patched security vulnerabilities in knex-migrations dependencies

[mitanuriel]

• Update tar-fs from 2.1.2 to 2.1.4 (fixes symlink validation bypass and directory traversal)
• Update brace-expansion from 1.1.11 to 1.1.12 (fixes ReDoS vulnerability)
• Resolves Dependabot alerts CVE-2025-48387 and GHSA-v6h2-p8h4-qcjw

Describe changes

Issue

• Not related to an issue

Completed?

• Yes
• No

[coderabbitai]

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (1)

• knex-migrations/package-lock.json is excluded by !**/package-lock.json

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud