minimatch minimatch.js braceExpand() Function Improper Regular Expression DoS

[pratikbom]

protobuf.js version: 6.11.2

The above mentioned version of protobufjs includes minimatch3.0.4 which has below high severity security issue:
minimatch contains a flaw in the braceExpand() function in minimatch.js that is triggered as an improper regular expression is used to match patterns for brace expansion. This may allow a context-dependent attacker to hang or slow down a Node process using the library.
If we change the version of minimatch to 3.0.5 or above then this could be resolved.
Can this be fixed in the next available release of protobufjs.

[ryansh100]

Had an issue where the CLI is being included inside the main protobufjs package under cli/node_modules/minimatch folder. I would assume those should just be normal dependencies though.