chore(deps): bump minimatch to fix ReDoS vulnerabilities

antonis · claude · antonis · commit 97932022ffe2 · 2026-03-03T09:56:02.000+01:00
Uses scoped yarn resolutions to patch minimatch across all affected major versions present in the dependency tree: - 3.x: 3.1.2/3.0.5 → 3.1.5 (fixes alert #441) - 5.x: 5.1.6 → 5.1.9 (fixes alert #440) - 8.x: 8.0.4 → 8.0.7 (fixes alert #439) - 9.x: 9.0.1/9.0.3/9.0.5 → 9.0.9 (fixes alert #438) - 10.x: 10.1.1 → 10.2.4 (fixes alerts #428, #432, #437) All fixes are dev-only dependencies. https://github.com/getsentry/sentry-react-native/security/dependabot/441 https://github.com/getsentry/sentry-react-native/security/dependabot/440 https://github.com/getsentry/sentry-react-native/security/dependabot/439 https://github.com/getsentry/sentry-react-native/security/dependabot/438 https://github.com/getsentry/sentry-react-native/security/dependabot/437 https://github.com/getsentry/sentry-react-native/security/dependabot/432 https://github.com/getsentry/sentry-react-native/security/dependabot/428 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
diff --git a/package.json b/package.json
@@ -75,6 +75,56 @@
     "eslint@npm:8.57.1/ajv": "^6.14.0",
     "eslint@npm:9.39.2/ajv": "^6.14.0",
     "express@npm:4.19.2/path-to-regexp": "0.1.12",
+    "@eslint/config-array@npm:0.21.1/minimatch": "^3.1.3",
+    "@eslint/eslintrc@npm:2.1.4/minimatch": "^3.1.3",
+    "@eslint/eslintrc@npm:3.3.3/minimatch": "^3.1.3",
+    "@expo/fingerprint@npm:0.6.1/minimatch": "^3.1.3",
+    "@humanwhocodes/config-array@npm:0.11.14/minimatch": "^3.1.3",
+    "@humanwhocodes/config-array@npm:0.13.0/minimatch": "^3.1.3",
+    "@lerna/create@npm:8.1.8/minimatch": "^3.1.3",
+    "eslint-plugin-import@npm:2.31.0/minimatch": "^3.1.3",
+    "eslint-plugin-import@npm:2.32.0/minimatch": "^3.1.3",
+    "eslint-plugin-node@npm:11.1.0/minimatch": "^3.1.3",
+    "eslint-plugin-react@npm:7.35.0/minimatch": "^3.1.3",
+    "eslint-plugin-react@npm:7.37.5/minimatch": "^3.1.3",
+    "eslint@npm:8.57.0/minimatch": "^3.1.3",
+    "eslint@npm:8.57.1/minimatch": "^3.1.3",
+    "eslint@npm:9.39.2/minimatch": "^3.1.3",
+    "glob@npm:6.0.4/minimatch": "^3.1.3",
+    "glob@npm:7.1.6/minimatch": "^3.1.3",
+    "glob@npm:7.2.3/minimatch": "^3.1.3",
+    "jake@npm:10.9.2/minimatch": "^3.1.3",
+    "lerna@npm:8.1.8/minimatch": "^3.1.3",
+    "multimatch@npm:5.0.0/minimatch": "^3.1.3",
+    "node-dir@npm:0.1.17/minimatch": "^3.1.3",
+    "test-exclude@npm:6.0.0/minimatch": "^3.1.3",
+    "filelist@npm:1.0.4/minimatch": "^5.1.8",
+    "glob@npm:8.1.0/minimatch": "^5.1.8",
+    "readdir-glob@npm:1.1.3/minimatch": "^5.1.8",
+    "glob@npm:9.3.5/minimatch": "^8.0.6",
+    "@expo/cli@npm:0.24.11/minimatch": "^9.0.7",
+    "@expo/cli@npm:54.0.22/minimatch": "^9.0.7",
+    "@expo/fingerprint@npm:0.12.4/minimatch": "^9.0.7",
+    "@expo/fingerprint@npm:0.15.4/minimatch": "^9.0.7",
+    "@expo/metro-config@npm:0.20.13/minimatch": "^9.0.7",
+    "@expo/metro-config@npm:54.0.14/minimatch": "^9.0.7",
+    "@npmcli/arborist@npm:7.5.4/minimatch": "^9.0.7",
+    "@npmcli/map-workspaces@npm:3.0.6/minimatch": "^9.0.7",
+    "@nx/devkit@npm:19.6.4/minimatch": "^9.0.7",
+    "@sentry/node@npm:10.31.0/minimatch": "^9.0.7",
+    "@tufjs/models@npm:2.0.1/minimatch": "^9.0.7",
+    "@typescript-eslint/typescript-estree@npm:6.21.0/minimatch": "^9.0.7",
+    "@typescript-eslint/typescript-estree@npm:7.18.0/minimatch": "^9.0.7",
+    "@typescript-eslint/typescript-estree@npm:8.50.0/minimatch": "^9.0.7",
+    "@typescript-eslint/typescript-estree@npm:8.54.0/minimatch": "^9.0.7",
+    "editorconfig@npm:1.0.4/minimatch": "^9.0.7",
+    "glob@npm:10.4.1/minimatch": "^9.0.7",
+    "glob@npm:10.4.5/minimatch": "^9.0.7",
+    "ignore-walk@npm:6.0.5/minimatch": "^9.0.7",
+    "npm-run-all2@npm:6.2.2/minimatch": "^9.0.7",
+    "nx@npm:19.6.4/minimatch": "^9.0.7",
+    "webdriverio@npm:8.40.5/minimatch": "^9.0.7",
+    "glob@npm:13.0.0/minimatch": "^10.2.3",
     "axios": "^1.13.5",
     "fast-xml-parser": "^5.3.6",
     "form-data": "4.0.5",
diff --git a/yarn.lock b/yarn.lock
@@ -6921,22 +6921,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@isaacs/balanced-match@npm:^4.0.1":
-  version: 4.0.1
-  resolution: "@isaacs/balanced-match@npm:4.0.1"
-  checksum: 102fbc6d2c0d5edf8f6dbf2b3feb21695a21bc850f11bc47c4f06aa83bd8884fde3fe9d6d797d619901d96865fdcb4569ac2a54c937992c48885c5e3d9967fe8
-  languageName: node
-  linkType: hard
-
-"@isaacs/brace-expansion@npm:^5.0.0":
-  version: 5.0.1
-  resolution: "@isaacs/brace-expansion@npm:5.0.1"
-  dependencies:
-    "@isaacs/balanced-match": ^4.0.1
-  checksum: 21f8192f022c320f7acf899730feb419b1a5f4ccc741481ef8f4b3111e97a41c06e5783871bb240da2e87de909c7fc5b0d07f73818db521fee06541c086ea351
-  languageName: node
-  linkType: hard
-
 "@isaacs/cliui@npm:^8.0.2":
   version: 8.0.2
   resolution: "@isaacs/cliui@npm:8.0.2"
@@ -15030,6 +15014,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"balanced-match@npm:^4.0.2":
+  version: 4.0.4
+  resolution: "balanced-match@npm:4.0.4"
+  checksum: fb07bb66a0959c2843fc055838047e2a95ccebb837c519614afb067ebfdf2fa967ca8d712c35ced07f2cd26fc6f07964230b094891315ad74f11eba3d53178a0
+  languageName: node
+  linkType: hard
+
 "bare-events@npm:^2.2.0":
   version: 2.4.2
   resolution: "bare-events@npm:2.4.2"
@@ -15310,6 +15301,24 @@ __metadata:
   languageName: node
   linkType: hard
 
