Skip to content

Version Packages#279

Merged
kodiakhq[bot] merged 1 commit into
mainfrom
changeset-release/main
Jul 10, 2026
Merged

Version Packages#279
kodiakhq[bot] merged 1 commit into
mainfrom
changeset-release/main

Conversation

@github-actions

@github-actions github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.

Releases

@hyperdx/browser@0.25.0

Minor Changes

  • 61bc742: Expose the rrweb blockSelector option through the browser SDK config. You can
    now pass blockSelector to HyperDX.init(...) to block session-recording of
    elements matching a CSS selector (complementing the existing blockClass). The
    value is forwarded to the session recorder; omit it to keep the previous
    behavior. Improved documentation by adding description for blockClass alongside
    new blockSelector property.

Patch Changes

  • Updated dependencies [6a98ed1]
  • Updated dependencies [c6e35c8]
    • @hyperdx/otel-web-session-recorder@3.0.0
    • @hyperdx/otel-web@0.19.0

@hyperdx/otel-web@0.19.0

Minor Changes

  • c6e35c8: webvitals spans now carry webvitals.navigation_type and webvitals.metric_id
    attributes, so downstream consumers can segment metrics by how the page was
    visited (navigate, reload, back-forward, back-forward-cache,
    prerender, restore) and correlate multiple values for the same metric
    instance. Metrics are also deduped by instance id (metric.id) instead of
    metric name, so measurements from back/forward-cache restores — which produce a
    new metric instance with a new id — are no longer dropped (webvitals spans missing context needed to handle spec-defined API divergences #269).

@hyperdx/otel-web-session-recorder@3.0.0

Minor Changes

  • 6a98ed1: Upgrade rrweb from 1.1.3 to ^2.1.0 (HDX-4696). rrweb 1.x transitively
    pinned rrweb-snapshot@1.1.14, which is flagged for CVE-2025-45806 (XSS in
    the replay-side rebuild() function, CVSS 6.1). No patched release exists in
    the 1.x line, so security scanners flagged every install of
    @hyperdx/otel-web-session-recorder. The recorder itself never invokes the
    vulnerable code path (it only records; replay happens in the HyperDX app,
    which already uses the rrweb 2.x line), but this upgrade removes the
    vulnerable package from the dependency tree entirely. Also declares the
    previously-phantom @rrweb/types and rrweb-snapshot type dependencies,
    since the published type declarations reference them. The recorder's public
    API (init/resume/stop/deinit and configuration options) is unchanged.

Patch Changes

  • Updated dependencies [c6e35c8]
    • @hyperdx/otel-web@0.19.0

@greptile-apps

greptile-apps Bot commented Jul 2, 2026

Copy link
Copy Markdown

PR author is in the excluded authors list.

@github-actions github-actions Bot force-pushed the changeset-release/main branch 8 times, most recently from c5be783 to a309fa2 Compare July 2, 2026 20:52
@github-actions github-actions Bot force-pushed the changeset-release/main branch from a309fa2 to 3b4e2c0 Compare July 10, 2026 20:36
@kodiakhq kodiakhq Bot merged commit a32d612 into main Jul 10, 2026
6 checks passed
@kodiakhq kodiakhq Bot deleted the changeset-release/main branch July 10, 2026 20:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant