Skip to content

Commit 1764b64

Browse files
authored
chore(deps): patch brace-expansion ReDoS vulnerabilities (#192)
Update brace-expansion in yarn.lock to patched versions: - brace-expansion 1.1.12 -> 1.1.13 (fixes 12 moderate vulns) - brace-expansion 5.0.4 -> 5.0.5 (fixes 6 moderate vulns) Both are patch-level bumps with no breaking changes, fixing zero-step sequence ReDoS (CVE via GHSA advisories). Audit: 19 vulnerabilities -> 1 (low severity, blocked on jest@30) Signed-off-by: Carlo van Driesten <carlo.van-driesten@bmw.de>
1 parent b3f399c commit 1764b64

1 file changed

Lines changed: 6 additions & 6 deletions

File tree

yarn.lock

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1852,17 +1852,17 @@ baseline-browser-mapping@^2.9.0:
18521852
integrity sha512-lIyg0szRfYbiy67j9KN8IyeD7q7hcmqnJ1ddWmNt19ItGpNN64mnllmxUNFIOdOm6by97jlL6wfpTTJrmnjWAA==
18531853

18541854
brace-expansion@^1.1.7:
1855-
version "1.1.12"
1856-
resolved "https://registry.yarnpkg.com/brace-expansion/-/brace-expansion-1.1.12.tgz#ab9b454466e5a8cc3a187beaad580412a9c5b843"
1857-
integrity sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==
1855+
version "1.1.13"
1856+
resolved "https://registry.yarnpkg.com/brace-expansion/-/brace-expansion-1.1.13.tgz"
1857+
integrity sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==
18581858
dependencies:
18591859
balanced-match "^1.0.0"
18601860
concat-map "0.0.1"
18611861

18621862
brace-expansion@^5.0.2:
1863-
version "5.0.4"
1864-
resolved "https://registry.yarnpkg.com/brace-expansion/-/brace-expansion-5.0.4.tgz#614daaecd0a688f660bbbc909a8748c3d80d4336"
1865-
integrity sha512-h+DEnpVvxmfVefa4jFbCf5HdH5YMDXRsmKflpf1pILZWRFlTbJpxeU55nJl4Smt5HQaGzg1o6RHFPJaOqnmBDg==
1863+
version "5.0.5"
1864+
resolved "https://registry.yarnpkg.com/brace-expansion/-/brace-expansion-5.0.5.tgz"
1865+
integrity sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==
18661866
dependencies:
18671867
balanced-match "^4.0.2"
18681868

0 commit comments

Comments
 (0)