mediawiki/extensions/Prezi: REL1_43 (log #2394087)

sourcepatches

This run took 28 seconds.

From 8498d706bc6a174f0c65b58fa90833e19cb6a62b Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Sun, 15 Mar 2026 21:36:17 +0000
Subject: [PATCH] build: Updating flatted to 3.4.1

* https://github.com/advisories/GHSA-25h7-pfq9-p65f

Change-Id: I2effcfd7efbf46cf074ddfdb5d6d17ed7d8f67fa
---
 package-lock.json | 98 +++++++++++++++++++----------------------------
 1 file changed, 40 insertions(+), 58 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 6444522..12e39a7 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -228,9 +228,9 @@
 			}
 		},
 		"node_modules/@eslint/eslintrc/node_modules/minimatch": {
-			"version": "3.1.3",
-			"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.3.tgz",
-			"integrity": "sha512-M2GCs7Vk83NxkUyQV1bkABc4yxgz9kILhHImZiBPAZ9ybuvCb0/H7lEl5XvIg3g+9d4eNotkZA5IWwYl0tibaA==",
+			"version": "3.1.5",
+			"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+			"integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
 			"dev": true,
 			"dependencies": {
 				"brace-expansion": "^1.1.7"
@@ -452,34 +452,22 @@
 				"typescript": ">=4.8.4 <6.0.0"
 			}
 		},
-		"node_modules/@typescript-eslint/typescript-estree/node_modules/balanced-match": {
-			"version": "4.0.4",
-			"resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-4.0.4.tgz",
-			"integrity": "sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA==",
-			"dev": true,
-			"engines": {
-				"node": "18 || 20 || >=22"
-			}
-		},
 		"node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion": {
-			"version": "5.0.3",
-			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.3.tgz",
-			"integrity": "sha512-fy6KJm2RawA5RcHkLa1z/ScpBeA762UF9KmZQxwIbDtRJrgLzM10depAiEQ+CXYcoiqW1/m96OAAoke2nE9EeA==",
+			"version": "2.0.2",
+			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+			"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
 			"dev": true,
 			"dependencies": {
-				"balanced-match": "^4.0.2"
-			},
-			"engines": {
-				"node": "18 || 20 || >=22"
+				"balanced-match": "^1.0.0"
 			}
 		},
 		"node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch": {
-			"version": "9.0.6",
-			"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.6.tgz",
-			"integrity": "sha512-kQAVowdR33euIqeA0+VZTDqU+qo1IeVY+hrKYtZMio3Pg0P0vuh/kwRylLUddJhB6pf3q/botcOvRtx4IN1wqQ==",
+			"version": "9.0.9",
+			"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz",
+			"integrity": "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==",
 			"dev": true,
 			"dependencies": {
-				"brace-expansion": "^5.0.2"
+				"brace-expansion": "^2.0.2"
 			},
 			"engines": {
 				"node": ">=16 || 14 >=14.17"
@@ -1428,9 +1416,9 @@
 			}
 		},
 		"node_modules/eslint-plugin-unicorn/node_modules/minimatch": {
-			"version": "3.1.3",
-			"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.3.tgz",
-			"integrity": "sha512-M2GCs7Vk83NxkUyQV1bkABc4yxgz9kILhHImZiBPAZ9ybuvCb0/H7lEl5XvIg3g+9d4eNotkZA5IWwYl0tibaA==",
+			"version": "3.1.5",
+			"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+			"integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
 			"dev": true,
 			"dependencies": {
 				"brace-expansion": "^1.1.7"
@@ -1566,9 +1554,9 @@
 			}
 		},
 		"node_modules/eslint/node_modules/minimatch": {
-			"version": "3.1.3",
-			"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.3.tgz",
-			"integrity": "sha512-M2GCs7Vk83NxkUyQV1bkABc4yxgz9kILhHImZiBPAZ9ybuvCb0/H7lEl5XvIg3g+9d4eNotkZA5IWwYl0tibaA==",
+			"version": "3.1.5",
+			"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+			"integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
 			"dev": true,
 			"dependencies": {
 				"brace-expansion": "^1.1.7"
@@ -1804,9 +1792,9 @@
 			}
 		},
 		"node_modules/flatted": {
-			"version": "3.3.3",
-			"resolved": "https://registry.npmjs.org/flatted/-/flatted-3.3.3.tgz",
-			"integrity": "sha512-GX+ysw4PBCz0PzosHDepZGANEuFCMLrnRTiEy9McGjmkCQYwRq4A/X786G/fjM/+OjsWSU1ZrY5qyARZmO/uwg==",
+			"version": "3.4.1",
+			"resolved": "https://registry.npmjs.org/flatted/-/flatted-3.4.1.tgz",
+			"integrity": "sha512-IxfVbRFVlV8V/yRaGzk0UVIcsKKHMSfYw66T/u4nTwlWteQePsxe//LjudR1AMX4tZW3WFCh3Zqa/sjlqpbURQ==",
 			"dev": true
 		},
 		"node_modules/for-in": {
@@ -3934,9 +3922,9 @@
 					}
 				},
 				"minimatch": {
-					"version": "3.1.3",
-					"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.3.tgz",
-					"integrity": "sha512-M2GCs7Vk83NxkUyQV1bkABc4yxgz9kILhHImZiBPAZ9ybuvCb0/H7lEl5XvIg3g+9d4eNotkZA5IWwYl0tibaA==",
+					"version": "3.1.5",
+					"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+					"integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
 					"dev": true,
 					"requires": {
 						"brace-expansion": "^1.1.7"
@@ -4090,28 +4078,22 @@
 				"ts-api-utils": "^2.4.0"
 			},
 			"dependencies": {
-				"balanced-match": {
-					"version": "4.0.4",
-					"resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-4.0.4.tgz",
-					"integrity": "sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA==",
-					"dev": true
-				},
 				"brace-expansion": {
-					"version": "5.0.3",
-					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.3.tgz",
-					"integrity": "sha512-fy6KJm2RawA5RcHkLa1z/ScpBeA762UF9KmZQxwIbDtRJrgLzM10depAiEQ+CXYcoiqW1/m96OAAoke2nE9EeA==",
+					"version": "2.0.2",
+					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+					"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
 					"dev": true,
 					"requires": {
-						"balanced-match": "^4.0.2"
+						"balanced-match": "^1.0.0"
 					}
 				},
 				"minimatch": {
-					"version": "9.0.6",
-					"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.6.tgz",
-					"integrity": "sha512-kQAVowdR33euIqeA0+VZTDqU+qo1IeVY+hrKYtZMio3Pg0P0vuh/kwRylLUddJhB6pf3q/botcOvRtx4IN1wqQ==",
+					"version": "9.0.9",
+					"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz",
+					"integrity": "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==",
 					"dev": true,
 					"requires": {
-						"brace-expansion": "^5.0.2"
+						"brace-expansion": "^2.0.2"
 					}
 				}
 			}
@@ -4543,9 +4525,9 @@
 					}
 				},
 				"minimatch": {
-					"version": "3.1.3",
-					"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.3.tgz",
-					"integrity": "sha512-M2GCs7Vk83NxkUyQV1bkABc4yxgz9kILhHImZiBPAZ9ybuvCb0/H7lEl5XvIg3g+9d4eNotkZA5IWwYl0tibaA==",
+					"version": "3.1.5",
+					"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+					"integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
 					"dev": true,
 					"requires": {
 						"brace-expansion": "^1.1.7"
@@ -4800,9 +4782,9 @@
 					}
 				},
 				"minimatch": {
-					"version": "3.1.3",
-					"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.3.tgz",
-					"integrity": "sha512-M2GCs7Vk83NxkUyQV1bkABc4yxgz9kILhHImZiBPAZ9ybuvCb0/H7lEl5XvIg3g+9d4eNotkZA5IWwYl0tibaA==",
+					"version": "3.1.5",
+					"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+					"integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
 					"dev": true,
 					"requires": {
 						"brace-expansion": "^1.1.7"
@@ -5050,9 +5032,9 @@
 			}
 		},
 		"flatted": {
-			"version": "3.3.3",
-			"resolved": "https://registry.npmjs.org/flatted/-/flatted-3.3.3.tgz",
-			"integrity": "sha512-GX+ysw4PBCz0PzosHDepZGANEuFCMLrnRTiEy9McGjmkCQYwRq4A/X786G/fjM/+OjsWSU1ZrY5qyARZmO/uwg==",
+			"version": "3.4.1",
+			"resolved": "https://registry.npmjs.org/flatted/-/flatted-3.4.1.tgz",
+			"integrity": "sha512-IxfVbRFVlV8V/yRaGzk0UVIcsKKHMSfYw66T/u4nTwlWteQePsxe//LjudR1AMX4tZW3WFCh3Zqa/sjlqpbURQ==",
 			"dev": true
 		},
 		"for-in": {
-- 
2.47.3


$ date
--- stdout ---
Sun Mar 15 21:35:58 UTC 2026

--- end ---
$ git clone file:///srv/git/mediawiki-extensions-Prezi.git /src/repo --depth=1 -b REL1_43
--- stderr ---
Cloning into '/src/repo'...
--- stdout ---

--- end ---
$ git config user.name libraryupgrader
--- stdout ---

--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---

--- end ---
$ git submodule update --init
--- stdout ---

--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.

--- end ---
$ git show-ref refs/heads/REL1_43
--- stdout ---
18bd0e00c770f48769f6fe043f0540734e670d7d refs/heads/REL1_43

--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "flatted": {
      "name": "flatted",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1114526,
          "name": "flatted",
          "dependency": "flatted",
          "title": "flatted vulnerable to unbounded recursion DoS in parse() revive phase",
          "url": "https://github.com/advisories/GHSA-25h7-pfq9-p65f",
          "severity": "high",
          "cwe": [
            "CWE-674"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<3.4.0"
        }
      ],
      "effects": [],
      "range": "<3.4.0",
      "nodes": [
        "node_modules/flatted"
      ],
      "fixAvailable": true
    },
    "grunt": {
      "name": "grunt",
      "severity": "high",
      "isDirect": true,
      "via": [
        "minimatch"
      ],
      "effects": [
        "grunt-eslint"
      ],
      "range": ">=0.4.0-a",
      "nodes": [
        "node_modules/grunt"
      ],
      "fixAvailable": {
        "name": "grunt",
        "version": "0.3.17",
        "isSemVerMajor": true
      }
    },
    "grunt-eslint": {
      "name": "grunt-eslint",
      "severity": "high",
      "isDirect": true,
      "via": [
        "grunt"
      ],
      "effects": [],
      "range": "<=1.0.0 || >=18.1.0",
      "nodes": [
        "node_modules/grunt-eslint"
      ],
      "fixAvailable": {
        "name": "grunt-eslint",
        "version": "18.0.0",
        "isSemVerMajor": true
      }
    },
    "minimatch": {
      "name": "minimatch",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1113459,
          "name": "minimatch",
          "dependency": "minimatch",
          "title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
          "url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
          "severity": "high",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": "<3.1.3"
        },
        {
          "source": 1113538,
          "name": "minimatch",
          "dependency": "minimatch",
          "title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
          "url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
          "severity": "high",
          "cwe": [
            "CWE-407"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<3.1.3"
        },
        {
          "source": 1113544,
          "name": "minimatch",
          "dependency": "minimatch",
          "title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
          "url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
          "severity": "high",
          "cwe": [
            "CWE-407"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=9.0.0 <9.0.7"
        },
        {
          "source": 1113546,
          "name": "minimatch",
          "dependency": "minimatch",
          "title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
          "url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
          "severity": "high",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<3.1.4"
        },
        {
          "source": 1113552,
          "name": "minimatch",
          "dependency": "minimatch",
          "title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
          "url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
          "severity": "high",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=9.0.0 <9.0.7"
        }
      ],
      "effects": [
        "grunt"
      ],
      "range": "<=3.1.3 || 9.0.0 - 9.0.6",
      "nodes": [
        "node_modules/@eslint/eslintrc/node_modules/minimatch",
        "node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch",
        "node_modules/eslint-plugin-unicorn/node_modules/minimatch",
        "node_modules/eslint/node_modules/minimatch",
        "node_modules/minimatch"
      ],
      "fixAvailable": {
        "name": "grunt",
        "version": "0.3.17",
        "isSemVerMajor": true
      }
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 0,
      "moderate": 0,
      "high": 4,
      "critical": 0,
      "total": 4
    },
    "dependencies": {
      "prod": 1,
      "dev": 318,
      "optional": 0,
      "peer": 1,
      "peerOptional": 0,
      "total": 318
    }
  }
}

--- end ---
$ /usr/bin/composer install
--- stderr ---
No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information.
Loading composer repositories with package information
Updating dependencies
Lock file operations: 13 installs, 0 updates, 0 removals
  - Locking mediawiki/minus-x (1.1.3)
  - Locking php-parallel-lint/php-console-color (v1.0.1)
  - Locking php-parallel-lint/php-console-highlighter (v1.0.0)
  - Locking php-parallel-lint/php-parallel-lint (v1.4.0)
  - Locking psr/container (2.0.2)
  - Locking symfony/console (v7.4.7)
  - Locking symfony/deprecation-contracts (v3.6.0)
  - Locking symfony/polyfill-ctype (v1.33.0)
  - Locking symfony/polyfill-intl-grapheme (v1.33.0)
  - Locking symfony/polyfill-intl-normalizer (v1.33.0)
  - Locking symfony/polyfill-mbstring (v1.33.0)
  - Locking symfony/service-contracts (v3.6.1)
  - Locking symfony/string (v8.0.6)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 13 installs, 0 updates, 0 removals
    0 [>---------------------------]    0 [->--------------------------]
  - Installing symfony/polyfill-mbstring (v1.33.0): Extracting archive
  - Installing symfony/polyfill-intl-normalizer (v1.33.0): Extracting archive
  - Installing symfony/polyfill-intl-grapheme (v1.33.0): Extracting archive
  - Installing symfony/polyfill-ctype (v1.33.0): Extracting archive
  - Installing symfony/string (v8.0.6): Extracting archive
  - Installing symfony/deprecation-contracts (v3.6.0): Extracting archive
  - Installing psr/container (2.0.2): Extracting archive
  - Installing symfony/service-contracts (v3.6.1): Extracting archive
  - Installing symfony/console (v7.4.7): Extracting archive
  - Installing mediawiki/minus-x (1.1.3): Extracting archive
  - Installing php-parallel-lint/php-console-color (v1.0.1): Extracting archive
  - Installing php-parallel-lint/php-console-highlighter (v1.0.0): Extracting archive
  - Installing php-parallel-lint/php-parallel-lint (v1.4.0): Extracting archive
  0/13 [>---------------------------]   0%
 13/13 [============================] 100%
Generating autoload files
8 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
--- stdout ---

--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "flatted": {
      "name": "flatted",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1114526,
          "name": "flatted",
          "dependency": "flatted",
          "title": "flatted vulnerable to unbounded recursion DoS in parse() revive phase",
          "url": "https://github.com/advisories/GHSA-25h7-pfq9-p65f",
          "severity": "high",
          "cwe": [
            "CWE-674"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<3.4.0"
        }
      ],
      "effects": [],
      "range": "<3.4.0",
      "nodes": [
        "node_modules/flatted"
      ],
      "fixAvailable": true
    },
    "grunt": {
      "name": "grunt",
      "severity": "high",
      "isDirect": true,
      "via": [
        "minimatch"
      ],
      "effects": [
        "grunt-eslint"
      ],
      "range": ">=0.4.0-a",
      "nodes": [
        "node_modules/grunt"
      ],
      "fixAvailable": {
        "name": "grunt",
        "version": "0.3.17",
        "isSemVerMajor": true
      }
    },
    "grunt-eslint": {
      "name": "grunt-eslint",
      "severity": "high",
      "isDirect": true,
      "via": [
        "grunt"
      ],
      "effects": [],
      "range": "<=1.0.0 || >=18.1.0",
      "nodes": [
        "node_modules/grunt-eslint"
      ],
      "fixAvailable": {
        "name": "grunt-eslint",
        "version": "18.0.0",
        "isSemVerMajor": true
      }
    },
    "minimatch": {
      "name": "minimatch",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1113459,
          "name": "minimatch",
          "dependency": "minimatch",
          "title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
          "url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
          "severity": "high",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": "<3.1.3"
        },
        {
          "source": 1113538,
          "name": "minimatch",
          "dependency": "minimatch",
          "title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
          "url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
          "severity": "high",
          "cwe": [
            "CWE-407"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<3.1.3"
        },
        {
          "source": 1113544,
          "name": "minimatch",
          "dependency": "minimatch",
          "title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
          "url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
          "severity": "high",
          "cwe": [
            "CWE-407"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=9.0.0 <9.0.7"
        },
        {
          "source": 1113546,
          "name": "minimatch",
          "dependency": "minimatch",
          "title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
          "url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
          "severity": "high",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<3.1.4"
        },
        {
          "source": 1113552,
          "name": "minimatch",
          "dependency": "minimatch",
          "title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
          "url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
          "severity": "high",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=9.0.0 <9.0.7"
        }
      ],
      "effects": [
        "grunt"
      ],
      "range": "<=3.1.3 || 9.0.0 - 9.0.6",
      "nodes": [
        "node_modules/@eslint/eslintrc/node_modules/minimatch",
        "node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch",
        "node_modules/eslint-plugin-unicorn/node_modules/minimatch",
        "node_modules/eslint/node_modules/minimatch",
        "node_modules/minimatch"
      ],
      "fixAvailable": {
        "name": "grunt",
        "version": "0.3.17",
        "isSemVerMajor": true
      }
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 0,
      "moderate": 0,
      "high": 4,
      "critical": 0,
      "total": 4
    },
    "dependencies": {
      "prod": 1,
      "dev": 318,
      "optional": 0,
      "peer": 1,
      "peerOptional": 0,
      "total": 318
    }
  }
}

--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
--- stdout ---
{
  "added": 317,
  "removed": 0,
  "changed": 0,
  "audited": 318,
  "funding": 66,
  "audit": {
    "auditReportVersion": 2,
    "vulnerabilities": {
      "flatted": {
        "name": "flatted",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1114526,
            "name": "flatted",
            "dependency": "flatted",
            "title": "flatted vulnerable to unbounded recursion DoS in parse() revive phase",
            "url": "https://github.com/advisories/GHSA-25h7-pfq9-p65f",
            "severity": "high",
            "cwe": [
              "CWE-674"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": "<3.4.0"
          }
        ],
        "effects": [],
        "range": "<3.4.0",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      },
      "grunt": {
        "name": "grunt",
        "severity": "high",
        "isDirect": true,
        "via": [
          "minimatch"
        ],
        "effects": [
          "grunt-eslint"
        ],
        "range": ">=0.4.0-a",
        "nodes": [
          "node_modules/grunt"
        ],
        "fixAvailable": {
          "name": "grunt",
          "version": "0.3.17",
          "isSemVerMajor": true
        }
      },
      "grunt-eslint": {
        "name": "grunt-eslint",
        "severity": "high",
        "isDirect": true,
        "via": [
          "grunt"
        ],
        "effects": [],
        "range": "<=1.0.0 || >=18.1.0",
        "nodes": [
          "node_modules/grunt-eslint"
        ],
        "fixAvailable": {
          "name": "grunt-eslint",
          "version": "18.0.0",
          "isSemVerMajor": true
        }
      },
      "minimatch": {
        "name": "minimatch",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1113459,
            "name": "minimatch",
            "dependency": "minimatch",
            "title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
            "url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
            "severity": "high",
            "cwe": [
              "CWE-1333"
            ],
            "cvss": {
              "score": 0,
              "vectorString": null
            },
            "range": "<3.1.3"
          },
          {
            "source": 1113538,
            "name": "minimatch",
            "dependency": "minimatch",
            "title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
            "url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
            "severity": "high",
            "cwe": [
              "CWE-407"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": "<3.1.3"
          },
          {
            "source": 1113544,
            "name": "minimatch",
            "dependency": "minimatch",
            "title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
            "url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
            "severity": "high",
            "cwe": [
              "CWE-407"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": ">=9.0.0 <9.0.7"
          },
          {
            "source": 1113546,
            "name": "minimatch",
            "dependency": "minimatch",
            "title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
            "url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
            "severity": "high",
            "cwe": [
              "CWE-1333"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": "<3.1.4"
          },
          {
            "source": 1113552,
            "name": "minimatch",
            "dependency": "minimatch",
            "title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
            "url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
            "severity": "high",
            "cwe": [
              "CWE-1333"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": ">=9.0.0 <9.0.7"
          }
        ],
        "effects": [
          "grunt"
        ],
        "range": "<=3.1.3 || 9.0.0 - 9.0.6",
        "nodes": [
          "",
          "",
          "",
          "",
          "node_modules/minimatch"
        ],
        "fixAvailable": {
          "name": "grunt",
          "version": "0.3.17",
          "isSemVerMajor": true
        }
      }
    },
    "metadata": {
      "vulnerabilities": {
        "info": 0,
        "low": 0,
        "moderate": 0,
        "high": 4,
        "critical": 0,
        "total": 4
      },
      "dependencies": {
        "prod": 1,
        "dev": 317,
        "optional": 0,
        "peer": 1,
        "peerOptional": 0,
        "total": 317
      }
    }
  }
}

--- end ---
{"added": 317, "removed": 0, "changed": 0, "audited": 318, "funding": 66, "audit": {"auditReportVersion": 2, "vulnerabilities": {"flatted": {"name": "flatted", "severity": "high", "isDirect": false, "via": [{"source": 1114526, "name": "flatted", "dependency": "flatted", "title": "flatted vulnerable to unbounded recursion DoS in parse() revive phase", "url": "https://github.com/advisories/GHSA-25h7-pfq9-p65f", "severity": "high", "cwe": ["CWE-674"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.4.0"}], "effects": [], "range": "<3.4.0", "nodes": [""], "fixAvailable": true}, "grunt": {"name": "grunt", "severity": "high", "isDirect": true, "via": ["minimatch"], "effects": ["grunt-eslint"], "range": ">=0.4.0-a", "nodes": ["node_modules/grunt"], "fixAvailable": {"name": "grunt", "version": "0.3.17", "isSemVerMajor": true}}, "grunt-eslint": {"name": "grunt-eslint", "severity": "high", "isDirect": true, "via": ["grunt"], "effects": [], "range": "<=1.0.0 || >=18.1.0", "nodes": ["node_modules/grunt-eslint"], "fixAvailable": {"name": "grunt-eslint", "version": "18.0.0", "isSemVerMajor": true}}, "minimatch": {"name": "minimatch", "severity": "high", "isDirect": false, "via": [{"source": 1113459, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern", "url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 0, "vectorString": null}, "range": "<3.1.3"}, {"source": 1113538, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments", "url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj", "severity": "high", "cwe": ["CWE-407"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.1.3"}, {"source": 1113544, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments", "url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj", "severity": "high", "cwe": ["CWE-407"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=9.0.0 <9.0.7"}, {"source": 1113546, "name": "minimatch", "dependency": "minimatch", "title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions", "url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.1.4"}, {"source": 1113552, "name": "minimatch", "dependency": "minimatch", "title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions", "url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=9.0.0 <9.0.7"}], "effects": ["grunt"], "range": "<=3.1.3 || 9.0.0 - 9.0.6", "nodes": ["", "", "", "", "node_modules/minimatch"], "fixAvailable": {"name": "grunt", "version": "0.3.17", "isSemVerMajor": true}}}, "metadata": {"vulnerabilities": {"info": 0, "low": 0, "moderate": 0, "high": 4, "critical": 0, "total": 4}, "dependencies": {"prod": 1, "dev": 317, "optional": 0, "peer": 1, "peerOptional": 0, "total": 317}}}}
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated glob@7.1.7: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me
--- stdout ---

added 317 packages, and audited 318 packages in 4s

66 packages are looking for funding
  run `npm fund` for details

# npm audit report

minimatch  <=3.1.3
Severity: high
minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern - https://github.com/advisories/GHSA-3ppc-4f35-3m26
minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments - https://github.com/advisories/GHSA-7r86-cg39-jmmj
minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions - https://github.com/advisories/GHSA-23c5-xmqv-rm74
fix available via `npm audit fix --force`
Will install grunt@0.3.17, which is a breaking change
node_modules/minimatch
  grunt  >=0.4.0-a
  Depends on vulnerable versions of minimatch
  node_modules/grunt
    grunt-eslint  <=1.0.0 || >=18.1.0
    Depends on vulnerable versions of grunt
    node_modules/grunt-eslint

3 high severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force

--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated glob@7.1.7: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me
--- stdout ---

added 317 packages, and audited 318 packages in 3s

66 packages are looking for funding
  run `npm fund` for details

3 high severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force

Run `npm audit` for details.

--- end ---
$ /usr/bin/npm test
--- stdout ---

> test
> grunt test

Running "eslint:all" (eslint) task

Running "banana:all" (banana) task
>> 1 message directory checked.

Done.

--- end ---
{"1114526": {"source": 1114526, "name": "flatted", "dependency": "flatted", "title": "flatted vulnerable to unbounded recursion DoS in parse() revive phase", "url": "https://github.com/advisories/GHSA-25h7-pfq9-p65f", "severity": "high", "cwe": ["CWE-674"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.4.0"}}
Upgrading n:flatted from 3.3.3 -> 3.4.1
$ package-lock-lint /src/repo/package-lock.json
--- stdout ---
Checking /src/repo/package-lock.json

--- end ---
build: Updating flatted to 3.4.1

* https://github.com/advisories/GHSA-25h7-pfq9-p65f

$ git add .
--- stdout ---

--- end ---
$ git commit -F /tmp/tmpzornx9ps
--- stdout ---
[REL1_43 8498d70] build: Updating flatted to 3.4.1
 1 file changed, 40 insertions(+), 58 deletions(-)

--- end ---
$ git format-patch HEAD~1 --stdout
--- stdout ---
From 8498d706bc6a174f0c65b58fa90833e19cb6a62b Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Sun, 15 Mar 2026 21:36:17 +0000
Subject: [PATCH] build: Updating flatted to 3.4.1

* https://github.com/advisories/GHSA-25h7-pfq9-p65f

Change-Id: I2effcfd7efbf46cf074ddfdb5d6d17ed7d8f67fa
---
 package-lock.json | 98 +++++++++++++++++++----------------------------
 1 file changed, 40 insertions(+), 58 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 6444522..12e39a7 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -228,9 +228,9 @@
 			}
 		},
 		"node_modules/@eslint/eslintrc/node_modules/minimatch": {
-			"version": "3.1.3",
-			"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.3.tgz",
-			"integrity": "sha512-M2GCs7Vk83NxkUyQV1bkABc4yxgz9kILhHImZiBPAZ9ybuvCb0/H7lEl5XvIg3g+9d4eNotkZA5IWwYl0tibaA==",
+			"version": "3.1.5",
+			"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+			"integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
 			"dev": true,
 			"dependencies": {
 				"brace-expansion": "^1.1.7"
@@ -452,34 +452,22 @@
 				"typescript": ">=4.8.4 <6.0.0"
 			}
 		},
-		"node_modules/@typescript-eslint/typescript-estree/node_modules/balanced-match": {
-			"version": "4.0.4",
-			"resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-4.0.4.tgz",
-			"integrity": "sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA==",
-			"dev": true,
-			"engines": {
-				"node": "18 || 20 || >=22"
-			}
-		},
 		"node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion": {
-			"version": "5.0.3",
-			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.3.tgz",
-			"integrity": "sha512-fy6KJm2RawA5RcHkLa1z/ScpBeA762UF9KmZQxwIbDtRJrgLzM10depAiEQ+CXYcoiqW1/m96OAAoke2nE9EeA==",
+			"version": "2.0.2",
+			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+			"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
 			"dev": true,
 			"dependencies": {
-				"balanced-match": "^4.0.2"
-			},
-			"engines": {
-				"node": "18 || 20 || >=22"
+				"balanced-match": "^1.0.0"
 			}
 		},
 		"node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch": {
-			"version": "9.0.6",
-			"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.6.tgz",
-			"integrity": "sha512-kQAVowdR33euIqeA0+VZTDqU+qo1IeVY+hrKYtZMio3Pg0P0vuh/kwRylLUddJhB6pf3q/botcOvRtx4IN1wqQ==",
+			"version": "9.0.9",
+			"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz",
+			"integrity": "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==",
 			"dev": true,
 			"dependencies": {
-				"brace-expansion": "^5.0.2"
+				"brace-expansion": "^2.0.2"
 			},
 			"engines": {
 				"node": ">=16 || 14 >=14.17"
@@ -1428,9 +1416,9 @@
 			}
 		},
 		"node_modules/eslint-plugin-unicorn/node_modules/minimatch": {
-			"version": "3.1.3",
-			"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.3.tgz",
-			"integrity": "sha512-M2GCs7Vk83NxkUyQV1bkABc4yxgz9kILhHImZiBPAZ9ybuvCb0/H7lEl5XvIg3g+9d4eNotkZA5IWwYl0tibaA==",
+			"version": "3.1.5",
+			"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+			"integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
 			"dev": true,
 			"dependencies": {
 				"brace-expansion": "^1.1.7"
@@ -1566,9 +1554,9 @@
 			}
 		},
 		"node_modules/eslint/node_modules/minimatch": {
-			"version": "3.1.3",
-			"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.3.tgz",
-			"integrity": "sha512-M2GCs7Vk83NxkUyQV1bkABc4yxgz9kILhHImZiBPAZ9ybuvCb0/H7lEl5XvIg3g+9d4eNotkZA5IWwYl0tibaA==",
+			"version": "3.1.5",
+			"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+			"integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
 			"dev": true,
 			"dependencies": {
 				"brace-expansion": "^1.1.7"
@@ -1804,9 +1792,9 @@
 			}
 		},
 		"node_modules/flatted": {
-			"version": "3.3.3",
