brace-expansion Regular Expression Denial of Service vulnerability

[leeobrum]

vite-plugin-pwa@1.0.0 requires brace-expansion@^1.1.7 via a transitive dependency on minimatch@3.1.2

[userquin]

vite-plugin-pwa has just 2 or 3 direct dependencies, the problem is workbox, I think it needs a full rewrite, this plugin is a wrapper of workbox-build and workbox-window: https://npm.anvaka.com/#/view/2d/vite-plugin-pwa