[Snyk] Security upgrade minimatch from 3.1.2 to 10.2.1

[randi274]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• packages/aura-language-server/src/tern/package.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-15309438	828

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

[randi274]

This is a very large major version upgrade from v3 to v10, introducing significant breaking changes. Thorough testing is required before merging.

Key Breaking Changes:

• ESM Module Syntax: Starting with v10, minimatch or its dependencies have transitioned to pure ESM. This will break any project that uses require('minimatch'). You will need to update your code to use import statements. An issue was reported for v10.0.2 causing ERR_REQUIRE_ESM errors due to this change. [2]

• Dropped Node.js Support: Version 10 drops support for Node.js 18. [10] Support for other older, end-of-life Node.js versions was likely dropped in intermediate major versions.

• Import/Export Changes (pre-v10): Even before the full ESM transition, changes to the module's exports occurred around v6 that required some TypeScript users to change their import statements from import minimatch from 'minimatch' to import minimatch = require('minimatch'). [11]

• Behavioral Changes: The handling of backslashes on Windows platforms has changed since v3. [14] Additionally, new features like POSIX character classes have been added which may alter matching behavior in edge cases. [18]

Recommendation: This upgrade requires significant developer action. Prioritize updating module import statements from require() to import. Verify your project's Node.js version is compatible (>= Node 20). Due to the large version gap and lack of a single comprehensive changelog, extensive testing of all globbing functionality is critical to ensure patterns still match as expected.

Source: Package documentation and GitHub Issues [2, 10, 11, 14, 18]

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.