+"brace-expansion@npm:^2.0.2":
+  version: 2.0.2
+  resolution: "brace-expansion@npm:2.0.2"
+  dependencies:
+    balanced-match: ^1.0.0
+  checksum: 01dff195e3646bc4b0d27b63d9bab84d2ebc06121ff5013ad6e5356daa5a9d6b60fa26cf73c74797f2dc3fbec112af13578d51f75228c1112b26c790a87b0488
+  languageName: node
+  linkType: hard
+
+"brace-expansion@npm:^5.0.2":
+  version: 5.0.4
+  resolution: "brace-expansion@npm:5.0.4"
+  dependencies:
+    balanced-match: ^4.0.2
+  checksum: ded86c0f0b138734110d67437fee52c1f97bc19175644788b1d71afec2d87d405cf05424ce428f88ae3abe8e09e13ee55f2675534b38076ef70e1e583ed75686
+  languageName: node
+  linkType: hard
+
 "braces@npm:^3.0.3, braces@npm:~3.0.2":
   version: 3.0.3
   resolution: "braces@npm:3.0.3"
@@ -26368,75 +26377,48 @@ __metadata:
   languageName: node
   linkType: hard
 
-"minimatch@npm:2 || 3, minimatch@npm:^3.0.2, minimatch@npm:^3.0.4, minimatch@npm:^3.0.5, minimatch@npm:^3.1.1, minimatch@npm:^3.1.2":
-  version: 3.1.2
-  resolution: "minimatch@npm:3.1.2"
+"minimatch@npm:^10.2.3":
+  version: 10.2.4
+  resolution: "minimatch@npm:10.2.4"
   dependencies:
-    brace-expansion: "npm:^1.1.7"
-  checksum: c154e566406683e7bcb746e000b84d74465b3a832c45d59912b9b55cd50dee66e5c4b1e5566dba26154040e51672f9aa450a9aef0c97cfc7336b78b7afb9540a
+    brace-expansion: ^5.0.2
+  checksum: 56dce6b04c6b30b500d81d7a29822c108b7d58c46696ec7332d04a2bd104a5cb69e5c7ce93e1783dc66d61400d831e6e226ca101ac23665aff32ca303619dc3d
   languageName: node
   linkType: hard
 
