## Dependabot Alert - Alert: #10 - Package: minimatch - Severity: high - Manifest: pnpm-lock.yaml - Vulnerable range: >= 9.0.0, < 9.0.7 - Patched version: 9.0.7 - Advisory: GHSA-7r86-cg39-jmmj - CVE: CVE-2026-27903 - Public advisory: https://github.com/advisories/GHSA-7r86-cg39-jmmj ## Summary minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments ## Remediation - Update the dependency graph so minimatch resolves outside the vulnerable range. - Regenerate pnpm-lock.yaml. - Run the app test/build checks and package dry run. - Confirm GitHub Dependabot marks alert #10 resolved after merge.
Dependabot Alert
Summary
minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments
Remediation