ILIAS Bump braces from 3.0.2 to 3.0.3

Bumps braces from 3.0.2 to 3.0.3.

Commits

74b2db2 3.0.3
88f1429 update eslint. lint, fix unit tests.
415d660 Snyk js braces 6838727 (#40)
190510f fix tests, skip 1 test in test/braces.expand
716eb9f readme bump
a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
98414f9 remove funding file
665ab5d update keepEscaping doc (#27)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.

Jun 16 '24 23:06 dependabot[bot]

Hi @chfsx , since you suggested mocha as a dependency for ILIAS 10 (PR #6759) and braces is a dependency of chokidar, which is a dependency of mocha, I assign this to you. I did not find any other metadata for this library to determine an assignee :-). If you feel you are wrongly assigned, we should maybe contact the security group to find a voluntary person.

Jun 17 '24 05:06 mjansenDatabay

@thibsy could you please have a look at this? thanks a lot!

Jul 16 '24 06:07 chfsx

Hi all,

I have committed the update of braces in dda8c3952e49df77bf4d83d8cf2897ee9994b976 and performed an npm clean-install --ignore-scripts --omit=optional to properly install the dependencies. It looks like this wasn't done in a while, so not all of the changes in there are from the actual update.

I'll do the same for release_9 and trunk.

Kind regards, @thibsy

Jul 16 '24 15:07 thibsy

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

Jul 16 '24 15:07 dependabot[bot]

befd512f27c61efeab1947c89d08cf5a5bd263ed
a1480d54c7482a0bba8fa9d51d986d78e35c08ca

Jul 16 '24 15:07 thibsy