[17] Sentry Upgrade: v7 → v10 #7017

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft

n-lark wants to merge 2 commits into main from 17-sentry-upgrade

+2,167 −1,172

Draft

[17] Sentry Upgrade: v7 → v10 #7017

Move setUser call to when the user is defined and update init before …

GitHub Advanced Security / Trivy failed Apr 6, 2026 in 3s

40 new alerts including 28 high severity security vulnerabilities

New alerts in code changed by this pull request

Security Alerts:

28 high
4 medium
8 low

Alerts not introduced by this pull request might have been detected because the code changes were too large.

See annotations below for details.

View all branch alerts.

Annotations

Check failure on line 15587 in package-lock.json

Code scanning / Trivy

minimatch: minimatch: Denial of Service via specially crafted glob patterns High

Package: minimatch
Installed Version: 5.1.6
Vulnerability CVE-2026-26996
Severity: HIGH
Fixed Version: 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3
Link: CVE-2026-26996

Check failure on line 15587 in package-lock.json

Code scanning / Trivy

minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns High

Package: minimatch
Installed Version: 5.1.6
Vulnerability CVE-2026-27903
Severity: HIGH
Fixed Version: 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3
Link: CVE-2026-27903

Check failure on line 15587 in package-lock.json

Code scanning / Trivy

minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions High

Package: minimatch
Installed Version: 5.1.6
Vulnerability CVE-2026-27904
Severity: HIGH
Fixed Version: 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4
Link: CVE-2026-27904

Check failure on line 15710 in package-lock.json

Code scanning / Trivy

minimatch: minimatch: Denial of Service via specially crafted glob patterns High

Package: minimatch
Installed Version: 3.0.8
Vulnerability CVE-2026-26996
Severity: HIGH
Fixed Version: 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3
Link: CVE-2026-26996

Check failure on line 15710 in package-lock.json

Code scanning / Trivy

minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns High

Package: minimatch
Installed Version: 3.0.8
Vulnerability CVE-2026-27903
Severity: HIGH
Fixed Version: 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3
Link: CVE-2026-27903

Check failure on line 15710 in package-lock.json

Code scanning / Trivy

minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions High

Package: minimatch
Installed Version: 3.0.8
Vulnerability CVE-2026-27904
Severity: HIGH
Fixed Version: 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4
Link: CVE-2026-27904

Check failure on line 18015 in package-lock.json

Code scanning / Trivy

lodash: lodash: Arbitrary code execution via untrusted input in template imports High

Package: lodash
Installed Version: 4.17.23
Vulnerability CVE-2026-4800
Severity: HIGH
Fixed Version: 4.18.0
Link: CVE-2026-4800

Check failure on line 18669 in package-lock.json

Code scanning / Trivy

minimatch: minimatch: Denial of Service via specially crafted glob patterns High

Package: minimatch
Installed Version: 3.1.2
Vulnerability CVE-2026-26996
Severity: HIGH
Fixed Version: 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3
Link: CVE-2026-26996

Check failure on line 18669 in package-lock.json

Code scanning / Trivy

minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns High

Package: minimatch
Installed Version: 3.1.2
Vulnerability CVE-2026-27903
Severity: HIGH
Fixed Version: 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3
Link: CVE-2026-27903

Check failure on line 18669 in package-lock.json

Code scanning / Trivy

minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions High

Package: minimatch
Installed Version: 3.1.2
Vulnerability CVE-2026-27904
Severity: HIGH
Fixed Version: 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4
Link: CVE-2026-27904

Check failure on line 24157 in package-lock.json

Code scanning / Trivy

Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString() High

Package: serialize-javascript
Installed Version: 6.0.2
Vulnerability GHSA-5c6j-r48x-rmvq
Severity: HIGH
Fixed Version: 7.0.3
Link: GHSA-5c6j-r48x-rmvq

Check failure on line 25837 in package-lock.json

Code scanning / Trivy

node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives High

Package: tar
Installed Version: 6.2.1
Vulnerability CVE-2026-23745
Severity: HIGH
Fixed Version: 7.5.3
Link: CVE-2026-23745

Check failure on line 25837 in package-lock.json

Code scanning / Trivy

node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition High

Package: tar
Installed Version: 6.2.1
Vulnerability CVE-2026-23950
Severity: HIGH
Fixed Version: 7.5.4
Link: CVE-2026-23950

Check failure on line 25837 in package-lock.json

Code scanning / Trivy

node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check High

Package: tar
Installed Version: 6.2.1
Vulnerability CVE-2026-24842
Severity: HIGH
Fixed Version: 7.5.7
Link: CVE-2026-24842

Check failure on line 25837 in package-lock.json

Code scanning / Trivy

node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation High

Package: tar
Installed Version: 6.2.1
Vulnerability CVE-2026-26960
Severity: HIGH
Fixed Version: 7.5.8
Link: CVE-2026-26960

Check failure on line 25837 in package-lock.json

Code scanning / Trivy

node-tar: hardlink path traversal via drive-relative linkpath High

Package: tar
Installed Version: 6.2.1
Vulnerability CVE-2026-29786
Severity: HIGH
Fixed Version: 7.5.10
Link: CVE-2026-29786

Check failure on line 25837 in package-lock.json

Code scanning / Trivy

tar: tar: File overwrite via drive-relative symlink traversal High

Package: tar
Installed Version: 6.2.1
Vulnerability CVE-2026-31802
Severity: HIGH
Fixed Version: 7.5.11
Link: CVE-2026-31802

Check failure on line 4548 in package-lock.json

Code scanning / Trivy

minimatch: minimatch: Denial of Service via specially crafted glob patterns High

Package: minimatch
Installed Version: 10.1.1
Vulnerability CVE-2026-26996
Severity: HIGH
Fixed Version: 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3
Link: CVE-2026-26996

Check failure on line 13325 in package-lock.json

Code scanning / Trivy

defu: Prototype pollution via `__proto__` key in defaults argument High

Package: defu
Installed Version: 6.1.4
Vulnerability CVE-2026-35209
Severity: HIGH
Fixed Version: 6.1.5
Link: CVE-2026-35209

Check failure on line 13261 in package-lock.json

Code scanning / Trivy

minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions High

Package: minimatch
Installed Version: 9.0.1
Vulnerability CVE-2026-27904
Severity: HIGH
Fixed Version: 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4
Link: CVE-2026-27904

Check failure on line 13261 in package-lock.json

Code scanning / Trivy

minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns High

Package: minimatch
Installed Version: 9.0.1
Vulnerability CVE-2026-27903
Severity: HIGH
Fixed Version: 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3
Link: CVE-2026-27903

Check failure on line 13261 in package-lock.json

Code scanning / Trivy

minimatch: minimatch: Denial of Service via specially crafted glob patterns High

Package: minimatch
Installed Version: 9.0.1
Vulnerability CVE-2026-26996
Severity: HIGH
Fixed Version: 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3
Link: CVE-2026-26996

Check failure on line 4548 in package-lock.json

Code scanning / Trivy

minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns High

Package: minimatch
Installed Version: 10.1.1
Vulnerability CVE-2026-27903
Severity: HIGH
Fixed Version: 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3
Link: CVE-2026-27903

Check failure on line 4548 in package-lock.json

Code scanning / Trivy

minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions High

Package: minimatch
Installed Version: 10.1.1
Vulnerability CVE-2026-27904
Severity: HIGH
Fixed Version: 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4
Link: CVE-2026-27904

Check failure on line 9365 in package-lock.json

Code scanning / Trivy

glob: glob: Command Injection Vulnerability via Malicious Filenames High

Package: glob
Installed Version: 10.4.5
Vulnerability CVE-2025-64756
Severity: HIGH
Fixed Version: 11.1.0, 10.5.0
Link: CVE-2025-64756

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[17] Sentry Upgrade: v7 → v10 #7017

Uh oh!

[17] Sentry Upgrade: v7 → v10 #7017

Uh oh!

40 new alerts including 28 high severity security vulnerabilities

New alerts in code changed by this pull request

Annotations

Re-running checks...

[17] Sentry Upgrade: v7 → v10 #7017

Are you sure you want to change the base?

Move setUser call to when the user is defined and update init before …

Uh oh!

[17] Sentry Upgrade: v7 → v10 #7017

Uh oh!

40 new alerts including 28 high severity security vulnerabilities

New alerts in code changed by this pull request

Annotations

Re-running checks...