chore(deps): Bump braces from 3.0.2 to 3.0.3 #269

EelcoLos · 2024-06-27T19:43:14Z

This PR is a request to fix the "Uncontrolled resource consumption in braces"

This Dependabot *High issue is also visible at GHSA-grv7-fg5c-xmjg

these are displayed in : CWE-1050

PR on forked branch: Brink-Software#30

below is cited from Dependabot:

Bumps braces from 3.0.2 to 3.0.3.

Commits

74b2db2 3.0.3
88f1429 update eslint. lint, fix unit tests.
415d660 Snyk js braces 6838727 (#40)
190510f fix tests, skip 1 test in test/braces.expand
716eb9f readme bump
a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
98414f9 remove funding file
665ab5d update keepEscaping doc (#27)
Additional commits viewable in compare view

Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3. - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) --- updated-dependencies: - dependency-name: braces dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

amannn

Thanks a lot! 🙌

github-actions · 2024-06-28T07:05:56Z

🎉 This PR is included in version 5.5.3 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

amannn approved these changes Jun 28, 2024

View reviewed changes

amannn merged commit a663946 into amannn:main Jun 28, 2024
27 checks passed

amannn added a commit that referenced this pull request Jun 28, 2024

fix: Bump braces dependency (#269. by @EelcoLos)

2d952a1

dependabot bot deleted the dependabot/npm_and_yarn/braces-3.0.3 branch June 28, 2024 07:11

Provide feedback