Skip to content

Security: Update minimatch dependency to latest version #11401

New issue
New issue
Closed as not planned
Closed as not planned
Security: Update minimatch dependency to latest version#11401
Labels
unable to reproissues that a maintainer was not able to reproduce
@caduaguiar

Description

@caduaguiar
caduaguiar
opened on Jul 15, 2025

Before You File a Bug Report Please Confirm You Have Done The Following...

  • I have tried restarting my IDE and the issue persists.
  • I have updated to the latest version of the packages.
  • I have searched for related issues and found none that matched my issue.
  • I have read the FAQ and my problem is not listed.

Relevant Package

ast-spec

Playground Link

No response

Repro Code

CVE-2025-5889: Excessive resource consumption vulnerability in the brace-expansion package.

ESLint Config

module.exports = {
  parser: "@typescript-eslint/parser",
  rules: {
    "@typescript-eslint/<rule-name>": ["error", ...<options>],
  },
};

tsconfig

{
  "compilerOptions": {
    // ...
  }
}

Expected Result

"minimatch": "^10.0.3",

Actual Result

"minimatch": "^9.0.5",

Additional Info

No response

Versions

package version
@typescript-eslint/eslint-plugin X.Y.Z
@typescript-eslint/parser X.Y.Z
@typescript-eslint/rule-tester X.Y.Z
@typescript-eslint/scope-manager X.Y.Z
@typescript-eslint/typescript-estree X.Y.Z
@typescript-eslint/type-utils X.Y.Z
@typescript-eslint/utils X.Y.Z
TypeScript X.Y.Z
ESLint X.Y.Z
node X.Y.Z

Metadata

Metadata

Assignees

No one assigned

    Labels

    unable to reproissues that a maintainer was not able to reproduce

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions