This is an automated email from the ASF dual-hosted git repository.
pierrejeambrun pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/main by this push:
new 47ddbcc9d12 Fix minimatch ReDoS vulnerabilities via pnpm overrides
(#62796)
47ddbcc9d12 is described below
commit 47ddbcc9d12ab2a7c7b7df178d117d1c0a1481fe
Author: Pierre Jeambrun <[email protected]>
AuthorDate: Wed Mar 4 13:08:20 2026 +0100
Fix minimatch ReDoS vulnerabilities via pnpm overrides (#62796)
* Fix minimatch ReDoS vulnerabilities via pnpm overrides
Update pnpm overrides to patch minimatch ReDoS vulnerabilities
(CVE for matchOne() combinatorial backtracking and nested extglobs)
across three UI manifests:
- airflow-core/src/airflow/ui: add overrides for <3.1.4, >=9.0.0 <9.0.7,
>=10.0.0 <10.2.3
- simple-auth-manager-ui: bump override from <10.2.1 to <10.2.3
- react-plugin-template: bump override from <10.2.1 to <10.2.3
* Constrain minimatch overrides to major version ranges
The minimatch overrides used open-ended ranges (e.g. >=3.1.4) which
allowed pnpm to resolve 3.x consumers to 10.x, breaking the API
(minimatch 10.x uses named exports, 3.x uses a default function).
Constrain to >=3.1.4 <4.0.0 and >=9.0.7 <10.0.0 respectively.
---
.../auth/managers/simple/ui/package.json | 2 +-
.../auth/managers/simple/ui/pnpm-lock.yaml | 24 +----
airflow-core/src/airflow/ui/package.json | 6 +-
airflow-core/src/airflow/ui/pnpm-lock.yaml | 111 ++++++++++-----------
.../react_plugin_template/package.json | 2 +-
.../react_plugin_template/pnpm-lock.yaml | 49 +++------
6 files changed, 80 insertions(+), 114 deletions(-)
diff --git
a/airflow-core/src/airflow/api_fastapi/auth/managers/simple/ui/package.json
b/airflow-core/src/airflow/api_fastapi/auth/managers/simple/ui/package.json
index ecc7383f53b..2f28a86d04d 100644
--- a/airflow-core/src/airflow/api_fastapi/auth/managers/simple/ui/package.json
+++ b/airflow-core/src/airflow/api_fastapi/auth/managers/simple/ui/package.json
@@ -71,7 +71,7 @@
"overrides": {
"tar": ">=7.5.7",
"lodash-es@>=4.0.0 <=4.17.22": ">=4.17.23",
- "minimatch@<10.2.1": ">=10.2.1",
+ "minimatch@<10.2.3": ">=10.2.3",
"ajv@<6.14.0": ">=6.14.0",
"rollup@>=4.0.0 <4.59.0": ">=4.59.0"
}
diff --git
a/airflow-core/src/airflow/api_fastapi/auth/managers/simple/ui/pnpm-lock.yaml
b/airflow-core/src/airflow/api_fastapi/auth/managers/simple/ui/pnpm-lock.yaml
index 13d32139fa6..31b2987e2fd 100644
---
a/airflow-core/src/airflow/api_fastapi/auth/managers/simple/ui/pnpm-lock.yaml
+++
b/airflow-core/src/airflow/api_fastapi/auth/managers/simple/ui/pnpm-lock.yaml
@@ -7,7 +7,7 @@ settings:
overrides:
tar: '>=7.5.7'
lodash-es@>=4.0.0 <=4.17.22: '>=4.17.23'
- minimatch@<10.2.1: '>=10.2.1'
+ minimatch@<10.2.3: '>=10.2.3'
ajv@<6.14.0: '>=6.14.0'
rollup@>=4.0.0 <4.59.0: '>=4.59.0'
@@ -1391,10 +1391,6 @@ packages:
resolution: {integrity:
sha512-ipDqC8FrAl/76p2SSWKSI+H9tFwm7vYqXQrItCuiVPt26Km0jS+NzSsBWAaBusvSbQcfJG+JitdMm+wZAgTYqg==}
hasBin: true
- [email protected]:
- resolution: {integrity:
sha512-fy6KJm2RawA5RcHkLa1z/ScpBeA762UF9KmZQxwIbDtRJrgLzM10depAiEQ+CXYcoiqW1/m96OAAoke2nE9EeA==}
- engines: {node: 18 || 20 || >=22}
-
[email protected]:
resolution: {integrity:
sha512-h+DEnpVvxmfVefa4jFbCf5HdH5YMDXRsmKflpf1pILZWRFlTbJpxeU55nJl4Smt5HQaGzg1o6RHFPJaOqnmBDg==}
engines: {node: 18 || 20 || >=22}
@@ -2251,10 +2247,6 @@ packages:
resolution: {integrity:
sha512-I9jwMn07Sy/IwOj3zVkVik2JTvgpaykDZEigL6Rx6N9LbMywwUSMtxET+7lVoDLLd3O3IXwJwvuuns8UB/HeAg==}
engines: {node: '>=4'}
- [email protected]:
- resolution: {integrity:
sha512-+G4CpNBxa5MprY+04MbgOw1v7So6n5JY166pFi9KfYwT78fxScCeSNQSNzp6dpPSW2rONOps6Ocam1wFhCgoVw==}
- engines: {node: 18 || 20 || >=22}
-
[email protected]:
resolution: {integrity:
sha512-oRjTw/97aTBN0RHbYCdtF1MQfvusSIBQM0IZEgzl6426+8jSC0nF1a/GmnVLpfB9yyr6g6FTqWqiZVbxrtaCIg==}
engines: {node: 18 || 20 || >=22}
@@ -3726,7 +3718,7 @@ snapshots:
'@babel/types': 7.28.6
javascript-natural-sort: 0.7.1
lodash-es: 4.17.23
- minimatch: 10.2.2
+ minimatch: 10.2.4
parse-imports-exports: 0.2.4
prettier: 3.8.1
transitivePeerDependencies:
@@ -4596,10 +4588,6 @@ snapshots:
[email protected]: {}
- [email protected]:
- dependencies:
- balanced-match: 4.0.4
-
[email protected]:
dependencies:
balanced-match: 4.0.4
@@ -4994,7 +4982,7 @@ snapshots:
hasown: 2.0.2
jsx-ast-utils: 3.3.5
language-tags: 1.0.9
- minimatch: 10.2.2
+ minimatch: 10.2.4
object.fromentries: 2.0.8
safe-regex-test: 1.1.0
string.prototype.includes: 2.0.1
@@ -5044,7 +5032,7 @@ snapshots:
estraverse: 5.3.0
hasown: 2.0.2
jsx-ast-utils: 3.3.5
- minimatch: 10.2.2
+ minimatch: 10.2.4
object.entries: 1.1.9
object.fromentries: 2.0.8
object.values: 1.2.1
@@ -5594,10 +5582,6 @@ snapshots:
[email protected]: {}
- [email protected]:
- dependencies:
- brace-expansion: 5.0.3
-
[email protected]:
dependencies:
brace-expansion: 5.0.4
diff --git a/airflow-core/src/airflow/ui/package.json
b/airflow-core/src/airflow/ui/package.json
index 19989e2254d..4c78536a1ea 100644
--- a/airflow-core/src/airflow/ui/package.json
+++ b/airflow-core/src/airflow/ui/package.json
@@ -29,6 +29,7 @@
"@chakra-ui/react": "^3.20.0",
"@codemirror/lang-json": "^6.0.2",
"@emotion/react": "^11.14.0",
+ "@lezer/highlight": "^1.2.3",
"@guanmingchiu/sqlparser-ts": "^0.61.1",
"@monaco-editor/react": "^4.7.0",
"@tanstack/react-query": "^5.90.11",
@@ -130,7 +131,10 @@
"tar@<=7.5.2": ">=7.5.3",
"tar@<7.5.8": ">=7.5.8",
"prismjs@<1.30.0": ">=1.30.0",
- "rollup@>=4.0.0 <4.59.0": ">=4.59.0"
+ "rollup@>=4.0.0 <4.59.0": ">=4.59.0",
+ "minimatch@>=3.0.0 <3.1.4": ">=3.1.4 <4.0.0",
+ "minimatch@>=9.0.0 <9.0.7": ">=9.0.7 <10.0.0",
+ "minimatch@>=10.0.0 <10.2.3": ">=10.2.3"
}
}
}
diff --git a/airflow-core/src/airflow/ui/pnpm-lock.yaml
b/airflow-core/src/airflow/ui/pnpm-lock.yaml
index e8b67b049b9..1b42a3c2c98 100644
--- a/airflow-core/src/airflow/ui/pnpm-lock.yaml
+++ b/airflow-core/src/airflow/ui/pnpm-lock.yaml
@@ -12,6 +12,9 @@ overrides:
tar@<7.5.8: '>=7.5.8'
prismjs@<1.30.0: '>=1.30.0'
rollup@>=4.0.0 <4.59.0: '>=4.59.0'
+ minimatch@>=3.0.0 <3.1.4: '>=3.1.4 <4.0.0'
+ minimatch@>=9.0.0 <9.0.7: '>=9.0.7 <10.0.0'
+ minimatch@>=10.0.0 <10.2.3: '>=10.2.3'
importers:
@@ -32,6 +35,9 @@ importers:
'@guanmingchiu/sqlparser-ts':
specifier: ^0.61.1
version: 0.61.1
+ '@lezer/highlight':
+ specifier: ^1.2.3
+ version: 1.2.3
'@monaco-editor/react':
specifier: ^4.7.0
version:
4.7.0([email protected])([email protected]([email protected]))([email protected])
@@ -916,9 +922,6 @@ packages:
'@lezer/[email protected]':
resolution: {integrity:
sha512-6YRVG9vBkaY7p1IVxL4s44n5nUnaNnGM2/AckNgYOnxTG2kWh1vR8BMxPseWPjRNpb5VtXnMpeYAEAADoRV1Iw==}
- '@lezer/[email protected]':
- resolution: {integrity:
sha512-z8TQwaBXXQIvG6i2g3e9cgMwUUXu9Ib7jo2qRRggdhwKpM56Dw3PM3wmexn+EGaaOZ7az0K7sjc3/gcGW7sz7A==}
-
'@lezer/[email protected]':
resolution: {integrity:
sha512-qXdH7UqTvGfdVBINrgKhDsVTJTxactNNxLk7+UMwZhU13lMHaOBlJe9Vqp907ya56Y3+ed2tlqzys7jDkTmW0g==}
@@ -1010,79 +1013,66 @@ packages:
resolution: {integrity:
sha512-t4ONHboXi/3E0rT6OZl1pKbl2Vgxf9vJfWgmUoCEVQVxhW6Cw/c8I6hbbu7DAvgp82RKiH7TpLwxnJeKv2pbsw==}
cpu: [arm]
os: [linux]
- libc: [glibc]
'@rollup/[email protected]':
resolution: {integrity:
sha512-CikFT7aYPA2ufMD086cVORBYGHffBo4K8MQ4uPS/ZnY54GKj36i196u8U+aDVT2LX4eSMbyHtyOh7D7Zvk2VvA==}
cpu: [arm]
os: [linux]
- libc: [musl]
'@rollup/[email protected]':
resolution: {integrity:
sha512-jYgUGk5aLd1nUb1CtQ8E+t5JhLc9x5WdBKew9ZgAXg7DBk0ZHErLHdXM24rfX+bKrFe+Xp5YuJo54I5HFjGDAA==}
cpu: [arm64]
os: [linux]
- libc: [glibc]
'@rollup/[email protected]':
resolution: {integrity:
sha512-peZRVEdnFWZ5Bh2KeumKG9ty7aCXzzEsHShOZEFiCQlDEepP1dpUl/SrUNXNg13UmZl+gzVDPsiCwnV1uI0RUA==}
cpu: [arm64]
os: [linux]
- libc: [musl]
'@rollup/[email protected]':
resolution: {integrity:
sha512-gbUSW/97f7+r4gHy3Jlup8zDG190AuodsWnNiXErp9mT90iCy9NKKU0Xwx5k8VlRAIV2uU9CsMnEFg/xXaOfXg==}
cpu: [loong64]
os: [linux]
- libc: [glibc]
'@rollup/[email protected]':
resolution: {integrity:
sha512-yTRONe79E+o0FWFijasoTjtzG9EBedFXJMl888NBEDCDV9I2wGbFFfJQQe63OijbFCUZqxpHz1GzpbtSFikJ4Q==}
cpu: [loong64]
os: [linux]
- libc: [musl]
'@rollup/[email protected]':
resolution: {integrity:
sha512-sw1o3tfyk12k3OEpRddF68a1unZ5VCN7zoTNtSn2KndUE+ea3m3ROOKRCZxEpmT9nsGnogpFP9x6mnLTCaoLkA==}
cpu: [ppc64]
os: [linux]
- libc: [glibc]
'@rollup/[email protected]':
resolution: {integrity:
sha512-+2kLtQ4xT3AiIxkzFVFXfsmlZiG5FXYW7ZyIIvGA7Bdeuh9Z0aN4hVyXS/G1E9bTP/vqszNIN/pUKCk/BTHsKA==}
cpu: [ppc64]
os: [linux]
- libc: [musl]
'@rollup/[email protected]':
resolution: {integrity:
sha512-NDYMpsXYJJaj+I7UdwIuHHNxXZ/b/N2hR15NyH3m2qAtb/hHPA4g4SuuvrdxetTdndfj9b1WOmy73kcPRoERUg==}
cpu: [riscv64]
os: [linux]
- libc: [glibc]
'@rollup/[email protected]':
resolution: {integrity:
sha512-nLckB8WOqHIf1bhymk+oHxvM9D3tyPndZH8i8+35p/1YiVoVswPid2yLzgX7ZJP0KQvnkhM4H6QZ5m0LzbyIAg==}
cpu: [riscv64]
os: [linux]
- libc: [musl]
'@rollup/[email protected]':
resolution: {integrity:
sha512-oF87Ie3uAIvORFBpwnCvUzdeYUqi2wY6jRFWJAy1qus/udHFYIkplYRW+wo+GRUP4sKzYdmE1Y3+rY5Gc4ZO+w==}
cpu: [s390x]
os: [linux]
- libc: [glibc]
'@rollup/[email protected]':
resolution: {integrity:
sha512-3AHmtQq/ppNuUspKAlvA8HtLybkDflkMuLK4DPo77DfthRb71V84/c4MlWJXixZz4uruIH4uaa07IqoAkG64fg==}
cpu: [x64]
os: [linux]
- libc: [glibc]
'@rollup/[email protected]':
resolution: {integrity:
sha512-2UdiwS/9cTAx7qIUZB/fWtToJwvt0Vbo0zmnYt7ED35KPg13Q0ym1g442THLC7VyI6JfYTP4PiSOWyoMdV2/xg==}
cpu: [x64]
os: [linux]
- libc: [musl]
'@rollup/[email protected]':
resolution: {integrity:
sha512-M3bLRAVk6GOwFlPTIxVBSYKUaqfLrn8l0psKinkCFxl4lQvOSz8ZrKDz2gxcBwHFpci0B6rttydI4IpS4IS/jQ==}
@@ -1143,28 +1133,24 @@ packages:
engines: {node: '>=10'}
cpu: [arm64]
os: [linux]
- libc: [glibc]
'@swc/[email protected]':
resolution: {integrity:
sha512-9+ZxFN5GJag4CnYnq6apKTnnezpfJhCumyz0504/JbHLo+Ue+ZtJnf3RhyA9W9TINtLE0bC4hKpWi8ZKoETyOQ==}
engines: {node: '>=10'}
cpu: [arm64]
os: [linux]
- libc: [musl]
'@swc/[email protected]':
resolution: {integrity:
sha512-WD530qvHrki8Ywt/PloKUjaRKgstQqNGvmZl54g06kA+hqtSE2FTG9gngXr3UJxYu/cNAjJYiBifm7+w4nbHbA==}
engines: {node: '>=10'}
cpu: [x64]
os: [linux]
- libc: [glibc]
'@swc/[email protected]':
resolution: {integrity:
sha512-Luj8y4OFYx4DHNQTWjdIuKTq2f5k6uSXICqx+FSabnXptaOBAbJHNbHT/06JZh6NRUouaf0mYXN0mcsqvkhd7Q==}
engines: {node: '>=10'}
cpu: [x64]
os: [linux]
- libc: [musl]
'@swc/[email protected]':
resolution: {integrity:
sha512-cZ6UpumhF9SDJvv4DA2fo9WIzlNFuKSkZpZmPG1c+4PFSEMy5DFOjBSllCvnqihCabzXzpn6ykCwBmHpy31vQw==}
@@ -2126,6 +2112,9 @@ packages:
[email protected]:
resolution: {integrity:
sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==}
+ [email protected]:
+ resolution: {integrity:
sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==}
+
[email protected]:
resolution: {integrity:
sha512-Pdk8c9poy+YhOgVWw1JNN22/HcivgKWwpxKq04M/jTmHyCZn12WPJebZxdjSa5TmBqISrUSgNYU3eRORljfCCw==}
engines: {node: 20 || >=22}
@@ -3358,8 +3347,8 @@ packages:
[email protected]:
resolution: {integrity:
sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ==}
- [email protected]:
- resolution: {integrity:
sha512-vFrFJkWtJvJnD5hg+hJvVE8Lh/TcMzKnTgCWmtBipwI5yLX/iX+5UB2tfuyODF5E7k9xEzMdYgGqaSb1c0c5Yw==}
+ [email protected]:
+ resolution: {integrity:
sha512-ESL2CrkS/2wTPfuend7Zhkzo2u0daGJ/A2VucJOgQ/C48S/zB8MMeMHSGKYpXhIjbPxfuezITkaBH1wqv00DDQ==}
engines: {node: 20 || >=22}
[email protected]:
@@ -3530,15 +3519,15 @@ packages:
resolution: {integrity:
sha512-I9jwMn07Sy/IwOj3zVkVik2JTvgpaykDZEigL6Rx6N9LbMywwUSMtxET+7lVoDLLd3O3IXwJwvuuns8UB/HeAg==}
engines: {node: '>=4'}
- [email protected]:
- resolution: {integrity:
sha512-+G4CpNBxa5MprY+04MbgOw1v7So6n5JY166pFi9KfYwT78fxScCeSNQSNzp6dpPSW2rONOps6Ocam1wFhCgoVw==}
+ [email protected]:
+ resolution: {integrity:
sha512-oRjTw/97aTBN0RHbYCdtF1MQfvusSIBQM0IZEgzl6426+8jSC0nF1a/GmnVLpfB9yyr6g6FTqWqiZVbxrtaCIg==}
engines: {node: 18 || 20 || >=22}
- [email protected]:
- resolution: {integrity:
sha512-M2GCs7Vk83NxkUyQV1bkABc4yxgz9kILhHImZiBPAZ9ybuvCb0/H7lEl5XvIg3g+9d4eNotkZA5IWwYl0tibaA==}
+ [email protected]:
+ resolution: {integrity:
sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==}
- [email protected]:
- resolution: {integrity:
sha512-kQAVowdR33euIqeA0+VZTDqU+qo1IeVY+hrKYtZMio3Pg0P0vuh/kwRylLUddJhB6pf3q/botcOvRtx4IN1wqQ==}
+ [email protected]:
+ resolution: {integrity:
sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==}
engines: {node: '>=16 || 14 >=14.17'}
[email protected]:
@@ -3548,6 +3537,10 @@ packages:
resolution: {integrity:
sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw==}
engines: {node: '>=16 || 14 >=14.17'}
+ [email protected]:
+ resolution: {integrity:
sha512-tEBHqDnIoM/1rXME1zgka9g6Q2lcoCkxHLuc7ODJ5BxbP5d4c2Z5cGgtXAku59200Cx7diuHTOYfSBD8n6mm8A==}
+ engines: {node: '>=16 || 14 >=14.17'}
+
[email protected]:
resolution: {integrity:
sha512-KZxYo1BUkWD2TVFLr0MQoM8vUUigWD3LlD83a/75BqC+4qE0Hb1Vo5v1FgcfaNXvfXzr+5EhQ6ing/CaBijTlw==}
engines: {node: '>= 18'}
@@ -3727,9 +3720,9 @@ packages:
resolution: {integrity:
sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA==}
engines: {node: '>=16 || 14 >=14.18'}
- [email protected]:
- resolution: {integrity:
sha512-oWyT4gICAu+kaA7QWk/jvCHWarMKNs6pXOGWKDTr7cw4IGcUbW+PeTfbaQiLGheFRpjo6O9J0PmyMfQPjH71oA==}
- engines: {node: 20 || >=22}
+ [email protected]:
+ resolution: {integrity:
sha512-3O/iVVsJAPsOnpwWIeD+d6z/7PmqApyQePUtCndjatj/9I5LylHvt5qluFaBT3I5h3r1ejfR056c+FCv+NnNXg==}
+ engines: {node: 18 || 20 || >=22}
[email protected]:
resolution: {integrity:
sha512-Yhpw4T9C6hPpgPeA28us07OJeqZ5EzQTkbfwuhsUg0c237RomFoETJgmp2sa3F/41gfLE6G5cqcYwznmeEeOlQ==}
@@ -5084,7 +5077,7 @@ snapshots:
'@codemirror/state': 6.5.2
'@codemirror/view': 6.36.4
'@lezer/common': 1.3.0
- '@lezer/highlight': 1.2.2
+ '@lezer/highlight': 1.2.3
'@lezer/lr': 1.4.2
style-mod: 4.1.2
@@ -5283,7 +5276,7 @@ snapshots:
dependencies:
'@eslint/object-schema': 2.1.7
debug: 4.4.1
- minimatch: 3.1.3
+ minimatch: 3.1.5
transitivePeerDependencies:
- supports-color
@@ -5304,7 +5297,7 @@ snapshots:
ignore: 5.3.2
import-fresh: 3.3.1
js-yaml: 4.1.1
- minimatch: 3.1.3
+ minimatch: 3.1.5
strip-json-comments: 3.1.1
transitivePeerDependencies:
- supports-color
@@ -5448,10 +5441,6 @@ snapshots:
'@lezer/[email protected]': {}
- '@lezer/[email protected]':
- dependencies:
- '@lezer/common': 1.3.0
-
'@lezer/[email protected]':
dependencies:
'@lezer/common': 1.5.1
@@ -5459,7 +5448,7 @@ snapshots:
'@lezer/[email protected]':
dependencies:
'@lezer/common': 1.3.0
- '@lezer/highlight': 1.2.2
+ '@lezer/highlight': 1.2.3
'@lezer/lr': 1.4.2
'@lezer/[email protected]':
@@ -5730,7 +5719,7 @@ snapshots:
'@ts-morph/[email protected]':
dependencies:
- minimatch: 10.2.2
+ minimatch: 10.2.4
path-browserify: 1.0.1
tinyglobby: 0.2.15
@@ -6019,7 +6008,7 @@ snapshots:
'@typescript-eslint/types': 8.48.1
'@typescript-eslint/visitor-keys': 8.48.1
debug: 4.4.1
- minimatch: 9.0.6
+ minimatch: 9.0.9
semver: 7.7.1
tinyglobby: 0.2.15
ts-api-utils: 2.1.0([email protected])
@@ -6034,7 +6023,7 @@ snapshots:
'@typescript-eslint/types': 8.49.0
'@typescript-eslint/visitor-keys': 8.49.0
debug: 4.4.1
- minimatch: 9.0.6
+ minimatch: 9.0.9
semver: 7.7.1
tinyglobby: 0.2.15
ts-api-utils: 2.1.0([email protected])
@@ -7261,6 +7250,10 @@ snapshots:
balanced-match: 1.0.2
concat-map: 0.0.1
+ [email protected]:
+ dependencies:
+ balanced-match: 1.0.2
+
[email protected]:
dependencies:
balanced-match: 4.0.3
@@ -7856,7 +7849,7 @@ snapshots:
hasown: 2.0.2
jsx-ast-utils: 3.3.5
language-tags: 1.0.9
- minimatch: 3.1.3
+ minimatch: 3.1.5
object.fromentries: 2.0.8
safe-regex-test: 1.1.0
string.prototype.includes: 2.0.1
@@ -7907,7 +7900,7 @@ snapshots:
estraverse: 5.3.0
hasown: 2.0.2
jsx-ast-utils: 3.3.5
- minimatch: 3.1.3
+ minimatch: 3.1.5
object.entries: 1.1.9
object.fromentries: 2.0.8
object.values: 1.2.1
@@ -7981,7 +7974,7 @@ snapshots:
is-glob: 4.0.3
json-stable-stringify-without-jsonify: 1.0.1
lodash.merge: 4.6.2
- minimatch: 3.1.3
+ minimatch: 3.1.5
natural-compare: 1.4.0
optionator: 0.9.4
optionalDependencies:
@@ -8194,7 +8187,7 @@ snapshots:
dependencies:
foreground-child: 3.3.1
jackspeak: 3.4.3
- minimatch: 9.0.6
+ minimatch: 9.0.9
minipass: 7.1.2
package-json-from-dist: 1.0.1
path-scurry: 1.11.1
@@ -8203,10 +8196,10 @@ snapshots:
dependencies:
foreground-child: 3.3.1
jackspeak: 4.2.3
- minimatch: 10.2.2
- minipass: 7.1.2
+ minimatch: 10.2.4
+ minipass: 7.1.3
package-json-from-dist: 1.0.1
- path-scurry: 2.0.1
+ path-scurry: 2.0.2
[email protected]: {}
@@ -8656,7 +8649,7 @@ snapshots:
[email protected]: {}
- [email protected]: {}
+ [email protected]: {}
[email protected]:
dependencies:
@@ -9036,22 +9029,24 @@ snapshots:
[email protected]: {}
- [email protected]:
+ [email protected]:
dependencies:
brace-expansion: 5.0.2
- [email protected]:
+ [email protected]:
dependencies:
brace-expansion: 1.1.12
- [email protected]:
+ [email protected]:
dependencies:
- brace-expansion: 5.0.2
+ brace-expansion: 2.0.2
[email protected]: {}
[email protected]: {}
+ [email protected]: {}
+
[email protected]:
dependencies:
minipass: 7.1.2
@@ -9270,10 +9265,10 @@ snapshots:
lru-cache: 10.4.3
minipass: 7.1.2
- [email protected]:
+ [email protected]:
dependencies:
- lru-cache: 11.2.5
- minipass: 7.1.2
+ lru-cache: 11.2.6
+ minipass: 7.1.3
[email protected]: {}
@@ -9910,7 +9905,7 @@ snapshots:
dependencies:
'@istanbuljs/schema': 0.1.3
glob: 10.5.0
- minimatch: 9.0.6
+ minimatch: 9.0.9
[email protected]: {}
diff --git a/dev/react-plugin-tools/react_plugin_template/package.json
b/dev/react-plugin-tools/react_plugin_template/package.json
index 3a06fb6290b..e23d62efa15 100644
--- a/dev/react-plugin-tools/react_plugin_template/package.json
+++ b/dev/react-plugin-tools/react_plugin_template/package.json
@@ -78,7 +78,7 @@
"esbuild"
],
"overrides": {
- "minimatch@<10.2.1": ">=10.2.1",
+ "minimatch@<10.2.3": ">=10.2.3",
"ajv@>=7.0.0-alpha.0 <8.18.0": ">=8.18.0",
"rollup@>=4.0.0 <4.59.0": ">=4.59.0"
}
diff --git a/dev/react-plugin-tools/react_plugin_template/pnpm-lock.yaml
b/dev/react-plugin-tools/react_plugin_template/pnpm-lock.yaml
index e2920fa60ea..cbe9f50f2c3 100644
--- a/dev/react-plugin-tools/react_plugin_template/pnpm-lock.yaml
+++ b/dev/react-plugin-tools/react_plugin_template/pnpm-lock.yaml
@@ -5,7 +5,7 @@ settings:
excludeLinksFromLockfile: false
overrides:
- minimatch@<10.2.1: '>=10.2.1'
+ minimatch@<10.2.3: '>=10.2.3'
ajv@>=7.0.0-alpha.0 <8.18.0: '>=8.18.0'
rollup@>=4.0.0 <4.59.0: '>=4.59.0'
@@ -600,79 +600,66 @@ packages:
resolution: {integrity:
sha512-t4ONHboXi/3E0rT6OZl1pKbl2Vgxf9vJfWgmUoCEVQVxhW6Cw/c8I6hbbu7DAvgp82RKiH7TpLwxnJeKv2pbsw==}
cpu: [arm]
os: [linux]
- libc: [glibc]
'@rollup/[email protected]':
resolution: {integrity:
sha512-CikFT7aYPA2ufMD086cVORBYGHffBo4K8MQ4uPS/ZnY54GKj36i196u8U+aDVT2LX4eSMbyHtyOh7D7Zvk2VvA==}
cpu: [arm]
os: [linux]
- libc: [musl]
'@rollup/[email protected]':
resolution: {integrity:
sha512-jYgUGk5aLd1nUb1CtQ8E+t5JhLc9x5WdBKew9ZgAXg7DBk0ZHErLHdXM24rfX+bKrFe+Xp5YuJo54I5HFjGDAA==}
cpu: [arm64]
os: [linux]
- libc: [glibc]
'@rollup/[email protected]':
resolution: {integrity:
sha512-peZRVEdnFWZ5Bh2KeumKG9ty7aCXzzEsHShOZEFiCQlDEepP1dpUl/SrUNXNg13UmZl+gzVDPsiCwnV1uI0RUA==}
cpu: [arm64]
os: [linux]
- libc: [musl]
'@rollup/[email protected]':
resolution: {integrity:
sha512-gbUSW/97f7+r4gHy3Jlup8zDG190AuodsWnNiXErp9mT90iCy9NKKU0Xwx5k8VlRAIV2uU9CsMnEFg/xXaOfXg==}
cpu: [loong64]
os: [linux]
- libc: [glibc]
'@rollup/[email protected]':
resolution: {integrity:
sha512-yTRONe79E+o0FWFijasoTjtzG9EBedFXJMl888NBEDCDV9I2wGbFFfJQQe63OijbFCUZqxpHz1GzpbtSFikJ4Q==}
cpu: [loong64]
os: [linux]
- libc: [musl]
'@rollup/[email protected]':
resolution: {integrity:
sha512-sw1o3tfyk12k3OEpRddF68a1unZ5VCN7zoTNtSn2KndUE+ea3m3ROOKRCZxEpmT9nsGnogpFP9x6mnLTCaoLkA==}
cpu: [ppc64]
os: [linux]
- libc: [glibc]
'@rollup/[email protected]':
resolution: {integrity:
sha512-+2kLtQ4xT3AiIxkzFVFXfsmlZiG5FXYW7ZyIIvGA7Bdeuh9Z0aN4hVyXS/G1E9bTP/vqszNIN/pUKCk/BTHsKA==}
cpu: [ppc64]
os: [linux]
- libc: [musl]
'@rollup/[email protected]':
resolution: {integrity:
sha512-NDYMpsXYJJaj+I7UdwIuHHNxXZ/b/N2hR15NyH3m2qAtb/hHPA4g4SuuvrdxetTdndfj9b1WOmy73kcPRoERUg==}
cpu: [riscv64]
os: [linux]
- libc: [glibc]
'@rollup/[email protected]':
resolution: {integrity:
sha512-nLckB8WOqHIf1bhymk+oHxvM9D3tyPndZH8i8+35p/1YiVoVswPid2yLzgX7ZJP0KQvnkhM4H6QZ5m0LzbyIAg==}
cpu: [riscv64]
os: [linux]
- libc: [musl]
'@rollup/[email protected]':
resolution: {integrity:
sha512-oF87Ie3uAIvORFBpwnCvUzdeYUqi2wY6jRFWJAy1qus/udHFYIkplYRW+wo+GRUP4sKzYdmE1Y3+rY5Gc4ZO+w==}
cpu: [s390x]
os: [linux]
- libc: [glibc]
'@rollup/[email protected]':
resolution: {integrity:
sha512-3AHmtQq/ppNuUspKAlvA8HtLybkDflkMuLK4DPo77DfthRb71V84/c4MlWJXixZz4uruIH4uaa07IqoAkG64fg==}
cpu: [x64]
os: [linux]
- libc: [glibc]
'@rollup/[email protected]':
resolution: {integrity:
sha512-2UdiwS/9cTAx7qIUZB/fWtToJwvt0Vbo0zmnYt7ED35KPg13Q0ym1g442THLC7VyI6JfYTP4PiSOWyoMdV2/xg==}
cpu: [x64]
os: [linux]
- libc: [musl]
'@rollup/[email protected]':
resolution: {integrity:
sha512-M3bLRAVk6GOwFlPTIxVBSYKUaqfLrn8l0psKinkCFxl4lQvOSz8ZrKDz2gxcBwHFpci0B6rttydI4IpS4IS/jQ==}
@@ -763,28 +750,24 @@ packages:
engines: {node: '>=10'}
cpu: [arm64]
os: [linux]
- libc: [glibc]
'@swc/[email protected]':
resolution: {integrity:
sha512-PYftgsTaGnfDK4m6/dty9ryK1FbLk+LosDJ/RJR2nkXGc8rd+WenXIlvHjWULiBVnS1RsjHHOXmTS4nDhe0v0w==}
engines: {node: '>=10'}
cpu: [arm64]
os: [linux]
- libc: [musl]
'@swc/[email protected]':
resolution: {integrity:
sha512-DKtnJKIHiZdARyTKiX7zdRjiDS1KihkQWatQiCHMv+zc2sfwb4Glrodx2VLOX4rsa92NLR0Sw8WLcPEMFY1szQ==}
engines: {node: '>=10'}
cpu: [x64]
os: [linux]
- libc: [glibc]
'@swc/[email protected]':
resolution: {integrity:
sha512-mUjjntHj4+8WBaiDe5UwRNHuEzLjIWBTSGTw0JT9+C9/Yyuh4KQqlcEQ3ro6GkHmBGXBFpGIj/o5VMyRWfVfWw==}
engines: {node: '>=10'}
cpu: [x64]
os: [linux]
- libc: [musl]
'@swc/[email protected]':
resolution: {integrity:
sha512-ZkNNG5zL49YpaFzfl6fskNOSxtcZ5uOYmWBkY4wVAvgbSAQzLRVBp+xArGWh2oXlY/WgL99zQSGTv7RI5E6nzA==}
@@ -2252,9 +2235,9 @@ packages:
resolution: {integrity:
sha512-I9jwMn07Sy/IwOj3zVkVik2JTvgpaykDZEigL6Rx6N9LbMywwUSMtxET+7lVoDLLd3O3IXwJwvuuns8UB/HeAg==}
engines: {node: '>=4'}
- [email protected]:
- resolution: {integrity:
sha512-MClCe8IL5nRRmawL6ib/eT4oLyeKMGCghibcDWK+J0hh0Q8kqSdia6BvbRMVk6mPa6WqUa5uR2oxt6C5jd533A==}
- engines: {node: 20 || >=22}
+ [email protected]:
+ resolution: {integrity:
sha512-oRjTw/97aTBN0RHbYCdtF1MQfvusSIBQM0IZEgzl6426+8jSC0nF1a/GmnVLpfB9yyr6g6FTqWqiZVbxrtaCIg==}
+ engines: {node: 18 || 20 || >=22}
[email protected]:
resolution: {integrity:
sha512-tEBHqDnIoM/1rXME1zgka9g6Q2lcoCkxHLuc7ODJ5BxbP5d4c2Z5cGgtXAku59200Cx7diuHTOYfSBD8n6mm8A==}
@@ -3332,7 +3315,7 @@ snapshots:
dependencies:
'@eslint/object-schema': 2.1.7
debug: 4.4.3
- minimatch: 10.2.1
+ minimatch: 10.2.4
transitivePeerDependencies:
- supports-color
@@ -3353,7 +3336,7 @@ snapshots:
ignore: 5.3.2
import-fresh: 3.3.1
js-yaml: 4.1.1
- minimatch: 10.2.1
+ minimatch: 10.2.4
strip-json-comments: 3.1.1
transitivePeerDependencies:
- supports-color
@@ -3441,7 +3424,7 @@ snapshots:
'@rushstack/ts-command-line': 5.3.1(@types/[email protected])
diff: 8.0.3
lodash: 4.17.23
- minimatch: 10.2.1
+ minimatch: 10.2.4
resolve: 1.22.11
semver: 7.5.4
source-map: 0.6.1
@@ -3867,7 +3850,7 @@ snapshots:
'@typescript-eslint/types': 8.50.0
'@typescript-eslint/visitor-keys': 8.50.0
debug: 4.4.3
- minimatch: 10.2.1
+ minimatch: 10.2.4
semver: 7.7.4
tinyglobby: 0.2.15
ts-api-utils: 2.4.0([email protected])
@@ -3882,7 +3865,7 @@ snapshots:
'@typescript-eslint/types': 8.56.0
'@typescript-eslint/visitor-keys': 8.56.0
debug: 4.4.3
- minimatch: 10.2.1
+ minimatch: 10.2.4
semver: 7.7.4
tinyglobby: 0.2.15
ts-api-utils: 2.4.0([email protected])
@@ -4028,7 +4011,7 @@ snapshots:
'@vue/compiler-vue2': 2.7.16
'@vue/shared': 3.5.28
alien-signals: 0.4.14
- minimatch: 10.2.1
+ minimatch: 10.2.4
muggle-string: 0.4.1
path-browserify: 1.0.1
optionalDependencies:
@@ -5057,7 +5040,7 @@ snapshots:
hasown: 2.0.2
jsx-ast-utils: 3.3.5
language-tags: 1.0.9
- minimatch: 10.2.1
+ minimatch: 10.2.4
object.fromentries: 2.0.8
safe-regex-test: 1.1.0
string.prototype.includes: 2.0.1
@@ -5101,7 +5084,7 @@ snapshots:
estraverse: 5.3.0
hasown: 2.0.2
jsx-ast-utils: 3.3.5
- minimatch: 10.2.1
+ minimatch: 10.2.4
object.entries: 1.1.9
object.fromentries: 2.0.8
object.values: 1.2.1
@@ -5175,7 +5158,7 @@ snapshots:
is-glob: 4.0.3
json-stable-stringify-without-jsonify: 1.0.1
lodash.merge: 4.6.2
- minimatch: 10.2.1
+ minimatch: 10.2.4
natural-compare: 1.4.0
optionator: 0.9.4
transitivePeerDependencies:
@@ -5311,7 +5294,7 @@ snapshots:
dependencies:
foreground-child: 3.3.1
jackspeak: 3.4.3
- minimatch: 10.2.1
+ minimatch: 10.2.4
minipass: 7.1.3
package-json-from-dist: 1.0.1
path-scurry: 1.11.1
@@ -5662,7 +5645,7 @@ snapshots:
[email protected]: {}
- [email protected]:
+ [email protected]:
dependencies:
brace-expansion: 5.0.2
@@ -6194,7 +6177,7 @@ snapshots:
dependencies:
'@istanbuljs/schema': 0.1.3
glob: 10.5.0
- minimatch: 10.2.1
+ minimatch: 10.2.4
[email protected]: {}
