This is an automated email from the ASF dual-hosted git repository.
thiagoelg pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/incubator-kie-tools.git
The following commit(s) were added to refs/heads/main by this push:
new ed714973050 NO-ISSUE: Override transitive brace-expansion versions
pulled in through minimatch to address the security vulnerability (#3658)
ed714973050 is described below
commit ed714973050ca5a0f8e376df1a71c2f299ec6161
Author: athirakm94 <[email protected]>
AuthorDate: Tue Jul 14 18:38:12 2026 +0530
NO-ISSUE: Override transitive brace-expansion versions pulled in through
minimatch to address the security vulnerability (#3658)
---
pnpm-lock.yaml | 20 ++++++++++----------
pnpm-workspace.yaml | 4 ++--
2 files changed, 12 insertions(+), 12 deletions(-)
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 83ece20e040..ab46bbbbf06 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -11,8 +11,8 @@ overrides:
d3-color: 3.1.0
graphql: 14.3.1
json-refs>js-yaml: ^3.15.0
- minimatch@^3>brace-expansion: 1.1.13
- minimatch@^5>brace-expansion: ^2.0.3
+ minimatch@^3>brace-expansion: 1.1.16
+ minimatch@^5>brace-expansion: 2.1.2
openapi-types: 7.2.3
'@cypress/request@3>qs': 6.15.2
path-to-regexp@^0: 0.1.13
@@ -15216,11 +15216,11 @@ packages:
resolution: {integrity:
sha512-z0M+byMThzQmD9NILRniCUXYsYpjwnlO8N5uCFaCqIOpqRsJCrQL9NK3JsD67CN5a08nF5oIL2bD6loTdHOuKw==}
engines: {node: '>= 5.10.0'}
- [email protected]:
- resolution: {integrity:
sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==}
+ [email protected]:
+ resolution: {integrity:
sha512-IDw48K2/2kRkg9LdJxurvq3lV3aBgq0REY89duEqFRthjlPdXHKMj7EnQOXVckxzgisinf3nHfrcE2FufFLXMw==}
- [email protected]:
- resolution: {integrity:
sha512-TN1kCZAgdgweJhWWpgKYrQaMNHcDULHkWwQIspdtjV4Y5aurRdZpjAqn6yX3FPqTA9ngHCc4hJxMAMgGfve85w==}
+ [email protected]:
+ resolution: {integrity:
sha512-w5JZcKgdhDOgOwm8H+KgbosopHMuGcl6qbulwjtz3SM7I7P3yW1eAjzMPLrIE+NQ9vjgANKHWeMHnrT0OXW1oA==}
[email protected]:
resolution: {integrity:
sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==}
@@ -33178,12 +33178,12 @@ snapshots:
dependencies:
big-integer: 1.6.51
- [email protected]:
+ [email protected]:
dependencies:
balanced-match: 1.0.2
concat-map: 0.0.1
- [email protected]:
+ [email protected]:
dependencies:
balanced-match: 1.0.2
@@ -38500,11 +38500,11 @@ snapshots:
[email protected]:
dependencies:
- brace-expansion: 1.1.13
+ brace-expansion: 1.1.16
[email protected]:
dependencies:
- brace-expansion: 2.1.0
+ brace-expansion: 2.1.2
[email protected]:
dependencies:
diff --git a/pnpm-workspace.yaml b/pnpm-workspace.yaml
index ac3443ee3ab..f2b7a13f3c2 100644
--- a/pnpm-workspace.yaml
+++ b/pnpm-workspace.yaml
@@ -12,8 +12,8 @@ overrides:
"json-refs>js-yaml": "^3.15.0"
# CVE-2026-33750: Fix security vulnerability in brace-expansion
# Overriding transitive dependency until minimatch updates to patched
brace-expansion version
- "minimatch@^3>brace-expansion": "1.1.13"
- "minimatch@^5>brace-expansion": "^2.0.3"
+ "minimatch@^3>brace-expansion": "1.1.16"
+ "minimatch@^5>brace-expansion": "2.1.2"
"openapi-types": "7.2.3"
# CVE-2026-8723: Fix TypeError in qs.stringify (comma arrayFormat +
encodeValuesOnly with null/undefined)
# Overriding transitive dependency until @cypress/request updates to patched
qs version
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]