Skip to content

Bump minimatch from 3.1.2 to 3.1.5#1455

Merged
w666 merged 1 commit intovpulim:masterfrom
smokhov:minimatch-redos
Mar 4, 2026
Merged

Bump minimatch from 3.1.2 to 3.1.5#1455
w666 merged 1 commit intovpulim:masterfrom
smokhov:minimatch-redos

Conversation

@smokhov
Copy link
Copy Markdown
Contributor

@smokhov smokhov commented Mar 1, 2026
edited
Loading

@w666 -- this one has a ReDOS CVE-2026-27903

Not sure why dependabot is yet to flag it here; it did in my fork, so here's a PR.
Maybe 1.7.2 is in order?

Bumps the npm_and_yarn group with 1 update in the / directory: minimatch.

Updates minimatch from 3.1.2 to 3.1.5

updated-dependencies:

  • dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn ...

@dependabot
Bump minimatch in the npm_and_yarn group across 1 directory (#86)
3f13ed9 
Bumps the npm_and_yarn group with 1 update in the / directory: [minimatch](https://github.com/isaacs/minimatch).


Updates `minimatch` from 3.1.2 to 3.1.5
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.5)

---
updated-dependencies:
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@w666
Copy link
Copy Markdown
Collaborator

w666 commented Mar 4, 2026

Yep, planning at least maintenance release this week.

@w666 w666 merged commit 296498c into vpulim:master Mar 4, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@w666 w666 w666 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@smokhov @w666