react-on-rails-pro-node-renderer 16.7.0-rc.3 → 17.0.0-rc.0

package/README.md

@@ -53,7 +53,7 @@ reactOnRailsProNodeRenderer({
 ReactOnRailsPro.configure do |config|
   config.server_renderer = "NodeRenderer"
   config.renderer_url = ENV.fetch("REACT_RENDERER_URL", "http://localhost:3800")
-  config.renderer_password = ENV.fetch("RENDERER_PASSWORD", "devPassword")
+  config.renderer_password = ENV["RENDERER_PASSWORD"]
 end
 ```
 

package/lib/integrations/api.d.ts

@@ -24,6 +24,8 @@
  */
 export { default as log } from '../shared/log.js';
 export { addErrorNotifier, addMessageNotifier, addNotifier, error, message, Notifier, ErrorNotifier, MessageNotifier, } from '../shared/errorReporter.js';
-export { setupTracing, setupSubSpan, subSpan, TracingContext, TracingIntegrationOptions, UnitOfWorkOptions, SubSpanOptions, SubSpanFn, SubSpanController, } from '../shared/tracing.js';
-export { configureFastify, FastifyConfigFunction } from '../worker/fastifyConfig.js';
+export { resetTracing, resetSubSpan, setupTracing, setupSubSpan, subSpan, TracingContext, TracingIntegrationOptions, UnitOfWorkOptions, SubSpanOptions, SubSpanFn, SubSpanController, } from '../shared/tracing.js';
+export { getOpenTelemetryTracerProvider, setOpenTelemetryTracerProvider, } from '../shared/opentelemetryState.js';
+export { configureFastify, registerFastifyConfigFunction, FastifyConfigFunction, } from '../worker/fastifyConfig.js';
+export { registerWorkerShutdownHook, WORKER_SHUTDOWN_HOOKS_TIMEOUT_MS, WorkerShutdownHook, } from '../worker/shutdownHooks.js';
 //# sourceMappingURL=api.d.ts.map

package/lib/integrations/api.js

@@ -27,7 +27,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.configureFastify = exports.subSpan = exports.setupSubSpan = exports.setupTracing = exports.message = exports.error = exports.addNotifier = exports.addMessageNotifier = exports.addErrorNotifier = exports.log = void 0;
+exports.WORKER_SHUTDOWN_HOOKS_TIMEOUT_MS = exports.registerWorkerShutdownHook = exports.registerFastifyConfigFunction = exports.configureFastify = exports.setOpenTelemetryTracerProvider = exports.getOpenTelemetryTracerProvider = exports.subSpan = exports.setupSubSpan = exports.setupTracing = exports.resetSubSpan = exports.resetTracing = exports.message = exports.error = exports.addNotifier = exports.addMessageNotifier = exports.addErrorNotifier = exports.log = void 0;
 var log_js_1 = require("../shared/log.js");
 Object.defineProperty(exports, "log", { enumerable: true, get: function () { return __importDefault(log_js_1).default; } });
 var errorReporter_js_1 = require("../shared/errorReporter.js");
@@ -37,9 +37,18 @@ Object.defineProperty(exports, "addNotifier", { enumerable: true, get: function
 Object.defineProperty(exports, "error", { enumerable: true, get: function () { return errorReporter_js_1.error; } });
 Object.defineProperty(exports, "message", { enumerable: true, get: function () { return errorReporter_js_1.message; } });
 var tracing_js_1 = require("../shared/tracing.js");
+Object.defineProperty(exports, "resetTracing", { enumerable: true, get: function () { return tracing_js_1.resetTracing; } });
+Object.defineProperty(exports, "resetSubSpan", { enumerable: true, get: function () { return tracing_js_1.resetSubSpan; } });
 Object.defineProperty(exports, "setupTracing", { enumerable: true, get: function () { return tracing_js_1.setupTracing; } });
 Object.defineProperty(exports, "setupSubSpan", { enumerable: true, get: function () { return tracing_js_1.setupSubSpan; } });
 Object.defineProperty(exports, "subSpan", { enumerable: true, get: function () { return tracing_js_1.subSpan; } });
+var opentelemetryState_js_1 = require("../shared/opentelemetryState.js");
+Object.defineProperty(exports, "getOpenTelemetryTracerProvider", { enumerable: true, get: function () { return opentelemetryState_js_1.getOpenTelemetryTracerProvider; } });
+Object.defineProperty(exports, "setOpenTelemetryTracerProvider", { enumerable: true, get: function () { return opentelemetryState_js_1.setOpenTelemetryTracerProvider; } });
 var fastifyConfig_js_1 = require("../worker/fastifyConfig.js");
 Object.defineProperty(exports, "configureFastify", { enumerable: true, get: function () { return fastifyConfig_js_1.configureFastify; } });
+Object.defineProperty(exports, "registerFastifyConfigFunction", { enumerable: true, get: function () { return fastifyConfig_js_1.registerFastifyConfigFunction; } });
+var shutdownHooks_js_1 = require("../worker/shutdownHooks.js");
+Object.defineProperty(exports, "registerWorkerShutdownHook", { enumerable: true, get: function () { return shutdownHooks_js_1.registerWorkerShutdownHook; } });
+Object.defineProperty(exports, "WORKER_SHUTDOWN_HOOKS_TIMEOUT_MS", { enumerable: true, get: function () { return shutdownHooks_js_1.WORKER_SHUTDOWN_HOOKS_TIMEOUT_MS; } });
 //# sourceMappingURL=api.js.map

package/lib/integrations/opentelemetry.js

@@ -1,22 +1,12 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.init = init;
-/* eslint-disable no-restricted-imports --
- * This integration needs internal worker/shared modules that the public
- * api.ts does not yet re-export (tracing adapter slots, OTel global state,
- * fastify config + worker shutdown hook registration). Tracked in #3419
- * — once api.ts surfaces these, remove this disable. */
-const tracing_js_1 = require("../shared/tracing.js");
-const opentelemetryState_js_1 = require("../shared/opentelemetryState.js");
-const fastifyConfig_js_1 = require("../worker/fastifyConfig.js");
-const shutdownHooks_js_1 = require("../worker/shutdownHooks.js");
-/* eslint-enable no-restricted-imports */
 const api_js_1 = require("./api.js");
 const DEFAULT_SERVICE_NAME = 'react-on-rails-pro-node-renderer';
 const DEFAULT_SHUTDOWN_TIMEOUT_MS = 5000;
 // Leave 1s of headroom under the worker's hard cap so the shutdown hook can
 // resolve cleanly even when provider.shutdown() runs right at its limit.
-const MAX_SHUTDOWN_TIMEOUT_MS = shutdownHooks_js_1.WORKER_SHUTDOWN_HOOKS_TIMEOUT_MS - 1000;
+const MAX_SHUTDOWN_TIMEOUT_MS = api_js_1.WORKER_SHUTDOWN_HOOKS_TIMEOUT_MS - 1000;
 function isProduction() {
     return process.env.NODE_ENV === 'production' || process.env.RAILS_ENV === 'production';
 }
@@ -32,7 +22,7 @@ function resolveShutdownTimeoutMs(opts) {
         return DEFAULT_SHUTDOWN_TIMEOUT_MS;
     }
     if (requested > MAX_SHUTDOWN_TIMEOUT_MS) {
-        api_js_1.log.warn('[OpenTelemetry] shutdownTimeoutMs=%dms exceeds worker shutdown hook cap (%dms); capping to %dms so the hook can resolve before the worker is forcibly destroyed.', requested, shutdownHooks_js_1.WORKER_SHUTDOWN_HOOKS_TIMEOUT_MS, MAX_SHUTDOWN_TIMEOUT_MS);
+        api_js_1.log.warn('[OpenTelemetry] shutdownTimeoutMs=%dms exceeds worker shutdown hook cap (%dms); capping to %dms so the hook can resolve before the worker is forcibly destroyed.', requested, api_js_1.WORKER_SHUTDOWN_HOOKS_TIMEOUT_MS, MAX_SHUTDOWN_TIMEOUT_MS);
         return MAX_SHUTDOWN_TIMEOUT_MS;
     }
     return requested;
@@ -78,10 +68,10 @@ function disableOpenTelemetryGlobals(otelApi) {
 }
 function resetInstalledTracingAdapters(installedAdapters) {
     if (installedAdapters.subSpan) {
-        (0, tracing_js_1.resetSubSpan)();
+        (0, api_js_1.resetSubSpan)();
     }
     if (installedAdapters.tracing) {
-        (0, tracing_js_1.resetTracing)();
+        (0, api_js_1.resetTracing)();
     }
     return { tracing: false, subSpan: false };
 }
@@ -115,7 +105,7 @@ async function shutdownProviderWithTimeout(provider, shutdownTimeoutMs) {
     }
 }
 function init(opts = {}) {
-    if ((0, opentelemetryState_js_1.getOpenTelemetryTracerProvider)()) {
+    if ((0, api_js_1.getOpenTelemetryTracerProvider)()) {
         (0, api_js_1.message)('[OpenTelemetry] init() called more than once; ignoring duplicate call.');
         return;
     }
@@ -179,7 +169,7 @@ function init(opts = {}) {
         // reference) correctly disables the globals if register() throws.
         ownsOpenTelemetryGlobals = true;
         registeredProvider = provider;
-        (0, opentelemetryState_js_1.setOpenTelemetryTracerProvider)(provider);
+        (0, api_js_1.setOpenTelemetryTracerProvider)(provider);
         // Re-call provider.register() to set context manager + propagator globals.
         // The second setGlobalTracerProvider() call inside register() is a no-op
         // (registerGlobal returns false because the proxy is already owned by us),
@@ -205,7 +195,7 @@ function init(opts = {}) {
         }
         if (opts.tracing) {
             const tracer = loadedOtelApi.trace.getTracer(serviceName);
-            installedAdapters.tracing = (0, tracing_js_1.setupTracing)({
+            installedAdapters.tracing = (0, api_js_1.setupTracing)({
                 startSsrRequestOptions: () => ({
                     // Keep the root span free of request payload data. Future safe
                     // attributes should be derived from structured metadata supplied by
@@ -252,7 +242,7 @@ function init(opts = {}) {
                         span.end();
                     }
                 });
-                installedAdapters.subSpan = (0, tracing_js_1.setupSubSpan)(subSpanImpl);
+                installedAdapters.subSpan = (0, api_js_1.setupSubSpan)(subSpanImpl);
             }
             else {
                 (0, api_js_1.message)('[OpenTelemetry] tracing integration was not installed because another tracing integration is ' +
@@ -264,8 +254,8 @@ function init(opts = {}) {
             shutdownOpenTelemetryPromise ?? (shutdownOpenTelemetryPromise = (async () => {
                 try {
                     await shutdownProviderWithTimeout(provider, shutdownTimeoutMs);
-                    if ((0, opentelemetryState_js_1.getOpenTelemetryTracerProvider)() === provider) {
-                        (0, opentelemetryState_js_1.setOpenTelemetryTracerProvider)(null);
+                    if ((0, api_js_1.getOpenTelemetryTracerProvider)() === provider) {
+                        (0, api_js_1.setOpenTelemetryTracerProvider)(null);
                         disableOpenTelemetryGlobals(loadedOtelApi);
                         ownsOpenTelemetryGlobals = false;
                         installedAdapters = resetInstalledTracingAdapters(installedAdapters);
@@ -281,8 +271,8 @@ function init(opts = {}) {
         // Register these last so failed init paths do not leave partial shutdown hooks
         // behind. The worker hook runs during cluster restarts, while Fastify onClose
         // still handles explicit app.close() calls from tests or custom integrations.
-        unregisterWorkerShutdownHook = (0, shutdownHooks_js_1.registerWorkerShutdownHook)(shutdownOpenTelemetry);
-        unregisterFastifyConfig = (0, fastifyConfig_js_1.registerFastifyConfigFunction)((app) => {
+        unregisterWorkerShutdownHook = (0, api_js_1.registerWorkerShutdownHook)(shutdownOpenTelemetry);
+        unregisterFastifyConfig = (0, api_js_1.registerFastifyConfigFunction)((app) => {
             app.addHook('onClose', shutdownOpenTelemetry);
         });
         api_js_1.log.info('[OpenTelemetry] Tracer provider initialized');
@@ -293,8 +283,8 @@ function init(opts = {}) {
         if (ownsOpenTelemetryGlobals &&
             registeredProvider &&
             otelApi &&
-            (0, opentelemetryState_js_1.getOpenTelemetryTracerProvider)() === registeredProvider) {
-            (0, opentelemetryState_js_1.setOpenTelemetryTracerProvider)(null);
+            (0, api_js_1.getOpenTelemetryTracerProvider)() === registeredProvider) {
+            (0, api_js_1.setOpenTelemetryTracerProvider)(null);
             disableOpenTelemetryGlobals(otelApi);
             ownsOpenTelemetryGlobals = false;
         }

package/lib/shared/configBuilder.js

@@ -181,32 +181,41 @@ function logSanitizedConfig() {
         'Final renderer settings': sanitizedSettings(config, '<NOT PROVIDED>'),
     });
 }
+const KNOWN_WEAK_PASSWORDS = new Set(['devPassword', 'myPassword1', 'password', 'changeme', 'admin', 'secret', 'test', 'renderer'].map((p) => p.toLowerCase()));
+const MIN_PASSWORD_LENGTH = 16;
 function validatePasswordForProduction(aConfig) {
-    // Only a truthy password satisfies the production-like requirement. Null, undefined, and empty strings are
-    // all treated as missing passwords.
