From c4073e1bae0765605444f94ad6d72d9dfa8de48b Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 31 Mar 2026 06:13:49 +0000 Subject: [PATCH] fix: upgrade picomatch to 4.0.4 via yarn resolutions to fix CVE-2026-33672 Co-authored-by: GitHub Copilot Agent-Logs-Url: https://github.com/Staffbase/create-staffbase-plugin-nodejs/sessions/a0f17a4c-c326-4d0c-af1a-d70202b7b225 Co-authored-by: maximizeIT <8626039+maximizeIT@users.noreply.github.com> --- package.json | 3 ++- yarn.lock | 13 ++++--------- 2 files changed, 6 insertions(+), 10 deletions(-) diff --git a/package.json b/package.json index fb59a64..691e36d 100644 --- a/package.json +++ b/package.json @@ -23,7 +23,8 @@ "lodash": "4.17.23", "minimatch": "3.1.5", "glob/minimatch": "9.0.9", - "@typescript-eslint/typescript-estree/minimatch": "10.2.4" + "@typescript-eslint/typescript-estree/minimatch": "10.2.4", + "picomatch": "4.0.4" }, "dependencies": { "colors": "^1.4.0", diff --git a/yarn.lock b/yarn.lock index 6ce2be2..998a334 100644 --- a/yarn.lock +++ b/yarn.lock @@ -3440,15 +3440,10 @@ picocolors@^1.1.1: resolved "https://registry.yarnpkg.com/picocolors/-/picocolors-1.1.1.tgz#3d321af3eab939b083c8f929a1d12cda81c26b6b" integrity sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA== -picomatch@^2.0.4: - version "2.3.1" - resolved "https://registry.yarnpkg.com/picomatch/-/picomatch-2.3.1.tgz#3ba3833733646d9d3e4995946c1365a67fb07a42" - integrity sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA== - -picomatch@^4.0.3: - version "4.0.3" - resolved "https://registry.yarnpkg.com/picomatch/-/picomatch-4.0.3.tgz#796c76136d1eead715db1e7bad785dedd695a042" - integrity sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q== +picomatch@4.0.4, picomatch@^2.0.4, picomatch@^4.0.3: + version "4.0.4" + resolved "https://registry.yarnpkg.com/picomatch/-/picomatch-4.0.4.tgz#fd6f5e00a143086e074dffe4c924b8fb293b0589" + integrity sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A== pirates@^4.0.7: version "4.0.7"