Skip to content

chore(deps): bump jwt in /samples/react-native#6251

Merged
antonis merged 1 commit into
mainfrom
chore/bump-jwt-sample-rn
Jun 3, 2026
Merged

chore(deps): bump jwt in /samples/react-native#6251
antonis merged 1 commit into
mainfrom
chore/bump-jwt-sample-rn

Conversation

@antonis
Copy link
Copy Markdown
Contributor

@antonis antonis commented Jun 3, 2026

📢 Type of change

  • Bugfix
  • New feature
  • Enhancement
  • Refactoring

📜 Description

Bump jwt gem from 2.9.3 to 2.10.3 in the React Native sample app's Gemfile.lock.

💡 Motivation and Context

Fixes Dependabot alert #546 — high severity empty-key HMAC bypass vulnerability (CVE-2026-44351).

The macos sample and performance-tests were already bumped in #6247 and #6246.

💚 How did you test it?

bundle update jwt resolved successfully. This only affects the sample app's transitive dependency.

📝 Checklist

  • I added tests to verify changes
  • No new PII added or SDK only sends newly added PII if sendDefaultPII is enabled
  • I updated the docs if needed.
  • I updated the wizard if needed.
  • All tests passing
  • No breaking changes

🔮 Next steps

@antonis @claude
chore(deps): bump jwt in /samples/react-native
e8e9e7a 
Bump jwt from 2.9.3 to 2.10.3 to fix high severity empty-key HMAC bypass vulnerability.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Jun 3, 2026
edited
Loading

Semver Impact of This PR

None (no version bump detected)

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).

  • chore(deps): bump jwt in /samples/react-native by antonis in #6251
  • chore(deps): update CLI to v3.5.0 by github-actions in #6248
  • chore(deps): bump jwt from 2.9.3 to 2.10.3 in /samples/react-native-macos by dependabot in #6247
  • chore(deps): bump jwt from 2.10.2 to 2.10.3 in /performance-tests by dependabot in #6246
  • feat(android): Warn when Gradle resolves unsupported sentry-android version by antonis in #6238
  • chore(deps): update JavaScript SDK to v10.56.0 by github-actions in #6249
  • chore(ci): Pin all GitHub Actions to full commit SHAs by antonis in #6243
  • fix(tracing): Enable fetch instrumentation when expo/fetch is active by antonis in #6226
  • fix: Bump tmp to 0.2.7 to resolve path traversal vulnerability by antonis in #6233
  • feat(logs): Add enableAutoConsoleLogs option to opt out of console capture by alwx in #6235
  • chore(deps): update JavaScript SDK to v10.55.0 by github-actions in #6222
  • chore(deps): update Sentry Android Gradle Plugin to v6.9.0 by github-actions in #6230
  • refactor(android): Convert sentry.gradle to Kotlin DSL (sentry.gradle.kts) by antonis in #6119

🤖 This preview updates automatically when you update the PR.

@antonis antonis added the ready-to-merge Triggers the full CI test suite label Jun 3, 2026
@sentry
Copy link
Copy Markdown

sentry Bot commented Jun 3, 2026

📲 Install Builds

Android

🔗 App Name App ID Version Configuration
Sentry RN io.sentry.reactnative.sample 8.13.0 (90) Release

⚙️ sentry-react-native Build Distribution Settings

@antonis antonis merged commit bb85cf7 into main Jun 3, 2026
110 of 115 checks passed
@antonis antonis deleted the chore/bump-jwt-sample-rn branch June 3, 2026 11:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alwx alwx alwx approved these changes

@lucas-zimerman lucas-zimerman Awaiting requested review from lucas-zimerman lucas-zimerman is a code owner

Assignees

No one assigned

Labels

ready-to-merge Triggers the full CI test suite

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@antonis @alwx