Merge pull request #8205 from BitGo/WP-8085

chore(root): exclude minimatch ReDoS from yarn audit

Author: mrdanish26

.iyarc

@@ -30,3 +30,16 @@ GHSA-3ppc-4f35-3m26
 # - This CVE affects tar's extraction process with specially crafted archives
 # - Our usage is limited to archive PACKING operations only, not extraction
 GHSA-83g3-92jg-28cx
+
+# Excluded because:
+# - Transitive dependency through lerna, depcheck, nyc, eslint, yeoman-generator, glob, shelljs
+# - minimatch ReDoS via crafted glob patterns (same class as GHSA-3ppc-4f35-3m26)
+# - Only affects dev-time tooling, not production code
+GHSA-7r86-cg39-jmmj
+
+# Excluded because:
+# - Transitive dependency through lerna, depcheck, nyc, eslint, yeoman-generator, glob, shelljs
+# - minimatch ReDoS via crafted glob patterns (same class as GHSA-3ppc-4f35-3m26)
+# - Only affects dev-time tooling, not production code
+# - Mitigated by controlled inputs (our own build scripts, not user-provided patterns)
+GHSA-23c5-xmqv-rm74