An open index of dependabot pull requests across open source projects.

ci(deps): Bump getsentry/craft from 2.26.2 to 2.26.6

Closed
Number: #21299
Type: Pull Request
State: Closed
Author: dependabot[bot] dependabot[bot]
Association: Unknown
Comments: 1
Created: June 02, 2026 at 09:32 PM UTC
(about 1 month ago)
Updated: June 10, 2026 at 02:03 PM UTC
(about 1 month ago)
Closed: June 10, 2026 at 02:03 PM UTC
(about 1 month ago)
Time to Close: 8 days
Labels:
dependencies github_actions
Description:

Bumps getsentry/craft from 2.26.2 to 2.26.6.

Release notes

Sourced from getsentry/craft's releases.

2.26.6

Bug Fixes 🐛

  • (nuget) Move global.json aside during dotnet setversion by @​jamescrosswell in #820
  • (security) Override @​tootallnate/once to ^2.0.1 (CVE-2026-3449) by @​BYK in #822
  • Improve partial publishing recovery for CocoaPods and GitHub targets by @​BYK in #821

2.26.5

Bug Fixes 🐛

  • (security) Bump devalue override to ^5.8.1 (CVE-2026-42570) by @​BYK in #818

2.26.4

Bug Fixes 🐛

Internal Changes 🔧

2.26.3

Bug Fixes 🐛

Changelog

Sourced from getsentry/craft's changelog.

Changelog

2.26.6

Bug Fixes 🐛

  • (nuget) Move global.json aside during dotnet setversion by @​jamescrosswell in #820
  • (security) Override @​tootallnate/once to ^2.0.1 (CVE-2026-3449) by @​BYK in #822
  • Improve partial publishing recovery for CocoaPods and GitHub targets by @​BYK in #821

2.26.5

Bug Fixes 🐛

  • (security) Bump devalue override to ^5.8.1 (CVE-2026-42570) by @​BYK in #818

2.26.4

Bug Fixes 🐛

Internal Changes 🔧

2.26.3

Bug Fixes 🐛

2.26.2

Security 🔒

  • (deps) Bump uuid to ^14.0.0 (fix GHSA-w5hq-g745-h8pq) by @​BYK in #810

Bug Fixes 🐛

  • (prepare) Remove --allow-remote-config gate by @​BYK in #809

Internal Changes 🔧

2.26.1

... (truncated)

Commits
  • 3e6a0f4 release: 2.26.6
  • 2662e81 fix(security): override @​tootallnate/once to ^2.0.1 (CVE-2026-3449) (#822)
  • e9a5238 fix: improve partial publishing recovery for CocoaPods and GitHub targets (#821)
  • da0e0c1 fix(nuget): move global.json aside during dotnet setversion (#820)
  • d1fa7db meta: Bump new development version
  • ca52417 Merge branch 'release/2.26.5'
  • bc2e6a9 release: 2.26.5
  • 60b80e5 fix(security): bump devalue override to ^5.8.1 (CVE-2026-42570) (#818)
  • 7bd2931 meta: Bump new development version
  • 1389909 Merge branch 'release/2.26.4'
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Package Dependencies
Ecosystem:
actions
Version Change:
2.26.2 → 2.26.6
Update Type:
Patch
Technical Details
ID: 16027925
UUID: 4575111706
Node ID: PR_kwDOADLKPM7h-fEh
Host: GitHub
Repository: getsentry/sentry-javascript