From b57d0f1db2e7527e1b9676ab4ae6126e612801c2 Mon Sep 17 00:00:00 2001
From: davida-ps <david.a@prompt.security>
Date: Wed, 27 May 2026 09:23:45 +0300
Subject: [PATCH] fix(deps): avoid vulnerable brace-expansion range (#244)

* fix(deps): avoid vulnerable brace-expansion range

* fix(deps): use patched brace-expansion release
---
 package-lock.json | 16 +++++++++-------
 package.json      |  4 ++--
 2 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 358b2bc..b0a7213 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1997,10 +1997,11 @@
       }
     },
     "node_modules/brace-expansion": {
-      "version": "5.0.5",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.5.tgz",
-      "integrity": "sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==",
+      "version": "5.0.6",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.6.tgz",
+      "integrity": "sha512-kLpxurY4Z4r9sgMsyG0Z9uzsBlgiU/EFKhj/h91/8yHu0edo7XuixOIH3VcJ8kkxs6/jPzoI6U9Vj3WqbMQ94g==",
       "dev": true,
+      "license": "MIT",
       "dependencies": {
         "balanced-match": "^4.0.2"
       },
@@ -4652,12 +4653,13 @@
       ]
     },
     "node_modules/minimatch": {
-      "version": "10.2.4",
-      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.4.tgz",
-      "integrity": "sha512-oRjTw/97aTBN0RHbYCdtF1MQfvusSIBQM0IZEgzl6426+8jSC0nF1a/GmnVLpfB9yyr6g6FTqWqiZVbxrtaCIg==",
+      "version": "10.2.5",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.5.tgz",
+      "integrity": "sha512-MULkVLfKGYDFYejP07QOurDLLQpcjk7Fw+7jXS2R2czRQzR56yHRveU5NDJEOviH+hETZKSkIk5c+T23GjFUMg==",
       "dev": true,
+      "license": "BlueOak-1.0.0",
       "dependencies": {
-        "brace-expansion": "^5.0.2"
+        "brace-expansion": "^5.0.5"
       },
       "engines": {
         "node": "18 || 20 || >=22"
diff --git a/package.json b/package.json
index 5d8241d..8c455cb 100644
--- a/package.json
+++ b/package.json
@@ -42,8 +42,8 @@
   "overrides": {
     "ajv": "6.14.0",
     "balanced-match": "4.0.3",
-    "brace-expansion": "5.0.5",
-    "minimatch": "10.2.4",
+    "brace-expansion": "5.0.6",
+    "minimatch": "10.2.5",
     "picomatch": "4.0.4"
   }
 }