From fcbfea8f42e64768340e4adf047d90561644ab25 Mon Sep 17 00:00:00 2001
From: ParakhJaggi <parakhjaggi@gmail.com>
Date: Mon, 2 Mar 2026 10:06:09 -0500
Subject: [PATCH 1/2] fix: update minimatch to 3.1.5 to resolve security
 vulnerabilities

Bumps minimatch from 3.1.2 to 3.1.5, the latest patch in the 3.x line.
This resolves the following CVEs:
- GHSA-3ppc-4f35-3m26 (ReDoS via repeated wildcards, high severity)
- GHSA-7r86-cg39-jmmj (ReDoS via multiple non-adjacent GLOBSTAR segments, high severity)
- GHSA-23c5-xmqv-rm74 (ReDoS via nested *() extglobs, high severity)

Fixes #206
---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 98876c2..9039f78 100644
--- a/package.json
+++ b/package.json
@@ -66,7 +66,7 @@
     "content-disposition": "0.5.2",
     "fast-url-parser": "1.1.3",
     "mime-types": "2.1.18",
-    "minimatch": "3.1.2",
+    "minimatch": "3.1.5",
     "path-is-inside": "1.0.2",
     "path-to-regexp": "2.2.1",
     "range-parser": "1.2.0"

From 5d6f54bbe1020081cac89169ada56a70e47d6ee2 Mon Sep 17 00:00:00 2001
From: ParakhJaggi <parakhjaggi@gmail.com>
Date: Mon, 2 Mar 2026 15:27:01 -0500
Subject: [PATCH 2/2] chore: update yarn.lock for minimatch 3.1.5

---
 yarn.lock | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/yarn.lock b/yarn.lock
index 998afec..77e0899 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -2634,7 +2634,14 @@ mimic-response@^1.0.0, mimic-response@^1.0.1:
   resolved "https://registry.yarnpkg.com/mimic-response/-/mimic-response-1.0.1.tgz#4923538878eef42063cb8a3e3b0798781487ab1b"
   integrity sha512-j5EctnkH7amfV/q5Hgmoal1g2QHFJRraOtmx0JpIqkxhBhI/lJSl1nMpQ45hVarwNETOoWEimndZ4QK0RHxuxQ==
 
-minimatch@3.1.2, minimatch@^3.0.4:
+minimatch@3.1.5:
+  version "3.1.5"
+  resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-3.1.5.tgz#580c88f8d5445f2bd6aa8f3cadefa0de79fbd69e"
+  integrity sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==
+  dependencies:
+    brace-expansion "^1.1.7"
+
+minimatch@^3.0.4:
   version "3.1.2"
   resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-3.1.2.tgz#19cd194bfd3e428f049a70817c038d89ab4be35b"
   integrity sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==