Skip to content

fix: resolve CVE-2026-26996 in minimatch#584

Merged
benoitf merged 1 commit into
redhat-developer:mainfrom
benoitf:cve-fix/cve-2026-26996-main
Jun 17, 2026
Merged

fix: resolve CVE-2026-26996 in minimatch#584
benoitf merged 1 commit into
redhat-developer:mainfrom
benoitf:cve-fix/cve-2026-26996-main

Conversation

@benoitf

@benoitf benoitf commented Jun 17, 2026

Copy link
Copy Markdown
Collaborator

What does this PR do?

Fix high severity vulnerability CVE-2026-26996 in minimatch.

Advisory: minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern
Vulnerable versions: >=9.0.0 <9.0.6
Patched versions: >=9.0.6
Advisory URL: GHSA-3ppc-4f35-3m26

Screenshot / video of UI

N/A - dependency update only.

What issues does this PR fix or reference?

Fixes CVE-2026-26996: minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern

How to test this PR?

Run pnpm audit and verify CVE-2026-26996 is no longer reported

Upgrade minimatch to satisfy >=9.0.6
Advisory: GHSA-3ppc-4f35-3m26

Co-authored-by: Claude <noreply@anthropic.com>
Signed-off-by: Florent Benoit <fbenoit@redhat.com>
@benoitf benoitf requested review from a team and feloy as code owners June 17, 2026 08:07
@benoitf benoitf removed the request for review from a team June 17, 2026 08:07
@benoitf benoitf enabled auto-merge (rebase) June 17, 2026 08:07
@benoitf benoitf requested review from cdrage and dgolovin June 17, 2026 08:07
@benoitf benoitf merged commit e196ec7 into redhat-developer:main Jun 17, 2026
6 of 7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants