Skip to content

chore(deps): bump on-headers to ^1.1.0#5704

Merged
lucas-zimerman merged 2 commits intomainfrom
antonis/bump-on-headers
Feb 27, 2026
Merged

chore(deps): bump on-headers to ^1.1.0#5704
lucas-zimerman merged 2 commits intomainfrom
antonis/bump-on-headers

Conversation

@antonis
Copy link
Copy Markdown
Contributor

@antonis antonis commented Feb 24, 2026

Summary

  • Adds a resolutions entry to force on-headers to >=1.1.0
  • Fixes HTTP response header manipulation vulnerability (affected range: < 1.1.0)

Dependabot alerts

Test plan

  • yarn install resolves on-headers to 1.1.0
  • yarn build passes
  • yarn test passes

🤖 Generated with Claude Code

@antonis antonis added the ready-to-merge Triggers the full CI test suite label Feb 24, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Feb 24, 2026
edited
Loading

Semver Impact of This PR

None (no version bump detected)

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).

  • chore(deps): bump on-headers to ^1.1.0 by antonis in #5704
  • chore(deps): bump diff to ^5.2.2 by antonis in #5705
  • chore(deps): update Bundler Plugins to v5.1.1 by github-actions in #5700
  • chore(deps): update JavaScript SDK to v10.40.0 by github-actions in #5715
  • ci: Cancel in-progress CI jobs when a PR is closed or merged by antonis in #5725

🤖 This preview updates automatically when you update the PR.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Feb 24, 2026
edited
Loading

Android (legacy) Performance metrics 🚀

  Plain With Sentry Diff
Startup time 403.71 ms 429.86 ms 26.15 ms
Size 43.75 MiB 48.46 MiB 4.71 MiB

Baseline results on branch: main

Startup times

Revision Plain With Sentry Diff
c7f264b 434.98 ms 452.96 ms 17.98 ms
9f211e3 451.50 ms 500.00 ms 48.50 ms
9ced351+dirty 405.40 ms 419.39 ms 13.98 ms
f70acbf+dirty 373.39 ms 382.81 ms 9.43 ms
f234eb4+dirty 407.62 ms 429.64 ms 22.02 ms
2adbd1e+dirty 433.98 ms 427.96 ms -6.02 ms
7886639+dirty 425.10 ms 477.73 ms 52.63 ms
a206511+dirty 424.28 ms 474.82 ms 50.54 ms
98f632c 424.25 ms 435.48 ms 11.23 ms
46da307 455.92 ms 443.79 ms -12.13 ms

App size

Revision Plain With Sentry Diff
c7f264b 17.75 MiB 19.68 MiB 1.94 MiB
9f211e3 17.75 MiB 19.68 MiB 1.94 MiB
9ced351+dirty 43.75 MiB 48.41 MiB 4.66 MiB
f70acbf+dirty 17.75 MiB 19.68 MiB 1.94 MiB
f234eb4+dirty 17.75 MiB 19.74 MiB 1.99 MiB
2adbd1e+dirty 17.75 MiB 19.70 MiB 1.96 MiB
7886639+dirty 43.75 MiB 48.42 MiB 4.67 MiB
a206511+dirty 43.75 MiB 48.07 MiB 4.32 MiB
98f632c 17.75 MiB 20.15 MiB 2.41 MiB
46da307 17.75 MiB 19.68 MiB 1.93 MiB

Previous results on branch: antonis/bump-on-headers

Startup times

Revision Plain With Sentry Diff
a559e94+dirty 396.36 ms 426.72 ms 30.36 ms
8595ce0+dirty 419.38 ms 481.02 ms 61.64 ms

App size

Revision Plain With Sentry Diff
a559e94+dirty 43.75 MiB 48.46 MiB 4.71 MiB
8595ce0+dirty 43.75 MiB 48.46 MiB 4.71 MiB

@antonis antonis mentioned this pull request Feb 24, 2026
Closed
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Feb 24, 2026
edited
Loading

iOS (legacy) Performance metrics 🚀

  Plain With Sentry Diff
Startup time 1199.13 ms 1200.02 ms 0.89 ms
Size 3.38 MiB 4.78 MiB 1.40 MiB

Baseline results on branch: main

Startup times

Revision Plain With Sentry Diff
ea3e26e+dirty 1229.13 ms 1228.46 ms -0.67 ms
80e4616+dirty 1221.32 ms 1225.64 ms 4.32 ms
818a608+dirty 1205.76 ms 1208.00 ms 2.24 ms
77061ed+dirty 1233.16 ms 1234.88 ms 1.71 ms
bef3709+dirty 1222.07 ms 1220.24 ms -1.83 ms
a206511+dirty 1185.00 ms 1186.35 ms 1.35 ms
74979ac+dirty 1210.49 ms 1213.31 ms 2.82 ms
a2bb688+dirty 1223.53 ms 1232.90 ms 9.37 ms
8a868fe+dirty 1221.50 ms 1230.78 ms 9.28 ms
d590428+dirty 1211.77 ms 1220.51 ms 8.75 ms

App size

Revision Plain With Sentry Diff
ea3e26e+dirty 3.41 MiB 4.58 MiB 1.17 MiB
80e4616+dirty 3.38 MiB 4.60 MiB 1.22 MiB
818a608+dirty 2.63 MiB 3.91 MiB 1.28 MiB
77061ed+dirty 2.63 MiB 3.98 MiB 1.34 MiB
bef3709+dirty 3.38 MiB 4.78 MiB 1.40 MiB
a206511+dirty 3.41 MiB 4.67 MiB 1.25 MiB
74979ac+dirty 3.38 MiB 4.60 MiB 1.22 MiB
a2bb688+dirty 2.63 MiB 3.99 MiB 1.36 MiB
8a868fe+dirty 3.38 MiB 4.60 MiB 1.22 MiB
d590428+dirty 3.38 MiB 4.78 MiB 1.39 MiB

Previous results on branch: antonis/bump-on-headers

Startup times

Revision Plain With Sentry Diff
a559e94+dirty 1215.60 ms 1222.24 ms 6.64 ms
8595ce0+dirty 1208.31 ms 1209.58 ms 1.27 ms

App size

Revision Plain With Sentry Diff
a559e94+dirty 3.38 MiB 4.78 MiB 1.40 MiB
8595ce0+dirty 3.38 MiB 4.78 MiB 1.40 MiB

@antonis antonis marked this pull request as ready for review February 24, 2026 12:18
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Feb 24, 2026
edited
Loading

iOS (new) Performance metrics 🚀

  Plain With Sentry Diff
Startup time 1220.60 ms 1222.72 ms 2.13 ms
Size 3.38 MiB 4.78 MiB 1.40 MiB

Baseline results on branch: main

Startup times

Revision Plain With Sentry Diff
ea3e26e+dirty 1216.61 ms 1214.15 ms -2.47 ms
80e4616+dirty 1206.90 ms 1205.94 ms -0.96 ms
818a608+dirty 1218.84 ms 1223.18 ms 4.34 ms
77061ed+dirty 1210.77 ms 1218.45 ms 7.68 ms
bef3709+dirty 1217.79 ms 1225.33 ms 7.54 ms
a206511+dirty 1225.02 ms 1223.74 ms -1.28 ms
74979ac+dirty 1212.33 ms 1212.54 ms 0.21 ms
a2bb688+dirty 1244.82 ms 1238.60 ms -6.22 ms
8a868fe+dirty 1206.85 ms 1215.04 ms 8.19 ms
d590428+dirty 1221.23 ms 1225.27 ms 4.03 ms

App size

Revision Plain With Sentry Diff
ea3e26e+dirty 3.41 MiB 4.58 MiB 1.17 MiB
80e4616+dirty 3.38 MiB 4.60 MiB 1.22 MiB
818a608+dirty 3.19 MiB 4.48 MiB 1.29 MiB
77061ed+dirty 3.19 MiB 4.54 MiB 1.36 MiB
bef3709+dirty 3.38 MiB 4.78 MiB 1.40 MiB
a206511+dirty 3.41 MiB 4.67 MiB 1.25 MiB
74979ac+dirty 3.38 MiB 4.60 MiB 1.22 MiB
a2bb688+dirty 3.19 MiB 4.56 MiB 1.37 MiB
8a868fe+dirty 3.38 MiB 4.60 MiB 1.22 MiB
d590428+dirty 3.38 MiB 4.78 MiB 1.39 MiB

