chore(deps): bump js-yaml to fix prototype pollution in merge

[antonis]

Summary

• Fixes prototype pollution via merge (<<) in both the 3.x and 4.x series
• 3.x (3.14.1 → 3.14.2): uses parent-scoped resolutions for the four 3.x consumers (@istanbuljs/load-nyc-config, @yarnpkg/parsers, cosmiconfig, front-matter) to preserve 3.x API compatibility — js-yaml 4.x has breaking API changes (safeLoad removed)
• 4.x (4.1.0 → 4.1.1): unscoped resolution covers all remaining consumers

Dependabot alerts

• https://github.com/getsentry/sentry-react-native/security/dependabot/376
• https://github.com/getsentry/sentry-react-native/security/dependabot/377

Test plan

• yarn install resolves 3.x consumers to 3.14.2 and 4.x consumers to 4.1.1
• yarn build passes
• yarn test passes

🤖 Generated with Claude Code

[github-actions]

Semver Impact of This PR

⚪ None (no version bump detected)

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).

---

• chore(deps): bump js-yaml to fix prototype pollution in merge by antonis in #5709

• chore(deps): bump ajv to fix ReDoS in $data option by antonis in #5710
• chore(deps): update CLI to v3.2.3 by github-actions in #5743
• Fixes the issue with unit mismatch in adjustTransactionDuration by alwx in #5740
• Handle inactive state for spans by alwx in #5742
• chore(deps): bump actions/github-script from 7 to 8 by dependabot in #5737
• chore(deps): bump actions/upload-artifact from 6 to 7 by dependabot in #5739
• chore(deps): bump futureware-tech/simulator-action from 4 to 5 by dependabot in #5735
• chore(deps): bump actions/download-artifact from 7 to 8 by dependabot in #5736
• chore(deps): bump path-to-regexp to 0.1.12 by antonis in #5706
• fix(ios): resolve relative SOURCEMAP_FILE against project root in Xcode build script by antonis in #5730
• test(metro): Add type tests for SentryExpoConfigOptions.getDefaultConfig by antonis in #5733
• chore(deps): bump axios to ^1.13.5 by antonis in #5708
• chore(deps): bump on-headers to ^1.1.0 by antonis in #5704
• chore(deps): bump dottie from 2.0.6 to 2.0.7 by dependabot in #5731
• Cirrus Labs runners for other important workflows (where it makes sense to do so) + Ubuntu update (22.04 -> 24.04) by alwx in #5696
• chore(deps): bump diff to ^5.2.2 by antonis in #5705
• chore(deps): update Bundler Plugins to v5.1.1 by github-actions in #5700
• chore(deps): update JavaScript SDK to v10.40.0 by github-actions in #5715
• ci: Cancel in-progress CI jobs when a PR is closed or merged by antonis in #5725

---

_{🤖 This preview updates automatically when you update the PR.}

[github-actions]

Android (legacy) Performance metrics 🚀

	Plain	With Sentry	Diff
Startup time	506.11 ms	531.20 ms	25.09 ms
Size	43.75 MiB	48.46 MiB	4.71 MiB

Baseline results on branch: main

Startup times

Revision	Plain	With Sentry	Diff
86584b7+dirty	463.83 ms	500.31 ms	36.48 ms
9a81842+dirty	412.23 ms	416.56 ms	4.33 ms
c637fc7+dirty	433.70 ms	467.76 ms	34.06 ms
d73150f+dirty	411.21 ms	465.86 ms	54.65 ms
fa7bb7e+dirty	350.37 ms	377.02 ms	26.65 ms
3bd3f0d+dirty	447.21 ms	472.31 ms	25.10 ms
88890fe+dirty	350.94 ms	365.74 ms	14.80 ms
95aaf8a	437.89 ms	419.45 ms	-18.44 ms
c0842e7+dirty	527.76 ms	566.69 ms	38.93 ms
1e7a472+dirty	348.80 ms	362.55 ms	13.75 ms

App size

Revision	Plain	With Sentry	Diff
86584b7+dirty	43.75 MiB	48.08 MiB	4.33 MiB
9a81842+dirty	43.75 MiB	48.08 MiB	4.33 MiB
c637fc7+dirty	43.75 MiB	48.40 MiB	4.64 MiB
d73150f+dirty	43.75 MiB	48.55 MiB	4.80 MiB
fa7bb7e+dirty	17.75 MiB	19.75 MiB	2.00 MiB
3bd3f0d+dirty	17.75 MiB	19.70 MiB	1.95 MiB
88890fe+dirty	17.75 MiB	19.71 MiB	1.96 MiB
95aaf8a	17.75 MiB	19.68 MiB	1.93 MiB
c0842e7+dirty	43.75 MiB	48.41 MiB	4.66 MiB
1e7a472+dirty	17.75 MiB	19.70 MiB	1.96 MiB

Previous results on branch: antonis/bump-js-yaml

Startup times

Revision	Plain	With Sentry	Diff
8c6a2d5+dirty	402.84 ms	427.48 ms	24.64 ms
1c0070d+dirty	396.42 ms	444.56 ms	48.14 ms

App size

Revision	Plain	With Sentry	Diff
8c6a2d5+dirty	43.75 MiB	48.46 MiB	4.71 MiB
1c0070d+dirty	43.75 MiB	48.46 MiB	4.71 MiB

[github-actions]

iOS (legacy) Performance metrics 🚀

	Plain	With Sentry	Diff
Startup time	1213.32 ms	1217.56 ms	4.24 ms
Size	3.38 MiB	4.78 MiB	1.40 MiB

Baseline results on branch: main

Startup times

Revision	Plain	With Sentry	Diff
ea3e26e+dirty	1229.13 ms	1228.46 ms	-0.67 ms
80e4616+dirty	1221.32 ms	1225.64 ms	4.32 ms
818a608+dirty	1205.76 ms	1208.00 ms	2.24 ms
77061ed+dirty	1233.16 ms	1234.88 ms	1.71 ms
bef3709+dirty	1222.07 ms	1220.24 ms	-1.83 ms
a206511+dirty	1185.00 ms	1186.35 ms	1.35 ms
74979ac+dirty	1210.49 ms	1213.31 ms	2.82 ms
a2bb688+dirty	1223.53 ms	1232.90 ms	9.37 ms
8a868fe+dirty	1221.50 ms	1230.78 ms	9.28 ms
d590428+dirty	1211.77 ms	1220.51 ms	8.75 ms

App size

Revision	Plain	With Sentry	Diff
ea3e26e+dirty	3.41 MiB	4.58 MiB	1.17 MiB
80e4616+dirty	3.38 MiB	4.60 MiB	1.22 MiB
818a608+dirty	2.63 MiB	3.91 MiB	1.28 MiB
77061ed+dirty	2.63 MiB	3.98 MiB	1.34 MiB
bef3709+dirty	3.38 MiB	4.78 MiB	1.40 MiB
a206511+dirty	3.41 MiB	4.67 MiB	1.25 MiB
74979ac+dirty	3.38 MiB	4.60 MiB	1.22 MiB
a2bb688+dirty	2.63 MiB	3.99 MiB	1.36 MiB
8a868fe+dirty	3.38 MiB	4.60 MiB	1.22 MiB
d590428+dirty	3.38 MiB	4.78 MiB	1.39 MiB

Previous results on branch: antonis/bump-js-yaml

Startup times

Revision	Plain	With Sentry	Diff
8c6a2d5+dirty	1209.67 ms	1212.80 ms	3.13 ms
1c0070d+dirty	1225.49 ms	1228.74 ms	3.25 ms

App size

Revision	Plain	With Sentry	Diff
8c6a2d5+dirty	3.38 MiB	4.78 MiB	1.40 MiB
1c0070d+dirty	3.38 MiB	4.78 MiB	1.40 MiB

[github-actions]

iOS (new) Performance metrics 🚀

	Plain	With Sentry	Diff
Startup time	1209.67 ms	1209.43 ms	-0.25 ms
Size	3.38 MiB	4.78 MiB	1.40 MiB

Baseline results on branch: main

Startup times

Revision	Plain	With Sentry	Diff
ea3e26e+dirty	1216.61 ms	1214.15 ms	-2.47 ms
80e4616+dirty	1206.90 ms	1205.94 ms	-0.96 ms
818a608+dirty	1218.84 ms	1223.18 ms	4.34 ms
77061ed+dirty	1210.77 ms	1218.45 ms	7.68 ms
bef3709+dirty	1217.79 ms	1225.33 ms	7.54 ms
a206511+dirty	1225.02 ms	1223.74 ms	-1.28 ms
74979ac+dirty	1212.33 ms	1212.54 ms	0.21 ms
a2bb688+dirty	1244.82 ms	1238.60 ms	-6.22 ms
8a868fe+dirty	1206.85 ms	1215.04 ms	8.19 ms
d590428+dirty	1221.23 ms	1225.27 ms	4.03 ms

App size

Revision	Plain	With Sentry	Diff
ea3e26e+dirty	3.41 MiB	4.58 MiB	1.17 MiB
80e4616+dirty	3.38 MiB	4.60 MiB	1.22 MiB
818a608+dirty	3.19 MiB	4.48 MiB	1.29 MiB
77061ed+dirty	3.19 MiB	4.54 MiB	1.36 MiB
bef3709+dirty	3.38 MiB	4.78 MiB	1.40 MiB
a206511+dirty	3.41 MiB	4.67 MiB	1.25 MiB
74979ac+dirty	3.38 MiB	4.60 MiB	1.22 MiB
a2bb688+dirty	3.19 MiB	4.56 MiB	1.37 MiB
8a868fe+dirty	3.38 MiB	4.60 MiB	1.22 MiB
d590428+dirty	3.38 MiB	4.78 MiB	1.39 MiB

Previous results on branch: antonis/bump-js-yaml

Startup times

Revision	Plain	With Sentry	Diff
8c6a2d5+dirty	1222.98 ms	1224.71 ms	1.73 ms
1c0070d+dirty	1213.49 ms	1221.12 ms	7.63 ms

App size

Revision	Plain	With Sentry	Diff
8c6a2d5+dirty	3.38 MiB	4.78 MiB	1.40 MiB
1c0070d+dirty	3.38 MiB	4.78 MiB	1.40 MiB

[github-actions]

Android (new) Performance metrics 🚀

	Plain	With Sentry	Diff
Startup time	377.94 ms	413.04 ms	35.10 ms
Size	43.94 MiB	49.34 MiB	5.40 MiB

Baseline results on branch: main

Startup times

Revision	Plain	With Sentry	Diff
7480abe+dirty	363.80 ms	431.34 ms	67.54 ms
2b89ce9+dirty	372.22 ms	417.06 ms	44.84 ms
170d5ea+dirty	348.79 ms	406.94 ms	58.15 ms
b1579bc+dirty	391.87 ms	456.26 ms	64.39 ms
73f2455+dirty	369.33 ms	398.90 ms	29.57 ms
0b64753+dirty	358.55 ms	429.16 ms	70.61 ms
6a70a7e+dirty	382.45 ms	424.54 ms	42.09 ms
2adbd1e+dirty	366.13 ms	419.49 ms	53.36 ms
f8d19f8+dirty	374.17 ms	383.40 ms	9.23 ms
7be1f99+dirty	369.02 ms	399.60 ms	30.58 ms

App size

Revision	Plain	With Sentry	Diff
7480abe+dirty	7.15 MiB	8.41 MiB	1.26 MiB
2b89ce9+dirty	7.15 MiB	8.41 MiB	1.26 MiB
170d5ea+dirty	7.15 MiB	8.42 MiB	1.27 MiB
b1579bc+dirty	43.94 MiB	49.27 MiB	5.33 MiB
73f2455+dirty	43.94 MiB	48.82 MiB	4.88 MiB
0b64753+dirty	7.15 MiB	8.42 MiB	1.27 MiB
6a70a7e+dirty	7.15 MiB	8.42 MiB	1.26 MiB
2adbd1e+dirty	7.15 MiB	8.43 MiB	1.28 MiB
f8d19f8+dirty	43.94 MiB	48.91 MiB	4.97 MiB
7be1f99+dirty	7.15 MiB	8.42 MiB	1.27 MiB

Previous results on branch: antonis/bump-js-yaml

Startup times

Revision	Plain	With Sentry	Diff
8c6a2d5+dirty	486.24 ms	531.04 ms	44.80 ms
1c0070d+dirty	459.65 ms	483.59 ms	23.93 ms

App size

Revision	Plain	With Sentry	Diff
8c6a2d5+dirty	43.94 MiB	49.33 MiB	5.39 MiB
1c0070d+dirty	43.94 MiB	49.34 MiB	5.40 MiB

[lucas-zimerman]

LGTM! once test passes

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

[lucas-zimerman]

LGTM once tests passes