-			"resolved": "https://registry.npmjs.org/flatted/-/flatted-3.3.3.tgz",
-			"integrity": "sha512-GX+ysw4PBCz0PzosHDepZGANEuFCMLrnRTiEy9McGjmkCQYwRq4A/X786G/fjM/+OjsWSU1ZrY5qyARZmO/uwg==",
+			"version": "3.4.1",
+			"resolved": "https://registry.npmjs.org/flatted/-/flatted-3.4.1.tgz",
+			"integrity": "sha512-IxfVbRFVlV8V/yRaGzk0UVIcsKKHMSfYw66T/u4nTwlWteQePsxe//LjudR1AMX4tZW3WFCh3Zqa/sjlqpbURQ==",
 			"dev": true
 		},
 		"node_modules/for-in": {
@@ -3934,9 +3922,9 @@
 					}
 				},
 				"minimatch": {
-					"version": "3.1.3",
-					"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.3.tgz",
-					"integrity": "sha512-M2GCs7Vk83NxkUyQV1bkABc4yxgz9kILhHImZiBPAZ9ybuvCb0/H7lEl5XvIg3g+9d4eNotkZA5IWwYl0tibaA==",
+					"version": "3.1.5",
+					"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+					"integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
 					"dev": true,
 					"requires": {
 						"brace-expansion": "^1.1.7"
@@ -4090,28 +4078,22 @@
 				"ts-api-utils": "^2.4.0"
 			},
 			"dependencies": {
-				"balanced-match": {
-					"version": "4.0.4",
-					"resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-4.0.4.tgz",
-					"integrity": "sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA==",
-					"dev": true
-				},
 				"brace-expansion": {
-					"version": "5.0.3",
-					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.3.tgz",
-					"integrity": "sha512-fy6KJm2RawA5RcHkLa1z/ScpBeA762UF9KmZQxwIbDtRJrgLzM10depAiEQ+CXYcoiqW1/m96OAAoke2nE9EeA==",
+					"version": "2.0.2",
+					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+					"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
 					"dev": true,
 					"requires": {
-						"balanced-match": "^4.0.2"
+						"balanced-match": "^1.0.0"
 					}
 				},
 				"minimatch": {
-					"version": "9.0.6",
-					"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.6.tgz",
-					"integrity": "sha512-kQAVowdR33euIqeA0+VZTDqU+qo1IeVY+hrKYtZMio3Pg0P0vuh/kwRylLUddJhB6pf3q/botcOvRtx4IN1wqQ==",
+					"version": "9.0.9",
+					"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz",
+					"integrity": "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==",
 					"dev": true,
 					"requires": {
-						"brace-expansion": "^5.0.2"
+						"brace-expansion": "^2.0.2"
 					}
 				}
 			}
@@ -4543,9 +4525,9 @@
 					}
 				},
 				"minimatch": {
-					"version": "3.1.3",
-					"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.3.tgz",
-					"integrity": "sha512-M2GCs7Vk83NxkUyQV1bkABc4yxgz9kILhHImZiBPAZ9ybuvCb0/H7lEl5XvIg3g+9d4eNotkZA5IWwYl0tibaA==",
+					"version": "3.1.5",
+					"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+					"integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
 					"dev": true,
 					"requires": {
 						"brace-expansion": "^1.1.7"
@@ -4800,9 +4782,9 @@
 					}
 				},
 				"minimatch": {
-					"version": "3.1.3",
-					"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.3.tgz",
-					"integrity": "sha512-M2GCs7Vk83NxkUyQV1bkABc4yxgz9kILhHImZiBPAZ9ybuvCb0/H7lEl5XvIg3g+9d4eNotkZA5IWwYl0tibaA==",
+					"version": "3.1.5",
+					"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+					"integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
 					"dev": true,
 					"requires": {
 						"brace-expansion": "^1.1.7"
@@ -5050,9 +5032,9 @@
 			}
 		},
 		"flatted": {
-			"version": "3.3.3",
-			"resolved": "https://registry.npmjs.org/flatted/-/flatted-3.3.3.tgz",
-			"integrity": "sha512-GX+ysw4PBCz0PzosHDepZGANEuFCMLrnRTiEy9McGjmkCQYwRq4A/X786G/fjM/+OjsWSU1ZrY5qyARZmO/uwg==",
+			"version": "3.4.1",
+			"resolved": "https://registry.npmjs.org/flatted/-/flatted-3.4.1.tgz",
+			"integrity": "sha512-IxfVbRFVlV8V/yRaGzk0UVIcsKKHMSfYw66T/u4nTwlWteQePsxe//LjudR1AMX4tZW3WFCh3Zqa/sjlqpbURQ==",
 			"dev": true
 		},
 		"for-in": {
-- 
2.47.3


--- end ---
Source code is licensed under the AGPL.