Skip to content

chore: update brace-expansion to address CVE-2026-45149#1944

Open
vinokurig wants to merge 1 commit into
eclipse-openvsx:mainfrom
vinokurig:CVE-2026-45149
Open

chore: update brace-expansion to address CVE-2026-45149#1944
vinokurig wants to merge 1 commit into
eclipse-openvsx:mainfrom
vinokurig:CVE-2026-45149

Conversation

@vinokurig

Copy link
Copy Markdown
Contributor

Updates brace-expansion dependency versions:

  • 1.1.11 -> 1.1.15
  • 2.0.2 -> 2.1.1
  • 5.0.3 -> 5.0.7

Version 5.0.7 includes the fix for CVE-2026-45149, a DoS vulnerability affecting versions 5.0.0-5.0.5 where large numeric ranges could cause excessive memory allocation even with max limits configured.

Updates brace-expansion dependency versions:
- 1.1.11 -> 1.1.15
- 2.0.2 -> 2.1.1
- 5.0.3 -> 5.0.7

Version 5.0.7 includes the fix for CVE-2026-45149, a DoS vulnerability
affecting versions 5.0.0-5.0.5 where large numeric ranges could cause
excessive memory allocation even with max limits configured.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant