Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

security: address GHSA-952p-6rrq-rcjv in micromatch #2028

Merged
merged 1 commit into from
Sep 10, 2024
Merged

security: address GHSA-952p-6rrq-rcjv in micromatch #2028

merged 1 commit into from
Sep 10, 2024

Conversation

sjinks
Copy link
Member

@sjinks sjinks commented Sep 10, 2024

Description

This PR updates micromatch to 4.0.8 to fix a medium-severity ReDoS vulnerability (CVE-2024-4067).

The fix affects only dev dependencies.

Pull request checklist

New release checklist

Steps to Test

CI must pass.

@sjinks sjinks self-assigned this Sep 10, 2024
Copy link
Contributor

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails

Scanned Manifest Files

Copy link

sonarcloud bot commented Sep 10, 2024

@sjinks sjinks merged commit ff093ad into trunk Sep 10, 2024
16 checks passed
@sjinks sjinks deleted the fix/cve branch September 10, 2024 17:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants