fix: catch all SecurityError variants in stop handler cleanup#156

Merged

pauldambra merged 1 commit intomainfrom

fix/broaden-security-error-handling

Mar 26, 2026

Member

pauldambra commented Mar 26, 2026

Summary

Broadens the error handling in the record() stop handler to catch all SecurityError variants, not just a specific error message string
Uses instanceof DOMException && error.name === 'SecurityError' instead of matching against specific message substrings
Follows up on fix: handle cross-origin iframe errors during stop handler cleanup #145 which was too narrow in its error matching

Test plan

Existing memory-leaks tests pass (17/17)

🤖 Generated with Claude Code


          fix: catch all SecurityError variants in stop handler cleanup

3a230e3

The previous check matched specific error message strings which was too
narrow. Use instanceof DOMException + name check instead.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

pauldambra added the bump patch label

chatgpt-codex-connector bot commented Mar 26, 2026

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

pauldambra requested review from a team, TueHaulund, fasyy612 and ksvat and removed request for a team

March 26, 2026 09:11

TueHaulund approved these changes

View reviewed changes

pauldambra merged commit a0e18f1 into main

10 checks passed

pauldambra deleted the fix/broaden-security-error-handling branch

March 26, 2026 09:17

mergify bot pushed a commit to doxynix/doxynix that referenced this pull request


          fix(deps): update all non-major dependencies (#787)

93da35c

This PR contains the following updates:

| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [@trpc/client](https://trpc.io) ([source](https://redirect.github.com/trpc/trpc/tree/HEAD/packages/client)) | [`11.15.0` → `11.15.1`](https://renovatebot.com/diffs/npm/@trpc%2fclient/11.15.0/11.15.1) | ![age](https://developer.mend.io/api/mc/badges/age/npm/@trpc%2fclient/11.15.1?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@trpc%2fclient/11.15.0/11.15.1?slim=true) |
| [@trpc/react-query](https://trpc.io) ([source](https://redirect.github.com/trpc/trpc/tree/HEAD/packages/react)) | [`11.15.0` → `11.15.1`](https://renovatebot.com/diffs/npm/@trpc%2freact-query/11.15.0/11.15.1) | ![age](https://developer.mend.io/api/mc/badges/age/npm/@trpc%2freact-query/11.15.1?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@trpc%2freact-query/11.15.0/11.15.1?slim=true) |
| [@trpc/server](https://trpc.io) ([source](https://redirect.github.com/trpc/trpc/tree/HEAD/packages/server)) | [`11.15.0` → `11.15.1`](https://renovatebot.com/diffs/npm/@trpc%2fserver/11.15.0/11.15.1) | ![age](https://developer.mend.io/api/mc/badges/age/npm/@trpc%2fserver/11.15.1?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@trpc%2fserver/11.15.0/11.15.1?slim=true) |
| [@vitest/coverage-v8](https://vitest.dev/guide/coverage) ([source](https://redirect.github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8)) | [`4.1.1` → `4.1.2`](https://renovatebot.com/diffs/npm/@vitest%2fcoverage-v8/4.1.1/4.1.2) | ![age](https://developer.mend.io/api/mc/badges/age/npm/@vitest%2fcoverage-v8/4.1.2?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vitest%2fcoverage-v8/4.1.1/4.1.2?slim=true) |
| [knip](https://knip.dev) ([source](https://redirect.github.com/webpro-nl/knip/tree/HEAD/packages/knip)) | [`6.0.5` → `6.0.6`](https://renovatebot.com/diffs/npm/knip/6.0.5/6.0.6) | ![age](https://developer.mend.io/api/mc/badges/age/npm/knip/6.0.6?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/knip/6.0.5/6.0.6?slim=true) |
| [lucide-react](https://lucide.dev) ([source](https://redirect.github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react)) | [`1.6.0` → `1.7.0`](https://renovatebot.com/diffs/npm/lucide-react/1.6.0/1.7.0) | ![age](https://developer.mend.io/api/mc/badges/age/npm/lucide-react/1.7.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/lucide-react/1.6.0/1.7.0?slim=true) |
| [posthog-js](https://posthog.com/docs/libraries/js) ([source](https://redirect.github.com/PostHog/posthog-js)) | [`1.363.5` → `1.363.6`](https://renovatebot.com/diffs/npm/posthog-js/1.363.5/1.363.6) | ![age](https://developer.mend.io/api/mc/badges/age/npm/posthog-js/1.363.6?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/posthog-js/1.363.5/1.363.6?slim=true) |
| [posthog-node](https://redirect.github.com/PostHog/posthog-js) ([source](https://redirect.github.com/PostHog/posthog-js/tree/HEAD/packages/node)) | [`5.28.5` → `5.28.6`](https://renovatebot.com/diffs/npm/posthog-node/5.28.5/5.28.6) | ![age](https://developer.mend.io/api/mc/badges/age/npm/posthog-node/5.28.6?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/posthog-node/5.28.5/5.28.6?slim=true) |
| [vitest](https://vitest.dev) ([source](https://redirect.github.com/vitest-dev/vitest/tree/HEAD/packages/vitest)) | [`4.1.1` → `4.1.2`](https://renovatebot.com/diffs/npm/vitest/4.1.1/4.1.2) | ![age](https://developer.mend.io/api/mc/badges/age/npm/vitest/4.1.2?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vitest/4.1.1/4.1.2?slim=true) |

