fix(deps): vuln minor: js-yaml · patch: brace-expansion, minimatch [azure]

[gh-worker-campaigns-3e9aa4]

Summary: High-severity security update — 3 packages upgraded (MINOR changes included)

Manifests changed:

• azure (npm)

---

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.

---

Updates

Package	From	To	Type	Dep Type	Vulnerabilities Fixed
minimatch	9.0.5	9.0.9	patch	Transitive	6 HIGH
brace-expansion	2.0.2	2.0.3	patch	Transitive	2 MEDIUM
js-yaml	4.1.1	4.2.0	minor	Transitive	1 MEDIUM

---

Security Details

🚨 Critical & High Severity (6 fixed)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
minimatch	GHSA-7r86-cg39-jmmj	HIGH	minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments	9.0.5	10.2.3
minimatch	CVE-2026-27903	HIGH	minimatch has a ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments	9.0.5	-
minimatch	GHSA-23c5-xmqv-rm74	HIGH	minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions	9.0.5	10.2.3
minimatch	CVE-2026-27904	HIGH	minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions	9.0.5	-
minimatch	GHSA-3ppc-4f35-3m26	HIGH	minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern	9.0.5	10.2.1
minimatch	CVE-2026-26996	HIGH	minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern	9.0.5	-

ℹ️ Other Vulnerabilities (3)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
brace-expansion	GHSA-f886-m6hf-6m8v	MODERATE	brace-expansion: Zero-step sequence causes process hang and memory exhaustion	2.0.2	5.0.5
brace-expansion	CVE-2026-33750	MODERATE	brace-expansion: Zero-step sequence causes process hang and memory exhaustion	2.0.2	-
js-yaml	GHSA-h67p-54hq-rp68	MODERATE	JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases	4.1.1	4.2.0

---

Review Checklist

Standard review:

• Review changes for compatibility with your code
• Check for breaking changes in release notes
• Run tests locally or wait for CI
• Approve and merge this PR

---

Update Mode: all_vulns

🤖 Generated by DataDog Automated Dependency Management System

[dd-prapprover]

PRApprover will approve and merge this PR, FAQ, #dx-source-code-management

🛠️ PRApproval Status

• ✅ PR is eligible for auto-approval by rule dependency-management-version-updater - 2026-06-16T23:05:58Z
• ✅ CI tests passed - 2026-06-16T23:06:01Z
• ✅ Approved (commit: 3ac8328) - 2026-06-16T23:06:03Z
• ✅ Merge Started
• ✅ Merged - 2026-06-16T23:06:12Z

➡️ Current phase: PR merged successfully! ✅

[dd-prapprover]

This PR has been automatically approved by the DD PR Approver bot.