GHSA-7h2j-956f-4vf2 @isaacs/brace-expansion has Uncontrolled Resource Consumption - Critical

### Is there an existing issue for this?

- [x] I have searched the existing issues

### This issue exists in the latest npm version

- [x] I am using the latest npm

### Current Behavior

Our security scan tool just scanned this critical CVE out -- GHSA-7h2j-956f-4vf2
https://github.com/advisories/GHSA-7h2j-956f-4vf2

@isaacs/brace-expansion is vulnerable to a Denial of Service (DoS) issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, the library attempts to eagerly generate every possible combination synchronously. Because the expansion grows exponentially, even a small input can consume excessive CPU and memory and may crash the Node.js process.

### Expected Behavior

_No response_

### Steps To Reproduce

_No response_

### Environment

- npm: 11.8.0
- Node.js:
- OS Name:
- System Model Name:
- npm config:
```ini
; copy and paste output from `npm config ls` here
```


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GHSA-7h2j-956f-4vf2 @isaacs/brace-expansion has Uncontrolled Resource Consumption - Critical #8958

Is there an existing issue for this?

This issue exists in the latest npm version

Current Behavior

Expected Behavior

Steps To Reproduce

Environment

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

GHSA-7h2j-956f-4vf2 @isaacs/brace-expansion has Uncontrolled Resource Consumption - Critical #8958

Description

Is there an existing issue for this?

This issue exists in the latest npm version

Current Behavior

Expected Behavior

Steps To Reproduce

Environment

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions