request #47545 Picomatch: 2.3.1 -> 2.3.2, 4.0.3 -> 4.0.4

Infos

Artifact ID#47545

Submitted byThomas Gerbet (tgerbet)

Last Modified On2026-03-26 12:46

Submitted on2026-03-26 10:04

Rank49268

Details

Summary *

Picomatch: 2.3.1 -> 2.3.2, 4.0.3 -> 4.0.4

Original Submission

Fixes CVE-2026-33672 and CVE-2026-33671. No real impact in Tuleap use cases, it is either running within dev tools with trusted inputs or in situations that cannot trigger the issues.

https://github.com/micromatch/picomatch/releases/tag/4.0.4
https://github.com/micromatch/picomatch/releases/tag/2.3.2

CategoryEmpty

Reported in versionEmpty

PlatformEmpty

Is an Enhancement or an internal improvement?

[ ] enhancement
[ ] internal improvement

CC listEmpty

Stage

Assigned toThomas Gerbet (tgerbet)

StatusClosed

Close date2026-03-26

Attachments

AttachmentsEmpty

References

Cross references

Show items referenced by request #47545

Referenced by request #47545

Artifact

rel #47138 17.6

Other

gerrit #37213

Follow-ups

Joris MASSON (jmasson)

2026-03-26 12:46

Connected artifacts
- Added Fixed in: rel #47138

Tracker Workflow Manager (forge__tracker_workflow_manager)

2026-03-26 12:45

Closed by @tgerbet with git #tuleap/stable/76bff80ccac5b278fac427b87ac3fd6a8ab5f6a9.

Status changed from Under review to Closed
Close date set to 2026-03-26

Thomas Gerbet (tgerbet)

2026-03-26 10:16

See gerrit #37213.

Status changed from Under implementation to Under review

Public

Referenced by request #47545

Artifact

Other

Follow-ups