Skip to main content

Tuleap 16 est là ! Assistez à l'événement virtuel le 17 octobre à 10h30. Inscrivez-vous ici !

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      request #39336 Ignore micromatch CVE-2024-4067
    Actions
    Infos
    #39336
    Thomas Gerbet (tgerbet)
    2024-08-22 12:24
    2024-08-22 10:08
    40948
    Details
    Ignore micromatch CVE-2024-4067

    We only use it during development on trusted inputs so a ReDoS issue is not really problematic.

    I would prefer to upgrade anyway but they have weird things with their tags and the fix is not part of something that has been released/tagged.

    https://github.com/micromatch/micromatch/pull/247#issuecomment-2275665010

    Dev tools
    Empty
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Thomas Gerbet (tgerbet)
    Closed
    2024-08-22
    Attachments
    Artifact links

    Releases

    Fixed in

    Artifact ID Project Tracker Summary Status Last Update Date Submitted By Assigned to
    rel #37897 Tuleap Releases 15.13 Delivered 2024-12-09 17:12 Manuel Vacelet (vaceletm)
    Empty
    References
    Referencing request #39336

    Artifact Tracker v5

    request #39346 micromatch: bump to 4.0.8

    Git commit

    tuleap/tuleap/stable

    chore: request #39336 Ignore micromatch CVE-2024-4067 2dc1ffea14
    User avatar Thomas Gerbet (tgerbet) , 2024-08-22 10:21
    Merge commit 'refs/changes/99/31799/1' of ssh://gerrit.tuleap.net:29418/tuleap into HEAD f5153e9fbd
    User avatar Marie Ange Garnier (marieange) , 2024-08-22 11:25
    Referenced by request #39336

    Artifact Tracker v5

    rel #37897 15.13

    Other

    gerrit #31799
    Display settings

    Follow-ups