From 668a1f498b582d2e190a8712945356e638f21677 Mon Sep 17 00:00:00 2001
From: isaacs <i@izs.me>
Date: Sun, 27 Sep 2015 11:18:23 -0700
Subject: [PATCH 01/10] Don't package browser version

---
 .gitignore   | 1 -
 package.json | 7 ++-----
 2 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/.gitignore b/.gitignore
index 1c2b2a16..c9106a73 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,2 @@
 node_modules
-browser.js
 .nyc_output
diff --git a/package.json b/package.json
index 28c5cca9..0b670bbe 100644
--- a/package.json
+++ b/package.json
@@ -10,8 +10,7 @@
   "main": "minimatch.js",
   "scripts": {
     "posttest": "standard minimatch.js test/*.js",
-    "test": "tap test/*.js",
-    "prepublish": "browserify -o browser.js -e minimatch.js -s minimatch --bare"
+    "test": "tap test/*.js"
   },
   "engines": {
     "node": "*"
@@ -20,13 +19,11 @@
     "brace-expansion": "^1.0.0"
   },
   "devDependencies": {
-    "browserify": "^9.0.3",
     "standard": "^3.7.2",
     "tap": "^1.2.0"
   },
   "license": "ISC",
   "files": [
-    "minimatch.js",
-    "browser.js"
+    "minimatch.js"
   ]
 }

From 270dbea567f0af6918cb18103e98c612aa717a20 Mon Sep 17 00:00:00 2001
From: isaacs <i@izs.me>
Date: Sun, 27 Sep 2015 11:18:44 -0700
Subject: [PATCH 02/10] v3.0.0

---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 0b670bbe..b95a247b 100644
--- a/package.json
+++ b/package.json
@@ -2,7 +2,7 @@
   "author": "Isaac Z. Schlueter <i@izs.me> (http://blog.izs.me)",
   "name": "minimatch",
   "description": "a glob matcher in javascript",
-  "version": "2.0.10",
+  "version": "3.0.0",
   "repository": {
     "type": "git",
     "url": "git://github.com/isaacs/minimatch.git"

From ea0c69035799364483ccd1ac6fdde17ffe8e9518 Mon Sep 17 00:00:00 2001
From: isaacs <i@izs.me>
Date: Thu, 12 Nov 2015 11:16:00 -0800
Subject: [PATCH 03/10] update travis

---
 .travis.yml | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 4af02b3d..9c1a7b6c 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,8 +1,7 @@
+sudo: false
 language: node_js
 node_js:
-  - '0.8'
   - '0.10'
   - '0.12'
-  - 'iojs'
-before_install:
-  - npm install -g npm@latest
+  - '4'
+  - '5'

From 361f803a180025e9019d5e3e2443d11c26684afc Mon Sep 17 00:00:00 2001
From: djchie <djchie.dev@gmail.com>
Date: Thu, 17 Sep 2015 21:45:35 -0700
Subject: [PATCH 04/10] Fixes spelling mistake from "instanting" to
 "instantiating"

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index d458bc2e..cd26e2a8 100644
--- a/README.md
+++ b/README.md
@@ -37,7 +37,7 @@ See:
 
