fix(dependabot): Resolve tar vulnerability via yarn resolutions · getsentry/sentry-javascript@8596a4f

Triggered via pull request February 3, 2026 10:27

RulaKhaled

synchronize #19132

fix-dependabot-alert

Status Failure

Total duration 3m 12s

Artifacts –

dependency-review.yml Required

on: pull_request

2 errors and 10 warnings

$GITHUB_STEP_SUMMARY upload aborted, supports content up to a size of 1024k, got 1734k. For more information see: https://docs.github.com/actions/using-workflows/workflow-commands-for-github-actions#adding-a-markdown-summary

Dependency review detected vulnerable packages.

npm/copy-anything has an OpenSSF Scorecard of 2.7, which is less than this repository's threshold of 3.

npm/broccoli-node-info has an OpenSSF Scorecard of 2.8, which is less than this repository's threshold of 3.

npm/babel-import-util has an OpenSSF Scorecard of 2.6, which is less than this repository's threshold of 3.

npm/babel-import-util has an OpenSSF Scorecard of 2.6, which is less than this repository's threshold of 3.

npm/assert-never has an OpenSSF Scorecard of 2.7, which is less than this repository's threshold of 3.

npm/aproba has an OpenSSF Scorecard of 1.9, which is less than this repository's threshold of 3.

npm/amqplib has an OpenSSF Scorecard of 2.8, which is less than this repository's threshold of 3.

npm/agent-base has an OpenSSF Scorecard of 2.9, which is less than this repository's threshold of 3.

npm/@jridgewell/resolve-uri has an OpenSSF Scorecard of 2.5, which is less than this repository's threshold of 3.

npm/@babel/preset-modules has an OpenSSF Scorecard of 2.9, which is less than this repository's threshold of 3.