fix: update minimatch to 3.1.5 to resolve security vulnerabilities (#228)

ParakhJaggi · AndyBitz · commit 754d1dcb5bb6 · 2026-03-03T19:28:43.000+01:00
* fix: update minimatch to 3.1.5 to resolve security vulnerabilities Bumps minimatch from 3.1.2 to 3.1.5, the latest patch in the 3.x line. This resolves the following CVEs: - GHSA-3ppc-4f35-3m26 (ReDoS via repeated wildcards, high severity) - GHSA-7r86-cg39-jmmj (ReDoS via multiple non-adjacent GLOBSTAR segments, high severity) - GHSA-23c5-xmqv-rm74 (ReDoS via nested *() extglobs, high severity) Fixes #206 * chore: update yarn.lock for minimatch 3.1.5
diff --git a/package.json b/package.json
@@ -59,7 +59,7 @@
     "bytes": "3.0.0",
     "content-disposition": "0.5.2",
     "mime-types": "2.1.18",
-    "minimatch": "3.1.2",
+    "minimatch": "3.1.5",
     "path-is-inside": "1.0.2",
     "path-to-regexp": "3.3.0",
     "range-parser": "1.2.0"
diff --git a/yarn.lock b/yarn.lock
@@ -2388,7 +2388,14 @@ mimic-fn@^2.1.0:
   resolved "https://registry.yarnpkg.com/mimic-fn/-/mimic-fn-2.1.0.tgz#7ed2c2ccccaf84d3ffcb7a69b57711fc2083401b"
   integrity sha512-OqbOk5oEQeAZ8WXWydlu9HJjz9WVdEIvamMCcXmuqUYjTknH/sqsWvhQ3vgwKFRR1HpjvNBKQ37nbJgYzGqGcg==
 
-minimatch@3.1.2, minimatch@^3.0.4, minimatch@^3.1.1:
+minimatch@3.1.5:
+  version "3.1.5"
+  resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-3.1.5.tgz#580c88f8d5445f2bd6aa8f3cadefa0de79fbd69e"
+  integrity sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==
+  dependencies:
+    brace-expansion "^1.1.7"
+
+minimatch@^3.0.4, minimatch@^3.1.1:
   version "3.1.2"
   resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-3.1.2.tgz#19cd194bfd3e428f049a70817c038d89ab4be35b"
   integrity sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==
