This is an automated email from the ASF dual-hosted git repository.

thiagoelg pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/incubator-kie-tools.git


The following commit(s) were added to refs/heads/main by this push:
     new ed714973050 NO-ISSUE: Override transitive brace-expansion versions 
pulled in through minimatch to address the security vulnerability (#3658)
ed714973050 is described below

commit ed714973050ca5a0f8e376df1a71c2f299ec6161
Author: athirakm94 <[email protected]>
AuthorDate: Tue Jul 14 18:38:12 2026 +0530

    NO-ISSUE: Override transitive brace-expansion versions pulled in through 
minimatch to address the security vulnerability (#3658)
---
 pnpm-lock.yaml      | 20 ++++++++++----------
 pnpm-workspace.yaml |  4 ++--
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 83ece20e040..ab46bbbbf06 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -11,8 +11,8 @@ overrides:
   d3-color: 3.1.0
   graphql: 14.3.1
   json-refs>js-yaml: ^3.15.0
-  minimatch@^3>brace-expansion: 1.1.13
-  minimatch@^5>brace-expansion: ^2.0.3
+  minimatch@^3>brace-expansion: 1.1.16
+  minimatch@^5>brace-expansion: 2.1.2
   openapi-types: 7.2.3
   '@cypress/request@3>qs': 6.15.2
   path-to-regexp@^0: 0.1.13
@@ -15216,11 +15216,11 @@ packages:
     resolution: {integrity: 
sha512-z0M+byMThzQmD9NILRniCUXYsYpjwnlO8N5uCFaCqIOpqRsJCrQL9NK3JsD67CN5a08nF5oIL2bD6loTdHOuKw==}
     engines: {node: '>= 5.10.0'}
 
-  [email protected]:
-    resolution: {integrity: 
sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==}
+  [email protected]:
+    resolution: {integrity: 
sha512-IDw48K2/2kRkg9LdJxurvq3lV3aBgq0REY89duEqFRthjlPdXHKMj7EnQOXVckxzgisinf3nHfrcE2FufFLXMw==}
 
-  [email protected]:
-    resolution: {integrity: 
sha512-TN1kCZAgdgweJhWWpgKYrQaMNHcDULHkWwQIspdtjV4Y5aurRdZpjAqn6yX3FPqTA9ngHCc4hJxMAMgGfve85w==}
+  [email protected]:
+    resolution: {integrity: 
sha512-w5JZcKgdhDOgOwm8H+KgbosopHMuGcl6qbulwjtz3SM7I7P3yW1eAjzMPLrIE+NQ9vjgANKHWeMHnrT0OXW1oA==}
 
   [email protected]:
     resolution: {integrity: 
sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==}
@@ -33178,12 +33178,12 @@ snapshots:
     dependencies:
       big-integer: 1.6.51
 
-  [email protected]:
+  [email protected]:
     dependencies:
       balanced-match: 1.0.2
       concat-map: 0.0.1
 
-  [email protected]:
+  [email protected]:
     dependencies:
       balanced-match: 1.0.2
 
@@ -38500,11 +38500,11 @@ snapshots:
 
   [email protected]:
     dependencies:
-      brace-expansion: 1.1.13
+      brace-expansion: 1.1.16
 
   [email protected]:
     dependencies:
-      brace-expansion: 2.1.0
+      brace-expansion: 2.1.2
 
   [email protected]:
     dependencies:
diff --git a/pnpm-workspace.yaml b/pnpm-workspace.yaml
index ac3443ee3ab..f2b7a13f3c2 100644
--- a/pnpm-workspace.yaml
+++ b/pnpm-workspace.yaml
@@ -12,8 +12,8 @@ overrides:
   "json-refs>js-yaml": "^3.15.0"
   # CVE-2026-33750: Fix security vulnerability in brace-expansion
   # Overriding transitive dependency until minimatch updates to patched 
brace-expansion version
-  "minimatch@^3>brace-expansion": "1.1.13"
-  "minimatch@^5>brace-expansion": "^2.0.3"
+  "minimatch@^3>brace-expansion": "1.1.16"
+  "minimatch@^5>brace-expansion": "2.1.2"
   "openapi-types": "7.2.3"
   # CVE-2026-8723: Fix TypeError in qs.stringify (comma arrayFormat + 
encodeValuesOnly with null/undefined)
   # Overriding transitive dependency until @cypress/request updates to patched 
qs version


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to