chore(deps): bump picomatch to fix ReDoS and method injection vulnerabilities (#5900)

antonis · claude · web-flow · commit b696ed0a4519 · 2026-03-27T14:50:05.000Z
Uses scoped yarn resolutions to patch picomatch: - 3.x: 3.0.1 → 3.0.2 (fixes alerts #470, #471) - 4.x: 4.0.3 → 4.0.4 (fixes alerts #474, #475) All dev-only dependencies. https://github.com/getsentry/sentry-react-native/security/dependabot/470 https://github.com/getsentry/sentry-react-native/security/dependabot/471 https://github.com/getsentry/sentry-react-native/security/dependabot/474 https://github.com/getsentry/sentry-react-native/security/dependabot/475 Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
diff --git a/package.json b/package.json
@@ -122,7 +122,12 @@
     "on-headers": "^1.1.0",
     "diff": "^5.2.2",
     "tar": "^7.5.11",
-    "tmp": "^0.2.4"
+    "tmp": "^0.2.4",
+    "@expo/cli@npm:0.24.11/picomatch": "^3.0.2",
+    "@expo/cli@npm:55.0.15/picomatch": "^4.0.4",
+    "@expo/metro-config@npm:55.0.9/picomatch": "^4.0.4",
+    "npm-run-all2@npm:8.0.4/picomatch": "^4.0.4",
+    "tinyglobby@npm:0.2.15/picomatch": "^4.0.4"
   },
   "version": "0.0.0",
   "name": "sentry-react-native",
diff --git a/yarn.lock b/yarn.lock
@@ -28245,17 +28245,17 @@ __metadata:
   languageName: node
   linkType: hard
 
-"picomatch@npm:^3.0.1":
-  version: 3.0.1
-  resolution: "picomatch@npm:3.0.1"
-  checksum: b7fe18174bcc05bbf0ea09cc85623ae395676b3e6bc25636d4c20db79a948586237e429905453bf1ba385bc7a7aa5b56f1b351680e650d2b5c305ceb98dfc914
+"picomatch@npm:^3.0.2":
+  version: 3.0.2
+  resolution: "picomatch@npm:3.0.2"
+  checksum: 6804ba293d0158709880ff3ffbf4504d8768cac4a2dfb070bbc81f9cfa4a866acc9eada8cb4e219d0121f45c3af6f9543c6f0fa770e8fc9523cea87f14b3d741
   languageName: node
   linkType: hard
 
-"picomatch@npm:^4.0.2, picomatch@npm:^4.0.3":
-  version: 4.0.3
-  resolution: "picomatch@npm:4.0.3"
-  checksum: 6817fb74eb745a71445debe1029768de55fd59a42b75606f478ee1d0dc1aa6e78b711d041a7c9d5550e042642029b7f373dc1a43b224c4b7f12d23436735dba0
+"picomatch@npm:^4.0.4":
+  version: 4.0.4
+  resolution: "picomatch@npm:4.0.4"
+  checksum: 76b387b5157951422fa6049a96bdd1695e39dd126cd99df34d343638dc5cdb8bcdc83fff288c23eddcf7c26657c35e3173d4d5f488c4f28b889b314472e0a662
   languageName: node
   linkType: hard
 
