From a4bc86c2e75e6d631fe9bf50c9159cf3decb0b20 Mon Sep 17 00:00:00 2001 From: Antonis Lilis Date: Fri, 8 May 2026 12:10:21 +0200 Subject: [PATCH] chore(deps): bump uuid to ^13.0.1 to fix buffer bounds check vulnerability Adds scoped resolutions for @appium/support and node-simctl to upgrade uuid from 13.0.0 to ^13.0.1. Fixes missing buffer bounds check in v3/v5/v6 when buf is provided. Co-Authored-By: Claude Opus 4.6 --- package.json | 4 +++- yarn.lock | 18 +++++++++--------- 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/package.json b/package.json index 51bb511b8d..07656faa33 100644 --- a/package.json +++ b/package.json @@ -130,7 +130,9 @@ "@appium/support@npm:7.0.6/yauzl": "^3.2.1", "appium-ios-remotexpc@npm:0.36.0/@xmldom/xmldom": "^0.9.10", "appium-ios-simulator@npm:8.0.12/@xmldom/xmldom": "^0.9.10", - "postcss": "^8.5.10" + "postcss": "^8.5.10", + "@appium/support@npm:7.0.6/uuid": "^13.0.1", + "node-simctl@npm:8.1.6/uuid": "^13.0.1" }, "version": "0.0.0", "name": "sentry-react-native", diff --git a/yarn.lock b/yarn.lock index aaca97654a..82c8070217 100644 --- a/yarn.lock +++ b/yarn.lock @@ -32552,15 +32552,6 @@ __metadata: languageName: node linkType: hard -"uuid@npm:13.0.0, uuid@npm:^13.0.0": - version: 13.0.0 - resolution: "uuid@npm:13.0.0" - bin: - uuid: dist-node/bin/uuid - checksum: 7510ee1ab371be5339ef26ff8cabc2f4a2c60640ff880652968f758072f53bd4f4af1c8b0e671a8c9bb29ef926a24dec3ef0e3861d78183b39291a85743a9f96 - languageName: node - linkType: hard - "uuid@npm:^10.0.0": version: 10.0.0 resolution: "uuid@npm:10.0.0" @@ -32570,6 +32561,15 @@ __metadata: languageName: node linkType: hard +"uuid@npm:^13.0.1": + version: 13.0.2 + resolution: "uuid@npm:13.0.2" + bin: + uuid: dist-node/bin/uuid + checksum: b8ca7da03b5563ad7ee9a9e38f5c6d63709183d5ae5c8f4c638fcf6f7349e7f3f0e4d1699f24f42d9f7b0f2f6e376a11c032750d2fc4a45e2dfab70142c9caf1 + languageName: node + linkType: hard + "uuid@npm:^7.0.3": version: 7.0.3 resolution: "uuid@npm:7.0.3"