Skip to content

fix(core): update minimatch to 10.2.4#34660

Merged
JamesHenry merged 1 commit intomasterfrom
minimatch-10.2.4
Mar 2, 2026
Merged

fix(core): update minimatch to 10.2.4#34660
JamesHenry merged 1 commit intomasterfrom
minimatch-10.2.4

Conversation

@JamesHenry
Copy link
Copy Markdown
Collaborator

@JamesHenry JamesHenry commented Mar 2, 2026

As always with these things, there is no practical vulnerability here for Nx whatsoever, but patching to reduce noise for consumers.

  • minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments - GHSA-7r86-cg39-jmmj
  • minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions - GHSA-23c5-xmqv-rm74

@JamesHenry JamesHenry requested review from a team, FrozenPandaz and vsavkin as code owners March 2, 2026 11:03
@netlify
Copy link
Copy Markdown

netlify bot commented Mar 2, 2026
edited
Loading

Deploy Preview for nx-dev ready!

Name Link
🔨 Latest commit 48c4437
🔍 Latest deploy log https://app.netlify.com/projects/nx-dev/deploys/69a56e69ac922000087d1f19
😎 Deploy Preview https://deploy-preview-34660--nx-dev.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@netlify
Copy link
Copy Markdown

netlify bot commented Mar 2, 2026
edited
Loading

Deploy Preview for nx-docs ready!

Name Link
🔨 Latest commit 48c4437
🔍 Latest deploy log https://app.netlify.com/projects/nx-docs/deploys/69a56e699506460008eafc51
😎 Deploy Preview https://deploy-preview-34660--nx-docs.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@JamesHenry JamesHenry enabled auto-merge (squash) March 2, 2026 11:03
@nx-cloud
Copy link
Copy Markdown
Contributor

nx-cloud bot commented Mar 2, 2026
edited
Loading

View your CI Pipeline Execution ↗ for commit 48c4437

Command Status Duration Result
nx affected --targets=lint,test,build,e2e,e2e-c... ✅ Succeeded 44m 35s View ↗
nx run-many -t check-imports check-lock-files c... ✅ Succeeded 2m 11s View ↗
nx-cloud record -- nx-cloud conformance:check ✅ Succeeded 7s View ↗
nx-cloud record -- nx format:check ✅ Succeeded 1s View ↗
nx-cloud record -- nx sync:check ✅ Succeeded <1s View ↗

☁️ Nx Cloud last updated this comment at 2026-03-02 11:51:37 UTC

@JamesHenry JamesHenry mentioned this pull request Mar 2, 2026
Closed
@JamesHenry JamesHenry disabled auto-merge March 2, 2026 12:34
@JamesHenry JamesHenry merged commit 72eb1e0 into master Mar 2, 2026
23 of 24 checks passed
@JamesHenry JamesHenry deleted the minimatch-10.2.4 branch March 2, 2026 12:34
@HolgerJeromin HolgerJeromin mentioned this pull request Mar 2, 2026
Closed
4 tasks
FrozenPandaz pushed a commit that referenced this pull request Mar 4, 2026
@JamesHenry @FrozenPandaz
fix(core): update minimatch to 10.2.4 (#34660)
465a6ad 
(cherry picked from commit 72eb1e0)
@github-actions github-actions bot mentioned this pull request Mar 7, 2026
Open
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 8, 2026

This pull request has already been merged/closed. If you experience issues related to these changes, please open a new issue referencing this pull request.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Mar 8, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@AgentEnder AgentEnder AgentEnder approved these changes

@leosvelperez leosvelperez leosvelperez approved these changes

@FrozenPandaz FrozenPandaz Awaiting requested review from FrozenPandaz

@vsavkin vsavkin Awaiting requested review from vsavkin

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@JamesHenry @AgentEnder @leosvelperez