Skip to content

Revert "fix: isCheckout is not included in fullsnapshot event (#1141)"#139

Merged
billyvg merged 1 commit intosentry-v2from
revert-isCheckout-on-full-snapshot
Dec 11, 2023
Merged

Revert "fix: isCheckout is not included in fullsnapshot event (#1141)"#139
billyvg merged 1 commit intosentry-v2from
revert-isCheckout-on-full-snapshot

Conversation

@billyvg
Copy link
Copy Markdown
Member

@billyvg billyvg commented Dec 8, 2023
edited
Loading

This reverts commit 3416c3a.

From my comment here

I only used translate on the OP but if I understand correctly, when we call takeFullSnapshot(true), we will receive two distinct events with the isCheckout arg as true. Looking at the blame this is due to rrweb-io#1141.

If you use checkoutEvery... and rely on isCheckout to reset existing events, this means that the Meta event will be lost because the FullSnapshot occurs afterwards, and isCheckout is true for both events. Losing the Meta event means that the replayer will be unable to set its dimensions, making the replay look broken.

@billyvg billyvg marked this pull request as ready for review December 8, 2023 21:08
@billyvg billyvg requested a review from a team December 8, 2023 21:08
@billyvg billyvg merged commit 4305c91 into sentry-v2 Dec 11, 2023
@billyvg billyvg deleted the revert-isCheckout-on-full-snapshot branch December 11, 2023 15:55
billyvg added a commit that referenced this pull request Apr 26, 2024
@billyvg
Revert "fix: isCheckout is not included in fullsnapshot event (rrweb-…
bedddd4 
…io#1141)" (#139)

This reverts commit 3416c3a.

From [my comment
here](rrweb-io#1242 (comment))

> I only used translate on the OP but if I understand correctly, when we
call `takeFullSnapshot(true)`, we will receive two distinct events with
the `isCheckout` arg as `true`. Looking at the blame this is due to

> If you use `checkoutEvery...` and rely on `isCheckout` to reset
existing events, this means that the [`Meta`
event](https://github.com/rrweb-io/rrweb/blob/master/packages/rrweb/src/record/index.ts#L352-L362)
will be lost because [the
`FullSnapshot`](https://github.com/rrweb-io/rrweb/blob/master/packages/rrweb/src/record/index.ts#L408-L417)
occurs afterwards, and `isCheckout` is true for both events. Losing the
`Meta` event means that the replayer will be unable to set its
dimensions, making the replay look broken.
@chargome chargome mentioned this pull request Mar 26, 2026
Merged
chargome added a commit that referenced this pull request Mar 31, 2026
@chargome @claude
chore(build): Bump vite 5→6, vitest 1→2, vite-plugin-dts 3→4 (#273)
09cc3e0 
Bump the core build/test tooling across all workspace packages:

- **vite** ^5.2.8 → ^6.4.1
- **vitest** ^1.4.0 → ^2.1.9
- **vite-plugin-dts** ^3.8.1 → ^4.5.4
- **rollup-plugin-terser** (deprecated) → **@rollup/plugin-terser** in
rrweb-worker

Added `cssFileName: 'style'` to the shared vite config to preserve the
`style.css` output filename (Vite 6 changed the default to
package-name-based).

### Dependabot alerts resolved

**Fully resolved** (vulnerable version completely removed from
lockfile):

| Alert | Severity | Package | Summary |
|-------|----------|---------|---------|
| #113 | CRITICAL | `vitest` | Remote Code Execution when accessing a
malicious website while Vitest API server is listening |
| #203 | HIGH | `rollup` | Rollup 4 has Arbitrary File Write via Path
Traversal |
| #110 | MEDIUM | `vue-template-compiler` | Client-side XSS (no fix
available — removed by vite-plugin-dts v4 dropping the dependency) |

**Partially resolved** (some vulnerable entries removed, but package
still exists via other dependency chains):

| Alert | Severity | Package | Remaining source |
|-------|----------|---------|-----------------|
| #154, #146, #145, #141, #140, #139, #138, #126, #111 | MEDIUM/LOW |
`vite` | `@sveltejs/vite-plugin-svelte@3` still pulls in vite@5 (needs
Svelte 5 upgrade) |
| #114 | MEDIUM | `esbuild` | `esbuild-plugin-umd-wrapper` still uses
esbuild@0.18 |
| #214 | HIGH | `serialize-javascript` | webpack (via `@size-limit`)
still pulls in v6 |
| #105, #104 | MEDIUM | `nanoid` | postcss (via vite internally) still
uses nanoid@3 |
| #165, #155 | HIGH/MEDIUM | `validator` | `@microsoft/api-extractor`
(via vite-plugin-dts) — needs further investigation |

The partially resolved alerts will be addressed in later phases (Svelte
5 upgrade, @size-limit bump, mop-up).

closes
https://linear.app/getsentry/issue/SDK-1095/bump-vitest-vite-56-1-critical-7-alerts

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: chargome <chargome@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bruno-garcia bruno-garcia bruno-garcia approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@billyvg @bruno-garcia