chore(deps): pin fast-xml-parser to ^5.3.6 to address entity encoding bypass

[antonis]

Summary

• Adds a resolutions entry in package.json to force fast-xml-parser to >=5.3.6
• Fixes a regex injection vulnerability in DOCTYPE entity names affecting fast-xml-parser >= 4.1.3, < 5.3.5, where a . in a DOCTYPE entity name shadows built-in XML entities (<, >, &, etc.) enabling XSS
• The package is a transitive dev dependency via @react-native-community/cli — a non-breaking upgrade within the 4.x range is not possible, requiring a resolution override to jump to 5.x

Fixes https://linear.app/getsentry/issue/RN-513/fast-xml-parser-vulnerability-in-getsentrysentry-react-native

https://github.com/getsentry/sentry-react-native/security/dependabot/422
https://github.com/getsentry/sentry-react-native/security/dependabot/418

Test plan

• yarn install resolves fast-xml-parser to 5.3.7
• yarn build passes cleanly
• test with sample apps

🤖 Generated with Claude Code

#skip-changelog

[github-actions]

Semver Impact of This PR

⚪ None (no version bump detected)

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).

---

This PR will not appear in the changelog.

---

_{🤖 This preview updates automatically when you update the PR.}

[linear]

RN-513 fast-xml-parser vulnerability in getsentry/sentry-react-native

[github-actions]

Android (legacy) Performance metrics 🚀

	Plain	With Sentry	Diff
Startup time	413.14 ms	476.84 ms	63.70 ms
Size	43.75 MiB	48.46 MiB	4.71 MiB

Baseline results on branch: main

Startup times

Revision	Plain	With Sentry	Diff
df1f7df+dirty	442.64 ms	427.16 ms	-15.48 ms
a483f9f+dirty	396.82 ms	453.28 ms	56.46 ms
a0b15d6	423.06 ms	437.77 ms	14.71 ms
7091004+dirty	416.11 ms	423.90 ms	7.79 ms
5526494	440.84 ms	448.36 ms	7.52 ms
8a4ce6f	422.88 ms	408.33 ms	-14.55 ms
526494a+dirty	422.80 ms	438.90 ms	16.10 ms
60cd796+dirty	445.84 ms	492.45 ms	46.61 ms
3bd3f0d+dirty	447.21 ms	472.31 ms	25.10 ms
769e11c+dirty	409.15 ms	446.06 ms	36.91 ms

App size

Revision	Plain	With Sentry	Diff
df1f7df+dirty	43.75 MiB	48.08 MiB	4.33 MiB
a483f9f+dirty	43.75 MiB	48.41 MiB	4.66 MiB
a0b15d6	17.75 MiB	20.15 MiB	2.41 MiB
7091004+dirty	43.75 MiB	47.99 MiB	4.23 MiB
5526494	17.75 MiB	19.68 MiB	1.93 MiB
8a4ce6f	17.75 MiB	19.68 MiB	1.94 MiB
526494a+dirty	43.75 MiB	47.99 MiB	4.24 MiB
60cd796+dirty	43.75 MiB	48.07 MiB	4.32 MiB
3bd3f0d+dirty	17.75 MiB	19.70 MiB	1.95 MiB
769e11c+dirty	43.75 MiB	48.41 MiB	4.66 MiB

[github-actions]

iOS (legacy) Performance metrics 🚀

	Plain	With Sentry	Diff
Startup time	1197.04 ms	1208.32 ms	11.28 ms
Size	3.38 MiB	4.78 MiB	1.40 MiB

Baseline results on branch: main

Startup times

Revision	Plain	With Sentry	Diff
90e7cb3+dirty	1206.61 ms	1209.46 ms	2.84 ms
60cd796+dirty	1204.87 ms	1202.71 ms	-2.17 ms
8e653ac+dirty	1218.63 ms	1223.88 ms	5.24 ms
f70acbf+dirty	1235.71 ms	1243.14 ms	7.43 ms
ad27f6e+dirty	1223.41 ms	1246.29 ms	22.88 ms
6c11c6a+dirty	1202.43 ms	1212.70 ms	10.27 ms
664c66f+dirty	1215.37 ms	1221.30 ms	5.92 ms
d916aa3+dirty	1221.02 ms	1228.98 ms	7.96 ms
36841a6+dirty	1221.32 ms	1222.17 ms	0.85 ms
bca62c0+dirty	1183.61 ms	1183.76 ms	0.14 ms

App size

Revision	Plain	With Sentry	Diff
90e7cb3+dirty	3.41 MiB	4.58 MiB	1.17 MiB
60cd796+dirty	3.44 MiB	4.67 MiB	1.23 MiB
8e653ac+dirty	2.63 MiB	4.01 MiB	1.38 MiB
f70acbf+dirty	2.63 MiB	3.98 MiB	1.34 MiB
ad27f6e+dirty	3.41 MiB	4.67 MiB	1.25 MiB
6c11c6a+dirty	3.44 MiB	4.60 MiB	1.16 MiB
664c66f+dirty	3.38 MiB	4.60 MiB	1.22 MiB
d916aa3+dirty	2.63 MiB	3.81 MiB	1.18 MiB
36841a6+dirty	3.41 MiB	4.67 MiB	1.25 MiB
bca62c0+dirty	3.38 MiB	4.60 MiB	1.22 MiB

[github-actions]

iOS (new) Performance metrics 🚀

	Plain	With Sentry	Diff
Startup time	1212.65 ms	1220.30 ms	7.65 ms
Size	3.38 MiB	4.78 MiB	1.40 MiB

Baseline results on branch: main

Startup times

Revision	Plain	With Sentry	Diff
90e7cb3+dirty	1212.61 ms	1213.80 ms	1.19 ms
60cd796+dirty	1206.08 ms	1213.36 ms	7.28 ms
8e653ac+dirty	1215.46 ms	1220.20 ms	4.75 ms
f70acbf+dirty	1239.00 ms	1242.53 ms	3.53 ms
ad27f6e+dirty	1214.28 ms	1203.67 ms	-10.62 ms
6c11c6a+dirty	1217.55 ms	1221.49 ms	3.94 ms
664c66f+dirty	1195.94 ms	1194.80 ms	-1.14 ms
d916aa3+dirty	1211.02 ms	1221.33 ms	10.31 ms
36841a6+dirty	1215.87 ms	1217.27 ms	1.40 ms
bca62c0+dirty	1219.65 ms	1226.14 ms	6.50 ms

App size

Revision	Plain	With Sentry	Diff
90e7cb3+dirty	3.41 MiB	4.58 MiB	1.17 MiB
60cd796+dirty	3.44 MiB	4.67 MiB	1.23 MiB
8e653ac+dirty	3.19 MiB	4.58 MiB	1.39 MiB
f70acbf+dirty	3.19 MiB	4.54 MiB	1.36 MiB
ad27f6e+dirty	3.41 MiB	4.67 MiB	1.25 MiB
6c11c6a+dirty	3.44 MiB	4.60 MiB	1.16 MiB
664c66f+dirty	3.38 MiB	4.60 MiB	1.22 MiB
d916aa3+dirty	3.19 MiB	4.38 MiB	1.19 MiB
36841a6+dirty	3.41 MiB	4.67 MiB	1.25 MiB
bca62c0+dirty	3.38 MiB	4.60 MiB	1.22 MiB

[lucas-zimerman]

LGMT!

[github-actions]

Android (new) Performance metrics 🚀

	Plain	With Sentry	Diff
Startup time	440.88 ms	463.30 ms	22.42 ms
Size	43.94 MiB	49.33 MiB	5.39 MiB

Baseline results on branch: main

Startup times

Revision	Plain	With Sentry	Diff
df1f7df+dirty	374.68 ms	384.96 ms	10.28 ms
a483f9f+dirty	428.57 ms	475.98 ms	47.41 ms
7091004+dirty	377.76 ms	402.11 ms	24.35 ms
5526494+dirty	380.79 ms	432.70 ms	51.91 ms
98f632c+dirty	323.98 ms	375.39 ms	51.41 ms
5c16cdc+dirty	375.45 ms	426.62 ms	51.17 ms
8ece263+dirty	369.44 ms	414.65 ms	45.21 ms
a2bb688+dirty	371.19 ms	389.18 ms	17.99 ms
526494a+dirty	361.10 ms	410.84 ms	49.74 ms
60cd796+dirty	410.56 ms	439.00 ms	28.44 ms

App size

Revision	Plain	With Sentry	Diff
df1f7df+dirty	43.94 MiB	48.91 MiB	4.97 MiB
a483f9f+dirty	43.94 MiB	49.27 MiB	5.33 MiB
7091004+dirty	43.94 MiB	48.81 MiB	4.88 MiB
5526494+dirty	7.15 MiB	8.41 MiB	1.26 MiB
98f632c+dirty	7.15 MiB	8.42 MiB	1.27 MiB
5c16cdc+dirty	7.15 MiB	8.41 MiB	1.26 MiB
8ece263+dirty	7.15 MiB	8.41 MiB	1.26 MiB
a2bb688+dirty	7.15 MiB	8.43 MiB	1.28 MiB
526494a+dirty	43.94 MiB	48.82 MiB	4.88 MiB
60cd796+dirty	43.94 MiB	48.90 MiB	4.96 MiB