chore(deps): bump brace-expansion from 2.0.2 to 5.0.2

Closed

Number: #1089
Type: Pull Request
State: Closed

Author:

dependabot[bot]
Association: Unknown
Comments: 3

Created: February 23, 2026 at 05:55 AM UTC
(3 months ago)

Updated: February 24, 2026 at 01:31 AM UTC
(3 months ago)

Closed: February 24, 2026 at 01:31 AM UTC
(3 months ago)

Time to Close: about 20 hours

Labels:
dependencies javascript

Description:

Bumps brace-expansion from 2.0.2 to 5.0.2.

Release notes

Sourced from brace-expansion's releases.

v4.0.1

fmt 5a5cc17

Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) 0b6a978

https://github.com/juliangruber/brace-expansion/compare/v4.0.0...v4.0.1

v4.0.0

feat: use string replaces instead of splits (#64) 278132b

fmt dd72a59

add tea.yaml 70e4c1b

https://github.com/juliangruber/brace-expansion/compare/v3.0.0...v4.0.0

As a precaution to not risk breaking anything with 278132b, this is a new semver major release

v3.0.1

pkg: publish on tag 3.x 3059c07

fmt 8229e6f

Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) 15f9b3c

https://github.com/juliangruber/brace-expansion/compare/v3.0.0...v3.0.1

v3.0.0

Switch to ES Modules and balanced-match 3.0.0 (#62) c0360e8

added jsdoc (#55) 68c0e37

node 16 is EOL 9e781e9

add standard 3494c4d

use const and let (#57) dd5a4cb

docs 6dad209

remove test e3dd8ae

ci: update node versions d23ede9

docs: add @lanodan to contributors 1eb3fa4

docs 1e7c9cd

switch from tape to test module (#60) 2520537

Bump minimist from 1.2.5 to 1.2.6 (#59) 61a94f1

Bump path-parse from 1.0.6 to 1.0.7 (#51) dc741cf

docs: add back ci badge 8ee5626

Add github actions, remove travis. Closes #52 (#53) 5c8756a

CI: Drop unused sudo: false Travis directive (#50) 05978a7

https://github.com/juliangruber/brace-expansion/compare/v2.0.1...v3.0.0

Commits

5a67888 5.0.2
9e59a71 Isaacs/merge back (#83)
07cda16 docs: security (#81)
f493559 Bump lodash from 4.17.21 to 4.17.23 (#80)
5aa58c6 Fix broken repository URL in package.json (#75)
e5ba17e Bump js-yaml from 4.1.0 to 4.1.1 (#79)
c85b8ad 4.0.1
5a5cc17 fmt
0b6a978 Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65)
6a39bdd 4.0.0
Additional commits viewable in compare view

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Package Dependencies

Package:
brace-expansion

Ecosystem:
npm

Version Change:
2.0.2 → 5.0.2

Update Type:
Major

Actions

View on GitHub View Repository All Dependabot PRs

Technical Details

ID:	`14084689`
UUID:	`3976481112`
Node ID:	`PR_kwDOIREOSc7Fj3io`
Host:	GitHub
Repository:	SocketDev/socket-cli

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Dependabot

chore(deps): bump brace-expansion from 2.0.2 to 5.0.2

v4.0.1

v4.0.0

v3.0.1

v3.0.0

Package Dependencies

Actions

Technical Details