fix(deps): update dependency @sentry/react-native to v5.19.1 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@sentry/react-native	5.16.0 -> 5.19.1

GitHub Vulnerability Alerts

GHSA-68c2-4mpx-qh95

Impact

SDK versions between and including 5.16.0 and 5.19.0 allowed Sentry auth tokens to be set in the optional authToken configuration parameter, for debugging purposes. Doing so would result in the auth token being built into the application bundle, and therefore the auth token could be potentially exposed in case the application bundle is subsequently published.

You may ignore this notification if you are not using authToken configuration parameter in your React Native SDK configuration or did not publish apps using this way of configuring the authToken.

If you had set the authToken in the plugin config previously, and built and published an app with that config, you should rotate your token.

Patches

The behavior that allowed setting an authToken parameter was fixed in SDK version 5.19.1 where, if this parameter was set, you will see a warning and the authToken would be removed before bundling the application.

Workarounds

1. Remove authToken from the plugin configuration.
2. If you had set the authToken in the plugin config previously, and built and published an app with that config, you should rotate your token.

References

• sentry-react-native 5.19.1 release notes
• https://github.com/getsentry/sentry-docs/pull/9244

---

Release Notes

getsentry/sentry-react-native (@​sentry/react-native)

v5.19.1

Compare Source

Fixes

• Don't add Expo Plugin option authToken to application bundle (#​3630)
  • Expo plugin configurations are generelly stored in plain text, and are also automatically added to built app bundles, and are therefore considered insecure.
  • You should not set the auth token in the plugin config except for local testing. Instead, use the SENTRY_AUTH_TOKEN env variable, as pointed out in our docs.
  • In addition to showing a warning, we are now actively removing an authToken from the plugin config if it was set.
  • If you had set the auth token in the plugin config previously, and built and published an app with that config, you should rotate your token.
• Reduce waning messages spam when a property in Expo plugin configuration is missing (#​3631)
• Add concrete error messages for RN bundle build phase patch (#​3626)

v5.19.0

Compare Source

This release contains upgrade of sentry-android dependency to major version 7. There are no breaking changes in the JS API. If you are using the Android API please check the migration guide.

Features

• Add Android profiles to React Native Profiling (#​3397)

• Add Sentry.metrics (#​3590)

  To learn more, see the Set Up Metrics guide.

  import * as Sentry from '@​sentry/react-native';
  
  Sentry.init({
    dsn: '___DSN___',
    integrations: [
      Sentry.metrics.metricsAggregatorIntegration(),
    ],
  });
  
  Sentry.metrics.increment("button_click", 1, {
    tags: { system: "iOS", app_version: "1.0.0" },
  });

Fixes

• Upload Debug Symbols Build Phase continues when node not found in WITH_ENVIRONMENT (#​3573)
• Fix proguardUuid loading on Android (#​3591)

Dependencies

• Bump Android SDK from v6.34.0 to v7.3.0 (#​3434)
  • changelog
  • diff
• Bump JavaScript SDK from v7.81.1 to v7.100.1 (#​3426, #​3589)
  • changelog
  • diff

v5.18.0

Compare Source

Features

• Add @spotlightjs/spotlight support (#​3550)

  Download the Spotlight desktop application and add the integration to your Sentry.init.

  import * as Sentry from '@​sentry/react-native';
  
  Sentry.init({
    dsn: '___DSN___',
    enableSpotlight: __DEV__,
  });

• Only upload Expo artifact if source map exists (#​3568)

• Read .env file in sentry-expo-upload-sourcemaps (#​3571)

Fixes

• Prevent pod install crash when visionos is not present (#​3548)
• Fetch Organization slug from @sentry/react-native/expo config when uploading artifacts (#​3557)
• Remove 404 Http Client Errors reports for Metro Dev Server Requests (#​3553)
• Stop tracing Spotlight Sidecar network request in JS (#​3559)

v5.17.0

Compare Source

Features

• New Sentry Metro configuration function withSentryConfig (#​3478)

  • Ensures all Sentry configuration is added to your Metro config
  • Includes createSentryMetroSerializer
  • Collapses Sentry internal frames from the stack trace view in LogBox

  const { getDefaultConfig } = require('@​react-native/metro-config');
  const { withSentryConfig } = require('@​sentry/react-native/metro');
  
  const config = getDefaultConfig(__dirname);
  module.exports = withSentryConfig(config);

• Add experimental visionOS support (#​3467)

  • To set up react-native-visionos with the Sentry React Native SDK follow the standard iOS guides.
  • Xcode project is located in visionos folder instead of ios.

Fixes

• Fix WITH_ENVIRONMENT overwrite in sentry-xcode-debug-files.sh (#​3525)
• Sentry CLI 2.25.1 fixes background debug files uploads during Xcode builds (#​3486)
• Performance Tracing should be disabled by default (#​3533)
• Use $NODE_BINARY to execute Sentry CLI in Xcode scripts (#​3493)
• Return auto Release and Dist to source maps auto upload (#​3540)
• Linked errors processed before other integrations (#​3535)
  • This ensure their frames are correctly symbolicated

Dependencies

• Bump CLI from v2.23.0 to v2.25.2 (#​3486)
  • changelog
  • diff

---

Configuration

📅 Schedule: Branch creation - "" in timezone Europe/Paris, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.