Build(deps-dev): bump brace-expansion from 1.1.12 to 5.0.6

[dependabot]

Bumps brace-expansion from 1.1.12 to 5.0.6.

Release notes

Sourced from brace-expansion's releases.

v4.0.1

• fmt 5a5cc17
• Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) 0b6a978

---

juliangruber/brace-expansion@v4.0.0...v4.0.1

v4.0.0

• feat: use string replaces instead of splits (#64) 278132b
• fmt dd72a59
• add tea.yaml 70e4c1b

juliangruber/brace-expansion@v3.0.0...v4.0.0

As a precaution to not risk breaking anything with 278132b, this is a new semver major release

v3.0.1

• pkg: publish on tag 3.x 3059c07
• fmt 8229e6f
• Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) 15f9b3c

---

juliangruber/brace-expansion@v3.0.0...v3.0.1

v3.0.0

• Switch to ES Modules and balanced-match 3.0.0 (#62) c0360e8
• added jsdoc (#55) 68c0e37
• node 16 is EOL 9e781e9
• add standard 3494c4d
• use const and let (#57) dd5a4cb
• docs 6dad209
• remove test e3dd8ae
• ci: update node versions d23ede9
• docs: add @​lanodan to contributors 1eb3fa4
• docs 1e7c9cd
• switch from tape to test module (#60) 2520537
• Bump minimist from 1.2.5 to 1.2.6 (#59) 61a94f1
• Bump path-parse from 1.0.6 to 1.0.7 (#51) dc741cf
• docs: add back ci badge 8ee5626
• Add github actions, remove travis. Closes #52 (#53) 5c8756a
• CI: Drop unused sudo: false Travis directive (#50) 05978a7

juliangruber/brace-expansion@v2.0.1...v3.0.0

v2.0.2

• pkg: publish on tag 2.x 14f1d91
• fmt ed7780a
• Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) 36603d5

... (truncated)

Commits

• 46317b5 5.0.6
• c0b095b Merge commit from fork
• ec56020 Bump picomatch from 4.0.3 to 4.0.4 (#93)
• 8793901 5.0.5
• 9a02af5 Merge commit from fork
• daa71bc Bump tar from 7.5.10 to 7.5.11 (#92)
• 799e5f7 Bump tar from 7.5.9 to 7.5.10 (#90)
• 012c230 5.0.4
• 243c491 Fix handling of brackets. Closes #87
• 609f858 Correct incorrect brace-expansion import (#89)
• Additional commits viewable in compare view

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[github-actions]

❌MegaLinter analysis: Error

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
✅ ACTION	actionlint	5		0	0	0.05s
❌ ACTION	zizmor	5		1	0	0.24s
✅ JSON	jsonlint	21		0	0	0.12s
✅ JSON	npm-package-json-lint	yes		no	no	0.52s
✅ JSON	prettier	21		0	0	1.04s
✅ JSON	v8r	21		0	0	12.02s
✅ MARKDOWN	markdownlint	1		0	0	1.03s
✅ REPOSITORY	checkov	yes		no	no	22.81s
✅ REPOSITORY	gitleaks	yes		no	no	1.66s
✅ REPOSITORY	git_diff	yes		no	no	0.04s
❌ REPOSITORY	osv-scanner	yes		25	no	2.94s
✅ REPOSITORY	secretlint	yes		no	no	1.18s
✅ REPOSITORY	syft	yes		no	no	11.35s
✅ REPOSITORY	trivy-sbom	yes		no	no	3.18s
✅ REPOSITORY	trufflehog	yes		no	no	28.36s
✅ TYPESCRIPT	eslint	6		0	0	12.12s
✅ TYPESCRIPT	prettier	6		0	0	0.95s
✅ YAML	prettier	20		0	0	0.99s
✅ YAML	v8r	20		0	0	7.88s
✅ YAML	yamllint	20		0	0	0.9s

Detailed Issues

❌ REPOSITORY / osv-scanner - 25 errors

Scanning dir .
Starting filesystem walk for root: /
Scanned package-lock.json file and found 824 packages
End status: 42 dirs visited, 152 inodes visited, 1 Extract calls, 41.23338ms elapsed, 41.23358ms wall time

Total 9 packages affected by 25 known vulnerabilities (1 Critical, 13 High, 10 Medium, 1 Low, 0 Unknown) from 1 ecosystem.
25 vulnerabilities can be fixed.

+-------------------------------------+------+-----------+------------------------+---------+---------------+-------------------+
| OSV URL                             | CVSS | ECOSYSTEM | PACKAGE                | VERSION | FIXED VERSION | SOURCE            |
+-------------------------------------+------+-----------+------------------------+---------+---------------+-------------------+
| https://osv.dev/GHSA-5wm8-gmm8-39j9 | 8.7  | npm       | fast-xml-builder (dev) | 1.1.4   | 1.1.7         | package-lock.json |
| https://osv.dev/GHSA-gh4j-gqv2-49f6 | 6.1  | npm       | fast-xml-parser (dev)  | 5.5.7   | 5.7.0         | package-lock.json |
| https://osv.dev/GHSA-2qvq-rjwj-gvw9 | 4.7  | npm       | handlebars (dev)       | 4.7.8   | 4.7.9         | package-lock.json |
| https://osv.dev/GHSA-2w6w-674q-4c4q | 9.8  | npm       | handlebars (dev)       | 4.7.8   | 4.7.9         | package-lock.json |
| https://osv.dev/GHSA-3mfm-83xf-c92r | 8.1  | npm       | handlebars (dev)       | 4.7.8   | 4.7.9         | package-lock.json |
| https://osv.dev/GHSA-442j-39wm-28r2 | 3.7  | npm       | handlebars (dev)       | 4.7.8   | 4.7.9         | package-lock.json |
| https://osv.dev/GHSA-7rx3-28cr-v5wh | 4.8  | npm       | handlebars (dev)       | 4.7.8   | 4.7.9         | package-lock.json |
| https://osv.dev/GHSA-9cx6-37pm-9jff | 7.5  | npm       | handlebars (dev)       | 4.7.8   | 4.7.9         | package-lock.json |
| https://osv.dev/GHSA-xhpv-hc6g-r9c6 | 8.1  | npm       | handlebars (dev)       | 4.7.8   | 4.7.9         | package-lock.json |
| https://osv.dev/GHSA-xjpj-3mr7-gcpf | 8.2  | npm       | handlebars (dev)       | 4.7.8   | 4.7.9         | package-lock.json |
| https://osv.dev/GHSA-f23m-r3pf-42rh | 6.5  | npm       | lodash (dev)           | 4.17.23 | 4.18.0        | package-lock.json |
| https://osv.dev/GHSA-r5fr-rjxr-66jc | 8.1  | npm       | lodash (dev)           | 4.17.23 | 4.18.0        | package-lock.json |
| https://osv.dev/GHSA-23c5-xmqv-rm74 | 7.5  | npm       | minimatch (dev)        | 9.0.3   | 9.0.7         | package-lock.json |
| https://osv.dev/GHSA-3ppc-4f35-3m26 | 8.7  | npm       | minimatch (dev)        | 9.0.3   | 9.0.6         | package-lock.json |
| https://osv.dev/GHSA-7r86-cg39-jmmj | 7.5  | npm       | minimatch (dev)        | 9.0.3   | 9.0.7         | package-lock.json |
| https://osv.dev/GHSA-3v7f-55p6-f55p | 5.3  | npm       | picomatch (dev)        | 2.3.1   | 2.3.2         | package-lock.json |
| https://osv.dev/GHSA-c2c7-rcm5-vvqj | 7.5  | npm       | picomatch (dev)        | 2.3.1   | 2.3.2         | package-lock.json |
| https://osv.dev/GHSA-3v7f-55p6-f55p | 5.3  | npm       | picomatch (dev)        | 4.0.3   | 4.0.4         | package-lock.json |
| https://osv.dev/GHSA-c2c7-rcm5-vvqj | 7.5  | npm       | picomatch (dev)        | 4.0.3   | 4.0.4         | package-lock.json |
| https://osv.dev/GHSA-2mjp-6q6p-2qxm | 6.5  | npm       | undici (dev)           | 5.29.0  | 6.24.0        | package-lock.json |
| https://osv.dev/GHSA-4992-7rv2-5pvq | 4.6  | npm       | undici (dev)           | 5.29.0  | 6.24.0        | package-lock.json |
| https://osv.dev/GHSA-g9mf-h72j-4rw9 | 5.9  | npm       | undici (dev)           | 5.29.0  | 6.23.0        | package-lock.json |
| https://osv.dev/GHSA-v9p9-hfj2-hcw8 | 7.5  | npm       | undici (dev)           | 5.29.0  | 6.24.0        | package-lock.json |
| https://osv.dev/GHSA-vrm6-8vpv-qv8q | 7.5  | npm       | undici (dev)           | 5.29.0  | 6.24.0        | package-lock.json |
| https://osv.dev/GHSA-48c2-rrv3-qjmp | 4.3  | npm       | yaml                   | 2.8.2   | 2.8.3         | package-lock.json |
+-------------------------------------+------+-----------+------------------------+---------+---------------+-------------------+

❌ ACTION / zizmor - 1 error

INFO zizmor: 🌈 zizmor v1.25.0
fatal: no audit was performed
'ref-confusion' audit failed on file://.github/workflows/check-dist.yml

Caused by:
    0: error in 'ref-confusion' audit
    1: couldn't list branches for actions/checkout
    2: request error while accessing GitHub API
    3: HTTP status client error (401 Unauthorized) for url (https://github.com/actions/checkout.git/git-upload-pack)


[ZizmorLinter] Zizmor failed to reach the GitHub API.
To allow zizmor to use GITHUB_TOKEN, add the following to your .mega-linter.yml:
ACTION_ZIZMOR_UNSECURED_ENV_VARIABLES:
  - GITHUB_TOKEN

Notices

📣 MegaLinter 9.5.0 is out! Discover the new features and security recommendations in the release announcement. (Skip this info by defining SECURITY_SUGGESTIONS: false)

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

• Documentation: Custom Flavors
• Command: npx mega-linter-runner@9.5.0 --custom-flavor-setup --custom-flavor-linters ACTION_ACTIONLINT,ACTION_ZIZMOR,JSON_JSONLINT,JSON_V8R,JSON_PRETTIER,JSON_NPM_PACKAGE_JSON_LINT,MARKDOWN_MARKDOWNLINT,REPOSITORY_CHECKOV,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_OSV_SCANNER,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,TYPESCRIPT_ES,TYPESCRIPT_PRETTIER,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R

Show us your support by starring ⭐ the repository