From 0876b53dbebf6f78affcd547771d2e850642172e Mon Sep 17 00:00:00 2001
From: Antonis Lilis <antonis.lilis@sentry.io>
Date: Thu, 2 Apr 2026 11:36:37 +0200
Subject: [PATCH] chore(deps): bump yauzl to ^3.2.1

Fixes Dependabot alert for yauzl off-by-one error.

https://github.com/getsentry/sentry-react-native/security/dependabot/453

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 package.json |  3 ++-
 yarn.lock    | 20 ++++++++++----------
 2 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/package.json b/package.json
index 5d9252a72a..93a5538e4d 100644
--- a/package.json
+++ b/package.json
@@ -115,7 +115,8 @@
     "minimatch@npm:10.2.4/brace-expansion": "^5.0.5",
     "@appium/base-driver@npm:10.2.2/path-to-regexp": "^8.4.0",
     "router@npm:2.2.0/path-to-regexp": "^8.4.0",
-    "yaml": "^2.8.3"
+    "yaml": "^2.8.3",
+    "@appium/support@npm:7.0.6/yauzl": "^3.2.1"
   },
   "version": "0.0.0",
   "name": "sentry-react-native",
diff --git a/yarn.lock b/yarn.lock
index febb1cfb49..4b13c2f334 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -33099,16 +33099,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"yauzl@npm:3.2.0":
-  version: 3.2.0
-  resolution: "yauzl@npm:3.2.0"
-  dependencies:
-    buffer-crc32: ~0.2.3
-    pend: ~1.2.0
-  checksum: d16440447bbc4973cf60c455290d6a394c47b82d449193098b10c69a6cc8f3eb003e361a512d1885ca67c96c95351aadb46bfcc47ee2c73a5134743d99275554
-  languageName: node
-  linkType: hard
-
 "yauzl@npm:^2.10.0":
   version: 2.10.0
   resolution: "yauzl@npm:2.10.0"
@@ -33119,6 +33109,16 @@ __metadata:
   languageName: node
   linkType: hard
 
+"yauzl@npm:^3.2.1":
+  version: 3.3.0
+  resolution: "yauzl@npm:3.3.0"
+  dependencies:
+    buffer-crc32: ~0.2.3
+    pend: ~1.2.0
+  checksum: 7ad20895242e83a14ed4d1a9b3608221e50e49079ebb4e1af81faf1c683bcd41a82cd2c19863e0159afa434405930299ee9724f8a860c4ae186f0999e883cb25
+  languageName: node
+  linkType: hard
+
 "yocto-queue@npm:^0.1.0":
   version: 0.1.0
   resolution: "yocto-queue@npm:0.1.0"