chore(sentry-cli): Upgrade to 2.58.6#1278
Conversation
Upgrade sentry-cli to [2.58.6](https://github.com/getsentry/sentry-cli/releases/tag/2.58.6), which includes security fixes.
szokeasaurusrex
force-pushed
the
szokeasaurusrex/bump-sentry-cli-to-safe-version
branch
from
8155d18 to
be21e08
Compare
szokeasaurusrex
changed the title
|
|
||
| await installPackage({ | ||
| packageName: '@sentry/cli@^2', | ||
| packageName: '@sentry/cli@2.58.6', |
There was a problem hiding this comment.
Will this also allow newer versions, e.g. if we ever have a 2.58.7?
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit be21e08. Configure here.
|
|
||
| await installPackage({ | ||
| packageName: '@sentry/cli@^2', | ||
| packageName: '@sentry/cli@2.58.6', |
There was a problem hiding this comment.
Exact version pin prevents future patch updates
Medium Severity
Changing packageName from @sentry/cli@^2 to @sentry/cli@2.58.6 pins users to an exact version. The packageName is passed directly to the package manager install command, so 2.58.6 without a ^ or ~ prefix will save an exact version in the user's package.json. This prevents users from automatically receiving future security patches or bug fixes to @sentry/cli. Using @sentry/cli@~2.58.6 or @sentry/cli@^2.58.6 would ensure users get at least 2.58.6 while still receiving future compatible updates.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit be21e08. Configure here.
1 participant
Upgrade sentry-cli to 2.58.6, which includes security fixes.