From 44405bb2ce701b4afb49d53c81aff7f1f41d7d4e Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Fri, 20 Jun 2025 16:06:26 +0000
Subject: [PATCH] fix: package.json & package-lock.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-BRACEEXPANSION-9789073
---
 package-lock.json | 113 ++++++++++++++++++++++++++++++----------------
 package.json      |   2 +-
 2 files changed, 74 insertions(+), 41 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index bd2ac49ed1..6c24a18325 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -9,13 +9,13 @@
       "version": "1.0.0",
       "license": "SEE LICENSE IN https://tc39.es/ecma262/#sec-copyright-and-software-license",
       "devDependencies": {
-        "ecmarkup": "^18.3.1",
-        "glob": "^7.1.6",
+        "ecmarkup": "^20.0.0",
+        "glob": "^9.0.0",
         "jsdom": "^15.0.0",
         "pagedjs": "^0.4.3",
         "pagedjs-cli": "^0.4.3",
         "tar-stream": "^2.2.0",
-        "tiny-json-http": "^7.1.2"
+        "tiny-json-http": "^7.5.1"
       }
     },
     "node_modules/@babel/code-frame": {
@@ -503,7 +503,9 @@
       "license": "Apache-2.0"
     },
     "node_modules/balanced-match": {
-      "version": "1.0.0",
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz",
+      "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==",
       "dev": true,
       "license": "MIT"
     },
@@ -596,12 +598,13 @@
       }
     },
     "node_modules/brace-expansion": {
-      "version": "1.1.11",
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+      "integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "balanced-match": "^1.0.0",
-        "concat-map": "0.0.1"
+        "balanced-match": "^1.0.0"
       }
     },
     "node_modules/braces": {
@@ -907,11 +910,6 @@
         "node": ">=16"
       }
     },
-    "node_modules/concat-map": {
-      "version": "0.0.1",
-      "dev": true,
-      "license": "MIT"
-    },
     "node_modules/content-disposition": {
       "version": "0.5.4",
       "dev": true,
@@ -1243,10 +1241,11 @@
       }
     },
     "node_modules/ecmarkup": {
-      "version": "18.3.1",
-      "resolved": "https://registry.npmjs.org/ecmarkup/-/ecmarkup-18.3.1.tgz",
-      "integrity": "sha512-ouyfwgVjtvyF9AdAQnI9krCWNE5srK90XGPym8vs6WPtjUso6Pq887DwAYBDbga9lrfwezWo5n8hGu9amYYu1g==",
+      "version": "20.0.0",
+      "resolved": "https://registry.npmjs.org/ecmarkup/-/ecmarkup-20.0.0.tgz",
+      "integrity": "sha512-c5Km5oVo+pZVvfaS1lRvaweVj89lkXxjOKGdW5QfQWFaAxHu/q1sSFCwEIy2bwhtZr5EiijdjonF22D/e75yzQ==",
       "dev": true,
+      "license": "MIT",
       "dependencies": {
         "chalk": "^4.1.2",
         "command-line-args": "^5.2.0",
@@ -1270,7 +1269,7 @@
         "emu-format": "bin/emu-format.js"
       },
       "engines": {
-        "node": ">= 12 || ^11.10.1 || ^10.13 || ^8.10"
+        "node": ">= 18"
       }
     },
     "node_modules/ecmarkup/node_modules/acorn-globals": {
@@ -2341,19 +2340,19 @@
       }
     },
     "node_modules/glob": {
-      "version": "7.1.6",
+      "version": "9.0.0",
+      "resolved": "https://registry.npmjs.org/glob/-/glob-9.0.0.tgz",
+      "integrity": "sha512-7rdoWzT8/4f1yEe/cMdBug2lmzmYMYU9h4RNNiavPHajhcxt7kkxrOvwSnIPkZMjLQb9BXv7nFoKmTnPPklMyA==",
       "dev": true,
       "license": "ISC",
       "dependencies": {
         "fs.realpath": "^1.0.0",
-        "inflight": "^1.0.4",
-        "inherits": "2",
-        "minimatch": "^3.0.4",
-        "once": "^1.3.0",
-        "path-is-absolute": "^1.0.0"
+        "minimatch": "^7.3.0",
+        "minipass": "^4.2.4",
+        "path-scurry": "^1.5.0"
       },
       "engines": {
-        "node": "*"
+        "node": ">=16"
       },
       "funding": {
         "url": "https://github.com/sponsors/isaacs"
@@ -2651,15 +2650,6 @@
         "url": "https://github.com/sponsors/sindresorhus"
       }
     },
-    "node_modules/inflight": {
-      "version": "1.0.6",
-      "dev": true,
-      "license": "ISC",
-      "dependencies": {
-        "once": "^1.3.0",
-        "wrappy": "1"
-      }
-    },
     "node_modules/inherits": {
       "version": "2.0.4",
       "dev": true,
@@ -3123,14 +3113,29 @@
       }
     },
     "node_modules/minimatch": {
-      "version": "3.0.4",
+      "version": "7.4.6",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-7.4.6.tgz",
+      "integrity": "sha512-sBz8G/YjVniEz6lKPNpKxXwazJe4c19fEfV2GDMX6AjFz+MX9uDWIZW8XreVhkFW3fkIdTv/gxWr/Kks5FFAVw==",
       "dev": true,
       "license": "ISC",
       "dependencies": {
-        "brace-expansion": "^1.1.7"
+        "brace-expansion": "^2.0.1"
       },
       "engines": {
-        "node": "*"
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      }
+    },
+    "node_modules/minipass": {
+      "version": "4.2.8",
+      "resolved": "https://registry.npmjs.org/minipass/-/minipass-4.2.8.tgz",
+      "integrity": "sha512-fNzuVyifolSLFL4NzpF+wEF4qrgqaaKX0haXPQEdQ7NKAN+WecoKMHV09YcuL/DHxrUsYQOK3MiuDf7Ip2OXfQ==",
+      "dev": true,
+      "license": "ISC",
+      "engines": {
+        "node": ">=8"
       }
     },
     "node_modules/mitt": {
@@ -3428,12 +3433,38 @@
         "node": ">= 0.8"
       }
     },
-    "node_modules/path-is-absolute": {
-      "version": "1.0.1",
+    "node_modules/path-scurry": {
+      "version": "1.11.1",
+      "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.11.1.tgz",
+      "integrity": "sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA==",
       "dev": true,
-      "license": "MIT",
+      "license": "BlueOak-1.0.0",
+      "dependencies": {
+        "lru-cache": "^10.2.0",
+        "minipass": "^5.0.0 || ^6.0.2 || ^7.0.0"
+      },
       "engines": {
-        "node": ">=0.10.0"
+        "node": ">=16 || 14 >=14.18"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      }
+    },
+    "node_modules/path-scurry/node_modules/lru-cache": {
+      "version": "10.4.3",
+      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.4.3.tgz",
+      "integrity": "sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ==",
+      "dev": true,
+      "license": "ISC"
+    },
+    "node_modules/path-scurry/node_modules/minipass": {
+      "version": "7.1.2",
+      "resolved": "https://registry.npmjs.org/minipass/-/minipass-7.1.2.tgz",
+      "integrity": "sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw==",
+      "dev": true,
+      "license": "ISC",
+      "engines": {
+        "node": ">=16 || 14 >=14.17"
       }
     },
     "node_modules/path-to-regexp": {
@@ -4314,7 +4345,9 @@
       "license": "MIT"
     },
     "node_modules/tiny-json-http": {
-      "version": "7.2.0",
+      "version": "7.5.1",
+      "resolved": "https://registry.npmjs.org/tiny-json-http/-/tiny-json-http-7.5.1.tgz",
+      "integrity": "sha512-lB7qkBGpL3HR/8gidBu3MMfgfnDj2mlvK/eYXgSbO06gKphemLKGp/TgRTy/BKVD7nCbgIeCm41lMNayXO1f2w==",
       "dev": true,
       "license": "Apache-2.0"
     },
diff --git a/package.json b/package.json
index e03bfbbeda..4d230e1df3 100644
--- a/package.json
+++ b/package.json
@@ -27,7 +27,7 @@
   },
   "devDependencies": {
     "ecmarkup": "^20.0.0",
-    "glob": "^7.1.6",
+    "glob": "^9.0.0",
     "jsdom": "^15.0.0",
     "pagedjs": "^0.4.3",
     "pagedjs-cli": "^0.4.3",