chore(deps): bump brace-expansion from 1.1.14 to 5.0.6

[dependabot]

Bumps brace-expansion from 1.1.14 to 5.0.6.

Release notes

Sourced from brace-expansion's releases.

v4.0.1

• fmt 5a5cc17
• Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) 0b6a978

---

juliangruber/brace-expansion@v4.0.0...v4.0.1

v4.0.0

• feat: use string replaces instead of splits (#64) 278132b
• fmt dd72a59
• add tea.yaml 70e4c1b

juliangruber/brace-expansion@v3.0.0...v4.0.0

As a precaution to not risk breaking anything with 278132b, this is a new semver major release

v3.0.1

• pkg: publish on tag 3.x 3059c07
• fmt 8229e6f
• Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) 15f9b3c

---

juliangruber/brace-expansion@v3.0.0...v3.0.1

v3.0.0

• Switch to ES Modules and balanced-match 3.0.0 (#62) c0360e8
• added jsdoc (#55) 68c0e37
• node 16 is EOL 9e781e9
• add standard 3494c4d
• use const and let (#57) dd5a4cb
• docs 6dad209
• remove test e3dd8ae
• ci: update node versions d23ede9
• docs: add @​lanodan to contributors 1eb3fa4
• docs 1e7c9cd
• switch from tape to test module (#60) 2520537
• Bump minimist from 1.2.5 to 1.2.6 (#59) 61a94f1
• Bump path-parse from 1.0.6 to 1.0.7 (#51) dc741cf
• docs: add back ci badge 8ee5626
• Add github actions, remove travis. Closes #52 (#53) 5c8756a
• CI: Drop unused sudo: false Travis directive (#50) 05978a7

juliangruber/brace-expansion@v2.0.1...v3.0.0

v2.0.2

• pkg: publish on tag 2.x 14f1d91
• fmt ed7780a
• Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) 36603d5

... (truncated)

Commits

• 46317b5 5.0.6
• c0b095b Merge commit from fork
• ec56020 Bump picomatch from 4.0.3 to 4.0.4 (#93)
• 8793901 5.0.5
• 9a02af5 Merge commit from fork
• daa71bc Bump tar from 7.5.10 to 7.5.11 (#92)
• 799e5f7 Bump tar from 7.5.9 to 7.5.10 (#90)
• 012c230 5.0.4
• 243c491 Fix handling of brackets. Closes #87
• 609f858 Correct incorrect brace-expansion import (#89)
• Additional commits viewable in compare view

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[mergify]

Merge Protections

Your pull request matches the following merge protections and will not be merged until they are valid.

🟢 🤖 Continuous Integration

Wonderful, this rule succeeded.

• all of:
  • check-success = build
  • check-success = lint
  • check-success = test
  • any of:
    • check-success = test-broken-links
    • label = ignore-broken-links
  • any of:
    • check-success=Cloudflare Pages
    • -head-repo-full-name~=^Mergifyio/

🟢 👀 Review Requirements

Wonderful, this rule succeeded.

• any of:
  • author = dependabot[bot]
  • #approved-reviews-by >= 2
  • author = mergify-ci-bot

🟢 Enforce conventional commit

Wonderful, this rule succeeded.

Make sure that we follow https://www.conventionalcommits.org/en/v1.0.0/

• title ~= ^(fix|feat|docs|style|refactor|perf|test|build|ci|chore|revert|ui)(?:\(.+\))?:

🟢 🔎 Reviews

Wonderful, this rule succeeded.

• #changes-requested-reviews-by = 0
• #review-requested = 0
• #review-threads-unresolved = 0

🟢 📕 PR description

Wonderful, this rule succeeded.

