chore(deps): bump ajv to fix ReDoS vulnerabilities

antonis · claude · antonis · commit 4b79b83ce119 · 2026-02-26T14:32:08.000+01:00
Uses scoped yarn resolutions to bump ajv: - eslint/eslintrc consumers: 6.12.6 → 6.14.0 (fixes alert #423) - appium, detox, expo-dev-launcher: → 8.18.0 (fixes alert #424) Parent-scoped resolutions avoid the unscoped override that would force eslint onto incompatible ajv v8. https://github.com/getsentry/sentry-react-native/security/dependabot/423 https://github.com/getsentry/sentry-react-native/security/dependabot/424 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
diff --git a/package.json b/package.json
@@ -60,6 +60,14 @@
   ],
   "resolutions": {
     "appium-chromedriver@npm:5.6.73/@xmldom/xmldom": "0.8.10",
+    "appium@npm:2.4.1/ajv": "^8.18.0",
+    "detox@npm:20.46.0/ajv": "^8.18.0",
+    "expo-dev-launcher@npm:6.0.20/ajv": "^8.18.0",
+    "@eslint/eslintrc@npm:2.1.4/ajv": "^6.14.0",
+    "@eslint/eslintrc@npm:3.3.3/ajv": "^6.14.0",
+    "eslint@npm:8.57.0/ajv": "^6.14.0",
+    "eslint@npm:8.57.1/ajv": "^6.14.0",
+    "eslint@npm:9.39.2/ajv": "^6.14.0",
     "fast-xml-parser": "^5.3.6",
     "form-data": "4.0.4",
     "qs": "^6.14.2",
diff --git a/yarn.lock b/yarn.lock
@@ -13682,31 +13682,19 @@ __metadata:
   languageName: node
   linkType: hard
 
-"ajv@npm:8.12.0":
-  version: 8.12.0
-  resolution: "ajv@npm:8.12.0"
+"ajv@npm:^6.14.0":
+  version: 6.14.0
+  resolution: "ajv@npm:6.14.0"
   dependencies:
     fast-deep-equal: ^3.1.1
-    json-schema-traverse: ^1.0.0
-    require-from-string: ^2.0.2
+    fast-json-stable-stringify: ^2.0.0
+    json-schema-traverse: ^0.4.1
     uri-js: ^4.2.2
-  checksum: 4dc13714e316e67537c8b31bc063f99a1d9d9a497eb4bbd55191ac0dcd5e4985bbb71570352ad6f1e76684fb6d790928f96ba3b2d4fd6e10024be9612fe3f001
+  checksum: 7bb3ea97bb8af52521589079f427e799b6561acaa94f50e13410cb87588c51df8db1afe1157b3e48f1a829269adaa11116e0c2cafe2b998add1523789809a3c5
   languageName: node
   linkType: hard
 
-"ajv@npm:^6.12.4":
-  version: 6.12.6
-  resolution: "ajv@npm:6.12.6"
-  dependencies:
-    fast-deep-equal: "npm:^3.1.1"
-    fast-json-stable-stringify: "npm:^2.0.0"
-    json-schema-traverse: "npm:^0.4.1"
-    uri-js: "npm:^4.2.2"
-  checksum: 874972efe5c4202ab0a68379481fbd3d1b5d0a7bd6d3cc21d40d3536ebff3352a2a1fabb632d4fd2cc7fe4cbdcd5ed6782084c9bbf7f32a1536d18f9da5007d4
-  languageName: node
-  linkType: hard
-
-"ajv@npm:^8.0.0, ajv@npm:^8.11.0, ajv@npm:^8.6.3":
+"ajv@npm:^8.0.0":
   version: 8.17.1
   resolution: "ajv@npm:8.17.1"
   dependencies:
@@ -13718,6 +13706,18 @@ __metadata:
   languageName: node
   linkType: hard
 
+"ajv@npm:^8.18.0":
+  version: 8.18.0
+  resolution: "ajv@npm:8.18.0"
+  dependencies:
+    fast-deep-equal: ^3.1.3
+    fast-uri: ^3.0.1
+    json-schema-traverse: ^1.0.0
+    require-from-string: ^2.0.2
+  checksum: bcdf6c7b040ca488108e2b4e219b31cf9ed478331007d4dd1ed8acc3946dd6b84295817c0f4724207b8dd8589c9966168b2fd4c7f32109d4b8526cdd3743e936
+  languageName: node
+  linkType: hard
+
 "anser@npm:^1.4.9":
   version: 1.4.10
   resolution: "anser@npm:1.4.10"
