Part of the dependency pinning audit — #6239 / SDK-1316.
The repo currently has no yarn audit or equivalent step in CI to flag known vulnerabilities in npm dependencies.
Note: this is not an established pattern in Sentry JS-ecosystem SDKs (sentry-javascript doesn't have it either), so this may be better addressed org-wide rather than ad hoc.
Part of the dependency pinning audit — #6239 / SDK-1316.
The repo currently has no
yarn auditor equivalent step in CI to flag known vulnerabilities in npm dependencies.Note: this is not an established pattern in Sentry JS-ecosystem SDKs (
sentry-javascriptdoesn't have it either), so this may be better addressed org-wide rather than ad hoc.