From e89a3a8d83ae23002ddd74573d5357e02a259e17 Mon Sep 17 00:00:00 2001
From: Antonis Lilis <antonis.lilis@sentry.io>
Date: Mon, 16 Mar 2026 11:21:26 +0100
Subject: [PATCH] chore(deps): bump tar to ^7.5.11

Fixes Dependabot alerts for tar path traversal vulnerabilities.

https://github.com/getsentry/sentry-react-native/security/dependabot/445
https://github.com/getsentry/sentry-react-native/security/dependabot/443

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 package.json | 2 +-
 yarn.lock    | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package.json b/package.json
index 7dcc1e10a6..a7e4c459f7 100644
--- a/package.json
+++ b/package.json
@@ -129,7 +129,7 @@
     "tar-fs": "^3.1.1",
     "on-headers": "^1.1.0",
     "diff": "^5.2.2",
-    "tar": "^7.5.10",
+    "tar": "^7.5.11",
     "tmp": "^0.2.4"
   },
   "version": "0.0.0",
diff --git a/yarn.lock b/yarn.lock
index bba517a57f..979f74e27e 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -33509,16 +33509,16 @@ __metadata:
   languageName: node
   linkType: hard
 
-"tar@npm:^7.5.10":
-  version: 7.5.10
-  resolution: "tar@npm:7.5.10"
+"tar@npm:^7.5.11":
+  version: 7.5.11
+  resolution: "tar@npm:7.5.11"
   dependencies:
     "@isaacs/fs-minipass": ^4.0.0
     chownr: ^3.0.0
     minipass: ^7.1.2
     minizlib: ^3.1.0
     yallist: ^5.0.0
-  checksum: aed1a7ae188fc80539184682bfaed7c4d5ae276f591dce67cc03b4ed8898aebde0cc195187f6abd455e3f25b24399a809ed2eaf6410ca3abc1ba30b19a94089e
+  checksum: 7f6785a85dd571b88985e493ec86f692962cbfa7b4017961fddfd2241e0ff3bcd89ed347f4c02b5433aa22b30cca5566e8711543df054fda8fd12425f505378f
   languageName: node
   linkType: hard