fix: Bump tmp to 0.2.7 to resolve path traversal vulnerability

[antonis]

📢 Type of change

• Bugfix

📜 Description

Bumps the tmp dev dependency from 0.2.5 to 0.2.7 in the lockfile to resolve a path traversal vulnerability (CWE-22) reported by Dependabot (#543).

The tmp package is only used by dev/build tooling (@nx/devkit, detox, jscodeshift, etc.) — the SDK source code never imports it directly.

💡 Motivation and Context

Resolves https://github.com/getsentry/sentry-react-native/security/dependabot/543

Versions < 0.2.6 allow path traversal via unsanitized prefix/postfix/dir options. While the practical risk to this repo is negligible (dev-only dependency, no user-controlled input), bumping clears the alert.

💚 How did you test it?

• yarn why tmp confirms all resolutions now point to 0.2.7
• Only yarn.lock changed; no source code modifications

📝 Checklist

• I added tests to verify changes
• No new PII added or SDK only sends newly added PII if sendDefaultPII is enabled
• I updated the docs if needed.
• I updated the wizard if needed.
• All tests passing
• No breaking changes

🔮 Next steps

None — Dependabot alert should auto-close when this merges.

[github-actions]

Semver Impact of This PR

⚪ None (no version bump detected)

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).

---

• fix: Bump tmp to 0.2.7 to resolve path traversal vulnerability by antonis in #6233

• chore(deps): update JavaScript SDK to v10.55.0 by github-actions in #6222
• chore(deps): update Sentry Android Gradle Plugin to v6.9.0 by github-actions in #6230
• refactor(android): Convert sentry.gradle to Kotlin DSL (sentry.gradle.kts) by antonis in #6119

---

_{🤖 This preview updates automatically when you update the PR.}

[github-actions]

	Fails
🚫	Pull request is not ready for merge, please add the "ready-to-merge" label to the pull request

Generated by 🚫 dangerJS against d5113f7