fix(deps): Bump transitive deps for medium security fixes by chargome · Pull Request #20679 · getsentry/sentry-javascript

chargome · 2026-05-05T13:01:00Z

Summary

Bumps postcss 8.5.6 → 8.5.14 (fixes XSS via unescaped </style>)
Bumps picomatch 2.3.1 → 2.3.2 (fixes method injection in POSIX character classes)
Bumps yaml 1.10.2 → 1.10.3 via cosmiconfig (fixes stack overflow via deeply nested collections)
Bumps @hono/node-server 1.19.10 → 2.0.1 (fixes middleware bypass via repeated slashes)
Fixes Dependabot alerts 1431, 1253, 1249, 1348

🤖 Generated with Claude Code

…ecurity fixes - postcss 8.5.6 → 8.5.14 (fixes XSS via unescaped </style>) - picomatch 2.3.1 → 2.3.2 (fixes method injection in POSIX classes) - yaml 1.10.2 → 1.10.3 (fixes stack overflow via deep collections) - @hono/node-server 1.19.10 → 2.0.1 (fixes middleware bypass via slashes) Fixes Dependabot alerts 1431, 1253, 1249, 1348. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

mydea · 2026-05-05T13:11:46Z

    "extends": "../../package.json"
  }
-}
+}


probably should not be checked in (this is some weird thing that yarn-update-dependency does for some reason... PRs are welcome xD)

chargome self-assigned this May 5, 2026

mydea reviewed May 5, 2026

View reviewed changes

chargome closed this May 5, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

fix(deps): Bump transitive deps for medium security fixes#20679

fix(deps): Bump transitive deps for medium security fixes#20679
chargome wants to merge 1 commit intodevelopfrom
fix/dependabot-medium-alerts

chargome commented May 5, 2026

Uh oh!

mydea May 5, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Uh oh!

Conversation

chargome commented May 5, 2026

Summary

Uh oh!

mydea May 5, 2026

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants