From cdaf46cb6e5ed4d2569c26d0d55a2086ce23e9b5 Mon Sep 17 00:00:00 2001
From: Antonis Lilis <antonis.lilis@sentry.io>
Date: Mon, 30 Mar 2026 10:47:26 +0200
Subject: [PATCH] chore(deps): bump path-to-regexp to ^8.4.0

Fixes Dependabot alert for DoS via sequential optional groups.

https://github.com/getsentry/sentry-react-native/security/dependabot/487

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 package.json | 4 +++-
 yarn.lock    | 8 ++++----
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/package.json b/package.json
index 08ff4b77ff..e21e78aece 100644
--- a/package.json
+++ b/package.json
@@ -127,7 +127,9 @@
     "@expo/cli@npm:55.0.15/picomatch": "^4.0.4",
     "@expo/metro-config@npm:55.0.9/picomatch": "^4.0.4",
     "npm-run-all2@npm:8.0.4/picomatch": "^4.0.4",
-    "tinyglobby@npm:0.2.15/picomatch": "^4.0.4"
+    "tinyglobby@npm:0.2.15/picomatch": "^4.0.4",
+    "@appium/base-driver@npm:10.2.2/path-to-regexp": "^8.4.0",
+    "router@npm:2.2.0/path-to-regexp": "^8.4.0"
   },
   "version": "0.0.0",
   "name": "sentry-react-native",
diff --git a/yarn.lock b/yarn.lock
index 4fa8ddac58..d9c87c7f67 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -28160,10 +28160,10 @@ __metadata:
   languageName: node
   linkType: hard
 
-"path-to-regexp@npm:8.3.0, path-to-regexp@npm:^8.0.0":
-  version: 8.3.0
-  resolution: "path-to-regexp@npm:8.3.0"
-  checksum: 73e0d3db449f9899692b10be8480bbcfa294fd575be2d09bce3e63f2f708d1fccd3aaa8591709f8b82062c528df116e118ff9df8f5c52ccc4c2443a90be73e10
+"path-to-regexp@npm:^8.4.0":
+  version: 8.4.0
+  resolution: "path-to-regexp@npm:8.4.0"
+  checksum: fa75cb500adc481d4f954c6764d7465ceb410a377b7dd2500d9e872aaf8bc873b37aac1cde735b90ce5baf19812860f0db9d39560ac952a7393f434a3522b9c4
   languageName: node
   linkType: hard