Skip to content

fix(deps): vuln patch: minimatch, shell-quote [tests/integration]#832

Merged
gh-worker-dd-mergequeue-cf854d[bot] merged 1 commit into
mainfrom
engraver-auto-version-upgrade/minorpatch/npm/integration/0-1781533727
Jun 16, 2026
Merged

fix(deps): vuln patch: minimatch, shell-quote [tests/integration]#832
gh-worker-dd-mergequeue-cf854d[bot] merged 1 commit into
mainfrom
engraver-auto-version-upgrade/minorpatch/npm/integration/0-1781533727

Conversation

@gh-worker-campaigns-3e9aa4

@gh-worker-campaigns-3e9aa4 gh-worker-campaigns-3e9aa4 Bot commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

Summary: Critical-severity security update — 2 packages upgraded (patch changes only)

Manifests changed:

  • tests/integration (yarn)

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.

Updates

Package From To Type Dep Type Vulnerabilities Fixed
shell-quote 1.8.3 1.8.4 patch Transitive 1 CRITICAL
minimatch 3.1.3 3.1.5 patch Transitive 2 HIGH

Security Details

🚨 Critical & High Severity (3 fixed)
Package CVE Severity Summary Unsafe Version Fixed In
shell-quote GHSA-w7jw-789q-3m8p CRITICAL shell-quote quote() does not escape newlines in object .op values 1.8.3 1.8.4
minimatch GHSA-23c5-xmqv-rm74 HIGH minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions 3.1.3 10.2.3
minimatch CVE-2026-27904 HIGH minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions 3.1.3 -

Review Checklist

Standard review:

  • Review changes for compatibility with your code
  • Check for breaking changes in release notes
  • Run tests locally or wait for CI
  • Approve and merge this PR

Update Mode: all_vulns

🤖 Generated by DataDog Automated Dependency Management System

@campaigner-prod campaigner-prod Bot marked this pull request as ready for review June 16, 2026 12:23
@campaigner-prod campaigner-prod Bot requested review from a team as code owners June 16, 2026 12:23
@campaigner-prod campaigner-prod Bot requested a review from lym953 June 16, 2026 12:23
@dd-prapprover

dd-prapprover Bot commented Jun 16, 2026
edited
Loading

Copy link
Copy Markdown

PRApprover will approve and merge this PR, FAQ, #dx-source-code-management

🛠️ PRApproval Status

  • ✅ PR is eligible for auto-approval by rule dependency-management-version-updater - 2026-06-16T12:25:35Z
  • ✅ CI tests passed - 2026-06-16T12:25:39Z
  • ✅ Approved (commit: 99cc453) - 2026-06-16T12:25:42Z
  • ✅ Merge Started
  • ⬜ Merged

➡️ Current phase: merge in progress...

dd-prapprover[bot]
dd-prapprover Bot approved these changes Jun 16, 2026
View reviewed changes

@dd-prapprover dd-prapprover Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This PR has been automatically approved by the DD PR Approver bot.

@dd-prapprover

dd-prapprover Bot commented Jun 16, 2026

Copy link
Copy Markdown

/merge

@gh-worker-devflow-routing-ef8351

gh-worker-devflow-routing-ef8351 Bot commented Jun 16, 2026
edited
Loading

Copy link
Copy Markdown

View all feedbacks in Devflow UI.

2026-06-16 12:25:54 UTC ℹ️ Start processing command /merge

2026-06-16 12:25:59 UTC ℹ️ MergeQueue: pull request added to the queue

The expected merge time in main is approximately 0s (p90).

2026-06-16 13:59:00 UTC ℹ️ MergeQueue: This merge request was merged

@gh-worker-dd-mergequeue-cf854d gh-worker-dd-mergequeue-cf854d Bot merged commit 3bf5778 into main Jun 16, 2026
105 checks passed
@gh-worker-dd-mergequeue-cf854d gh-worker-dd-mergequeue-cf854d Bot deleted the engraver-auto-version-upgrade/minorpatch/npm/integration/0-1781533727 branch June 16, 2026 13:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dd-prapprover dd-prapprover[bot] dd-prapprover[bot] approved these changes

@lym953 lym953 Awaiting requested review from lym953 lym953 is a code owner automatically assigned from DataDog/serverless-aws

Assignees

No one assigned

Labels

adms-critical-severity adms-dependency-update adms-high-severity adms-mode-all-vulns adms-npm adms-patch-update campaigner-automated-change mergequeue-status: done

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants