Skip to content

chore(deps): bump tmp to ^0.2.4#5711

Open
antonis wants to merge 1 commit intomainfrom
antonis/bump-tmp
Open

chore(deps): bump tmp to ^0.2.4#5711
antonis wants to merge 1 commit intomainfrom
antonis/bump-tmp

Conversation

@antonis
Copy link
Contributor

@antonis antonis commented Feb 24, 2026

Summary

  • Adds a resolutions entry to force tmp to >=0.2.4
  • Fixes arbitrary temporary file/directory write via symbolic link dir parameter (affected range: <= 0.2.3)
  • Consolidates both the 0.0.33 (from @expo/devcert, external-editor, patch-package) and 0.2.3 consumers onto the latest 0.2.x series

Dependabot alerts

Test plan

  • yarn install resolves all tmp consumers to ^0.2.4
  • yarn build passes
  • yarn test passes

🤖 Generated with Claude Code

Adds a yarn resolution to force tmp to >=0.2.4, patching arbitrary
temporary file/directory write via symbolic link dir parameter
(affected range: <= 0.2.3). Consolidates both the 0.0.33 and 0.2.3
consumers onto the latest patched 0.2.x series.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@antonis antonis added the ready-to-merge Triggers the full CI test suite label Feb 24, 2026
@github-actions
Copy link
Contributor

github-actions bot commented Feb 24, 2026

Semver Impact of This PR

None (no version bump detected)

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).


  • chore(deps): bump tmp to ^0.2.4 by antonis in #5711
  • chore(deps): bump getsentry/craft from 2.21.4 to 2.21.7 by dependabot in #5694
  • chore(deps): bump getsentry/craft/.github/workflows/changelog-preview.yml from 2.21.4 to 2.21.7 by dependabot in #5695
  • chore(deps): update CLI to v3.2.2 by github-actions in #5692
  • chore(deps): bump github/codeql-action from 4.32.3 to 4.32.4 by dependabot in #5693
  • chore(deps): update Maestro to v2.2.0 by github-actions in #5691
  • chore(deps): update Cocoa SDK to v9.5.0 by github-actions in #5685
  • chore(deps): update Android SDK Stubs to v8.33.0 by github-actions in #5697
  • chore(deps): update Android SDK to v8.33.0 by github-actions in #5684
  • chore(deps): update Sentry Android Gradle Plugin to v6.1.0 by github-actions in #5687
  • Ref(CI): Add android sdk version check by lucas-zimerman in #5686

🤖 This preview updates automatically when you update the PR.

@antonis antonis marked this pull request as ready for review February 24, 2026 13:08
Copy link

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.

"tar-fs": "^3.1.1",
"tar": "^7.5.7"
"tar": "^7.5.7",
"tmp": "^0.2.4"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Resolutions force incompatible tmp major jump

Medium Severity

The resolutions entry forces all tmp consumers onto ^0.2.4 even when transitive dependencies request tmp@^0.0.33 (e.g., external-editor, patch-package, @expo/devcert). Yarn can override incompatible ranges, which risks runtime/tooling breakage if tmp@0.2.x differs from 0.0.33 semantics.

Additional Locations (1)

Fix in Cursor Fix in Web

@github-actions
Copy link
Contributor

iOS (legacy) Performance metrics 🚀

  Plain With Sentry Diff
Startup time 1193.87 ms 1210.87 ms 17.00 ms
Size 3.38 MiB 4.78 MiB 1.40 MiB

Baseline results on branch: main

Startup times

Revision Plain With Sentry Diff
c08359e+dirty 1235.25 ms 1233.96 ms -1.29 ms
90e7cb3+dirty 1206.61 ms 1209.46 ms 2.84 ms
4e6d7d7+dirty 1206.72 ms 1214.19 ms 7.47 ms
4997892+dirty 1217.98 ms 1222.57 ms 4.60 ms
8e653ac+dirty 1218.63 ms 1223.88 ms 5.24 ms
6bd9054+dirty 1212.20 ms 1217.89 ms 5.70 ms
d751a5d+dirty 1215.57 ms 1220.56 ms 4.99 ms
2f9fb30+dirty 1189.51 ms 1190.71 ms 1.20 ms
8334e91+dirty 1205.45 ms 1210.90 ms 5.45 ms
f8d19f8+dirty 1203.98 ms 1209.74 ms 5.77 ms

App size

Revision Plain With Sentry Diff
c08359e+dirty 2.63 MiB 3.81 MiB 1.18 MiB
90e7cb3+dirty 3.41 MiB 4.58 MiB 1.17 MiB
4e6d7d7+dirty 3.38 MiB 4.60 MiB 1.22 MiB
4997892+dirty 3.38 MiB 4.60 MiB 1.22 MiB
8e653ac+dirty 2.63 MiB 4.01 MiB 1.38 MiB
6bd9054+dirty 3.41 MiB 4.67 MiB 1.25 MiB
d751a5d+dirty 2.63 MiB 3.98 MiB 1.34 MiB
2f9fb30+dirty 3.41 MiB 4.59 MiB 1.18 MiB
8334e91+dirty 3.38 MiB 4.78 MiB 1.40 MiB
f8d19f8+dirty 3.44 MiB 4.59 MiB 1.15 MiB

@github-actions
Copy link
Contributor

Android (legacy) Performance metrics 🚀

  Plain With Sentry Diff
Startup time 425.34 ms 463.43 ms 38.09 ms
Size 43.75 MiB 48.46 MiB 4.71 MiB

