fix(app): update dependency @sentry/browser to v8.33.0 [security] (#1421

)

This PR contains the following updates:

| Package | Type | Update | Change | OpenSSF |
|---|---|---|---|---|
|
[@sentry/browser](https://redirect.github.com/getsentry/sentry-javascript/tree/master/packages/browser)
([source](https://redirect.github.com/getsentry/sentry-javascript)) |
dependencies | minor | [`8.32.0` ->
`8.33.0`](https://renovatebot.com/diffs/npm/@sentry%2fbrowser/8.32.0/8.33.0)
| [![OpenSSF
Scorecard](https://api.securityscorecards.dev/projects/github.com/getsentry/sentry-javascript/badge)](https://securityscorecards.dev/viewer/?uri=github.com/getsentry/sentry-javascript)
|

### GitHub Vulnerability Alerts

####
[GHSA-593m-55hh-j8gv](https://redirect.github.com/getsentry/sentry-javascript/security/advisories/GHSA-593m-55hh-j8gv)

### Impact
In case a Prototype Pollution vulnerability is present in a user's
application or bundled libraries, the Sentry SDK could potentially serve
as a gadget to exploit that vulnerability. The exploitability depends on
the specific details of the underlying Prototype Pollution issue.

> [!NOTE]
> This advisory does not indicate the presence of a Prototype Pollution
within the Sentry SDK itself. Users are strongly advised to first
address any Prototype Pollution vulnerabilities in their application, as
they pose a more critical security risk.

### Patches
The issue was patched in all Sentry JavaScript SDKs starting from the
[8.33.0](https://redirect.github.com/getsentry/sentry-javascript/releases/tag/8.33.0)
version.
Also, the fix was backported to SDK v7 in
[7.119.1](https://redirect.github.com/getsentry/sentry-javascript/releases/tag/7.119.1).

### References
* [Prototype
Pollution](https://portswigger.net/web-security/prototype-pollution)
* [Prototype Pollution
gadgets](https://portswigger.net/web-security/prototype-pollution#prototype-pollution-gadgets)
*
[sentry-javascript#13838](https://redirect.github.com/getsentry/sentry-javascript/pull/13838)

---

### Sentry SDK Prototype Pollution gadget in JavaScript SDKs

[GHSA-593m-55hh-j8gv](https://redirect.github.com/advisories/GHSA-593m-55hh-j8gv)

<details>
<summary>More information</summary>

#### Details
##### Impact
In case a Prototype Pollution vulnerability is present in a user's
application or bundled libraries, the Sentry SDK could potentially serve
as a gadget to exploit that vulnerability. The exploitability depends on
the specific details of the underlying Prototype Pollution issue.

> [!NOTE]
> This advisory does not indicate the presence of a Prototype Pollution
within the Sentry SDK itself. Users are strongly advised to first
address any Prototype Pollution vulnerabilities in their application, as
they pose a more critical security risk.

##### Patches
The issue was patched in all Sentry JavaScript SDKs starting from the
[8.33.0](https://redirect.github.com/getsentry/sentry-javascript/releases/tag/8.33.0)
version.
Also, the fix was backported to SDK v7 in
[7.119.1](https://redirect.github.com/getsentry/sentry-javascript/releases/tag/7.119.1).

##### References
* [Prototype
Pollution](https://portswigger.net/web-security/prototype-pollution)
* [Prototype Pollution
gadgets](https://portswigger.net/web-security/prototype-pollution#prototype-pollution-gadgets)
*
[sentry-javascript#13838](https://redirect.github.com/getsentry/sentry-javascript/pull/13838)

#### Severity
- CVSS Score: 5.6 / 10 (Medium)
- Vector String: `CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L`

#### References
-
[https://github.com/getsentry/sentry-javascript/security/advisories/GHSA-593m-55hh-j8gv](https://redirect.github.com/getsentry/sentry-javascript/security/advisories/GHSA-593m-55hh-j8gv)
-
[https://github.com/getsentry/sentry-javascript/pull/13838](https://redirect.github.com/getsentry/sentry-javascript/pull/13838)
-
[https://github.com/getsentry/sentry-javascript/commit/35bdc87dee3498794e34c1ad35dd9927950c8766](https://redirect.github.com/getsentry/sentry-javascript/commit/35bdc87dee3498794e34c1ad35dd9927950c8766)
-
[https://github.com/getsentry/sentry-javascript](https://redirect.github.com/getsentry/sentry-javascript)
-
[https://github.com/getsentry/sentry-javascript/releases/tag/7.119.1](https://redirect.github.com/getsentry/sentry-javascript/releases/tag/7.119.1)
-
[https://github.com/getsentry/sentry-javascript/releases/tag/8.33.0](https://redirect.github.com/getsentry/sentry-javascript/releases/tag/8.33.0)

