ref(parser): limit max stack lines we parse

[JonasBa]

Enforce the stacktrace frame limit when we parse frames

[github-actions]

size-limit report 📦

Path	Size
@sentry/browser - ES5 CDN Bundle (gzipped + minified)	20.46 KB (-0.13% 🔽)
@sentry/browser - ES5 CDN Bundle (minified)	63.38 KB (-0.18% 🔽)
@sentry/browser - ES6 CDN Bundle (gzipped + minified)	19.06 KB (+0.06% 🔺)
@sentry/browser - ES6 CDN Bundle (minified)	56.43 KB (+0.07% 🔺)
@sentry/browser - Webpack (gzipped + minified)	20.72 KB (+0.09% 🔺)
@sentry/browser - Webpack (minified)	67.65 KB (+0.06% 🔺)
@sentry/react - Webpack (gzipped + minified)	20.74 KB (+0.09% 🔺)
@sentry/nextjs Client - Webpack (gzipped + minified)	52.2 KB (+0.02% 🔺)
@sentry/browser + @sentry/tracing - ES5 CDN Bundle (gzipped + minified)	33.72 KB (-0.13% 🔽)
@sentry/browser + @sentry/tracing - ES6 CDN Bundle (gzipped + minified)	26.1 KB (+0.05% 🔺)
@sentry/replay ES6 CDN Bundle (gzipped + minified)	43.87 KB (-0.01% 🔽)
@sentry/replay - Webpack (gzipped + minified)	37.95 KB (0%)
@sentry/browser + @sentry/tracing + @sentry/replay - ES6 CDN Bundle (gzipped + minified)	62.08 KB (+0.03% 🔺)
@sentry/browser + @sentry/replay - ES6 CDN Bundle (gzipped + minified)	55.14 KB (+0.03% 🔺)

[JonasBa]

@AbhiPrasad @timfish am I right to assume that the slice should no longer be required as everything will run through the stack parser on L19? Not sure if we can remove it, or if there is some other code path that could call reverseSentryFrames fn. I kept it as the fn is exported, so better be safe than sorry here

[AbhiPrasad]

yeah, we can probably remove the slice, but perhaps someone depends on this behaviour.

We could just mark it to be removed in the next major version with a TODO.

[timfish]

We do use stripSentryFramesAndReverse in the Electron SDK so we can combine two parsers:
https://github.com/getsentry/sentry-electron/blob/0d2eb16bf8daf9e330da85a9a823d20c80ad16ac/src/renderer/stack-parse.ts

However as long as I remember when updating, I can update the above code to drop out of the for loop at STACKTRACE_LIMIT

[timfish]

A further search across GitHub suggests this is only used in the Electron SDK. I've opened an issue to track this so feel free to remove the slice here and I'll fix this downstream on the next javascript sdks update!

[JonasBa]

I am somewhat still not super happy with removing it entirely - it is relatively low cost and provides safety. The risk/reward does not seem worth it to me. If we are to remove it then I think we should do it in the next major just in case someone out there relies on this behavior that our search did not show missed.

I would however propose we make the slice conditional and only do it if the input exceeds the max array size, that seems like a good middle ground without breaking anything.

Thoughts?

[JonasBa]

Actually, my point is moot because the input is a ReadonlyArray<StackFrame> and since our implementation is reversing the array, a copy is required regardless so that we do not end up mutating the input.

I made the changes to use readonly type in #7417 as it seemed reasonable and safer (the implementation was already considering it as readonly).

It becomes a larger change in terms of how we expect the function to be called and what safety guarantees we want, e.g. if we only expect it to be called once (which seems to be the case), then we might not care about readonly type.

For now, I would opt to keep this as is for now and port the for loop changes to electron - this way we just avoid parsing data that will be discarded anyways and keep some extra safety in stripSentryFramesAndReverse