diff --git a/apps/api-extractor/package.json b/apps/api-extractor/package.json index cfb1fe5c166..841655ca126 100644 --- a/apps/api-extractor/package.json +++ b/apps/api-extractor/package.json @@ -45,7 +45,7 @@ "@rushstack/terminal": "workspace:*", "@rushstack/ts-command-line": "workspace:*", "lodash": "~4.17.15", - "minimatch": "~3.0.3", + "minimatch": "10.0.3", "resolve": "~1.22.1", "semver": "~7.5.4", "source-map": "~0.6.1", @@ -54,7 +54,6 @@ "devDependencies": { "@rushstack/heft": "0.74.1", "@types/lodash": "4.14.116", - "@types/minimatch": "3.0.5", "@types/resolve": "1.20.2", "@types/semver": "7.5.0", "decoupled-local-node-rig": "workspace:*", diff --git a/apps/api-extractor/src/collector/Collector.ts b/apps/api-extractor/src/collector/Collector.ts index 2f006194e6b..8f6d74320ed 100644 --- a/apps/api-extractor/src/collector/Collector.ts +++ b/apps/api-extractor/src/collector/Collector.ts @@ -11,7 +11,7 @@ import { PackageName } from '@rushstack/node-core-library'; import { ReleaseTag } from '@microsoft/api-extractor-model'; -import minimatch from 'minimatch'; +import { minimatch } from 'minimatch'; import { ExtractorMessageId } from '../api/ExtractorMessageId'; diff --git a/common/changes/@microsoft/api-extractor/upgrade-minimatch-to-v10_2025-07-30-18-10.json b/common/changes/@microsoft/api-extractor/upgrade-minimatch-to-v10_2025-07-30-18-10.json new file mode 100644 index 00000000000..ccaff4932b5 --- /dev/null +++ b/common/changes/@microsoft/api-extractor/upgrade-minimatch-to-v10_2025-07-30-18-10.json @@ -0,0 +1,10 @@ +{ + "changes": [ + { + "packageName": "@microsoft/api-extractor", + "comment": "Upgrades the minimatch dependency from ~3.0.3 to 10.0.3 across the entire Rush monorepo to address a Regular Expression Denial of Service (ReDoS) vulnerability in the underlying brace-expansion dependency.", + "type": "patch" + } + ], + "packageName": "@microsoft/api-extractor" +} \ No newline at end of file diff --git a/common/changes/@rushstack/package-extractor/upgrade-minimatch-to-v10_2025-07-30-18-10.json b/common/changes/@rushstack/package-extractor/upgrade-minimatch-to-v10_2025-07-30-18-10.json new file mode 100644 index 00000000000..87c0ef43b66 --- /dev/null +++ b/common/changes/@rushstack/package-extractor/upgrade-minimatch-to-v10_2025-07-30-18-10.json @@ -0,0 +1,10 @@ +{ + "changes": [ + { + "packageName": "@rushstack/package-extractor", + "comment": "Upgrades the minimatch dependency from ~3.0.3 to 10.0.3 across the entire Rush monorepo to address a Regular Expression Denial of Service (ReDoS) vulnerability in the underlying brace-expansion dependency.", + "type": "patch" + } + ], + "packageName": "@rushstack/package-extractor" +} \ No newline at end of file diff --git a/common/changes/@rushstack/webpack4-localization-plugin/upgrade-minimatch-to-v10_2025-07-30-18-10.json b/common/changes/@rushstack/webpack4-localization-plugin/upgrade-minimatch-to-v10_2025-07-30-18-10.json new file mode 100644 index 00000000000..e80510463c2 --- /dev/null +++ b/common/changes/@rushstack/webpack4-localization-plugin/upgrade-minimatch-to-v10_2025-07-30-18-10.json @@ -0,0 +1,10 @@ +{ + "changes": [ + { + "packageName": "@rushstack/webpack4-localization-plugin", + "comment": "Upgrades the minimatch dependency from ~3.0.3 to 10.0.3 across the entire Rush monorepo to address a Regular Expression Denial of Service (ReDoS) vulnerability in the underlying brace-expansion dependency.", + "type": "patch" + } + ], + "packageName": "@rushstack/webpack4-localization-plugin" +} \ No newline at end of file diff --git a/common/config/subspaces/build-tests-subspace/pnpm-lock.yaml b/common/config/subspaces/build-tests-subspace/pnpm-lock.yaml index 60e913f8679..cae489e4238 100644 --- a/common/config/subspaces/build-tests-subspace/pnpm-lock.yaml +++ b/common/config/subspaces/build-tests-subspace/pnpm-lock.yaml @@ -559,6 +559,16 @@ packages: engines: {node: '>=18.18'} dev: true + /@isaacs/balanced-match@4.0.1: + resolution: {integrity: sha512-yzMTt9lEb8Gv7zRioUilSglI0c0smZ9k5D65677DLWLtWJaXIS3CqcGyUFByYKlnUj6TkjLVs54fBl6+TiGQDQ==} + engines: {node: 20 || >=22} + + /@isaacs/brace-expansion@5.0.0: + resolution: {integrity: sha512-ZT55BDLV0yv0RBm2czMiZ+SqCGO7AvmOM3G/w2xhVPH+te0aKgFjmBvGlL1dH+ql2tgGO3MVrbb3jCKyvpgnxA==} + engines: {node: 20 || >=22} + dependencies: + '@isaacs/balanced-match': 4.0.1 + /@istanbuljs/load-nyc-config@1.1.0: resolution: {integrity: sha512-VjeHSlIzpv/NyD3N0YuHfXOPDIixcA1q2ZV98wsMqcYlPmv2n3Yb2lYP9XMElnaFVXg5A7YLTeLu6V84uQDjmQ==} engines: {node: '>=8'} @@ -4763,10 +4773,11 @@ packages: resolution: {integrity: sha512-I9jwMn07Sy/IwOj3zVkVik2JTvgpaykDZEigL6Rx6N9LbMywwUSMtxET+7lVoDLLd3O3IXwJwvuuns8UB/HeAg==} engines: {node: '>=4'} - /minimatch@3.0.8: - resolution: {integrity: sha512-6FsRAQsxQ61mw+qP1ZzbL9Bc78x2p5OqNgNpnoAFLTrX8n5Kxph0CsnhmKKNXTWjXqU5L0pGPR7hYk+XWZr60Q==} + /minimatch@10.0.3: + resolution: {integrity: sha512-IPZ167aShDZZUMdRk66cyQAW3qr0WzbHkPdMYa8bzZhlHhO3jALbKdxcaak7W9FfT2rZNpQuUu4Od7ILEpXSaw==} + engines: {node: 20 || >=22} dependencies: - brace-expansion: 1.1.11 + '@isaacs/brace-expansion': 5.0.0 /minimatch@3.1.2: resolution: {integrity: sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==} @@ -6629,7 +6640,7 @@ packages: '@rushstack/terminal': file:../../../libraries/terminal(@types/node@20.17.19) '@rushstack/ts-command-line': file:../../../libraries/ts-command-line(@types/node@20.17.19) lodash: 4.17.21 - minimatch: 3.0.8 + minimatch: 10.0.3 resolve: 1.22.8 semver: 7.5.4 source-map: 0.6.1 @@ -7005,7 +7016,7 @@ packages: '@rushstack/ts-command-line': file:../../../libraries/ts-command-line(@types/node@20.17.19) ignore: 5.1.9 jszip: 3.8.0 - minimatch: 3.0.8 + minimatch: 10.0.3 npm-packlist: 2.1.5 semver: 7.5.4 transitivePeerDependencies: diff --git a/common/config/subspaces/build-tests-subspace/repo-state.json b/common/config/subspaces/build-tests-subspace/repo-state.json index a2028f5c44c..08dd2f9028c 100644 --- a/common/config/subspaces/build-tests-subspace/repo-state.json +++ b/common/config/subspaces/build-tests-subspace/repo-state.json @@ -1,6 +1,6 @@ // DO NOT MODIFY THIS FILE MANUALLY BUT DO COMMIT IT. It is generated and used by Rush. { - "pnpmShrinkwrapHash": "4bb96db65ecb99ad3935e230ad704251a845e134", + "pnpmShrinkwrapHash": "05243847c45ec913c83e0cb41b32a208240813a6", "preferredVersionsHash": "550b4cee0bef4e97db6c6aad726df5149d20e7d9", - "packageJsonInjectedDependenciesHash": "6988efb70a621746799ba9bb6049c05da8fa6752" + "packageJsonInjectedDependenciesHash": "d69fad25449ad576c80f4959f15d9b087083c579" } diff --git a/common/config/subspaces/default/common-versions.json b/common/config/subspaces/default/common-versions.json index 9822255f852..bdf76be499b 100644 --- a/common/config/subspaces/default/common-versions.json +++ b/common/config/subspaces/default/common-versions.json @@ -32,7 +32,10 @@ "typescript": "~5.8.2", // This should be the ESLint version that's used to build most of the projects in the repo. - "eslint": "~9.25.1" + "eslint": "~9.25.1", + + // Updated minimatch and its types to latest major version to resolve ReDoS vulnerability + "minimatch": "10.0.3" }, /** diff --git a/common/config/subspaces/default/pnpm-lock.yaml b/common/config/subspaces/default/pnpm-lock.yaml index 44e89ad3432..9617e9ff750 100644 --- a/common/config/subspaces/default/pnpm-lock.yaml +++ b/common/config/subspaces/default/pnpm-lock.yaml @@ -80,8 +80,8 @@ importers: specifier: ~4.17.15 version: 4.17.21 minimatch: - specifier: ~3.0.3 - version: 3.0.8 + specifier: 10.0.3 + version: 10.0.3 resolve: specifier: ~1.22.1 version: 1.22.8 @@ -101,9 +101,6 @@ importers: '@types/lodash': specifier: 4.14.116 version: 4.14.116 - '@types/minimatch': - specifier: 3.0.5 - version: 3.0.5 '@types/resolve': specifier: 1.20.2 version: 1.20.2 @@ -3487,8 +3484,8 @@ importers: specifier: ~3.8.0 version: 3.8.0 minimatch: - specifier: ~3.0.3 - version: 3.0.8 + specifier: 10.0.3 + version: 10.0.3 npm-packlist: specifier: ~2.1.2 version: 2.1.5 @@ -3508,9 +3505,6 @@ importers: '@types/glob': specifier: 7.1.1 version: 7.1.1 - '@types/minimatch': - specifier: 3.0.5 - version: 3.0.5 '@types/npm-packlist': specifier: ~1.1.1 version: 1.1.2 @@ -4625,6 +4619,40 @@ importers: specifier: workspace:* version: link:../../rigs/local-node-rig + ../../../vscode-extensions/debug-certificate-manager-vscode-extension: + dependencies: + '@rushstack/debug-certificate-manager': + specifier: workspace:* + version: link:../../libraries/debug-certificate-manager + '@rushstack/node-core-library': + specifier: workspace:* + version: link:../../libraries/node-core-library + '@rushstack/terminal': + specifier: workspace:* + version: link:../../libraries/terminal + '@rushstack/vscode-shared': + specifier: workspace:* + version: link:../vscode-shared + tslib: + specifier: ~2.3.1 + version: 2.3.1 + devDependencies: + '@rushstack/heft': + specifier: workspace:* + version: link:../../apps/heft + '@rushstack/heft-vscode-extension-rig': + specifier: workspace:* + version: link:../../rigs/heft-vscode-extension-rig + '@types/node': + specifier: 20.17.19 + version: 20.17.19 + '@types/vscode': + specifier: ^1.63.0 + version: 1.87.0 + '@types/webpack-env': + specifier: 1.18.8 + version: 1.18.8 + ../../../vscode-extensions/rush-vscode-command-webview: dependencies: '@fluentui/react': @@ -4744,40 +4772,6 @@ importers: specifier: ^10.1.0 version: 10.4.0 - ../../../vscode-extensions/debug-certificate-manager-vscode-extension: - dependencies: - '@rushstack/debug-certificate-manager': - specifier: workspace:* - version: link:../../libraries/debug-certificate-manager - '@rushstack/node-core-library': - specifier: workspace:* - version: link:../../libraries/node-core-library - '@rushstack/terminal': - specifier: workspace:* - version: link:../../libraries/terminal - '@rushstack/vscode-shared': - specifier: workspace:* - version: link:../vscode-shared - tslib: - specifier: ~2.3.1 - version: 2.3.1 - devDependencies: - '@rushstack/heft': - specifier: workspace:* - version: link:../../apps/heft - '@rushstack/heft-vscode-extension-rig': - specifier: workspace:* - version: link:../../rigs/heft-vscode-extension-rig - '@types/node': - specifier: 20.17.19 - version: 20.17.19 - '@types/vscode': - specifier: ^1.63.0 - version: 1.87.0 - '@types/webpack-env': - specifier: 1.18.8 - version: 1.18.8 - ../../../vscode-extensions/vscode-shared: dependencies: '@rushstack/node-core-library': @@ -5024,8 +5018,8 @@ importers: specifier: 1.4.2 version: 1.4.2 minimatch: - specifier: ~3.0.3 - version: 3.0.8 + specifier: 10.0.3 + version: 10.0.3 devDependencies: '@rushstack/heft': specifier: workspace:* @@ -5036,9 +5030,6 @@ importers: '@types/loader-utils': specifier: 1.1.3 version: 1.1.3 - '@types/minimatch': - specifier: 3.0.5 - version: 3.0.5 '@types/node': specifier: 20.17.19 version: 20.17.19 @@ -8028,7 +8019,7 @@ packages: import-fresh: 3.3.0 js-yaml: 3.13.1 lodash: 4.17.21 - minimatch: 3.0.8 + minimatch: 3.1.2 strip-json-comments: 3.1.1 transitivePeerDependencies: - supports-color @@ -8045,7 +8036,7 @@ packages: ignore: 4.0.6 import-fresh: 3.3.0 js-yaml: 3.13.1 - minimatch: 3.0.8 + minimatch: 3.1.2 strip-json-comments: 3.1.1 transitivePeerDependencies: - supports-color @@ -9593,7 +9584,7 @@ packages: dependencies: '@humanwhocodes/object-schema': 1.2.1 debug: 4.4.0(supports-color@8.1.1) - minimatch: 3.0.8 + minimatch: 3.1.2 transitivePeerDependencies: - supports-color dev: true @@ -9605,7 +9596,7 @@ packages: dependencies: '@humanwhocodes/object-schema': 2.0.2 debug: 4.4.0(supports-color@8.1.1) - minimatch: 3.0.8 + minimatch: 3.1.2 transitivePeerDependencies: - supports-color dev: true @@ -9617,7 +9608,7 @@ packages: dependencies: '@humanwhocodes/object-schema': 1.2.1 debug: 4.4.0(supports-color@8.1.1) - minimatch: 3.0.8 + minimatch: 3.1.2 transitivePeerDependencies: - supports-color dev: true @@ -9629,7 +9620,7 @@ packages: dependencies: '@humanwhocodes/object-schema': 1.2.1 debug: 4.4.0(supports-color@8.1.1) - minimatch: 3.0.8 + minimatch: 3.1.2 transitivePeerDependencies: - supports-color dev: true @@ -9663,14 +9654,12 @@ packages: /@isaacs/balanced-match@4.0.1: resolution: {integrity: sha512-yzMTt9lEb8Gv7zRioUilSglI0c0smZ9k5D65677DLWLtWJaXIS3CqcGyUFByYKlnUj6TkjLVs54fBl6+TiGQDQ==} engines: {node: 20 || >=22} - dev: false /@isaacs/brace-expansion@5.0.0: resolution: {integrity: sha512-ZT55BDLV0yv0RBm2czMiZ+SqCGO7AvmOM3G/w2xhVPH+te0aKgFjmBvGlL1dH+ql2tgGO3MVrbb3jCKyvpgnxA==} engines: {node: 20 || >=22} dependencies: '@isaacs/balanced-match': 4.0.1 - dev: false /@isaacs/cliui@8.0.2: resolution: {integrity: sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA==} @@ -13771,7 +13760,7 @@ packages: resolution: {integrity: sha512-1Bh06cbWJUHMC97acuD6UMG29nMt0Aqz1vF3guLfG+kHHJhy3AyohZFFxYk2f7Q1SQIrNwvncxAE0N/9s70F2w==} dependencies: '@types/events': 3.0.3 - '@types/minimatch': 3.0.5 + '@types/minimatch': 6.0.0 '@types/node': 17.0.41 dev: true @@ -13931,6 +13920,14 @@ packages: /@types/minimatch@3.0.5: resolution: {integrity: sha512-Klz949h02Gz2uZCMGwDUSDS1YBlTdDDgbWHi+81l29tQALUtvz4rAYi5uoVhE5Lagoq6DeqAUlbrHvW/mXDgdQ==} + dev: false + + /@types/minimatch@6.0.0: + resolution: {integrity: sha512-zmPitbQ8+6zNutpwgcQuLcsEpn/Cj54Kbn7L5pX0Os5kdWplB7xPgEh/g+SWOB/qmows2gpuCaPyduq8ZZRnxA==} + deprecated: This is a stub types definition. minimatch provides its own type definitions, so you do not need this installed. + dependencies: + minimatch: 10.0.3 + dev: true /@types/minimist@1.2.5: resolution: {integrity: sha512-hov8bUuiLiyFPGyFPE1lwWhmzYbirOXQNNo40+y3zow8aFVTeyn3VWL0VFFfdNddA8S4Vf0Tc062rzyNr7Paag==} @@ -15043,7 +15040,7 @@ packages: leven: 3.1.0 markdown-it: 14.1.0 mime: 1.6.0 - minimatch: 3.0.8 + minimatch: 3.1.2 parse-semver: 1.1.1 read: 1.0.7 semver: 7.5.4 @@ -19605,7 +19602,7 @@ packages: json-stable-stringify-without-jsonify: 1.0.1 levn: 0.4.1 lodash: 4.17.21 - minimatch: 3.0.8 + minimatch: 3.1.2 natural-compare: 1.4.0 optionator: 0.9.3 progress: 2.0.3 @@ -19655,7 +19652,7 @@ packages: json-stable-stringify-without-jsonify: 1.0.1 levn: 0.4.1 lodash.merge: 4.6.2 - minimatch: 3.0.8 + minimatch: 3.1.2 natural-compare: 1.4.0 optionator: 0.9.3 progress: 2.0.3 @@ -19701,7 +19698,7 @@ packages: json-stable-stringify-without-jsonify: 1.0.1 levn: 0.4.1 lodash: 4.17.21 - minimatch: 3.0.8 + minimatch: 3.1.2 natural-compare: 1.4.0 optionator: 0.9.3 progress: 2.0.3 @@ -19845,7 +19842,7 @@ packages: json-stable-stringify-without-jsonify: 1.0.1 levn: 0.4.1 lodash.merge: 4.6.2 - minimatch: 3.0.8 + minimatch: 3.1.2 natural-compare: 1.4.0 optionator: 0.9.3 progress: 2.0.3 @@ -20634,7 +20631,7 @@ packages: '@babel/code-frame': 7.23.5 chalk: 2.4.2 micromatch: 3.1.10 - minimatch: 3.0.8 + minimatch: 3.1.2 semver: 5.7.2 tapable: 1.1.3 worker-rpc: 0.1.1 @@ -20664,7 +20661,7 @@ packages: fs-extra: 9.1.0 glob: 7.2.3 memfs: 3.4.3 - minimatch: 3.0.8 + minimatch: 3.1.2 schema-utils: 2.7.0 semver: 7.5.4 tapable: 1.1.3 @@ -21072,7 +21069,7 @@ packages: fs.realpath: 1.0.0 inflight: 1.0.6 inherits: 2.0.4 - minimatch: 3.0.8 + minimatch: 3.1.2 once: 1.4.0 path-is-absolute: 1.0.1 dev: true @@ -21808,7 +21805,7 @@ packages: /ignore-walk@3.0.4: resolution: {integrity: sha512-PY6Ii8o1jMRA1z4F2hRkH/xN59ox43DavKvD3oDpfurRlOJyAHpifIwpbdv1n4jt4ov0jSpw3kQ4GhJnpBL6WQ==} dependencies: - minimatch: 3.0.8 + minimatch: 3.1.2 dev: false /ignore@4.0.6: @@ -24339,12 +24336,12 @@ packages: engines: {node: 20 || >=22} dependencies: '@isaacs/brace-expansion': 5.0.0 - dev: false /minimatch@3.0.8: resolution: {integrity: sha512-6FsRAQsxQ61mw+qP1ZzbL9Bc78x2p5OqNgNpnoAFLTrX8n5Kxph0CsnhmKKNXTWjXqU5L0pGPR7hYk+XWZr60Q==} dependencies: brace-expansion: 1.1.11 + dev: false /minimatch@3.1.2: resolution: {integrity: sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==} @@ -24572,7 +24569,7 @@ packages: array-differ: 3.0.0 array-union: 2.1.0 arrify: 2.0.1 - minimatch: 3.0.8 + minimatch: 3.1.2 dev: false /mute-stream@0.0.8: @@ -24683,7 +24680,7 @@ packages: resolution: {integrity: sha512-tmPX422rYgofd4epzrNoOXiE8XFZYOcCq1vD7MAXCDO+O+zndlA2ztdKKMa+EeuBG5tHETpr4ml4RGgpqDCCAg==} engines: {node: '>= 0.10.5'} dependencies: - minimatch: 3.0.8 + minimatch: 3.1.2 dev: true /node-emoji@1.11.0: @@ -24832,7 +24829,7 @@ packages: is-ci: 2.0.0 lodash: 4.17.21 meow: 9.0.0 - minimatch: 3.0.8 + minimatch: 3.1.2 node-emoji: 1.11.0 ora: 5.4.1 package-json: 7.0.0 @@ -29010,7 +29007,7 @@ packages: dependencies: '@istanbuljs/schema': 0.1.3 glob: 7.2.3 - minimatch: 3.0.8 + minimatch: 3.1.2 /text-table@0.2.0: resolution: {integrity: sha512-N+8UisAXDGk8PFXP4HAzVR9nbfmVJ3zYLAWiTIoqC5v5isinhr+r5uaO8+7r3BMfuNIufIsA7RdpVgacC2cSpw==} @@ -29292,7 +29289,7 @@ packages: diff: 4.0.2 glob: 7.2.3 js-yaml: 3.13.1 - minimatch: 3.0.8 + minimatch: 3.1.2 mkdirp: 0.5.6 resolve: 1.22.8 semver: 5.7.2 @@ -29315,7 +29312,7 @@ packages: diff: 4.0.2 glob: 7.2.3 js-yaml: 3.13.1 - minimatch: 3.0.8 + minimatch: 3.1.2 mkdirp: 0.5.6 resolve: 1.22.8 semver: 5.7.2 @@ -29338,7 +29335,7 @@ packages: diff: 4.0.2 glob: 7.2.3 js-yaml: 3.13.1 - minimatch: 3.0.8 + minimatch: 3.1.2 mkdirp: 0.5.6 resolve: 1.22.8 semver: 5.7.2 @@ -29361,7 +29358,7 @@ packages: diff: 4.0.2 glob: 7.2.3 js-yaml: 3.13.1 - minimatch: 3.0.8 + minimatch: 3.1.2 mkdirp: 0.5.6 resolve: 1.22.8 semver: 5.7.2 diff --git a/common/config/subspaces/default/repo-state.json b/common/config/subspaces/default/repo-state.json index a37beb284e1..2a2b4c85472 100644 --- a/common/config/subspaces/default/repo-state.json +++ b/common/config/subspaces/default/repo-state.json @@ -1,5 +1,5 @@ // DO NOT MODIFY THIS FILE MANUALLY BUT DO COMMIT IT. It is generated and used by Rush. { - "pnpmShrinkwrapHash": "f6bf795f5f2473bc7e2559a2b38a80fec71aaa39", - "preferredVersionsHash": "550b4cee0bef4e97db6c6aad726df5149d20e7d9" + "pnpmShrinkwrapHash": "eee46b88b1983b92927ea82ac34e23f1f19dd7b1", + "preferredVersionsHash": "61cd419c533464b580f653eb5f5a7e27fe7055ca" } diff --git a/libraries/package-extractor/package.json b/libraries/package-extractor/package.json index 54819c5637b..663760b75d2 100644 --- a/libraries/package-extractor/package.json +++ b/libraries/package-extractor/package.json @@ -23,7 +23,7 @@ "@rushstack/ts-command-line": "workspace:*", "ignore": "~5.1.6", "jszip": "~3.8.0", - "minimatch": "~3.0.3", + "minimatch": "10.0.3", "npm-packlist": "~2.1.2", "semver": "~7.5.4" }, @@ -33,7 +33,6 @@ "@rushstack/heft": "workspace:*", "@rushstack/webpack-preserve-dynamic-require-plugin": "workspace:*", "@types/glob": "7.1.1", - "@types/minimatch": "3.0.5", "@types/npm-packlist": "~1.1.1", "eslint": "~9.25.1", "webpack": "~5.98.0", diff --git a/libraries/package-extractor/src/PackageExtractor.ts b/libraries/package-extractor/src/PackageExtractor.ts index e79ff048b8f..666c4515bfc 100644 --- a/libraries/package-extractor/src/PackageExtractor.ts +++ b/libraries/package-extractor/src/PackageExtractor.ts @@ -2,7 +2,7 @@ // See LICENSE in the project root for license information. import * as path from 'path'; -import { type IMinimatch, Minimatch } from 'minimatch'; +import { Minimatch } from 'minimatch'; import semver from 'semver'; import npmPacklist from 'npm-packlist'; import ignore, { type Ignore } from 'ignore'; @@ -723,8 +723,8 @@ export class PackageExtractor { patternsToInclude: string[] | undefined, patternsToExclude: string[] | undefined ): boolean => { - let includeFilters: IMinimatch[] | undefined; - let excludeFilters: IMinimatch[] | undefined; + let includeFilters: Minimatch[] | undefined; + let excludeFilters: Minimatch[] | undefined; if (patternsToInclude?.length) { includeFilters = patternsToInclude?.map((p) => new Minimatch(p, { dot: true })); } diff --git a/webpack/webpack4-localization-plugin/package.json b/webpack/webpack4-localization-plugin/package.json index f88881c77f5..ff15ec208fd 100644 --- a/webpack/webpack4-localization-plugin/package.json +++ b/webpack/webpack4-localization-plugin/package.json @@ -37,13 +37,12 @@ "@rushstack/terminal": "workspace:*", "@types/tapable": "1.0.6", "loader-utils": "1.4.2", - "minimatch": "~3.0.3" + "minimatch": "10.0.3" }, "devDependencies": { "@rushstack/heft": "workspace:*", "@rushstack/set-webpack-public-path-plugin": "^4.1.16", "@types/loader-utils": "1.1.3", - "@types/minimatch": "3.0.5", "@types/node": "20.17.19", "@types/webpack": "4.41.32", "eslint": "~9.25.1", diff --git a/webpack/webpack4-localization-plugin/src/WebpackConfigurationUpdater.ts b/webpack/webpack4-localization-plugin/src/WebpackConfigurationUpdater.ts index ef08062ece4..02f27a2546e 100644 --- a/webpack/webpack4-localization-plugin/src/WebpackConfigurationUpdater.ts +++ b/webpack/webpack4-localization-plugin/src/WebpackConfigurationUpdater.ts @@ -1,7 +1,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT license. // See LICENSE in the project root for license information. -import minimatch from 'minimatch'; +import { minimatch } from 'minimatch'; import * as path from 'path'; import type * as Webpack from 'webpack'; import type * as SetPublicPathPluginPackageType from '@rushstack/set-webpack-public-path-plugin';