Closed nosmalldreams closed 1 year ago
Please report this issue to @sentry/react-native
. If they want to publish a patch release to 4.x, then we can update to it. Our v7 release uses @sentry/react-native
v5, but that upgrade includes breaking changes so can't be backported.
Summary
There's a Regular Expression Denial of Service vulnerability in the ansi-regex package in versions < 6.0.1: https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
Would it be possible to update sentry-expo dependencies to use a patched version? (or to upgrade to use @sentry/react-native@5.5.0, which does not have this vulnerability)
The dependencies from version 6.2.2 of sentry-expo that use out of date versions that I see are: @sentry/react-native@4.15.2 > @sentry/cli@1.74.4 > npmlog@4.1.2 > gauge@2.7.4 > string-width@1.0.2 > strip-ansi@3.0.1 > ansi-regex@2.1.1
Managed or bare workflow? If you have
ios/
orandroid/
directories in your project, the answer is bare!bare
What platform(s) does this occur on?
iOS
SDK Version (managed workflow only)
No response
Environment
all
Reproducible demo or steps to reproduce from a blank project
n/a