fix(deps): Resolve shell-quote to >=1.8.4 (Dependabot #547)

[antonis]

📢 Type of change

• Bugfix
• New feature
• Enhancement
• Refactoring

📜 Description

Adds a Yarn resolutions entry to force all transitive shell-quote instances to >=1.8.4, fixing the critical command injection vulnerability (Dependabot #547).

shell-quote's quote() did not escape newlines in object .op values, allowing shell command injection. The fix replaces per-character escaping with strict allowlist validation.

💡 Motivation and Context

shell-quote is not a direct dependency — it's pulled in transitively by dev/test tooling (@react-native-community/cli-tools, detox, npm-run-all2, react-devtools-core, launch-editor, @appium/support). None of these ship in the published SDK, so end users are not affected. Resolving it clears the critical Dependabot alert.

💚 How did you test it?

• yarn why shell-quote confirms all instances resolve to 1.8.4
• yarn build passes
• yarn test passes

📝 Checklist

• I added tests to verify changes
• No new PII added or SDK only sends newly added PII if sendDefaultPII is enabled
• I updated the docs if needed.
• I updated the wizard if needed.
• All tests passing
• No breaking changes

🔮 Next steps

[github-actions]

Semver Impact of This PR

⚪ None (no version bump detected)

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).

---

• fix(deps): Resolve shell-quote to >=1.8.4 (Dependabot RNSentryModule.captureEvent is ignoring environment #547) by antonis in #6286

• fix(ci): Support version catalog in android SDK version check by antonis in #6280
• test(e2e): Bump E2E tests to React Native 0.86.0 by antonis in #6268
• feat(android): Add nativeStackAndroid support to NativeLinkedErrors by lucas-zimerman in #6278
• chore(deps): bump ruby/setup-ruby from 1.310.0 to 1.313.0 by dependabot in #6282
• chore(deps): update Maestro to v2.6.1 by github-actions in #6277
• chore(deps): bump gradle/actions from 6.1.0 to 6.2.0 by dependabot in #6284
• chore(deps): bump getsentry/craft from 2.26.8 to 2.26.10 by dependabot in #6283
• chore(deps): bump getsentry/craft/.github/workflows/changelog-preview.yml from 2.26.8 to 2.26.10 by dependabot in #6281
• chore(deps): update Sentry Android Gradle Plugin to v6.11.0 by github-actions in #6275
• chore(deps): update Android SDK to v8.43.2 by github-actions in #6273
• chore(deps): bump joi from 17.13.3 to 17.13.4 by dependabot in #6279
• chore(deps): update Cocoa SDK to v9.17.1 by github-actions in #6272
• docs(replay): clarify fast renderer option docs by leohara in #6276
• feat(core): Warn when multiple versions of Sentry JS SDK are detected by antonis in #6269

---

_{🤖 This preview updates automatically when you update the PR.}

[lucas-zimerman]

LGTM!

[github-actions]

iOS (legacy) Performance metrics 🚀

	Plain	With Sentry	Diff
Startup time	3835.93 ms	1223.38 ms	-2612.55 ms
Size	5.15 MiB	6.70 MiB	1.54 MiB

Baseline results on branch: main

Startup times

Revision	Plain	With Sentry	Diff
7d8c8bd+dirty	3837.24 ms	1215.51 ms	-2621.73 ms
a5d243c+dirty	3842.35 ms	1214.29 ms	-2628.06 ms
5c1e987+dirty	1204.30 ms	1222.15 ms	17.85 ms
9474ead+dirty	3864.29 ms	1223.55 ms	-2640.74 ms
267d3ed+dirty	3853.65 ms	1224.70 ms	-2628.94 ms
ef27341+dirty	3856.13 ms	1231.42 ms	-2624.71 ms
c151573+dirty	3841.06 ms	1232.13 ms	-2608.93 ms
d2eadf8+dirty	3842.42 ms	1228.91 ms	-2613.50 ms
1122a96+dirty	3823.10 ms	1218.64 ms	-2604.46 ms
6177334+dirty	3834.85 ms	1217.58 ms	-2617.28 ms

App size

Revision	Plain	With Sentry	Diff
7d8c8bd+dirty	5.15 MiB	6.68 MiB	1.53 MiB
a5d243c+dirty	5.15 MiB	6.68 MiB	1.53 MiB
5c1e987+dirty	3.38 MiB	4.73 MiB	1.35 MiB
9474ead+dirty	5.15 MiB	6.71 MiB	1.55 MiB
267d3ed+dirty	5.15 MiB	6.69 MiB	1.54 MiB
ef27341+dirty	5.15 MiB	6.68 MiB	1.53 MiB
c151573+dirty	5.15 MiB	6.68 MiB	1.53 MiB
d2eadf8+dirty	5.15 MiB	6.67 MiB	1.51 MiB
1122a96+dirty	5.15 MiB	6.68 MiB	1.53 MiB
6177334+dirty	5.15 MiB	6.68 MiB	1.53 MiB

[github-actions]

Android (legacy) Performance metrics 🚀

	Plain	With Sentry	Diff
Startup time	419.56 ms	447.88 ms	28.32 ms
Size	48.30 MiB	53.58 MiB	5.28 MiB

Baseline results on branch: main

Startup times

Revision	Plain	With Sentry	Diff
5ee78d6+dirty	551.80 ms	568.27 ms	16.47 ms
7d6fd3a+dirty	403.02 ms	422.56 ms	19.54 ms
23598c3+dirty	414.12 ms	426.24 ms	12.12 ms
44c8b3f+dirty	414.20 ms	457.28 ms	43.08 ms
5a21b51+dirty	471.42 ms	524.22 ms	52.80 ms
7ac3378+dirty	404.78 ms	439.84 ms	35.06 ms
3ce5254+dirty	410.57 ms	448.48 ms	37.91 ms
100ce80+dirty	463.66 ms	539.56 ms	75.90 ms
853723c+dirty	405.54 ms	440.08 ms	34.54 ms
0d9949d+dirty	403.57 ms	437.00 ms	33.43 ms

App size

Revision	Plain	With Sentry	Diff
5ee78d6+dirty	48.30 MiB	53.58 MiB	5.28 MiB
7d6fd3a+dirty	43.75 MiB	48.14 MiB	4.39 MiB
23598c3+dirty	43.75 MiB	48.16 MiB	4.41 MiB
44c8b3f+dirty	48.30 MiB	53.46 MiB	5.15 MiB
5a21b51+dirty	48.30 MiB	53.49 MiB	5.19 MiB
7ac3378+dirty	43.75 MiB	48.13 MiB	4.37 MiB
3ce5254+dirty	43.75 MiB	48.12 MiB	4.37 MiB
100ce80+dirty	48.30 MiB	53.46 MiB	5.15 MiB
853723c+dirty	48.30 MiB	53.58 MiB	5.28 MiB
0d9949d+dirty	43.75 MiB	48.13 MiB	4.37 MiB

[github-actions]

iOS (new) Performance metrics 🚀

	Plain	With Sentry	Diff
Startup time	3840.91 ms	1225.17 ms	-2615.75 ms
Size	5.15 MiB	6.70 MiB	1.54 MiB

Baseline results on branch: main

Startup times

Revision	Plain	With Sentry	Diff
7d8c8bd+dirty	3847.98 ms	1230.77 ms	-2617.21 ms
a5d243c+dirty	3827.92 ms	1220.10 ms	-2607.81 ms
5c1e987+dirty	1208.43 ms	1220.72 ms	12.29 ms
9474ead+dirty	3823.33 ms	1208.31 ms	-2615.03 ms
267d3ed+dirty	3860.14 ms	1223.39 ms	-2636.76 ms
ef27341+dirty	3835.20 ms	1212.23 ms	-2622.97 ms
c151573+dirty	3835.64 ms	1216.10 ms	-2619.53 ms
d2eadf8+dirty	3841.53 ms	1216.15 ms	-2625.39 ms
1122a96+dirty	3839.17 ms	1219.23 ms	-2619.93 ms
6177334+dirty	3851.52 ms	1226.23 ms	-2625.29 ms

App size

Revision	Plain	With Sentry	Diff
7d8c8bd+dirty	5.15 MiB	6.68 MiB	1.53 MiB
a5d243c+dirty	5.15 MiB	6.68 MiB	1.53 MiB
5c1e987+dirty	3.38 MiB	4.73 MiB	1.35 MiB
9474ead+dirty	5.15 MiB	6.71 MiB	1.55 MiB
267d3ed+dirty	5.15 MiB	6.69 MiB	1.54 MiB
ef27341+dirty	5.15 MiB	6.68 MiB	1.53 MiB
c151573+dirty	5.15 MiB	6.68 MiB	1.53 MiB
d2eadf8+dirty	5.15 MiB	6.67 MiB	1.51 MiB
1122a96+dirty	5.15 MiB	6.68 MiB	1.53 MiB
6177334+dirty	5.15 MiB	6.68 MiB	1.53 MiB

[github-actions]

Android (new) Performance metrics 🚀

	Plain	With Sentry	Diff
Startup time	462.06 ms	488.28 ms	26.22 ms
Size	48.30 MiB	53.58 MiB	5.28 MiB

Baseline results on branch: main

Startup times

Revision	Plain	With Sentry	Diff
853723c+dirty	415.82 ms	460.94 ms	45.12 ms
4e0ba9c+dirty	421.39 ms	455.80 ms	34.41 ms
4953e94+dirty	398.80 ms	431.81 ms	33.01 ms
c151573+dirty	485.39 ms	495.18 ms	9.79 ms
7ff4d0f+dirty	403.38 ms	427.06 ms	23.68 ms
df5d108+dirty	434.82 ms	447.39 ms	12.57 ms
b9bebee+dirty	500.50 ms	536.42 ms	35.92 ms
6176a94+dirty	403.58 ms	446.73 ms	43.15 ms
0d9949d+dirty	414.88 ms	428.68 ms	13.81 ms
04207c4+dirty	395.40 ms	456.55 ms	61.15 ms

App size

Revision	Plain	With Sentry	Diff
853723c+dirty	48.30 MiB	53.58 MiB	5.28 MiB
4e0ba9c+dirty	48.30 MiB	53.49 MiB	5.19 MiB
4953e94+dirty	43.94 MiB	48.94 MiB	5.00 MiB
c151573+dirty	48.30 MiB	53.54 MiB	5.24 MiB
7ff4d0f+dirty	48.30 MiB	53.60 MiB	5.30 MiB
df5d108+dirty	43.94 MiB	48.94 MiB	5.00 MiB
b9bebee+dirty	48.30 MiB	53.58 MiB	5.28 MiB
6176a94+dirty	48.30 MiB	53.54 MiB	5.24 MiB
0d9949d+dirty	43.94 MiB	48.99 MiB	5.05 MiB
04207c4+dirty	43.94 MiB	48.98 MiB	5.04 MiB