Bump the dependencies group across 1 directory with 25 updates #1132
Trunk Check
Checked 2 modified files
20 existing issues (use --show-existing to see them)
✖ 5 new security issues
Details
To reproduce and test locally, run:
trunk check
For help resolving these issues, see our docs on running on PRs or debugging Trunk Check
Annotations
Check failure on line 2480 in package-lock.json
github-actions / Trunk Check
osv-scanner(GHSA-7r86-cg39-jmmj)
[new] 'minimatch' has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments. Current version is vulnerable: 9.0.4.
Check failure on line 2480 in package-lock.json
github-actions / Trunk Check
osv-scanner(GHSA-23c5-xmqv-rm74)
[new] 'minimatch' ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions. Current version is vulnerable: 9.0.4.
Check failure on line 2480 in package-lock.json
github-actions / Trunk Check
osv-scanner(GHSA-3ppc-4f35-3m26)
[new] 'minimatch' has a ReDoS via repeated wildcards with non-matching literal in pattern. Current version is vulnerable: 9.0.4.
Check notice on line 5710 in package-lock.json
github-actions / Trunk Check
osv-scanner(GHSA-v6h2-p8h4-qcjw)
[new] 'brace-expansion' Regular Expression Denial of Service vulnerability. Current version is vulnerable: 2.0.1.
Check warning on line 5710 in package-lock.json
github-actions / Trunk Check
osv-scanner(GHSA-f886-m6hf-6m8v)
[new] brace-expansion: Zero-step sequence causes process hang and memory exhaustion. Current version is vulnerable: 2.0.1.