This data is provided by
[OSV](https://osv.dev/vulnerability/GHSA-593m-55hh-j8gv) and the [GitHub
Advisory Database](https://redirect.github.com/github/advisory-database)
([CC-BY
4.0](https://redirect.github.com/github/advisory-database/blob/main/LICENSE.md)).
</details>

---

### Release Notes

<details>
<summary>getsentry/sentry-javascript (@&#8203;sentry/browser)</summary>

###
[`v8.33.0`](https://redirect.github.com/getsentry/sentry-javascript/releases/tag/8.33.0)

[Compare
Source](https://redirect.github.com/getsentry/sentry-javascript/compare/8.32.0...8.33.0)

##### Important Changes

- **feat(nextjs): Support new async APIs (`headers()`, `params`,
`searchParams`)

([#&#8203;13828](https://redirect.github.com/getsentry/sentry-javascript/pull/13828))**

Adds support for [new dynamic Next.js
APIs](https://redirect.github.com/vercel/next.js/pull/68812).

-   **feat(node): Add `lru-memoizer` instrumentation

([#&#8203;13796](https://redirect.github.com/getsentry/sentry-javascript/pull/13796))**

Adds integration for lru-memoizer using
[@&#8203;opentelemetry/instrumentation-lru-memoizer](https://redirect.github.com/opentelemetry/instrumentation-lru-memoizer).

- **feat(nuxt): Add `unstable_sentryBundlerPluginOptions` to module
options

([#&#8203;13811](https://redirect.github.com/getsentry/sentry-javascript/pull/13811))**

Allows passing other options from the bundler plugins (vite and rollup)
to Nuxt module options.

##### Other Changes

-   fix(browser): Ensure `wrap()` only returns functions

([#&#8203;13838](https://redirect.github.com/getsentry/sentry-javascript/pull/13838))
-   fix(core): Adapt trpc middleware input attachment

([#&#8203;13831](https://redirect.github.com/getsentry/sentry-javascript/pull/13831))
- fix(core): Don't return trace data in `getTraceData` and
`getTraceMetaTags` if SDK is disabled

([#&#8203;13760](https://redirect.github.com/getsentry/sentry-javascript/pull/13760))
-   fix(nuxt): Don't restrict source map assets upload

([#&#8203;13800](https://redirect.github.com/getsentry/sentry-javascript/pull/13800))
- fix(nuxt): Use absolute path for client config
([#&#8203;13798](https://redirect.github.com/getsentry/sentry-javascript/pull/13798))
-   fix(replay): Stop global event handling for paused replays

([#&#8203;13815](https://redirect.github.com/getsentry/sentry-javascript/pull/13815))
-   fix(sveltekit): add url param to source map upload options

([#&#8203;13812](https://redirect.github.com/getsentry/sentry-javascript/pull/13812))
- fix(types): Add jsdocs to cron types
([#&#8203;13776](https://redirect.github.com/getsentry/sentry-javascript/pull/13776))
- fix(nextjs): Loosen
[@&#8203;sentry/nextjs](https://redirect.github.com/sentry/nextjs)
webpack peer dependency

([#&#8203;13826](https://redirect.github.com/getsentry/sentry-javascript/pull/13826))

Work in this release was contributed by
[@&#8203;joshuajaco](https://redirect.github.com/joshuajaco). Thank you
for your contribution!

##### Bundle size 📦

| Path | Size |
| ---------------------------------------------------------------- |
----------------- |
| [@&#8203;sentry/browser](https://redirect.github.com/sentry/browser) |
22.64 KB |
| [@&#8203;sentry/browser](https://redirect.github.com/sentry/browser) -
with treeshaking flags | 21.42 KB |
| [@&#8203;sentry/browser](https://redirect.github.com/sentry/browser)
(incl. Tracing) | 34.87 KB |
| [@&#8203;sentry/browser](https://redirect.github.com/sentry/browser)
(incl. Tracing, Replay) | 71.37 KB |
| [@&#8203;sentry/browser](https://redirect.github.com/sentry/browser)
(incl. Tracing, Replay) - with treeshaking flags | 61.8 KB |
| [@&#8203;sentry/browser](https://redirect.github.com/sentry/browser)
(incl. Tracing, Replay with Canvas) | 75.72 KB |
| [@&#8203;sentry/browser](https://redirect.github.com/sentry/browser)
(incl. Tracing, Replay, Feedback) | 88.49 KB |
| [@&#8203;sentry/browser](https://redirect.github.com/sentry/browser)
(incl. Tracing, Replay, Feedback, metrics) | 90.37 KB |
| [@&#8203;sentry/browser](https://redirect.github.com/sentry/browser)
(incl. metrics) | 26.91 KB |
| [@&#8203;sentry/browser](https://redirect.github.com/sentry/browser)
(incl. Feedback) | 39.78 KB |
| [@&#8203;sentry/browser](https://redirect.github.com/sentry/browser)
(incl. sendFeedback) | 27.3 KB |
| [@&#8203;sentry/browser](https://redirect.github.com/sentry/browser)
(incl. FeedbackAsync) | 32.08 KB |
| [@&#8203;sentry/react](https://redirect.github.com/sentry/react) |
25.39 KB |
| [@&#8203;sentry/react](https://redirect.github.com/sentry/react)
(incl. Tracing) | 37.85 KB |
| [@&#8203;sentry/vue](https://redirect.github.com/sentry/vue) | 26.8 KB
|
| [@&#8203;sentry/vue](https://redirect.github.com/sentry/vue) (incl.
Tracing) | 36.76 KB |
| [@&#8203;sentry/svelte](https://redirect.github.com/sentry/svelte) |
22.77 KB |
| CDN Bundle | 23.95 KB |
| CDN Bundle (incl. Tracing) | 36.64 KB |
| CDN Bundle (incl. Tracing, Replay) | 71.14 KB |
| CDN Bundle (incl. Tracing, Replay, Feedback) | 76.45 KB |
| CDN Bundle - uncompressed | 70.17 KB |
| CDN Bundle (incl. Tracing) - uncompressed | 108.63 KB |
| CDN Bundle (incl. Tracing, Replay) - uncompressed | 220.53 KB |
| CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed | 233.74
KB |
| [@&#8203;sentry/nextjs](https://redirect.github.com/sentry/nextjs)
(client) | 37.81 KB |
|
[@&#8203;sentry/sveltekit](https://redirect.github.com/sentry/sveltekit)
(client) | 35.44 KB |
| [@&#8203;sentry/node](https://redirect.github.com/sentry/node) |
125.13 KB |
| [@&#8203;sentry/node](https://redirect.github.com/sentry/node) -
without tracing | 93.58 KB |
|
[@&#8203;sentry/aws-serverless](https://redirect.github.com/sentry/aws-serverless)
| 103.28 KB |

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/weareinreach/InReach).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC45Ny4wIiwidXBkYXRlZEluVmVyIjoiMzguOTcuMCIsInRhcmdldEJyYW5jaCI6ImRldiIsImxhYmVscyI6WyJhdXRvbWVyZ2UiLCJkZXBlbmRlbmNpZXMiLCJrb2RpYWs6IG1lcmdlLm1ldGhvZCA9ICdzcXVhc2gnIiwic2VjdXJpdHkiXX0=-->

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

apps/app/package.json

@@ -47,7 +47,7 @@
 		"@opentelemetry/sdk-trace-node": "1.26.0",
 		"@opentelemetry/semantic-conventions": "1.27.0",
 		"@prisma/instrumentation": "5.21.1",
-		"@sentry/browser": "8.32.0",
+		"@sentry/browser": "8.33.0",
 		"@sentry/nextjs": "8.35.0",
 		"@sentry/node": "8.35.0",
 		"@sentry/opentelemetry": "8.35.0",