From 93eaf2b9442ef5a4f5cf3853258d8142e98150b9 Mon Sep 17 00:00:00 2001
From: Antonis Lilis <antonis.lilis@sentry.io>
Date: Thu, 26 Feb 2026 14:06:43 +0100
Subject: [PATCH] chore(deps): bump tar to ^7.5.8

Updates existing tar resolution from ^7.5.7 to ^7.5.8, patching
arbitrary file read/write via hardlink target escape through symlink
chain during extraction (affected range: < 7.5.8).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 package.json | 2 +-
 yarn.lock    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package.json b/package.json
index bd69d55849..7ac274871f 100644
--- a/package.json
+++ b/package.json
@@ -65,7 +65,7 @@
     "qs": "^6.14.2",
     "lodash": "^4.17.23",
     "tar-fs": "^3.1.1",
-    "tar": "^7.5.7"
+    "tar": "^7.5.8"
   },
   "version": "0.0.0",
   "name": "sentry-react-native",
diff --git a/yarn.lock b/yarn.lock
index d9063b15cf..e30d716b5e 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -32799,7 +32799,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"tar@npm:^7.5.7":
+"tar@npm:^7.5.8":
   version: 7.5.9
   resolution: "tar@npm:7.5.9"
   dependencies: