Skip to content

chore(deps): bump yaml to ^2.8.3#5921

Merged
antonis merged 1 commit intomainfrom
antonis/bump-yaml
Mar 30, 2026
Merged

chore(deps): bump yaml to ^2.8.3#5921
antonis merged 1 commit intomainfrom
antonis/bump-yaml

Conversation

@antonis
Copy link
Copy Markdown
Contributor

@antonis antonis commented Mar 30, 2026

Unscoped resolution to bump yaml from 2.5.0/2.8.2 to 2.8.3, fixing stack overflow via deeply nested YAML collections.

Dev-only dependency.

https://github.com/getsentry/sentry-react-native/security/dependabot/476

@antonis @claude
chore(deps): bump yaml to ^2.8.3
0474eec 
Fixes Dependabot alert for stack overflow via deeply nested YAML.

https://github.com/getsentry/sentry-react-native/security/dependabot/476

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 30, 2026

Semver Impact of This PR

None (no version bump detected)

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).

  • chore(deps): bump yaml to ^2.8.3 by antonis in #5921
  • chore(deps): bump actions/checkout from 4 to 6 by dependabot in #5916
  • chore(deps): bump getsentry/craft from 2.25.0 to 2.25.2 by dependabot in #5918
  • chore(deps): bump getsentry/craft/.github/workflows/changelog-preview.yml from 2.25.0 to 2.25.2 by dependabot in #5914
  • chore(deps): bump github/codeql-action from 4.34.1 to 4.35.1 by dependabot in #5917
  • chore(deps): bump dorny/paths-filter from 3.0.2 to 4.0.1 by dependabot in #5915
  • fix: Prevent script injection vulnerability in platform-check action by fix-it-felix-sentry in #5913
  • chore(ios): Upgrade clang-format from v20 to v22 by antonis in #5905
  • chore: Add PR validation workflow by stephanie-anderson in #5906
  • chore(deps): bump brace-expansion from 1.1.12 to 1.1.13 by dependabot in #5909
  • chore(deps): bump picomatch to fix ReDoS and method injection by antonis in #5900
  • chore(deps): update Android SDK to v8.37.1 by github-actions in #5884
  • fix(build): Update expo-handler sentry-android version in update script by antonis in #5904
  • fix(ios): synchronize RNSentryTimeToDisplay across main and bridge th… by huextrat in #5887
  • chore(deps): bump node-forge from 1.3.2 to 1.4.0 by dependabot in #5903
  • chore(deps): update Sentry Android Gradle Plugin to v6.3.0 by github-actions in #5902
  • chore(deps): bump handlebars from 4.7.8 to 4.7.9 by dependabot in #5901

🤖 This preview updates automatically when you update the PR.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 30, 2026

Fails
🚫 Pull request is not ready for merge, please add the "ready-to-merge" label to the pull request

Generated by 🚫 dangerJS against 0474eec

@antonis antonis marked this pull request as ready for review March 30, 2026 08:57
lucas-zimerman
lucas-zimerman approved these changes Mar 30, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@lucas-zimerman lucas-zimerman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@antonis antonis merged commit b287e72 into main Mar 30, 2026
47 of 52 checks passed
@antonis antonis deleted the antonis/bump-yaml branch March 30, 2026 12:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lucas-zimerman lucas-zimerman lucas-zimerman approved these changes

@alwx alwx Awaiting requested review from alwx alwx is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@antonis @lucas-zimerman