• body ~= (?ms:.{48,})

[mergify]

Merge Queue Status

• ✅ Entered queue — 2026-05-20 11:05 UTC · Rule: automated updates
• ✅ Checks passed · on draft merge queue: embarking main (8e0e52b) and [#11591 + #11593 + #11588 + #11595 + #11596 + #11599 + #11598] together #11601
• ✅ Merged — 2026-05-20 11:26 UTC · at b446dcc9acbf34255c6529c3c0502186a352f075 · fast-forward

This pull request spent 21 minutes 6 seconds in the queue, including 4 minutes 37 seconds running CI.

Required conditions to merge

• all of [🛡 Merge Protections rule Enforce conventional commit]:
  • title ~= ^(fix|feat|docs|style|refactor|perf|test|build|ci|chore|revert|ui)(?:\(.+\))?:
    • chore(deps): bump yallist from 3.1.1 to 5.0.0 #11588
    • chore(deps): bump brace-expansion from 1.1.14 to 5.0.6 #11591
    • chore(deps): bump escape-string-regexp from 4.0.0 to 5.0.0 #11593
    • chore(deps): bump espree from 10.4.0 to 11.2.0 #11595
    • chore(deps): bump balanced-match from 1.0.2 to 4.0.4 #11596
    • chore(deps): bump @vue/babel-plugin-jsx from 1.5.0 to 2.0.1 #11598
    • chore(deps): bump request-light from 0.5.8 to 0.7.0 #11599
• all of [🛡 Merge Protections rule 👀 Review Requirements]:
  • any of:
    • author = dependabot[bot]
      • chore(deps): bump yallist from 3.1.1 to 5.0.0 #11588
      • chore(deps): bump brace-expansion from 1.1.14 to 5.0.6 #11591
      • chore(deps): bump escape-string-regexp from 4.0.0 to 5.0.0 #11593
      • chore(deps): bump espree from 10.4.0 to 11.2.0 #11595
      • chore(deps): bump balanced-match from 1.0.2 to 4.0.4 #11596
      • chore(deps): bump @vue/babel-plugin-jsx from 1.5.0 to 2.0.1 #11598
      • chore(deps): bump request-light from 0.5.8 to 0.7.0 #11599
    • #approved-reviews-by >= 2
      • chore(deps): bump yallist from 3.1.1 to 5.0.0 #11588
      • chore(deps): bump brace-expansion from 1.1.14 to 5.0.6 #11591
      • chore(deps): bump escape-string-regexp from 4.0.0 to 5.0.0 #11593
      • chore(deps): bump espree from 10.4.0 to 11.2.0 #11595
      • chore(deps): bump balanced-match from 1.0.2 to 4.0.4 #11596
      • chore(deps): bump @vue/babel-plugin-jsx from 1.5.0 to 2.0.1 #11598
      • chore(deps): bump request-light from 0.5.8 to 0.7.0 #11599
    • author = mergify-ci-bot
      • chore(deps): bump yallist from 3.1.1 to 5.0.0 #11588
      • chore(deps): bump brace-expansion from 1.1.14 to 5.0.6 #11591
      • chore(deps): bump escape-string-regexp from 4.0.0 to 5.0.0 #11593
      • chore(deps): bump espree from 10.4.0 to 11.2.0 #11595
      • chore(deps): bump balanced-match from 1.0.2 to 4.0.4 #11596
      • chore(deps): bump @vue/babel-plugin-jsx from 1.5.0 to 2.0.1 #11598
      • chore(deps): bump request-light from 0.5.8 to 0.7.0 #11599
• all of [🛡 Merge Protections rule 📕 PR description]:
  • body ~= (?ms:.{48,})
    • chore(deps): bump yallist from 3.1.1 to 5.0.0 #11588
    • chore(deps): bump brace-expansion from 1.1.14 to 5.0.6 #11591
    • chore(deps): bump escape-string-regexp from 4.0.0 to 5.0.0 #11593
    • chore(deps): bump espree from 10.4.0 to 11.2.0 #11595
