This is an automated email from the ASF dual-hosted git repository.
thiagoelg pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/incubator-kie-tools.git
The following commit(s) were added to refs/heads/main by this push:
new 3d5d330701d NO-ISSUE: Override brace-expansion to 2.0.3 for
minimatch@^5 to address securiy vulnerabilities (#3563)
3d5d330701d is described below
commit 3d5d330701d8d88fdf504e8c4940c38b549eec21
Author: athirakm94 <[email protected]>
AuthorDate: Fri May 8 22:51:47 2026 +0530
NO-ISSUE: Override brace-expansion to 2.0.3 for minimatch@^5 to address
securiy vulnerabilities (#3563)
---
pnpm-lock.yaml | 2 +-
pnpm-workspace.yaml | 4 +++-
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 27c0e25f5cd..d796e7bde41 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -13,7 +13,7 @@ overrides:
graphql: 14.3.1
json-refs>js-yaml: ^3.14.2
minimatch@^3>brace-expansion: 1.1.13
- minimatch@^5>brace-expansion: ^2.0.2
+ minimatch@^5>brace-expansion: ^2.0.3
openapi-types: 7.2.3
path-to-regexp@^0: 0.1.13
react-dropzone: ^11.4.2
diff --git a/pnpm-workspace.yaml b/pnpm-workspace.yaml
index 374b1fca1b4..30aeb184700 100644
--- a/pnpm-workspace.yaml
+++ b/pnpm-workspace.yaml
@@ -10,8 +10,10 @@ overrides:
"d3-color": "3.1.0"
"graphql": "14.3.1"
"json-refs>js-yaml": "^3.14.2"
+ # CVE-2026-33750: Fix security vulnerability in brace-expansion
+ # Overriding transitive dependency until minimatch updates to patched
brace-expansion version
"minimatch@^3>brace-expansion": "1.1.13"
- "minimatch@^5>brace-expansion": "^2.0.2"
+ "minimatch@^5>brace-expansion": "^2.0.3"
"openapi-types": "7.2.3"
"path-to-regexp@^0": "0.1.13"
"react-dropzone": "^11.4.2"
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
