Skip to content

Bump minimatch resolution to 10.2.1#9846

Merged
elsamaryv merged 1 commit intoManageIQ:masterfrom
asirvadAbrahamVarghese:upgrade-minimatch
Feb 19, 2026
Merged

Bump minimatch resolution to 10.2.1#9846
elsamaryv merged 1 commit intoManageIQ:masterfrom
asirvadAbrahamVarghese:upgrade-minimatch

Conversation

@asirvadAbrahamVarghese
Copy link
Contributor

@asirvadAbrahamVarghese asirvadAbrahamVarghese commented Feb 19, 2026

PR to upgrade minimatch to 10.2.1 due to a security issue - see

Issue: minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern
URL: https://github.com/advisories/GHSA-3ppc-4f35-3m26
Severity: high
Vulnerable Versions: <10.2.1

@miq-bot add-label dependencies
@miq-bot add-label security

@asirvadAbrahamVarghese asirvadAbrahamVarghese requested a review from a team as a code owner February 19, 2026 04:15
@miq-bot
Copy link
Member

miq-bot commented Feb 19, 2026

Checked commit asirvadAbrahamVarghese@ccffe12 with ruby 3.3.10, rubocop 1.56.3, haml-lint 0.69.0, and yamllint
0 files checked, 0 offenses detected
Everything looks fine. 🍪

@elsamaryv elsamaryv self-assigned this Feb 19, 2026
@elsamaryv elsamaryv merged commit db6abda into ManageIQ:master Feb 19, 2026
11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@elsamaryv elsamaryv elsamaryv approved these changes

Assignees

@elsamaryv elsamaryv

Labels

dependencies security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@asirvadAbrahamVarghese @miq-bot @elsamaryv

Comments