-    if (aConfig.password)
-        return null;
-    // Require all present runtime envs to be development/test; fail closed otherwise.
-    // If either env indicates a production-like value, or neither env is set, password is required.
-    // This preserves a fail-closed invariant across the renderer startup path and the Ruby-side checks.
-    const allowMissingPassword = runtimeEnvsAllowDevelopmentDefaults();
-    if (allowMissingPassword)
+    const isProductionLike = !runtimeEnvsAllowDevelopmentDefaults();
+    if (!aConfig.password || aConfig.password.trim() === '') {
+        if (isProductionLike) {
+            return ('RENDERER_PASSWORD must be set in production-like environments ' +
+                `(NODE_ENV: "${env.NODE_ENV ?? '(not set)'}", RAILS_ENV: "${env.RAILS_ENV ?? '(not set)'}").` +
+                '\n\n' +
+                'In development and test environments, the renderer password is optional and no authentication\n' +
+                'is required. In all other environments, you must explicitly configure a password to secure\n' +
+                'communication between Rails and the Node Renderer.\n\n' +
+                'To fix this, set the RENDERER_PASSWORD environment variable:\n\n' +
+                '  export RENDERER_PASSWORD="your-secure-password"\n\n' +
+                'Or pass it in the config object:\n\n' +
+                '  reactOnRailsProNodeRenderer({ password: process.env.RENDERER_PASSWORD });\n\n' +
+                'Environment matrix:\n' +
+                '  development — password optional (no authentication)\n' +
+                '  test        — password optional (no authentication)\n' +
+                '  (neither set) — treated as production-like; RENDERER_PASSWORD required\n' +
+                '  all other environments (staging, production, qa, preview, etc.) — RENDERER_PASSWORD required');
+        }
         return null;
-    return ('RENDERER_PASSWORD must be set in production-like environments ' +
-        `(NODE_ENV: "${env.NODE_ENV ?? '(not set)'}", RAILS_ENV: "${env.RAILS_ENV ?? '(not set)'}").` +
-        '\n\n' +
-        'In development and test environments, the renderer password is optional and no authentication\n' +
-        'is required. In all other environments, you must explicitly configure a password to secure\n' +
-        'communication between Rails and the Node Renderer.\n\n' +
-        'To fix this, set the RENDERER_PASSWORD environment variable:\n\n' +
-        '  export RENDERER_PASSWORD="your-secure-password"\n\n' +
-        'Or pass it in the config object:\n\n' +
-        '  reactOnRailsProNodeRenderer({ password: process.env.RENDERER_PASSWORD });\n\n' +
-        'Environment matrix:\n' +
-        '  development — password optional (no authentication)\n' +
-        '  test        — password optional (no authentication)\n' +
-        '  (neither set) — treated as production-like; RENDERER_PASSWORD required\n' +
-        '  all other environments (staging, production, qa, preview, etc.) — RENDERER_PASSWORD required');
+    }
+    if (KNOWN_WEAK_PASSWORDS.has(aConfig.password.toLowerCase())) {
+        // Don't log the literal value — even a known-default value is the user's
+        // *current* live credential until they rotate it.
+        log_js_1.default.warn('RENDERER_PASSWORD matches a known-default value. ' +
+            `Set RENDERER_PASSWORD to a random value of at least ${MIN_PASSWORD_LENGTH} characters.`);
+    }
+    else if (aConfig.password.length < MIN_PASSWORD_LENGTH) {
+        log_js_1.default.warn(`RENDERER_PASSWORD is shorter than ${MIN_PASSWORD_LENGTH} characters (current length: ${aConfig.password.length}). ` +
+            'Consider using a stronger password.');
+    }
+    return null;
 }
 /**
  * Lazily create the config.

package/lib/shared/opentelemetryState.d.ts

@@ -1,4 +1,11 @@
 import type { NodeTracerProvider as NodeTracerProviderType } from '@opentelemetry/sdk-trace-node';
 export declare function getOpenTelemetryTracerProvider(): NodeTracerProviderType | null;
+/**
+ * Updates the process-global OpenTelemetry provider reference.
+ *
+ * Caller contract: only integrations that own the OpenTelemetry init/shutdown
+ * lifecycle should call this, and the value must mirror that lifecycle's
+ * current provider ownership.
+ */
 export declare function setOpenTelemetryTracerProvider(provider: NodeTracerProviderType | null): void;
 //# sourceMappingURL=opentelemetryState.d.ts.map

package/lib/shared/opentelemetryState.js

@@ -6,6 +6,13 @@ let tracerProvider = null;
 function getOpenTelemetryTracerProvider() {
     return tracerProvider;
 }
+/**
+ * Updates the process-global OpenTelemetry provider reference.
+ *
+ * Caller contract: only integrations that own the OpenTelemetry init/shutdown
+ * lifecycle should call this, and the value must mirror that lifecycle's
+ * current provider ownership.
+ */
 function setOpenTelemetryTracerProvider(provider) {
     tracerProvider = provider;
 }

package/lib/shared/sensitiveKeys.d.ts

@@ -0,0 +1,3 @@
+export declare const SENSITIVE_REQUEST_BODY_KEYS: Set<string>;
+export declare function sanitizeBodyKeys(body: object): string[];
+//# sourceMappingURL=sensitiveKeys.d.ts.map

package/lib/shared/sensitiveKeys.js

@@ -0,0 +1,24 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SENSITIVE_REQUEST_BODY_KEYS = void 0;
+exports.sanitizeBodyKeys = sanitizeBodyKeys;
+exports.SENSITIVE_REQUEST_BODY_KEYS = new Set([
+    'password',
+    'token',
+    'secret',
+    'api_key',
+    'api-key',
+    'apikey',
+    'authorization',
+    'auth_token',
+    'auth-token',
+    'authtoken',
+    'access_token',
+    'accesstoken',
+    'bearer',
+    'credentials',
+]);
+function sanitizeBodyKeys(body) {
+    return Object.keys(body).filter((key) => !exports.SENSITIVE_REQUEST_BODY_KEYS.has(key.toLowerCase()));
+}
+//# sourceMappingURL=sensitiveKeys.js.map

package/lib/shared/tracing.d.ts

@@ -52,7 +52,10 @@ export declare function setupTracing(options: TracingIntegrationOptions): boolea
 export declare function trace<T>(fn: UnitOfWork<T>, unitOfWorkOptions: UnitOfWorkOptions): Promise<T>;
 /**
  * Resets the installed tracing executor + startSsrRequestOptions back to
- * defaults. Internal integrations use this during lifecycle teardown.
+ * defaults. Integrations use this during lifecycle teardown or failed initialization cleanup.
+ *
+ * Caller contract: only integrations that own the active tracing lifecycle
+ * should call this, and only while tearing that lifecycle down.
  */
 export declare function resetTracing(): void;
 /**
@@ -119,7 +122,10 @@ export declare function setupSubSpan(impl: SubSpanFn): boolean;
 export declare function subSpan<T>(opts: SubSpanOptions, fn: (controller: SubSpanController) => Promise<T>): Promise<T>;
 /**
  * Resets the installed sub-span implementation back to the default pass-through.
- * Internal integrations use this during lifecycle teardown.
+ * Integrations use this during lifecycle teardown or failed initialization cleanup.
+ *
+ * Caller contract: only integrations that own the active sub-span lifecycle
+ * should call this, and only while tearing that lifecycle down.
  */
 export declare function resetSubSpan(): void;
 /**

package/lib/shared/tracing.js

@@ -50,7 +50,10 @@ function trace(fn, unitOfWorkOptions) {
 }
 /**
  * Resets the installed tracing executor + startSsrRequestOptions back to
- * defaults. Internal integrations use this during lifecycle teardown.
+ * defaults. Integrations use this during lifecycle teardown or failed initialization cleanup.
+ *
+ * Caller contract: only integrations that own the active tracing lifecycle
+ * should call this, and only while tearing that lifecycle down.
  */
 function resetTracing() {
     executor = (fn) => fn();
@@ -129,7 +132,10 @@ function subSpan(opts, fn) {
 }
 /**
  * Resets the installed sub-span implementation back to the default pass-through.
- * Internal integrations use this during lifecycle teardown.
+ * Integrations use this during lifecycle teardown or failed initialization cleanup.
+ *
+ * Caller contract: only integrations that own the active sub-span lifecycle
+ * should call this, and only while tearing that lifecycle down.
  */
 function resetSubSpan() {
     subSpanImpl = defaultSubSpan;

package/lib/worker/checkProtocolVersionHandler.js

@@ -10,6 +10,7 @@ exports.checkProtocolVersion = checkProtocolVersion;
  */
 const packageJson_js_1 = __importDefault(require("../shared/packageJson.js"));
 const log_js_1 = __importDefault(require("../shared/log.js"));
+const sensitiveKeys_js_1 = require("../shared/sensitiveKeys.js");
 const NODE_ENV = process.env.NODE_ENV || 'production';
 // Cache to store version comparison results to avoid repeated normalization and logging
 // Key: gemVersion string, Value: boolean (true if matches, false if mismatch)
@@ -43,7 +44,7 @@ function checkProtocolVersion(body) {
             status: 412,
             data: `Unsupported renderer protocol version ${reqProtocolVersion
                 ? `request protocol ${reqProtocolVersion}`
-                : `MISSING with body ${JSON.stringify(body)}`} does not match installed renderer protocol ${packageJson_js_1.default.protocolVersion} for version ${packageJson_js_1.default.version}.
+                : `MISSING (received fields: ${(0, sensitiveKeys_js_1.sanitizeBodyKeys)(body).join(', ') || '(none)'})`} does not match installed renderer protocol ${packageJson_js_1.default.protocolVersion} for version ${packageJson_js_1.default.version}.
 Update either the renderer or the Rails server`,
         };
     }

package/lib/worker.js

@@ -57,6 +57,7 @@ const requestPrechecks_js_1 = require("./worker/requestPrechecks.js");
 const authHandler_js_1 = require("./worker/authHandler.js");
 const handleRenderRequest_js_1 = require("./worker/handleRenderRequest.js");
 const handleGracefulShutdown_js_1 = __importDefault(require("./worker/handleGracefulShutdown.js"));
+const sensitiveKeys_js_1 = require("./shared/sensitiveKeys.js");
 const startupErrorHandler_js_1 = require("./worker/startupErrorHandler.js");
 const handleIncrementalRenderRequest_js_1 = require("./worker/handleIncrementalRenderRequest.js");
 const handleIncrementalRenderStream_js_1 = require("./worker/handleIncrementalRenderStream.js");
@@ -136,22 +137,6 @@ const errorCode = (error) => {
     return typeof code === 'string' ? code : undefined;
 };
 const isValidRenderingRequest = (value) => typeof value === 'string' && value.length > 0;
-const SENSITIVE_REQUEST_BODY_KEYS = new Set([
-    'password',
-    'token',
-    'secret',
-    'api_key',
-    'api-key',
-    'apikey',
-    'authorization',
-    'auth_token',
-    'auth-token',
-    'authtoken',
-    'access_token',
-    'accesstoken',
-    'bearer',
-    'credentials',
-]);
 const invalidRenderingRequestMessage = (body) => {
     const { renderingRequest } = body;
     let renderingRequestType = typeof renderingRequest;
@@ -164,7 +149,7 @@ const invalidRenderingRequestMessage = (body) => {
     else if (renderingRequest === '') {
         renderingRequestType = 'empty string';
     }
-    const bodyKeys = Object.keys(body).filter((key) => key !== 'renderingRequest' && !SENSITIVE_REQUEST_BODY_KEYS.has(key.toLowerCase()));
+    const bodyKeys = Object.keys(body).filter((key) => key !== 'renderingRequest' && !sensitiveKeys_js_1.SENSITIVE_REQUEST_BODY_KEYS.has(key.toLowerCase()));
     return [
         'Invalid "renderingRequest" field in render request.',
         'Expected a non-empty string of JavaScript to execute in the SSR VM.',

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "react-on-rails-pro-node-renderer",
-  "version": "16.7.0-rc.3",
+  "version": "17.0.0-rc.0",
   "protocolVersion": "2.0.0",
   "description": "React on Rails Pro Node Renderer for server-side rendering",
   "main": "lib/ReactOnRailsProNodeRenderer.js",
@@ -74,7 +74,7 @@
     "sentry-testkit": "^5.0.6",
     "touch": "^3.1.0",
     "typescript": "^5.4.3",
-    "react-on-rails": "16.7.0-rc.3"
+    "react-on-rails": "17.0.0-rc.0"
   },
   "peerDependencies": {
     "@honeybadger-io/js": ">=4.0.0",