 ## Minimatch Class
 
-Create a minimatch object by instanting the `minimatch.Minimatch` class.
+Create a minimatch object by instantiating the `minimatch.Minimatch` class.
 
 ```javascript
 var Minimatch = require("minimatch").Minimatch

From 7df236fe845fe59dd2366656e736ea6d40c3a920 Mon Sep 17 00:00:00 2001
From: Peter Dave Hello <PeterDaveHello@users.noreply.github.com>
Date: Sun, 15 Mar 2015 21:45:27 +0800
Subject: [PATCH 05/10] Use svg instead of png to get better image quality

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index cd26e2a8..ee356315 100644
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@
 
 A minimal matching utility.
 
-[![Build Status](https://secure.travis-ci.org/isaacs/minimatch.png)](http://travis-ci.org/isaacs/minimatch)
+[![Build Status](https://secure.travis-ci.org/isaacs/minimatch.svg)](http://travis-ci.org/isaacs/minimatch)
 
 
 This is the matching library used internally by npm.

From 9cf2d8863ae8a755ff86c248694f436cc49f41f6 Mon Sep 17 00:00:00 2001
From: Jordan Klassen <jordan@klassen.me.uk>
Date: Fri, 19 Feb 2016 19:14:56 -0800
Subject: [PATCH 06/10] Remove mentions of cache from readme

caching was removed in 0f06f184a4d1a03ba173b31b44e16153566a8110
---
 README.md | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/README.md b/README.md
index ee356315..ad72b813 100644
--- a/README.md
+++ b/README.md
@@ -82,13 +82,6 @@ var mm = new Minimatch(pattern, options)
 
 All other methods are internal, and will be called as necessary.
 
-## Functions
-
-The top-level exported function has a `cache` property, which is an LRU
-cache set to store 100 items.  So, calling these methods repeatedly
-with the same pattern and options will use the same Minimatch object,
-saving the cost of parsing it multiple times.
-
 ### minimatch(path, pattern, options)
 
 Main export.  Tests a path against the pattern using the options.

From 4f3a8bce2099a4acf0acf60709247bd885c706eb Mon Sep 17 00:00:00 2001
From: isaacs <i@izs.me>
Date: Sat, 20 Feb 2016 14:11:08 -0800
Subject: [PATCH 07/10] update tap

---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index b95a247b..17601ea4 100644
--- a/package.json
+++ b/package.json
@@ -20,7 +20,7 @@
   },
   "devDependencies": {
     "standard": "^3.7.2",
-    "tap": "^1.2.0"
+    "tap": "^5.6.0"
   },
   "license": "ISC",
   "files": [

From 8ac560e212d1b19b1b78685521ccc67a28d366e6 Mon Sep 17 00:00:00 2001
From: isaacs <i@izs.me>
Date: Sat, 20 Feb 2016 14:11:15 -0800
Subject: [PATCH 08/10] v3.0.1

---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 17601ea4..1537cce5 100644
--- a/package.json
+++ b/package.json
@@ -2,7 +2,7 @@
   "author": "Isaac Z. Schlueter <i@izs.me> (http://blog.izs.me)",
   "name": "minimatch",
   "description": "a glob matcher in javascript",
-  "version": "3.0.0",
+  "version": "3.0.1",
   "repository": {
     "type": "git",
     "url": "git://github.com/isaacs/minimatch.git"

From 6944abf9e0694bd22fd9dad293faa40c2bc8a955 Mon Sep 17 00:00:00 2001
From: isaacs <i@izs.me>
Date: Fri, 17 Jun 2016 09:00:24 -0700
Subject: [PATCH 09/10] Handle extremely long and terrible patterns more
 gracefully

Reported by @nstarke, thanks
---
 minimatch.js  | 18 +++++++++++++++---
 test/redos.js | 28 ++++++++++++++++++++++++++++
 2 files changed, 43 insertions(+), 3 deletions(-)
 create mode 100644 test/redos.js

diff --git a/minimatch.js b/minimatch.js
index ec4c05c5..830a2724 100644
--- a/minimatch.js
+++ b/minimatch.js
@@ -235,7 +235,7 @@ function braceExpand (pattern, options) {
     ? this.pattern : pattern
 
   if (typeof pattern === 'undefined') {
-    throw new Error('undefined pattern')
+    throw new TypeError('undefined pattern')
   }
 
   if (options.nobrace ||
@@ -261,6 +261,10 @@ function braceExpand (pattern, options) {
 Minimatch.prototype.parse = parse
 var SUBPARSE = {}
 function parse (pattern, isSub) {
+  if (pattern.length > 1024 * 64) {
+    throw new TypeError('pattern is too long')
+  }
+
   var options = this.options
 
   // shortcuts
@@ -518,7 +522,7 @@ function parse (pattern, isSub) {
   for (pl = patternListStack.pop(); pl; pl = patternListStack.pop()) {
     var tail = re.slice(pl.reStart + 3)
     // maybe some even number of \, then maybe 1 \, followed by a |
-    tail = tail.replace(/((?:\\{2})*)(\\?)\|/g, function (_, $1, $2) {
+    tail = tail.replace(/((?:\\{2}){0,64})(\\?)\|/g, function (_, $1, $2) {
       if (!$2) {
         // the | isn't already escaped, so escape it.
         $2 = '\\'
@@ -615,7 +619,15 @@ function parse (pattern, isSub) {
   }
 
   var flags = options.nocase ? 'i' : ''
-  var regExp = new RegExp('^' + re + '$', flags)
+  try {
+    var regExp = new RegExp('^' + re + '$', flags)
+  } catch (er) {
+    // If it was an invalid regular expression, then it can't match
+    // anything.  This trick looks for a character after the end of
+    // the string, which is of course impossible, except in multi-line
+    // mode, but it's not a /m regex.
+    return new RegExp('$.')
+  }
 
   regExp._glob = pattern
   regExp._src = re
diff --git a/test/redos.js b/test/redos.js
new file mode 100644
index 00000000..9430a576
--- /dev/null
+++ b/test/redos.js
@@ -0,0 +1,28 @@
+var t = require('tap')
+
+var minimatch = require('../')
+
+// utility function for generating long strings
+var genstr = function (len, chr) {
+  var result = ''
+  for (var i = 0; i <= len; i++) {
+    result = result + chr
+  }
+
+  return result
+}
+
+var exploit = '!(' + genstr(1024 * 15, '\\') + 'A)'
+
+// within the limits, and valid match
+t.ok(minimatch('A', exploit))
+
+// within the limits, but results in an invalid regexp
+exploit = '[!(' + genstr(1024 * 15, '\\') + 'A'
+t.notOk(minimatch('A', exploit))
+
+t.throws(function () {
+  // too long, throws TypeError
+  exploit = '!(' + genstr(1024 * 64, '\\') + 'A)'
+  minimatch('A', exploit)
+}, TypeError)

From 81edb7c763abd31ba981c87ec5e835f178786be0 Mon Sep 17 00:00:00 2001
From: isaacs <i@izs.me>
Date: Fri, 17 Jun 2016 13:12:51 -0700
Subject: [PATCH 10/10] v3.0.2

---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 1537cce5..b393fa8b 100644
--- a/package.json
+++ b/package.json
@@ -2,7 +2,7 @@
   "author": "Isaac Z. Schlueter <i@izs.me> (http://blog.izs.me)",
   "name": "minimatch",
   "description": "a glob matcher in javascript",
-  "version": "3.0.1",
+  "version": "3.0.2",
   "repository": {
     "type": "git",
     "url": "git://github.com/isaacs/minimatch.git"