Bump minimatch from 3.1.2 to 3.1.5 by dependabot[bot] · Pull Request #15 · neofinancial/serverless-plugin-neo

dependabot · 2026-02-28T13:30:21Z

Bumps minimatch from 3.1.2 to 3.1.5.

Commits

7bba978 3.1.5
bd25942 docs: add warning about ReDoS
1a9c27c fix partial matching of globstar patterns
1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.1.2 to 3.1.5. - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) --- updated-dependencies: - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

wiz-a38520980d · 2026-02-28T13:30:42Z

Wiz Scan Summary

Scanner	Findings
Vulnerabilities	10 3 1
Sensitive Data	-
Secrets	-
IaC Misconfigurations	-
SAST Findings	-

Total	10 3 1

View scan details in Wiz

To detect these findings earlier in the dev lifecycle, try using Wiz Code VS Code Extension.

wiz-a38520980d · 2026-02-28T13:30:43Z

package-lock.json

Vulnerability Finding on line 10029

More Details

Vulnerabilities [semver:7.3.7]

Name Severity Source Fixed version CVSS score CVSS exploitability score Has public exploit Has CISA KEV exploit

CVE-2022-25883 GHSA-c2qf-rxjj-qqgw 7.5.2 7.5 3.9 false false

To ignore this finding as an exception, reply to this conversation with #wiz_ignore reason

If you'd like to ignore this finding in all future scans, add an exception in the .wiz file (learn more) or create an Ignore Rule (learn more).

To get more details on how to remediate this issue using AI, reply to this conversation with #wiz remediate

wiz-a38520980d · 2026-02-28T13:30:43Z

package-lock.json

Vulnerability Finding on line 10794

More Details

Vulnerabilities [tar:6.1.11]

Name Severity Source Fixed version CVSS score CVSS exploitability score Has public exploit Has CISA KEV exploit

CVE-2024-28863 GHSA-f5x3-32g6-xq36 6.2.1 6.5 2.8 true false

CVE-2026-23745 GHSA-8qq5-rm4j-mr97 7.5.3 8.2 1.8 true false

CVE-2026-23950 GHSA-r6q2-hw4h-h46w 7.5.4 5.9 2.2 true false

CVE-2026-24842 GHSA-34x7-hfp2-rc4v 7.5.7 8.2 2.8 true false

CVE-2026-26960 GHSA-83g3-92jg-28cx 7.5.8 7.1 1.8 true false

To ignore this finding as an exception, reply to this conversation with #wiz_ignore reason

If you'd like to ignore this finding in all future scans, add an exception in the .wiz file (learn more) or create an Ignore Rule (learn more).

To get more details on how to remediate this issue using AI, reply to this conversation with #wiz remediate

wiz-a38520980d · 2026-02-28T13:30:44Z

package-lock.json

Vulnerability Finding on line 2596

More Details

Vulnerabilities [braces:3.0.2]

Name Severity Source Fixed version CVSS score CVSS exploitability score Has public exploit Has CISA KEV exploit

CVE-2024-4068 GHSA-grv7-fg5c-xmjg 3.0.3 7.5 3.9 true false

To ignore this finding as an exception, reply to this conversation with #wiz_ignore reason

If you'd like to ignore this finding in all future scans, add an exception in the .wiz file (learn more) or create an Ignore Rule (learn more).

To get more details on how to remediate this issue using AI, reply to this conversation with #wiz remediate

wiz-a38520980d · 2026-02-28T13:30:45Z

package-lock.json

Vulnerability Finding on line 8515

More Details

Vulnerabilities [tar:4.4.19]

Name Severity Source Fixed version CVSS score CVSS exploitability score Has public exploit Has CISA KEV exploit

CVE-2024-28863 GHSA-f5x3-32g6-xq36 6.2.1 6.5 2.8 true false

CVE-2026-23745 GHSA-8qq5-rm4j-mr97 7.5.3 8.2 1.8 true false

CVE-2026-23950 GHSA-r6q2-hw4h-h46w 7.5.4 5.9 2.2 true false

CVE-2026-24842 GHSA-34x7-hfp2-rc4v 7.5.7 8.2 2.8 true false

CVE-2026-26960 GHSA-83g3-92jg-28cx 7.5.8 7.1 1.8 true false

To ignore this finding as an exception, reply to this conversation with #wiz_ignore reason

If you'd like to ignore this finding in all future scans, add an exception in the .wiz file (learn more) or create an Ignore Rule (learn more).

To get more details on how to remediate this issue using AI, reply to this conversation with #wiz remediate

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 28, 2026

dependabot bot mentioned this pull request Feb 28, 2026

Bump minimatch from 3.1.2 to 3.1.4 #14

Closed

wiz-a38520980d bot reviewed Feb 28, 2026

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump minimatch from 3.1.2 to 3.1.5#15

Bump minimatch from 3.1.2 to 3.1.5#15
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/minimatch-3.1.5

dependabot bot commented on behalf of github Feb 28, 2026

Uh oh!

wiz-a38520980d bot commented Feb 28, 2026

Uh oh!

wiz-a38520980d bot Feb 28, 2026

Uh oh!

wiz-a38520980d bot Feb 28, 2026

Uh oh!

wiz-a38520980d bot Feb 28, 2026

Uh oh!

wiz-a38520980d bot Feb 28, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Name	Source	Fixed version	CVSS score	CVSS exploitability score	Has public exploit	Has CISA KEV exploit
CVE-2024-28863	GHSA-f5x3-32g6-xq36	6.2.1	6.5	2.8	true	false
CVE-2026-23745	GHSA-8qq5-rm4j-mr97	7.5.3	8.2	1.8	true	false
CVE-2026-23950	GHSA-r6q2-hw4h-h46w	7.5.4	5.9	2.2	true	false
CVE-2026-24842	GHSA-34x7-hfp2-rc4v	7.5.7	8.2	2.8	true	false
CVE-2026-26960	GHSA-83g3-92jg-28cx	7.5.8	7.1	1.8	true	false

Conversation

dependabot bot commented on behalf of github Feb 28, 2026

Uh oh!

wiz-a38520980d bot commented Feb 28, 2026

Wiz Scan Summary

Uh oh!

wiz-a38520980d bot Feb 28, 2026

Choose a reason for hiding this comment

Vulnerabilities [semver:7.3.7]

Uh oh!

wiz-a38520980d bot Feb 28, 2026

Choose a reason for hiding this comment

Vulnerabilities [tar:6.1.11]

Uh oh!

wiz-a38520980d bot Feb 28, 2026

Choose a reason for hiding this comment

Vulnerabilities [braces:3.0.2]

Uh oh!

wiz-a38520980d bot Feb 28, 2026

Choose a reason for hiding this comment

Vulnerabilities [tar:4.4.19]

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants