Skip to content

Commit 7bfd496

Browse files
AmitPhuleraclaude
AmitPhulera
and
claude
committed
Upgrade picomatch to 2.3.2 / 4.0.4
Addresses CVE-2026-33672 (GHSA-3v7f-55p6-f55p) by refreshing the transitive picomatch resolutions in yarn.lock. picomatch is pulled in by anymatch, micromatch, readdirp (2.x line) and tinyglobby (4.x line); the parent caret ranges already accept the patched versions, so only yarn.lock needed updating. Fixes Dependabot alerts #766, #767, #768. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
1 parent 04f7f2c commit 7bfd496

1 file changed

Lines changed: 7 additions & 12 deletions

File tree

yarn.lock

Lines changed: 7 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -6646,20 +6646,15 @@ picocolors@^1.0.0, picocolors@^1.1.1:
66466646
resolved "https://registry.yarnpkg.com/picocolors/-/picocolors-1.1.1.tgz#3d321af3eab939b083c8f929a1d12cda81c26b6b"
66476647
integrity sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA==
66486648

6649-
picomatch@^2.0.4, picomatch@^2.2.1:
6650-
version "2.3.0"
6651-
resolved "https://registry.yarnpkg.com/picomatch/-/picomatch-2.3.0.tgz#f1f061de8f6a4bf022892e2d128234fb98302972"
6652-
integrity sha512-lY1Q/PiJGC2zOv/z391WOTD+Z02bCgsFfvxoXXf6h7kv9o+WmsmzYqrAwY63sNgOxE4xEdq0WyUnXfKeBrSvYw==
6653-
6654-
picomatch@^2.3.1:
6655-
version "2.3.1"
6656-
resolved "https://registry.yarnpkg.com/picomatch/-/picomatch-2.3.1.tgz#3ba3833733646d9d3e4995946c1365a67fb07a42"
6657-
integrity sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==
6649+
picomatch@^2.0.4, picomatch@^2.2.1, picomatch@^2.3.1:
6650+
version "2.3.2"
6651+
resolved "https://registry.yarnpkg.com/picomatch/-/picomatch-2.3.2.tgz#5a942915e26b372dc0f0e6753149a16e6b1c5601"
6652+
integrity sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA==
66586653

66596654
picomatch@^4.0.3:
6660-
version "4.0.3"
6661-
resolved "https://registry.yarnpkg.com/picomatch/-/picomatch-4.0.3.tgz#796c76136d1eead715db1e7bad785dedd695a042"
6662-
integrity sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==
6655+
version "4.0.4"
6656+
resolved "https://registry.yarnpkg.com/picomatch/-/picomatch-4.0.4.tgz#fd6f5e00a143086e074dffe4c924b8fb293b0589"
6657+
integrity sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==
66636658

66646659
pinkie-promise@^2.0.0:
66656660
version "2.0.1"

0 commit comments

Comments
 (0)