Skip to content

fix: resolve critical vulnerability in @isaacs/brace-expansion #1010

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
timowestnosto merged 2 commits into from
Feb 4, 2026
Merged

fix: resolve critical vulnerability in @isaacs/brace-expansion #1010

timowestnosto merged 2 commits into from
Feb 4, 2026
+34 −14

Conversation

Copy link
Contributor

Copilot AI commented Feb 4, 2026
edited
Loading

Context

Critical vulnerability (GHSA-7h2j-956f-4vf2) in transitive dependency @isaacs/brace-expansion@5.0.0 causing uncontrolled resource consumption. Updated to patched version 5.0.1 via npm audit fix.

Dependency chain: @storybook/react-vite@joshwooding/vite-plugin-react-docgen-typescriptglobminimatch@isaacs/brace-expansion

Related Jira ticket

N/A

Screenshots

N/A

Original prompt

This section details on the original issue you should resolve

<issue_title>fix: fix vulnerability regarding isaacs/brace-expansion 5.0.0</issue_title>
<issue_description>audit report

@isaacs/brace-expansion  5.0.0
Severity: critical
@isaacs/brace-expansion has Uncontrolled Resource Consumption - https://github.com/advisories/GHSA-7h2j-956f-4vf2
fix available via `npm audit fix`
node_modules/@isaacs/brace-expansion
```</issue_description>

## Comments on the Issue (you are @copilot in this section)

<comments>
</comments>

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

@timowestnosto
fix: update @isaacs/brace-expansion from 5.0.0 to 5.0.1
c7ebe0c 
Co-authored-by: timowestnosto <13622115+timowestnosto@users.noreply.github.com>
@timowestnosto timowestnosto marked this pull request as ready for review February 4, 2026 07:17
Copilot AI review requested due to automatic review settings February 4, 2026 07:17
Copilot AI reviewed Feb 4, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot wasn't able to review any files in this pull request.

Copilot AI changed the title [WIP] Fix vulnerability regarding isaacs/brace-expansion 5.0.0 fix: resolve critical vulnerability in @isaacs/brace-expansion Feb 4, 2026
Copilot AI requested a review from timowestnosto February 4, 2026 07:18
@timowestnosto timowestnosto merged commit 2f12f73 into main Feb 4, 2026
3 checks passed
@nosto-release-public
Copy link

nosto-release-public bot commented Feb 4, 2026

🎉 This PR is included in version 10.18.9 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@nosto-mikpou nosto-mikpou nosto-mikpou approved these changes

@timowestnosto timowestnosto Awaiting requested review from timowestnosto

Assignees

@timowestnosto timowestnosto

Copilot code review Copilot

Labels

released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

fix: fix vulnerability regarding isaacs/brace-expansion 5.0.0

3 participants

@nosto-mikpou @timowestnosto