9b3f0029a4
## Description Remediates high severity ReDoS vulnerability in minimatch (CVE-2026-27903) flagged by Vanta/Dependabot. minimatch is a transitive dev-only dependency (via eslint and tailwindcss build tooling) — not shipped to production. Added pnpm overrides to force patched versions: - minimatch@<4 → 3.1.5 - minimatch@>=9.0.0 <9.0.7 → 9.0.9 Closes: https://linear.app/chatwoot/issue/CW-6595/vanta-remediate-high-vulnerabilities-identified-in-packages-are ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) ## How Has This Been Tested? - No production impact — minimatch is only used in dev tooling, not at runtime - pnpm install completes successfully ## Checklist: - [ ] My code follows the style guidelines of this project - [ ] I have performed a self-review of my code - [ ] I have commented on my code, particularly in hard-to-understand areas - [ ] I have made corresponding changes to the documentation - [ ] My changes generate no new warnings - [ ] I have added tests that prove my fix is effective or that my feature works - [ ] New and existing unit tests pass locally with my changes - [ ] Any dependent changes have been merged and published in downstream modules
5.3 KiB
5.3 KiB