    • chore(deps): bump balanced-match from 1.0.2 to 4.0.4 #11596
    • chore(deps): bump @vue/babel-plugin-jsx from 1.5.0 to 2.0.1 #11598
    • chore(deps): bump request-light from 0.5.8 to 0.7.0 #11599
• all of [🛡 Merge Protections rule 🔎 Reviews]:
  • #changes-requested-reviews-by = 0
    • chore(deps): bump yallist from 3.1.1 to 5.0.0 #11588
    • chore(deps): bump brace-expansion from 1.1.14 to 5.0.6 #11591
    • chore(deps): bump escape-string-regexp from 4.0.0 to 5.0.0 #11593
    • chore(deps): bump espree from 10.4.0 to 11.2.0 #11595
    • chore(deps): bump balanced-match from 1.0.2 to 4.0.4 #11596
    • chore(deps): bump @vue/babel-plugin-jsx from 1.5.0 to 2.0.1 #11598
    • chore(deps): bump request-light from 0.5.8 to 0.7.0 #11599
  • #review-requested = 0
    • chore(deps): bump yallist from 3.1.1 to 5.0.0 #11588
    • chore(deps): bump brace-expansion from 1.1.14 to 5.0.6 #11591
    • chore(deps): bump escape-string-regexp from 4.0.0 to 5.0.0 #11593
    • chore(deps): bump espree from 10.4.0 to 11.2.0 #11595
    • chore(deps): bump balanced-match from 1.0.2 to 4.0.4 #11596
    • chore(deps): bump @vue/babel-plugin-jsx from 1.5.0 to 2.0.1 #11598
    • chore(deps): bump request-light from 0.5.8 to 0.7.0 #11599
  • #review-threads-unresolved = 0
    • chore(deps): bump yallist from 3.1.1 to 5.0.0 #11588
    • chore(deps): bump brace-expansion from 1.1.14 to 5.0.6 #11591
    • chore(deps): bump escape-string-regexp from 4.0.0 to 5.0.0 #11593
    • chore(deps): bump espree from 10.4.0 to 11.2.0 #11595
    • chore(deps): bump balanced-match from 1.0.2 to 4.0.4 #11596
    • chore(deps): bump @vue/babel-plugin-jsx from 1.5.0 to 2.0.1 #11598
    • chore(deps): bump request-light from 0.5.8 to 0.7.0 #11599
• all of [🛡 Merge Protections rule 🤖 Continuous Integration]:
  • all of:
    • check-success = build
    • check-success = lint
    • check-success = test
    • any of:
      • check-success = test-broken-links
      • label = ignore-broken-links
        • chore(deps): bump yallist from 3.1.1 to 5.0.0 #11588
        • chore(deps): bump brace-expansion from 1.1.14 to 5.0.6 #11591
        • chore(deps): bump escape-string-regexp from 4.0.0 to 5.0.0 #11593
        • chore(deps): bump espree from 10.4.0 to 11.2.0 #11595
        • chore(deps): bump balanced-match from 1.0.2 to 4.0.4 #11596
        • chore(deps): bump @vue/babel-plugin-jsx from 1.5.0 to 2.0.1 #11598
        • chore(deps): bump request-light from 0.5.8 to 0.7.0 #11599
    • any of:
      • check-success=Cloudflare Pages
      • -head-repo-full-name~=^Mergifyio/
        • chore(deps): bump yallist from 3.1.1 to 5.0.0 #11588
        • chore(deps): bump brace-expansion from 1.1.14 to 5.0.6 #11591
        • chore(deps): bump escape-string-regexp from 4.0.0 to 5.0.0 #11593
        • chore(deps): bump espree from 10.4.0 to 11.2.0 #11595
        • chore(deps): bump balanced-match from 1.0.2 to 4.0.4 #11596
        • chore(deps): bump @vue/babel-plugin-jsx from 1.5.0 to 2.0.1 #11598
        • chore(deps): bump request-light from 0.5.8 to 0.7.0 #11599