From 1c244c1a87322c0a9041284991109ae203fca7ae Mon Sep 17 00:00:00 2001 From: Kenny Lin Date: Fri, 27 Mar 2026 10:44:47 -0400 Subject: [PATCH] fix(security): bump picomatch to 2.3.2 via Yarn resolution Resolves: SNYK-JS-PICOMATCH-15765511, SNYK-JS-PICOMATCH-15765513 CVE-2026-33671, CVE-2026-33672 Severity: High / Medium Made-with: Cursor --- package.json | 1 + yarn.lock | 12 ++++++------ 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/package.json b/package.json index bd97ef2ded..0b697245c3 100644 --- a/package.json +++ b/package.json @@ -119,6 +119,7 @@ "@types/react-dom": "18.3.1", "@typescript-eslint/utils": "^5.15.0", "error-ex": "1.3.4", + "picomatch@npm:2.3.1": "npm:2.3.2", "react": "18.3.1", "react-dom": "18.3.1" }, diff --git a/yarn.lock b/yarn.lock index 9e14b19f5f..5f1c1ee43b 100644 --- a/yarn.lock +++ b/yarn.lock @@ -17873,16 +17873,16 @@ __metadata: linkType: hard "picomatch@npm:^2.0.4, picomatch@npm:^2.2.1, picomatch@npm:^2.2.2, picomatch@npm:^2.2.3, picomatch@npm:^2.3.1": - version: 2.3.1 - resolution: "picomatch@npm:2.3.1" - checksum: 10c0/26c02b8d06f03206fc2ab8d16f19960f2ff9e81a658f831ecb656d8f17d9edc799e8364b1f4a7873e89d9702dff96204be0fa26fe4181f6843f040f819dac4be + version: 2.3.2 + resolution: "picomatch@npm:2.3.2" + checksum: 10c0/a554d1709e59be97d1acb9eaedbbc700a5c03dbd4579807baed95100b00420bc729335440ef15004ae2378984e2487a7c1cebd743cfdb72b6fa9ab69223c0d61 languageName: node linkType: hard "picomatch@npm:^4.0.2, picomatch@npm:^4.0.3": - version: 4.0.3 - resolution: "picomatch@npm:4.0.3" - checksum: 10c0/9582c951e95eebee5434f59e426cddd228a7b97a0161a375aed4be244bd3fe8e3a31b846808ea14ef2c8a2527a6eeab7b3946a67d5979e81694654f939473ae2 + version: 4.0.4 + resolution: "picomatch@npm:4.0.4" + checksum: 10c0/e2c6023372cc7b5764719a5ffb9da0f8e781212fa7ca4bd0562db929df8e117460f00dff3cb7509dacfc06b86de924b247f504d0ce1806a37fac4633081466b0 languageName: node linkType: hard