-"minimatch@npm:3.0.5":
-  version: 3.0.5
-  resolution: "minimatch@npm:3.0.5"
+"minimatch@npm:^3.1.3":
+  version: 3.1.5
+  resolution: "minimatch@npm:3.1.5"
   dependencies:
-    brace-expansion: "npm:^1.1.7"
-  checksum: a3b84b426eafca947741b864502cee02860c4e7b145de11ad98775cfcf3066fef422583bc0ffce0952ddf4750c1ccf4220b1556430d4ce10139f66247d87d69e
+    brace-expansion: ^1.1.7
+  checksum: 47ef6f412c08be045a7291d11b1c40777925accf7252dc6d3caa39b1bfbb3a7ea390ba7aba464d762d783265c644143d2c8a204e6b5763145024d52ee65a1941
   languageName: node
   linkType: hard
 
-"minimatch@npm:9.0.1":
-  version: 9.0.1
-  resolution: "minimatch@npm:9.0.1"
+"minimatch@npm:^5.1.8":
+  version: 5.1.9
+  resolution: "minimatch@npm:5.1.9"
   dependencies:
-    brace-expansion: "npm:^2.0.1"
-  checksum: 97f5f5284bb57dc65b9415dec7f17a0f6531a33572193991c60ff18450dcfad5c2dad24ffeaf60b5261dccd63aae58cc3306e2209d57e7f88c51295a532d8ec3
+    brace-expansion: ^2.0.1
+  checksum: 418438bd7701ba811f1108f28fcd3a638a6065c7b1245b85e25bcdb674410b4bebd8763c90c91bc8d22d93260c02cc129b354267a463c3399be5732d6e11e120
   languageName: node
   linkType: hard
 
-"minimatch@npm:9.0.3":
-  version: 9.0.3
-  resolution: "minimatch@npm:9.0.3"
+"minimatch@npm:^8.0.6":
+  version: 8.0.7
+  resolution: "minimatch@npm:8.0.7"
   dependencies:
-    brace-expansion: "npm:^2.0.1"
-  checksum: 253487976bf485b612f16bf57463520a14f512662e592e95c571afdab1442a6a6864b6c88f248ce6fc4ff0b6de04ac7aa6c8bb51e868e99d1d65eb0658a708b5
+    brace-expansion: ^2.0.1
+  checksum: edaefeb16297f4f3969287913adb04c12c5683f2bd8610c6d6bfd5aa5b98bbbfd6013a2d0bb24df62e8add9c265128df1bfdbb61bb043ef4aa86b449fc2a9c76
   languageName: node
   linkType: hard
 
-"minimatch@npm:^10.1.1":
-  version: 10.1.1
-  resolution: "minimatch@npm:10.1.1"
-  dependencies:
-    "@isaacs/brace-expansion": ^5.0.0
-  checksum: 8820c0be92994f57281f0a7a2cc4268dcc4b610f9a1ab666685716b4efe4b5898b43c835a8f22298875b31c7a278a5e3b7e253eee7c886546bb0b61fb94bca6b
-  languageName: node
-  linkType: hard
-
-"minimatch@npm:^5.0.1, minimatch@npm:^5.1.0":
-  version: 5.1.6
-  resolution: "minimatch@npm:5.1.6"
-  dependencies:
-    brace-expansion: "npm:^2.0.1"
-  checksum: 7564208ef81d7065a370f788d337cd80a689e981042cb9a1d0e6580b6c6a8c9279eba80010516e258835a988363f99f54a6f711a315089b8b42694f5da9d0d77
-  languageName: node
-  linkType: hard
-
-"minimatch@npm:^8.0.2":
-  version: 8.0.4
-  resolution: "minimatch@npm:8.0.4"
-  dependencies:
-    brace-expansion: "npm:^2.0.1"
-  checksum: 2e46cffb86bacbc524ad45a6426f338920c529dd13f3a732cc2cf7618988ee1aae88df4ca28983285aca9e0f45222019ac2d14ebd17c1edadd2ee12221ab801a
-  languageName: node
-  linkType: hard
-
-"minimatch@npm:^9.0.0, minimatch@npm:^9.0.4, minimatch@npm:^9.0.5":
-  version: 9.0.5
-  resolution: "minimatch@npm:9.0.5"
+"minimatch@npm:^9.0.7":
+  version: 9.0.9
+  resolution: "minimatch@npm:9.0.9"
   dependencies:
-    brace-expansion: "npm:^2.0.1"
-  checksum: 2c035575eda1e50623c731ec6c14f65a85296268f749b9337005210bb2b34e2705f8ef1a358b188f69892286ab99dc42c8fb98a57bde55c8d81b3023c19cea28
+    brace-expansion: ^2.0.2
+  checksum: 5292681ba1e14544ca9214ba5e412bb346214fb783354b22752f2d1e5c176e4a2c0bfcafeb1046389b816009ab73ba5410b176ce605632e8aa695db25f87f6b9
   languageName: node
   linkType: hard
 
