Closes #21571: Bump minimatch and markdown-it to resolve security alerts (#21573)

Add yarn resolutions to force patched versions of two transitive dependencies flagged by dependabot: - minimatch 3.1.2 → 3.1.5 (GHSA-7r86-cg39-jmmj, high severity ReDoS) - markdown-it 14.1.0 → 14.1.1 (CVE-2026-2327, medium severity ReDoS)
2026-04-06 00:32:08 +02:00 · 2026-03-04 09:08:02 -06:00
parent e4f7f080b3
commit a1d82e45a0
2 changed files with 9 additions and 13 deletions
--- a/netbox/project-static/package.json
+++ b/netbox/project-static/package.json
@@ -57,7 +57,10 @@
    "typescript": "^5.9.3"
  },
  "resolutions": {
-    "@types/bootstrap/**/@popperjs/core": "^2.11.6"
+    "@types/bootstrap/**/@popperjs/core": "^2.11.6",
+    "eslint/**/minimatch": "^3.1.3",
+    "eslint-plugin-import/**/minimatch": "^3.1.3",
+    "**/markdown-it": "^14.1.1"
  },
  "packageManager": "yarn@1.22.22+sha512.a6b2f7906b721bba3d67d4aff083df04dad64c399707841b7acf00f6b133b7ac24255f2652fa22ae3534329dc6180534e98d17432037ff6fd140556e2bb3137e"
 }
--- a/netbox/project-static/yarn.lock
+++ b/netbox/project-static/yarn.lock
@@ -2779,10 +2779,10 @@ loose-envify@^1.1.0:
  dependencies:
    js-tokens "^3.0.0 || ^4.0.0"

-markdown-it@^14.1.0:
-  version "14.1.0"
-  resolved "https://registry.npmjs.org/markdown-it/-/markdown-it-14.1.0.tgz"
-  integrity sha512-a54IwgWPaeBCAAsv13YgmALOF1elABB08FxO9i+r4VFk5Vl4pKokRPeX8u5TCgSsPi6ec1otfLjdOpVcgbpshg==
+markdown-it@^14.1.0, markdown-it@^14.1.1:
+  version "14.1.1"
+  resolved "https://registry.yarnpkg.com/markdown-it/-/markdown-it-14.1.1.tgz#856f90b66fc39ae70affd25c1b18b581d7deee1f"
+  integrity sha512-BuU2qnTti9YKgK5N+IeMubp14ZUKUUw7yeJbkjtosvHiP0AZ5c8IAgEMk79D0eC8F23r4Ac/q8cAIFdm2FtyoA==
  dependencies:
    argparse "^2.0.1"
    entities "^4.4.0"
@@ -2821,14 +2821,7 @@ minimatch@^10.2.2:
  dependencies:
    brace-expansion "^5.0.2"

-minimatch@^3.1.2:
-  version "3.1.2"
-  resolved "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz"
-  integrity sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==
-  dependencies:
-    brace-expansion "^1.1.7"
-
-minimatch@^3.1.3:
+minimatch@^3.1.2, minimatch@^3.1.3:
  version "3.1.5"
  resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-3.1.5.tgz#580c88f8d5445f2bd6aa8f3cadefa0de79fbd69e"
  integrity sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==