Skip to content

feat: update to avoid brace-extansion issue#20203

Closed
MaitreGEEK wants to merge 1 commit intogetsentry:masterfrom
MaitreGEEK:patch-1
Closed

feat: update to avoid brace-extansion issue#20203
MaitreGEEK wants to merge 1 commit intogetsentry:masterfrom
MaitreGEEK:patch-1

Conversation

@MaitreGEEK
Copy link
Copy Markdown

@MaitreGEEK MaitreGEEK commented Apr 10, 2026

@sentry/node › @fastify/otel › minimatch › brace-expansion
moderate: brace-expansion: Zero-step sequence causes process hang and memory exhaustion - GHSA-f886-m6hf-6m8v

Before submitting a pull request, please take a look at our
Contributing guidelines and verify:

  • [x ] If you've added code that should be tested, please add tests.
  • [ x] Ensure your code lints and the test suite passes (yarn lint) & (yarn test).
  • [x ] Link an issue if there is one related to your pull request. If no issue is linked, one will be auto-generated and linked.

Closes #issue_link_here

@MaitreGEEK
feat: update to avoid brace-extansion issue
53ef9de 
@sentry/node › @fastify/otel › minimatch › brace-expansion
  moderate: brace-expansion: Zero-step sequence causes process hang and memory exhaustion - GHSA-f886-m6hf-6m8v
@sdk-maintainer-bot sdk-maintainer-bot bot added missing-issue-reference Used for automated community contribution checks. violating-contribution-guidelines Used for automated community contribution checks. labels Apr 10, 2026
@sdk-maintainer-bot
Copy link
Copy Markdown

sdk-maintainer-bot bot commented Apr 10, 2026

This PR has been automatically closed. All non-maintainer contributions must reference an existing GitHub issue.

Next steps:

  1. Find or open an issue describing the problem or feature
  2. Discuss the approach with a maintainer in the issue
  3. Once a maintainer has acknowledged your proposed approach, open a new PR referencing the issue

Please review our contributing guidelines for more details.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 10, 2026
edited
Loading

Semver Impact of This PR

🟡 Minor (new features)

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).

New Features ✨

  • Update to avoid brace-extansion issue by MaitreGEEK in #20203

🤖 This preview updates automatically when you update the PR.

cursor[bot]
cursor bot reviewed Apr 10, 2026
View reviewed changes
Copy link
Copy Markdown

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit 53ef9de. Configure here.

packages/node/package.json
"@opentelemetry/semantic-conventions": "^1.40.0",
"@prisma/instrumentation": "7.6.0",
"@fastify/otel": "0.18.0",
"@fastify/otel": "0.18.1",
Copy link
Copy Markdown

@cursor cursor bot Apr 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dependency version 0.18.1 does not exist on npm

High Severity

@fastify/otel version 0.18.1 does not appear to exist on npm — the latest published version is 0.18.0. The yarn.lock also still references 0.18.0, confirming it was never resolved. A fresh install will fail because yarn cannot find version 0.18.1 in the registry. The stated goal of fixing the brace-expansion vulnerability via minimatch won't be achieved by this change.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 53ef9de. Configure here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

Assignees

No one assigned

Labels

missing-issue-reference Used for automated community contribution checks. violating-contribution-guidelines Used for automated community contribution checks.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@MaitreGEEK