microsoft · nnnnoel · Feb 27, 2026 · Feb 27, 2026 · Feb 27, 2026 · codingLogan
@@ -71,7 +71,7 @@
     "@rushstack/ts-command-line": "workspace:*",
     "diff": "~8.0.2",
     "lodash": "~4.17.23",
-    "minimatch": "10.2.1",
+    "minimatch": "10.2.3",
-    "minimatch": "10.2.3",
+    "minimatch": "~10.2.3",
-    "minimatch": "10.2.3",
+    "minimatch": "~10.2.3",
     "resolve": "~1.22.1",
     "semver": "~7.5.4",
     "source-map": "~0.6.1",

diff --git a/common/changes/@microsoft/api-extractor/fix-minimatch-vulnerability_2026-02-27-10-51.json b/common/changes/@microsoft/api-extractor/fix-minimatch-vulnerability_2026-02-27-10-51.json
@@ -0,0 +1,10 @@
+{
+  "changes": [
+    {
+      "packageName": "@microsoft/api-extractor",
+      "comment": "Bump minimatch version from 10.2.1 to 10.2.3",
+      "type": "patch"
+    }
+  ],
+  "packageName": "@microsoft/api-extractor"
+}
diff --git a/...on/changes/@rushstack/package-extractor/fix-minimatch-vulnerability_2026-02-27-10-51.json b/...on/changes/@rushstack/package-extractor/fix-minimatch-vulnerability_2026-02-27-10-51.json
@@ -0,0 +1,10 @@
+{
+  "changes": [
+    {
+      "packageName": "@rushstack/package-extractor",
+      "comment": "Bump minimatch version from 10.2.1 to 10.2.3",
+      "type": "patch"
+    }
+  ],
+  "packageName": "@rushstack/package-extractor"
+}
diff --git a/...@rushstack/webpack4-localization-plugin/fix-minimatch-vulnerability_2026-02-27-10-51.json b/...@rushstack/webpack4-localization-plugin/fix-minimatch-vulnerability_2026-02-27-10-51.json
@@ -0,0 +1,10 @@
+{
+  "changes": [
+    {
+      "packageName": "@rushstack/webpack4-localization-plugin",
+      "comment": "Bump minimatch version from 10.2.1 to 10.2.3",
+      "type": "patch"
+    }
+  ],
+  "packageName": "@rushstack/webpack4-localization-plugin"
+}
@@ -1,6 +1,6 @@
 // DO NOT MODIFY THIS FILE MANUALLY BUT DO COMMIT IT. It is generated and used by Rush.
 {
-  "pnpmShrinkwrapHash": "c7fc0d748fad95ed6142faa9eaff041335b3fc17",
+  "pnpmShrinkwrapHash": "c395a90b30bd67a31beb1d1b08be9aecb02de265",
   "preferredVersionsHash": "550b4cee0bef4e97db6c6aad726df5149d20e7d9",
-  "packageJsonInjectedDependenciesHash": "c79f0a961494e6e313bb0ec2c8fe0433cb6baaf5"
+  "packageJsonInjectedDependenciesHash": "8410b26d03a38d02cb52140340c78128eb2e5fdd"
 }
@@ -35,7 +35,7 @@
     "eslint": "~9.37.0",
 
     // Updated minimatch and its types to latest major version to resolve ReDoS vulnerability
-    "minimatch": "10.2.1"
+    "minimatch": "10.2.3"
   },
 
   /**

@@ -1,5 +1,5 @@
 // DO NOT MODIFY THIS FILE MANUALLY BUT DO COMMIT IT. It is generated and used by Rush.
 {
-  "pnpmShrinkwrapHash": "332ad6b0bd71bdfb6f4ae69270e34275b8dc2f1e",
-  "preferredVersionsHash": "93bf435032db8da4a18734f1eaa359c12ad147c1"
+  "pnpmShrinkwrapHash": "0778382a980762005a055ec6e76ca8cc37d447f1",
+  "preferredVersionsHash": "029c99bd6e65c5e1f25e2848340509811ff9753c"
 }
@@ -46,7 +46,7 @@
     "@rushstack/ts-command-line": "workspace:*",
     "ignore": "~5.1.6",
     "jszip": "~3.8.0",
-    "minimatch": "10.2.1",
+    "minimatch": "10.2.3",
     "npm-packlist": "~5.1.3",
     "semver": "~7.5.4"
   },

@@ -60,7 +60,7 @@
     "@rushstack/terminal": "workspace:*",
     "@types/tapable": "1.0.6",
     "loader-utils": "1.4.2",
-    "minimatch": "10.2.1"
+    "minimatch": "10.2.3"
   },
   "devDependencies": {
     "@rushstack/heft": "workspace:*",