---

### Release Notes

<details>
<summary>trpc/trpc (@&#8203;trpc/client)</summary>

### [`v11.15.1`](https://redirect.github.com/trpc/trpc/releases/tag/v11.15.1)

[Compare Source](https://redirect.github.com/trpc/trpc/compare/v11.15.0...v11.15.1)

##### What's Changed

- fix(www): render sponsor links in static HTML for SEO by [@&#8203;shtefcs](https://redirect.github.com/shtefcs) in [#&#8203;7285](https://redirect.github.com/trpc/trpc/pull/7285)
- fix: error handling with Node VM by [@&#8203;znikola](https://redirect.github.com/znikola) in [#&#8203;7280](https://redirect.github.com/trpc/trpc/pull/7280)

##### New Contributors

- [@&#8203;shtefcs](https://redirect.github.com/shtefcs) made their first contribution in [#&#8203;7285](https://redirect.github.com/trpc/trpc/pull/7285)
- [@&#8203;znikola](https://redirect.github.com/znikola) made their first contribution in [#&#8203;7280](https://redirect.github.com/trpc/trpc/pull/7280)

**Full Changelog**: <trpc/trpc@v11.15.0...v11.15.1>

</details>

<details>
<summary>vitest-dev/vitest (@&#8203;vitest/coverage-v8)</summary>

### [`v4.1.2`](https://redirect.github.com/vitest-dev/vitest/releases/tag/v4.1.2)

[Compare Source](https://redirect.github.com/vitest-dev/vitest/compare/v4.1.1...v4.1.2)

This release bumps Vitest's `flatted` version and removes version pinning to resolve `flatted`'s CVE related issues ([#&#8203;9975](https://redirect.github.com/vitest-dev/vitest/issues/9975)).

#####    🐞 Bug Fixes

- Don't resolve `setupFiles` from parent directory  -  by [@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) in [#&#8203;9960](https://redirect.github.com/vitest-dev/vitest/issues/9960) [<samp>(7aa93)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/7aa937776)
- Ensure sequential mock/unmock resolution  -  by [@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) and **Claude Opus 4.6** in [#&#8203;9830](https://redirect.github.com/vitest-dev/vitest/issues/9830) [<samp>(7c065)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/7c06598db)
- **browser**: Take failure screenshot if `toMatchScreenshot` can't capture a stable screenshot  -  by [@&#8203;macarie](https://redirect.github.com/macarie) in [#&#8203;9847](https://redirect.github.com/vitest-dev/vitest/issues/9847) [<samp>(faace)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/faace1fbe)
- **coverage**: Correct `coverageConfigDefaults` values and types  -  by [@&#8203;Arthie](https://redirect.github.com/Arthie) in [#&#8203;9940](https://redirect.github.com/vitest-dev/vitest/issues/9940) [<samp>(b3c99)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/b3c992cb2)
- **pretty-format**: Fix output limit over counting  -  by [@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) in [#&#8203;9965](https://redirect.github.com/vitest-dev/vitest/issues/9965) [<samp>(d3b7a)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/d3b7a40fa)
- Disable colors if agent is detected  -  by [@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) and [@&#8203;AriPerkkio](https://redirect.github.com/AriPerkkio) in [#&#8203;9851](https://redirect.github.com/vitest-dev/vitest/issues/9851) [<samp>(6f97b)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/6f97b55dd)

#####     [View changes on GitHub](https://redirect.github.com/vitest-dev/vitest/compare/v4.1.1...v4.1.2)

</details>

<details>
<summary>webpro-nl/knip (knip)</summary>

### [`v6.0.6`](https://redirect.github.com/webpro-nl/knip/releases/tag/knip%406.0.6): Release 6.0.6

[Compare Source](https://redirect.github.com/webpro-nl/knip/compare/knip@6.0.5...knip@6.0.6)

- Suppress issues initially to not overwhelm agent in mcp server ([`7793962`](https://redirect.github.com/webpro-nl/knip/commit/7793962c5))
- Auto-format ([`346247a`](https://redirect.github.com/webpro-nl/knip/commit/346247a70))
- Fix false positive unused deps when run from workspace dir (resolve [#&#8203;1642](https://redirect.github.com/webpro-nl/knip/issues/1642)) ([`95f4431`](https://redirect.github.com/webpro-nl/knip/commit/95f443195))
- Move from `convertPathsToAlias` → `compilePathMappings` (resolve [#&#8203;1641](https://redirect.github.com/webpro-nl/knip/issues/1641)) ([`ccc62d6`](https://redirect.github.com/webpro-nl/knip/commit/ccc62d684))

</details>

<details>
<summary>lucide-icons/lucide (lucide-react)</summary>

### [`v1.7.0`](https://redirect.github.com/lucide-icons/lucide/releases/tag/1.7.0): Version 1.7.0

[Compare Source](https://redirect.github.com/lucide-icons/lucide/compare/1.6.0...1.7.0)

#### What's Changed

- fix(lucide-react): Fix dynamic imports by [@&#8203;ericfennis](https://redirect.github.com/ericfennis) in [#&#8203;4210](https://redirect.github.com/lucide-icons/lucide/pull/4210)
- feat(icons): added `map-pin-search` icon by [@&#8203;TonySullivan](https://redirect.github.com/TonySullivan) in [#&#8203;4125](https://redirect.github.com/lucide-icons/lucide/pull/4125)

#### New Contributors

- [@&#8203;TonySullivan](https://redirect.github.com/TonySullivan) made their first contribution in [#&#8203;4125](https://redirect.github.com/lucide-icons/lucide/pull/4125)

**Full Changelog**: <lucide-icons/lucide@1.6.0...1.7.0>

</details>

<details>
<summary>PostHog/posthog-js (posthog-js)</summary>

### [`v1.363.6`](https://redirect.github.com/PostHog/posthog-js/releases/tag/posthog-js%401.363.6)

[Compare Source](https://redirect.github.com/PostHog/posthog-js/compare/posthog-js@1.363.5...posthog-js@1.363.6)

#### 1.363.6

##### Patch Changes

- [#&#8203;3279](https://redirect.github.com/PostHog/posthog-js/pull/3279) [`32edaad`](https://redirect.github.com/PostHog/posthog-js/commit/32edaadd509e32a3a679142ccb704fd9e404d1a2) Thanks [@&#8203;pauldambra](https://redirect.github.com/pauldambra)! - Bump [@&#8203;posthog/rrweb](https://redirect.github.com/posthog/rrweb) packages to 0.0.51, which includes:
  - [PostHog/posthog-rrweb#145](https://redirect.github.com/PostHog/posthog-rrweb/issues/145): fix: handle cross-origin iframe errors during stop handler cleanup
  - [PostHog/posthog-rrweb#148](https://redirect.github.com/PostHog/posthog-rrweb/issues/148): fix: mask textarea innerText mutations
  - [PostHog/posthog-rrweb#150](https://redirect.github.com/PostHog/posthog-rrweb/issues/150): fix: guard WebGLRenderingContext access for iOS compatibility
  - [PostHog/posthog-rrweb#151](https://redirect.github.com/PostHog/posthog-rrweb/issues/151): refactor: extract slimDOMDefaults into shared function
  - [PostHog/posthog-rrweb#152](https://redirect.github.com/PostHog/posthog-rrweb/issues/152): fix: improve nested CSS rule handling
  - [PostHog/posthog-rrweb#153](https://redirect.github.com/PostHog/posthog-rrweb/issues/153): fix: allow clearing adopted stylesheets with empty strings
  - [PostHog/posthog-rrweb#154](https://redirect.github.com/PostHog/posthog-rrweb/issues/154): fix: prevent object reference mutation breaking remote CSS replay
  - [PostHog/posthog-rrweb#156](https://redirect.github.com/PostHog/posthog-rrweb/issues/156): fix: catch all SecurityError variants in stop handler cleanup (2026-03-26)
- Updated dependencies \[]:
  - [@&#8203;posthog/types](https://redirect.github.com/posthog/types)@&#8203;1.363.6

</details>

<details>
<summary>PostHog/posthog-js (posthog-node)</summary>

### [`v5.28.6`](https://redirect.github.com/PostHog/posthog-js/blob/HEAD/packages/node/CHANGELOG.md#5286)

[Compare Source](https://redirect.github.com/PostHog/posthog-js/compare/posthog-node@5.28.5...posthog-node@5.28.6)

##### Patch Changes

- [#&#8203;3282](https://redirect.github.com/PostHog/posthog-js/pull/3282) [`5784dca`](https://redirect.github.com/PostHog/posthog-js/commit/5784dcaeb71f7e67d9c9df28f116886a573d19df) Thanks [@&#8203;marandaneto](https://redirect.github.com/marandaneto)! - fix: captureException now uses distinctId from request context
  (2026-03-26)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired.

---

 - [ ] If you want to rebase/retry this PR, check this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/doxynix/doxynix).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels