Skip to content

chore(deps): bump tar to ^7.5.11#5824

Merged
antonis merged 2 commits intomainfrom
antonis/bump-tar
Mar 16, 2026
Merged

chore(deps): bump tar to ^7.5.11#5824
antonis merged 2 commits intomainfrom
antonis/bump-tar

Conversation

@antonis
Copy link
Contributor

@antonis antonis commented Mar 16, 2026
edited
Loading

Bumps the existing tar resolution from ^7.5.10 to ^7.5.11 to fix symlink path traversal vulnerability.

All consumers now resolve to 7.5.11. Dev-only dependency.

https://github.com/getsentry/sentry-react-native/security/dependabot/445

@antonis @claude
chore(deps): bump tar to ^7.5.11
e89a3a8 
Fixes Dependabot alerts for tar path traversal vulnerabilities.

https://github.com/getsentry/sentry-react-native/security/dependabot/445
https://github.com/getsentry/sentry-react-native/security/dependabot/443

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@github-actions
Copy link
Contributor

github-actions bot commented Mar 16, 2026
edited
Loading

Semver Impact of This PR

None (no version bump detected)

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).

  • chore(deps): bump tar to ^7.5.11 by antonis in #5824
  • chore(deps): bump dorny/paths-filter from 3.0.2 to 4.0.1 by dependabot in #5820
  • chore(deps): bump reactivecircus/android-emulator-runner from 2.35.0 to 2.37.0 by dependabot in #5818
  • chore(deps): bump getsentry/craft/.github/workflows/changelog-preview.yml from 2.23.2 to 2.24.1 by dependabot in #5821
  • chore(deps): bump getsentry/craft from 2.23.2 to 2.24.1 by dependabot in #5819
  • chore(deps): bump undici from 6.23.0 to 6.24.1 by dependabot in #5817
  • chore(deps): bump flatted from 3.3.1 to 3.4.1 by dependabot in #5816
  • Ref: remove yarn from stub update by lucas-zimerman in #5811
  • Ref(CI): Unify stub update with android update by lucas-zimerman in #5807

🤖 This preview updates automatically when you update the PR.

@antonis antonis marked this pull request as ready for review March 16, 2026 10:23
lucas-zimerman
lucas-zimerman approved these changes Mar 16, 2026
View reviewed changes
Copy link
Collaborator

@lucas-zimerman lucas-zimerman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! After test passes

@lucas-zimerman lucas-zimerman added the ready-to-merge Triggers the full CI test suite label Mar 16, 2026
@github-actions
Copy link
Contributor

github-actions bot commented Mar 16, 2026

Android (legacy) Performance metrics 🚀

  Plain With Sentry Diff
Startup time 399.29 ms 427.28 ms 27.99 ms
Size 43.75 MiB 48.32 MiB 4.57 MiB

Baseline results on branch: main

Startup times

Revision Plain With Sentry Diff
4a17c8f+dirty 406.62 ms 400.58 ms -6.04 ms
df1f7df+dirty 442.64 ms 427.16 ms -15.48 ms
a483f9f+dirty 396.82 ms 453.28 ms 56.46 ms
60cd796+dirty 445.84 ms 492.45 ms 46.61 ms
5c16cdc+dirty 423.48 ms 452.35 ms 28.88 ms
80e4616+dirty 411.58 ms 462.12 ms 50.54 ms
55b77fc+dirty 411.87 ms 417.16 ms 5.29 ms
bca62c0+dirty 414.36 ms 451.06 ms 36.70 ms
0b64753+dirty 448.67 ms 474.61 ms 25.94 ms
4e6d7d7+dirty 480.73 ms 515.73 ms 35.00 ms

App size

Revision Plain With Sentry Diff
4a17c8f+dirty 43.75 MiB 47.99 MiB 4.24 MiB
df1f7df+dirty 43.75 MiB 48.08 MiB 4.33 MiB
a483f9f+dirty 43.75 MiB 48.41 MiB 4.66 MiB
60cd796+dirty 43.75 MiB 48.07 MiB 4.32 MiB
5c16cdc+dirty 17.75 MiB 19.68 MiB 1.94 MiB
80e4616+dirty 43.75 MiB 48.55 MiB 4.80 MiB
55b77fc+dirty 43.75 MiB 47.99 MiB 4.24 MiB
bca62c0+dirty 43.75 MiB 48.41 MiB 4.66 MiB
0b64753+dirty 17.75 MiB 19.70 MiB 1.95 MiB
4e6d7d7+dirty 43.75 MiB 48.40 MiB 4.64 MiB

Previous results on branch: antonis/bump-tar

Startup times

Revision Plain With Sentry Diff
ad9ce19+dirty 420.07 ms 476.02 ms 55.96 ms
93b126d+dirty 408.80 ms 474.36 ms 65.56 ms

App size

Revision Plain With Sentry Diff
ad9ce19+dirty 43.75 MiB 48.46 MiB 4.71 MiB
93b126d+dirty 43.75 MiB 48.46 MiB 4.71 MiB

@github-actions
Copy link
Contributor

github-actions bot commented Mar 16, 2026

iOS (legacy) Performance metrics 🚀

  Plain With Sentry Diff
Startup time 1211.43 ms 1218.59 ms 7.15 ms
Size 3.38 MiB 4.72 MiB 1.34 MiB

Baseline results on branch: main

Startup times

Revision Plain With Sentry Diff
ea3e26e+dirty 1229.13 ms 1228.46 ms -0.67 ms
80e4616+dirty 1221.32 ms 1225.64 ms 4.32 ms
818a608+dirty 1205.76 ms 1208.00 ms 2.24 ms
77061ed+dirty 1233.16 ms 1234.88 ms 1.71 ms
bef3709+dirty 1222.07 ms 1220.24 ms -1.83 ms
a206511+dirty 1185.00 ms 1186.35 ms 1.35 ms
74979ac+dirty 1210.49 ms 1213.31 ms 2.82 ms
a2bb688+dirty 1223.53 ms 1232.90 ms 9.37 ms
8a868fe+dirty 1221.50 ms 1230.78 ms 9.28 ms
d590428+dirty 1211.77 ms 1220.51 ms 8.75 ms

App size

Revision Plain With Sentry Diff
ea3e26e+dirty 3.41 MiB 4.58 MiB 1.17 MiB
80e4616+dirty 3.38 MiB 4.60 MiB 1.22 MiB
818a608+dirty 2.63 MiB 3.91 MiB 1.28 MiB
77061ed+dirty 2.63 MiB 3.98 MiB 1.34 MiB
bef3709+dirty 3.38 MiB 4.78 MiB 1.40 MiB
a206511+dirty 3.41 MiB 4.67 MiB 1.25 MiB
74979ac+dirty 3.38 MiB 4.60 MiB 1.22 MiB
a2bb688+dirty 2.63 MiB 3.99 MiB 1.36 MiB
8a868fe+dirty 3.38 MiB 4.60 MiB 1.22 MiB
d590428+dirty 3.38 MiB 4.78 MiB 1.39 MiB

Previous results on branch: antonis/bump-tar

Startup times

Revision Plain With Sentry Diff
ad9ce19+dirty 1209.18 ms 1212.90 ms 3.71 ms
93b126d+dirty 1214.31 ms 1215.35 ms 1.04 ms

App size

Revision Plain With Sentry Diff
ad9ce19+dirty 3.38 MiB 4.78 MiB 1.40 MiB
93b126d+dirty 3.38 MiB 4.78 MiB 1.40 MiB

@github-actions
Copy link
Contributor

github-actions bot commented Mar 16, 2026

iOS (new) Performance metrics 🚀

  Plain With Sentry Diff
Startup time 1225.36 ms 1228.02 ms 2.66 ms
Size 3.38 MiB 4.72 MiB 1.34 MiB

Baseline results on branch: main

Startup times

Revision Plain With Sentry Diff
ea3e26e+dirty 1216.61 ms 1214.15 ms -2.47 ms
80e4616+dirty 1206.90 ms 1205.94 ms -0.96 ms
818a608+dirty 1218.84 ms 1223.18 ms 4.34 ms
77061ed+dirty 1210.77 ms 1218.45 ms 7.68 ms
bef3709+dirty 1217.79 ms 1225.33 ms 7.54 ms
a206511+dirty 1225.02 ms 1223.74 ms -1.28 ms
74979ac+dirty 1212.33 ms 1212.54 ms 0.21 ms
a2bb688+dirty 1244.82 ms 1238.60 ms -6.22 ms
8a868fe+dirty 1206.85 ms 1215.04 ms 8.19 ms
d590428+dirty 1221.23 ms 1225.27 ms 4.03 ms

App size

Revision Plain With Sentry Diff
ea3e26e+dirty 3.41 MiB 4.58 MiB 1.17 MiB
80e4616+dirty 3.38 MiB 4.60 MiB 1.22 MiB
818a608+dirty 3.19 MiB 4.48 MiB 1.29 MiB
77061ed+dirty 3.19 MiB 4.54 MiB 1.36 MiB
bef3709+dirty 3.38 MiB 4.78 MiB 1.40 MiB
a206511+dirty 3.41 MiB 4.67 MiB 1.25 MiB
74979ac+dirty 3.38 MiB 4.60 MiB 1.22 MiB
a2bb688+dirty 3.19 MiB 4.56 MiB 1.37 MiB
8a868fe+dirty 3.38 MiB 4.60 MiB 1.22 MiB
d590428+dirty 3.38 MiB 4.78 MiB 1.39 MiB

Previous results on branch: antonis/bump-tar

Startup times

Revision Plain With Sentry Diff
ad9ce19+dirty 1219.28 ms 1224.18 ms 4.91 ms
93b126d+dirty 1215.77 ms 1211.44 ms -4.33 ms

App size

Revision Plain With Sentry Diff
ad9ce19+dirty 3.38 MiB 4.78 MiB 1.40 MiB
93b126d+dirty 3.38 MiB 4.78 MiB 1.40 MiB

@antonis antonis merged commit 7b1351d into main Mar 16, 2026
76 of 91 checks passed
@antonis antonis deleted the antonis/bump-tar branch March 16, 2026 13:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lucas-zimerman lucas-zimerman lucas-zimerman approved these changes

@alwx alwx Awaiting requested review from alwx alwx is a code owner

Assignees

No one assigned

Labels

ready-to-merge Triggers the full CI test suite skip-changelog

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@antonis @lucas-zimerman