Skip to content

Commit 6d9d7ce

Browse files
cYKatherineclaude
cYKatherine
and
claude
committed
UID2-6675: upgrade minimatch to fix CVE-2026-27903 ReDoS
Adds minimatch override to pin to patched version: - overrides/minimatch: (new) ^10.2.3 CVE-2026-27903 / GHSA-7r86-cg39-jmmj: ReDoS via multiple GLOBSTAR segments in matchOne(), affects minimatch <3.1.3 and <10.2.3. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
1 parent 341f155 commit 6d9d7ce

2 files changed

Lines changed: 48 additions & 13 deletions

File tree

package-lock.json

Lines changed: 47 additions & 12 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -51,7 +51,7 @@
5151
},
5252
"overrides": {
5353
"body-parser@1": "1.20.3",
54-
"minimatch": "^10.2.1",
54+
"minimatch": "^10.2.3",
5555
"path-to-regexp@0": "0.1.12",
5656
"path-to-regexp@1": "1.9.0",
5757
"path-to-regexp@2": "8.0.0",

0 commit comments

Comments
 (0)