chore(deps): bump minimatch from 10.2.3 to 10.2.4

[dependabot]

Bumps minimatch from 10.2.3 to 10.2.4.

Commits

• c36addb 10.2.4
• 26b9002 docs: add warning about ReDoS
• 3a0d83b fix partial matching of globstar patterns
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[Nick2bad4u]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[github-actions]

# npm audit report

diff  6.0.0 - 8.0.2
jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch - https://github.com/advisories/GHSA-73rr-hh4g-fpgx
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/diff
  mocha  8.0.0 - 12.0.0-beta-3
  Depends on vulnerable versions of diff
  Depends on vulnerable versions of serialize-javascript
  node_modules/mocha

glob  10.2.0 - 10.4.5
Severity: high
glob CLI: Command injection via -c/--cmd executes matches with shell:true - https://github.com/advisories/GHSA-5j98-mcp5-4vw2
fix available via `npm audit fix`
node_modules/@jest/reporters/node_modules/glob
node_modules/archiver-utils/node_modules/glob
node_modules/cacache/node_modules/glob
node_modules/jest-config/node_modules/glob
node_modules/jest-runtime/node_modules/glob
node_modules/js-beautify/node_modules/glob
node_modules/mocha/node_modules/glob

js-yaml  <3.14.2
Severity: moderate
js-yaml has prototype pollution in merge (<<) - https://github.com/advisories/GHSA-mh29-5h37-fv8m
fix available via `npm audit fix`
node_modules/@istanbuljs/load-nyc-config/node_modules/js-yaml

minimatch  <=3.1.3 || 5.0.0 - 5.1.7 || 9.0.0 - 9.0.6
Severity: high
minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern - https://github.com/advisories/GHSA-3ppc-4f35-3m26
minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern - https://github.com/advisories/GHSA-3ppc-4f35-3m26
minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern - https://github.com/advisories/GHSA-3ppc-4f35-3m26
minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments - https://github.com/advisories/GHSA-7r86-cg39-jmmj
minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments - https://github.com/advisories/GHSA-7r86-cg39-jmmj
minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments - https://github.com/advisories/GHSA-7r86-cg39-jmmj
minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions - https://github.com/advisories/GHSA-23c5-xmqv-rm74
minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions - https://github.com/advisories/GHSA-23c5-xmqv-rm74
minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions - https://github.com/advisories/GHSA-23c5-xmqv-rm74
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/@actions/glob/node_modules/minimatch
node_modules/@eslint/config-array/node_modules/minimatch
node_modules/@eslint/eslintrc/node_modules/minimatch
node_modules/@humanwhocodes/config-array/node_modules/minimatch
node_modules/@jest/reporters/node_modules/minimatch
node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch
node_modules/archiver-utils/node_modules/minimatch
node_modules/cacache/node_modules/minimatch
node_modules/editorconfig/node_modules/minimatch
node_modules/eslint-plugin-react/node_modules/minimatch
node_modules/eslint/node_modules/minimatch
node_modules/filelist/node_modules/minimatch
node_modules/glob/node_modules/minimatch
node_modules/jest-config/node_modules/minimatch
node_modules/jest-runtime/node_modules/minimatch
node_modules/js-beautify/node_modules/minimatch
node_modules/mem-fs-editor/node_modules/minimatch
node_modules/mocha/node_modules/minimatch
node_modules/multimatch/node_modules/minimatch
node_modules/prettier-eslint/node_modules/@eslint/eslintrc/node_modules/minimatch
node_modules/prettier-eslint/node_modules/eslint/node_modules/minimatch
node_modules/prettier-eslint/node_modules/minimatch
node_modules/readdir-glob/node_modules/minimatch
node_modules/test-exclude/node_modules/minimatch
  @typescript-eslint/typescript-estree  6.16.0 - 7.5.0
  Depends on vulnerable versions of minimatch
  node_modules/prettier-eslint/node_modules/@typescript-eslint/typescript-estree
    @typescript-eslint/parser  6.16.0 - 7.5.0
    Depends on vulnerable versions of @typescript-eslint/typescript-estree
    node_modules/prettier-eslint/node_modules/@typescript-eslint/parser
      prettier-eslint  16.3.1 - 16.4.2
      Depends on vulnerable versions of @typescript-eslint/parser
      node_modules/prettier-eslint
  editorconfig  1.0.3 - 1.0.4 || 2.0.0
  Depends on vulnerable versions of minimatch
  node_modules/editorconfig

serialize-javascript  <=7.0.2
Severity: high
Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString() - https://github.com/advisories/GHSA-5c6j-r48x-rmvq
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/serialize-javascript

tar  <=7.5.9
Severity: high
tar has Hardlink Path Traversal via Drive-Relative Linkpath - https://github.com/advisories/GHSA-qffp-2rhf-9h96
fix available via `npm audit fix`
node_modules/tar

undici  <6.23.0
Severity: moderate
Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion - https://github.com/advisories/GHSA-g9mf-h72j-4rw9
fix available via `npm audit fix --force`
Will install @actions/[email protected], which is a breaking change
node_modules/undici
  @actions/github  6.0.1 - 8.0.0
  Depends on vulnerable versions of undici
  node_modules/@actions/attest/node_modules/@actions/github
    @actions/attest  2.2.0 - 2.2.1
    Depends on vulnerable versions of @actions/github
    node_modules/@actions/attest

14 vulnerabilities (1 low, 4 moderate, 9 high)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force