mporwoll/cms.c2sgmbh
1
0
Fork 0
mirror of https://github.com/complexcaresolutions/cms.c2sgmbh.git synced 2026-03-17 15:04:14 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(security): update minimatch override to >=10.2.3 (CVE ReDoS)

Browse source 
Fixes two high-severity Dependabot alerts for minimatch ReDoS
vulnerabilities (nested extglobs + GLOBSTAR backtracking).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Martin Porwoll 2026-03-01 23:04:49 +00:00
parent 52a266d72d
commit ddeb387143
2 changed files with 18 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
package.json
View file

@ -94,7 +94,7 @@
"unrs-resolver" "unrs-resolver"
], ],
"overrides": { "overrides": {
"minimatch": ">=10.2.1", "minimatch": ">=10.2.3",
"esbuild": ">=0.25.0", "esbuild": ">=0.25.0",
"ajv": ">=8.18.0", "ajv": ">=8.18.0",
"ioredis": "5.9.3" "ioredis": "5.9.3"

34
pnpm-lock.yaml
View file

@ -5,7 +5,7 @@ settings:
excludeLinksFromLockfile: false excludeLinksFromLockfile: false
overrides: overrides:
minimatch: '>=10.2.1' minimatch: '>=10.2.3'
esbuild: '>=0.25.0' esbuild: '>=0.25.0'
ajv: '>=8.18.0' ajv: '>=8.18.0'
ioredis: 5.9.3 ioredis: 5.9.3
@ -3539,8 +3539,8 @@ packages:
resolution: {integrity: sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA==} resolution: {integrity: sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA==}
engines: {node: '>=8.6'} engines: {node: '>=8.6'}
minimatch@10.2.2: minimatch@10.2.4:
resolution: {integrity: sha512-+G4CpNBxa5MprY+04MbgOw1v7So6n5JY166pFi9KfYwT78fxScCeSNQSNzp6dpPSW2rONOps6Ocam1wFhCgoVw==} resolution: {integrity: sha512-oRjTw/97aTBN0RHbYCdtF1MQfvusSIBQM0IZEgzl6426+8jSC0nF1a/GmnVLpfB9yyr6g6FTqWqiZVbxrtaCIg==}
engines: {node: 18 || 20 || >=22} engines: {node: 18 || 20 || >=22}
minimist@1.2.8: minimist@1.2.8:
@ -5326,7 +5326,7 @@ snapshots:
dependencies: dependencies:
'@eslint/object-schema': 2.1.7 '@eslint/object-schema': 2.1.7
debug: 4.4.3 debug: 4.4.3
minimatch: 10.2.2 minimatch: 10.2.4
transitivePeerDependencies: transitivePeerDependencies:
- supports-color - supports-color
@ -5347,7 +5347,7 @@ snapshots:
ignore: 5.3.2 ignore: 5.3.2
import-fresh: 3.3.1 import-fresh: 3.3.1
js-yaml: 4.1.1 js-yaml: 4.1.1
minimatch: 10.2.2 minimatch: 10.2.4
strip-json-comments: 3.1.1 strip-json-comments: 3.1.1
transitivePeerDependencies: transitivePeerDependencies:
- supports-color - supports-color
@ -6403,7 +6403,7 @@ snapshots:
'@typescript-eslint/types': 8.56.0 '@typescript-eslint/types': 8.56.0
'@typescript-eslint/visitor-keys': 8.56.0 '@typescript-eslint/visitor-keys': 8.56.0
debug: 4.4.3 debug: 4.4.3
minimatch: 10.2.2 minimatch: 10.2.4
semver: 7.7.4 semver: 7.7.4
tinyglobby: 0.2.15 tinyglobby: 0.2.15
ts-api-utils: 2.4.0(typescript@5.9.3) ts-api-utils: 2.4.0(typescript@5.9.3)
@ -7341,7 +7341,7 @@ snapshots:
eslint: 9.39.3 eslint: 9.39.3
eslint-import-resolver-node: 0.3.9 eslint-import-resolver-node: 0.3.9
eslint-import-resolver-typescript: 3.10.1(eslint-plugin-import@2.32.0(@typescript-eslint/parser@8.56.0(eslint@9.39.3)(typescript@5.9.3))(eslint@9.39.3))(eslint@9.39.3) eslint-import-resolver-typescript: 3.10.1(eslint-plugin-import@2.32.0(@typescript-eslint/parser@8.56.0(eslint@9.39.3)(typescript@5.9.3))(eslint@9.39.3))(eslint@9.39.3)
eslint-plugin-import: 2.32.0(@typescript-eslint/parser@8.56.0(eslint@9.39.3)(typescript@5.9.3))(eslint-import-resolver-typescript@3.10.1)(eslint@9.39.3) eslint-plugin-import: 2.32.0(@typescript-eslint/parser@8.56.0(eslint@9.39.3)(typescript@5.9.3))(eslint-import-resolver-typescript@3.10.1(eslint-plugin-import@2.32.0(@typescript-eslint/parser@8.56.0(eslint@9.39.3)(typescript@5.9.3))(eslint@9.39.3))(eslint@9.39.3))(eslint@9.39.3)
eslint-plugin-jsx-a11y: 6.10.2(eslint@9.39.3) eslint-plugin-jsx-a11y: 6.10.2(eslint@9.39.3)
