Skip to content

chore(deps): bump diff to ^5.2.2#5705

Merged
antonis merged 2 commits intomainfrom
antonis/bump-diff
Feb 27, 2026
Merged

chore(deps): bump diff to ^5.2.2#5705
antonis merged 2 commits intomainfrom
antonis/bump-diff

Conversation

@antonis
Copy link
Contributor

@antonis antonis commented Feb 24, 2026

Summary

  • Adds a resolutions entry to force diff to >=5.2.2
  • Fixes DoS vulnerability in parsePatch and applyPatch
  • Consolidates both the 4.x and 5.x consumers onto 5.2.2 (diff 5.x is API-compatible with 4.x for the functions used by transitive dependencies)

Dependabot alerts

Test plan

  • yarn install resolves all diff consumers to 5.2.2
  • yarn build passes
  • yarn test passes

🤖 Generated with Claude Code

@antonis antonis added the ready-to-merge Triggers the full CI test suite label Feb 24, 2026
@github-actions
Copy link
Contributor

github-actions bot commented Feb 24, 2026
edited
Loading

Semver Impact of This PR

None (no version bump detected)

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).

  • chore(deps): bump diff to ^5.2.2 by antonis in #5705
  • chore(deps): update JavaScript SDK to v10.40.0 by github-actions in #5715
  • ci: Cancel in-progress CI jobs when a PR is closed or merged by antonis in #5725

🤖 This preview updates automatically when you update the PR.

@antonis antonis mentioned this pull request Feb 24, 2026
Open
@github-actions
Copy link
Contributor

github-actions bot commented Feb 24, 2026
edited
Loading

Android (legacy) Performance metrics 🚀

  Plain With Sentry Diff
Startup time 428.81 ms 475.34 ms 46.53 ms
Size 43.75 MiB 48.46 MiB 4.71 MiB

Baseline results on branch: main

Startup times

Revision Plain With Sentry Diff
c7f264b 434.98 ms 452.96 ms 17.98 ms
9f211e3 451.50 ms 500.00 ms 48.50 ms
9ced351+dirty 405.40 ms 419.39 ms 13.98 ms
f70acbf+dirty 373.39 ms 382.81 ms 9.43 ms
f234eb4+dirty 407.62 ms 429.64 ms 22.02 ms
2adbd1e+dirty 433.98 ms 427.96 ms -6.02 ms
7886639+dirty 425.10 ms 477.73 ms 52.63 ms
a206511+dirty 424.28 ms 474.82 ms 50.54 ms
98f632c 424.25 ms 435.48 ms 11.23 ms
46da307 455.92 ms 443.79 ms -12.13 ms

App size

Revision Plain With Sentry Diff
c7f264b 17.75 MiB 19.68 MiB 1.94 MiB
9f211e3 17.75 MiB 19.68 MiB 1.94 MiB
9ced351+dirty 43.75 MiB 48.41 MiB 4.66 MiB
f70acbf+dirty 17.75 MiB 19.68 MiB 1.94 MiB
f234eb4+dirty 17.75 MiB 19.74 MiB 1.99 MiB
2adbd1e+dirty 17.75 MiB 19.70 MiB 1.96 MiB
7886639+dirty 43.75 MiB 48.42 MiB 4.67 MiB
a206511+dirty 43.75 MiB 48.07 MiB 4.32 MiB
98f632c 17.75 MiB 20.15 MiB 2.41 MiB
46da307 17.75 MiB 19.68 MiB 1.93 MiB

Previous results on branch: antonis/bump-diff

Startup times

Revision Plain With Sentry Diff
cb2d825+dirty 400.62 ms 442.47 ms 41.85 ms

App size

Revision Plain With Sentry Diff
cb2d825+dirty 43.75 MiB 48.46 MiB 4.71 MiB

@github-actions
Copy link
Contributor

github-actions bot commented Feb 24, 2026
edited
Loading

iOS (legacy) Performance metrics 🚀

  Plain With Sentry Diff
Startup time 1211.60 ms 1209.58 ms -2.02 ms
Size 3.38 MiB 4.78 MiB 1.40 MiB

Baseline results on branch: main

Startup times

Revision Plain With Sentry Diff
ea3e26e+dirty 1229.13 ms 1228.46 ms -0.67 ms
80e4616+dirty 1221.32 ms 1225.64 ms 4.32 ms
818a608+dirty 1205.76 ms 1208.00 ms 2.24 ms
77061ed+dirty 1233.16 ms 1234.88 ms 1.71 ms
bef3709+dirty 1222.07 ms 1220.24 ms -1.83 ms
a206511+dirty 1185.00 ms 1186.35 ms 1.35 ms
74979ac+dirty 1210.49 ms 1213.31 ms 2.82 ms
a2bb688+dirty 1223.53 ms 1232.90 ms 9.37 ms
8a868fe+dirty 1221.50 ms 1230.78 ms 9.28 ms
d590428+dirty 1211.77 ms 1220.51 ms 8.75 ms

App size

Revision Plain With Sentry Diff
ea3e26e+dirty 3.41 MiB 4.58 MiB 1.17 MiB
80e4616+dirty 3.38 MiB 4.60 MiB 1.22 MiB
818a608+dirty 2.63 MiB 3.91 MiB 1.28 MiB
77061ed+dirty 2.63 MiB 3.98 MiB 1.34 MiB
bef3709+dirty 3.38 MiB 4.78 MiB 1.40 MiB
a206511+dirty 3.41 MiB 4.67 MiB 1.25 MiB
74979ac+dirty 3.38 MiB 4.60 MiB 1.22 MiB
a2bb688+dirty 2.63 MiB 3.99 MiB 1.36 MiB
8a868fe+dirty 3.38 MiB 4.60 MiB 1.22 MiB
d590428+dirty 3.38 MiB 4.78 MiB 1.39 MiB

Previous results on branch: antonis/bump-diff

Startup times

Revision Plain With Sentry Diff
cb2d825+dirty 1207.04 ms 1214.83 ms 7.79 ms

App size

Revision Plain With Sentry Diff
cb2d825+dirty 3.38 MiB 4.78 MiB 1.40 MiB

@antonis antonis marked this pull request as ready for review February 24, 2026 12:19
@github-actions
Copy link
Contributor

github-actions bot commented Feb 24, 2026
edited
Loading

Android (new) Performance metrics 🚀

  Plain With Sentry Diff
Startup time 430.31 ms 522.61 ms 92.31 ms
Size 43.94 MiB 49.34 MiB 5.40 MiB

Baseline results on branch: main

Startup times

Revision Plain With Sentry Diff
664c66f+dirty 376.23 ms 389.51 ms 13.28 ms
d73150f+dirty 424.60 ms 454.35 ms 29.75 ms
4a17c8f+dirty 368.54 ms 381.43 ms 12.89 ms
b3b5b0d+dirty 361.42 ms 403.90 ms 42.48 ms
9ced351+dirty 361.74 ms 411.45 ms 49.70 ms
7886639+dirty 530.30 ms 571.34 ms 41.04 ms
c08359e+dirty 406.04 ms 428.87 ms 22.83 ms
3099014+dirty 344.58 ms 404.21 ms 59.63 ms
d751a5d+dirty 341.61 ms 403.06 ms 61.45 ms
682f0f5+dirty 402.33 ms 440.61 ms 38.28 ms

App size

Revision Plain With Sentry Diff
664c66f+dirty 43.94 MiB 49.38 MiB 5.44 MiB
d73150f+dirty 43.94 MiB 49.38 MiB 5.44 MiB
4a17c8f+dirty 43.94 MiB 48.82 MiB 4.88 MiB
b3b5b0d+dirty 7.15 MiB 8.41 MiB 1.26 MiB
9ced351+dirty 43.94 MiB 49.27 MiB 5.33 MiB
7886639+dirty 43.94 MiB 49.28 MiB 5.34 MiB
c08359e+dirty 7.15 MiB 8.42 MiB 1.27 MiB
3099014+dirty 7.15 MiB 8.43 MiB 1.27 MiB
d751a5d+dirty 7.15 MiB 8.41 MiB 1.26 MiB
682f0f5+dirty 43.94 MiB 48.91 MiB 4.97 MiB

Previous results on branch: antonis/bump-diff

Startup times

Revision Plain With Sentry Diff
cb2d825+dirty 499.60 ms 500.38 ms 0.79 ms

App size

Revision Plain With Sentry Diff
cb2d825+dirty 43.94 MiB 49.33 MiB 5.39 MiB

@github-actions
Copy link
Contributor

github-actions bot commented Feb 24, 2026
edited
Loading

iOS (new) Performance metrics 🚀

  Plain With Sentry Diff
Startup time 1215.49 ms 1223.95 ms 8.46 ms
Size 3.38 MiB 4.78 MiB 1.40 MiB

Baseline results on branch: main

Startup times

Revision Plain With Sentry Diff
ea3e26e+dirty 1216.61 ms 1214.15 ms -2.47 ms
80e4616+dirty 1206.90 ms 1205.94 ms -0.96 ms
818a608+dirty 1218.84 ms 1223.18 ms 4.34 ms
77061ed+dirty 1210.77 ms 1218.45 ms 7.68 ms
bef3709+dirty 1217.79 ms 1225.33 ms 7.54 ms
a206511+dirty 1225.02 ms 1223.74 ms -1.28 ms
74979ac+dirty 1212.33 ms 1212.54 ms 0.21 ms
a2bb688+dirty 1244.82 ms 1238.60 ms -6.22 ms
8a868fe+dirty 1206.85 ms 1215.04 ms 8.19 ms
d590428+dirty 1221.23 ms 1225.27 ms 4.03 ms

App size

Revision Plain With Sentry Diff
ea3e26e+dirty 3.41 MiB 4.58 MiB 1.17 MiB
80e4616+dirty 3.38 MiB 4.60 MiB 1.22 MiB
818a608+dirty 3.19 MiB 4.48 MiB 1.29 MiB
77061ed+dirty 3.19 MiB 4.54 MiB 1.36 MiB
bef3709+dirty 3.38 MiB 4.78 MiB 1.40 MiB
a206511+dirty 3.41 MiB 4.67 MiB 1.25 MiB
74979ac+dirty 3.38 MiB 4.60 MiB 1.22 MiB
a2bb688+dirty 3.19 MiB 4.56 MiB 1.37 MiB
8a868fe+dirty 3.38 MiB 4.60 MiB 1.22 MiB
d590428+dirty 3.38 MiB 4.78 MiB 1.39 MiB

Previous results on branch: antonis/bump-diff

Startup times

Revision Plain With Sentry Diff
cb2d825+dirty 1208.29 ms 1209.78 ms 1.48 ms

App size

Revision Plain With Sentry Diff
cb2d825+dirty 3.38 MiB 4.78 MiB 1.40 MiB

@antonis antonis removed the ready-to-merge Triggers the full CI test suite label Feb 26, 2026
@antonis @claude
chore(deps): bump diff to ^5.2.2
d498092 
Adds a yarn resolution to force diff to >=5.2.2, patching DoS
vulnerabilities in parsePatch and applyPatch. Resolves both the
4.x (affected: >= 4.0.0, < 4.0.4) and 5.x (affected: >= 5.0.0, < 5.2.2)
series by consolidating all consumers onto 5.2.2.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
lucas-zimerman
lucas-zimerman approved these changes Feb 26, 2026
View reviewed changes
Copy link
Collaborator

@lucas-zimerman lucas-zimerman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@antonis antonis added the ready-to-merge Triggers the full CI test suite label Feb 26, 2026
@antonis antonis merged commit 45cf252 into main Feb 27, 2026
109 of 113 checks passed
@antonis antonis deleted the antonis/bump-diff branch February 27, 2026 05:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lucas-zimerman lucas-zimerman lucas-zimerman approved these changes

@alwx alwx Awaiting requested review from alwx alwx is a code owner

Assignees

No one assigned

Labels

ready-to-merge Triggers the full CI test suite

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@antonis @lucas-zimerman