Skip to content

Comments

[GHSA-3ppc-4f35-3m26] minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern#7021

Closed
robinbisping wants to merge 1 commit intorobinbisping/advisory-improvement-7021from
robinbisping-GHSA-3ppc-4f35-3m26
Closed

[GHSA-3ppc-4f35-3m26] minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern#7021
robinbisping wants to merge 1 commit intorobinbisping/advisory-improvement-7021from
robinbisping-GHSA-3ppc-4f35-3m26

Conversation

@robinbisping
Copy link

@robinbisping robinbisping commented Feb 23, 2026

Updates

  • Affected products

Comments
The developer has also backported the fix to previous major versions. See: GHSA-3ppc-4f35-3m26

@github
Copy link
Collaborator

github commented Feb 23, 2026

Hi there @isaacs! A community member has suggested an improvement to your security advisory. If approved, this change will affect the global advisory listed at github.com/advisories. It will not affect the version listed in your project repository.

This change will be reviewed by our Security Curation Team. If you have thoughts or feedback, please share them in a comment here! If this PR has already been closed, you can start a new community contribution for this advisory

Copilot AI review requested due to automatic review settings February 23, 2026 13:40
@github-actions github-actions bot changed the base branch from main to robinbisping/advisory-improvement-7021 February 23, 2026 13:41
Copilot AI reviewed Feb 23, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the GHSA advisory record for minimatch to reflect additional fixed versions across multiple major release lines, aligning the advisory’s affected ranges with the upstream backports mentioned in the GHSA.

Changes:

  • Narrowed the v10 affected range to start at 10.0.0 (instead of 0) and kept the fix at 10.2.1.
  • Added explicit affected ranges for minimatch v4–v9 with their corresponding patched versions.
  • Updated the advisory modified timestamp.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@robinbisping robinbisping mentioned this pull request Feb 23, 2026
Closed
@timbru31
Copy link

timbru31 commented Feb 23, 2026

Duplicate of #7002 (nope there is no way to see the list of open PRs when suggesting an improvement...)

@github-actions github-actions bot deleted the robinbisping-GHSA-3ppc-4f35-3m26 branch February 23, 2026 16:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@robinbisping @github @timbru31