eslint-plugin-react: 7.37.5(eslint@9.39.3) eslint-plugin-react: 7.37.5(eslint@9.39.3)
eslint-plugin-react-hooks: 7.0.1(eslint@9.39.3) eslint-plugin-react-hooks: 7.0.1(eslint@9.39.3)
@ -7374,7 +7374,7 @@ snapshots:
tinyglobby: 0.2.15 tinyglobby: 0.2.15
unrs-resolver: 1.11.1 unrs-resolver: 1.11.1
optionalDependencies: optionalDependencies:
eslint-plugin-import: 2.32.0(@typescript-eslint/parser@8.56.0(eslint@9.39.3)(typescript@5.9.3))(eslint-import-resolver-typescript@3.10.1)(eslint@9.39.3) eslint-plugin-import: 2.32.0(@typescript-eslint/parser@8.56.0(eslint@9.39.3)(typescript@5.9.3))(eslint-import-resolver-typescript@3.10.1(eslint-plugin-import@2.32.0(@typescript-eslint/parser@8.56.0(eslint@9.39.3)(typescript@5.9.3))(eslint@9.39.3))(eslint@9.39.3))(eslint@9.39.3)
transitivePeerDependencies: transitivePeerDependencies:
- supports-color - supports-color
@ -7389,7 +7389,7 @@ snapshots:
transitivePeerDependencies: transitivePeerDependencies:
- supports-color - supports-color
eslint-plugin-import@2.32.0(@typescript-eslint/parser@8.56.0(eslint@9.39.3)(typescript@5.9.3))(eslint-import-resolver-typescript@3.10.1)(eslint@9.39.3): eslint-plugin-import@2.32.0(@typescript-eslint/parser@8.56.0(eslint@9.39.3)(typescript@5.9.3))(eslint-import-resolver-typescript@3.10.1(eslint-plugin-import@2.32.0(@typescript-eslint/parser@8.56.0(eslint@9.39.3)(typescript@5.9.3))(eslint@9.39.3))(eslint@9.39.3))(eslint@9.39.3):
dependencies: dependencies:
'@rtsao/scc': 1.1.0 '@rtsao/scc': 1.1.0
array-includes: 3.1.9 array-includes: 3.1.9
@ -7404,7 +7404,7 @@ snapshots:
hasown: 2.0.2 hasown: 2.0.2
is-core-module: 2.16.1 is-core-module: 2.16.1
is-glob: 4.0.3 is-glob: 4.0.3
minimatch: 10.2.2 minimatch: 10.2.4
object.fromentries: 2.0.8 object.fromentries: 2.0.8
object.groupby: 1.0.3 object.groupby: 1.0.3
object.values: 1.2.1 object.values: 1.2.1
@ -7432,7 +7432,7 @@ snapshots:
hasown: 2.0.2 hasown: 2.0.2
jsx-ast-utils: 3.3.5 jsx-ast-utils: 3.3.5
language-tags: 1.0.9 language-tags: 1.0.9
minimatch: 10.2.2 minimatch: 10.2.4
object.fromentries: 2.0.8 object.fromentries: 2.0.8
safe-regex-test: 1.1.0 safe-regex-test: 1.1.0
string.prototype.includes: 2.0.1 string.prototype.includes: 2.0.1
@ -7460,7 +7460,7 @@ snapshots:
estraverse: 5.3.0 estraverse: 5.3.0
hasown: 2.0.2 hasown: 2.0.2
jsx-ast-utils: 3.3.5 jsx-ast-utils: 3.3.5
minimatch: 10.2.2 minimatch: 10.2.4
object.entries: 1.1.9 object.entries: 1.1.9
object.fromentries: 2.0.8 object.fromentries: 2.0.8
object.values: 1.2.1 object.values: 1.2.1
@ -7514,7 +7514,7 @@ snapshots:
is-glob: 4.0.3 is-glob: 4.0.3
json-stable-stringify-without-jsonify: 1.0.1 json-stable-stringify-without-jsonify: 1.0.1
lodash.merge: 4.6.2 lodash.merge: 4.6.2
minimatch: 10.2.2 minimatch: 10.2.4
natural-compare: 1.4.0 natural-compare: 1.4.0
optionator: 0.9.4 optionator: 0.9.4
transitivePeerDependencies: transitivePeerDependencies:
@ -7759,7 +7759,7 @@ snapshots:
dependencies: dependencies:
foreground-child: 3.3.1 foreground-child: 3.3.1
jackspeak: 3.4.3 jackspeak: 3.4.3
minimatch: 10.2.2 minimatch: 10.2.4
minipass: 7.1.3 minipass: 7.1.3
package-json-from-dist: 1.0.1 package-json-from-dist: 1.0.1
path-scurry: 1.11.1 path-scurry: 1.11.1
@ -7769,7 +7769,7 @@ snapshots:
fs.realpath: 1.0.0 fs.realpath: 1.0.0
inflight: 1.0.6 inflight: 1.0.6
inherits: 2.0.4 inherits: 2.0.4
minimatch: 10.2.2 minimatch: 10.2.4
once: 1.4.0 once: 1.4.0
path-is-absolute: 1.0.1 path-is-absolute: 1.0.1
@ -8591,7 +8591,7 @@ snapshots:
braces: 3.0.3 braces: 3.0.3
picomatch: 2.3.1 picomatch: 2.3.1
minimatch@10.2.2: minimatch@10.2.4:
dependencies: dependencies:
brace-expansion: 5.0.2 brace-expansion: 5.0.2
@ -9143,7 +9143,7 @@ snapshots:
readdir-glob@1.1.3: readdir-glob@1.1.3:
dependencies: dependencies:
minimatch: 10.2.2 minimatch: 10.2.4
readdirp@3.6.0: readdirp@3.6.0:
dependencies: dependencies: