fix(chrome-devtool): implement sanitizePostMessagePayload to handle unsafe values in post messages

[2heal1]

Description

implement sanitizePostMessagePayload to handle unsafe values in post messages

Related Issue

Types of changes

• Docs change / refactoring / dependency upgrade
• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)

Checklist

• I have added tests to cover my changes.
• All new and existing tests passed.
• I have updated the documentation.

[changeset-bot]

🦋 Changeset detected

Latest commit: 05b98a1

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 45 packages

Name	Type
@module-federation/devtools	Patch
@module-federation/runtime	Patch
@module-federation/enhanced	Patch
@module-federation/rspack	Patch
@module-federation/webpack-bundler-runtime	Patch
@module-federation/sdk	Patch
@module-federation/runtime-tools	Patch
@module-federation/managers	Patch
@module-federation/manifest	Patch
@module-federation/dts-plugin	Patch
@module-federation/third-party-dts-extractor	Patch
@module-federation/bridge-react	Patch
@module-federation/bridge-vue3	Patch
@module-federation/bridge-shared	Patch
@module-federation/bridge-react-webpack-plugin	Patch
@module-federation/modern-js	Patch
@module-federation/modern-js-v3	Patch
@module-federation/retry-plugin	Patch
@module-federation/data-prefetch	Patch
@module-federation/rsbuild-plugin	Patch
@module-federation/error-codes	Patch
@module-federation/inject-external-runtime-core-plugin	Patch
@module-federation/runtime-core	Patch
create-module-federation	Patch
@module-federation/cli	Patch
@module-federation/rspress-plugin	Patch
@module-federation/treeshake-server	Patch
@module-federation/treeshake-frontend	Patch
@module-federation/metro	Patch
@module-federation/metro-plugin-rnef	Patch
@module-federation/metro-plugin-rnc-cli	Patch
@module-federation/esbuild	Patch
@module-federation/nextjs-mf	Patch
@module-federation/node	Patch
@module-federation/storybook-addon	Patch
shared-tree-shaking-no-server-host	Patch
shared-tree-shaking-no-server-provider	Patch
@module-federation/utilities	Patch
remote5	Patch
remote6	Patch
shared-tree-shaking-with-server-host	Patch
shared-tree-shaking-with-server-provider	Patch
website-new	Patch
node-dynamic-remote-new-version	Patch
node-dynamic-remote	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[netlify]

✅ Deploy Preview for module-federation-docs ready!

Name	Link
🔨 Latest commit	05b98a1
🔍 Latest deploy log	https://app.netlify.com/projects/module-federation-docs/deploys/69c63c9063d8800008e71d3c
😎 Deploy Preview	https://deploy-preview-4600--module-federation-docs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 05b98a1e11

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Treat null-prototype records as serializable objects

The instanceof Object guard rejects Object.create(null) values before they reach the object-walk logic, so they are replaced with [unserializable] instead of being traversed. Webpack/module-federation metadata commonly uses null-prototype dictionaries, so this can drop large parts of moduleInfo/share payloads after this change.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Serialize typed-array views with offset and length

For ArrayBuffer views, converting value.buffer serializes the full backing buffer and ignores byteOffset/byteLength. When the payload contains a subarray or DataView, this forwards extra bytes (possibly unrelated data) and produces incorrect message content.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Handle invalid Date objects without throwing

toISOString() throws on invalid dates (for example new Date(NaN)), and this call is unconditional. In array/map/set/root paths that exception is not caught, so a single invalid Date can still crash sanitization and prevent postMessage forwarding, which defeats the purpose of this safety layer.

Useful? React with 👍 / 👎.

[pkg-pr-new]

