>feat(tanstackstart): Add <code>@ sentry/tanstackstart-react</code> package and make <code>@ sentry/tanstackstart</code> package a utility package (<a href="https://redirect.github.com/getsentry/sentry-javascript/pull/15629" data-hovercard-type="pull_request" data-hovercard-url="/getsentry/sentry-javascript/pull/15629/hovercard">#15629</a>)</strong></p> <p>Since TanStack Start is supposed to be a generic framework that supports libraries like React and Solid, the <code>@ sentry/tanstackstart</code> SDK package was renamed to <code>@ sentry/tanstackstart-react</code> to reflect that the SDK is specifically intended to be used for React TanStack Start applications.<br> Note that the TanStack Start SDK is still in alpha status and may be subject to breaking changes in non-major package updates.</p> </li> </ul> <h3>Other Changes</h3> <ul> <li>feat(astro): Accept all vite-plugin options (<a href="https://redirect.github.com/getsentry/sentry-javascript/pull/15638" data-hovercard-type="pull_request" data-hovercard-url="/getsentry/sentry-javascript/pull/15638/hovercard">#15638</a>)</li> <li>feat(deps): bump @ sentry/webpack-plugin from 3.2.1 to 3.2.2 (<a href="https://redirect.github.com/getsentry/sentry-javascript/pull/15627" data-hovercard-type="pull_request" data-hovercard-url="/getsentry/sentry-javascript/pull/15627/hovercard">#15627</a>)</li> <li>feat(tanstackstart): Refine initial API (<a href="https://redirect.github.com/getsentry/sentry-javascript/pull/15574" data-hovercard-type="pull_request" data-hovercard-url="/getsentry/sentry-javascript/pull/15574/hovercard">#15574</a>)</li> <li>fix(core): Ensure <code>fill</code> only patches functions (<a href="https://redirect.github.com/getsentry/sentry-javascript/pull/15632" data-hovercard-type="pull_request" data-hovercard-url="/getsentry/sentry-javascript/pull/15632/hovercard">#15632</a>)</li> <li>fix(nextjs): Consider <code>pageExtensions</code> when looking for instrumentation file (<a href="https://redirect.github.com/getsentry/sentry-javascript/pull/15701" data-hovercard-type="pull_request" data-hovercard-url="/getsentry/sentry-javascript/pull/15701/hovercard">#15701</a>)</li> <li>fix(remix): Null-check <code>options</code> (<a href="https://redirect.github.com/getsentry/sentry-javascript/pull/15610" data-hovercard-type="pull_request" data-hovercard-url="/getsentry/sentry-javascript/pull/15610/hovercard">#15610</a>)</li> <li>fix(sveltekit): Correctly parse angle bracket type assertions for auto instrumentation (<a href="https://redirect.github.com/getsentry/sentry-javascript/pull/15578" data-hovercard-type="pull_request" data-hovercard-url="/getsentry/sentry-javascript/pull/15578/hovercard">#15578</a>)</li> <li>fix(sveltekit): Guard process variable (<a href="https://redirect.github.com/getsentry/sentry-javascript/pull/15605" data-hovercard-type="pull_request" data-hovercard-url="/getsentry/sentry-javascript/pull/15605/hovercard">#15605</a>)</li> </ul> <p>Work in this release was contributed by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/angelikatyborska/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/angelikatyborska">@ angelikatyborska</a> and <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/nwalters512/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/nwalters512">@ nwalters512</a>. Thank you for your contributions!</p> <h2>Bundle size 📦</h2> <table> <thead> <tr> <th>Path</th> <th>Size</th> </tr> </thead> <tbody> <tr> <td>@ sentry/browser</td> <td>23.15 KB</td> </tr> <tr> <td>@ sentry/browser - with treeshaking flags</td> <td>22.94 KB</td> </tr> <tr> <td>@ sentry/browser (incl. Tracing)</td> <td>36.21 KB</td> </tr> <tr> <td>@ sentry/browser (incl. Tracing, Replay)</td> <td>73.39 KB</td> </tr> <tr> <td>@ sentry/browser (incl. Tracing, Replay) - with treeshaking flags</td> <td>66.8 KB</td> </tr> <tr> <td>@ sentry/browser (incl. Tracing, Replay with Canvas)</td> <td>78.01 KB</td> </tr> <tr> <td>@ sentry/browser (incl. Tracing, Replay, Feedback)</td> <td>90.57 KB</td> </tr> <tr> <td>@ sentry/browser (incl. Feedback)</td> <td>40.3 KB</td> </tr> <tr> <td>@ sentry/browser (incl. sendFeedback)</td> <td>27.79 KB</td> </tr> <tr> <td>@ sentry/browser (incl. FeedbackAsync)</td> <td>32.58 KB</td> </tr> <tr> <td>@ sentry/react</td> <td>24.97 KB</td> </tr> <tr> <td>@ sentry/react (incl. Tracing)</td> <td>38.1 KB</td> </tr> <tr> <td>@ sentry/vue</td> <td>27.4 KB</td> </tr> <tr> <td>@ sentry/vue (incl. Tracing)</td> <td>37.9 KB</td> </tr> <tr> <td>@ sentry/svelte</td> <td>23.18 KB</td> </tr> <tr> <td>CDN Bundle</td> <td>24.36 KB</td> </tr> <tr> <td>CDN Bundle (incl. Tracing)</td> <td>36.26 KB</td> </tr> <tr> <td>CDN Bundle (incl. Tracing, Replay)</td> <td>71.27 KB</td> </tr> <tr> <td>CDN Bundle (incl. Tracing, Replay, Feedback)</td> <td>76.45 KB</td> </tr> <tr> <td>CDN Bundle - uncompressed</td> <td>71.19 KB</td> </tr> <tr> <td>CDN Bundle (incl. Tracing) - uncompressed</td> <td>107.57 KB</td> </tr> <tr> <td>CDN Bundle (incl. Tracing, Replay) - uncompressed</td> <td>218.84 KB</td> </tr> <tr> <td>CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed</td> <td>231.4 KB</td> </tr> <tr> <td>@ sentry/nextjs (client)</td> <td>39.27 KB</td> </tr> <tr> <td>@ sentry/sveltekit (client)</td> <td>36.63 KB</td> </tr> <tr> <td>@ sentry/node</td> <td>142.15 KB</td> </tr> <tr> <td>@ sentry/node - without tracing</td> <td>95.58 KB</td> </tr> <tr> <td>@ sentry/aws-serverless</td> <td>119.92 KB</td> </tr> </tbody> </table> </li> <li> <b>9.6.0-alpha.0</b> - 2025-03-06 </li> <li> <b>9.5.0</b> - 2025-03-06 </li> </ul> from <a href="https://redirect.github.com/getsentry/sentry-javascript/releases">@sentry/browser GitHub release notes</a> </details> </details> --- > [!IMPORTANT] > > - Check the changes in this PR to ensure they won't cause issues with your project. > - This PR was automatically created by Snyk using the credentials of a real user. --- **Note:** _You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs._ **For more information:** <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJhYjgwMDgxOS1lZTdkLTRiNzMtOGU2MS03ZWM1MWRlZDEwOWUiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImFiODAwODE5LWVlN2QtNGI3My04ZTYxLTdlYzUxZGVkMTA5ZSJ9fQ==" width="0" height="0"/> > - 🧐 [View latest project report](https://app.snyk.io/org/reisene/project/55e114f8-489e-4f14-b900-20574b041e59?utm_source=github-cloud-app&utm_medium=referral&page=upgrade-pr) > - 📜 [Customise PR templates](https://docs.snyk.io/scan-using-snyk/pull-requests/snyk-fix-pull-or-merge-requests/customize-pr-templates?utm_source=&utm_content=fix-pr-template) > - 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/reisene/project/55e114f8-489e-4f14-b900-20574b041e59/settings/integration?utm_source=github-cloud-app&utm_medium=referral&page=upgrade-pr) > - 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/reisene/project/55e114f8-489e-4f14-b900-20574b041e59/settings/integration?pkg=@sentry/browser&utm_source=github-cloud-app&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades) [//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"@sentry/browser","from":"9.5.0","to":"9.6.1"}],"env":"prod","hasFixes":false,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[],"prId":"ab800819-ee7d-4b73-8e61-7ec51ded109e","prPublicId":"ab800819-ee7d-4b73-8e61-7ec51ded109e","packageManager":"npm","priorityScoreList":[],"projectPublicId":"55e114f8-489e-4f14-b900-20574b041e59","projectUrl":"https://app.snyk.io/org/reisene/project/55e114f8-489e-4f14-b900-20574b041e59?utm_source=github-cloud-app&utm_medium=referral&page=upgrade-pr","prType":"upgrade","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":[],"type":"auto","upgrade":[],"upgradeInfo":{"versionsDiff":3,"publishedDate":"2025-03-19T10:03:32.247Z"},"vulns":[]}' ## Podsumowanie od Sourcery Ulepszenia: - Aktualizacja pakietu Sentry dla przeglądarki do najnowszej wersji minor <details> <summary>Original summary in English</summary> ## Summary by Sourcery Enhancements: - Update Sentry browser package to the latest minor version </details>
<!--](https://user-images.githubusercontent.com/1393946/111216524-d2bb8e00-85d4-11eb-821b-ed4c00989c02.png">](https://pullrequestbadge.com/?utm_medium=github&utm_source=reisene&utm_campaign=badge_info)<!--){kind=link}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds a guard to our
fillutility that we use to instrument/wrap methods defined on an object. However, due to a misleading type cast infillwe didn't check if the name of the method to be patched actually corresponded to a function on an object.This was surfaced via #15552 where we'd call
fillonwindow.history(pushState|replaceState)without checking if these two methods were actually available or functions.Note: I initially solved this on the
instrumentHistorylevel but then noticed that this is a more general bug infill. Therefore I added some history-specific tests as well but I'd rather keep them than removing them. Fun fact: The more general fix saves ~8 Bytes of bundle size compared to my initial history-based fix 😅closes #15552