Skip to content

upstream: Extended text masking function to include relevant HTMLElement#164

Merged
billyvg merged 3 commits intosentry-v2from
sentry-v2-upstream-mask-text-fn-element
Apr 19, 2024
Merged

upstream: Extended text masking function to include relevant HTMLElement#164
billyvg merged 3 commits intosentry-v2from
sentry-v2-upstream-mask-text-fn-element

Conversation

@billyvg
Copy link
Copy Markdown
Member

@billyvg billyvg commented Jan 31, 2024

  • Extends maskTextFn to pass the HTMLElement to the deciding function

Authored-by: benjackwhite benjackwhite@users.noreply.github.com
Co-authored-by: Justin Halsall Juice10@users.noreply.github.com
Co-authored-by: Eoghan Murray eoghan@getthere.ie

@benjackwhite @Juice10
@eoghanmurray @billyvg
Extended text masking function to include relevant HTMLElement (rrweb…
ed1a2ed 
…-io#1310)

* Extends maskTextFn to pass the HTMLElement to the deciding function

---------

Authored-by: benjackwhite <benjackwhite@users.noreply.github.com>
Co-authored-by: Justin Halsall <Juice10@users.noreply.github.com>
Co-authored-by: Eoghan Murray <eoghan@getthere.ie>
@billyvg
Copy link
Copy Markdown
Member Author

billyvg commented Jan 31, 2024

Ref rrweb-io#1310

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Jan 31, 2024
edited
Loading

size-limit report 📦

Path Size
rrweb - record only (gzipped) 16.82 KB (+0.12% 🔺)
rrweb - record & CanvasManager only (gzipped) 19.63 KB (+0.12% 🔺)
rrweb - record only (min) 57.3 KB (+0.11% 🔺)
rrweb - record with treeshaking flags (gzipped) 15.62 KB (+0.14% 🔺)

@billyvg billyvg marked this pull request as ready for review January 31, 2024 21:03
@billyvg billyvg requested a review from a team April 19, 2024 14:03
@billyvg billyvg changed the title Extended text masking function to include relevant HTMLElement (#1310) upstream: Extended text masking function to include relevant HTMLElement Apr 19, 2024
@billyvg billyvg merged commit 15c4677 into sentry-v2 Apr 19, 2024
@billyvg billyvg deleted the sentry-v2-upstream-mask-text-fn-element branch April 19, 2024 16:06
chargome added a commit that referenced this pull request Apr 24, 2026
@chargome @claude
fix(deps): refresh lockfile pins for vulnerable transitive deps (#285)
db898b9 
## Summary
Updates stale yarn.lock resolutions to patched versions within their
existing semver ranges, plus fixes a build breakage in rrweb-worker.

**Lockfile refreshes** (no package.json changes):
- **basic-ftp** 5.0.5 -> 5.3.0 (via puppeteer -> proxy-agent -> get-uri)
- **node-forge** 1.3.1 -> 1.4.0 (via vite-plugin-web-extension ->
web-ext-run -> @devicefarmer/adbkit)
- **picomatch** 2.3.1 -> 2.3.2 (via chokidar, micromatch,
@rollup/pluginutils)
- **picomatch** 4.0.2 -> 4.0.4 (via @rollup/pluginutils)
- **flatted** 3.3.2 -> 3.4.2 (via eslint -> flat-cache)

**rrweb-worker build fix**: Replaces `rollup-plugin-typescript2` with
`@rollup/plugin-typescript` — the old plugin can't parse `import type`
syntax with the newer rollup version pulled in by the
`@rollup/plugin-terser` v1 bump.

## Breaking changes
- Lockfile refreshes: none — all within existing semver ranges
- `rollup-plugin-typescript2` -> `@rollup/plugin-typescript`: drop-in
replacement, same rollup plugin API. `@rollup/plugin-typescript` is the
officially maintained plugin. Config options (`tsconfig`, `sourceMap`,
`inlineSourceMap`, `inlineSources`) are compatible. Build verified
passing.

## Dependabot alerts resolved
- [Alert
#249](https://github.com/getsentry/rrweb/security/dependabot/249) (high)
— basic-ftp CRLF injection
- [Alert
#202](https://github.com/getsentry/rrweb/security/dependabot/202)
(critical) — basic-ftp path traversal
- [Alert
#237](https://github.com/getsentry/rrweb/security/dependabot/237) (high)
— node-forge basicConstraints bypass
- [Alert
#236](https://github.com/getsentry/rrweb/security/dependabot/236) (high)
— node-forge Ed25519 signature forgery
- [Alert
#235](https://github.com/getsentry/rrweb/security/dependabot/235) (high)
— node-forge RSA-PKCS signature forgery
- [Alert
#234](https://github.com/getsentry/rrweb/security/dependabot/234) (high)
— node-forge DoS via BigInteger.modInverse
- [Alert
#164](https://github.com/getsentry/rrweb/security/dependabot/164) (high)
— node-forge ASN.1 unbounded recursion
- [Alert
#163](https://github.com/getsentry/rrweb/security/dependabot/163)
(medium) — node-forge ASN.1 OID integer truncation
- [Alert
#162](https://github.com/getsentry/rrweb/security/dependabot/162) (high)
— node-forge ASN.1 desynchronization
- [Alert
#232](https://github.com/getsentry/rrweb/security/dependabot/232)
(medium) — picomatch POSIX class method injection
- [Alert
#230](https://github.com/getsentry/rrweb/security/dependabot/230)
(medium) — picomatch POSIX class method injection (4.x)
- [Alert
#229](https://github.com/getsentry/rrweb/security/dependabot/229) (high)
— picomatch ReDoS via extglob quantifiers
- [Alert
#227](https://github.com/getsentry/rrweb/security/dependabot/227) (high)
— flatted prototype pollution via parse

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@c298lee c298lee c298lee approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@billyvg @c298lee @benjackwhite