Bump brace-expansion from 5.0.3 to 5.0.6 in /images/rspress/templates

[dependabot]

Bumps brace-expansion from 5.0.3 to 5.0.6.

Commits

• 46317b5 5.0.6
• c0b095b Merge commit from fork
• ec56020 Bump picomatch from 4.0.3 to 4.0.4 (#93)
• 8793901 5.0.5
• 9a02af5 Merge commit from fork
• daa71bc Bump tar from 7.5.10 to 7.5.11 (#92)
• 799e5f7 Bump tar from 7.5.9 to 7.5.10 (#90)
• 012c230 5.0.4
• 243c491 Fix handling of brackets. Closes #87
• 609f858 Correct incorrect brace-expansion import (#89)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

---

Summary by cubic

Update brace-expansion to 5.0.6 in /images/rspress/templates to pull in bug fixes and improved brace parsing. Lockfile-only change; no app code touched.

• Dependencies
  • Bump brace-expansion 5.0.3 → 5.0.6 (used by minimatch)
  • Lockfile refresh also updates specifiers for @rspress/core and type packages

^{Written for commit 131c9ba. Summary will update on new commits. Review in cubic}

[llamapreview]

Auto Pull Request Review from LlamaPReview

Review Status: Automated Review Skipped

Dear contributor,

Thank you for your Pull Request. LlamaPReview has analyzed your changes and determined that this PR does not require an automated code review.

Analysis Result:

All 1 files are skipped files

Technical Context:

All files in this PR were marked as skipped, which typically includes:

• Generated files
• Build artifacts
• Pre-filtered content
• Files marked with [SKIPPED] tag

We're continuously improving our PR analysis capabilities. Have thoughts on when and how LlamaPReview should perform automated reviews? Share your insights in our GitHub Discussions.

Best regards,
LlamaPReview Team

[kilo-code-bot]

WARNING: @ungap/structured-clone@1.3.0 is flagged with a potential CWE-502 vulnerability (deserialization of untrusted data)

A deprecated field was added to this resolved package entry in the lock file refresh triggered by the brace-expansion and @types/* specifier updates. The current resolved version (1.3.0) carries a known prototype-pollution risk. Updating to @ungap/structured-clone@1.3.1 or higher is required to fully resolve this, and should be done in a separate Dependabot PR or dependency update, not left hanging in this lock file state.

[kilo-code-bot]

Code Review Summary

Status: 1 Issue Found | Recommendation: Address before merge

Overview

Severity	Count
WARNING	1

Issue Details (click to expand)

WARNING

File	Line	Issue
images/rspress/templates/pnpm-lock.yaml	301	@ungap/structured-clone@1.3.0 resolved in lock file with Potential CWE-502 (prototype-pollution/serialization) deprecation flag; should be updated to �.3.1+

Files Reviewed (1 file)

• images/rspress/templates/pnpm-lock.yaml - 1 issue

---

_{Reviewed by step-3.5-flash · 457,168 tokens}

[cubic-dev-ai]

No issues found across 1 file

Confidence score: 5/5

• Automated review surfaced no issues in the provided summaries.
• No files require special attention.

_{Re-trigger cubic}