From 9d471d31374adc12eb11f821b85356b216544c4e Mon Sep 17 00:00:00 2001 From: Toby Hede Date: Mon, 2 Mar 2026 14:50:34 +1100 Subject: [PATCH] fix(deps): patch minimatch to >= 10.2.3 Updates pnpm override for minimatch from >=10.2.1 to >=10.2.3 (resolved to 10.2.4), addressing CVE-2026-27903 and CVE-2026-27904 (both High). Refs: CIP-2803 --- package.json | 2 +- pnpm-lock.yaml | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/package.json b/package.json index 1f1a6004..d944c414 100644 --- a/package.json +++ b/package.json @@ -57,7 +57,7 @@ "glob": ">=11.1.0", "qs": ">=6.14.1", "lodash": ">=4.17.23", - "minimatch": ">=10.2.1", + "minimatch": ">=10.2.3", "@isaacs/brace-expansion": ">=5.0.1", "fast-xml-parser": ">=5.3.4", "next": ">=15.5.10", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 4c9df322..567e0d13 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -34,7 +34,7 @@ overrides: glob: '>=11.1.0' qs: '>=6.14.1' lodash: '>=4.17.23' - minimatch: '>=10.2.1' + minimatch: '>=10.2.3' '@isaacs/brace-expansion': '>=5.0.1' fast-xml-parser: '>=5.3.4' next: '>=15.5.10' @@ -1760,8 +1760,8 @@ packages: resolution: {integrity: sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA==} engines: {node: '>=8.6'} - minimatch@10.2.2: - resolution: {integrity: sha512-+G4CpNBxa5MprY+04MbgOw1v7So6n5JY166pFi9KfYwT78fxScCeSNQSNzp6dpPSW2rONOps6Ocam1wFhCgoVw==} + minimatch@10.2.4: + resolution: {integrity: sha512-oRjTw/97aTBN0RHbYCdtF1MQfvusSIBQM0IZEgzl6426+8jSC0nF1a/GmnVLpfB9yyr6g6FTqWqiZVbxrtaCIg==} engines: {node: 18 || 20 || >=22} minimist@1.2.8: @@ -3504,7 +3504,7 @@ snapshots: glob@13.0.0: dependencies: - minimatch: 10.2.2 + minimatch: 10.2.4 minipass: 7.1.2 path-scurry: 2.0.1 @@ -3675,7 +3675,7 @@ snapshots: braces: 3.0.3 picomatch: 2.3.1 - minimatch@10.2.2: + minimatch@10.2.4: dependencies: brace-expansion: 5.0.3