Previous results on branch: antonis/bump-on-headers

Startup times

Revision Plain With Sentry Diff
a559e94+dirty 1212.70 ms 1218.13 ms 5.44 ms
8595ce0+dirty 1215.23 ms 1221.46 ms 6.23 ms

App size

Revision Plain With Sentry Diff
a559e94+dirty 3.38 MiB 4.78 MiB 1.40 MiB
8595ce0+dirty 3.38 MiB 4.78 MiB 1.40 MiB

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Feb 24, 2026
edited
Loading

Android (new) Performance metrics 🚀

  Plain With Sentry Diff
Startup time 374.17 ms 437.31 ms 63.14 ms
Size 43.94 MiB 49.34 MiB 5.40 MiB

Baseline results on branch: main

Startup times

Revision Plain With Sentry Diff
664c66f+dirty 376.23 ms 389.51 ms 13.28 ms
d73150f+dirty 424.60 ms 454.35 ms 29.75 ms
4a17c8f+dirty 368.54 ms 381.43 ms 12.89 ms
b3b5b0d+dirty 361.42 ms 403.90 ms 42.48 ms
9ced351+dirty 361.74 ms 411.45 ms 49.70 ms
7886639+dirty 530.30 ms 571.34 ms 41.04 ms
c08359e+dirty 406.04 ms 428.87 ms 22.83 ms
3099014+dirty 344.58 ms 404.21 ms 59.63 ms
d751a5d+dirty 341.61 ms 403.06 ms 61.45 ms
682f0f5+dirty 402.33 ms 440.61 ms 38.28 ms

App size

Revision Plain With Sentry Diff
664c66f+dirty 43.94 MiB 49.38 MiB 5.44 MiB
d73150f+dirty 43.94 MiB 49.38 MiB 5.44 MiB
4a17c8f+dirty 43.94 MiB 48.82 MiB 4.88 MiB
b3b5b0d+dirty 7.15 MiB 8.41 MiB 1.26 MiB
9ced351+dirty 43.94 MiB 49.27 MiB 5.33 MiB
7886639+dirty 43.94 MiB 49.28 MiB 5.34 MiB
c08359e+dirty 7.15 MiB 8.42 MiB 1.27 MiB
3099014+dirty 7.15 MiB 8.43 MiB 1.27 MiB
d751a5d+dirty 7.15 MiB 8.41 MiB 1.26 MiB
682f0f5+dirty 43.94 MiB 48.91 MiB 4.97 MiB

Previous results on branch: antonis/bump-on-headers

Startup times

Revision Plain With Sentry Diff
a559e94+dirty 390.73 ms 422.42 ms 31.69 ms
8595ce0+dirty 452.69 ms 483.54 ms 30.85 ms

App size

Revision Plain With Sentry Diff
a559e94+dirty 43.94 MiB 49.33 MiB 5.39 MiB
8595ce0+dirty 43.94 MiB 49.33 MiB 5.39 MiB

@antonis antonis removed the ready-to-merge Triggers the full CI test suite label Feb 26, 2026
@antonis @claude
chore(deps): bump on-headers to ^1.1.0
497e6cf 
Adds a yarn resolution to force on-headers to >=1.1.0, patching
HTTP response header manipulation vulnerability (affected range: < 1.1.0).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@antonis antonis force-pushed the antonis/bump-on-headers branch from a05733b to 497e6cf Compare February 26, 2026 13:08
@antonis antonis added the ready-to-merge Triggers the full CI test suite label Feb 27, 2026
lucas-zimerman
lucas-zimerman approved these changes Feb 27, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@lucas-zimerman lucas-zimerman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@lucas-zimerman lucas-zimerman merged commit 35b66e7 into main Feb 27, 2026
139 of 151 checks passed
@lucas-zimerman lucas-zimerman deleted the antonis/bump-on-headers branch February 27, 2026 11:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lucas-zimerman lucas-zimerman lucas-zimerman approved these changes

@alwx alwx Awaiting requested review from alwx alwx is a code owner

Assignees

No one assigned

Labels

ready-to-merge Triggers the full CI test suite

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@antonis @lucas-zimerman