Baseline results on branch: main

Startup times

Revision Plain With Sentry Diff
df1f7df+dirty 442.64 ms 427.16 ms -15.48 ms
a483f9f+dirty 396.82 ms 453.28 ms 56.46 ms
a0b15d6 423.06 ms 437.77 ms 14.71 ms
7091004+dirty 416.11 ms 423.90 ms 7.79 ms
5526494 440.84 ms 448.36 ms 7.52 ms
8a4ce6f 422.88 ms 408.33 ms -14.55 ms
526494a+dirty 422.80 ms 438.90 ms 16.10 ms
60cd796+dirty 445.84 ms 492.45 ms 46.61 ms
3bd3f0d+dirty 447.21 ms 472.31 ms 25.10 ms
769e11c+dirty 409.15 ms 446.06 ms 36.91 ms

App size

Revision Plain With Sentry Diff
df1f7df+dirty 43.75 MiB 48.08 MiB 4.33 MiB
a483f9f+dirty 43.75 MiB 48.41 MiB 4.66 MiB
a0b15d6 17.75 MiB 20.15 MiB 2.41 MiB
7091004+dirty 43.75 MiB 47.99 MiB 4.23 MiB
5526494 17.75 MiB 19.68 MiB 1.93 MiB
8a4ce6f 17.75 MiB 19.68 MiB 1.94 MiB
526494a+dirty 43.75 MiB 47.99 MiB 4.24 MiB
60cd796+dirty 43.75 MiB 48.07 MiB 4.32 MiB
3bd3f0d+dirty 17.75 MiB 19.70 MiB 1.95 MiB
769e11c+dirty 43.75 MiB 48.41 MiB 4.66 MiB

@github-actions
Copy link
Contributor

iOS (new) Performance metrics 🚀

  Plain With Sentry Diff
Startup time 1211.34 ms 1209.27 ms -2.07 ms
Size 3.38 MiB 4.78 MiB 1.40 MiB

Baseline results on branch: main

Startup times

Revision Plain With Sentry Diff
90e7cb3+dirty 1212.61 ms 1213.80 ms 1.19 ms
60cd796+dirty 1206.08 ms 1213.36 ms 7.28 ms
8e653ac+dirty 1215.46 ms 1220.20 ms 4.75 ms
f70acbf+dirty 1239.00 ms 1242.53 ms 3.53 ms
ad27f6e+dirty 1214.28 ms 1203.67 ms -10.62 ms
6c11c6a+dirty 1217.55 ms 1221.49 ms 3.94 ms
664c66f+dirty 1195.94 ms 1194.80 ms -1.14 ms
d916aa3+dirty 1211.02 ms 1221.33 ms 10.31 ms
36841a6+dirty 1215.87 ms 1217.27 ms 1.40 ms
bca62c0+dirty 1219.65 ms 1226.14 ms 6.50 ms

App size

Revision Plain With Sentry Diff
90e7cb3+dirty 3.41 MiB 4.58 MiB 1.17 MiB
60cd796+dirty 3.44 MiB 4.67 MiB 1.23 MiB
8e653ac+dirty 3.19 MiB 4.58 MiB 1.39 MiB
f70acbf+dirty 3.19 MiB 4.54 MiB 1.36 MiB
ad27f6e+dirty 3.41 MiB 4.67 MiB 1.25 MiB
6c11c6a+dirty 3.44 MiB 4.60 MiB 1.16 MiB
664c66f+dirty 3.38 MiB 4.60 MiB 1.22 MiB
d916aa3+dirty 3.19 MiB 4.38 MiB 1.19 MiB
36841a6+dirty 3.41 MiB 4.67 MiB 1.25 MiB
bca62c0+dirty 3.38 MiB 4.60 MiB 1.22 MiB

@github-actions
Copy link
Contributor

Android (new) Performance metrics 🚀

  Plain With Sentry Diff
Startup time 379.80 ms 412.00 ms 32.20 ms
Size 43.94 MiB 49.33 MiB 5.39 MiB

Baseline results on branch: main

Startup times

Revision Plain With Sentry Diff
df1f7df+dirty 374.68 ms 384.96 ms 10.28 ms
a483f9f+dirty 428.57 ms 475.98 ms 47.41 ms
7091004+dirty 377.76 ms 402.11 ms 24.35 ms
5526494+dirty 380.79 ms 432.70 ms 51.91 ms
98f632c+dirty 323.98 ms 375.39 ms 51.41 ms
5c16cdc+dirty 375.45 ms 426.62 ms 51.17 ms
8ece263+dirty 369.44 ms 414.65 ms 45.21 ms
a2bb688+dirty 371.19 ms 389.18 ms 17.99 ms
526494a+dirty 361.10 ms 410.84 ms 49.74 ms
60cd796+dirty 410.56 ms 439.00 ms 28.44 ms

App size

Revision Plain With Sentry Diff
df1f7df+dirty 43.94 MiB 48.91 MiB 4.97 MiB
a483f9f+dirty 43.94 MiB 49.27 MiB 5.33 MiB
7091004+dirty 43.94 MiB 48.81 MiB 4.88 MiB
5526494+dirty 7.15 MiB 8.41 MiB 1.26 MiB
98f632c+dirty 7.15 MiB 8.42 MiB 1.27 MiB
5c16cdc+dirty 7.15 MiB 8.41 MiB 1.26 MiB
8ece263+dirty 7.15 MiB 8.41 MiB 1.26 MiB
a2bb688+dirty 7.15 MiB 8.43 MiB 1.28 MiB
526494a+dirty 43.94 MiB 48.82 MiB 4.88 MiB
60cd796+dirty 43.94 MiB 48.90 MiB 4.96 MiB

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

ready-to-merge Triggers the full CI test suite

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant