From 497e6cfa75d11cae4ae3116d225cdedd49e0b158 Mon Sep 17 00:00:00 2001
From: Antonis Lilis <antonis.lilis@sentry.io>
Date: Thu, 26 Feb 2026 14:08:20 +0100
Subject: [PATCH] chore(deps): bump on-headers to ^1.1.0

Adds a yarn resolution to force on-headers to >=1.1.0, patching
HTTP response header manipulation vulnerability (affected range: < 1.1.0).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 package.json | 1 +
 yarn.lock    | 8 ++++----
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/package.json b/package.json
index bd69d55849..78fcbf1204 100644
--- a/package.json
+++ b/package.json
@@ -65,6 +65,7 @@
     "qs": "^6.14.2",
     "lodash": "^4.17.23",
     "tar-fs": "^3.1.1",
+    "on-headers": "^1.1.0",
     "tar": "^7.5.7"
   },
   "version": "0.0.0",
diff --git a/yarn.lock b/yarn.lock
index d9063b15cf..f010165ccc 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -27642,10 +27642,10 @@ __metadata:
   languageName: node
   linkType: hard
 
-"on-headers@npm:~1.0.2":
-  version: 1.0.2
-  resolution: "on-headers@npm:1.0.2"
-  checksum: 2bf13467215d1e540a62a75021e8b318a6cfc5d4fc53af8e8f84ad98dbcea02d506c6d24180cd62e1d769c44721ba542f3154effc1f7579a8288c9f7873ed8e5
+"on-headers@npm:^1.1.0":
+  version: 1.1.0
+  resolution: "on-headers@npm:1.1.0"
+  checksum: 98aa64629f986fb8cc4517dd8bede73c980e31208cba97f4442c330959f60ced3dc6214b83420491f5111fc7c4f4343abe2ea62c85f505cf041d67850f238776
   languageName: node
   linkType: hard