editorconfig@2.0.1 dependency uses a vulnerable minimatch version

[haraldan]

Code editor

No response

Platform

No response

Version

No response

What steps will reproduce the bug?

No response

How often does it reproduce? Is there a required condition?

No response

What is the expected behavior?

No response

What do you see instead?

Run npm audit:

npm audit report

minimatch 10.0.0 - 10.2.2
Severity: high
minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern - GHSA-3ppc-4f35-3m26
minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments - GHSA-7r86-cg39-jmmj
minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions - GHSA-23c5-xmqv-rm74
fix available via npm audit fix --force
Will install bash-language-server@5.4.3, which is a breaking change
node_modules/bash-language-server/node_modules/minimatch
editorconfig 2.0.1 - 3.0.1
Depends on vulnerable versions of minimatch
node_modules/bash-language-server/node_modules/editorconfig
bash-language-server >=5.5.0
Depends on vulnerable versions of editorconfig
node_modules/bash-language-server

3 high severity vulnerabilities

Additional information

No response