Open in StackBlitz

@module-federation/devtools

pnpm add https://pkg.pr.new/@module-federation/devtools@4600

@module-federation/cli

pnpm add https://pkg.pr.new/@module-federation/cli@4600

create-module-federation

pnpm add https://pkg.pr.new/create-module-federation@4600

@module-federation/data-prefetch

pnpm add https://pkg.pr.new/@module-federation/data-prefetch@4600

@module-federation/dts-plugin

pnpm add https://pkg.pr.new/@module-federation/dts-plugin@4600

@module-federation/enhanced

pnpm add https://pkg.pr.new/@module-federation/enhanced@4600

@module-federation/error-codes

pnpm add https://pkg.pr.new/@module-federation/error-codes@4600

@module-federation/esbuild

pnpm add https://pkg.pr.new/@module-federation/esbuild@4600

@module-federation/managers

pnpm add https://pkg.pr.new/@module-federation/managers@4600

@module-federation/manifest

pnpm add https://pkg.pr.new/@module-federation/manifest@4600

@module-federation/metro

pnpm add https://pkg.pr.new/@module-federation/metro@4600

@module-federation/metro-plugin-rnc-cli

pnpm add https://pkg.pr.new/@module-federation/metro-plugin-rnc-cli@4600

@module-federation/metro-plugin-rnef

pnpm add https://pkg.pr.new/@module-federation/metro-plugin-rnef@4600

@module-federation/modern-js

pnpm add https://pkg.pr.new/@module-federation/modern-js@4600

@module-federation/modern-js-v3

pnpm add https://pkg.pr.new/@module-federation/modern-js-v3@4600

@module-federation/native-federation-tests

pnpm add https://pkg.pr.new/@module-federation/native-federation-tests@4600

@module-federation/native-federation-typescript

pnpm add https://pkg.pr.new/@module-federation/native-federation-typescript@4600

@module-federation/nextjs-mf

pnpm add https://pkg.pr.new/@module-federation/nextjs-mf@4600

@module-federation/node

pnpm add https://pkg.pr.new/@module-federation/node@4600

@module-federation/retry-plugin

pnpm add https://pkg.pr.new/@module-federation/retry-plugin@4600

@module-federation/rsbuild-plugin

pnpm add https://pkg.pr.new/@module-federation/rsbuild-plugin@4600

@module-federation/rspack

pnpm add https://pkg.pr.new/@module-federation/rspack@4600

@module-federation/rspress-plugin

pnpm add https://pkg.pr.new/@module-federation/rspress-plugin@4600

@module-federation/runtime

pnpm add https://pkg.pr.new/@module-federation/runtime@4600

@module-federation/runtime-core

pnpm add https://pkg.pr.new/@module-federation/runtime-core@4600

@module-federation/runtime-tools

pnpm add https://pkg.pr.new/@module-federation/runtime-tools@4600

@module-federation/sdk

pnpm add https://pkg.pr.new/@module-federation/sdk@4600

@module-federation/storybook-addon

pnpm add https://pkg.pr.new/@module-federation/storybook-addon@4600

@module-federation/third-party-dts-extractor

pnpm add https://pkg.pr.new/@module-federation/third-party-dts-extractor@4600

@module-federation/treeshake-frontend

pnpm add https://pkg.pr.new/@module-federation/treeshake-frontend@4600

@module-federation/treeshake-server

pnpm add https://pkg.pr.new/@module-federation/treeshake-server@4600

@module-federation/typescript

pnpm add https://pkg.pr.new/@module-federation/typescript@4600

@module-federation/utilities

pnpm add https://pkg.pr.new/@module-federation/utilities@4600

@module-federation/webpack-bundler-runtime

pnpm add https://pkg.pr.new/@module-federation/webpack-bundler-runtime@4600

@module-federation/bridge-react

pnpm add https://pkg.pr.new/@module-federation/bridge-react@4600

@module-federation/bridge-react-webpack-plugin

pnpm add https://pkg.pr.new/@module-federation/bridge-react-webpack-plugin@4600

@module-federation/bridge-shared

pnpm add https://pkg.pr.new/@module-federation/bridge-shared@4600

@module-federation/bridge-vue3

pnpm add https://pkg.pr.new/@module-federation/bridge-vue3@4600

@module-federation/inject-external-runtime-core-plugin

pnpm add https://pkg.pr.new/@module-federation/inject-external-runtime-core-plugin@4600

commit: 05b98a1

[github-actions]

Bundle Size Report

10 package(s) changed, 30 unchanged.

Package dist + ESM entry

Package	Total dist (raw)	Delta	ESM gzip	Delta
@module-federation/cli	26.7 kB	no change	786 B	no change
@module-federation/core	39.1 kB	no change	173 B	no change
@module-federation/devtools	481.4 kB	+8.2 kB (+1.7%)	3.9 kB	no change
@module-federation/enhanced	812.6 kB	no change	672 B	no change
@module-federation/managers	69.9 kB	no change	334 B	no change
@module-federation/manifest	138.4 kB	no change	182 B	no change
@module-federation/metro-plugin-rnc-cli	0 B	no change	314 B	no change
@module-federation/node	189.2 kB	no change	217 B	no change
@module-federation/storybook-addon	77.2 kB	no change	100 B	no change
@module-federation/utilities	110.6 kB	no change	328 B	no change

Bundle targets

Package	Web bundle (gzip)	Delta	Node bundle (gzip)	Delta
@module-federation/cli	2.3 kB	-32 B (-1.4%)	2.3 kB	-32 B (-1.4%)
@module-federation/core	1.1 kB	-31 B (-2.8%)	1.0 kB	-30 B (-2.8%)
@module-federation/devtools	21.3 kB	+461 B (+2.2%)	21.3 kB	+461 B (+2.2%)
@module-federation/enhanced	2.6 kB	-43 B (-1.6%)	2.6 kB	-43 B (-1.6%)
@module-federation/managers	2.4 kB	-26 B (-1.0%)	2.4 kB	-26 B (-1.0%)
@module-federation/manifest	6.2 kB	-37 B (-0.6%)	6.2 kB	-37 B (-0.6%)
@module-federation/metro-plugin-rnc-cli	411 B	-25 B (-5.7%)	411 B	-25 B (-5.7%)
@module-federation/node	9.2 kB	-26 B (-0.3%)	9.2 kB	-26 B (-0.3%)
@module-federation/storybook-addon	1.9 kB	-23 B (-1.2%)	1.7 kB	-23 B (-1.3%)
@module-federation/utilities	2.6 kB	-31 B (-1.2%)	2.6 kB	-31 B (-1.2%)

Consumer scenarios

Scenario	Web output (gzip)	Delta	Node output (gzip)	Delta	Gap (node-web)	Delta
Enhanced remoteEntry	19.8 kB	-15 B (-0.1%)	20.8 kB	-18 B (-0.1%)	+1.0 kB	-3 B

Total dist (raw): 6.33 MB (+8.2 kB (+0.1%))
Total ESM gzip: 73.7 kB (no change)
Total web bundle (gzip): 179.0 kB (+187 B (+0.1%))
Total node bundle (gzip): 179.4 kB (+188 B (+0.1%))
Tracked ./bundler entry gzip: 556 B (no change)
Tracked ./bundler web bundle (gzip): 4.8 kB (no change)
Tracked ./bundler node bundle (gzip): 4.8 kB (no change)

Bundle sizes are generated with rslib (Rspack). Package-root metrics preserve the historical report. Tracked subpath exports such as ./bundler are measured separately so ENV_TARGET-driven tree-shaking is visible. Bare imports are externalized to keep package-level sizes consistent, and assets are emitted as resources.