chore: Release 5.4.6#1948
Conversation
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
There was a problem hiding this comment.
LGTM — straightforward release PR with version bumps and Android SDK update from 5.8.1 to 5.9.0.
Extended reasoning...
Overview
This is a release PR for version 5.4.6. The changes are minimal and mechanical: bumping the Android OneSignal SDK from 5.8.1 to 5.9.0 in android/build.gradle, updating the SDK version string from 050405 to 050406 in both Android (RNOneSignal.java) and iOS (RCTOneSignal.mm) native bridges, and bumping the npm package version to 5.4.6 in package.json.
Security risks
No security risks introduced by this PR itself. The bumped Android SDK version 5.9.0 includes Identity Verification (a security feature) and defensive JSON parsing fixes — both improve, rather than degrade, the security posture. The version-string updates are purely metadata.
Level of scrutiny
Low scrutiny appropriate. This is a standard release PR following an established pattern (compare to the prior release commit bb93270 chore: Release 5.4.5). All four files contain only version-string updates with no logic changes. The OkHttp exclusion in build.gradle is preserved unchanged.
Other factors
No bugs were found by the bug hunting system. The version strings are consistent across all three locations (050406 / 5.4.6). No CODEOWNER-sensitive code paths were touched beyond the routine release metadata.
onesignal-deploy
force-pushed
the
rel/5.4.6
branch
from
01df89a to
753f199
Compare
There was a problem hiding this comment.
LGTM — straightforward release bump.
Extended reasoning...
Overview
This is a routine release PR for version 5.4.6 that bumps the Android SDK dependency from 5.8.1 to 5.9.1, updates the SDK version string (050405 → 050406) in both the Android (RNOneSignal.java) and iOS (RCTOneSignal.mm) wrappers, and bumps the npm package version in package.json. No logic changes — purely mechanical version bumps.
Security risks
None. No auth/crypto/permissions code is touched. The bundled Android SDK changes (per the PR description) are upstream bug fixes and a new Identity Verification feature, but those are vetted in the upstream OneSignal-Android-SDK repo, not in this PR.
Level of scrutiny
Low. Release PRs of this shape (dep version bump + version string sync) are highly mechanical and follow an established pattern in this repo (compare the recent 753f199 Release 5.4.6 commit and prior Android SDK bumps). The four edits are all single-line version-string changes that are easy to verify against the PR description.
Other factors
No bugs were flagged by the bug hunting system. No outstanding reviewer comments. The version strings are consistent across all three locations (package.json, Android, iOS).
1 participant
Channels: Current
🛠️ Native Dependency Updates