fix(deps): Resolve shell-quote to >=1.8.4 (Dependabot #547)

[antonis]

📢 Type of change

• Bugfix
• New feature
• Enhancement
• Refactoring

📜 Description

Adds a Yarn resolutions entry to force all transitive shell-quote instances to >=1.8.4, fixing the critical command injection vulnerability (Dependabot #547).

shell-quote's quote() did not escape newlines in object .op values, allowing shell command injection. The fix replaces per-character escaping with strict allowlist validation.

💡 Motivation and Context

shell-quote is not a direct dependency — it's pulled in transitively by dev/test tooling (@react-native-community/cli-tools, detox, npm-run-all2, react-devtools-core, launch-editor, @appium/support). None of these ship in the published SDK, so end users are not affected. Resolving it clears the critical Dependabot alert.

💚 How did you test it?

• yarn why shell-quote confirms all instances resolve to 1.8.4
• yarn build passes
• yarn test passes

📝 Checklist

• I added tests to verify changes
• No new PII added or SDK only sends newly added PII if sendDefaultPII is enabled
• I updated the docs if needed.
• I updated the wizard if needed.
• All tests passing
• No breaking changes

🔮 Next steps

[github-actions]

Semver Impact of This PR

⚪ None (no version bump detected)

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).

---

• fix(deps): Resolve shell-quote to >=1.8.4 (Dependabot RNSentryModule.captureEvent is ignoring environment #547) by antonis in #6286

• chore(deps): bump gradle/actions from 6.1.0 to 6.2.0 by dependabot in #6284
• chore(deps): bump getsentry/craft from 2.26.8 to 2.26.10 by dependabot in #6283
• chore(deps): bump getsentry/craft/.github/workflows/changelog-preview.yml from 2.26.8 to 2.26.10 by dependabot in #6281
• chore(deps): update Sentry Android Gradle Plugin to v6.11.0 by github-actions in #6275
• chore(deps): update Android SDK to v8.43.2 by github-actions in #6273
• chore(deps): bump joi from 17.13.3 to 17.13.4 by dependabot in #6279
• chore(deps): update Cocoa SDK to v9.17.1 by github-actions in #6272
• docs(replay): clarify fast renderer option docs by leohara in #6276
• feat(core): Warn when multiple versions of Sentry JS SDK are detected by antonis in #6269

---

_{🤖 This preview updates automatically when you update the PR.}

[github-actions]

	Fails
🚫	Pull request is not ready for merge, please add the "ready-to-merge" label to the pull request

Generated by 🚫 dangerJS against e40d9b9