[Security] Bump minimatch from 3.0.4 to 3.1.2 (!51) · Merge requests · tools / chat

Dependabot requested to merge dependabot-npm_and_yarn-minimatch-3.1.2 into master Oct 25, 2022

Bumps minimatch from 3.0.4 to 3.1.2. This update includes a security fix.

Vulnerabilities fixed

minimatch ReDoS vulnerability A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.

Patched versions: 3.0.5 Affected versions: < 3.0.5

Commits

699c459 3.1.2
2f2b5ff fix: trim pattern
25d7c0d 3.1.1
55dda29 fix: treat nocase:true as always having magic
5e1fb8d 3.1.0
f8145c5 Add 'allowWindowsEscape' option
570e8b1 add publishConfig for v3 publishes
5b7cd33 3.0.6
20b4b56 [fix] revert all breaking syntax changes
2ff0388 document, expose, and test 'partial:true' option
Additional commits viewable in compare view

Dependabot commands

You can trigger Dependabot actions by commenting on this MR

$dependabot rebase will rebase this MR
$dependabot recreate will recreate this MR rewriting all the manual changes and resolving conflicts

[Security] Bump minimatch from 3.0.4 to 3.1.2

Merge request reports