From db48dc3bb9d8b7b23df2d9e139c9dc91bb1b208f Mon Sep 17 00:00:00 2001 From: Mikhail Preyskurantov <5574159+mpreyskurantov@users.noreply.github.com> Date: Fri, 6 Feb 2026 15:45:13 +0200 Subject: [PATCH 1/2] override @isaacs/brace-expansion transitive dep --- package.json | 1 + packages/sbom/package.json | 1 + packages/sbom/pnpm-lock.yaml | 10 ++++++---- pnpm-lock.yaml | 9 +++++---- 4 files changed, 13 insertions(+), 8 deletions(-) diff --git a/package.json b/package.json index e0d63b928dd9..cd7761aeee77 100644 --- a/package.json +++ b/package.json @@ -63,6 +63,7 @@ "pnpm": { "overrides": { "@devexpress/callsite-record@^4.1.6": "4.1.7", + "@isaacs/brace-expansion@<=5.0.0": ">=5.0.1", "form-data@<2.5.4": "2.5.5", "form-data@>=4.0.0 <4.0.4": "^4.0.5", "pbkdf2@<=3.1.2": "^3.1.3", diff --git a/packages/sbom/package.json b/packages/sbom/package.json index 0c13eb695462..454e1b37d2fa 100644 --- a/packages/sbom/package.json +++ b/packages/sbom/package.json @@ -8,6 +8,7 @@ "packageManager": "pnpm@9.15.9", "pnpm": { "overrides": { + "@isaacs/brace-expansion@<=5.0.0": ">=5.0.1", "body-parser@>=2.2.0 <2.2.1": ">=2.2.1", "jws@=4.0.0": ">=4.0.1", "qs": ">=6.14.1" diff --git a/packages/sbom/pnpm-lock.yaml b/packages/sbom/pnpm-lock.yaml index 1511e15e81d4..9e1a1785173e 100644 --- a/packages/sbom/pnpm-lock.yaml +++ b/packages/sbom/pnpm-lock.yaml @@ -5,6 +5,7 @@ settings: excludeLinksFromLockfile: false overrides: + '@isaacs/brace-expansion@<=5.0.0': '>=5.0.1' body-parser@>=2.2.0 <2.2.1: '>=2.2.1' jws@=4.0.0: '>=4.0.1' qs: '>=6.14.1' @@ -153,8 +154,8 @@ packages: resolution: {integrity: sha512-yzMTt9lEb8Gv7zRioUilSglI0c0smZ9k5D65677DLWLtWJaXIS3CqcGyUFByYKlnUj6TkjLVs54fBl6+TiGQDQ==} engines: {node: 20 || >=22} - '@isaacs/brace-expansion@5.0.0': - resolution: {integrity: sha512-ZT55BDLV0yv0RBm2czMiZ+SqCGO7AvmOM3G/w2xhVPH+te0aKgFjmBvGlL1dH+ql2tgGO3MVrbb3jCKyvpgnxA==} + '@isaacs/brace-expansion@5.0.1': + resolution: {integrity: sha512-WMz71T1JS624nWj2n2fnYAuPovhv7EUhk69R6i9dsVyzxt5eM3bjwvgk9L+APE1TRscGysAVMANkB0jh0LQZrQ==} engines: {node: 20 || >=22} '@isaacs/cliui@8.0.2': @@ -633,6 +634,7 @@ packages: glob@10.5.0: resolution: {integrity: sha512-DfXN8DfhJ7NH3Oe7cFmu3NCu1wKbkReJ8TorzSAFbSKrlNaQSKfIzqYqVY8zlbs2NLBbWpRiU52GX2PbaBVNkg==} + deprecated: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me hasBin: true glob@13.0.0: @@ -1687,7 +1689,7 @@ snapshots: '@isaacs/balanced-match@4.0.1': {} - '@isaacs/brace-expansion@5.0.0': + '@isaacs/brace-expansion@5.0.1': dependencies: '@isaacs/balanced-match': 4.0.1 @@ -2490,7 +2492,7 @@ snapshots: minimatch@10.1.1: dependencies: - '@isaacs/brace-expansion': 5.0.0 + '@isaacs/brace-expansion': 5.0.1 minimatch@9.0.5: dependencies: diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 24534b01267d..cc298558e9e0 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -162,6 +162,7 @@ catalogs: overrides: '@devexpress/callsite-record@^4.1.6': 4.1.7 + '@isaacs/brace-expansion@<=5.0.0': '>=5.0.1' form-data@<2.5.4: 2.5.5 form-data@>=4.0.0 <4.0.4: ^4.0.5 pbkdf2@<=3.1.2: ^3.1.3 @@ -4879,8 +4880,8 @@ packages: resolution: {integrity: sha512-yzMTt9lEb8Gv7zRioUilSglI0c0smZ9k5D65677DLWLtWJaXIS3CqcGyUFByYKlnUj6TkjLVs54fBl6+TiGQDQ==} engines: {node: 20 || >=22} - '@isaacs/brace-expansion@5.0.0': - resolution: {integrity: sha512-ZT55BDLV0yv0RBm2czMiZ+SqCGO7AvmOM3G/w2xhVPH+te0aKgFjmBvGlL1dH+ql2tgGO3MVrbb3jCKyvpgnxA==} + '@isaacs/brace-expansion@5.0.1': + resolution: {integrity: sha512-WMz71T1JS624nWj2n2fnYAuPovhv7EUhk69R6i9dsVyzxt5eM3bjwvgk9L+APE1TRscGysAVMANkB0jh0LQZrQ==} engines: {node: 20 || >=22} '@isaacs/cliui@8.0.2': @@ -23200,7 +23201,7 @@ snapshots: '@isaacs/balanced-match@4.0.1': {} - '@isaacs/brace-expansion@5.0.0': + '@isaacs/brace-expansion@5.0.1': dependencies: '@isaacs/balanced-match': 4.0.1 @@ -36057,7 +36058,7 @@ snapshots: minimatch@10.1.1: dependencies: - '@isaacs/brace-expansion': 5.0.0 + '@isaacs/brace-expansion': 5.0.1 minimatch@3.1.2: dependencies: From 8d2a4c5d0176fb03c04a88b324347b645cef0a04 Mon Sep 17 00:00:00 2001 From: Mikhail Preyskurantov <5574159+mpreyskurantov@users.noreply.github.com> Date: Fri, 6 Feb 2026 17:00:39 +0200 Subject: [PATCH 2/2] pin range: major / caret --- package.json | 2 +- packages/sbom/package.json | 2 +- packages/sbom/pnpm-lock.yaml | 2 +- pnpm-lock.yaml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/package.json b/package.json index cd7761aeee77..46fc646a3f20 100644 --- a/package.json +++ b/package.json @@ -63,7 +63,7 @@ "pnpm": { "overrides": { "@devexpress/callsite-record@^4.1.6": "4.1.7", - "@isaacs/brace-expansion@<=5.0.0": ">=5.0.1", + "@isaacs/brace-expansion@<=5.0.0": "^5.0.1", "form-data@<2.5.4": "2.5.5", "form-data@>=4.0.0 <4.0.4": "^4.0.5", "pbkdf2@<=3.1.2": "^3.1.3", diff --git a/packages/sbom/package.json b/packages/sbom/package.json index 454e1b37d2fa..d7b093a5da5d 100644 --- a/packages/sbom/package.json +++ b/packages/sbom/package.json @@ -8,7 +8,7 @@ "packageManager": "pnpm@9.15.9", "pnpm": { "overrides": { - "@isaacs/brace-expansion@<=5.0.0": ">=5.0.1", + "@isaacs/brace-expansion@<=5.0.0": "^5.0.1", "body-parser@>=2.2.0 <2.2.1": ">=2.2.1", "jws@=4.0.0": ">=4.0.1", "qs": ">=6.14.1" diff --git a/packages/sbom/pnpm-lock.yaml b/packages/sbom/pnpm-lock.yaml index 9e1a1785173e..7063635389ce 100644 --- a/packages/sbom/pnpm-lock.yaml +++ b/packages/sbom/pnpm-lock.yaml @@ -5,7 +5,7 @@ settings: excludeLinksFromLockfile: false overrides: - '@isaacs/brace-expansion@<=5.0.0': '>=5.0.1' + '@isaacs/brace-expansion@<=5.0.0': ^5.0.1 body-parser@>=2.2.0 <2.2.1: '>=2.2.1' jws@=4.0.0: '>=4.0.1' qs: '>=6.14.1' diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index cc298558e9e0..2bb6ea8e7ed2 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -162,7 +162,7 @@ catalogs: overrides: '@devexpress/callsite-record@^4.1.6': 4.1.7 - '@isaacs/brace-expansion@<=5.0.0': '>=5.0.1' + '@isaacs/brace-expansion@<=5.0.0': ^5.0.1 form-data@<2.5.4: 2.5.5 form-data@>=4.0.0 <4.0.4: ^4.0.5 pbkdf2@<=3.1.2: ^3.1.3