From 828fafe389c44de9d39de5d5260bc9417b92932d Mon Sep 17 00:00:00 2001
From: mrdanish26 <danishansari708@bitgo.com>
Date: Thu, 26 Feb 2026 15:21:12 -0800
Subject: [PATCH] chore(root): exclude minimatch ReDoS from yarn audit

TICKET: WP-8085
---
 .iyarc | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/.iyarc b/.iyarc
index ab4a3a73c1..29f6298cb4 100644
--- a/.iyarc
+++ b/.iyarc
@@ -30,3 +30,16 @@ GHSA-3ppc-4f35-3m26
 # - This CVE affects tar's extraction process with specially crafted archives
 # - Our usage is limited to archive PACKING operations only, not extraction
 GHSA-83g3-92jg-28cx
+
+# Excluded because:
+# - Transitive dependency through lerna, depcheck, nyc, eslint, yeoman-generator, glob, shelljs
+# - minimatch ReDoS via crafted glob patterns (same class as GHSA-3ppc-4f35-3m26)
+# - Only affects dev-time tooling, not production code
+GHSA-7r86-cg39-jmmj
+
+# Excluded because:
+# - Transitive dependency through lerna, depcheck, nyc, eslint, yeoman-generator, glob, shelljs
+# - minimatch ReDoS via crafted glob patterns (same class as GHSA-3ppc-4f35-3m26)
+# - Only affects dev-time tooling, not production code
+# - Mitigated by controlled inputs (our own build scripts, not user-provided patterns)
+GHSA-23c5-xmqv-rm74